summaryrefslogtreecommitdiff
path: root/src/soc
diff options
context:
space:
mode:
Diffstat (limited to 'src/soc')
-rw-r--r--src/soc/intel/apollolake/Kconfig1
-rw-r--r--src/soc/intel/apollolake/chip.c20
-rw-r--r--src/soc/intel/apollolake/cpu.c4
-rw-r--r--src/soc/intel/apollolake/include/soc/cpu.h1
4 files changed, 21 insertions, 5 deletions
diff --git a/src/soc/intel/apollolake/Kconfig b/src/soc/intel/apollolake/Kconfig
index 6769af0d0a..b37cde678f 100644
--- a/src/soc/intel/apollolake/Kconfig
+++ b/src/soc/intel/apollolake/Kconfig
@@ -36,6 +36,7 @@ config CPU_SPECIFIC_OPTIONS
select NO_FIXED_XIP_ROM_SIZE
select NO_XIP_EARLY_STAGES
select PARALLEL_MP
+ select PARALLEL_MP_AP_WORK
select PCIEXP_ASPM
select PCIEXP_COMMON_CLOCK
select PCIEXP_CLK_PM
diff --git a/src/soc/intel/apollolake/chip.c b/src/soc/intel/apollolake/chip.c
index 171e01e930..a24ca33530 100644
--- a/src/soc/intel/apollolake/chip.c
+++ b/src/soc/intel/apollolake/chip.c
@@ -21,6 +21,7 @@
#include <cbmem.h>
#include <console/console.h>
#include <cpu/cpu.h>
+#include <cpu/x86/mp.h>
#include <device/device.h>
#include <device/pci.h>
#include <fsp/api.h>
@@ -499,11 +500,26 @@ struct chip_operations soc_intel_apollolake_ops = {
.final = &soc_final
};
+static void drop_privilege_all(void)
+{
+ /* Drop privilege level on all the CPUs */
+ if (mp_run_on_all_cpus(&enable_untrusted_mode, 1000) < 0)
+ printk(BIOS_ERR, "failed to enable untrusted mode\n");
+}
+
void platform_fsp_notify_status(enum fsp_notify_phase phase)
{
- /* Hide the P2SB device to align with previous behavior. */
- if (phase == END_OF_FIRMWARE)
+ if (phase == END_OF_FIRMWARE) {
+ /* Hide the P2SB device to align with previous behavior. */
p2sb_hide();
+ /*
+ * As per guidelines BIOS is recommended to drop CPU privilege
+ * level to IA_UNTRUSTED. After that certain device registers
+ * and MSRs become inaccessible supposedly increasing system
+ * security.
+ */
+ drop_privilege_all();
+ }
}
/*
diff --git a/src/soc/intel/apollolake/cpu.c b/src/soc/intel/apollolake/cpu.c
index 8b8f963e4c..ff300bcc90 100644
--- a/src/soc/intel/apollolake/cpu.c
+++ b/src/soc/intel/apollolake/cpu.c
@@ -53,7 +53,7 @@ static const struct reg_script core_msr_script[] = {
REG_SCRIPT_END
};
-static void enable_untrusted_mode(void)
+void enable_untrusted_mode(void)
{
msr_t msr = rdmsr(MSR_POWER_MISC);
msr.lo |= ENABLE_IA_UNTRUSTED;
@@ -70,8 +70,6 @@ static void soc_core_init(device_t cpu)
* implemented in microcode.
*/
enable_pm_timer_emulation();
- /* Drop privilege level */
- enable_untrusted_mode();
}
static struct device_operations cpu_dev_ops = {
diff --git a/src/soc/intel/apollolake/include/soc/cpu.h b/src/soc/intel/apollolake/include/soc/cpu.h
index db9d3dde05..b4c86842ba 100644
--- a/src/soc/intel/apollolake/include/soc/cpu.h
+++ b/src/soc/intel/apollolake/include/soc/cpu.h
@@ -24,6 +24,7 @@
void apollolake_init_cpus(struct device *dev);
void set_max_freq(void);
+void enable_untrusted_mode(void);
#endif
#define CPUID_APOLLOLAKE_A0 0x506c8