soc/intel/xeon_sp/smihandler: Lock SMM_FEATURE_CONTROL on all sockets
Remove hardcoded B:D:F numbers for the first socket and pass the PCI
addresses to be locked within SMM by using the smm_pci_resource_store.
This allows to lock down SMM on all sockets without knowing the actual
bus topology or PCI segment group at compile time where the UBOX devices
reside on.
Tested: SMM is locked on all 4 sockets instead of just one.
Change-Id: Ica694911384005681662d3d7bed354a60bf08911
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/80247
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
diff --git a/src/mainboard/bytedance/bd_egs/ramstage.c b/src/mainboard/bytedance/bd_egs/ramstage.c
index dd19fc6..1e20bac 100644
--- a/src/mainboard/bytedance/bd_egs/ramstage.c
+++ b/src/mainboard/bytedance/bd_egs/ramstage.c
@@ -1,6 +1,8 @@
/* SPDX-License-Identifier: GPL-2.0-only */
+#include <cpu/x86/smm.h>
#include <soc/ramstage.h>
+#include <soc/smmrelocate.h>
#include <soc/gpio.h>
#include "gpio.h"
@@ -23,6 +25,11 @@
gpio_configure_pads(pads, pads_num);
}
+void smm_mainboard_pci_resource_store_init(struct smm_pci_resource_info *slots, size_t size)
+{
+ soc_ubox_store_resources(slots, size);
+}
+
struct chip_operations mainboard_ops = {
.init = mainboard_chip_init,
};
diff --git a/src/mainboard/ibm/sbp1/ramstage.c b/src/mainboard/ibm/sbp1/ramstage.c
index 78db8c9..d748b1b 100644
--- a/src/mainboard/ibm/sbp1/ramstage.c
+++ b/src/mainboard/ibm/sbp1/ramstage.c
@@ -1,6 +1,7 @@
/* SPDX-License-Identifier: GPL-2.0-only */
-
+#include <cpu/x86/smm.h>
#include <soc/ramstage.h>
+#include <soc/smmrelocate.h>
#include "include/spr_sbp1_gpio.h"
#include <bootstate.h>
@@ -33,4 +34,9 @@
gpio_output(GPPC_C17, 0);
}
+void smm_mainboard_pci_resource_store_init(struct smm_pci_resource_info *slots, size_t size)
+{
+ soc_ubox_store_resources(slots, size);
+}
+
BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_BOOT, BS_ON_ENTRY, finalize_boot, NULL);
diff --git a/src/mainboard/intel/archercity_crb/ramstage.c b/src/mainboard/intel/archercity_crb/ramstage.c
index 38bf576..be3cc90 100644
--- a/src/mainboard/intel/archercity_crb/ramstage.c
+++ b/src/mainboard/intel/archercity_crb/ramstage.c
@@ -1,3 +1,10 @@
/* SPDX-License-Identifier: GPL-2.0-only */
+#include <cpu/x86/smm.h>
#include <soc/ramstage.h>
+#include <soc/smmrelocate.h>
+
+void smm_mainboard_pci_resource_store_init(struct smm_pci_resource_info *slots, size_t size)
+{
+ soc_ubox_store_resources(slots, size);
+}
diff --git a/src/mainboard/intel/cedarisland_crb/ramstage.c b/src/mainboard/intel/cedarisland_crb/ramstage.c
index d2ab2a7..ba8807b 100644
--- a/src/mainboard/intel/cedarisland_crb/ramstage.c
+++ b/src/mainboard/intel/cedarisland_crb/ramstage.c
@@ -1,6 +1,9 @@
/* SPDX-License-Identifier: GPL-2.0-only */
+#include <cpu/x86/smm.h>
#include <soc/ramstage.h>
+#include <soc/smmrelocate.h>
+
#include "include/gpio.h"
void mainboard_silicon_init_params(FSPS_UPD *params)
@@ -8,3 +11,8 @@
/* configure Lewisburg PCH GPIO controller after FSP-M */
gpio_configure_pads(gpio_table, ARRAY_SIZE(gpio_table));
}
+
+void smm_mainboard_pci_resource_store_init(struct smm_pci_resource_info *slots, size_t size)
