soc/intel/xeon_sp/smihandler: Lock SMM_FEATURE_CONTROL on all sockets

Remove hardcoded B:D:F numbers for the first socket and pass the PCI addresses to be locked within SMM by using the smm_pci_resource_store. This allows to lock down SMM on all sockets without knowing the actual bus topology or PCI segment group at compile time where the UBOX devices reside on. Tested: SMM is locked on all 4 sockets instead of just one. Change-Id: Ica694911384005681662d3d7bed354a60bf08911 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/80247 Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-01-25 15:15:00 +01:00
parent fe33b2dd86
commit 7a593ab0bb
20 changed files with 101 additions and 67 deletions
--- a/src/mainboard/bytedance/bd_egs/ramstage.c
+++ b/src/mainboard/bytedance/bd_egs/ramstage.c
@@ -1,6 +1,8 @@
 /* SPDX-License-Identifier: GPL-2.0-only */

+#include <cpu/x86/smm.h>
 #include <soc/ramstage.h>
+#include <soc/smmrelocate.h>
 #include <soc/gpio.h>

 #include "gpio.h"
@@ -23,6 +25,11 @@ void mainboard_override_fsp_gpio(void)
 	gpio_configure_pads(pads, pads_num);
 }

+void smm_mainboard_pci_resource_store_init(struct smm_pci_resource_info *slots, size_t size)
+{
+	soc_ubox_store_resources(slots, size);
+}
+
 struct chip_operations mainboard_ops = {
 	.init = mainboard_chip_init,
 };
--- a/src/mainboard/ibm/sbp1/ramstage.c
+++ b/src/mainboard/ibm/sbp1/ramstage.c
@@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: GPL-2.0-only */
-
+#include <cpu/x86/smm.h>
 #include <soc/ramstage.h>
+#include <soc/smmrelocate.h>

 #include "include/spr_sbp1_gpio.h"
 #include <bootstate.h>
@@ -33,4 +34,9 @@ static void finalize_boot(void *unused)
 	gpio_output(GPPC_C17, 0);
 }

+void smm_mainboard_pci_resource_store_init(struct smm_pci_resource_info *slots, size_t size)
+{
+	soc_ubox_store_resources(slots, size);
+}
+
 BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_BOOT, BS_ON_ENTRY, finalize_boot, NULL);
--- a/src/mainboard/intel/archercity_crb/ramstage.c
+++ b/src/mainboard/intel/archercity_crb/ramstage.c
@@ -1,3 +1,10 @@
 /* SPDX-License-Identifier: GPL-2.0-only */

+#include <cpu/x86/smm.h>
 #include <soc/ramstage.h>
+#include <soc/smmrelocate.h>
+
+void smm_mainboard_pci_resource_store_init(struct smm_pci_resource_info *slots, size_t size)
+{
+	soc_ubox_store_resources(slots, size);
+}
--- a/src/mainboard/intel/cedarisland_crb/ramstage.c
+++ b/src/mainboard/intel/cedarisland_crb/ramstage.c
@@ -1,6 +1,9 @@
 /* SPDX-License-Identifier: GPL-2.0-only */

+#include <cpu/x86/smm.h>
 #include <soc/ramstage.h>
+#include <soc/smmrelocate.h>
+
 #include "include/gpio.h"

 void mainboard_silicon_init_params(FSPS_UPD *params)
@@ -8,3 +11,8 @@ void mainboard_silicon_init_params(FSPS_UPD *params)
 	/* configure Lewisburg PCH GPIO controller after FSP-M */
 	gpio_configure_pads(gpio_table, ARRAY_SIZE(gpio_table));
 }
+
+void smm_mainboard_pci_resource_store_init(struct smm_pci_resource_info *slots, size_t size)
+{
+	soc_ubox_store_resources(slots, size);
+}
--- a/src/mainboard/inventec/transformers/ramstage.c
+++ b/src/mainboard/inventec/transformers/ramstage.c
@@ -1,6 +1,8 @@
 /* SPDX-License-Identifier: GPL-2.0-only */

