soc/intel/sgx: convert SGX and PRMRR devicetree options to Kconfig

The devicetree is not made for user-choosable options, thus introduce
Kconfig options for both SGX and the corresponding PRMRR size.

The PRMRR size Kconfig has been implemented as a maximum value. At
runtime the final PRMRR size gets selected by checking the supported
values in MSR_PRMRR_VALID_CONFIG and trying to select the value nearest
to the chosen one.

When "Maximum" is chosen, the highest possibly value from the MSR gets
used. When a too strict limit is set, coreboot will die, printing an
error message.

Tested successfully on X11SSM-F

Change-Id: I5f08e85898304bba6680075ca5d6bce26aef9a4d
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35799
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>

src/mainboard/google/dragonegg/variants/baseboard/devicetree.cb

@@ -44,8 +44,6 @@ chip soc/intel/icelake
 	# EC memory map range is 0x900-0x9ff
 	register "gen3_dec" = "0x00fc0901"
 
-	register "PrmrrSize" = "0x10000000"
-
 	register "PcieRpEnable[0]" = "1"
 	register "PcieRpEnable[1]" = "1"
 	register "PcieRpEnable[2]" = "1"

src/mainboard/intel/glkrvp/Kconfig

@@ -86,4 +86,8 @@ config IS_GLK_RVP_1
 	bool "Is this RVP1?"
 	default n
 
+config SOC_INTEL_COMMON_BLOCK_SGX_ENABLE
+	bool
+	default y
+
 endif # BOARD_INTEL_GLKRVP

src/mainboard/intel/glkrvp/variants/baseboard/devicetree.cb

@@ -97,14 +97,6 @@ chip soc/intel/apollolake
 	# Minimum SLP S3 assertion width 28ms.
 	register "slp_s3_assertion_width_usecs" = "28000"
 
-	register "sgx_enable" = "1"
-
-	# PRMRR size options
-	# 0x02000000 - 32MiB
-	# 0x04000000 - 64MiB
-	# 0x08000000 - 128MiB
-	register "PrmrrSize" = "128 * MiB"
-
 	register "pnp_settings" = "PNP_PERF_POWER"
 
 	device domain 0 on

src/mainboard/intel/icelake_rvp/variants/icl_u/devicetree.cb

@@ -48,8 +48,6 @@ chip soc/intel/icelake
 	register "PchHdaDspEnable" = "1"
 	register "PchHdaAudioLinkHda" = "1"
 
-	register "PrmrrSize" = "0x10000000"
-
 	register "PcieRpEnable[0]" = "1"
 	register "PcieRpEnable[1]" = "1"
 	register "PcieRpEnable[2]" = "1"

src/mainboard/intel/icelake_rvp/variants/icl_y/devicetree.cb

@@ -48,8 +48,6 @@ chip soc/intel/icelake
 	register "PchHdaDspEnable" = "1"
 	register "PchHdaAudioLinkHda" = "1"
 
-	register "PrmrrSize" = "0x10000000"
-
 	register "PcieRpEnable[0]" = "1"
 	register "PcieRpEnable[1]" = "1"
 	register "PcieRpEnable[2]" = "1"

src/mainboard/supermicro/x11-lga1151-series/devicetree.cb

@@ -17,10 +17,6 @@ chip soc/intel/skylake
 	register "Device4Enable" = "1"
 	register "SaGv" = "SaGv_Disabled"
 
-	# Enable SGX
-	register "sgx_enable" = "1"
-	register "PrmrrSize" = "128 * MiB"
-
 	register "pirqa_routing" = "PCH_IRQ11"
 	register "pirqb_routing" = "PCH_IRQ10"
 	register "pirqc_routing" = "PCH_IRQ11"

src/soc/intel/apollolake/Makefile.inc

@@ -1,5 +1,6 @@
 ifeq ($(CONFIG_SOC_INTEL_APOLLOLAKE),y)
 
+subdirs-y += ../../../cpu/intel/common
 subdirs-y += ../../../cpu/intel/microcode
 subdirs-y += ../../../cpu/intel/turbo
 subdirs-y += ../../../cpu/x86/lapic

src/soc/intel/apollolake/chip.h

@@ -139,18 +139,6 @@ struct soc_intel_apollolake_config {
 	/* GPIO SD card detect pin */
 	unsigned int sdcard_cd_gpio;
 
