1 /** @file
2 This file contains the tests for the SecureIntegratedGraphics bit
3
4 Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
5 SPDX-License-Identifier: BSD-2-Clause-Patent
6
7 **/
8 #include "HstiSiliconDxe.h"
9
10 /**
11 Run tests for SecureIntegratedGraphicsConfiguration bit
12 **/
13 VOID
CheckSecureIntegratedGraphicsConfiguration(VOID)14 CheckSecureIntegratedGraphicsConfiguration (
15 VOID
16 )
17 {
18 EFI_STATUS Status;
19 BOOLEAN Result;
20 UINT32 MchBar;
21 UINT16 Ggc;
22 UINT32 Pavpc;
23 UINT32 Bdsm;
24 UINT32 Bgsm;
25 UINT32 Tolud;
26 UINT32 GsmSize;
27 UINT32 DsmSize;
28 UINT32 Data32;
29 UINT32 PcmBase;
30 CHAR16 *HstiErrorString;
31
32 if ((mFeatureImplemented[1] & HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION) == 0) {
33 return;
34 }
35
36 Result = TRUE;
37
38 MchBar = (UINT32) MmioRead64 (MmPciBase (DEFAULT_PCI_BUS_NUMBER_PCH,SA_MC_DEV,SA_MC_FUN) + R_SA_MCHBAR) & B_SA_MCHBAR_MCHBAR_MASK;
39
40 DEBUG ((DEBUG_INFO, " Table 3-9. Processor Graphics Security Configuration\n"));
41
42 DEBUG ((DEBUG_INFO, " 1. GGC\n"));
43
44 Ggc = MmioRead16 (MmPciBase (DEFAULT_PCI_BUS_NUMBER_PCH,SA_MC_DEV,SA_MC_FUN) + R_SA_GGC);
45 if ((Ggc & B_SA_GGC_GGCLCK_MASK) == 0) {
46 DEBUG ((DEBUG_INFO, "Fail: GGCLCK bit not set\n"));
47
48 HstiErrorString = BuildHstiErrorString (HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_CODE_1 ,HSTI_PROCESSOR_GRAPHICS_SECURITY_CONFIGURATION, HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_STRING_1);
49 Status = HstiLibAppendErrorString (
50 PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
51 NULL,
52 HstiErrorString
53 );
54 ASSERT_EFI_ERROR (Status);
55 Result = FALSE;
56 FreePool (HstiErrorString);
57 }
58
59 DEBUG ((DEBUG_INFO, " 2. PAVPC\n"));
60
61 Pavpc = MmioRead32 (MmPciBase (DEFAULT_PCI_BUS_NUMBER_PCH,SA_MC_DEV,SA_MC_FUN) + R_SA_PAVPC);
62 if ((Pavpc & B_SA_PAVPC_PAVPLCK_MASK) == 0) {
63 DEBUG ((DEBUG_INFO, "Fail: PAVPLCK bit not set\n"));
64
65 HstiErrorString = BuildHstiErrorString (HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_CODE_1 ,HSTI_PROCESSOR_GRAPHICS_SECURITY_CONFIGURATION, HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_STRING_1);
66 Status = HstiLibAppendErrorString (
67 PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
68 NULL,
69 HstiErrorString
70 );
71 ASSERT_EFI_ERROR (Status);
72 Result = FALSE;
73 FreePool (HstiErrorString);
74 }
75
76 DEBUG ((DEBUG_INFO, " 3. BDSM\n"));
77
78 Bdsm = MmioRead32 (MmPciBase (DEFAULT_PCI_BUS_NUMBER_PCH,SA_MC_DEV,SA_MC_FUN) + R_SA_BDSM);
79 if ((Bdsm & B_SA_BDSM_LOCK_MASK) == 0) {
80 DEBUG ((DEBUG_INFO, "Fail: BDSM not locked \n"));
81
82 HstiErrorString = BuildHstiErrorString (HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_CODE_1 ,HSTI_PROCESSOR_GRAPHICS_SECURITY_CONFIGURATION, HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_STRING_1);
83 Status = HstiLibAppendErrorString (
84 PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
85 NULL,
86 HstiErrorString
87 );
88 ASSERT_EFI_ERROR (Status);
89 Result = FALSE;
90 FreePool (HstiErrorString);
91 }
92
93 DEBUG ((DEBUG_INFO, " 4. BGSM\n"));
94
95 Bgsm = MmioRead32 (MmPciBase (DEFAULT_PCI_BUS_NUMBER_PCH,SA_MC_DEV,SA_MC_FUN) + R_SA_BGSM);
96 if ((Bdsm & B_SA_BGSM_LOCK_MASK) == 0) {
97 DEBUG ((DEBUG_INFO, "Fail: BGSM not locked \n"));
98
99 HstiErrorString = BuildHstiErrorString (HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_CODE_1 ,HSTI_PROCESSOR_GRAPHICS_SECURITY_CONFIGURATION, HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_STRING_1);
100 Status = HstiLibAppendErrorString (
101 PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
102 NULL,
103 HstiErrorString
104 );
105 ASSERT_EFI_ERROR (Status);
106 Result = FALSE;
107 FreePool (HstiErrorString);
108 }
109
110 DEBUG ((DEBUG_INFO, " 5. PAVP Settings\n"));
111
112 Data32 = MmioRead32 (MchBar + 0x5500);
113 if ((Data32 & BIT0) == 0) {
114 DEBUG ((DEBUG_INFO, "Fail: LockPAVP Settings not set \n"));