+{
+ soc_ubox_store_resources(slots, size);
+}
diff --git a/src/mainboard/inventec/transformers/ramstage.c b/src/mainboard/inventec/transformers/ramstage.c
index 4453964..bc61a90 100644
--- a/src/mainboard/inventec/transformers/ramstage.c
+++ b/src/mainboard/inventec/transformers/ramstage.c
@@ -1,6 +1,8 @@
/* SPDX-License-Identifier: GPL-2.0-only */
+#include <cpu/x86/smm.h>
#include <soc/ramstage.h>
+#include <soc/smmrelocate.h>
#include <sprsp_gpio.h>
#include <intelblocks/cse.h>
#include <memory_info.h>
@@ -35,3 +37,8 @@
/* configure Emmitsburg PCH GPIO controller after FSP-M */
gpio_configure_pads(gpio_table, ARRAY_SIZE(gpio_table));
}
+
+void smm_mainboard_pci_resource_store_init(struct smm_pci_resource_info *slots, size_t size)
+{
+ soc_ubox_store_resources(slots, size);
+}
diff --git a/src/mainboard/ocp/deltalake/ramstage.c b/src/mainboard/ocp/deltalake/ramstage.c
index c24d004..f846055 100644
--- a/src/mainboard/ocp/deltalake/ramstage.c
+++ b/src/mainboard/ocp/deltalake/ramstage.c
@@ -4,6 +4,7 @@
#include <commonlib/bsd/helpers.h>
#include <console/console.h>
#include <cpu/cpu.h>
+#include <cpu/x86/smm.h>
#include <cpxsp_dl_gpio.h>
#include <device/device.h>
#include <device/pci_def.h>
@@ -16,6 +17,7 @@
#include <security/intel/txt/txt.h>
#include <smbios.h>
#include <soc/ramstage.h>
+#include <soc/smmrelocate.h>
#include <soc/soc_util.h>
#include <soc/util.h>
#include <stdio.h>
@@ -335,6 +337,11 @@
.final = mainboard_final,
};
+void smm_mainboard_pci_resource_store_init(struct smm_pci_resource_info *slots, size_t size)
+{
+ soc_ubox_store_resources(slots, size);
+}
+
bool skip_intel_txt_lockdown(void)
{
static bool fetched_vpd = 0;
diff --git a/src/mainboard/ocp/tiogapass/ramstage.c b/src/mainboard/ocp/tiogapass/ramstage.c
index c69322b..a07edb8 100644
--- a/src/mainboard/ocp/tiogapass/ramstage.c
+++ b/src/mainboard/ocp/tiogapass/ramstage.c
@@ -1,8 +1,10 @@
/* SPDX-License-Identifier: GPL-2.0-or-later */
+#include <cpu/x86/smm.h>
#include <drivers/ipmi/ipmi_ops.h>
#include <drivers/ocp/dmi/ocp_dmi.h>
#include <soc/ramstage.h>
+#include <soc/smmrelocate.h>
extern struct fru_info_str fru_strings;
@@ -176,6 +178,11 @@
{
}
+void smm_mainboard_pci_resource_store_init(struct smm_pci_resource_info *slots, size_t size)
+{
+ soc_ubox_store_resources(slots, size);
+}
+
struct chip_operations mainboard_ops = {
.enable_dev = mainboard_enable,
.final = mainboard_final,
diff --git a/src/soc/intel/xeon_sp/Kconfig b/src/soc/intel/xeon_sp/Kconfig
index db3e5ad..18474ec 100644
--- a/src/soc/intel/xeon_sp/Kconfig
+++ b/src/soc/intel/xeon_sp/Kconfig
@@ -33,6 +33,7 @@
select SOC_INTEL_COMMON_BLOCK_TCO
select SOC_INTEL_COMMON_PCH_SERVER
select SUPPORT_CPU_UCODE_IN_CBFS
+ select SMM_PCI_RESOURCE_STORE
select TSC_MONOTONIC_TIMER
select TPM_STARTUP_IGNORE_POSTINIT if INTEL_TXT
select UDELAY_TSC
diff --git a/src/soc/intel/xeon_sp/cpx/Makefile.mk b/src/soc/intel/xeon_sp/cpx/Makefile.mk
index 745e032..911cf66 100644
--- a/src/soc/intel/xeon_sp/cpx/Makefile.mk
+++ b/src/soc/intel/xeon_sp/cpx/Makefile.mk
@@ -12,7 +12,6 @@
ramstage-y += chip.c cpu.c soc_util.c soc_acpi.c
ramstage-$(CONFIG_DISPLAY_HOBS) += hob_display.c
