soc/intel/common/cpu: Use SoC overrides to get CPU privilege level This patch implements a SoC overrides to check CPU privilege level as the MSR is not consistent across platforms. For example: On APL/GLK/DNV, it's MSR 0x120 and CNL onwards it's MSR 0x151. BUG=b:211573253, b:211950520 Signed-off-by: Subrata Banik <subratabanik@google.com> Change-Id: I515f0a3548bc5d6250e30f963d46f28f3c1b90b3 Reviewed-on: https://review.coreboot.org/c/coreboot/+/60900 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>

commit: 56ab8e2aae25efc839daeb56d5922e66d2680aec [log] [tgz]
author: Subrata Banik <subratabanik@google.com> Fri Jan 07 13:40:19 2022 +0000
committer: Subrata Banik <subratabanik@google.com> Wed Jan 19 09:57:47 2022 +0000
tree: 2790032028d9ddba711fe08a3eaab3105d571acd
parent: 6ac5dc2ca6a6b09d1b0156c2db6aa1385ccaf13e [diff]
diff --git a/src/soc/intel/alderlake/cpu.c b/src/soc/intel/alderlake/cpu.c
index 95f8a50..92ffe87 100644
--- a/src/soc/intel/alderlake/cpu.c
+++ b/src/soc/intel/alderlake/cpu.c

@@ -25,6 +25,14 @@
 #include <soc/soc_chip.h>
 #include <types.h>
 
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	msr_t msr;
+
+	msr = rdmsr(MSR_BIOS_DONE);
+	return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
 static void soc_fsp_load(void)
 {
 	fsps_load();

diff --git a/src/soc/intel/alderlake/include/soc/msr.h b/src/soc/intel/alderlake/include/soc/msr.h
index 954fce0..5bdbf92 100644
--- a/src/soc/intel/alderlake/include/soc/msr.h
+++ b/src/soc/intel/alderlake/include/soc/msr.h

@@ -5,6 +5,8 @@
 
 #include <intelblocks/msr.h>
 
-#define MSR_VR_MISC_CONFIG2		0x636
+#define MSR_BIOS_DONE		0x151
+#define  ENABLE_IA_UNTRUSTED	(1 << 0)
+#define MSR_VR_MISC_CONFIG2	0x636
 
 #endif

diff --git a/src/soc/intel/apollolake/cpu.c b/src/soc/intel/apollolake/cpu.c
index af0a6dc..74aeee9 100644
--- a/src/soc/intel/apollolake/cpu.c
+++ b/src/soc/intel/apollolake/cpu.c

@@ -47,6 +47,14 @@
 	REG_SCRIPT_END
 };
 
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	msr_t msr;
+
+	msr = rdmsr(MSR_POWER_MISC);
+	return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
 void soc_core_init(struct device *cpu)
 {
 	/* Configure Core PRMRR for SGX. */

diff --git a/src/soc/intel/cannonlake/cpu.c b/src/soc/intel/cannonlake/cpu.c
index 4f67208..6af3e1a 100644
--- a/src/soc/intel/cannonlake/cpu.c
+++ b/src/soc/intel/cannonlake/cpu.c

@@ -20,6 +20,14 @@
 
 #include "chip.h"
 
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	msr_t msr;
+
+	msr = rdmsr(MSR_BIOS_DONE);
+	return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
 static void soc_fsp_load(void)
 {
 	fsps_load();

diff --git a/src/soc/intel/cannonlake/include/soc/msr.h b/src/soc/intel/cannonlake/include/soc/msr.h
index 1c902d5..cc95fe68 100644
--- a/src/soc/intel/cannonlake/include/soc/msr.h
+++ b/src/soc/intel/cannonlake/include/soc/msr.h

@@ -5,6 +5,8 @@
 
 #include <intelblocks/msr.h>
 
+#define MSR_BIOS_DONE			0x151
+#define  ENABLE_IA_UNTRUSTED		(1 << 0)
 #define MSR_VR_CURRENT_CONFIG		0x601
 #define MSR_PL3_CONTROL			0x615
 #define MSR_VR_MISC_CONFIG2		0x636

diff --git a/src/soc/intel/common/block/include/intelblocks/cpulib.h b/src/soc/intel/common/block/include/intelblocks/cpulib.h
index 3ce80b2..b9c3ab7 100644
--- a/src/soc/intel/common/block/include/intelblocks/cpulib.h
+++ b/src/soc/intel/common/block/include/intelblocks/cpulib.h

@@ -112,6 +112,15 @@
 void cpu_set_eist(bool eist_status);
 
 /*
+ * SoC specific implementation:
+ *
+ * Check CPU security level using ENABLE_IA_UNTRUSTED_MODE of CPU MSR.
+ * If bit is set, meaning CPU has dropped its security level by entering
+ * into `untrusted mode`. Otherwise, it's in `trusted mode`.
+ */
+bool cpu_soc_is_in_untrusted_mode(void);
+
+/*
  * This function fills in the number of Cores(physical) and Threads(virtual)
  * of the CPU in the function arguments. It also returns if the number of cores
  * and number of threads are equal.

