lib/stage_cache: Refactor Kconfig options
Add explicit CBMEM_STAGE_CACHE option. Rename
CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM to TSEG_STAGE_CACHE.
Platforms with SMM_TSEG=y always need to implement
stage_cache_external_region(). It is allowed to return with a
region of size 0 to effectively disable the cache.
There are no provisions in Kconfig to degrade from
TSEG_STAGE_CACHE to CBMEM_STAGE_CACHE.
As a security measure CBMEM_STAGE_CACHE default is changed to
disabled. AGESA platforms without TSEG will experience slower
S3 resume speed unless they explicitly select the option.
Change-Id: Ibbdc701ea85b5a3208ca4e98c428b05b6d4e5340
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34664
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
diff --git a/src/Kconfig b/src/Kconfig
index 2bb5bfe..6288d0b 100644
--- a/src/Kconfig
+++ b/src/Kconfig
@@ -250,12 +250,28 @@
wake. When selecting this option the romstage is responsible for
determing a stack location to use for loading the ramstage.
-config CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
- depends on RELOCATABLE_RAMSTAGE
+config TSEG_STAGE_CACHE
bool
+ default y
+ depends on !NO_STAGE_CACHE && SMM_TSEG
help
- The relocated ramstage is saved in an area specified by the
- by the board and/or chipset.
+ The option enables stage cache support for platform. Platform
+ can stash copies of postcar, ramstage and raw runtime data
+ inside SMM TSEG, to be restored on S3 resume path.
+
+config CBMEM_STAGE_CACHE
+ bool "Cache stages in CBMEM"
+ depends on !NO_STAGE_CACHE && !TSEG_STAGE_CACHE
+ help
+ The option enables stage cache support for platform. Platform
+ can stash copies of postcar, ramstage and raw runtime data
+ inside CBMEM.
+
+ While the approach is faster than reloading stages from boot media
+ it is also a possible attack scenario via which OS can possibly
+ circumvent SMM locks and SPI write protections.
+
+ If unsure, select 'N'
config UPDATE_IMAGE
bool "Update existing coreboot.rom image"
@@ -1143,7 +1159,7 @@
config NO_STAGE_CACHE
bool
- default y if !HAVE_ACPI_RESUME
+ default y if !HAVE_ACPI_RESUME || !RELOCATABLE_RAMSTAGE
help
Do not save any component in stage cache for resume path. On resume,
all components would be read back from CBFS again.
diff --git a/src/cpu/intel/model_2065x/Kconfig b/src/cpu/intel/model_2065x/Kconfig
index 089b3fe..a3a58b6 100644
--- a/src/cpu/intel/model_2065x/Kconfig
+++ b/src/cpu/intel/model_2065x/Kconfig
@@ -21,7 +21,6 @@
select CPU_INTEL_COMMON
select NO_FIXED_XIP_ROM_SIZE
select PARALLEL_MP
- select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
config BOOTBLOCK_CPU_INIT
string
diff --git a/src/cpu/intel/model_206ax/Kconfig b/src/cpu/intel/model_206ax/Kconfig
index 2af63d6..ced3340 100644
--- a/src/cpu/intel/model_206ax/Kconfig
+++ b/src/cpu/intel/model_206ax/Kconfig
@@ -19,7 +19,6 @@
#select AP_IN_SIPI_WAIT
select TSC_SYNC_MFENCE
select CPU_INTEL_COMMON
- select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
select PARALLEL_MP
select NO_FIXED_XIP_ROM_SIZE
diff --git a/src/cpu/intel/smm/gen1/smmrelocate.c b/src/cpu/intel/smm/gen1/smmrelocate.c
index 986929c..d8021e6 100644
--- a/src/cpu/intel/smm/gen1/smmrelocate.c
+++ b/src/cpu/intel/smm/gen1/smmrelocate.c
@@ -121,7 +121,7 @@
}
/* Adjust available SMM handler memory size. */
- if (CONFIG(CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM)) {
+ if (CONFIG(TSEG_STAGE_CACHE)) {
ASSERT(params->smram_size > CONFIG_SMM_RESERVED_SIZE);
params->smram_size -= CONFIG_SMM_RESERVED_SIZE;
}
diff --git a/src/include/stage_cache.h b/src/include/stage_cache.h
index 3483c0c..3c7d9fa 100644
