From 7736bfc443a913a9cde46406bcfc38015ec71f47 Mon Sep 17 00:00:00 2001
From: Michael Niewöhner <foss@mniewoehner.de>
Date: Tue, 22 Oct 2019 23:05:06 +0200
Subject: soc/intel/sgx: convert SGX and PRMRR devicetree options to Kconfig
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The devicetree is not made for user-choosable options, thus introduce
Kconfig options for both SGX and the corresponding PRMRR size.

The PRMRR size Kconfig has been implemented as a maximum value. At
runtime the final PRMRR size gets selected by checking the supported
values in MSR_PRMRR_VALID_CONFIG and trying to select the value nearest
to the chosen one.

When "Maximum" is chosen, the highest possibly value from the MSR gets
used. When a too strict limit is set, coreboot will die, printing an
error message.

Tested successfully on X11SSM-F

Change-Id: I5f08e85898304bba6680075ca5d6bce26aef9a4d
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35799
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
---
 src/soc/intel/common/block/sgx/Kconfig | 62 ++++++++++++++++++++++++++++++++--
 src/soc/intel/common/block/sgx/sgx.c   |  2 +-
 2 files changed, 60 insertions(+), 4 deletions(-)

(limited to 'src/soc/intel/common/block/sgx')

diff --git a/src/soc/intel/common/block/sgx/Kconfig b/src/soc/intel/common/block/sgx/Kconfig
index 026c6afb0d..6e8323f333 100644
--- a/src/soc/intel/common/block/sgx/Kconfig
+++ b/src/soc/intel/common/block/sgx/Kconfig
@@ -4,9 +4,7 @@ config SOC_INTEL_COMMON_BLOCK_SGX
 	select CPU_INTEL_COMMON_HYPERTHREADING
 	default n
 	help
-	 Software Guard eXtension(SGX) Feature. Intel SGX is a set of new CPU
-	 instructions that can be used by applications to set aside private
-	 regions of code and data.
+	  Intel Processor common SGX support
 
 config SOC_INTEL_COMMON_BLOCK_SGX_LOCK_MEMORY
 	bool
@@ -14,3 +12,61 @@ config SOC_INTEL_COMMON_BLOCK_SGX_LOCK_MEMORY
 	default n
 	help
 	 Lock memory before SGX activation. This is only needed if MCHECK does not do it.
+
+config SOC_INTEL_COMMON_BLOCK_SGX_ENABLE
+	bool "Enable Software Guard Extensions (SGX) if available"
+	depends on SOC_INTEL_COMMON_BLOCK_SGX
+	default n
+	help
+	  Intel Software Guard Extensions (SGX) is a set of new CPU instructions that can be
+	  used by applications to set aside private regions (so-called Secure Enclaves) of
+	  code and data.
+
+	  SGX will only be enabled when supported by the CPU!
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE
+	int
+	default 256 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_MAX
+	default 256 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_256MB
+	default 128 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_128MB
+	default  64 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_64MB
+	default  32 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_32MB
+	default   1 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_1MB
+
+choice
+	prompt "PRMRR size"
+	default SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_MAX if SOC_INTEL_COMMON_BLOCK_SGX_ENABLE
+	default SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_DISABLED if !SOC_INTEL_COMMON_BLOCK_SGX_ENABLE
+	help
+	  PRMRR (Protected Memory Range) is the space in RAM that is used to provide a protected
+	  memory area (e.g. for the Intel SGX Secure Enclaves). The memory region is accessible
+	  only by the processor itself to protect the data from unauthorized access.
+
+	  This option selects the maximum size that gets reserved. Depending on the SoC a lower,
+	  compatible value may be chosen at runtime as not all values are supported on all
+	  families.
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_MAX
+	bool "Maximum"
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_256MB
+	bool "256 MiB"
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_128MB
+	bool "128 MiB"
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_64MB
+	bool "64 MiB"
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_32MB
+	bool "32 MiB"
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_1MB
+	depends on !SOC_INTEL_COMMON_BLOCK_SGX_ENABLE  # SGX depends on PRMRR >= 32 MiB
+	bool "1 MiB"
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_DISABLED
+	depends on !SOC_INTEL_COMMON_BLOCK_SGX_ENABLE  # SGX depends on PRMRR >= 32 MiB
+	bool "Disabled"
+
+endchoice
diff --git a/src/soc/intel/common/block/sgx/sgx.c b/src/soc/intel/common/block/sgx/sgx.c
index 842eb43994..6f0cfd8f0e 100644
--- a/src/soc/intel/common/block/sgx/sgx.c
+++ b/src/soc/intel/common/block/sgx/sgx.c
@@ -206,7 +206,7 @@ void sgx_configure(void *unused)
 {
 
 	if (!is_sgx_supported() || !is_prmrr_set()) {
-		printk(BIOS_ERR, "SGX: pre-conditions not met\n");
+		printk(BIOS_ERR, "SGX: not supported or pre-conditions not met\n");
 		return;
 	}
 
-- 
cgit v1.2.3