soc/intel/sgx: convert SGX and PRMRR devicetree options to Kconfig

The devicetree is not made for user-choosable options, thus introduce Kconfig options for both SGX and the corresponding PRMRR size. The PRMRR size Kconfig has been implemented as a maximum value. At runtime the final PRMRR size gets selected by checking the supported values in MSR_PRMRR_VALID_CONFIG and trying to select the value nearest to the chosen one. When "Maximum" is chosen, the highest possibly value from the MSR gets used. When a too strict limit is set, coreboot will die, printing an error message. Tested successfully on X11SSM-F Change-Id: I5f08e85898304bba6680075ca5d6bce26aef9a4d Signed-off-by: Michael Niewöhner <foss@mniewoehner.de> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35799 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-10-22 23:05:06 +02:00 · 2019-10-22 23:05:06 +02:00 · 7736bfc443
parent e75a64f822
commit 7736bfc443
25 changed files with 130 additions and 82 deletions
--- a/src/mainboard/google/dragonegg/variants/baseboard/devicetree.cb
+++ b/src/mainboard/google/dragonegg/variants/baseboard/devicetree.cb
@ -44,8 +44,6 @@ chip soc/intel/icelake
 	# EC memory map range is 0x900-0x9ff
 	register "gen3_dec" = "0x00fc0901"
 	register "PrmrrSize" = "0x10000000"
 	register "PcieRpEnable[0]" = "1"
 	register "PcieRpEnable[1]" = "1"
 	register "PcieRpEnable[2]" = "1"
--- a/src/mainboard/intel/glkrvp/Kconfig
+++ b/src/mainboard/intel/glkrvp/Kconfig
@ -86,4 +86,8 @@ config IS_GLK_RVP_1
 	bool "Is this RVP1?"
 	default n
 config SOC_INTEL_COMMON_BLOCK_SGX_ENABLE
 	bool
 	default y
 endif # BOARD_INTEL_GLKRVP
--- a/src/mainboard/intel/glkrvp/variants/baseboard/devicetree.cb
+++ b/src/mainboard/intel/glkrvp/variants/baseboard/devicetree.cb
@ -97,14 +97,6 @@ chip soc/intel/apollolake
 	# Minimum SLP S3 assertion width 28ms.
 	register "slp_s3_assertion_width_usecs" = "28000"
 	register "sgx_enable" = "1"
 	# PRMRR size options
 	# 0x02000000 - 32MiB
 	# 0x04000000 - 64MiB
 	# 0x08000000 - 128MiB
 	register "PrmrrSize" = "128 * MiB"
 	register "pnp_settings" = "PNP_PERF_POWER"
 	device domain 0 on
--- a/src/mainboard/intel/icelake_rvp/variants/icl_u/devicetree.cb
+++ b/src/mainboard/intel/icelake_rvp/variants/icl_u/devicetree.cb
@ -48,8 +48,6 @@ chip soc/intel/icelake
 	register "PchHdaDspEnable" = "1"
 	register "PchHdaAudioLinkHda" = "1"
 	register "PrmrrSize" = "0x10000000"
 	register "PcieRpEnable[0]" = "1"
 	register "PcieRpEnable[1]" = "1"
 	register "PcieRpEnable[2]" = "1"
--- a/src/mainboard/intel/icelake_rvp/variants/icl_y/devicetree.cb
+++ b/src/mainboard/intel/icelake_rvp/variants/icl_y/devicetree.cb
@ -48,8 +48,6 @@ chip soc/intel/icelake
 	register "PchHdaDspEnable" = "1"
 	register "PchHdaAudioLinkHda" = "1"
 	register "PrmrrSize" = "0x10000000"
 	register "PcieRpEnable[0]" = "1"
 	register "PcieRpEnable[1]" = "1"
 	register "PcieRpEnable[2]" = "1"
--- a/src/mainboard/supermicro/x11-lga1151-series/devicetree.cb
+++ b/src/mainboard/supermicro/x11-lga1151-series/devicetree.cb
@ -17,10 +17,6 @@ chip soc/intel/skylake
 	register "Device4Enable" = "1"
 	register "SaGv" = "SaGv_Disabled"
 	# Enable SGX
 	register "sgx_enable" = "1"
 	register "PrmrrSize" = "128 * MiB"
 	register "pirqa_routing" = "PCH_IRQ11"
