lib/stage_cache: Refactor Kconfig options

Add explicit CBMEM_STAGE_CACHE option. Rename CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM to TSEG_STAGE_CACHE. Platforms with SMM_TSEG=y always need to implement stage_cache_external_region(). It is allowed to return with a region of size 0 to effectively disable the cache. There are no provisions in Kconfig to degrade from TSEG_STAGE_CACHE to CBMEM_STAGE_CACHE. As a security measure CBMEM_STAGE_CACHE default is changed to disabled. AGESA platforms without TSEG will experience slower S3 resume speed unless they explicitly select the option. Change-Id: Ibbdc701ea85b5a3208ca4e98c428b05b6d4e5340 Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/34664 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2019-08-01 20:29:14 +03:00 · 2019-08-01 20:29:14 +03:00 · 0a4457ff44
parent cccb815c5e
commit 0a4457ff44
19 changed files with 29 additions and 32 deletions
--- a/src/Kconfig
+++ b/src/Kconfig
@ -250,12 +250,28 @@ config RELOCATABLE_RAMSTAGE
 	 wake. When selecting this option the romstage is responsible for
 	 determing a stack location to use for loading the ramstage.

-config CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
-	depends on RELOCATABLE_RAMSTAGE
+config TSEG_STAGE_CACHE
 	bool
+	default y
+	depends on !NO_STAGE_CACHE && SMM_TSEG
 	help
-	 The relocated ramstage is saved in an area specified by the
-	 by the board and/or chipset.
+	  The option enables stage cache support for platform. Platform
+	  can stash copies of postcar, ramstage and raw runtime data
+	  inside SMM TSEG, to be restored on S3 resume path.
+
+config CBMEM_STAGE_CACHE
+	bool "Cache stages in CBMEM"
+	depends on !NO_STAGE_CACHE && !TSEG_STAGE_CACHE
+	help
+	  The option enables stage cache support for platform. Platform
+	  can stash copies of postcar, ramstage and raw runtime data
+	  inside CBMEM.
+
+	  While the approach is faster than reloading stages from boot media
+	  it is also a possible attack scenario via which OS can possibly
+	  circumvent SMM locks and SPI write protections.
+
+	  If unsure, select 'N'

 config UPDATE_IMAGE
 	bool "Update existing coreboot.rom image"
@ -1143,7 +1159,7 @@ config RELOCATABLE_MODULES

 config NO_STAGE_CACHE
 	bool
-	default y if !HAVE_ACPI_RESUME
+	default y if !HAVE_ACPI_RESUME || !RELOCATABLE_RAMSTAGE
 	help
 	  Do not save any component in stage cache for resume path. On resume,
 	  all components would be read back from CBFS again.
--- a/src/cpu/intel/model_2065x/Kconfig
+++ b/src/cpu/intel/model_2065x/Kconfig
@ -21,7 +21,6 @@ config CPU_SPECIFIC_OPTIONS
 	select CPU_INTEL_COMMON
 	select NO_FIXED_XIP_ROM_SIZE
 	select PARALLEL_MP
-	select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM

 config BOOTBLOCK_CPU_INIT
 	string
--- a/src/cpu/intel/model_206ax/Kconfig
+++ b/src/cpu/intel/model_206ax/Kconfig
@ -19,7 +19,6 @@ config CPU_SPECIFIC_OPTIONS
 	#select AP_IN_SIPI_WAIT
 	select TSC_SYNC_MFENCE
 	select CPU_INTEL_COMMON
-	select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
 	select PARALLEL_MP
 	select NO_FIXED_XIP_ROM_SIZE

--- a/src/cpu/intel/smm/gen1/smmrelocate.c
+++ b/src/cpu/intel/smm/gen1/smmrelocate.c
@ -121,7 +121,7 @@ static void fill_in_relocation_params(struct smm_relocation_params *params)
 	}

 	/* Adjust available SMM handler memory size. */
-	if (CONFIG(CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM)) {
+	if (CONFIG(TSEG_STAGE_CACHE)) {
 		ASSERT(params->smram_size > CONFIG_SMM_RESERVED_SIZE);
 		params->smram_size -= CONFIG_SMM_RESERVED_SIZE;
 	}
--- a/src/include/stage_cache.h
+++ b/src/include/stage_cache.h
@ -32,8 +32,7 @@ enum {
 	STAGE_S3_DATA,
 };

