From 89e39b5c55cd7612c70cb25d2b2000965cc25539 Mon Sep 17 00:00:00 2001
From: Andrey Petrov <andrey.petrov@intel.com>
Date: Wed, 30 Nov 2016 17:58:38 -0800
Subject: soc/intel/apollolake: Drop privilege level to IA_UNTRUSTED

As per guidelines CPU security level should be dropped before OS start,
so that certain MSRs are locked out. Drop privilege levels on all logical
CPUs.

BUG=chrome-os-partner:60454
TEST=iotools rdmsr x 0x120, make sure bit 6 is set, rdmsr x 0x121 results
in io error.

Change-Id: I67540f6da16f58b822db9160d00b7a5e235188db
Signed-off-by: Andrey Petrov <andrey.petrov@intel.com>
Reviewed-on: https://review.coreboot.org/17665
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins)
---
 src/soc/intel/apollolake/include/soc/cpu.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/soc/intel/apollolake/include')

diff --git a/src/soc/intel/apollolake/include/soc/cpu.h b/src/soc/intel/apollolake/include/soc/cpu.h
index 38ce4ff913..db9d3dde05 100644
--- a/src/soc/intel/apollolake/include/soc/cpu.h
+++ b/src/soc/intel/apollolake/include/soc/cpu.h
@@ -31,6 +31,8 @@ void set_max_freq(void);
 
 #define MSR_PLATFORM_INFO	0xce
 #define MSR_POWER_MISC		0x120
+#define   ENABLE_IA_UNTRUSTED	(1 << 6)
+#define   FLUSH_DL1_L2		(1 << 8)
 #define MSR_CORE_THREAD_COUNT	0x35
 #define MSR_EVICT_CTL		0x2e0
 #define MSR_EMULATE_PM_TMR	0x121
-- 
cgit v1.2.3