ramstage-$(CONFIG_DISPLAY_UPD_DATA) += upd_display.c
-smm-$(CONFIG_HAVE_SMI_HANDLER) += soc_smihandler_util.c
CPPFLAGS_common += -I$(src)/soc/intel/xeon_sp/cpx/include -I$(src)/soc/intel/xeon_sp/cpx
CPPFLAGS_common += -I$(src)/vendorcode/intel/fsp/fsp2_0/cooperlake_sp
diff --git a/src/soc/intel/xeon_sp/cpx/include/soc/pci_devs.h b/src/soc/intel/xeon_sp/cpx/include/soc/pci_devs.h
index 55268a7..d64a0d7 100644
--- a/src/soc/intel/xeon_sp/cpx/include/soc/pci_devs.h
+++ b/src/soc/intel/xeon_sp/cpx/include/soc/pci_devs.h
@@ -86,13 +86,11 @@
#define UBOX_DEV 8
-#define UBOX_PMON_BUS 0
-#define UBOX_PMON_DEV 8
-#define UBOX_PMON_FUNC 1
-#define UBOX_DEV_PMON _UBOX_DEV(UBOX_PMON_FUNC)
+/* Bus: B0, Device: 8, Function: 1 */
#define SMM_FEATURE_CONTROL 0x7c
#define SMM_CODE_CHK_EN BIT(2)
#define SMM_FEATURE_CONTROL_LOCK BIT(0)
+#define UBOX_DFX_DEVID 0x2015
#define UBOX_DECS_BUS 0
@@ -183,6 +181,4 @@
#define IIO_DFX_TSWCTL0 0x30c
#define IIO_DFX_LCK_CTL 0x504
-pci_devfn_t soc_get_ubox_pmon_dev(void);
-
#endif /* _SOC_PCI_DEVS_H_ */
diff --git a/src/soc/intel/xeon_sp/cpx/soc_smihandler_util.c b/src/soc/intel/xeon_sp/cpx/soc_smihandler_util.c
deleted file mode 100644
index 6f772cc..0000000
--- a/src/soc/intel/xeon_sp/cpx/soc_smihandler_util.c
+++ /dev/null
@@ -1,8 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-only */
-
-#include <soc/pci_devs.h>
-
-pci_devfn_t soc_get_ubox_pmon_dev(void)
-{
- return UBOX_DEV_PMON;
-}
diff --git a/src/soc/intel/xeon_sp/include/soc/smmrelocate.h b/src/soc/intel/xeon_sp/include/soc/smmrelocate.h
index 314ebd4..b18d057 100644
--- a/src/soc/intel/xeon_sp/include/soc/smmrelocate.h
+++ b/src/soc/intel/xeon_sp/include/soc/smmrelocate.h
@@ -3,7 +3,11 @@
#ifndef _SOC_SMMRELOCATE_H_
#define _SOC_SMMRELOCATE_H_
+#include <cpu/x86/smm.h>
+
void get_smm_info(uintptr_t *perm_smbase, size_t *perm_smsize,
size_t *smm_save_state_size);
+void soc_ubox_store_resources(struct smm_pci_resource_info *slots, size_t size);
+
#endif
diff --git a/src/soc/intel/xeon_sp/skx/Makefile.mk b/src/soc/intel/xeon_sp/skx/Makefile.mk
index 0f75eec..f7599a3 100644
--- a/src/soc/intel/xeon_sp/skx/Makefile.mk
+++ b/src/soc/intel/xeon_sp/skx/Makefile.mk
@@ -21,7 +21,6 @@
ramstage-$(CONFIG_DISPLAY_UPD_DATA) += upd_display.c
ramstage-$(CONFIG_DISPLAY_HOBS) += hob_display.c
ramstage-y += hob_display.c
-smm-$(CONFIG_HAVE_SMI_HANDLER) += soc_smihandler_util.c
CPPFLAGS_common += -I$(src)/soc/intel/xeon_sp/skx/include -I$(src)/soc/intel/xeon_sp/skx
diff --git a/src/soc/intel/xeon_sp/skx/include/soc/pci_devs.h b/src/soc/intel/xeon_sp/skx/include/soc/pci_devs.h
index 3d518fa..a5f2f8e 100644
--- a/src/soc/intel/xeon_sp/skx/include/soc/pci_devs.h
+++ b/src/soc/intel/xeon_sp/skx/include/soc/pci_devs.h
@@ -81,13 +81,11 @@
#define UBOX_DEV 8
-#define UBOX_PMON_BUS 0
-#define UBOX_PMON_DEV 8
-#define UBOX_PMON_FUNC 1
-#define UBOX_DEV_PMON _UBOX_DEV(UBOX_PMON_FUNC)
+/* Bus: B0, Device: 8, Function: 1 */
#define SMM_FEATURE_CONTROL 0x7c
#define SMM_CODE_CHK_EN BIT(2)
#define SMM_FEATURE_CONTROL_LOCK BIT(0)
+#define UBOX_DFX_DEVID 0x2015
#define UBOX_DECS_BUS 0
#define UBOX_DECS_DEV 8
@@ -164,6 +162,4 @@
#define IIO_DFX_TSWCTL0 0x30c
