diff --git a/src/soc/intel/denverton_ns/cpu.c b/src/soc/intel/denverton_ns/cpu.c index e99641330a..036a47a42b 100644 --- a/src/soc/intel/denverton_ns/cpu.c +++ b/src/soc/intel/denverton_ns/cpu.c @@ -74,6 +74,13 @@ static void denverton_core_init(struct device *cpu) msr.lo |= FAST_STRINGS_ENABLE_BIT; wrmsr(IA32_MISC_ENABLE, msr); + /* Lock AES-NI only if supported */ + if (cpuid_ecx(1) & (1 << 25)) { + msr = rdmsr(MSR_FEATURE_CONFIG); + msr.lo |= FEATURE_CONFIG_LOCK; /* Lock AES-NI */ + wrmsr(MSR_FEATURE_CONFIG, msr); + } + /* Enable Turbo */ enable_turbo(); diff --git a/src/soc/intel/denverton_ns/include/soc/msr.h b/src/soc/intel/denverton_ns/include/soc/msr.h index 7213c15a36..f7657270de 100644 --- a/src/soc/intel/denverton_ns/include/soc/msr.h +++ b/src/soc/intel/denverton_ns/include/soc/msr.h @@ -23,6 +23,8 @@ #define MSR_PKG_CST_CONFIG_CONTROL 0xe2 #define MSR_PMG_IO_CAPTURE_BASE 0xe4 #define MSR_FEATURE_CONFIG 0x13c +#define FEATURE_CONFIG_RESERVED_MASK 0x3ULL +#define FEATURE_CONFIG_LOCK (1 << 0) #define IA32_MCG_CAP 0x179 #define IA32_MCG_CAP_COUNT_MASK 0xff #define IA32_MCG_CAP_CTL_P_BIT 8