diff options
-rw-r--r-- | src/soc/intel/alderlake/cpu.c | 8 | ||||
-rw-r--r-- | src/soc/intel/alderlake/include/soc/msr.h | 4 | ||||
-rw-r--r-- | src/soc/intel/apollolake/cpu.c | 8 | ||||
-rw-r--r-- | src/soc/intel/cannonlake/cpu.c | 8 | ||||
-rw-r--r-- | src/soc/intel/cannonlake/include/soc/msr.h | 2 | ||||
-rw-r--r-- | src/soc/intel/common/block/include/intelblocks/cpulib.h | 9 | ||||
-rw-r--r-- | src/soc/intel/denverton_ns/cpu.c | 8 | ||||
-rw-r--r-- | src/soc/intel/denverton_ns/include/soc/msr.h | 2 | ||||
-rw-r--r-- | src/soc/intel/elkhartlake/cpu.c | 8 | ||||
-rw-r--r-- | src/soc/intel/elkhartlake/include/soc/msr.h | 4 | ||||
-rw-r--r-- | src/soc/intel/icelake/cpu.c | 8 | ||||
-rw-r--r-- | src/soc/intel/icelake/include/soc/msr.h | 2 | ||||
-rw-r--r-- | src/soc/intel/jasperlake/cpu.c | 8 | ||||
-rw-r--r-- | src/soc/intel/jasperlake/include/soc/msr.h | 4 | ||||
-rw-r--r-- | src/soc/intel/skylake/cpu.c | 10 | ||||
-rw-r--r-- | src/soc/intel/skylake/include/soc/msr.h | 3 | ||||
-rw-r--r-- | src/soc/intel/tigerlake/cpu.c | 8 | ||||
-rw-r--r-- | src/soc/intel/tigerlake/include/soc/msr.h | 4 | ||||
-rw-r--r-- | src/soc/intel/xeon_sp/cpx/cpu.c | 6 | ||||
-rw-r--r-- | src/soc/intel/xeon_sp/skx/cpu.c | 6 |
20 files changed, 116 insertions, 4 deletions
diff --git a/src/soc/intel/alderlake/cpu.c b/src/soc/intel/alderlake/cpu.c index 95f8a50472..92ffe87043 100644 --- a/src/soc/intel/alderlake/cpu.c +++ b/src/soc/intel/alderlake/cpu.c @@ -25,6 +25,14 @@ #include <soc/soc_chip.h> #include <types.h> +bool cpu_soc_is_in_untrusted_mode(void) +{ + msr_t msr; + + msr = rdmsr(MSR_BIOS_DONE); + return !!(msr.lo & ENABLE_IA_UNTRUSTED); +} + static void soc_fsp_load(void) { fsps_load(); diff --git a/src/soc/intel/alderlake/include/soc/msr.h b/src/soc/intel/alderlake/include/soc/msr.h index 954fce0a82..5bdbf92e8b 100644 --- a/src/soc/intel/alderlake/include/soc/msr.h +++ b/src/soc/intel/alderlake/include/soc/msr.h @@ -5,6 +5,8 @@ #include <intelblocks/msr.h> -#define MSR_VR_MISC_CONFIG2 0x636 +#define MSR_BIOS_DONE 0x151 +#define ENABLE_IA_UNTRUSTED (1 << 0) +#define MSR_VR_MISC_CONFIG2 0x636 #endif diff --git a/src/soc/intel/apollolake/cpu.c b/src/soc/intel/apollolake/cpu.c index af0a6dcd18..74aeee98e4 100644 --- a/src/soc/intel/apollolake/cpu.c +++ b/src/soc/intel/apollolake/cpu.c @@ -47,6 +47,14 @@ static const struct reg_script core_msr_script[] = { REG_SCRIPT_END }; +bool cpu_soc_is_in_untrusted_mode(void) +{ + msr_t msr; + + msr = rdmsr(MSR_POWER_MISC); + return !!