[coreboot-gerrit] Patch set updated for coreboot: soc/intel/apollolake: Move privilege drop to later stage

Thu Dec 8 01:54:43 CET 2016

Andrey Petrov (andrey.petrov at intel.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/17769

-gerrit

commit 21976bd5a89f932fc9121baedbe5a4e8f3975510
Author: Andrey Petrov <andrey.petrov at intel.com>
Date:   Wed Dec 7 10:47:46 2016 -0800

    soc/intel/apollolake: Move privilege drop to later stage
    
    Previously privilege drop was happening "too early" and that caused some
    PMC IPC programming (performed in FSP) to fail because sideband was
    already locked out. Moves privilege drop to later stage, after last FSP
    notify call.
    
    BRANCH=reef
    BUG=chrome-os-partner:60657
    TEST=iotools rdmsr X 0x121, make sure they can't be read.
    Also dmesg|grep -i IPC to make sure there are no errors related
    
    Change-Id: Ia3a774aee5fbf92805a5c69093bfbd3d7682c3a7
    Signed-off-by: Andrey Petrov <andrey.petrov at intel.com>
---
 src/soc/intel/apollolake/Kconfig           |  1 +
 src/soc/intel/apollolake/chip.c            | 22 ++++++++++++++++++++--
 src/soc/intel/apollolake/cpu.c             |  4 +---
 src/soc/intel/apollolake/include/soc/cpu.h |  1 +
 4 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/src/soc/intel/apollolake/Kconfig b/src/soc/intel/apollolake/Kconfig
index 6769af0..b37cde6 100644
--- a/src/soc/intel/apollolake/Kconfig
+++ b/src/soc/intel/apollolake/Kconfig
@@ -36,6 +36,7 @@ config CPU_SPECIFIC_OPTIONS
 	select NO_FIXED_XIP_ROM_SIZE
 	select NO_XIP_EARLY_STAGES
 	select PARALLEL_MP
+	select PARALLEL_MP_AP_WORK
 	select PCIEXP_ASPM
 	select PCIEXP_COMMON_CLOCK
 	select PCIEXP_CLK_PM
diff --git a/src/soc/intel/apollolake/chip.c b/src/soc/intel/apollolake/chip.c
index 32d68cc..5dd3125 100644
--- a/src/soc/intel/apollolake/chip.c
+++ b/src/soc/intel/apollolake/chip.c
@@ -21,6 +21,7 @@
 #include <cbmem.h>
 #include <console/console.h>
 #include <cpu/cpu.h>
+#include <cpu/x86/mp.h>
 #include <device/device.h>
 #include <device/pci.h>
 #include <fsp/api.h>
@@ -489,11 +490,28 @@ struct chip_operations soc_intel_apollolake_ops = {
 	.final = &soc_final
 };
 
+static void drop_privilege_all(void)
+{
+	/* Drop privilege level on BSP first */
+	enable_untrusted_mode();
+	/* .. then all APs */
+	if (mp_run_on_aps(&enable_untrusted_mode, 1000) < 0)
+		printk(BIOS_ERR, "failed to enable untrusted mode\n");
+}
+
 void platform_fsp_notify_status(enum fsp_notify_phase phase)
 {
-	/* Hide the P2SB device to align with previous behavior. */
-	if (phase == END_OF_FIRMWARE)
+	if (phase == END_OF_FIRMWARE) {
+		/* Hide the P2SB device to align with previous behavior. */
 		p2sb_hide();
+		/*
+		 * As per guidelines BIOS is recommended to drop CPU privilege
+		 * level to IA_UNTRUSTED. After that certain device registers
+		 * and MSRs become inaccessible supposedly increasing system
+		 * security.
+		 */
+		drop_privilege_all();
+	}
 }
 
 /*
diff --git a/src/soc/intel/apollolake/cpu.c b/src/soc/intel/apollolake/cpu.c
index 8b8f963..ff300bc 100644
--- a/src/soc/intel/apollolake/cpu.c
+++ b/src/soc/intel/apollolake/cpu.c
@@ -53,7 +53,7 @@ static const struct reg_script core_msr_script[] = {
 	REG_SCRIPT_END
 };
 
-static void enable_untrusted_mode(void)
+void enable_untrusted_mode(void)
 {
 	msr_t msr = rdmsr(MSR_POWER_MISC);
 	msr.lo |= ENABLE_IA_UNTRUSTED;
@@ -70,8 +70,6 @@ static void soc_core_init(device_t cpu)
 	 * implemented in microcode.
 	*/
 	enable_pm_timer_emulation();
-	/* Drop privilege level */
-	enable_untrusted_mode();
 }
 
 static struct device_operations cpu_dev_ops = {
diff --git a/src/soc/intel/apollolake/include/soc/cpu.h b/src/soc/intel/apollolake/include/soc/cpu.h
index db9d3dd..b4c8684 100644
--- a/src/soc/intel/apollolake/include/soc/cpu.h
+++ b/src/soc/intel/apollolake/include/soc/cpu.h
@@ -24,6 +24,7 @@
 
 void apollolake_init_cpus(struct device *dev);
 void set_max_freq(void);
+void enable_untrusted_mode(void);
 #endif
 
 #define CPUID_APOLLOLAKE_A0	0x506c8

