GNUBoot/coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

soc/intel/cnl: lock AES-NI feature if selected

Browse source 
Lock AES-NI (MSR_FEATURE_CONFIG) to prevent unintended changes of
AES-NI enablement as precaution, as suggested in Intel document
325384-070US.

Locking is enabled by default (as already done in SKL and Arrandale) and
may be disabled by the newly introduced Kconfig in the parent change.

Tested by checking the MSR.

Change-Id: I79495bfbd3ebf3b712ce9ecf2040cecfd954178d
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46273
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
This commit is contained in:
Michael Niewöhner 2020-10-11 13:04:02 +02:00 committed by Nico Huber
parent 2ffd219886
commit 5611cfd55f
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/soc/intel/cannonlake/cpu.c
View file

@ -199,6 +199,8 @@ void soc_core_init(struct device *cpu)
/* Configure Intel Speed Shift */ /* Configure Intel Speed Shift */
configure_isst(); configure_isst();
set_aesni_lock();
/* Enable ACPI Timer Emulation via MSR 0x121 */ /* Enable ACPI Timer Emulation via MSR 0x121 */
enable_pm_timer_emulation(); enable_pm_timer_emulation();