-	/* PRMRR size setting with three options
-	 *  0x02000000 - 32MiB
-	 *  0x04000000 - 64MiB
-	 *  0x08000000 - 128MiB */
-	uint32_t PrmrrSize;
-
-	/* Enable SGX feature.
-	 * Enabling SGX feature is 2 step process,
-	 * (1) set sgx_enable = 1
-	 * (2) set PrmrrSize to supported size */
-	uint8_t sgx_enable;
-
 	/* Select PNP Settings.
 	 * (0) Performance,
 	 * (1) Power

src/soc/intel/apollolake/cpu.c

@@ -72,13 +72,10 @@ static const struct reg_script core_msr_script[] = {
 
 void soc_core_init(struct device *cpu)
 {
-	config_t *conf = config_of_soc();
-
 	/* Clear out pending MCEs */
 	/* TODO(adurbin): Some of these banks are core vs package
 			  scope. For now every CPU clears every bank. */
-	if ((CONFIG(SOC_INTEL_COMMON_BLOCK_SGX) && conf->sgx_enable) ||
-	    acpi_get_sleep_type() == ACPI_S5)
+	if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX_ENABLE) || acpi_get_sleep_type() == ACPI_S5)
 		mca_configure();
 
 	/* Set core MSRs */
@@ -91,7 +88,7 @@ void soc_core_init(struct device *cpu)
 	enable_pm_timer_emulation();
 
 	/* Configure Core PRMRR for SGX. */
-	if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX) && conf->sgx_enable)
+	if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX_ENABLE))
 		prmrr_core_configure();
 
 	/* Set Max Non-Turbo ratio if RAPL is disabled. */
@@ -255,11 +252,9 @@ static void relocation_handler(int cpu, uintptr_t curr_smbase,
 
 static void post_mp_init(void)
 {
-	config_t *conf = config_of_soc();
-
 	smm_southbridge_enable(PWRBTN_EN | GBL_EN);
 
-	if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX) && conf->sgx_enable)
+	if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX_ENABLE))
 		mp_run_on_all_cpus(sgx_configure, NULL);
 }
 

src/soc/intel/apollolake/memmap.c

@@ -16,23 +16,20 @@
  */
 
 #include <cbmem.h>
+#include <intelblocks/cpulib.h>
 #include <soc/systemagent.h>
 
 #include "chip.h"
 
 void *cbmem_top_chipset(void)
 {
-	const config_t *config;
 	void *tolum = (void *)sa_get_tseg_base();
 
 	if (!CONFIG(SOC_INTEL_GLK))
 		return tolum;
 
-	config = config_of_soc();
-
 	/* FSP allocates 2x PRMRR Size Memory for alignment */
-	if (config->sgx_enable)
-		tolum -= config->PrmrrSize * 2;
+	tolum -= get_prmrr_size() * 2;
 
 	return tolum;
 }

src/soc/intel/apollolake/romstage.c

@@ -269,9 +269,7 @@ static void soc_memory_init_params(FSPM_UPD *mupd)
 	/* Only for GLK */
 	FSP_M_CONFIG *m_cfg = &mupd->FspmConfig;
 
-	const config_t *config = config_of_soc();
-
-	m_cfg->PrmrrSize = config->PrmrrSize;
+	m_cfg->PrmrrSize = get_prmrr_size();
 
 	/*
 	 * CpuMemoryTest in FSP tests 0 to 1M of the RAM after MRC init.

src/soc/intel/cannonlake/chip.h

@@ -261,12 +261,7 @@ struct soc_intel_cannonlake_config {
 
 	/* Enable C6 DRAM */
 	uint8_t enable_c6dram;
-	/*
-	 * PRMRR size setting with below options
-	 * 0x00100000 - 1MiB
-	 * 0x02000000 - 32MiB and beyond
-	 */
-	uint32_t PrmrrSize;
+
 	uint8_t PmTimerDisabled;
 