 	register "pirqb_routing" = "PCH_IRQ10"
 	register "pirqc_routing" = "PCH_IRQ11"
--- a/src/soc/intel/apollolake/Makefile.inc
+++ b/src/soc/intel/apollolake/Makefile.inc
@ -1,5 +1,6 @@
 ifeq ($(CONFIG_SOC_INTEL_APOLLOLAKE),y)
 subdirs-y += ../../../cpu/intel/common
 subdirs-y += ../../../cpu/intel/microcode
 subdirs-y += ../../../cpu/intel/turbo
 subdirs-y += ../../../cpu/x86/lapic
--- a/src/soc/intel/apollolake/chip.h
+++ b/src/soc/intel/apollolake/chip.h
@ -139,18 +139,6 @@ struct soc_intel_apollolake_config {
 	/* GPIO SD card detect pin */
 	unsigned int sdcard_cd_gpio;
 	/* PRMRR size setting with three options
 	 *  0x02000000 - 32MiB
 	 *  0x04000000 - 64MiB
 	 *  0x08000000 - 128MiB */
 	uint32_t PrmrrSize;
 	/* Enable SGX feature.
 	 * Enabling SGX feature is 2 step process,
 	 * (1) set sgx_enable = 1
 	 * (2) set PrmrrSize to supported size */
 	uint8_t sgx_enable;
 	/* Select PNP Settings.
 	 * (0) Performance,
 	 * (1) Power
--- a/src/soc/intel/apollolake/cpu.c
+++ b/src/soc/intel/apollolake/cpu.c
@ -72,13 +72,10 @@ static const struct reg_script core_msr_script[] = {
 void soc_core_init(struct device *cpu)
 {
 	config_t *conf = config_of_soc();
 	/* Clear out pending MCEs */
 	/* TODO(adurbin): Some of these banks are core vs package
 			  scope. For now every CPU clears every bank. */
-	if ((CONFIG(SOC_INTEL_COMMON_BLOCK_SGX) && conf->sgx_enable) ||
+	if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX_ENABLE) || acpi_get_sleep_type() == ACPI_S5)
 	    acpi_get_sleep_type() == ACPI_S5)
 		mca_configure();
 	/* Set core MSRs */
@ -91,7 +88,7 @@ void soc_core_init(struct device *cpu)
 	enable_pm_timer_emulation();
 	/* Configure Core PRMRR for SGX. */
-	if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX) && conf->sgx_enable)
+	if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX_ENABLE))
 		prmrr_core_configure();
 	/* Set Max Non-Turbo ratio if RAPL is disabled. */
@ -255,11 +252,9 @@ static void relocation_handler(int cpu, uintptr_t curr_smbase,
 static void post_mp_init(void)
 {
 	config_t *conf = config_of_soc();
 	smm_southbridge_enable(PWRBTN_EN | GBL_EN);
-	if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX) && conf->sgx_enable)
+	if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX_ENABLE))
 		mp_run_on_all_cpus(sgx_configure, NULL);
 }
--- a/src/soc/intel/apollolake/memmap.c
+++ b/src/soc/intel/apollolake/memmap.c
@ -16,23 +16,20 @@
 */
 #include <cbmem.h>
 #include <intelblocks/cpulib.h>
 #include <soc/systemagent.h>
 #include "chip.h"
 void *cbmem_top_chipset(void)
 {
 	const config_t *config;
 	void *tolum = (void *)sa_get_tseg_base();
 	if (!CONFIG(SOC_INTEL_GLK))
 		return tolum;
 	config = config_of_soc();
 	/* FSP allocates 2x PRMRR Size Memory for alignment */
-	if (config->sgx_enable)
+	tolum -= get_prmrr_size() * 2;
 		tolum -= config->PrmrrSize * 2;
 	return tolum;
 }
--- a/src/soc/intel/apollolake/romstage.c
+++ b/src/soc/intel/apollolake/romstage.c
@ -269,9 +269,7 @@ static void soc_memory_init_params(FSPM_UPD *mupd)
 	/* Only for GLK */
 	FSP_M_CONFIG *m_cfg = &mupd->FspmConfig;
-	const config_t *config = config_of_soc();
+	m_cfg->PrmrrSize = get_prmrr_size();
 	m_cfg->PrmrrSize = config->PrmrrSize;
 	/*
 	 * CpuMemoryTest in FSP tests 0 to 1M of the RAM after MRC init.
