diff --git a/src/soc/intel/common/block/include/intelblocks/msr.h b/src/soc/intel/common/block/include/intelblocks/msr.h index 6d78ed8c2f..1025c28e92 100644 --- a/src/soc/intel/common/block/include/intelblocks/msr.h +++ b/src/soc/intel/common/block/include/intelblocks/msr.h @@ -18,8 +18,10 @@ #define MSR_CORE_THREAD_COUNT 0x35 #define IA32_FEATURE_CONTROL 0x3a +#define FEATURE_CONTROL_LOCK (1) #define CPUID_VMX (1 << 5) #define CPUID_SMX (1 << 6) +#define SGX_GLOBAL_ENABLE (1 << 18) #define PLATFORM_INFO_SET_TDP (1 << 29) #define MSR_PLATFORM_INFO 0xce #define MSR_PMG_CST_CONFIG_CONTROL 0xe2 @@ -31,6 +33,8 @@ #define IO_MWAIT_REDIRECT_MASK 0x400 /* Set MSR_PMG_CST_CONFIG_CONTROL[15] to lock CST_CFG [0-15] bits */ #define CST_CFG_LOCK_MASK 0x8000 +#define MSR_BIOS_UPGD_TRIG 0x7a +#define SGX_ACTIVATE_BIT (1) #define MSR_PMG_IO_CAPTURE_BASE 0xe4 #define MSR_POWER_MISC 0x120 #define ENABLE_IA_UNTRUSTED (1 << 6) @@ -62,6 +66,7 @@ #define MISC_PWR_MGMT_ISST_EN_INT (1 << 7) #define MISC_PWR_MGMT_ISST_EN_EPP (1 << 12) #define MSR_TURBO_RATIO_LIMIT 0x1ad +#define PRMRR_PHYS_BASE_MSR 0x1f4 #define PRMRR_PHYS_MASK_MSR 0x1f5 #define PRMRR_PHYS_MASK_LOCK (1 << 10) #define PRMRR_PHYS_MASK_VALID (1 << 11) @@ -69,6 +74,8 @@ #define MSR_EVICT_CTL 0x2e0 #define UNCORE_PRMRR_PHYS_BASE_MSR 0x2f4 #define UNCORE_PRMRR_PHYS_MASK_MSR 0x2f5 +#define MSR_SGX_OWNEREPOCH0 0x300 +#define MSR_SGX_OWNEREPOCH1 0x301 #define IA32_MC0_CTL 0x400 #define IA32_MC0_STATUS 0x401 #define SMM_FEATURE_CONTROL_MSR 0x4e0 @@ -124,5 +131,6 @@ #define SMRR_SUPPORTED (1<<11) #define PRMRR_SUPPORTED (1<<12) +#define SGX_SUPPORTED (1<<2) #endif /* SOC_INTEL_COMMON_MSR_H */ diff --git a/src/soc/intel/common/block/include/intelblocks/sgx.h b/src/soc/intel/common/block/include/intelblocks/sgx.h new file mode 100644 index 0000000000..03d4ab5123 --- /dev/null +++ b/src/soc/intel/common/block/include/intelblocks/sgx.h @@ -0,0 +1,30 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2017 Intel Corporation. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#ifndef SOC_INTEL_COMMON_BLOCK_SGX_H +#define SOC_INTEL_COMMON_BLOCK_SGX_H + +/* + * Lock SGX memory. + * CPU specific code needs to provide the implementation. + */ +void cpu_lock_sgx_memory(void); + +/* + * Configure SGX. + */ +void sgx_configure(const void *microcode_patch); + +#endif /* SOC_INTEL_COMMON_BLOCK_SGX_H */ diff --git a/src/soc/intel/common/block/sgx/Kconfig b/src/soc/intel/common/block/sgx/Kconfig new file mode 100644 index 0000000000..7889582007 --- /dev/null +++ b/src/soc/intel/common/block/sgx/Kconfig @@ -0,0 +1,7 @@ +config SOC_INTEL_COMMON_BLOCK_SGX + bool + default n + help + Software Guard eXtension(SGX) Feature. Intel SGX is a set of new CPU + instructions that can be used by applications to set aside privat + regions of code and data. diff --git a/src/soc/intel/common/block/sgx/Makefile.inc b/src/soc/intel/common/block/sgx/Makefile.inc new file mode 100644 index 0000000000..3fa18d8873 --- /dev/null +++ b/src/soc/intel/common/block/sgx/Makefile.inc @@ -0,0 +1 @@ +ramstage-$(CONFIG_SOC_INTEL_COMMON_BLOCK_SGX) += sgx.c diff --git a/src/soc/intel/skylake/sgx.c b/src/soc/intel/common/block/sgx/sgx.c similarity index 87% rename from src/soc/intel/skylake/sgx.c rename to src/soc/intel/common/block/sgx/sgx.c index 0e887de2ed..5a0b61dda6 100644 --- a/src/soc/intel/skylake/sgx.c +++ b/src/soc/intel/common/block/sgx/sgx.c @@ -18,6 +18,7 @@ #include #include #include +#include #include #include #include @@ -29,7 +30,7 @@ static int is_sgx_supported(void) cpuid_regs = cpuid_ext(0x7, 0x0); /* EBX[2] is feature capability */ msr = rdmsr(MTRR_CAP_MSR); /* Bit 12 is PRMRR enablement */ - return ((cpuid_regs.ebx & 0x4) && (msr.lo & PRMRR_SUPPORTED)); + return ((cpuid_regs.ebx & SGX_SUPPORTED) && (msr.lo & PRMRR_SUPPORTED)); } static int configure_core_prmrr(void) @@ -55,7 +56,7 @@ static int configure_core_prmrr(void) return 0; /* Program core PRMRR MSRs */ - prmrr_base.lo |= 0x6; /* Set memory attribute to cache writeback */ + prmrr_base.lo |= MTRR_TYPE_WRBACK; /* cache writeback mem attrib */ wrmsr(PRMRR_PHYS_BASE_MSR, prmrr_base); prmrr_mask.lo &= ~PRMRR_PHYS_MASK_VALID; /* Do not set the valid bit */ prmrr_mask.lo |= PRMRR_PHYS_MASK_LOCK; /* Lock it */ @@ -69,8 +70,8 @@ static void enable_sgx(void) msr = rdmsr(IA32_FEATURE_CONTROL); /* Only enable it when it is not locked */ - if ((msr.lo & 1) == 0) { - msr.lo |= (1 << 18); /* Enable it */ + if ((msr.lo & FEATURE_CONTROL_LOCK) == 0) { + msr.lo |= SGX_GLOBAL_ENABLE; /* Enable it */ wrmsr(IA32_FEATURE_CONTROL, msr); } } @@ -110,11 +111,12 @@ static void activate_sgx(void) * back and verify the bit is cleared to confirm SGX activation. */ msr = rdmsr(MSR_BIOS_UPGD_TRIG); - if (msr.lo & 0x1) { - wrmsr(MSR_BIOS_UPGD_TRIG, (msr_t) {.lo = 0x1, .hi = 0}); + if (msr.lo & SGX_ACTIVATE_BIT) { + wrmsr(MSR_BIOS_UPGD_TRIG, + (msr_t) {.lo = SGX_ACTIVATE_BIT, .hi = 0}); /* Read back to verify it is activated */ msr = rdmsr(MSR_BIOS_UPGD_TRIG); - if (msr.lo & 0x1) + if (msr.lo & SGX_ACTIVATE_BIT) printk(BIOS_ERR, "SGX activation failed.\n"); else printk(BIOS_INFO, "SGX activation was successful.\n"); @@ -123,11 +125,10 @@ static void activate_sgx(void) } } -void configure_sgx(const void *microcode_patch) +void sgx_configure(const void *microcode_patch) { device_t dev = SA_DEV_ROOT; config_t *conf = dev->chip_info; - msr_t msr; if (!conf->sgx_enable || !is_sgx_supported()) return; @@ -144,11 +145,7 @@ void configure_sgx(const void *microcode_patch) return; /* Ensure to lock memory before reload microcode patch */ - msr = rdmsr(MSR_LT_LOCK_MEMORY); - if ((msr.lo & 1) == 0) { - msr.lo |= 1; /* Lock it */ - wrmsr(MSR_LT_LOCK_MEMORY, msr); - } + cpu_lock_sgx_memory(); /* Reload the microcode patch */ intel_microcode_load_unlocked(microcode_patch); diff --git a/src/soc/intel/skylake/Kconfig b/src/soc/intel/skylake/Kconfig index 1dc80552ce..c558886584 100644 --- a/src/soc/intel/skylake/Kconfig +++ b/src/soc/intel/skylake/Kconfig @@ -65,6 +65,7 @@ config CPU_SPECIFIC_OPTIONS select SOC_INTEL_COMMON_BLOCK_SA