sgx: Move SGX code to intel/common/block
CONFIG_SOC_INTEL_COMMON_BLOCK_SGX controls building. The SGX feature
is still enabled from devicetree.cb. As of now this SGX init supports
only KBL (SKL not tested). Support of SGX for new SOCs would be added
incrementally in this common code base.
Change-Id: I0fbba364b7342e686a2287ea1a910ef9a4eed595
Signed-off-by: Pratik Prajapati <pratikkumar.v.prajapati@intel.com>
Reviewed-on: https://review.coreboot.org/20173
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
diff --git a/src/soc/intel/common/block/include/intelblocks/msr.h b/src/soc/intel/common/block/include/intelblocks/msr.h
index 6d78ed8..1025c28 100644
--- a/src/soc/intel/common/block/include/intelblocks/msr.h
+++ b/src/soc/intel/common/block/include/intelblocks/msr.h
@@ -18,8 +18,10 @@
#define MSR_CORE_THREAD_COUNT 0x35
#define IA32_FEATURE_CONTROL 0x3a
+#define FEATURE_CONTROL_LOCK (1)
#define CPUID_VMX (1 << 5)
#define CPUID_SMX (1 << 6)
+#define SGX_GLOBAL_ENABLE (1 << 18)
#define PLATFORM_INFO_SET_TDP (1 << 29)
#define MSR_PLATFORM_INFO 0xce
#define MSR_PMG_CST_CONFIG_CONTROL 0xe2
@@ -31,6 +33,8 @@
#define IO_MWAIT_REDIRECT_MASK 0x400
/* Set MSR_PMG_CST_CONFIG_CONTROL[15] to lock CST_CFG [0-15] bits */
#define CST_CFG_LOCK_MASK 0x8000
+#define MSR_BIOS_UPGD_TRIG 0x7a
+#define SGX_ACTIVATE_BIT (1)
#define MSR_PMG_IO_CAPTURE_BASE 0xe4
#define MSR_POWER_MISC 0x120
#define ENABLE_IA_UNTRUSTED (1 << 6)
@@ -62,6 +66,7 @@
#define MISC_PWR_MGMT_ISST_EN_INT (1 << 7)
#define MISC_PWR_MGMT_ISST_EN_EPP (1 << 12)
#define MSR_TURBO_RATIO_LIMIT 0x1ad
+#define PRMRR_PHYS_BASE_MSR 0x1f4
#define PRMRR_PHYS_MASK_MSR 0x1f5
#define PRMRR_PHYS_MASK_LOCK (1 << 10)
#define PRMRR_PHYS_MASK_VALID (1 << 11)
@@ -69,6 +74,8 @@
#define MSR_EVICT_CTL 0x2e0
#define UNCORE_PRMRR_PHYS_BASE_MSR 0x2f4
#define UNCORE_PRMRR_PHYS_MASK_MSR 0x2f5
+#define MSR_SGX_OWNEREPOCH0 0x300
+#define MSR_SGX_OWNEREPOCH1 0x301
#define IA32_MC0_CTL 0x400
#define IA32_MC0_STATUS 0x401
#define SMM_FEATURE_CONTROL_MSR 0x4e0
@@ -124,5 +131,6 @@
#define SMRR_SUPPORTED (1<<11)
#define PRMRR_SUPPORTED (1<<12)
+#define SGX_SUPPORTED (1<<2)
#endif /* SOC_INTEL_COMMON_MSR_H */
diff --git a/src/soc/intel/common/block/include/intelblocks/sgx.h b/src/soc/intel/common/block/include/intelblocks/sgx.h
new file mode 100644
index 0000000..03d4ab5
--- /dev/null
+++ b/src/soc/intel/common/block/include/intelblocks/sgx.h
@@ -0,0 +1,30 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright (C) 2017 Intel Corporation.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ */
+
+#ifndef SOC_INTEL_COMMON_BLOCK_SGX_H
+#define SOC_INTEL_COMMON_BLOCK_SGX_H
+
+/*
+ * Lock SGX memory.
+ * CPU specific code needs to provide the implementation.
+ */
+void cpu_lock_sgx_memory(void);
+
+/*
+ * Configure SGX.
