[coreboot-gerrit] Patch set updated for coreboot: cpu/amd/model_10xxx: Do not initialize SMM memory if SMM is disabled

Thu Aug 13 18:09:06 CEST 2015

Timothy Pearson (tpearson at raptorengineeringinc.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/11211

-gerrit

commit 01727632fbc6371a81e60ce77e0df3e1a1cdaa77
Author: Timothy Pearson <tpearson at raptorengineeringinc.com>
Date:   Wed Aug 12 11:19:10 2015 -0500

    cpu/amd/model_10xxx: Do not initialize SMM memory if SMM is disabled
    
    In the wake of the recent Intel "Memoy Sinkhole" exploit a code review
    of the AMD SMM code was undertaken.  While native Family 10h support
    does not appear to be affected by the same SMM flaw, it also does not
    require SMM to function.  Therefore, the SMM memory range initialization
    should only be executed if SMM will be used on the target platform.
    
    Change-Id: I6531908a7724933e4ba5a2bbefeb89356197e8fd
    Signed-off-by: Timothy Pearson <tpearson at raptorengineeringinc.com>
---
 src/cpu/amd/model_10xxx/model_10xxx_init.c | 34 ++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 9 deletions(-)

diff --git a/src/cpu/amd/model_10xxx/model_10xxx_init.c b/src/cpu/amd/model_10xxx/model_10xxx_init.c
index c17f335..590b89d 100644
--- a/src/cpu/amd/model_10xxx/model_10xxx_init.c
+++ b/src/cpu/amd/model_10xxx/model_10xxx_init.c
@@ -99,15 +99,31 @@ static void model_10xxx_init(device_t dev)
 	msr.hi &= ~(1 << (35-32));
 	wrmsr(BU_CFG2_MSR, msr);
 
-	/* Set SMM base address for this CPU */
-	msr = rdmsr(SMM_BASE_MSR);
-	msr.lo = SMM_BASE - (lapicid() * 0x400);
-	wrmsr(SMM_BASE_MSR, msr);
-
-	/* Enable the SMM memory window */
-	msr = rdmsr(SMM_MASK_MSR);
-	msr.lo |= (1 << 0); /* Enable ASEG SMRAM Range */
-	wrmsr(SMM_MASK_MSR, msr);
+	if (IS_ENABLED(CONFIG_HAVE_SMI_HANDLER)) {
+		printk(BIOS_DEBUG, "Initializing SMM ASeg memory\n");
+
+		/* Set SMM base address for this CPU */
+		msr = rdmsr(SMM_BASE_MSR);
+		msr.lo = SMM_BASE - (lapicid() * 0x400);
+		wrmsr(SMM_BASE_MSR, msr);
+
+		/* Enable the SMM memory window */
+		msr = rdmsr(SMM_MASK_MSR);
+		msr.lo |= (1 << 0); /* Enable ASEG SMRAM Range */
+		wrmsr(SMM_MASK_MSR, msr);
+	} else {
+		printk(BIOS_DEBUG, "Disabling SMM ASeg memory\n");
+
+		/* Set SMM base address for this CPU */
+		msr = rdmsr(SMM_BASE_MSR);
+		msr.lo = SMM_BASE - (lapicid() * 0x400);
+		wrmsr(SMM_BASE_MSR, msr);
+
+		/* Disable the SMM memory window */
+		msr.hi = 0x0;
+		msr.lo = 0x0;
+		wrmsr(SMM_MASK_MSR, msr);
+	}
 
 	/* Set SMMLOCK to avoid exploits messing with SMM */
 	msr = rdmsr(HWCR_MSR);

