Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 21c9390d97154f2d1c9a206e7257a0e714e4256a^! / .
commit21c9390d97154f2d1c9a206e7257a0e714e4256a[log] [tgz]
authorSubrata Banik <subratabanik@google.com>Sat Jun 08 13:23:53 2024 +0530
committerSubrata Banik <subratabanik@google.com>Thu Jun 13 14:30:31 2024 +0000
tree6c66233985424c7610fbb255f56a9478d075d136
parent4f0b2e04bc78e818a6632fe4d7ce3fb6edcdd855 [diff]
soc/intel/adl: Skip RW CBFS ucode update if RO is locked

This patch eliminates coreboot from loading microcode from RW CBFS
(when the RO descriptor is locked, which indicates a fixed RO image)
because the kernel can already patch the microcode on BSPs and APs
while booting to OS.

This may be a chance to lower the burden on the AP FW side because
patching microcode on in-field devices is subject to firmware updates,
which are rarely published and, if required, must go through the
firmware qualification testing procedure (which is costly, unlike
kernel updates for ucode updates).

1. The FIT loads the necessary microcode from the RO during reset.
2. Reloading microcode from RW CBFS impacts boot time
   (~60ms, core-dependent).
3. The kernel can still load microcode updates.

ChromeOS devices leverage RO+RW-A/RW-B booting. The RO's microcode is
sufficient for initial boot, and the kernel can apply updates later.

BUG=none
TEST=Verified boot optimization; in-field devices skip RW-CBFS microcode
loading when RO is locked.

Change-Id: I68953d45d3624aba0a3be28bc7b266b7621ddcc4
Signed-off-by: Subrata Banik <subratabanik@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/82999
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Reviewed-by: Nick Vaccaro <nvaccaro@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>

diff --git a/src/soc/intel/alderlake/cpu.c b/src/soc/intel/alderlake/cpu.c
index 5b1a690..92b2532 100644
--- a/src/soc/intel/alderlake/cpu.c
+++ b/src/soc/intel/alderlake/cpu.c

@@ -11,6 +11,7 @@
 #include <device/pci_ids.h>
 #include <cpu/x86/mp.h>
 #include <cpu/x86/msr.h>
+#include <cpu/intel/microcode.h>
 #include <cpu/intel/smm_reloc.h>
 #include <cpu/intel/turbo.h>
 #include <cpu/intel/common/common.h>
@@ -333,3 +334,24 @@
 		return 0;
 	}
 }
+
+int soc_skip_ucode_update(u32 current_patch_id, u32 new_patch_id)
+{
+	if (!CONFIG(CHROMEOS))
+		return 0;
+	/*
+	 * Locked RO Descriptor Implications:
+	 *
+	 * - A locked descriptor signals the RO binary is fixed; the FIT will load the
+	 *   RO's microcode during system reset.
+	 * - Attempts to load newer microcode from the RW CBFS will cause a boot-time
+	 *   delay (~60ms, core-dependent), as the microcode must be reloaded on BSP+APs.
+	 * - The kernel can load microcode updates without impacting AP FW boot time.
+	 * - Skipping RW CBFS microcode loading is low-risk when the RO is locked,
+	 *   prioritizing fast boot times.
+	 */
+	if (CONFIG(LOCK_MANAGEMENT_ENGINE) && current_patch_id)
+		return 1;
+
+	return 0;
+}