security/intel/stm: Check for processor STM support

Check to ensure that dual monitor mode is supported on the
current processor. Dual monitor mode is normally supported on
any Intel x86 processor that has VTx support.  The STM is
a hypervisor that executes in SMM dual monitor mode.  This
check should fail only in the rare case were dual monitor mode
is disabled.  If the check fails, then the STM will not
be initialized by coreboot.

Original-Signed-off-by: Eugene D. Myers <edmyers@tycho.nsa.gov>
Original-Change-Id: I518bb2aa1bdec94b5b6d5e991d7575257f3dc6e9
Original-Reviewed-on: https://review.coreboot.org/c/coreboot/+/38836
Original-Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Original-Reviewed-by: Nico Huber <nico.h@gmx.de>

(cherry picked from commit 5544f62746aeb8e5e1a7916d9b509f4d9339f387)
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>

Change-Id: I312570ca28329490006283251f69dd83ef64af40
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50309
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Jay Talbott <JayTalbott@sysproconsulting.com>

1 files changed, 11 insertions, 0 deletions

diff --git a/src/security/intel/stm/StmPlatformSmm.c b/src/security/intel/stm/StmPlatformSmm.c
index d7064b07f5b1..45db0e069f14 100644
--- a/src/security/intel/stm/StmPlatformSmm.c
+++ b/src/security/intel/stm/StmPlatformSmm.c
@@ -159,9 +159,20 @@ void stm_setup(uintptr_t mseg, int cpu, int num_cpus, uintptr_t smbase,
 {
 	msr_t InitMseg;
 	msr_t MsegChk;
+	msr_t vmx_basic;
+
 	uintptr_t addr_calc;  // used to calculate the stm resource heap area
 
 	printk(BIOS_DEBUG, "STM: set up for cpu %d/%d\n", cpu, num_cpus);
+
+	vmx_basic = rdmsr(IA32_VMX_BASIC_MSR);
+
+	// Does this processor support an STM?
+	if ((vmx_basic.hi & VMX_BASIC_HI_DUAL_MONITOR) != VMX_BASIC_HI_DUAL_MONITOR) {
+		printk(BIOS_WARNING, "STM: not supported on CPU %d\n", cpu);
+		return;
+	}
+
 	if (cpu == 0) {
 
 		// need to create the BIOS resource list once