 	/*

src/soc/intel/cannonlake/romstage/fsp_params.c

@@ -17,6 +17,7 @@
 #include <cpu/x86/msr.h>
 #include <console/console.h>
 #include <fsp/util.h>
+#include <intelblocks/cpulib.h>
 #include <intelblocks/pmclib.h>
 #include <soc/iomap.h>
 #include <soc/msr.h>
@@ -48,7 +49,7 @@ static void soc_memory_init_params(FSP_M_CONFIG *m_cfg, const config_t *config)
 			mask |= (1 << i);
 	}
 	m_cfg->PcieRpEnableMask = mask;
-	m_cfg->PrmrrSize = config->PrmrrSize;
+	m_cfg->PrmrrSize = get_prmrr_size();
 	m_cfg->EnableC6Dram = config->enable_c6dram;
 #if CONFIG(SOC_INTEL_COMETLAKE)
 	m_cfg->SerialIoUartDebugControllerNumber = CONFIG_UART_FOR_CONSOLE;

src/soc/intel/common/block/cpu/Makefile.inc

@@ -7,6 +7,7 @@ romstage-$(CONFIG_SOC_INTEL_COMMON_BLOCK_CAR) += car/exit_car.S
 romstage-$(CONFIG_SOC_INTEL_COMMON_BLOCK_CPU) += cpulib.c
 
 postcar-$(CONFIG_SOC_INTEL_COMMON_BLOCK_CAR) += car/exit_car.S
+postcar-$(CONFIG_SOC_INTEL_COMMON_BLOCK_CPU) += cpulib.c
 postcar-$(CONFIG_FSP_CAR) += car/exit_car_fsp.S
 
 ramstage-$(CONFIG_SOC_INTEL_COMMON_BLOCK_CPU) += cpulib.c

src/soc/intel/common/block/cpu/cpulib.c

@@ -325,3 +325,44 @@ void cpu_lt_lock_memory(void *unused)
 {
 	msr_set_bit(MSR_LT_CONTROL, LT_CONTROL_LOCK_BIT);
 }
+
+int get_prmrr_size(void)
+{
+	msr_t msr;
+	int i;
+	int valid_size;
+
+	if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_DISABLED)) {
+		printk(BIOS_DEBUG, "PRMRR disabled by config.\n");
+		return 0;
+	}
+
+	msr = rdmsr(MSR_PRMRR_VALID_CONFIG);
+	if (!msr.lo) {
+		printk(BIOS_WARNING, "PRMRR not supported.\n");
+		return 0;
+	}
+
+	printk(BIOS_DEBUG, "MSR_PRMRR_VALID_CONFIG = 0x%08x\n", msr.lo);
+
+	/* find the first (greatest) value that is lower than or equal to the selected size */
+	for (i = 8; i >= 0; i--) {
+		valid_size = msr.lo & (1 << i);
+
+		if (valid_size && valid_size <= CONFIG_SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE)
+			break;
+		else if (i == 0)
+			valid_size = 0;
+	}
+
+	/* die if we could not find a valid size within the limit */
+	if (!valid_size)
+		die("Unsupported PRMRR size limit %i MiB, check your config!\n",
+			CONFIG_SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE);
+
+	printk(BIOS_DEBUG, "PRMRR size set to %i MiB\n", valid_size);
+
+	valid_size *= MiB;
+
+	return valid_size;
+}

src/soc/intel/common/block/include/intelblocks/cpulib.h

@@ -18,6 +18,7 @@
 #define SOC_INTEL_COMMON_BLOCK_CPULIB_H
 
 #include <stdint.h>
+#include <stddef.h>
 
 /*
  * Set PERF_CTL MSR (0x199) P_Req with
@@ -164,4 +165,7 @@ void mca_configure(void);
 /* Lock chipset memory registers to protect SMM */
 void cpu_lt_lock_memory(void *unused);
 
+/* Get the a supported PRMRR size in bytes with respect users choice */
+int get_prmrr_size(void);
+
 #endif	/* SOC_INTEL_COMMON_BLOCK_CPULIB_H */

src/soc/intel/common/block/include/intelblocks/msr.h

@@ -64,6 +64,7 @@
 #define MSR_PRMRR_PHYS_MASK		0x1f5
 #define  PRMRR_PHYS_MASK_LOCK		(1 << 10)
 #define  PRMRR_PHYS_MASK_VALID		(1 << 11)
+#define MSR_PRMRR_VALID_CONFIG		0x1fb
 #define MSR_POWER_CTL			0x1fc
 #define  POWER_CTL_C1E_MASK		(1 << 1)
 #define MSR_EVICT_CTL			0x2e0

