From 0a4457ff44b10f22b711f64e88888c757fbedf32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ky=C3=B6sti=20M=C3=A4lkki?= Date: Thu, 1 Aug 2019 20:29:14 +0300 Subject: lib/stage_cache: Refactor Kconfig options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add explicit CBMEM_STAGE_CACHE option. Rename CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM to TSEG_STAGE_CACHE. Platforms with SMM_TSEG=y always need to implement stage_cache_external_region(). It is allowed to return with a region of size 0 to effectively disable the cache. There are no provisions in Kconfig to degrade from TSEG_STAGE_CACHE to CBMEM_STAGE_CACHE. As a security measure CBMEM_STAGE_CACHE default is changed to disabled. AGESA platforms without TSEG will experience slower S3 resume speed unless they explicitly select the option. Change-Id: Ibbdc701ea85b5a3208ca4e98c428b05b6d4e5340 Signed-off-by: Kyösti Mälkki Reviewed-on: https://review.coreboot.org/c/coreboot/+/34664 Tested-by: build bot (Jenkins) Reviewed-by: Furquan Shaikh --- src/Kconfig | 26 +++++++++++++++++++++----- src/cpu/intel/model_2065x/Kconfig | 1 - src/cpu/intel/model_206ax/Kconfig | 1 - src/cpu/intel/smm/gen1/smmrelocate.c | 2 +- src/include/stage_cache.h | 3 +-- src/lib/Makefile.inc | 15 ++++++--------- src/northbridge/intel/gm45/Kconfig | 1 - src/northbridge/intel/haswell/Kconfig | 1 - src/northbridge/intel/i945/Kconfig | 1 - src/northbridge/intel/pineview/Kconfig | 1 - src/northbridge/intel/x4x/Kconfig | 1 - src/soc/amd/picasso/Kconfig | 1 - src/soc/amd/stoneyridge/Kconfig | 1 - src/soc/intel/apollolake/Kconfig | 1 - src/soc/intel/braswell/Kconfig | 1 - src/soc/intel/broadwell/Kconfig | 1 - src/soc/intel/cannonlake/Kconfig | 1 - src/soc/intel/icelake/Kconfig | 1 - src/soc/intel/skylake/Kconfig | 1 - 19 files changed, 29 insertions(+), 32 deletions(-) diff --git a/src/Kconfig b/src/Kconfig index 2bb5bfeab0..6288d0bc74 100644 --- a/src/Kconfig +++ b/src/Kconfig @@ -250,12 +250,28 @@ config RELOCATABLE_RAMSTAGE wake. When selecting this option the romstage is responsible for determing a stack location to use for loading the ramstage. -config CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM - depends on RELOCATABLE_RAMSTAGE +config TSEG_STAGE_CACHE bool + default y + depends on !NO_STAGE_CACHE && SMM_TSEG + help + The option enables stage cache support for platform. Platform + can stash copies of postcar, ramstage and raw runtime data + inside SMM TSEG, to be restored on S3 resume path. + +config CBMEM_STAGE_CACHE + bool "Cache stages in CBMEM" + depends on !NO_STAGE_CACHE && !TSEG_STAGE_CACHE help - The relocated ramstage is saved in an area specified by the - by the board and/or chipset. + The option enables stage cache support for platform. Platform + can stash copies of postcar, ramstage and raw runtime data + inside CBMEM. + + While the approach is faster than reloading stages from boot media + it is also a possible attack scenario via which OS can possibly + circumvent SMM locks and SPI write protections. + + If unsure, select 'N' config UPDATE_IMAGE bool "Update existing coreboot.rom image" @@ -1143,7 +1159,7 @@ config RELOCATABLE_MODULES