+#include <cpu/x86/smm.h>
 #include <soc/ramstage.h>
+#include <soc/smmrelocate.h>
 #include <sprsp_gpio.h>
 #include <intelblocks/cse.h>
 #include <memory_info.h>
@@ -35,3 +37,8 @@ void mainboard_silicon_init_params(FSPS_UPD *params)
    /* configure Emmitsburg PCH GPIO controller after FSP-M */
 	gpio_configure_pads(gpio_table, ARRAY_SIZE(gpio_table));
 }
+
+void smm_mainboard_pci_resource_store_init(struct smm_pci_resource_info *slots, size_t size)
+{
+	soc_ubox_store_resources(slots, size);
+}
--- a/src/mainboard/ocp/deltalake/ramstage.c
+++ b/src/mainboard/ocp/deltalake/ramstage.c
@@ -4,6 +4,7 @@
 #include <commonlib/bsd/helpers.h>
 #include <console/console.h>
 #include <cpu/cpu.h>
+#include <cpu/x86/smm.h>
 #include <cpxsp_dl_gpio.h>
 #include <device/device.h>
 #include <device/pci_def.h>
@@ -16,6 +17,7 @@
 #include <security/intel/txt/txt.h>
 #include <smbios.h>
 #include <soc/ramstage.h>
+#include <soc/smmrelocate.h>
 #include <soc/soc_util.h>
 #include <soc/util.h>
 #include <stdio.h>
@@ -335,6 +337,11 @@ struct chip_operations mainboard_ops = {
 	.final = mainboard_final,
 };

+void smm_mainboard_pci_resource_store_init(struct smm_pci_resource_info *slots, size_t size)
+{
+	soc_ubox_store_resources(slots, size);
+}
+
 bool skip_intel_txt_lockdown(void)
 {
 	static bool fetched_vpd = 0;
--- a/src/mainboard/ocp/tiogapass/ramstage.c
+++ b/src/mainboard/ocp/tiogapass/ramstage.c
@@ -1,8 +1,10 @@
 /* SPDX-License-Identifier: GPL-2.0-or-later */

+#include <cpu/x86/smm.h>
 #include <drivers/ipmi/ipmi_ops.h>
 #include <drivers/ocp/dmi/ocp_dmi.h>
 #include <soc/ramstage.h>
+#include <soc/smmrelocate.h>

 extern struct fru_info_str fru_strings;

@@ -176,6 +178,11 @@ static void mainboard_final(void *chip_info)
 {
 }

+void smm_mainboard_pci_resource_store_init(struct smm_pci_resource_info *slots, size_t size)
+{
+	soc_ubox_store_resources(slots, size);
+}
+
 struct chip_operations mainboard_ops = {
 	.enable_dev = mainboard_enable,
 	.final = mainboard_final,
--- a/src/soc/intel/xeon_sp/Kconfig
+++ b/src/soc/intel/xeon_sp/Kconfig
@@ -33,6 +33,7 @@ config XEON_SP_COMMON_BASE
 	select SOC_INTEL_COMMON_BLOCK_TCO
 	select SOC_INTEL_COMMON_PCH_SERVER
 	select SUPPORT_CPU_UCODE_IN_CBFS
+	select SMM_PCI_RESOURCE_STORE
 	select TSC_MONOTONIC_TIMER
 	select TPM_STARTUP_IGNORE_POSTINIT if INTEL_TXT
 	select UDELAY_TSC
--- a/src/soc/intel/xeon_sp/cpx/Makefile.mk
+++ b/src/soc/intel/xeon_sp/cpx/Makefile.mk
@@ -12,7 +12,6 @@ romstage-$(CONFIG_DISPLAY_HOBS) += hob_display.c
 ramstage-y += chip.c cpu.c soc_util.c soc_acpi.c
 ramstage-$(CONFIG_DISPLAY_HOBS) += hob_display.c
 ramstage-$(CONFIG_DISPLAY_UPD_DATA) += upd_display.c
-smm-$(CONFIG_HAVE_SMI_HANDLER) += soc_smihandler_util.c