--- a/src/soc/intel/cannonlake/chip.h
+++ b/src/soc/intel/cannonlake/chip.h
@ -261,12 +261,7 @@ struct soc_intel_cannonlake_config {
 	/* Enable C6 DRAM */
 	uint8_t enable_c6dram;
-	/*
+
 	 * PRMRR size setting with below options
 	 * 0x00100000 - 1MiB
 	 * 0x02000000 - 32MiB and beyond
 	 */
 	uint32_t PrmrrSize;
 	uint8_t PmTimerDisabled;
 	/*
--- a/src/soc/intel/cannonlake/romstage/fsp_params.c
+++ b/src/soc/intel/cannonlake/romstage/fsp_params.c
@ -17,6 +17,7 @@
 #include <cpu/x86/msr.h>
 #include <console/console.h>
 #include <fsp/util.h>
 #include <intelblocks/cpulib.h>
 #include <intelblocks/pmclib.h>
 #include <soc/iomap.h>
 #include <soc/msr.h>
@ -48,7 +49,7 @@ static void soc_memory_init_params(FSP_M_CONFIG *m_cfg, const config_t *config)
 			mask |= (1 << i);
 	}
 	m_cfg->PcieRpEnableMask = mask;
-	m_cfg->PrmrrSize = config->PrmrrSize;
+	m_cfg->PrmrrSize = get_prmrr_size();
 	m_cfg->EnableC6Dram = config->enable_c6dram;
 #if CONFIG(SOC_INTEL_COMETLAKE)
 	m_cfg->SerialIoUartDebugControllerNumber = CONFIG_UART_FOR_CONSOLE;
--- a/src/soc/intel/common/block/cpu/Makefile.inc
+++ b/src/soc/intel/common/block/cpu/Makefile.inc
@ -7,6 +7,7 @@ romstage-$(CONFIG_SOC_INTEL_COMMON_BLOCK_CAR) += car/exit_car.S
 romstage-$(CONFIG_SOC_INTEL_COMMON_BLOCK_CPU) += cpulib.c
 postcar-$(CONFIG_SOC_INTEL_COMMON_BLOCK_CAR) += car/exit_car.S
 postcar-$(CONFIG_SOC_INTEL_COMMON_BLOCK_CPU) += cpulib.c
 postcar-$(CONFIG_FSP_CAR) += car/exit_car_fsp.S
 ramstage-$(CONFIG_SOC_INTEL_COMMON_BLOCK_CPU) += cpulib.c
--- a/src/soc/intel/common/block/cpu/cpulib.c
+++ b/src/soc/intel/common/block/cpu/cpulib.c
@ -325,3 +325,44 @@ void cpu_lt_lock_memory(void *unused)
 {
 	msr_set_bit(MSR_LT_CONTROL, LT_CONTROL_LOCK_BIT);
 }
 int get_prmrr_size(void)
 {
 	msr_t msr;
 	int i;
 	int valid_size;
 	if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_DISABLED)) {
 		printk(BIOS_DEBUG, "PRMRR disabled by config.\n");
 		return 0;
 	}
 	msr = rdmsr(MSR_PRMRR_VALID_CONFIG);
 	if (!msr.lo) {
 		printk(BIOS_WARNING, "PRMRR not supported.\n");
 		return 0;
 	}
 	printk(BIOS_DEBUG, "MSR_PRMRR_VALID_CONFIG = 0x%08x\n", msr.lo);
 	/* find the first (greatest) value that is lower than or equal to the selected size */
 	for (i = 8; i >= 0; i--) {
 		valid_size = msr.lo & (1 << i);
 		if (valid_size && valid_size <= CONFIG_SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE)