src/soc/intel/common/block/sgx/Kconfig

@@ -4,9 +4,7 @@ config SOC_INTEL_COMMON_BLOCK_SGX
 	select CPU_INTEL_COMMON_HYPERTHREADING
 	default n
 	help
-	 Software Guard eXtension(SGX) Feature. Intel SGX is a set of new CPU
-	 instructions that can be used by applications to set aside private
-	 regions of code and data.
+	  Intel Processor common SGX support
 
 config SOC_INTEL_COMMON_BLOCK_SGX_LOCK_MEMORY
 	bool
@@ -14,3 +12,61 @@ config SOC_INTEL_COMMON_BLOCK_SGX_LOCK_MEMORY
 	default n
 	help
 	 Lock memory before SGX activation. This is only needed if MCHECK does not do it.
+
+config SOC_INTEL_COMMON_BLOCK_SGX_ENABLE
+	bool "Enable Software Guard Extensions (SGX) if available"
+	depends on SOC_INTEL_COMMON_BLOCK_SGX
+	default n
+	help
+	  Intel Software Guard Extensions (SGX) is a set of new CPU instructions that can be
+	  used by applications to set aside private regions (so-called Secure Enclaves) of
+	  code and data.
+
+	  SGX will only be enabled when supported by the CPU!
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE
+	int
+	default 256 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_MAX
+	default 256 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_256MB
+	default 128 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_128MB
+	default  64 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_64MB
+	default  32 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_32MB
+	default   1 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_1MB
+
+choice
+	prompt "PRMRR size"
+	default SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_MAX if SOC_INTEL_COMMON_BLOCK_SGX_ENABLE
+	default SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_DISABLED if !SOC_INTEL_COMMON_BLOCK_SGX_ENABLE
+	help
+	  PRMRR (Protected Memory Range) is the space in RAM that is used to provide a protected
+	  memory area (e.g. for the Intel SGX Secure Enclaves). The memory region is accessible
+	  only by the processor itself to protect the data from unauthorized access.
+
+	  This option selects the maximum size that gets reserved. Depending on the SoC a lower,
+	  compatible value may be chosen at runtime as not all values are supported on all
+	  families.
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_MAX
+	bool "Maximum"
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_256MB
+	bool "256 MiB"
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_128MB
+	bool "128 MiB"
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_64MB
+	bool "64 MiB"
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_32MB
+	bool "32 MiB"
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_1MB
+	depends on !SOC_INTEL_COMMON_BLOCK_SGX_ENABLE  # SGX depends on PRMRR >= 32 MiB
+	bool "1 MiB"
+
+config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_DISABLED
+	depends on !SOC_INTEL_COMMON_BLOCK_SGX_ENABLE  # SGX depends on PRMRR >= 32 MiB
+	bool "Disabled"
+
+endchoice

src/soc/intel/common/block/sgx/sgx.c

@@ -206,7 +206,7 @@ void sgx_configure(void *unused)
 {
 
 	if (!is_sgx_supported() || !is_prmrr_set()) {
-		printk(BIOS_ERR, "SGX: pre-conditions not met\n");
+		printk(BIOS_ERR, "SGX: not supported or pre-conditions not met\n");
 		return;
 	}
 

src/soc/intel/icelake/chip.h

@@ -206,13 +206,9 @@ struct soc_intel_icelake_config {
 
 	/* Enable C6 DRAM */
 	uint8_t enable_c6dram;
-	/*
-	 * PRMRR size setting with below options
-	 * 0x00100000 - 1MiB
-	 * 0x02000000 - 32MiB and beyond
-	 */
-	uint32_t PrmrrSize;
+
 	uint8_t PmTimerDisabled;
+
 	/* Desired platform debug type. */
 	enum {
 		DebugConsent_Disabled,