+ */
+void sgx_configure(const void *microcode_patch);
+
+#endif /* SOC_INTEL_COMMON_BLOCK_SGX_H */
diff --git a/src/soc/intel/common/block/sgx/Kconfig b/src/soc/intel/common/block/sgx/Kconfig
new file mode 100644
index 0000000..7889582
--- /dev/null
+++ b/src/soc/intel/common/block/sgx/Kconfig
@@ -0,0 +1,7 @@
+config SOC_INTEL_COMMON_BLOCK_SGX
+ bool
+ default n
+ help
+ Software Guard eXtension(SGX) Feature. Intel SGX is a set of new CPU
+ instructions that can be used by applications to set aside privat
+ regions of code and data.
diff --git a/src/soc/intel/common/block/sgx/Makefile.inc b/src/soc/intel/common/block/sgx/Makefile.inc
new file mode 100644
index 0000000..3fa18d8
--- /dev/null
+++ b/src/soc/intel/common/block/sgx/Makefile.inc
@@ -0,0 +1 @@
+ramstage-$(CONFIG_SOC_INTEL_COMMON_BLOCK_SGX) += sgx.c
diff --git a/src/soc/intel/skylake/sgx.c b/src/soc/intel/common/block/sgx/sgx.c
similarity index 87%
rename from src/soc/intel/skylake/sgx.c
rename to src/soc/intel/common/block/sgx/sgx.c
index 0e887de..5a0b61d 100644
--- a/src/soc/intel/skylake/sgx.c
+++ b/src/soc/intel/common/block/sgx/sgx.c
@@ -18,6 +18,7 @@
#include <cpu/x86/msr.h>
#include <cpu/x86/mtrr.h>
#include <cpu/intel/microcode.h>
+#include <intelblocks/sgx.h>
#include <soc/cpu.h>
#include <soc/msr.h>
#include <soc/pci_devs.h>
@@ -29,7 +30,7 @@
cpuid_regs = cpuid_ext(0x7, 0x0); /* EBX[2] is feature capability */
msr = rdmsr(MTRR_CAP_MSR); /* Bit 12 is PRMRR enablement */
- return ((cpuid_regs.ebx & 0x4) && (msr.lo & PRMRR_SUPPORTED));
+ return ((cpuid_regs.ebx & SGX_SUPPORTED) && (msr.lo & PRMRR_SUPPORTED));
}
static int configure_core_prmrr(void)
@@ -55,7 +56,7 @@
return 0;
/* Program core PRMRR MSRs */
- prmrr_base.lo |= 0x6; /* Set memory attribute to cache writeback */
+ prmrr_base.lo |= MTRR_TYPE_WRBACK; /* cache writeback mem attrib */
wrmsr(PRMRR_PHYS_BASE_MSR, prmrr_base);
prmrr_mask.lo &= ~PRMRR_PHYS_MASK_VALID; /* Do not set the valid bit */
prmrr_mask.lo |= PRMRR_PHYS_MASK_LOCK; /* Lock it */
@@ -69,8 +70,8 @@
msr = rdmsr(IA32_FEATURE_CONTROL);
/* Only enable it when it is not locked */
- if ((msr.lo & 1) == 0) {
- msr.lo |= (1 << 18); /* Enable it */
+ if ((msr.lo & FEATURE_CONTROL_LOCK) == 0) {
+ msr.lo |= SGX_GLOBAL_ENABLE; /* Enable it */
wrmsr(IA32_FEATURE_CONTROL, msr);
}
}
@@ -110,11 +111,12 @@
* back and verify the bit is cleared to confirm SGX activation.
*/
msr = rdmsr(MSR_BIOS_UPGD_TRIG);
- if (msr.lo & 0x1) {
- wrmsr(MSR_BIOS_UPGD_TRIG, (msr_t) {.lo = 0x1, .hi = 0});
+ if (msr.lo & SGX_ACTIVATE_BIT) {
+ wrmsr(MSR_BIOS_UPGD_TRIG,
+ (msr_t) {.lo = SGX_ACTIVATE_BIT, .hi = 0});
/* Read back to verify it is activated */
msr = rdmsr(MSR_BIOS_UPGD_TRIG);
- if (msr.lo & 0x1)
+ if (msr.lo & SGX_ACTIVATE_BIT)
printk(BIOS_ERR, "SGX activation failed.\n");
else
printk(BIOS_INFO, "SGX activation was successful.\n");
@@ -123,11 +125,10 @@
}
}
-void configure_sgx(const void *microcode_patch)
+void sgx_configure(const void *microcode_patch)
{
device_t dev = SA_DEV_ROOT;
config_t *conf = dev->chip_info;
- msr_t msr;
if (!conf->sgx_enable || !is_sgx_supported())
return;
@@ -144,11 +145,7 @@
return;
/* Ensure to lock memory before reload microcode patch */
- msr = rdmsr(MSR_LT_LOCK_MEMORY);
- if ((msr.lo & 1) == 0) {
- msr.lo |= 1; /* Lock it */