 			break;
 		else if (i == 0)
 			valid_size = 0;
 	}
 	/* die if we could not find a valid size within the limit */
 	if (!valid_size)
 		die("Unsupported PRMRR size limit %i MiB, check your config!\n",
 			CONFIG_SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE);
 	printk(BIOS_DEBUG, "PRMRR size set to %i MiB\n", valid_size);
 	valid_size *= MiB;
 	return valid_size;
 }
--- a/src/soc/intel/common/block/include/intelblocks/cpulib.h
+++ b/src/soc/intel/common/block/include/intelblocks/cpulib.h
@ -18,6 +18,7 @@
 #define SOC_INTEL_COMMON_BLOCK_CPULIB_H
 #include <stdint.h>
 #include <stddef.h>
 /*
 * Set PERF_CTL MSR (0x199) P_Req with
@ -164,4 +165,7 @@ void mca_configure(void);
 /* Lock chipset memory registers to protect SMM */
 void cpu_lt_lock_memory(void *unused);
 /* Get the a supported PRMRR size in bytes with respect users choice */
 int get_prmrr_size(void);
 #endif	/* SOC_INTEL_COMMON_BLOCK_CPULIB_H */
--- a/src/soc/intel/common/block/include/intelblocks/msr.h
+++ b/src/soc/intel/common/block/include/intelblocks/msr.h
@ -64,6 +64,7 @@
 #define MSR_PRMRR_PHYS_MASK		0x1f5
 #define  PRMRR_PHYS_MASK_LOCK		(1 << 10)
 #define  PRMRR_PHYS_MASK_VALID		(1 << 11)
 #define MSR_PRMRR_VALID_CONFIG		0x1fb
 #define MSR_POWER_CTL			0x1fc
 #define  POWER_CTL_C1E_MASK		(1 << 1)
 #define MSR_EVICT_CTL			0x2e0
--- a/src/soc/intel/common/block/sgx/Kconfig
+++ b/src/soc/intel/common/block/sgx/Kconfig
@ -4,9 +4,7 @@ config SOC_INTEL_COMMON_BLOCK_SGX
 	select CPU_INTEL_COMMON_HYPERTHREADING
 	default n
 	help
-	 Software Guard eXtension(SGX) Feature. Intel SGX is a set of new CPU
+	  Intel Processor common SGX support
 	 instructions that can be used by applications to set aside private
 	 regions of code and data.
 config SOC_INTEL_COMMON_BLOCK_SGX_LOCK_MEMORY
 	bool
@ -14,3 +12,61 @@ config SOC_INTEL_COMMON_BLOCK_SGX_LOCK_MEMORY
 	default n
 	help
 	 Lock memory before SGX activation. This is only needed if MCHECK does not do it.
 config SOC_INTEL_COMMON_BLOCK_SGX_ENABLE
 	bool "Enable Software Guard Extensions (SGX) if available"
 	depends on SOC_INTEL_COMMON_BLOCK_SGX
 	default n
 	help
 	  Intel Software Guard Extensions (SGX) is a set of new CPU instructions that can be
 	  used by applications to set aside private regions (so-called Secure Enclaves) of
 	  code and data.