(msr.lo & ENABLE_IA_UNTRUSTED); +} + void soc_core_init(struct device *cpu) { /* Configure Core PRMRR for SGX. */ diff --git a/src/soc/intel/cannonlake/cpu.c b/src/soc/intel/cannonlake/cpu.c index 4f6720850e..6af3e1a56f 100644 --- a/src/soc/intel/cannonlake/cpu.c +++ b/src/soc/intel/cannonlake/cpu.c @@ -20,6 +20,14 @@ #include "chip.h" +bool cpu_soc_is_in_untrusted_mode(void) +{ + msr_t msr; + + msr = rdmsr(MSR_BIOS_DONE); + return !!(msr.lo & ENABLE_IA_UNTRUSTED); +} + static void soc_fsp_load(void) { fsps_load(); diff --git a/src/soc/intel/cannonlake/include/soc/msr.h b/src/soc/intel/cannonlake/include/soc/msr.h index 1c902d5abb..cc95fe6845 100644 --- a/src/soc/intel/cannonlake/include/soc/msr.h +++ b/src/soc/intel/cannonlake/include/soc/msr.h @@ -5,6 +5,8 @@ #include <intelblocks/msr.h> +#define MSR_BIOS_DONE 0x151 +#define ENABLE_IA_UNTRUSTED (1 << 0) #define MSR_VR_CURRENT_CONFIG 0x601 #define MSR_PL3_CONTROL 0x615 #define MSR_VR_MISC_CONFIG2 0x636 diff --git a/src/soc/intel/common/block/include/intelblocks/cpulib.h b/src/soc/intel/common/block/include/intelblocks/cpulib.h index 3ce80b27db..b9c3ab70c3 100644 --- a/src/soc/intel/common/block/include/intelblocks/cpulib.h +++ b/src/soc/intel/common/block/include/intelblocks/cpulib.h @@ -112,6 +112,15 @@ void cpu_burst_mode(bool burst_mode_status); void cpu_set_eist(bool eist_status); /* + * SoC specific implementation: + * + * Check CPU security level using ENABLE_IA_UNTRUSTED_MODE of CPU MSR. + * If bit is set, meaning CPU has dropped its security level by entering + * into `untrusted mode`. Otherwise, it's in `trusted mode`. + */ +bool cpu_soc_is_in_untrusted_mode(void); + +/* * This function fills in the number of Cores(physical) and Threads(virtual) * of the CPU in the function arguments. It also returns if the number of cores * and number of threads are equal. diff --git a/src/soc/intel/denverton_ns/cpu.c b/src/soc/intel/denverton_ns/cpu.c index fb4923f7e1..3747a48e68 100644 --- a/src/soc/intel/denverton_ns/cpu.c +++ b/src/soc/intel/denverton_ns/cpu.c @@ -23,6 +23,14 @@ #include <soc/soc_util.h> #include <types.h> +bool cpu_soc_is_in_untrusted_mode(void) +{ + msr_t msr; + + msr = rdmsr(MSR_POWER_MISC); + return !!(msr.lo & ENABLE_IA_UNTRUSTED); +} + static struct smm_relocation_attrs relo_attrs; static void dnv_configure_mca(void) diff --git a/src/soc/intel/denverton_ns/include/soc/msr.h b/src/soc/intel/denverton_ns/include/soc/msr.h index 21f3e7b41f..7eb9fdce8b 100644 --- a/src/soc/intel/denverton_ns/include/soc/msr.h +++ b/src/soc/intel/denverton_ns/include/soc/msr.h @@ -10,6 +10,8 @@ #define MSR_FEATURE_CONFIG 0x13c #define FEATURE_CONFIG_RESERVED_MASK 0x3ULL #define FEATURE_CONFIG_LOCK (1 << 0) +#define MSR_POWER_MISC 0x120 +#define ENABLE_IA_UNTRUSTED (1 << 6) #define IA32_MCG_CAP 0x179 #define IA32_MCG_CAP_COUNT_MASK 0xff #define IA32_MCG_CAP_CTL_P_BIT 8 diff --git a/src/soc/intel/elkhartlake/cpu.c b/src/soc/intel/elkhartlake/cpu.c index d480604298..0cc3935808 100644 --- a/src/soc/intel/elkhartlake/cpu.c +++ b/src/soc/intel/elkhartlake/cpu.c @@ -17,6 +17,14 @@ #include <soc/soc_chip.h> #include <types.h> +bool cpu_soc_is_in_untrusted_mode(void) +{ + msr_t msr; + + msr = rdmsr(MSR_BIOS_DONE); + return !!