#define IIO_DFX_LCK_CTL 0x504
-pci_devfn_t soc_get_ubox_pmon_dev(void);
-
#endif /* _SOC_PCI_DEVS_H_ */
diff --git a/src/soc/intel/xeon_sp/skx/soc_smihandler_util.c b/src/soc/intel/xeon_sp/skx/soc_smihandler_util.c
deleted file mode 100644
index 6f772cc..0000000
--- a/src/soc/intel/xeon_sp/skx/soc_smihandler_util.c
+++ /dev/null
@@ -1,8 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-only */
-
-#include <soc/pci_devs.h>
-
-pci_devfn_t soc_get_ubox_pmon_dev(void)
-{
- return UBOX_DEV_PMON;
-}
diff --git a/src/soc/intel/xeon_sp/smihandler.c b/src/soc/intel/xeon_sp/smihandler.c
index cb8658f..4362c6a 100644
--- a/src/soc/intel/xeon_sp/smihandler.c
+++ b/src/soc/intel/xeon_sp/smihandler.c
@@ -5,6 +5,7 @@
#include <console/uart.h>
#include <cpu/x86/smm.h>
#include <device/pci.h>
+#include <device/pci_ids.h>
#include <drivers/uart/uart8250reg.h>
#include <intelblocks/smihandler.h>
#include <soc/pci_devs.h>
@@ -55,18 +56,26 @@
*/
void smihandler_soc_at_finalize(void)
{
- /* SMM_FEATURE_CONTROL can only be written within SMM. */
- printk(BIOS_DEBUG, "Lock SMM_FEATURE_CONTROL\n");
- pci_devfn_t pcie_offset = soc_get_ubox_pmon_dev();
- if (!pcie_offset) {
- printk(BIOS_ERR, "UBOX PMON is not found, cannot lock SMM_FEATURE_CONTROL!\n");
- return;
- }
-
+ const volatile struct smm_pci_resource_info *res_store;
+ size_t res_count, found = 0;
u32 val;
- val = pci_s_read_config32(pcie_offset, SMM_FEATURE_CONTROL);
- val |= (SMM_CODE_CHK_EN | SMM_FEATURE_CONTROL_LOCK);
- pci_s_write_config32(pcie_offset, SMM_FEATURE_CONTROL, val);
+
+ /* SMM_FEATURE_CONTROL can only be written within SMM. */
+ smm_pci_get_stored_resources(&res_store, &res_count);
+ for (size_t i_slot = 0; i_slot < res_count; i_slot++) {
+ if (res_store[i_slot].vendor_id != PCI_VID_INTEL ||
+ res_store[i_slot].device_id != UBOX_DFX_DEVID) {
+ continue;
+ }
+
+ val = pci_s_read_config32(res_store[i_slot].pci_addr, SMM_FEATURE_CONTROL);
+ val |= (SMM_CODE_CHK_EN | SMM_FEATURE_CONTROL_LOCK);
+ pci_s_write_config32(res_store[i_slot].pci_addr, SMM_FEATURE_CONTROL, val);
+ found ++;
+ }
+ printk(BIOS_DEBUG, "Locked SMM_FEATURE_CONTROL on %zd sockets\n", found);
+ if (!found)
+ printk(BIOS_ERR, "Failed to lock SMM_FEATURE_CONTROL\n");
}
/*
diff --git a/src/soc/intel/xeon_sp/smmrelocate.c b/src/soc/intel/xeon_sp/smmrelocate.c
index f9d100a..89f35c2 100644
--- a/src/soc/intel/xeon_sp/smmrelocate.c
+++ b/src/soc/intel/xeon_sp/smmrelocate.c
@@ -7,9 +7,11 @@
#include <cpu/intel/em64t101_save_state.h>
#include <cpu/intel/smm_reloc.h>
#include <console/console.h>
+#include <device/pci_ids.h>
#include <smp/node.h>
#include <soc/msr.h>
#include <soc/smmrelocate.h>
+#include <soc/pci_devs.h>
static void fill_in_relocation_params(struct smm_relocation_params *params)
{
@@ -137,3 +139,21 @@
if (mtrr_cap.lo & SMRR_SUPPORTED)
write_smrr(relo_params);
}
+
+void soc_ubox_store_resources(struct smm_pci_resource_info *slots, size_t size)
+{
+ struct device *devices[CONFIG_MAX_SOCKET] = {0};
+ size_t devices_count = 0;
+ struct device *dev = NULL;
+
+ /*
+ * Collect all UBOX DFX devices. Depending on the actual socket count
+ * the bus numbers changed and the PCI segment group might be different.