config NO_STAGE_CACHE bool - default y if !HAVE_ACPI_RESUME + default y if !HAVE_ACPI_RESUME || !RELOCATABLE_RAMSTAGE help Do not save any component in stage cache for resume path. On resume, all components would be read back from CBFS again. diff --git a/src/cpu/intel/model_2065x/Kconfig b/src/cpu/intel/model_2065x/Kconfig index 089b3fead0..a3a58b65e6 100644 --- a/src/cpu/intel/model_2065x/Kconfig +++ b/src/cpu/intel/model_2065x/Kconfig @@ -21,7 +21,6 @@ config CPU_SPECIFIC_OPTIONS select CPU_INTEL_COMMON select NO_FIXED_XIP_ROM_SIZE select PARALLEL_MP - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM config BOOTBLOCK_CPU_INIT string diff --git a/src/cpu/intel/model_206ax/Kconfig b/src/cpu/intel/model_206ax/Kconfig index 2af63d6079..ced3340903 100644 --- a/src/cpu/intel/model_206ax/Kconfig +++ b/src/cpu/intel/model_206ax/Kconfig @@ -19,7 +19,6 @@ config CPU_SPECIFIC_OPTIONS #select AP_IN_SIPI_WAIT select TSC_SYNC_MFENCE select CPU_INTEL_COMMON - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM select PARALLEL_MP select NO_FIXED_XIP_ROM_SIZE diff --git a/src/cpu/intel/smm/gen1/smmrelocate.c b/src/cpu/intel/smm/gen1/smmrelocate.c index 986929c9cb..d8021e6ac2 100644 --- a/src/cpu/intel/smm/gen1/smmrelocate.c +++ b/src/cpu/intel/smm/gen1/smmrelocate.c @@ -121,7 +121,7 @@ static void fill_in_relocation_params(struct smm_relocation_params *params) } /* Adjust available SMM handler memory size. */ - if (CONFIG(CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM)) { + if (CONFIG(TSEG_STAGE_CACHE)) { ASSERT(params->smram_size > CONFIG_SMM_RESERVED_SIZE); params->smram_size -= CONFIG_SMM_RESERVED_SIZE; } diff --git a/src/include/stage_cache.h b/src/include/stage_cache.h index 3483c0cf30..3c7d9face0 100644 --- a/src/include/stage_cache.h +++ b/src/include/stage_cache.h @@ -32,8 +32,7 @@ enum { STAGE_S3_DATA, }; -#if CONFIG(CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM) \ - || CONFIG(RELOCATABLE_RAMSTAGE) +#if CONFIG(TSEG_STAGE_CACHE) || CONFIG(CBMEM_STAGE_CACHE) /* Cache the loaded stage provided according to the parameters. */ void stage_cache_add(int stage_id, const struct prog *stage); /* Load the cached stage at given location returning the stage entry point. */ diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc index 9deb5bf377..e5678ffdf1 100644 --- a/src/lib/Makefile.inc +++ b/src/lib/Makefile.inc @@ -176,16 +176,13 @@ verstage-$(CONFIG_REG_SCRIPT) += reg_script.c romstage-$(CONFIG_REG_SCRIPT) += reg_script.c ramstage-$(CONFIG_REG_SCRIPT) += reg_script.c -ifeq ($(CONFIG_CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM),y) -ramstage-y += ext_stage_cache.c -romstage-y += ext_stage_cache.c -postcar-y += ext_stage_cache.c -else -ramstage-$(CONFIG_RELOCATABLE_RAMSTAGE) += cbmem_stage_cache.c -romstage-$(CONFIG_RELOCATABLE_RAMSTAGE) += cbmem_stage_cache.c -postcar-$(CONFIG_RELOCATABLE_RAMSTAGE) += cbmem_stage_cache.c -endif +ramstage-$(CONFIG_TSEG_STAGE_CACHE) += ext_stage_cache.c +romstage-$(CONFIG_TSEG_STAGE_CACHE) += ext_stage_cache.c +postcar-$(CONFIG_TSEG_STAGE_CACHE) += ext_stage_cache.c +ramstage-$(CONFIG_CBMEM_STAGE_CACHE) += cbmem_stage_cache.c +romstage-$(CONFIG_CBMEM_STAGE_CACHE) += cbmem_stage_cache.c +postcar-$(CONFIG_CBMEM_STAGE_CACHE) += cbmem_stage_cache.c romstage-y += boot_device.c ramstage-y += boot_device.c diff --git a/src/northbridge/intel/gm45/Kconfig b/src/northbridge/intel/gm45/Kconfig index c3d24820a5..576ae475d1 100644 --- a/src/northbridge/intel/gm45/Kconfig +++ b/src/northbridge/intel/gm45/Kconfig @@ -29,7 +29,6 @@ config NORTHBRIDGE_SPECIFIC_OPTIONS # dummy select POSTCAR_STAGE select POSTCAR_CONSOLE select PARALLEL_MP - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM config CBFS_SIZE hex diff --git a/src/northbridge/intel/haswell/Kconfig b/src/northbridge/intel/haswell/Kconfig index 3678cb803d..dbf91bf60d 100644 --- a/src/northbridge/intel/haswell/Kconfig +++ b/src/northbridge/intel/haswell/Kconfig @@ -19,7 +19,6 @@ config NORTHBRIDGE_INTEL_HASWELL select CACHE_MRC_SETTINGS select INTEL_DDI select INTEL_GMA_ACPI - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM select POSTCAR_STAGE select POSTCAR_CONSOLE select C_ENVIRONMENT_BOOTBLOCK diff --git a/src/northbridge/intel/i945/Kconfig b/src/northbridge/intel/i945/Kconfig index b151e8fb92..1a4d8875e9 100644 --- a/src/northbridge/intel/i945/Kconfig +++ b/src/northbridge/intel/i945/Kconfig @@ -30,7 +30,6 @@ config NORTHBRIDGE_SPECIFIC_OPTIONS # dummy select POSTCAR_STAGE select POSTCAR_CONSOLE select PARALLEL_MP - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM config NORTHBRIDGE_INTEL_SUBTYPE_I945GC def_bool n diff --git a/src/northbridge/intel/pineview/Kconfig b/src/northbridge/intel/pineview/Kconfig index 37959dd2e6..8acfaf8fec 100644 --- a/src/northbridge/intel/pineview/Kconfig +++ b/src/northbridge/intel/pineview/Kconfig @@ -31,7 +31,6 @@ config NORTHBRIDGE_SPECIFIC_OPTIONS # dummy select POSTCAR_STAGE select POSTCAR_CONSOLE select PARALLEL_MP - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM select C_ENVIRONMENT_BOOTBLOCK config BOOTBLOCK_NORTHBRIDGE_INIT diff --git a/src/northbridge/intel/x4x/Kconfig b/src/northbridge/intel/x4x/Kconfig index ce43936c37..a819f57af2 100644 --- a/src/northbridge/intel/x4x/Kconfig +++ b/src/northbridge/intel/x4x/Kconfig @@ -29,7 +29,6 @@ config NORTHBRIDGE_SPECIFIC_OPTIONS # dummy select POSTCAR_STAGE select POSTCAR_CONSOLE select PARALLEL_MP - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM config CBFS_SIZE hex diff --git a/src/soc/amd/picasso/Kconfig b/src/soc/amd/picasso/Kconfig index 0ba90effe6..1c2ec8400f 100644 --- a/src/soc/amd/picasso/Kconfig +++ b/src/soc/amd/picasso/Kconfig @@ -52,7 +52,6 @@ config CPU_SPECIFIC_OPTIONS select C_ENVIRONMENT_BOOTBLOCK select BOOT_DEVICE_SUPPORTS_WRITES if BOOT_DEVICE_SPI_FLASH select BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY if BOOT_DEVICE_SPI_FLASH - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM if HAVE_ACPI_RESUME select PARALLEL_MP select PARALLEL_MP_AP_WORK select HAVE_SMI_HANDLER diff --git a/src/soc/amd/stoneyridge/Kconfig b/src/soc/amd/stoneyridge/Kconfig index ea0ad5f780..5f1d2f3ad5 100644 --- a/src/soc/amd/stoneyridge/Kconfig +++ b/src/soc/amd/stoneyridge/Kconfig @@ -73,7 +73,6 @@ config CPU_SPECIFIC_OPTIONS select C_ENVIRONMENT_BOOTBLOCK select