diff --git a/src/soc/intel/denverton_ns/cpu.c b/src/soc/intel/denverton_ns/cpu.c
index fb4923f..3747a48 100644
--- a/src/soc/intel/denverton_ns/cpu.c
+++ b/src/soc/intel/denverton_ns/cpu.c

@@ -23,6 +23,14 @@
 #include <soc/soc_util.h>
 #include <types.h>
 
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	msr_t msr;
+
+	msr = rdmsr(MSR_POWER_MISC);
+	return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
 static struct smm_relocation_attrs relo_attrs;
 
 static void dnv_configure_mca(void)

diff --git a/src/soc/intel/denverton_ns/include/soc/msr.h b/src/soc/intel/denverton_ns/include/soc/msr.h
index 21f3e7b..7eb9fdc 100644
--- a/src/soc/intel/denverton_ns/include/soc/msr.h
+++ b/src/soc/intel/denverton_ns/include/soc/msr.h

@@ -10,6 +10,8 @@
 #define MSR_FEATURE_CONFIG 0x13c
 #define   FEATURE_CONFIG_RESERVED_MASK	0x3ULL
 #define   FEATURE_CONFIG_LOCK	(1 << 0)
+#define MSR_POWER_MISC		0x120
+#define  ENABLE_IA_UNTRUSTED	(1 << 6)
 #define IA32_MCG_CAP			0x179
 #define  IA32_MCG_CAP_COUNT_MASK	0xff
 #define  IA32_MCG_CAP_CTL_P_BIT		8

diff --git a/src/soc/intel/elkhartlake/cpu.c b/src/soc/intel/elkhartlake/cpu.c
index d480604..0cc3935 100644
--- a/src/soc/intel/elkhartlake/cpu.c
+++ b/src/soc/intel/elkhartlake/cpu.c

@@ -17,6 +17,14 @@
 #include <soc/soc_chip.h>
 #include <types.h>
 
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	msr_t msr;
+
+	msr = rdmsr(MSR_BIOS_DONE);
+	return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
 static void soc_fsp_load(void)
 {
 	fsps_load();

diff --git a/src/soc/intel/elkhartlake/include/soc/msr.h b/src/soc/intel/elkhartlake/include/soc/msr.h
index 954fce0..5bdbf92 100644
--- a/src/soc/intel/elkhartlake/include/soc/msr.h
+++ b/src/soc/intel/elkhartlake/include/soc/msr.h

@@ -5,6 +5,8 @@
 
 #include <intelblocks/msr.h>
 
-#define MSR_VR_MISC_CONFIG2		0x636
+#define MSR_BIOS_DONE		0x151
+#define  ENABLE_IA_UNTRUSTED	(1 << 0)
+#define MSR_VR_MISC_CONFIG2	0x636
 
 #endif

diff --git a/src/soc/intel/icelake/cpu.c b/src/soc/intel/icelake/cpu.c
index ab32c0d..37978ea 100644
--- a/src/soc/intel/icelake/cpu.c
+++ b/src/soc/intel/icelake/cpu.c

@@ -17,6 +17,14 @@
 #include <soc/soc_chip.h>
 #include <types.h>
 
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	msr_t msr;
+
+	msr = rdmsr(MSR_BIOS_DONE);
+	return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
 static void soc_fsp_load(void)
 {
 	fsps_load();

diff --git a/src/soc/intel/icelake/include/soc/msr.h b/src/soc/intel/icelake/include/soc/msr.h
index 954fce0..d716bdb 100644
--- a/src/soc/intel/icelake/include/soc/msr.h
+++ b/src/soc/intel/icelake/include/soc/msr.h

@@ -5,6 +5,8 @@
 
 #include <intelblocks/msr.h>
 
+#define MSR_BIOS_DONE			0x151
+#define  ENABLE_IA_UNTRUSTED		(1 << 0)
 #define MSR_VR_MISC_CONFIG2		0x636
 
 #endif

diff --git a/src/soc/intel/jasperlake/cpu.c b/src/soc/intel/jasperlake/cpu.c
index b063c28..af39c94 100644
--- a/src/soc/intel/jasperlake/cpu.c
+++ b/src/soc/intel/jasperlake/cpu.c

@@ -17,6 +17,14 @@
 #include <soc/soc_chip.h>
 #include <types.h>
 
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	msr_t msr;
+
+	msr = rdmsr(MSR_BIOS_DONE);
+	return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
 static void soc_fsp_load(void)
 {
 	fsps_load();

diff --git a/src/soc/intel/jasperlake/include/soc/msr.h b/src/soc/intel/jasperlake/include/soc/msr.h
index 954fce0..5bdbf92 100644
--- a/src/soc/intel/jasperlake/include/soc/msr.h
+++ b/src/soc/intel/jasperlake/include/soc/msr.h

