diff options
Diffstat (limited to 'src/soc/intel/apollolake')
| -rw-r--r-- | src/soc/intel/apollolake/Kconfig | 1 | ||||
| -rw-r--r-- | src/soc/intel/apollolake/chip.c | 20 | ||||
| -rw-r--r-- | src/soc/intel/apollolake/cpu.c | 4 | ||||
| -rw-r--r-- | src/soc/intel/apollolake/include/soc/cpu.h | 1 |
4 files changed, 21 insertions, 5 deletions
diff --git a/src/soc/intel/apollolake/Kconfig b/src/soc/intel/apollolake/Kconfig index 6769af0d0a..b37cde678f 100644 --- a/src/soc/intel/apollolake/Kconfig +++ b/src/soc/intel/apollolake/Kconfig @@ -36,6 +36,7 @@ config CPU_SPECIFIC_OPTIONS select NO_FIXED_XIP_ROM_SIZE select NO_XIP_EARLY_STAGES select PARALLEL_MP + select PARALLEL_MP_AP_WORK select PCIEXP_ASPM select PCIEXP_COMMON_CLOCK select PCIEXP_CLK_PM diff --git a/src/soc/intel/apollolake/chip.c b/src/soc/intel/apollolake/chip.c index 171e01e930..a24ca33530 100644 --- a/src/soc/intel/apollolake/chip.c +++ b/src/soc/intel/apollolake/chip.c @@ -21,6 +21,7 @@ #include <cbmem.h> #include <console/console.h> #include <cpu/cpu.h> +#include <cpu/x86/mp.h> #include <device/device.h> #include <device/pci.h> #include <fsp/api.h> @@ -499,11 +500,26 @@ struct chip_operations soc_intel_apollolake_ops = { .final = &soc_final }; +static void drop_privilege_all(void) +{ + /* Drop privilege level on all the CPUs */ + if (mp_run_on_all_cpus(&enable_untrusted_mode, 1000) < 0) + printk(BIOS_ERR, "failed to enable untrusted mode\n"); +} + void platform_fsp_notify_status(enum fsp_notify_phase phase) { - /* Hide the P2SB device to align with previous behavior. */ - if (phase == END_OF_FIRMWARE) + if (phase == END_OF_FIRMWARE) { + /* Hide the P2SB device to align with previous behavior. */ p2sb_hide(); + /* + * As per guidelines BIOS is recommended to drop CPU privilege + * level to IA_UNTRUSTED. After that certain device registers + * and MSRs become inaccessible supposedly increasing system + * security. + */ + drop_privilege_all(); + } } /* diff --git a/src/soc/intel/apollolake/cpu.c b/src/soc/intel/apollolake/cpu.c index 8b8f963e4c..ff300bcc90 100644 --- a/src/soc/intel/apollolake/cpu.c +++ b/src/soc/intel/apollolake/cpu.c @@ -53,7 +53,7 @@ static const struct reg_script core_msr_script[] = { REG_SCRIPT_END }; -static void enable_untrusted_mode(void) +void enable_untrusted_mode(void) { msr_t msr = rdmsr(MSR_POWER_MISC); msr.lo |= ENABLE_IA_UNTRUSTED; @@ -70,8 +70,6 @@ static void soc_core_init(device_t cpu) * implemented in microcode. */ enable_pm_timer_emulation(); - /* Drop privilege level */ - enable_untrusted_mode(); } static struct device_operations cpu_dev_ops = { diff --git a/src/soc/intel/apollolake/include/soc/cpu.h b/src/soc/intel/apollolake/include/soc/cpu.h index db9d3dde05..b4c86842ba 100644 --- a/src/soc/intel/apollolake/include/soc/cpu.h +++ b/src/soc/intel/apollolake/include/soc/cpu.h @@ -24,6 +24,7 @@ void apollolake_init_cpus(struct device *dev); void set_max_freq(void); +void enable_untrusted_mode(void); #endif #define CPUID_APOLLOLAKE_A0 0x506c8 |