select SOC_INTEL_COMMON_BLOCK_SATA select SOC_INTEL_COMMON_BLOCK_SCS + select SOC_INTEL_COMMON_BLOCK_SGX select SOC_INTEL_COMMON_BLOCK_SMBUS select SOC_INTEL_COMMON_BLOCK_TIMER select SOC_INTEL_COMMON_BLOCK_UART diff --git a/src/soc/intel/skylake/Makefile.inc b/src/soc/intel/skylake/Makefile.inc index 75d57a9c19..0a8d10577e 100644 --- a/src/soc/intel/skylake/Makefile.inc +++ b/src/soc/intel/skylake/Makefile.inc @@ -63,7 +63,6 @@ ramstage-y += pmc.c ramstage-y += pmutil.c ramstage-$(CONFIG_PLATFORM_USES_FSP2_0) += reset.c ramstage-y += sd.c -ramstage-y += sgx.c ramstage-y += smi.c ramstage-y += smmrelocate.c ramstage-y += spi.c diff --git a/src/soc/intel/skylake/cpu.c b/src/soc/intel/skylake/cpu.c index e3be73870f..7f455e0d59 100644 --- a/src/soc/intel/skylake/cpu.c +++ b/src/soc/intel/skylake/cpu.c @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include @@ -422,7 +423,7 @@ void soc_core_init(device_t cpu, const void *microcode) enable_turbo(); /* Configure SGX */ - configure_sgx(microcode); + sgx_configure(microcode); } static int adjust_apic_id(int index, int apic_id) @@ -489,7 +490,7 @@ void soc_init_cpus(struct bus *cpu_bus, const void *microcode) * here to get SGX enabled on BSP. This behavior needs to root-caused * and we shall not have this redundant call. */ - configure_sgx(microcode); + sgx_configure(microcode); } int soc_skip_ucode_update(u32 current_patch_id, u32 new_patch_id) @@ -514,3 +515,14 @@ int soc_skip_ucode_update(u32 current_patch_id, u32 new_patch_id) return (msr1.lo & PRMRR_SUPPORTED) && (current_patch_id == new_patch_id - 1); } + +void cpu_lock_sgx_memory(void) +{ + msr_t msr; + + msr = rdmsr(MSR_LT_LOCK_MEMORY); + if ((msr.lo & 1) == 0) { + msr.lo |= 1; /* Lock it */ + wrmsr(MSR_LT_LOCK_MEMORY, msr); + } +} diff --git a/src/soc/intel/skylake/include/soc/cpu.h b/src/soc/intel/skylake/include/soc/cpu.h index 059367aaa9..8073fcdded 100644 --- a/src/soc/intel/skylake/include/soc/cpu.h +++ b/src/soc/intel/skylake/include/soc/cpu.h @@ -56,6 +56,5 @@ void set_power_limits(u8 power_limit_1_time); u32 cpu_family_model(void); u32 cpu_stepping(void); int cpu_is_ult(void); -void configure_sgx(const void *microcode_patch); #endif diff --git a/src/soc/intel/skylake/include/soc/msr.h b/src/soc/intel/skylake/include/soc/msr.h index bb4b8e72ac..81b6cc9de1 100644 --- a/src/soc/intel/skylake/include/soc/msr.h +++ b/src/soc/intel/skylake/include/soc/msr.h @@ -20,7 +20,6 @@ #include #define MSR_PIC_MSG_CONTROL 0x2e -#define MSR_BIOS_UPGD_TRIG 0x7a #define MSR_EMULATE_PM_TIMER 0x121 #define EMULATE_PM_TMR_EN (1 << 16) #define EMULATE_DELAY_OFFSET_VALUE 20 @@ -31,11 +30,8 @@ #define ENERGY_POLICY_NORMAL 6 #define ENERGY_POLICY_POWERSAVE 15 #define IA32_PACKAGE_THERM_INTERRUPT 0x1b2 -#define PRMRR_PHYS_BASE_MSR 0x1f4 #define IA32_PLATFORM_DCA_CAP 0x1f8 #define MSR_LT_LOCK_MEMORY 0x2e7 -#define MSR_SGX_OWNEREPOCH0 0x300 -#define MSR_SGX_OWNEREPOCH1 0x301 #define MSR_VR_CURRENT_CONFIG 0x601 #define MSR_VR_MISC_CONFIG 0x603 #define MSR_VR_MISC_CONFIG2 0x636