- wrmsr(MSR_LT_LOCK_MEMORY, msr);
- }
+ cpu_lock_sgx_memory();
/* Reload the microcode patch */
intel_microcode_load_unlocked(microcode_patch);
diff --git a/src/soc/intel/skylake/Kconfig b/src/soc/intel/skylake/Kconfig
index 1dc8055..c558886 100644
--- a/src/soc/intel/skylake/Kconfig
+++ b/src/soc/intel/skylake/Kconfig
@@ -65,6 +65,7 @@
select SOC_INTEL_COMMON_BLOCK_SA
select SOC_INTEL_COMMON_BLOCK_SATA
select SOC_INTEL_COMMON_BLOCK_SCS
+ select SOC_INTEL_COMMON_BLOCK_SGX
select SOC_INTEL_COMMON_BLOCK_SMBUS
select SOC_INTEL_COMMON_BLOCK_TIMER
select SOC_INTEL_COMMON_BLOCK_UART
diff --git a/src/soc/intel/skylake/Makefile.inc b/src/soc/intel/skylake/Makefile.inc
index 75d57a9..0a8d105 100644
--- a/src/soc/intel/skylake/Makefile.inc
+++ b/src/soc/intel/skylake/Makefile.inc
@@ -63,7 +63,6 @@
ramstage-y += pmutil.c
ramstage-$(CONFIG_PLATFORM_USES_FSP2_0) += reset.c
ramstage-y += sd.c
-ramstage-y += sgx.c
ramstage-y += smi.c
ramstage-y += smmrelocate.c
ramstage-y += spi.c
diff --git a/src/soc/intel/skylake/cpu.c b/src/soc/intel/skylake/cpu.c
index e3be738..7f455e0 100644
--- a/src/soc/intel/skylake/cpu.c
+++ b/src/soc/intel/skylake/cpu.c
@@ -37,6 +37,7 @@
#include <intelblocks/cpulib.h>
#include <intelblocks/fast_spi.h>
#include <intelblocks/mp_init.h>
+#include <intelblocks/sgx.h>
#include <pc80/mc146818rtc.h>
#include <soc/cpu.h>
#include <soc/msr.h>
@@ -422,7 +423,7 @@
enable_turbo();
/* Configure SGX */
- configure_sgx(microcode);
+ sgx_configure(microcode);
}
static int adjust_apic_id(int index, int apic_id)
@@ -489,7 +490,7 @@
* here to get SGX enabled on BSP. This behavior needs to root-caused
* and we shall not have this redundant call.
*/
- configure_sgx(microcode);
+ sgx_configure(microcode);
}
int soc_skip_ucode_update(u32 current_patch_id, u32 new_patch_id)
@@ -514,3 +515,14 @@
return (msr1.lo & PRMRR_SUPPORTED) &&
(current_patch_id == new_patch_id - 1);
}
+
+void cpu_lock_sgx_memory(void)
+{
+ msr_t msr;
+
+ msr = rdmsr(MSR_LT_LOCK_MEMORY);
+ if ((msr.lo & 1) == 0) {
+ msr.lo |= 1; /* Lock it */
+ wrmsr(MSR_LT_LOCK_MEMORY, msr);
+ }
+}
diff --git a/src/soc/intel/skylake/include/soc/cpu.h b/src/soc/intel/skylake/include/soc/cpu.h
index 059367a..8073fcd 100644
--- a/src/soc/intel/skylake/include/soc/cpu.h
+++ b/src/soc/intel/skylake/include/soc/cpu.h
@@ -56,6 +56,5 @@
u32 cpu_family_model(void);
u32 cpu_stepping(void);
int cpu_is_ult(void);
-void configure_sgx(const void *microcode_patch);
#endif
diff --git a/src/soc/intel/skylake/include/soc/msr.h b/src/soc/intel/skylake/include/soc/msr.h
index bb4b8e7..81b6cc9 100644
--- a/src/soc/intel/skylake/include/soc/msr.h
+++ b/src/soc/intel/skylake/include/soc/msr.h
@@ -20,7 +20,6 @@
#include <intelblocks/msr.h>
#define MSR_PIC_MSG_CONTROL 0x2e
-#define MSR_BIOS_UPGD_TRIG 0x7a
#define MSR_EMULATE_PM_TIMER 0x121
#define EMULATE_PM_TMR_EN (1 << 16)
#define EMULATE_DELAY_OFFSET_VALUE 20
@@ -31,11 +30,8 @@
#define ENERGY_POLICY_NORMAL 6
#define ENERGY_POLICY_POWERSAVE 15
#define IA32_PACKAGE_THERM_INTERRUPT 0x1b2
-#define PRMRR_PHYS_BASE_MSR 0x1f4
#define IA32_PLATFORM_DCA_CAP 0x1f8
#define MSR_LT_LOCK_MEMORY 0x2e7
-#define MSR_SGX_OWNEREPOCH0 0x300
-#define MSR_SGX_OWNEREPOCH1 0x301
#define MSR_VR_CURRENT_CONFIG 0x601
#define MSR_VR_MISC_CONFIG 0x603
#define MSR_VR_MISC_CONFIG2 0x636