(msr.lo & ENABLE_IA_UNTRUSTED); +} + static void soc_fsp_load(void) { fsps_load(); diff --git a/src/soc/intel/elkhartlake/include/soc/msr.h b/src/soc/intel/elkhartlake/include/soc/msr.h index 954fce0a82..5bdbf92e8b 100644 --- a/src/soc/intel/elkhartlake/include/soc/msr.h +++ b/src/soc/intel/elkhartlake/include/soc/msr.h @@ -5,6 +5,8 @@ #include <intelblocks/msr.h> -#define MSR_VR_MISC_CONFIG2 0x636 +#define MSR_BIOS_DONE 0x151 +#define ENABLE_IA_UNTRUSTED (1 << 0) +#define MSR_VR_MISC_CONFIG2 0x636 #endif diff --git a/src/soc/intel/icelake/cpu.c b/src/soc/intel/icelake/cpu.c index ab32c0d502..37978ea614 100644 --- a/src/soc/intel/icelake/cpu.c +++ b/src/soc/intel/icelake/cpu.c @@ -17,6 +17,14 @@ #include <soc/soc_chip.h> #include <types.h> +bool cpu_soc_is_in_untrusted_mode(void) +{ + msr_t msr; + + msr = rdmsr(MSR_BIOS_DONE); + return !!(msr.lo & ENABLE_IA_UNTRUSTED); +} + static void soc_fsp_load(void) { fsps_load(); diff --git a/src/soc/intel/icelake/include/soc/msr.h b/src/soc/intel/icelake/include/soc/msr.h index 954fce0a82..d716bdbcc5 100644 --- a/src/soc/intel/icelake/include/soc/msr.h +++ b/src/soc/intel/icelake/include/soc/msr.h @@ -5,6 +5,8 @@ #include <intelblocks/msr.h> +#define MSR_BIOS_DONE 0x151 +#define ENABLE_IA_UNTRUSTED (1 << 0) #define MSR_VR_MISC_CONFIG2 0x636 #endif diff --git a/src/soc/intel/jasperlake/cpu.c b/src/soc/intel/jasperlake/cpu.c index b063c28d8a..af39c94547 100644 --- a/src/soc/intel/jasperlake/cpu.c +++ b/src/soc/intel/jasperlake/cpu.c @@ -17,6 +17,14 @@ #include <soc/soc_chip.h> #include <types.h> +bool cpu_soc_is_in_untrusted_mode(void) +{ + msr_t msr; + + msr = rdmsr(MSR_BIOS_DONE); + return !!(msr.lo & ENABLE_IA_UNTRUSTED); +} + static void soc_fsp_load(void) { fsps_load(); diff --git a/src/soc/intel/jasperlake/include/soc/msr.h b/src/soc/intel/jasperlake/include/soc/msr.h index 954fce0a82..5bdbf92e8b 100644 --- a/src/soc/intel/jasperlake/include/soc/msr.h +++ b/src/soc/intel/jasperlake/include/soc/msr.h @@ -5,6 +5,8 @@ #include <intelblocks/msr.h> -#define MSR_VR_MISC_CONFIG2 0x636 +#define MSR_BIOS_DONE 0x151 +#define ENABLE_IA_UNTRUSTED (1 << 0) +#define MSR_VR_MISC_CONFIG2 0x636 #endif diff --git a/src/soc/intel/skylake/cpu.c b/src/soc/intel/skylake/cpu.c index 91db06b3a6..63a04662e3 100644 --- a/src/soc/intel/skylake/cpu.c +++ b/src/soc/intel/skylake/cpu.c @@ -26,6 +26,16 @@ #include "chip.h" +bool cpu_soc_is_in_untrusted_mode(void) +{ + if (!CONFIG(MAINBOARD_SUPPORTS_COFFEELAKE_CPU)) + return false; + + /* IA_UNTRUSTED_MODE is not supported in Sky Lake */ + msr_t msr = rdmsr(MSR_BIOS_DONE); + return !!