soc/intel/common/cpu: Use SoC overrides to get CPU privilege level

This patch implements a SoC overrides to check CPU privilege level as the MSR is not consistent across platforms. For example: On APL/GLK/DNV, it's MSR 0x120 and CNL onwards it's MSR 0x151. BUG=b:211573253, b:211950520 Signed-off-by: Subrata Banik <subratabanik@google.com> Change-Id: I515f0a3548bc5d6250e30f963d46f28f3c1b90b3 Reviewed-on: https://review.coreboot.org/c/coreboot/+/60900 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2022-01-07 13:40:19 +00:00 · 2022-01-07 13:40:19 +00:00 · 56ab8e2aae
commit 56ab8e2aae
parent 6ac5dc2ca6
20 changed files with 116 additions and 4 deletions
--- a/src/soc/intel/alderlake/cpu.c
+++ b/src/soc/intel/alderlake/cpu.c
@ -25,6 +25,14 @@
 #include <soc/soc_chip.h>
 #include <types.h>

+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	msr_t msr;
+
+	msr = rdmsr(MSR_BIOS_DONE);
+	return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
 static void soc_fsp_load(void)
 {
 	fsps_load();
--- a/src/soc/intel/alderlake/include/soc/msr.h
+++ b/src/soc/intel/alderlake/include/soc/msr.h
@ -5,6 +5,8 @@

 #include <intelblocks/msr.h>

-#define MSR_VR_MISC_CONFIG2		0x636
+#define MSR_BIOS_DONE		0x151
+#define  ENABLE_IA_UNTRUSTED	(1 << 0)
+#define MSR_VR_MISC_CONFIG2	0x636

 #endif
--- a/src/soc/intel/apollolake/cpu.c
+++ b/src/soc/intel/apollolake/cpu.c
@ -47,6 +47,14 @@ static const struct reg_script core_msr_script[] = {
 	REG_SCRIPT_END
 };

+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	msr_t msr;
+
+	msr = rdmsr(MSR_POWER_MISC);
+	return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
 void soc_core_init(struct device *cpu)
 {
 	/* Configure Core PRMRR for SGX. */
--- a/src/soc/intel/cannonlake/cpu.c
+++ b/src/soc/intel/cannonlake/cpu.c
@ -20,6 +20,14 @@

 #include "chip.h"

+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	msr_t msr;
+
+	msr = rdmsr(MSR_BIOS_DONE);
+	return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
 static void soc_fsp_load(void)
 {
 	fsps_load();
--- a/src/soc/intel/cannonlake/include/soc/msr.h
+++ b/src/soc/intel/cannonlake/include/soc/msr.h
@ -5,6 +5,8 @@

 #include <intelblocks/msr.h>

+#define MSR_BIOS_DONE			0x151
+#define  ENABLE_IA_UNTRUSTED		(1 << 0)
 #define MSR_VR_CURRENT_CONFIG		0x601
 #define MSR_PL3_CONTROL			0x615
 #define MSR_VR_MISC_CONFIG2		0x636
--- a/src/soc/intel/common/block/include/intelblocks/cpulib.h
+++ b/src/soc/intel/common/block/include/intelblocks/cpulib.h
@ -111,6 +111,15 @@ void cpu_burst_mode(bool burst_mode_status);
 */
 void cpu_set_eist(bool eist_status);

+/*
+ * SoC specific implementation:
+ *
+ * Check CPU security level using ENABLE_IA_UNTRUSTED_MODE of CPU MSR.
+ * If bit is set, meaning CPU has dropped its security level by entering
+ * into `untrusted mode`. Otherwise, it's in `trusted mode`.
+ */
+bool cpu_soc_is_in_untrusted_mode(void);
+
 /*
 * This function fills in the number of Cores(physical) and Threads(virtual)
 * of the CPU in the function arguments. It also returns if the number of cores
--- a/src/soc/intel/denverton_ns/cpu.c
+++ b/src/soc/intel/denverton_ns/cpu.c
@ -23,6 +23,14 @@
 #include <soc/soc_util.h>
 #include <types.h>

+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	msr_t msr;
+
+	msr = rdmsr(MSR_POWER_MISC);
+	return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
 static struct smm_relocation_attrs relo_attrs;

 static void dnv_configure_mca(void)
--- a/src/soc/intel/denverton_ns/include/soc/msr.h
+++ b/src/soc/intel/denverton_ns/include/soc/msr.h
@ -10,6 +10,8 @@
 #define MSR_FEATURE_CONFIG 0x13c
 #define   FEATURE_CONFIG_RESERVED_MASK	0x3ULL
 #define   FEATURE_CONFIG_LOCK	(1 << 0)
+#define MSR_POWER_MISC		0x120
+#define  ENABLE_IA_UNTRUSTED	(1 << 6)
 #define IA32_MCG_CAP			0x179
 #define  IA32_MCG_CAP_COUNT_MASK	0xff
 #define  IA32_MCG_CAP_CTL_P_BIT		8
--- a/src/soc/intel/elkhartlake/cpu.c
+++ b/src/soc/intel/elkhartlake/cpu.c
@ -17,6 +17,14 @@
 #include <soc/soc_chip.h>
 #include <types.h>

