[coreboot-gerrit] Patch set updated for coreboot: soc/intel/apollolake: Drop CPU privilege mode later on
Andrey Petrov (andrey.petrov@intel.com)
gerrit at coreboot.org
Wed Dec 7 23:20:52 CET 2016
Andrey Petrov (andrey.petrov at intel.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/17769
-gerrit
commit 6f4bcf45cc4a0a72704fcfb974bfcaf595f555d0
Author: Andrey Petrov <andrey.petrov at intel.com>
Date: Wed Dec 7 10:47:46 2016 -0800
soc/intel/apollolake: Drop CPU privilege mode later on
Drop CPU privilege mode later, after all the FSP stages are
complete.
BRANCH=reef
BUG=chrome-os-partner:60657
TEST=iotools rdmsr X 0x121, make sure they can't be read
Change-Id: Ia3a774aee5fbf92805a5c69093bfbd3d7682c3a7
Signed-off-by: Andrey Petrov <andrey.petrov at intel.com>
---
src/soc/intel/apollolake/Kconfig | 1 +
src/soc/intel/apollolake/chip.c | 18 ++++++++++++++++--
src/soc/intel/apollolake/cpu.c | 4 +---
src/soc/intel/apollolake/include/soc/cpu.h | 1 +
4 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/src/soc/intel/apollolake/Kconfig b/src/soc/intel/apollolake/Kconfig
index 6769af0..b37cde6 100644
--- a/src/soc/intel/apollolake/Kconfig
+++ b/src/soc/intel/apollolake/Kconfig
@@ -36,6 +36,7 @@ config CPU_SPECIFIC_OPTIONS
select NO_FIXED_XIP_ROM_SIZE
select NO_XIP_EARLY_STAGES
select PARALLEL_MP
+ select PARALLEL_MP_AP_WORK
select PCIEXP_ASPM
select PCIEXP_COMMON_CLOCK
select PCIEXP_CLK_PM
diff --git a/src/soc/intel/apollolake/chip.c b/src/soc/intel/apollolake/chip.c
index 32d68cc..825e604 100644
--- a/src/soc/intel/apollolake/chip.c
+++ b/src/soc/intel/apollolake/chip.c
@@ -36,6 +36,7 @@
#include <soc/pm.h>
#include <soc/p2sb.h>
#include <soc/northbridge.h>
+#include <cpu/x86/mp.h>
#include "chip.h"
@@ -489,11 +490,24 @@ struct chip_operations soc_intel_apollolake_ops = {
.final = &soc_final
};
+static void drop_privilege_all(void)
+{
+ /* Drop privilege level on BSP first */
+ enable_untrusted_mode();
+ /* .. then all APs */
+ if (mp_run_on_aps(&enable_untrusted_mode, 1000) < 0)
+ printk(BIOS_ERR, "failed to enable untrusted mode\n");
+}
+
+
void platform_fsp_notify_status(enum fsp_notify_phase phase)
{
- /* Hide the P2SB device to align with previous behavior. */
- if (phase == END_OF_FIRMWARE)
+ if (phase == END_OF_FIRMWARE) {
+ /* Hide the P2SB device to align with previous behavior. */
p2sb_hide();
+ /* Move all CPUs to IA_UNTRUSTED mode */
+ drop_privilege_all();
+ }
}
/*
diff --git a/src/soc/intel/apollolake/cpu.c b/src/soc/intel/apollolake/cpu.c
index 8b8f963..ff300bc 100644
--- a/src/soc/intel/apollolake/cpu.c
+++ b/src/soc/intel/apollolake/cpu.c
@@ -53,7 +53,7 @@ static const struct reg_script core_msr_script[] = {
REG_SCRIPT_END
};
-static void enable_untrusted_mode(void)
+void enable_untrusted_mode(void)
{
msr_t msr = rdmsr(MSR_POWER_MISC);
msr.lo |= ENABLE_IA_UNTRUSTED;
@@ -70,8 +70,6 @@ static void soc_core_init(device_t cpu)
* implemented in microcode.
*/
enable_pm_timer_emulation();
- /* Drop privilege level */
- enable_untrusted_mode();
}
static struct device_operations cpu_dev_ops = {
diff --git a/src/soc/intel/apollolake/include/soc/cpu.h b/src/soc/intel/apollolake/include/soc/cpu.h
index db9d3dd..b4c8684 100644
--- a/src/soc/intel/apollolake/include/soc/cpu.h
+++ b/src/soc/intel/apollolake/include/soc/cpu.h
@@ -24,6 +24,7 @@
void apollolake_init_cpus(struct device *dev);
void set_max_freq(void);
+void enable_untrusted_mode(void);
#endif
#define CPUID_APOLLOLAKE_A0 0x506c8
More information about the coreboot-gerrit
mailing list