 CPPFLAGS_common += -I$(src)/soc/intel/xeon_sp/cpx/include -I$(src)/soc/intel/xeon_sp/cpx
 CPPFLAGS_common += -I$(src)/vendorcode/intel/fsp/fsp2_0/cooperlake_sp
--- a/src/soc/intel/xeon_sp/cpx/include/soc/pci_devs.h
+++ b/src/soc/intel/xeon_sp/cpx/include/soc/pci_devs.h
@@ -86,13 +86,11 @@

 #define UBOX_DEV			8

-#define UBOX_PMON_BUS			0
-#define UBOX_PMON_DEV			8
-#define UBOX_PMON_FUNC			1
-#define UBOX_DEV_PMON			_UBOX_DEV(UBOX_PMON_FUNC)
+/* Bus: B0, Device: 8, Function: 1 */
 #define SMM_FEATURE_CONTROL		0x7c
 #define SMM_CODE_CHK_EN			BIT(2)
 #define SMM_FEATURE_CONTROL_LOCK	BIT(0)
+#define UBOX_DFX_DEVID			0x2015


 #define UBOX_DECS_BUS			0
@@ -183,6 +181,4 @@
 #define IIO_DFX_TSWCTL0		0x30c
 #define IIO_DFX_LCK_CTL		0x504

-pci_devfn_t soc_get_ubox_pmon_dev(void);
-
 #endif /* _SOC_PCI_DEVS_H_ */
--- a/src/soc/intel/xeon_sp/cpx/soc_smihandler_util.c
+++ b/src/soc/intel/xeon_sp/cpx/soc_smihandler_util.c
@@ -1,8 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-only */
-
-#include <soc/pci_devs.h>
-
-pci_devfn_t soc_get_ubox_pmon_dev(void)
-{
-	return UBOX_DEV_PMON;
-}
--- a/src/soc/intel/xeon_sp/include/soc/smmrelocate.h
+++ b/src/soc/intel/xeon_sp/include/soc/smmrelocate.h
@@ -3,7 +3,11 @@
 #ifndef _SOC_SMMRELOCATE_H_
 #define _SOC_SMMRELOCATE_H_

+#include <cpu/x86/smm.h>
+
 void get_smm_info(uintptr_t *perm_smbase, size_t *perm_smsize,
 		  size_t *smm_save_state_size);

+void soc_ubox_store_resources(struct smm_pci_resource_info *slots, size_t size);
+
 #endif
--- a/src/soc/intel/xeon_sp/skx/Makefile.mk
+++ b/src/soc/intel/xeon_sp/skx/Makefile.mk
@@ -21,7 +21,6 @@ ramstage-y += cpu.c
 ramstage-$(CONFIG_DISPLAY_UPD_DATA) += upd_display.c
 ramstage-$(CONFIG_DISPLAY_HOBS) += hob_display.c
 ramstage-y += hob_display.c
-smm-$(CONFIG_HAVE_SMI_HANDLER) += soc_smihandler_util.c

 CPPFLAGS_common += -I$(src)/soc/intel/xeon_sp/skx/include -I$(src)/soc/intel/xeon_sp/skx

--- a/src/soc/intel/xeon_sp/skx/include/soc/pci_devs.h
+++ b/src/soc/intel/xeon_sp/skx/include/soc/pci_devs.h
@@ -81,13 +81,11 @@

 #define UBOX_DEV			8

-#define UBOX_PMON_BUS			0
-#define UBOX_PMON_DEV			8
-#define UBOX_PMON_FUNC			1
-#define UBOX_DEV_PMON			_UBOX_DEV(UBOX_PMON_FUNC)
+/* Bus: B0, Device: 8, Function: 1 */
 #define SMM_FEATURE_CONTROL		0x7c
 #define SMM_CODE_CHK_EN			BIT(2)
 #define SMM_FEATURE_CONTROL_LOCK	BIT(0)
+#define UBOX_DFX_DEVID			0x2015