+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	msr_t msr;
+
+	msr = rdmsr(MSR_BIOS_DONE);
+	return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
 static void soc_fsp_load(void)
 {
 	fsps_load();
--- a/src/soc/intel/elkhartlake/include/soc/msr.h
+++ b/src/soc/intel/elkhartlake/include/soc/msr.h
@ -5,6 +5,8 @@

 #include <intelblocks/msr.h>

-#define MSR_VR_MISC_CONFIG2		0x636
+#define MSR_BIOS_DONE		0x151
+#define  ENABLE_IA_UNTRUSTED	(1 << 0)
+#define MSR_VR_MISC_CONFIG2	0x636

 #endif
--- a/src/soc/intel/icelake/cpu.c
+++ b/src/soc/intel/icelake/cpu.c
@ -17,6 +17,14 @@
 #include <soc/soc_chip.h>
 #include <types.h>

+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	msr_t msr;
+
+	msr = rdmsr(MSR_BIOS_DONE);
+	return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
 static void soc_fsp_load(void)
 {
 	fsps_load();
--- a/src/soc/intel/icelake/include/soc/msr.h
+++ b/src/soc/intel/icelake/include/soc/msr.h
@ -5,6 +5,8 @@

 #include <intelblocks/msr.h>

+#define MSR_BIOS_DONE			0x151
+#define  ENABLE_IA_UNTRUSTED		(1 << 0)
 #define MSR_VR_MISC_CONFIG2		0x636

 #endif
--- a/src/soc/intel/jasperlake/cpu.c
+++ b/src/soc/intel/jasperlake/cpu.c
@ -17,6 +17,14 @@
 #include <soc/soc_chip.h>
 #include <types.h>

+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	msr_t msr;
+
+	msr = rdmsr(MSR_BIOS_DONE);
+	return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
 static void soc_fsp_load(void)
 {
 	fsps_load();
--- a/src/soc/intel/jasperlake/include/soc/msr.h
+++ b/src/soc/intel/jasperlake/include/soc/msr.h
@ -5,6 +5,8 @@

 #include <intelblocks/msr.h>

-#define MSR_VR_MISC_CONFIG2		0x636
+#define MSR_BIOS_DONE		0x151
+#define  ENABLE_IA_UNTRUSTED	(1 << 0)
+#define MSR_VR_MISC_CONFIG2	0x636

 #endif
--- a/src/soc/intel/skylake/cpu.c
+++ b/src/soc/intel/skylake/cpu.c
@ -26,6 +26,16 @@

 #include "chip.h"

+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	if (!CONFIG(MAINBOARD_SUPPORTS_COFFEELAKE_CPU))
+		return false;
+
+	/* IA_UNTRUSTED_MODE is not supported in Sky Lake */
+	msr_t msr = rdmsr(MSR_BIOS_DONE);
+	return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
 static void configure_misc(void)
 {
 	config_t *conf = config_of_soc();
--- a/src/soc/intel/skylake/include/soc/msr.h
+++ b/src/soc/intel/skylake/include/soc/msr.h
@ -5,6 +5,9 @@

 #include <intelblocks/msr.h>

+/* IA_UNTRUSTED_MODE is not supported in Sky Lake */
+#define MSR_BIOS_DONE		0x151
+#define  ENABLE_IA_UNTRUSTED	(1 << 0)
 #define MSR_LT_LOCK_MEMORY		0x2e7
 #define MSR_UNCORE_PRMRR_PHYS_BASE	0x2f4
 #define MSR_UNCORE_PRMRR_PHYS_MASK	0x2f5
--- a/src/soc/intel/tigerlake/cpu.c
+++ b/src/soc/intel/tigerlake/cpu.c
@ -23,6 +23,14 @@
 #include <soc/soc_chip.h>
 #include <types.h>

+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	msr_t msr;
+
+	msr = rdmsr(MSR_BIOS_DONE);
+	return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
 static void soc_fsp_load(void)
 {
 	fsps_load();
--- a/src/soc/intel/tigerlake/include/soc/msr.h
+++ b/src/soc/intel/tigerlake/include/soc/msr.h
@ -5,6 +5,8 @@

 #include <intelblocks/msr.h>

-#define MSR_VR_MISC_CONFIG2		0x636
+#define MSR_BIOS_DONE		0x151
+#define  ENABLE_IA_UNTRUSTED	(1 << 0)
+#define MSR_VR_MISC_CONFIG2	0x636

 #endif
--- a/src/soc/intel/xeon_sp/cpx/cpu.c
+++ b/src/soc/intel/xeon_sp/cpx/cpu.c
@ -32,6 +32,12 @@ static const void *microcode_patch;

 static const config_t *chip_config = NULL;

+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	/* IA_UNTRUSTED_MODE is not supported in Cooper Lake */
+	return false;
+}
+
 static void xeon_configure_mca(void)
 {
 	msr_t msr;
--- a/src/soc/intel/xeon_sp/skx/cpu.c
+++ b/src/soc/intel/xeon_sp/skx/cpu.c
@ -20,6 +20,12 @@

 static const config_t *chip_config = NULL;

+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	/* IA_UNTRUSTED_MODE is not supported in Skylake */
+	return false;
+}
+
 static void xeon_configure_mca(void)
 {
 	msr_t msr;