--- a/src/include/stage_cache.h
+++ b/src/include/stage_cache.h
@@ -32,8 +32,7 @@
STAGE_S3_DATA,
};
-#if CONFIG(CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM) \
- || CONFIG(RELOCATABLE_RAMSTAGE)
+#if CONFIG(TSEG_STAGE_CACHE) || CONFIG(CBMEM_STAGE_CACHE)
/* Cache the loaded stage provided according to the parameters. */
void stage_cache_add(int stage_id, const struct prog *stage);
/* Load the cached stage at given location returning the stage entry point. */
diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc
index 9deb5bf..e5678ff 100644
--- a/src/lib/Makefile.inc
+++ b/src/lib/Makefile.inc
@@ -176,16 +176,13 @@
romstage-$(CONFIG_REG_SCRIPT) += reg_script.c
ramstage-$(CONFIG_REG_SCRIPT) += reg_script.c
-ifeq ($(CONFIG_CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM),y)
-ramstage-y += ext_stage_cache.c
-romstage-y += ext_stage_cache.c
-postcar-y += ext_stage_cache.c
-else
-ramstage-$(CONFIG_RELOCATABLE_RAMSTAGE) += cbmem_stage_cache.c
-romstage-$(CONFIG_RELOCATABLE_RAMSTAGE) += cbmem_stage_cache.c
-postcar-$(CONFIG_RELOCATABLE_RAMSTAGE) += cbmem_stage_cache.c
-endif
+ramstage-$(CONFIG_TSEG_STAGE_CACHE) += ext_stage_cache.c
+romstage-$(CONFIG_TSEG_STAGE_CACHE) += ext_stage_cache.c
+postcar-$(CONFIG_TSEG_STAGE_CACHE) += ext_stage_cache.c
+ramstage-$(CONFIG_CBMEM_STAGE_CACHE) += cbmem_stage_cache.c
+romstage-$(CONFIG_CBMEM_STAGE_CACHE) += cbmem_stage_cache.c
+postcar-$(CONFIG_CBMEM_STAGE_CACHE) += cbmem_stage_cache.c
romstage-y += boot_device.c
ramstage-y += boot_device.c
diff --git a/src/northbridge/intel/gm45/Kconfig b/src/northbridge/intel/gm45/Kconfig
index c3d2482..576ae47 100644
--- a/src/northbridge/intel/gm45/Kconfig
+++ b/src/northbridge/intel/gm45/Kconfig
@@ -29,7 +29,6 @@
select POSTCAR_STAGE
select POSTCAR_CONSOLE
select PARALLEL_MP
- select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
config CBFS_SIZE
hex
diff --git a/src/northbridge/intel/haswell/Kconfig b/src/northbridge/intel/haswell/Kconfig
index 3678cb8..dbf91bf 100644
--- a/src/northbridge/intel/haswell/Kconfig
+++ b/src/northbridge/intel/haswell/Kconfig
@@ -19,7 +19,6 @@
select CACHE_MRC_SETTINGS
select INTEL_DDI
select INTEL_GMA_ACPI
- select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
select POSTCAR_STAGE
select POSTCAR_CONSOLE
select C_ENVIRONMENT_BOOTBLOCK
diff --git a/src/northbridge/intel/i945/Kconfig b/src/northbridge/intel/i945/Kconfig
index b151e8f..1a4d887 100644
--- a/src/northbridge/intel/i945/Kconfig
+++ b/src/northbridge/intel/i945/Kconfig
@@ -30,7 +30,6 @@
select POSTCAR_STAGE
select POSTCAR_CONSOLE
select PARALLEL_MP
- select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
config NORTHBRIDGE_INTEL_SUBTYPE_I945GC
def_bool n
diff --git a/src/northbridge/intel/pineview/Kconfig b/src/northbridge/intel/pineview/Kconfig
index 37959dd..8acfaf8 100644
--- a/src/northbridge/intel/pineview/Kconfig
+++ b/src/northbridge/intel/pineview/Kconfig
@@ -31,7 +31,6 @@
select POSTCAR_STAGE
select POSTCAR_CONSOLE
select PARALLEL_MP
- select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
select C_ENVIRONMENT_BOOTBLOCK
config BOOTBLOCK_NORTHBRIDGE_INIT
diff --git a/src/northbridge/intel/x4x/Kconfig b/src/northbridge/intel/x4x/Kconfig
index ce43936..a819f57 100644
--- a/src/northbridge/intel/x4x/Kconfig
+++ b/src/northbridge/intel/x4x/Kconfig
@@ -29,7 +29,6 @@
select POSTCAR_STAGE
select POSTCAR_CONSOLE
select PARALLEL_MP
- select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
config CBFS_SIZE
hex
diff --git a/src/soc/amd/picasso/Kconfig b/src/soc/amd/picasso/Kconfig
index 0ba90ef..1c2ec84 100644
--- a/src/soc/amd/picasso/Kconfig