-#if CONFIG(CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM) \
-		|| CONFIG(RELOCATABLE_RAMSTAGE)
+#if CONFIG(TSEG_STAGE_CACHE) || CONFIG(CBMEM_STAGE_CACHE)
 /* Cache the loaded stage provided according to the parameters. */
 void stage_cache_add(int stage_id, const struct prog *stage);
 /* Load the cached stage at given location returning the stage entry point. */
--- a/src/lib/Makefile.inc
+++ b/src/lib/Makefile.inc
@ -176,16 +176,13 @@ verstage-$(CONFIG_REG_SCRIPT) += reg_script.c
 romstage-$(CONFIG_REG_SCRIPT) += reg_script.c
 ramstage-$(CONFIG_REG_SCRIPT) += reg_script.c

-ifeq ($(CONFIG_CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM),y)
-ramstage-y += ext_stage_cache.c
-romstage-y += ext_stage_cache.c
-postcar-y += ext_stage_cache.c
-else
-ramstage-$(CONFIG_RELOCATABLE_RAMSTAGE) += cbmem_stage_cache.c
-romstage-$(CONFIG_RELOCATABLE_RAMSTAGE) += cbmem_stage_cache.c
-postcar-$(CONFIG_RELOCATABLE_RAMSTAGE) += cbmem_stage_cache.c
-endif
+ramstage-$(CONFIG_TSEG_STAGE_CACHE) += ext_stage_cache.c
+romstage-$(CONFIG_TSEG_STAGE_CACHE) += ext_stage_cache.c
+postcar-$(CONFIG_TSEG_STAGE_CACHE) += ext_stage_cache.c

+ramstage-$(CONFIG_CBMEM_STAGE_CACHE) += cbmem_stage_cache.c
+romstage-$(CONFIG_CBMEM_STAGE_CACHE) += cbmem_stage_cache.c
+postcar-$(CONFIG_CBMEM_STAGE_CACHE) += cbmem_stage_cache.c

 romstage-y += boot_device.c
 ramstage-y += boot_device.c
--- a/src/northbridge/intel/gm45/Kconfig
+++ b/src/northbridge/intel/gm45/Kconfig
@ -29,7 +29,6 @@ config NORTHBRIDGE_SPECIFIC_OPTIONS # dummy
 	select POSTCAR_STAGE
 	select POSTCAR_CONSOLE
 	select PARALLEL_MP
-	select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM

 config CBFS_SIZE
 	hex
--- a/src/northbridge/intel/haswell/Kconfig
+++ b/src/northbridge/intel/haswell/Kconfig
@ -19,7 +19,6 @@ config NORTHBRIDGE_INTEL_HASWELL
 	select CACHE_MRC_SETTINGS
 	select INTEL_DDI
 	select INTEL_GMA_ACPI
-	select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
 	select POSTCAR_STAGE
 	select POSTCAR_CONSOLE
 	select C_ENVIRONMENT_BOOTBLOCK
--- a/src/northbridge/intel/i945/Kconfig
+++ b/src/northbridge/intel/i945/Kconfig
@ -30,7 +30,6 @@ config NORTHBRIDGE_SPECIFIC_OPTIONS # dummy
 	select POSTCAR_STAGE
 	select POSTCAR_CONSOLE
 	select PARALLEL_MP
-	select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM

 config NORTHBRIDGE_INTEL_SUBTYPE_I945GC
 	def_bool n
--- a/src/northbridge/intel/pineview/Kconfig
+++ b/src/northbridge/intel/pineview/Kconfig
@ -31,7 +31,6 @@ config NORTHBRIDGE_SPECIFIC_OPTIONS # dummy
 	select POSTCAR_STAGE
 	select POSTCAR_CONSOLE
 	select PARALLEL_MP
-	select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
 	select C_ENVIRONMENT_BOOTBLOCK

 config BOOTBLOCK_NORTHBRIDGE_INIT
--- a/src/northbridge/intel/x4x/Kconfig
+++ b/src/northbridge/intel/x4x/Kconfig
@ -29,7 +29,6 @@ config NORTHBRIDGE_SPECIFIC_OPTIONS # dummy
 	select POSTCAR_STAGE
 	select POSTCAR_CONSOLE
 	select PARALLEL_MP
-	select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM

 config CBFS_SIZE
 	hex
--- a/src/soc/amd/picasso/Kconfig
+++ b/src/soc/amd/picasso/Kconfig
@ -52,7 +52,6 @@ config CPU_SPECIFIC_OPTIONS
 	select C_ENVIRONMENT_BOOTBLOCK
 	select BOOT_DEVICE_SUPPORTS_WRITES if BOOT_DEVICE_SPI_FLASH
 	select BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY if BOOT_DEVICE_SPI_FLASH
-	select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM if HAVE_ACPI_RESUME
 	select PARALLEL_MP
 	select PARALLEL_MP_AP_WORK
 	select HAVE_SMI_HANDLER
--- a/src/soc/amd/stoneyridge/Kconfig
+++ b/src/soc/amd/stoneyridge/Kconfig
@ -73,7 +73,6 @@ config CPU_SPECIFIC_OPTIONS
 	select C_ENVIRONMENT_BOOTBLOCK
 	select BOOT_DEVICE_SUPPORTS_WRITES if BOOT_DEVICE_SPI_FLASH
 	select BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY if BOOT_DEVICE_SPI_FLASH
-	select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM if HAVE_ACPI_RESUME
 	select PARALLEL_MP
 	select PARALLEL_MP_AP_WORK
 	select HAVE_SMI_HANDLER
--- a/src/soc/intel/apollolake/Kconfig
+++ b/src/soc/intel/apollolake/Kconfig
@ -40,7 +40,6 @@ config CPU_SPECIFIC_OPTIONS
 	# Misc options
 	select C_ENVIRONMENT_BOOTBLOCK
 	select CACHE_MRC_SETTINGS
-	select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
 	select COLLECT_TIMESTAMPS
 	select COMMON_FADT
 	select FSP_PLATFORM_MEMORY_SETTINGS_VERSIONS
--- a/src/soc/intel/braswell/Kconfig
+++ b/src/soc/intel/braswell/Kconfig
@ -14,7 +14,6 @@ config CPU_SPECIFIC_OPTIONS
 	select ARCH_VERSTAGE_X86_32
 	select BOOT_DEVICE_SUPPORTS_WRITES
 	select CACHE_MRC_SETTINGS
-	select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
 	select COLLECT_TIMESTAMPS
 	select SUPPORT_CPU_UCODE_IN_CBFS
 	select MICROCODE_BLOB_NOT_IN_BLOB_REPO
--- a/src/soc/intel/broadwell/Kconfig
+++ b/src/soc/intel/broadwell/Kconfig
@ -15,7 +15,6 @@ config CPU_SPECIFIC_OPTIONS
 	select BOOT_DEVICE_SUPPORTS_WRITES
 	select CACHE_MRC_SETTINGS
 	select MRC_SETTINGS_PROTECT
-	select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
 	select CPU_INTEL_FIRMWARE_INTERFACE_TABLE
 	select SUPPORT_CPU_UCODE_IN_CBFS
 	select HAVE_SMI_HANDLER
--- a/src/soc/intel/cannonlake/Kconfig
+++ b/src/soc/intel/cannonlake/Kconfig
@ -59,7 +59,6 @@ config CPU_SPECIFIC_OPTIONS
 	select BOOT_DEVICE_SUPPORTS_WRITES
 	select C_ENVIRONMENT_BOOTBLOCK
 	select CACHE_MRC_SETTINGS
-	select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
 	select COMMON_FADT
 	select CPU_INTEL_COMMON
 	select CPU_INTEL_FIRMWARE_INTERFACE_TABLE
--- a/src/soc/intel/icelake/Kconfig
+++ b/src/soc/intel/icelake/Kconfig
@ -16,7 +16,6 @@ config CPU_SPECIFIC_OPTIONS
 	select BOOT_DEVICE_SUPPORTS_WRITES
 	select C_ENVIRONMENT_BOOTBLOCK
 	select CACHE_MRC_SETTINGS
-	select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
 	select COMMON_FADT
 	select CPU_INTEL_FIRMWARE_INTERFACE_TABLE
 	select FSP_M_XIP
--- a/src/soc/intel/skylake/Kconfig
+++ b/src/soc/intel/skylake/Kconfig
@ -27,7 +27,6 @@ config CPU_SPECIFIC_OPTIONS
 	select BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY if BOOT_DEVICE_SPI_FLASH
 	select BOOT_DEVICE_SUPPORTS_WRITES
 	select CACHE_MRC_SETTINGS
-	select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
 	select COLLECT_TIMESTAMPS
 	select COMMON_FADT
 	select CPU_INTEL_COMMON