@@ -5,6 +5,8 @@
 
 #include <intelblocks/msr.h>
 
-#define MSR_VR_MISC_CONFIG2		0x636
+#define MSR_BIOS_DONE		0x151
+#define  ENABLE_IA_UNTRUSTED	(1 << 0)
+#define MSR_VR_MISC_CONFIG2	0x636
 
 #endif

diff --git a/src/soc/intel/skylake/cpu.c b/src/soc/intel/skylake/cpu.c
index 91db06b..63a0466 100644
--- a/src/soc/intel/skylake/cpu.c
+++ b/src/soc/intel/skylake/cpu.c

@@ -26,6 +26,16 @@
 
 #include "chip.h"
 
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	if (!CONFIG(MAINBOARD_SUPPORTS_COFFEELAKE_CPU))
+		return false;
+
+	/* IA_UNTRUSTED_MODE is not supported in Sky Lake */
+	msr_t msr = rdmsr(MSR_BIOS_DONE);
+	return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
 static void configure_misc(void)
 {
 	config_t *conf = config_of_soc();

diff --git a/src/soc/intel/skylake/include/soc/msr.h b/src/soc/intel/skylake/include/soc/msr.h
index 92e8215..a495799 100644
--- a/src/soc/intel/skylake/include/soc/msr.h
+++ b/src/soc/intel/skylake/include/soc/msr.h

@@ -5,6 +5,9 @@
 
 #include <intelblocks/msr.h>
 
+/* IA_UNTRUSTED_MODE is not supported in Sky Lake */
+#define MSR_BIOS_DONE		0x151
+#define  ENABLE_IA_UNTRUSTED	(1 << 0)
 #define MSR_LT_LOCK_MEMORY		0x2e7
 #define MSR_UNCORE_PRMRR_PHYS_BASE	0x2f4
 #define MSR_UNCORE_PRMRR_PHYS_MASK	0x2f5

diff --git a/src/soc/intel/tigerlake/cpu.c b/src/soc/intel/tigerlake/cpu.c
index a9aa8ff..d225c50 100644
--- a/src/soc/intel/tigerlake/cpu.c
+++ b/src/soc/intel/tigerlake/cpu.c

@@ -23,6 +23,14 @@
 #include <soc/soc_chip.h>
 #include <types.h>
 
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	msr_t msr;
+
+	msr = rdmsr(MSR_BIOS_DONE);
+	return !!(msr.lo & ENABLE_IA_UNTRUSTED);
+}
+
 static void soc_fsp_load(void)
 {
 	fsps_load();

diff --git a/src/soc/intel/tigerlake/include/soc/msr.h b/src/soc/intel/tigerlake/include/soc/msr.h
index 954fce0..5bdbf92 100644
--- a/src/soc/intel/tigerlake/include/soc/msr.h
+++ b/src/soc/intel/tigerlake/include/soc/msr.h

@@ -5,6 +5,8 @@
 
 #include <intelblocks/msr.h>
 
-#define MSR_VR_MISC_CONFIG2		0x636
+#define MSR_BIOS_DONE		0x151
+#define  ENABLE_IA_UNTRUSTED	(1 << 0)
+#define MSR_VR_MISC_CONFIG2	0x636
 
 #endif

diff --git a/src/soc/intel/xeon_sp/cpx/cpu.c b/src/soc/intel/xeon_sp/cpx/cpu.c
index ba417a7..07c2db7 100644
--- a/src/soc/intel/xeon_sp/cpx/cpu.c
+++ b/src/soc/intel/xeon_sp/cpx/cpu.c

@@ -32,6 +32,12 @@
 
 static const config_t *chip_config = NULL;
 
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	/* IA_UNTRUSTED_MODE is not supported in Cooper Lake */
+	return false;
+}
+
 static void xeon_configure_mca(void)
 {
 	msr_t msr;

diff --git a/src/soc/intel/xeon_sp/skx/cpu.c b/src/soc/intel/xeon_sp/skx/cpu.c
index fcdb2d7..c299529 100644
--- a/src/soc/intel/xeon_sp/skx/cpu.c
+++ b/src/soc/intel/xeon_sp/skx/cpu.c

@@ -20,6 +20,12 @@
 
 static const config_t *chip_config = NULL;
 
+bool cpu_soc_is_in_untrusted_mode(void)
+{
+	/* IA_UNTRUSTED_MODE is not supported in Skylake */
+	return false;
+}
+
 static void xeon_configure_mca(void)
 {
 	msr_t msr;
commit	56ab8e2aae25efc839daeb56d5922e66d2680aec	[log] [tgz]
author	Subrata Banik <subratabanik@google.com>	Fri Jan 07 13:40:19 2022 +0000
committer	Subrata Banik <subratabanik@google.com>	Wed Jan 19 09:57:47 2022 +0000
tree	2790032028d9ddba711fe08a3eaab3105d571acd
parent	6ac5dc2ca6a6b09d1b0156c2db6aa1385ccaf13e [diff]