 #define UBOX_DECS_BUS			0
 #define UBOX_DECS_DEV			8
@@ -164,6 +162,4 @@
 #define IIO_DFX_TSWCTL0		0x30c
 #define IIO_DFX_LCK_CTL		0x504

-pci_devfn_t soc_get_ubox_pmon_dev(void);
-
 #endif /* _SOC_PCI_DEVS_H_ */
--- a/src/soc/intel/xeon_sp/skx/soc_smihandler_util.c
+++ b/src/soc/intel/xeon_sp/skx/soc_smihandler_util.c
@@ -1,8 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-only */
-
-#include <soc/pci_devs.h>
-
-pci_devfn_t soc_get_ubox_pmon_dev(void)
-{
-	return UBOX_DEV_PMON;
-}
--- a/src/soc/intel/xeon_sp/smihandler.c
+++ b/src/soc/intel/xeon_sp/smihandler.c
@@ -5,6 +5,7 @@
 #include <console/uart.h>
 #include <cpu/x86/smm.h>
 #include <device/pci.h>
+#include <device/pci_ids.h>
 #include <drivers/uart/uart8250reg.h>
 #include <intelblocks/smihandler.h>
 #include <soc/pci_devs.h>
@@ -55,18 +56,26 @@ void smm_soc_exit(void)
 */
 void smihandler_soc_at_finalize(void)
 {
-	/* SMM_FEATURE_CONTROL can only be written within SMM. */
-	printk(BIOS_DEBUG, "Lock SMM_FEATURE_CONTROL\n");
-	pci_devfn_t pcie_offset = soc_get_ubox_pmon_dev();
-	if (!pcie_offset) {
-		printk(BIOS_ERR, "UBOX PMON is not found, cannot lock SMM_FEATURE_CONTROL!\n");
-		return;
-	}
-
+	const volatile struct smm_pci_resource_info *res_store;
+	size_t res_count, found = 0;
 	u32 val;
-	val = pci_s_read_config32(pcie_offset, SMM_FEATURE_CONTROL);
-	val |= (SMM_CODE_CHK_EN | SMM_FEATURE_CONTROL_LOCK);
-	pci_s_write_config32(pcie_offset, SMM_FEATURE_CONTROL, val);
+
+	/* SMM_FEATURE_CONTROL can only be written within SMM. */
+	smm_pci_get_stored_resources(&res_store, &res_count);
+	for (size_t i_slot = 0; i_slot < res_count; i_slot++) {
+		if (res_store[i_slot].vendor_id != PCI_VID_INTEL ||
+		    res_store[i_slot].device_id != UBOX_DFX_DEVID) {
+			continue;
+		}
+
+		val = pci_s_read_config32(res_store[i_slot].pci_addr, SMM_FEATURE_CONTROL);
+		val |= (SMM_CODE_CHK_EN | SMM_FEATURE_CONTROL_LOCK);
+		pci_s_write_config32(res_store[i_slot].pci_addr, SMM_FEATURE_CONTROL, val);
+		found ++;
+	}
+	printk(BIOS_DEBUG, "Locked SMM_FEATURE_CONTROL on %zd sockets\n", found);
+	if (!found)
+		printk(BIOS_ERR, "Failed to lock SMM_FEATURE_CONTROL\n");
 }