+++ b/src/soc/amd/picasso/Kconfig
@@ -52,7 +52,6 @@
select C_ENVIRONMENT_BOOTBLOCK
select BOOT_DEVICE_SUPPORTS_WRITES if BOOT_DEVICE_SPI_FLASH
select BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY if BOOT_DEVICE_SPI_FLASH
- select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM if HAVE_ACPI_RESUME
select PARALLEL_MP
select PARALLEL_MP_AP_WORK
select HAVE_SMI_HANDLER
diff --git a/src/soc/amd/stoneyridge/Kconfig b/src/soc/amd/stoneyridge/Kconfig
index ea0ad5f..5f1d2f3a 100644
--- a/src/soc/amd/stoneyridge/Kconfig
+++ b/src/soc/amd/stoneyridge/Kconfig
@@ -73,7 +73,6 @@
select C_ENVIRONMENT_BOOTBLOCK
select BOOT_DEVICE_SUPPORTS_WRITES if BOOT_DEVICE_SPI_FLASH
select BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY if BOOT_DEVICE_SPI_FLASH
- select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM if HAVE_ACPI_RESUME
select PARALLEL_MP
select PARALLEL_MP_AP_WORK
select HAVE_SMI_HANDLER
diff --git a/src/soc/intel/apollolake/Kconfig b/src/soc/intel/apollolake/Kconfig
index cf3d244..b5073c04 100644
--- a/src/soc/intel/apollolake/Kconfig
+++ b/src/soc/intel/apollolake/Kconfig
@@ -40,7 +40,6 @@
# Misc options
select C_ENVIRONMENT_BOOTBLOCK
select CACHE_MRC_SETTINGS
- select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
select COLLECT_TIMESTAMPS
select COMMON_FADT
select FSP_PLATFORM_MEMORY_SETTINGS_VERSIONS
diff --git a/src/soc/intel/braswell/Kconfig b/src/soc/intel/braswell/Kconfig
index 980d0644..76adae1 100644
--- a/src/soc/intel/braswell/Kconfig
+++ b/src/soc/intel/braswell/Kconfig
@@ -14,7 +14,6 @@
select ARCH_VERSTAGE_X86_32
select BOOT_DEVICE_SUPPORTS_WRITES
select CACHE_MRC_SETTINGS
- select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
select COLLECT_TIMESTAMPS
select SUPPORT_CPU_UCODE_IN_CBFS
select MICROCODE_BLOB_NOT_IN_BLOB_REPO
diff --git a/src/soc/intel/broadwell/Kconfig b/src/soc/intel/broadwell/Kconfig
index bf6b78c..696cf98 100644
--- a/src/soc/intel/broadwell/Kconfig
+++ b/src/soc/intel/broadwell/Kconfig
@@ -15,7 +15,6 @@
select BOOT_DEVICE_SUPPORTS_WRITES
select CACHE_MRC_SETTINGS
select MRC_SETTINGS_PROTECT
- select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
select CPU_INTEL_FIRMWARE_INTERFACE_TABLE
select SUPPORT_CPU_UCODE_IN_CBFS
select HAVE_SMI_HANDLER
diff --git a/src/soc/intel/cannonlake/Kconfig b/src/soc/intel/cannonlake/Kconfig
index 6dbf35f..4bc6a65 100644
--- a/src/soc/intel/cannonlake/Kconfig
+++ b/src/soc/intel/cannonlake/Kconfig
@@ -59,7 +59,6 @@
select BOOT_DEVICE_SUPPORTS_WRITES
select C_ENVIRONMENT_BOOTBLOCK
select CACHE_MRC_SETTINGS
- select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
select COMMON_FADT
select CPU_INTEL_COMMON
select CPU_INTEL_FIRMWARE_INTERFACE_TABLE
diff --git a/src/soc/intel/icelake/Kconfig b/src/soc/intel/icelake/Kconfig
index 99000bb..7931018 100644
--- a/src/soc/intel/icelake/Kconfig
+++ b/src/soc/intel/icelake/Kconfig
@@ -16,7 +16,6 @@
select BOOT_DEVICE_SUPPORTS_WRITES
select C_ENVIRONMENT_BOOTBLOCK
select CACHE_MRC_SETTINGS
- select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
select COMMON_FADT
select CPU_INTEL_FIRMWARE_INTERFACE_TABLE
select FSP_M_XIP
diff --git a/src/soc/intel/skylake/Kconfig b/src/soc/intel/skylake/Kconfig
index f36d5ca..4f4ec46 100644
--- a/src/soc/intel/skylake/Kconfig
+++ b/src/soc/intel/skylake/Kconfig
@@ -27,7 +27,6 @@
select BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY if BOOT_DEVICE_SPI_FLASH
select BOOT_DEVICE_SUPPORTS_WRITES
select CACHE_MRC_SETTINGS
- select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM
select COLLECT_TIMESTAMPS
select COMMON_FADT
select CPU_INTEL_COMMON