+ * Pass all devices to SMM for platform lockdown.
+ */
+ while ((dev = dev_find_device(PCI_VID_INTEL, UBOX_DFX_DEVID, dev))) {
+ devices[devices_count++] = dev;
+ }
+
+ smm_pci_resource_store_fill_resources(slots, size, (const struct device **)devices, devices_count);
+}
diff --git a/src/soc/intel/xeon_sp/spr/Makefile.mk b/src/soc/intel/xeon_sp/spr/Makefile.mk
index 7a0d958..659e366 100644
--- a/src/soc/intel/xeon_sp/spr/Makefile.mk
+++ b/src/soc/intel/xeon_sp/spr/Makefile.mk
@@ -16,7 +16,6 @@
ramstage-y += crashlog.c ioat.c
ramstage-$(CONFIG_DISPLAY_HOBS) += hob_display.c
ramstage-$(CONFIG_DISPLAY_UPD_DATA) += upd_display.c
-smm-$(CONFIG_HAVE_SMI_HANDLER) += soc_smihandler_util.c
CPPFLAGS_common += -I$(src)/soc/intel/xeon_sp/spr/include -I$(src)/soc/intel/xeon_sp/spr
endif ## CONFIG_SOC_INTEL_SAPPHIRERAPIDS_SP
diff --git a/src/soc/intel/xeon_sp/spr/include/soc/pci_devs.h b/src/soc/intel/xeon_sp/spr/include/soc/pci_devs.h
index 06ec16c..9bbe540 100644
--- a/src/soc/intel/xeon_sp/spr/include/soc/pci_devs.h
+++ b/src/soc/intel/xeon_sp/spr/include/soc/pci_devs.h
@@ -20,12 +20,11 @@
#define UNCORE_BUS_0 0
#define UNCORE_BUS_1 1
-/* UBOX Registers [B:30, D:0, F:1] */
-#define UBOX_DECS_DEV 0
-#define UBOX_URACU_FUNC 1
+/* UBOX Registers [U(1), D:0, F:1] */
#define SMM_FEATURE_CONTROL 0x8c
#define SMM_CODE_CHK_EN BIT(2)
#define SMM_FEATURE_CONTROL_LOCK BIT(0)
+#define UBOX_DFX_DEVID 0x3251
/* CHA registers [B:31, D:29, F:0/F:1]
* SAD is the previous xeon_sp register name. Keep defines for shared code.
@@ -188,6 +187,4 @@
#define BIOS_CRASHLOG_CTL 0x158
#define CRASHLOG_CTL_DIS BIT(2)
-pci_devfn_t soc_get_ubox_pmon_dev(void);
-
#endif /* _SOC_PCI_DEVS_H_ */
diff --git a/src/soc/intel/xeon_sp/spr/soc_smihandler_util.c b/src/soc/intel/xeon_sp/spr/soc_smihandler_util.c
deleted file mode 100644
index b2700d5..0000000
--- a/src/soc/intel/xeon_sp/spr/soc_smihandler_util.c
+++ /dev/null
@@ -1,19 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-only */
-
-#include <cpu/x86/msr.h>
-#include <device/pci.h>
-#include <soc/msr.h>
-#include <soc/pci_devs.h>
-
-pci_devfn_t soc_get_ubox_pmon_dev(void)
-{
- msr_t msr = rdmsr(MSR_CPU_BUSNO);
- u16 bus;
-
- if (msr.hi & BUSNO_VALID)
- bus = msr.lo & 0xff;
- else
- return 0;
-
- return PCI_DEV(bus, UBOX_DECS_DEV, UBOX_URACU_FUNC);
-}