soc/intel/apollolake: Drop privilege level to IA_UNTRUSTED

As per guidelines CPU security level should be dropped before OS start, so that certain MSRs are locked out. Drop privilege levels on all logical CPUs. BUG=chrome-os-partner:60454 TEST=iotools rdmsr x 0x120, make sure bit 6 is set, rdmsr x 0x121 results in io error. Change-Id: I67540f6da16f58b822db9160d00b7a5e235188db Signed-off-by: Andrey Petrov <andrey.petrov@intel.com> Reviewed-on: https://review.coreboot.org/17665 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins)
2016-11-30 17:58:38 -08:00
parent 3b637531c9
commit 89e39b5c55
3 changed files with 12 additions and 1 deletions
--- a/src/soc/intel/apollolake/cpu.c
+++ b/src/soc/intel/apollolake/cpu.c
@ -53,6 +53,13 @@ static const struct reg_script core_msr_script[] = {
 	REG_SCRIPT_END
 };

+static void enable_untrusted_mode(void)
+{
+	msr_t msr = rdmsr(MSR_POWER_MISC);
+	msr.lo |= ENABLE_IA_UNTRUSTED;
+	wrmsr(MSR_POWER_MISC, msr);
+}
+
 static void soc_core_init(device_t cpu)
 {
 	/* Set core MSRs */
@ -63,6 +70,8 @@ static void soc_core_init(device_t cpu)
 	 * implemented in microcode.
 	*/
 	enable_pm_timer_emulation();
+	/* Drop privilege level */
+	enable_untrusted_mode();
 }

 static struct device_operations cpu_dev_ops = {