diff options
author | Timothy Pearson <tpearson@raptorengineeringinc.com> | 2015-08-12 11:19:10 -0500 |
---|---|---|
committer | Alexandru Gagniuc <mr.nuke.me@gmail.com> | 2015-08-14 01:16:22 +0200 |
commit | 27baa32fbefa19afe2bc96b60f534ca20cb49065 (patch) | |
tree | 2c6d9b53cd42c08bdcf3c58ff46ae5fa21770078 /src/cpu | |
parent | e3260ec29a0bce2d57ba66b99ea1d87a56e1e18a (diff) | |
download | coreboot-27baa32fbefa19afe2bc96b60f534ca20cb49065.tar.xz |
cpu/amd/model_10xxx: Do not initialize SMM memory if SMM is disabled
In the wake of the recent Intel "Memoy Sinkhole" exploit a code review
of the AMD SMM code was undertaken. While native Family 10h support
does not appear to be affected by the same SMM flaw, it also does not
require SMM to function. Therefore, the SMM memory range initialization
should only be executed if SMM will be used on the target platform.
Change-Id: I6531908a7724933e4ba5a2bbefeb89356197e8fd
Signed-off-by: Timothy Pearson <tpearson@raptorengineeringinc.com>
Reviewed-on: http://review.coreboot.org/11211
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: Raptor Engineering Automated Test Stand <noreply@raptorengineeringinc.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Diffstat (limited to 'src/cpu')
-rw-r--r-- | src/cpu/amd/model_10xxx/model_10xxx_init.c | 34 |
1 files changed, 25 insertions, 9 deletions
diff --git a/src/cpu/amd/model_10xxx/model_10xxx_init.c b/src/cpu/amd/model_10xxx/model_10xxx_init.c index c17f335334..590b89d65e 100644 --- a/src/cpu/amd/model_10xxx/model_10xxx_init.c +++ b/src/cpu/amd/model_10xxx/model_10xxx_init.c @@ -99,15 +99,31 @@ static void model_10xxx_init(device_t dev) msr.hi &= ~(1 << (35-32)); wrmsr(BU_CFG2_MSR, msr); - /* Set SMM base address for this CPU */ - msr = rdmsr(SMM_BASE_MSR); - msr.lo = SMM_BASE - (lapicid() * 0x400); - wrmsr(SMM_BASE_MSR, msr); - - /* Enable the SMM memory window */ - msr = rdmsr(SMM_MASK_MSR); - msr.lo |= (1 << 0); /* Enable ASEG SMRAM Range */ - wrmsr(SMM_MASK_MSR, msr); + if (IS_ENABLED(CONFIG_HAVE_SMI_HANDLER)) { + printk(BIOS_DEBUG, "Initializing SMM ASeg memory\n"); + + /* Set SMM base address for this CPU */ + msr = rdmsr(SMM_BASE_MSR); + msr.lo = SMM_BASE - (lapicid() * 0x400); + wrmsr(SMM_BASE_MSR, msr); + + /* Enable the SMM memory window */ + msr = rdmsr(SMM_MASK_MSR); + msr.lo |= (1 << 0); /* Enable ASEG SMRAM Range */ + wrmsr(SMM_MASK_MSR, msr); + } else { + printk(BIOS_DEBUG, "Disabling SMM ASeg memory\n"); + + /* Set SMM base address for this CPU */ + msr = rdmsr(SMM_BASE_MSR); + msr.lo = SMM_BASE - (lapicid() * 0x400); + wrmsr(SMM_BASE_MSR, msr); + + /* Disable the SMM memory window */ + msr.hi = 0x0; + msr.lo = 0x0; + wrmsr(SMM_MASK_MSR, msr); + } /* Set SMMLOCK to avoid exploits messing with SMM */ msr = rdmsr(HWCR_MSR); |