From dc194e2bc4e7421d760693702775b39784522bb3 Mon Sep 17 00:00:00 2001 From: Pratik Prajapati Date: Tue, 29 Aug 2017 14:27:07 -0700 Subject: [PATCH] soc/intel/apollolake: Add SGX support - Call into commmon SGX code to configure core PRMRR and follow other SGX init seqeuence. - Enable SOC_INTEL_COMMON_BLOCK_SGX for both GLK - Enable SOC_INTEL_COMMON_BLOCK_CPU_MPINIT for GLK, as MP init needs to be completed before calling into fsp-s for SGX. Change-Id: I9331cf5b2cbc86431e2749b84a55f77f7f3c5960 Signed-off-by: Pratik Prajapati Reviewed-on: https://review.coreboot.org/21276 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin Reviewed-by: Subrata Banik --- src/soc/intel/apollolake/Kconfig | 2 ++ src/soc/intel/apollolake/cpu.c | 48 ++++++++++++++++++++++++++++++-- 2 files changed, 48 insertions(+), 2 deletions(-) diff --git a/src/soc/intel/apollolake/Kconfig b/src/soc/intel/apollolake/Kconfig index 29483f4985..36981efdbc 100644 --- a/src/soc/intel/apollolake/Kconfig +++ b/src/soc/intel/apollolake/Kconfig @@ -7,6 +7,8 @@ config SOC_INTEL_GLK bool default n select SOC_INTEL_APOLLOLAKE + select SOC_INTEL_COMMON_BLOCK_CPU_MPINIT + select SOC_INTEL_COMMON_BLOCK_SGX help Intel GLK support diff --git a/src/soc/intel/apollolake/cpu.c b/src/soc/intel/apollolake/cpu.c index 0401696883..db9dc1b17a 100644 --- a/src/soc/intel/apollolake/cpu.c +++ b/src/soc/intel/apollolake/cpu.c @@ -1,7 +1,7 @@ /* * This file is part of the coreboot project. * - * Copyright (C) 2015-2016 Intel Corp. + * Copyright (C) 2015-2017 Intel Corp. * (Written by Andrey Petrov for Intel Corp.) * (Written by Alexandru Gagniuc for Intel Corp.) * @@ -16,7 +16,9 @@ * GNU General Public License for more details. */ +#include #include +#include "chip.h" #include #include #include @@ -32,11 +34,13 @@ #include #include #include +#include #include #include #include #include #include +#include #include static const struct reg_script core_msr_script[] = { @@ -62,6 +66,12 @@ static const struct reg_script core_msr_script[] = { void soc_core_init(device_t cpu) { + /* Clear out pending MCEs */ + /* TODO(adurbin): This should only be done on a cold boot. Also, some + * of these banks are core vs package scope. For now every CPU clears + * every bank. */ + mca_configure(); + /* Set core MSRs */ reg_script_run(core_msr_script); /* @@ -70,6 +80,10 @@ void soc_core_init(device_t cpu) * implemented in microcode. */ enable_pm_timer_emulation(); + + /* Configure Core PRMRR for SGX. */ + if (IS_ENABLED(CONFIG_SOC_INTEL_COMMON_BLOCK_SGX)) + prmrr_core_configure(); } #if !IS_ENABLED(CONFIG_SOC_INTEL_COMMON_BLOCK_CPU_MPINIT) @@ -213,6 +227,15 @@ static void relocation_handler(int cpu, uintptr_t curr_smbase, * the microcode on all cores before releasing them from reset. That means that * the BSP and all APs will come up with the same microcode revision. */ + +static void post_mp_init(void) +{ + smm_southbridge_enable(); + + if (IS_ENABLED(CONFIG_SOC_INTEL_COMMON_BLOCK_SGX)) + mp_run_on_all_cpus(sgx_configure, 2000); +} + static const struct mp_ops mp_ops = { .pre_mp_init = pre_mp_init, .get_cpu_count = get_cpu_count, @@ -220,7 +243,7 @@ static const struct mp_ops mp_ops = { .get_microcode_info = get_microcode_info, .pre_mp_smm_init = smm_southbridge_clear_state, .relocation_handler = relocation_handler, - .post_mp_init = smm_southbridge_enable, + .post_mp_init = post_mp_init, }; void soc_init_cpus(struct bus *cpu_bus) @@ -241,3 +264,24 @@ void apollolake_init_cpus(struct device *dev) IS_ENABLED(CONFIG_BOOT_DEVICE_SPI_FLASH)) fast_spi_cache_bios_region(); } + +void cpu_lock_sgx_memory(void) +{ + /* Do nothing because MCHECK while loading microcode and enabling + * IA untrusted mode takes care of necessary locking */ +} + +int soc_fill_sgx_param(struct sgx_param *sgx_param) +{ + device_t dev = SA_DEV_ROOT; + assert(dev != NULL); + config_t *conf = dev->chip_info; + + if (!conf) { + printk(BIOS_ERR, "Failed to get chip_info for SGX param\n"); + return -1; + } + + sgx_param->enable = conf->sgx_enable; + return 0; +}