BOOT_DEVICE_SUPPORTS_WRITES if BOOT_DEVICE_SPI_FLASH select BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY if BOOT_DEVICE_SPI_FLASH - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM if HAVE_ACPI_RESUME select PARALLEL_MP select PARALLEL_MP_AP_WORK select HAVE_SMI_HANDLER diff --git a/src/soc/intel/apollolake/Kconfig b/src/soc/intel/apollolake/Kconfig index cf3d2446b4..b5073c0404 100644 --- a/src/soc/intel/apollolake/Kconfig +++ b/src/soc/intel/apollolake/Kconfig @@ -40,7 +40,6 @@ config CPU_SPECIFIC_OPTIONS # Misc options select C_ENVIRONMENT_BOOTBLOCK select CACHE_MRC_SETTINGS - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM select COLLECT_TIMESTAMPS select COMMON_FADT select FSP_PLATFORM_MEMORY_SETTINGS_VERSIONS diff --git a/src/soc/intel/braswell/Kconfig b/src/soc/intel/braswell/Kconfig index 980d0644d6..76adae1cc0 100644 --- a/src/soc/intel/braswell/Kconfig +++ b/src/soc/intel/braswell/Kconfig @@ -14,7 +14,6 @@ config CPU_SPECIFIC_OPTIONS select ARCH_VERSTAGE_X86_32 select BOOT_DEVICE_SUPPORTS_WRITES select CACHE_MRC_SETTINGS - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM select COLLECT_TIMESTAMPS select SUPPORT_CPU_UCODE_IN_CBFS select MICROCODE_BLOB_NOT_IN_BLOB_REPO diff --git a/src/soc/intel/broadwell/Kconfig b/src/soc/intel/broadwell/Kconfig index bf6b78c222..696cf98ef9 100644 --- a/src/soc/intel/broadwell/Kconfig +++ b/src/soc/intel/broadwell/Kconfig @@ -15,7 +15,6 @@ config CPU_SPECIFIC_OPTIONS select BOOT_DEVICE_SUPPORTS_WRITES select CACHE_MRC_SETTINGS select MRC_SETTINGS_PROTECT - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM select CPU_INTEL_FIRMWARE_INTERFACE_TABLE select SUPPORT_CPU_UCODE_IN_CBFS select HAVE_SMI_HANDLER diff --git a/src/soc/intel/cannonlake/Kconfig b/src/soc/intel/cannonlake/Kconfig index 6dbf35fa11..4bc6a65448 100644 --- a/src/soc/intel/cannonlake/Kconfig +++ b/src/soc/intel/cannonlake/Kconfig @@ -59,7 +59,6 @@ config CPU_SPECIFIC_OPTIONS select BOOT_DEVICE_SUPPORTS_WRITES select C_ENVIRONMENT_BOOTBLOCK select CACHE_MRC_SETTINGS - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM select COMMON_FADT select CPU_INTEL_COMMON select CPU_INTEL_FIRMWARE_INTERFACE_TABLE diff --git a/src/soc/intel/icelake/Kconfig b/src/soc/intel/icelake/Kconfig index 99000bb82b..7931018021 100644 --- a/src/soc/intel/icelake/Kconfig +++ b/src/soc/intel/icelake/Kconfig @@ -16,7 +16,6 @@ config CPU_SPECIFIC_OPTIONS select BOOT_DEVICE_SUPPORTS_WRITES select C_ENVIRONMENT_BOOTBLOCK select CACHE_MRC_SETTINGS - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM select COMMON_FADT select CPU_INTEL_FIRMWARE_INTERFACE_TABLE select FSP_M_XIP diff --git a/src/soc/intel/skylake/Kconfig b/src/soc/intel/skylake/Kconfig index f36d5ca0f3..4f4ec469a7 100644 --- a/src/soc/intel/skylake/Kconfig +++ b/src/soc/intel/skylake/Kconfig @@ -27,7 +27,6 @@ config CPU_SPECIFIC_OPTIONS select BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY if BOOT_DEVICE_SPI_FLASH select BOOT_DEVICE_SUPPORTS_WRITES select CACHE_MRC_SETTINGS - select CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM select COLLECT_TIMESTAMPS select COMMON_FADT select CPU_INTEL_COMMON -- cgit v1.2.3