(msr.lo & ENABLE_IA_UNTRUSTED); +} + static void configure_misc(void) { config_t *conf = config_of_soc(); diff --git a/src/soc/intel/skylake/include/soc/msr.h b/src/soc/intel/skylake/include/soc/msr.h index 92e8215567..a495799e9b 100644 --- a/src/soc/intel/skylake/include/soc/msr.h +++ b/src/soc/intel/skylake/include/soc/msr.h @@ -5,6 +5,9 @@ #include <intelblocks/msr.h> +/* IA_UNTRUSTED_MODE is not supported in Sky Lake */ +#define MSR_BIOS_DONE 0x151 +#define ENABLE_IA_UNTRUSTED (1 << 0) #define MSR_LT_LOCK_MEMORY 0x2e7 #define MSR_UNCORE_PRMRR_PHYS_BASE 0x2f4 #define MSR_UNCORE_PRMRR_PHYS_MASK 0x2f5 diff --git a/src/soc/intel/tigerlake/cpu.c b/src/soc/intel/tigerlake/cpu.c index a9aa8ffc53..d225c504c8 100644 --- a/src/soc/intel/tigerlake/cpu.c +++ b/src/soc/intel/tigerlake/cpu.c @@ -23,6 +23,14 @@ #include <soc/soc_chip.h> #include <types.h> +bool cpu_soc_is_in_untrusted_mode(void) +{ + msr_t msr; + + msr = rdmsr(MSR_BIOS_DONE); + return !!(msr.lo & ENABLE_IA_UNTRUSTED); +} + static void soc_fsp_load(void) { fsps_load(); diff --git a/src/soc/intel/tigerlake/include/soc/msr.h b/src/soc/intel/tigerlake/include/soc/msr.h index 954fce0a82..5bdbf92e8b 100644 --- a/src/soc/intel/tigerlake/include/soc/msr.h +++ b/src/soc/intel/tigerlake/include/soc/msr.h @@ -5,6 +5,8 @@ #include <intelblocks/msr.h> -#define MSR_VR_MISC_CONFIG2 0x636 +#define MSR_BIOS_DONE 0x151 +#define ENABLE_IA_UNTRUSTED (1 << 0) +#define MSR_VR_MISC_CONFIG2 0x636 #endif diff --git a/src/soc/intel/xeon_sp/cpx/cpu.c b/src/soc/intel/xeon_sp/cpx/cpu.c index ba417a7060..07c2db7bbf 100644 --- a/src/soc/intel/xeon_sp/cpx/cpu.c +++ b/src/soc/intel/xeon_sp/cpx/cpu.c @@ -32,6 +32,12 @@ static const void *microcode_patch; static const config_t *chip_config = NULL; +bool cpu_soc_is_in_untrusted_mode(void) +{ + /* IA_UNTRUSTED_MODE is not supported in Cooper Lake */ + return false; +} + static void xeon_configure_mca(void) { msr_t msr; diff --git a/src/soc/intel/xeon_sp/skx/cpu.c b/src/soc/intel/xeon_sp/skx/cpu.c index fcdb2d7ea0..c29952916a 100644 --- a/src/soc/intel/xeon_sp/skx/cpu.c +++ b/src/soc/intel/xeon_sp/skx/cpu.c @@ -20,6 +20,12 @@ static const config_t *chip_config = NULL; +bool cpu_soc_is_in_untrusted_mode(void) +{ + /* IA_UNTRUSTED_MODE is not supported in Skylake */ + return false; +} + static void xeon_configure_mca(void) { msr_t msr; |