[coreboot] New patch to review for coreboot: 3f49a21 Remove code that enables/disables VMX in coreboot on chromebooks.

Mon Jul 23 23:20:45 CEST 2012

Stefan Reinauer (stefan.reinauer at coreboot.org) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/1276

-gerrit

commit 3f49a21848c62581852fe5de99a65a094c92c212
Author: Ronald G. Minnich <rminnich at chromium.org>
Date:   Tue Jun 5 14:08:10 2012 -0700

    Remove code that enables/disables VMX in coreboot on chromebooks.
    
    There are several reasons for this:
    1. It's a core setting, not a platform setting, which is bizarre. But,
    we disable vmx via an SMI, and that only happens on core 0.
    Hence, the code did not correctly make the same settings on all cores-
    one had them disabled, the others were in an unknown state.
    When (e.g.) kvm started on a vmx-enabled core, then moved to a
    vmx-disabled core, the processor would reset *very* quickly.
    Changing this would be messy.
    
    2. On the CPU on link, there is something about trying to set the lock
    bit that is getting a GPF.
    
    3. It's the wrong place and time to set it. Once controlled, they can't
    be changed in the kernel. The kernel is what should control this
    feature, not the BIOS, as we have learned time and time again. If
    somebody is in as root and can start a VM, you have a lot more to
    worry about than someone starting a guest virtual machine.
    
    Change-Id: I4f36093f1b68207251584066ccb9a6bcfeec767e
    Signed-off-by: Ronald G. Minnich <rminnich at chromium.org>
---
 src/cpu/intel/model_206ax/Kconfig            |    4 ---
 src/cpu/intel/model_206ax/finalize.c         |    1 -
 src/cpu/intel/model_206ax/model_206ax_init.c |   38 --------------------------
 3 files changed, 0 insertions(+), 43 deletions(-)

diff --git a/src/cpu/intel/model_206ax/Kconfig b/src/cpu/intel/model_206ax/Kconfig
index 1b1b8ee..6c70993 100644
--- a/src/cpu/intel/model_206ax/Kconfig
+++ b/src/cpu/intel/model_206ax/Kconfig
@@ -21,10 +21,6 @@ config SMM_TSEG_SIZE
 	hex
 	default 0x800000
 
-config ENABLE_VMX
-	bool "Enable VMX for virtualization"
-	default n
-
 endif
 
 if CPU_INTEL_MODEL_206AX
diff --git a/src/cpu/intel/model_206ax/finalize.c b/src/cpu/intel/model_206ax/finalize.c
index 9de94c4..68cef8d 100644
--- a/src/cpu/intel/model_206ax/finalize.c
+++ b/src/cpu/intel/model_206ax/finalize.c
@@ -43,7 +43,6 @@ static void msr_set_bit(unsigned reg, unsigned bit)
 
 void intel_model_206ax_finalize_smm(void)
 {
-	msr_set_bit(IA32_FEATURE_CONTROL, 0);
 	msr_set_bit(MSR_PMG_CST_CONFIG_CONTROL, 15);
 
 	/* Lock AES-NI only if supported */
diff --git a/src/cpu/intel/model_206ax/model_206ax_init.c b/src/cpu/intel/model_206ax/model_206ax_init.c
index d60c237..b88d7d4 100644
--- a/src/cpu/intel/model_206ax/model_206ax_init.c
+++ b/src/cpu/intel/model_206ax/model_206ax_init.c
@@ -119,41 +119,6 @@ static const uint32_t microcode_updates[] = {
 	#include "x06_microcode.h"
 };
 
-static void enable_vmx(void)
-{
-	struct cpuid_result regs;
-	msr_t msr;
-	int enable = CONFIG_ENABLE_VMX;
-
-	msr = rdmsr(IA32_FEATURE_CONTROL);
-
-	if (msr.lo & (1 << 0)) {
-		printk(BIOS_ERR, "VMX is locked, so enable_vmx will do nothing\n");
-		/* VMX locked. If we set it again we get an illegal
-		 * instruction
-		 */
-		return;
-	}
-
-	regs = cpuid(1);
-	printk(BIOS_DEBUG, "%s VMX\n", enable ? "Enabling" : "Disabling");
-	if (regs.ecx & CPUID_VMX) {
-		if (enable)
-			msr.lo |= (1 << 2);
-		else
-			msr.lo &= ~(1 << 2);
-
-		if (regs.ecx & CPUID_SMX) {
-			if (enable)
-				msr.lo |= (1 << 1);
-			else
-				msr.lo &= ~(1 << 1);
-		}
-	}
-
-	wrmsr(IA32_FEATURE_CONTROL, msr);
-}
-
 /* Convert time in seconds to POWER_LIMIT_1_TIME MSR value */
 static const u8 power_limit_time_sec_to_msr[] = {
 	[0]   = 0x00,
@@ -456,9 +421,6 @@ static void model_206ax_init(device_t cpu)
 	enable_lapic_tpr();
 	setup_lapic();
 
-	/* Enable virtualization if enabled in CMOS */
-	enable_vmx();
-
 	/* Configure C States */
 	configure_c_states();
 