 /*
--- a/src/soc/intel/xeon_sp/smmrelocate.c
+++ b/src/soc/intel/xeon_sp/smmrelocate.c
@@ -7,9 +7,11 @@
 #include <cpu/intel/em64t101_save_state.h>
 #include <cpu/intel/smm_reloc.h>
 #include <console/console.h>
+#include <device/pci_ids.h>
 #include <smp/node.h>
 #include <soc/msr.h>
 #include <soc/smmrelocate.h>
+#include <soc/pci_devs.h>

 static void fill_in_relocation_params(struct smm_relocation_params *params)
 {
@@ -137,3 +139,21 @@ void smm_relocation_handler(int cpu, uintptr_t curr_smbase,
 	if (mtrr_cap.lo & SMRR_SUPPORTED)
 		write_smrr(relo_params);
 }
+
+void soc_ubox_store_resources(struct smm_pci_resource_info *slots, size_t size)
+{
+	struct device *devices[CONFIG_MAX_SOCKET] = {0};
+	size_t devices_count = 0;
+	struct device *dev = NULL;
+
+	/*
+	 * Collect all UBOX DFX devices. Depending on the actual socket count
+	 * the bus numbers changed and the PCI segment group might be different.
+	 * Pass all devices to SMM for platform lockdown.
+	 */
+	while ((dev = dev_find_device(PCI_VID_INTEL, UBOX_DFX_DEVID, dev))) {
+		devices[devices_count++] = dev;
+	}
+
+	smm_pci_resource_store_fill_resources(slots, size, (const struct device **)devices, devices_count);
+}
--- a/src/soc/intel/xeon_sp/spr/Makefile.mk
+++ b/src/soc/intel/xeon_sp/spr/Makefile.mk
@@ -16,7 +16,6 @@ ramstage-y += chip.c cpu.c soc_util.c ramstage.c soc_acpi.c xhci.c numa.c reset.
 ramstage-y += crashlog.c ioat.c
 ramstage-$(CONFIG_DISPLAY_HOBS) += hob_display.c
 ramstage-$(CONFIG_DISPLAY_UPD_DATA) += upd_display.c
-smm-$(CONFIG_HAVE_SMI_HANDLER) += soc_smihandler_util.c
 CPPFLAGS_common += -I$(src)/soc/intel/xeon_sp/spr/include -I$(src)/soc/intel/xeon_sp/spr

 endif ## CONFIG_SOC_INTEL_SAPPHIRERAPIDS_SP
--- a/src/soc/intel/xeon_sp/spr/include/soc/pci_devs.h
+++ b/src/soc/intel/xeon_sp/spr/include/soc/pci_devs.h
@@ -20,12 +20,11 @@
 #define UNCORE_BUS_0 0
 #define UNCORE_BUS_1 1

-/* UBOX Registers [B:30, D:0, F:1] */
-#define UBOX_DECS_DEV 0
-#define UBOX_URACU_FUNC 1
+/* UBOX Registers [U(1), D:0, F:1] */
 #define SMM_FEATURE_CONTROL 0x8c
 #define SMM_CODE_CHK_EN BIT(2)
 #define SMM_FEATURE_CONTROL_LOCK BIT(0)
+#define UBOX_DFX_DEVID 0x3251

 /* CHA registers [B:31, D:29, F:0/F:1]
 * SAD is the previous xeon_sp register name. Keep defines for shared code.
@@ -188,6 +187,4 @@
 #define BIOS_CRASHLOG_CTL 0x158
 #define CRASHLOG_CTL_DIS BIT(2)

-pci_devfn_t soc_get_ubox_pmon_dev(void);
-
 #endif /* _SOC_PCI_DEVS_H_ */
--- a/src/soc/intel/xeon_sp/spr/soc_smihandler_util.c
+++ b/src/soc/intel/xeon_sp/spr/soc_smihandler_util.c
@@ -1,19 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-only */
-
-#include <cpu/x86/msr.h>
-#include <device/pci.h>
-#include <soc/msr.h>
-#include <soc/pci_devs.h>
-
-pci_devfn_t soc_get_ubox_pmon_dev(void)
-{
-	msr_t msr = rdmsr(MSR_CPU_BUSNO);
-	u16 bus;
-
-	if (msr.hi & BUSNO_VALID)
-		bus = msr.lo & 0xff;
-	else
-		return 0;
-
-	return PCI_DEV(bus, UBOX_DECS_DEV, UBOX_URACU_FUNC);
-}