115
116 HstiErrorString = BuildHstiErrorString (HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_CODE_1 ,HSTI_PROCESSOR_GRAPHICS_SECURITY_CONFIGURATION, HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_STRING_1);
117 Status = HstiLibAppendErrorString (
118 PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
119 NULL,
120 HstiErrorString
121 );
122 ASSERT_EFI_ERROR (Status);
123 Result = FALSE;
124 FreePool (HstiErrorString);
125 }
126
127 DEBUG ((DEBUG_INFO, " 6. IGD stolen memory consistency\n"));
128
129 Tolud = MmioRead32 (MmPciBase (DEFAULT_PCI_BUS_NUMBER_PCH,SA_MC_DEV,SA_MC_FUN) + R_SA_TOLUD);
130
131 switch ((Ggc & B_SKL_SA_GGC_GGMS_MASK) >> N_SKL_SA_GGC_GGMS_OFFSET) {
132 case V_SKL_SA_GGC_GGMS_2MB:
133 GsmSize = SIZE_2MB;
134 break;
135 case V_SKL_SA_GGC_GGMS_4MB:
136 GsmSize = SIZE_4MB;
137 break;
138 case V_SKL_SA_GGC_GGMS_8MB:
139 GsmSize = SIZE_8MB;
140 break;
141 default:
142 GsmSize = 0;
143 break;
144 }
145
146 DsmSize = ((Ggc & B_SKL_SA_GGC_GMS_MASK) >> N_SKL_SA_GGC_GMS_OFFSET) * SIZE_32MB;
147
148 DEBUG ((DEBUG_INFO, "DSM: 0x%08x - 0x%08x\n", Bdsm & B_SA_BDSM_BDSM_MASK, DsmSize));
149 DEBUG ((DEBUG_INFO, "GSM: 0x%08x - 0x%08x\n", Bgsm & B_SA_BGSM_BGSM_MASK, GsmSize));
150 DEBUG ((DEBUG_INFO, "TOLUD: 0x%08x\n", Tolud & B_SA_TOLUD_TOLUD_MASK));
151
152 if ((Bgsm & B_SA_BGSM_BGSM_MASK) != (Bdsm & B_SA_BDSM_BDSM_MASK) - GsmSize) {
153 DEBUG ((DEBUG_INFO, "Fail: BGSM: 0x%x != %x - %x \n",(Bgsm & B_SA_BGSM_BGSM_MASK),(Bdsm & B_SA_BDSM_BDSM_MASK),GsmSize));
154
155 HstiErrorString = BuildHstiErrorString (HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_CODE_2 ,HSTI_PROCESSOR_GRAPHICS_SECURITY_CONFIGURATION, HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_STRING_2);
156 Status = HstiLibAppendErrorString (
157 PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
158 NULL,
159 HstiErrorString
160 );
161 ASSERT_EFI_ERROR (Status);
162 Result = FALSE;
163 FreePool (HstiErrorString);
164 }
165 if ((Bdsm & B_SA_BDSM_BDSM_MASK) != (Tolud & B_SA_TOLUD_TOLUD_MASK) - DsmSize) {
166 DEBUG ((DEBUG_INFO, "Fail: BDSM: 0x%x != %x - %x \n",(Bdsm & B_SA_BDSM_BDSM_MASK),(Tolud & B_SA_TOLUD_TOLUD_MASK),DsmSize));
167
168 HstiErrorString = BuildHstiErrorString (HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_CODE_2 ,HSTI_PROCESSOR_GRAPHICS_SECURITY_CONFIGURATION, HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_STRING_2);
169 Status = HstiLibAppendErrorString (
170 PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
171 NULL,
172 HstiErrorString
173 );
174 ASSERT_EFI_ERROR (Status);
175 Result = FALSE;
176 FreePool (HstiErrorString);
177 }
178
179 DEBUG ((DEBUG_INFO, " 7. Reserved Check\n"));
180 if ((Pavpc & B_SA_PAVPC_PCME_MASK) != 0) {
181 PcmBase = Pavpc & B_SA_PAVPC_PCMBASE_MASK;
182 DEBUG ((DEBUG_INFO, "PCMBASE: 0x%08x - 0x%08x\n", PcmBase, SIZE_1MB));
183 if ((PcmBase < (Bdsm & B_SA_BDSM_BDSM_MASK)) ||
184 (PcmBase > (Tolud & B_SA_TOLUD_TOLUD_MASK)) ||
185 ((PcmBase + SIZE_1MB) < (Bdsm & B_SA_BDSM_BDSM_MASK)) ||
186 ((PcmBase + SIZE_1MB) > (Tolud & B_SA_TOLUD_TOLUD_MASK))) {
187 DEBUG ((DEBUG_INFO, "Fail: Graphics security reserved check failed \n"));
188
189 HstiErrorString = BuildHstiErrorString (HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_CODE_3 ,HSTI_PROCESSOR_GRAPHICS_SECURITY_CONFIGURATION, HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_STRING_3);
190 Status = HstiLibAppendErrorString (
191 PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
192 NULL,
193 HstiErrorString
194 );
195 ASSERT_EFI_ERROR (Status);
196 Result = FALSE;
197 FreePool (HstiErrorString);
198 }
199 }
200
201 //
202 // ALL PASS
203 //
204 if (Result) {
205 Status = HstiLibSetFeaturesVerified (
206 PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
207 NULL,
208 1,
209 HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION
210 );
211 ASSERT_EFI_ERROR (Status);
212 }
213
214 return;
215 }
216