diff options
| author | Robert Zieba <robertzieba@google.com> | 2022-09-07 16:25:15 -0600 |
|---|---|---|
| committer | Martin L Roth <gaumless@gmail.com> | 2023-03-05 15:31:07 +0000 |
| commit | ac8c378777d861000d82eea1c7439f16dcd45797 (patch) | |
| tree | 58dafb5dd844410cec91e56c6f7ec5c8defd8fd5 /src/include/cpu | |
| parent | f1a4cffc88d8a5490c444f41b60eaaf544399998 (diff) | |
| download | coreboot-ac8c378777d861000d82eea1c7439f16dcd45797.tar.gz coreboot-ac8c378777d861000d82eea1c7439f16dcd45797.tar.bz2 coreboot-ac8c378777d861000d82eea1c7439f16dcd45797.zip | |
cpu/x86/smm: Add PCI resource store functionality
In certain cases data within protected memmory areas like SMRAM could
be leaked or modified if an attacker remaps PCI BARs to point within
that area. Add support to the existing SMM runtime to allow storing
PCI resources in SMRAM and then later retrieving them.
BRANCH=guybrush
BUG=b:186792595
TEST=builds
Signed-off-by: Robert Zieba <robertzieba@google.com>
Change-Id: I23fb1e935dd1b89f1cc5c834cc2025f0fe5fda37
Reviewed-on: https://review.coreboot.org/c/coreboot/+/67931
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Diffstat (limited to 'src/include/cpu')
| -rw-r--r-- | src/include/cpu/x86/smm.h | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/src/include/cpu/x86/smm.h b/src/include/cpu/x86/smm.h index 4ab9f213f490..d28197232af2 100644 --- a/src/include/cpu/x86/smm.h +++ b/src/include/cpu/x86/smm.h @@ -5,6 +5,8 @@ #include <arch/cpu.h> #include <commonlib/region.h> +#include <device/pci_type.h> +#include <device/resource.h> #include <types.h> #define SMM_DEFAULT_BASE 0x30000 @@ -29,6 +31,8 @@ #define APM_CNT_ELOG_GSMI 0xef #define APM_STS 0xb3 +#define SMM_PCI_RESOURCE_STORE_NUM_RESOURCES 6 + /* Send cmd to APM_CNT with HAVE_SMI_HANDLER checking. */ int apm_control(u8 cmd); u8 apm_get_apmc(void); @@ -58,6 +62,13 @@ void smm_soc_exit(void); extern unsigned char _binary_smm_start[]; extern unsigned char _binary_smm_end[]; +struct smm_pci_resource_info { + pci_devfn_t pci_addr; + uint16_t class_device; + uint8_t class_prog; + struct resource resources[SMM_PCI_RESOURCE_STORE_NUM_RESOURCES]; +}; + struct smm_runtime { u32 smbase; u32 smm_size; @@ -66,6 +77,9 @@ struct smm_runtime { u32 gnvs_ptr; u32 cbmemc_size; void *cbmemc; +#if CONFIG(SMM_PCI_RESOURCE_STORE) + struct smm_pci_resource_info pci_resources[CONFIG_SMM_PCI_RESOURCE_STORE_NUM_SLOTS]; +#endif uintptr_t save_state_top[CONFIG_MAX_CPUS]; int smm_log_level; } __packed; @@ -198,4 +212,16 @@ uint32_t smm_revision(void); On AMD systems it is sometimes configurable. */ uint16_t pm_acpi_smi_cmd_port(void); +const volatile struct smm_pci_resource_info *smm_get_pci_resource_store(void); + +void smm_pci_get_stored_resources(const volatile struct smm_pci_resource_info **out_slots, + size_t *out_size); +/* Weak handler function to store PCI BARs. */ +void smm_mainboard_pci_resource_store_init(struct smm_pci_resource_info *slots, size_t size); +/* Helper function to fill BARs from an array of device pointers. */ +bool smm_pci_resource_store_fill_resources(struct smm_pci_resource_info *slots, size_t num_slots, + const struct device **devices, size_t num_devices); + +void smm_pci_resource_store_init(struct smm_runtime *smm_runtime); + #endif /* CPU_X86_SMM_H */ |