 	  SGX will only be enabled when supported by the CPU!
 config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE
 	int
 	default 256 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_MAX
 	default 256 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_256MB
 	default 128 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_128MB
 	default  64 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_64MB
 	default  32 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_32MB
 	default   1 if SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_1MB
 choice
 	prompt "PRMRR size"
 	default SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_MAX if SOC_INTEL_COMMON_BLOCK_SGX_ENABLE
 	default SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_DISABLED if !SOC_INTEL_COMMON_BLOCK_SGX_ENABLE
 	help
 	  PRMRR (Protected Memory Range) is the space in RAM that is used to provide a protected
 	  memory area (e.g. for the Intel SGX Secure Enclaves). The memory region is accessible
 	  only by the processor itself to protect the data from unauthorized access.
 	  This option selects the maximum size that gets reserved. Depending on the SoC a lower,
 	  compatible value may be chosen at runtime as not all values are supported on all
 	  families.
 config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_MAX
 	bool "Maximum"
 config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_256MB
 	bool "256 MiB"
 config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_128MB
 	bool "128 MiB"
 config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_64MB
 	bool "64 MiB"
 config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_32MB
 	bool "32 MiB"
 config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_SIZE_1MB
 	depends on !SOC_INTEL_COMMON_BLOCK_SGX_ENABLE  # SGX depends on PRMRR >= 32 MiB
 	bool "1 MiB"
 config SOC_INTEL_COMMON_BLOCK_SGX_PRMRR_DISABLED
 	depends on !SOC_INTEL_COMMON_BLOCK_SGX_ENABLE  # SGX depends on PRMRR >= 32 MiB
 	bool "Disabled"
 endchoice
--- a/src/soc/intel/common/block/sgx/sgx.c
+++ b/src/soc/intel/common/block/sgx/sgx.c
@ -206,7 +206,7 @@ void sgx_configure(void *unused)
 {
 	if (!is_sgx_supported() || !is_prmrr_set()) {
-		printk(BIOS_ERR, "SGX: pre-conditions not met\n");
+		printk(BIOS_ERR, "SGX: not supported or pre-conditions not met\n");
 		return;
 	}
--- a/src/soc/intel/icelake/chip.h
+++ b/src/soc/intel/icelake/chip.h
@ -206,13 +206,9 @@ struct soc_intel_icelake_config {
 	/* Enable C6 DRAM */
 	uint8_t enable_c6dram;
-	/*
+
 	 * PRMRR size setting with below options
 	 * 0x00100000 - 1MiB
 	 * 0x02000000 - 32MiB and beyond
 	 */
 	uint32_t PrmrrSize;
 	uint8_t PmTimerDisabled;
 	/* Desired platform debug type. */
 	enum {
 		DebugConsent_Disabled,
--- a/src/soc/intel/icelake/romstage/fsp_params.c
+++ b/src/soc/intel/icelake/romstage/fsp_params.c
@ -16,6 +16,7 @@
 #include <assert.h>
 #include <console/console.h>
 #include <fsp/util.h>
 #include <intelblocks/cpulib.h>
 #include <soc/iomap.h>
 #include <soc/pci_devs.h>
 #include <soc/romstage.h>