src/soc/intel/icelake/romstage/fsp_params.c

@@ -16,6 +16,7 @@
 #include <assert.h>
 #include <console/console.h>
 #include <fsp/util.h>
+#include <intelblocks/cpulib.h>
 #include <soc/iomap.h>
 #include <soc/pci_devs.h>
 #include <soc/romstage.h>
@@ -60,7 +61,7 @@ static void soc_memory_init_params(FSP_M_CONFIG *m_cfg,
 			mask |= (1 << i);
 	}
 	m_cfg->PcieRpEnableMask = mask;
-	m_cfg->PrmrrSize = config->PrmrrSize;
+	m_cfg->PrmrrSize = get_prmrr_size();
 	m_cfg->EnableC6Dram = config->enable_c6dram;
 	/* Disable BIOS Guard */
 	m_cfg->BiosGuard = 0;

src/soc/intel/skylake/acpi.c

@@ -205,7 +205,7 @@ static void acpi_create_gnvs(global_nvs_t *gnvs)
 	gnvs->u2we = config->usb2_wake_enable_bitmap;
 	gnvs->u3we = config->usb3_wake_enable_bitmap;
 
-	if (config->sgx_enable)
+	if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX_ENABLE))
 		sgx_fill_gnvs(gnvs);
 }
 

src/soc/intel/skylake/chip.h

@@ -510,14 +510,6 @@ struct soc_intel_skylake_config {
 	*/
 	u8 SendVrMbxCmd;
 
-	/*
-	 * PRMRR size setting with three options
-	 * 0x02000000 - 32MiB
-	 * 0x04000000 - 64MiB
-	 * 0x08000000 - 128MiB
-	 */
-	u32 PrmrrSize;
-
 	/* Enable/Disable host reads to PMC XRAM registers */
 	u8 PchPmPmcReadDisable;
 
@@ -576,9 +568,6 @@ struct soc_intel_skylake_config {
 	u8 SlowSlewRateForGt;
 	u8 SlowSlewRateForSa;
 
-	/* Enable SGX feature */
-	u8 sgx_enable;
-
 	/* Enable/Disable EIST
 	 * 1b - Enabled
 	 * 0b - Disabled

src/soc/intel/skylake/cpu.c

@@ -442,8 +442,6 @@ static void cpu_lock_aesni(void)
 /* All CPUs including BSP will run the following function. */
 void soc_core_init(struct device *cpu)
 {
-	config_t *conf = config_of_soc();
-
 	/* Clear out pending MCEs */
 	/* TODO(adurbin): This should only be done on a cold boot. Also, some
 	 * of these banks are core vs package scope. For now every CPU clears
@@ -479,7 +477,7 @@ void soc_core_init(struct device *cpu)
 	enable_turbo();
 
 	/* Configure Core PRMRR for SGX. */
-	if (conf->sgx_enable)
+	if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX_ENABLE))
 		prmrr_core_configure();
 }
 
@@ -502,7 +500,6 @@ static void fc_lock_configure(void *unused)
 static void post_mp_init(void)
 {
 	int ret = 0;
-	config_t *conf = config_of_soc();
 
 	/* Set Max Ratio */
 	cpu_set_max_ratio();
@@ -519,7 +516,7 @@ static void post_mp_init(void)
 
 	ret |= mp_run_on_all_cpus(vmx_configure, NULL);
 
-	if (conf->sgx_enable)
+	if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX_ENABLE))
 		ret |= mp_run_on_all_cpus(sgx_configure, NULL);
 
 	ret |= mp_run_on_all_cpus(fc_lock_configure, NULL);

src/soc/intel/skylake/romstage/romstage.c

@@ -22,6 +22,7 @@
 #include <console/console.h>
 #include <device/pci_def.h>
 #include <fsp/util.h>
+#include <intelblocks/cpulib.h>
 #include <intelblocks/pmclib.h>
 #include <memory_info.h>
 #include <smbios.h>
@@ -237,7 +238,7 @@ static void soc_memory_init_params(FSP_M_CONFIG *m_cfg,
 	m_cfg->CmdTriStateDis = config->CmdTriStateDis;
 	m_cfg->DdrFreqLimit = config->DdrFreqLimit;
 	m_cfg->VmxEnable = CONFIG(ENABLE_VMX);
-	m_cfg->PrmrrSize = config->PrmrrSize;
+	m_cfg->PrmrrSize = get_prmrr_size();
 	for (i = 0; i < ARRAY_SIZE(config->PcieRpEnable); i++) {
 		if (config->PcieRpEnable[i])
 			mask |= (1<<i);