From 27baa32fbefa19afe2bc96b60f534ca20cb49065 Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Wed, 12 Aug 2015 11:19:10 -0500 Subject: cpu/amd/model_10xxx: Do not initialize SMM memory if SMM is disabled In the wake of the recent Intel "Memoy Sinkhole" exploit a code review of the AMD SMM code was undertaken. While native Family 10h support does not appear to be affected by the same SMM flaw, it also does not require SMM to function. Therefore, the SMM memory range initialization should only be executed if SMM will be used on the target platform. Change-Id: I6531908a7724933e4ba5a2bbefeb89356197e8fd Signed-off-by: Timothy Pearson Reviewed-on: http://review.coreboot.org/11211 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin Tested-by: Raptor Engineering Automated Test Stand Reviewed-by: Paul Menzel --- src/cpu/amd/model_10xxx/model_10xxx_init.c | 34 ++++++++++++++++++++++-------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/src/cpu/amd/model_10xxx/model_10xxx_init.c b/src/cpu/amd/model_10xxx/model_10xxx_init.c index c17f335334..590b89d65e 100644 --- a/src/cpu/amd/model_10xxx/model_10xxx_init.c +++ b/src/cpu/amd/model_10xxx/model_10xxx_init.c @@ -99,15 +99,31 @@ static void model_10xxx_init(device_t dev) msr.hi &= ~(1 << (35-32)); wrmsr(BU_CFG2_MSR, msr); - /* Set SMM base address for this CPU */ - msr = rdmsr(SMM_BASE_MSR); - msr.lo = SMM_BASE - (lapicid() * 0x400); - wrmsr(SMM_BASE_MSR, msr); - - /* Enable the SMM memory window */ - msr = rdmsr(SMM_MASK_MSR); - msr.lo |= (1 << 0); /* Enable ASEG SMRAM Range */ - wrmsr(SMM_MASK_MSR, msr); + if (IS_ENABLED(CONFIG_HAVE_SMI_HANDLER)) { + printk(BIOS_DEBUG, "Initializing SMM ASeg memory\n"); + + /* Set SMM base address for this CPU */ + msr = rdmsr(SMM_BASE_MSR); + msr.lo = SMM_BASE - (lapicid() * 0x400); + wrmsr(SMM_BASE_MSR, msr); + + /* Enable the SMM memory window */ + msr = rdmsr(SMM_MASK_MSR); + msr.lo |= (1 << 0); /* Enable ASEG SMRAM Range */ + wrmsr(SMM_MASK_MSR, msr); + } else { + printk(BIOS_DEBUG, "Disabling SMM ASeg memory\n"); + + /* Set SMM base address for this CPU */ + msr = rdmsr(SMM_BASE_MSR); + msr.lo = SMM_BASE - (lapicid() * 0x400); + wrmsr(SMM_BASE_MSR, msr); + + /* Disable the SMM memory window */ + msr.hi = 0x0; + msr.lo = 0x0; + wrmsr(SMM_MASK_MSR, msr); + } /* Set SMMLOCK to avoid exploits messing with SMM */ msr = rdmsr(HWCR_MSR); -- cgit v1.2.3