@ -60,7 +61,7 @@ static void soc_memory_init_params(FSP_M_CONFIG *m_cfg,
 			mask |= (1 << i);
 	}
 	m_cfg->PcieRpEnableMask = mask;
-	m_cfg->PrmrrSize = config->PrmrrSize;
+	m_cfg->PrmrrSize = get_prmrr_size();
 	m_cfg->EnableC6Dram = config->enable_c6dram;
 	/* Disable BIOS Guard */
 	m_cfg->BiosGuard = 0;
--- a/src/soc/intel/skylake/acpi.c
+++ b/src/soc/intel/skylake/acpi.c
@ -205,7 +205,7 @@ static void acpi_create_gnvs(global_nvs_t *gnvs)
 	gnvs->u2we = config->usb2_wake_enable_bitmap;
 	gnvs->u3we = config->usb3_wake_enable_bitmap;
-	if (config->sgx_enable)
+	if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX_ENABLE))
 		sgx_fill_gnvs(gnvs);
 }
--- a/src/soc/intel/skylake/chip.h
+++ b/src/soc/intel/skylake/chip.h
@ -510,14 +510,6 @@ struct soc_intel_skylake_config {
 	*/
 	u8 SendVrMbxCmd;
 	/*
 	 * PRMRR size setting with three options
 	 * 0x02000000 - 32MiB
 	 * 0x04000000 - 64MiB
 	 * 0x08000000 - 128MiB
 	 */
 	u32 PrmrrSize;
 	/* Enable/Disable host reads to PMC XRAM registers */
 	u8 PchPmPmcReadDisable;
@ -576,9 +568,6 @@ struct soc_intel_skylake_config {
 	u8 SlowSlewRateForGt;
 	u8 SlowSlewRateForSa;
 	/* Enable SGX feature */
 	u8 sgx_enable;
 	/* Enable/Disable EIST
 	 * 1b - Enabled
 	 * 0b - Disabled
--- a/src/soc/intel/skylake/cpu.c
+++ b/src/soc/intel/skylake/cpu.c
@ -442,8 +442,6 @@ static void cpu_lock_aesni(void)
 /* All CPUs including BSP will run the following function. */
 void soc_core_init(struct device *cpu)
 {
 	config_t *conf = config_of_soc();
 	/* Clear out pending MCEs */
 	/* TODO(adurbin): This should only be done on a cold boot. Also, some
 	 * of these banks are core vs package scope. For now every CPU clears
@ -479,7 +477,7 @@ void soc_core_init(struct device *cpu)
 	enable_turbo();
 	/* Configure Core PRMRR for SGX. */
-	if (conf->sgx_enable)
+	if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX_ENABLE))
 		prmrr_core_configure();
 }
@ -502,7 +500,6 @@ static void fc_lock_configure(void *unused)
 static void post_mp_init(void)
 {
 	int ret = 0;
 	config_t *conf = config_of_soc();
 	/* Set Max Ratio */
 	cpu_set_max_ratio();
@ -519,7 +516,7 @@ static void post_mp_init(void)
 	ret |= mp_run_on_all_cpus(vmx_configure, NULL);
-	if (conf->sgx_enable)
+	if (CONFIG(SOC_INTEL_COMMON_BLOCK_SGX_ENABLE))
 		ret |= mp_run_on_all_cpus(sgx_configure, NULL);
 	ret |= mp_run_on_all_cpus(fc_lock_configure, NULL);
--- a/src/soc/intel/skylake/romstage/romstage.c
+++ b/src/soc/intel/skylake/romstage/romstage.c
@ -22,6 +22,7 @@
 #include <console/console.h>
 #include <device/pci_def.h>
 #include <fsp/util.h>
 #include <intelblocks/cpulib.h>
 #include <intelblocks/pmclib.h>
 #include <memory_info.h>
 #include <smbios.h>
@ -237,7 +238,7 @@ static void soc_memory_init_params(FSP_M_CONFIG *m_cfg,
 	m_cfg->CmdTriStateDis = config->CmdTriStateDis;
 	m_cfg->DdrFreqLimit = config->DdrFreqLimit;
 	m_cfg->VmxEnable = CONFIG(ENABLE_VMX);
-	m_cfg->PrmrrSize = config->PrmrrSize;
+	m_cfg->PrmrrSize = get_prmrr_size();
 	for (i = 0; i < ARRAY_SIZE(config->PcieRpEnable); i++) {
 		if (config->PcieRpEnable[i])
 			mask |= (1<<i);