soc/intel/skylake: lock AES-NI MSR

Lock AES-NI register to prevent unintended disabling, as suggested by the
MSR datasheet.

Successfully tested by reading the MSR on X11SSM-F

Change-Id: I97a0d3b1b9b0452e929ca07d29c03237b413e521
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35188
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>

src/soc/intel/skylake/Kconfig

@@ -31,6 +31,7 @@ config CPU_SPECIFIC_OPTIONS
 	select COMMON_FADT
 	select CPU_INTEL_COMMON
 	select CPU_INTEL_FIRMWARE_INTERFACE_TABLE
+	select CPU_INTEL_COMMON_HYPERTHREADING
 	select C_ENVIRONMENT_BOOTBLOCK
 	select FSP_M_XIP if MAINBOARD_USES_FSP2_0
 	select FSP_T_XIP if FSP_CAR

src/soc/intel/skylake/cpu.c

@@ -420,6 +420,25 @@ static void enable_pm_timer_emulation(void)
 	wrmsr(MSR_EMULATE_PM_TIMER, msr);
 }
 
+/*
+ * Lock AES-NI (MSR_FEATURE_CONFIG) to prevent unintended disabling
+ * as suggested in Intel document 325384-070US.
+ */
+static void cpu_lock_aesni(void)
+{
+	msr_t msr;
+
+	/* Only run once per core as specified in the MSR datasheet */
+	if (intel_ht_sibling())
+		return;
+
+	msr = rdmsr(MSR_FEATURE_CONFIG);
+	if ((msr.lo & 1) == 0) {
+		msr.lo |= 1;
+		wrmsr(MSR_FEATURE_CONFIG, msr);
+	}
+}
+
 /* All CPUs including BSP will run the following function. */
 void soc_core_init(struct device *cpu)
 {
@@ -444,6 +463,9 @@ void soc_core_init(struct device *cpu)
 	/* Configure Intel Speed Shift */
 	configure_isst();
 
+	/* Lock AES-NI MSR */
+	cpu_lock_aesni();
+
 	/* Enable ACPI Timer Emulation via MSR 0x121 */
 	enable_pm_timer_emulation();