1 /** @file
2 This file contains the tests for the SecuePCHConfiguration bit
3
4 Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
5 SPDX-License-Identifier: BSD-2-Clause-Patent
6
7 **/
8 #include "HstiSiliconDxe.h"
9
10 /**
11 Run tests for SecurePCHConfiguration bit
12 **/
13 VOID
CheckSecurePchConfiguration(VOID)14 CheckSecurePchConfiguration (
15 VOID
16 )
17 {
18
19 EFI_STATUS Status;
20 BOOLEAN Result;
21 UINT16 PmBase;
22 UINT64 Tbar;
23 UINT32 TbarL;
24 UINT32 TbarH;
25 UINT8 Srdl;
26 UINT32 GenPmConLock;
27 UINT32 PmCfg;
28 UINT32 SmiEn;
29 UINT8 GenPmCon1;
30 UINT16 Tco1Cnt;
31 UINT32 Hostc;
32 UINT16 Cmd;
33 CHAR16 *HstiErrorString;
34 UINT32 PchSpiBar0;
35 UINT32 PchPwrmBase;
36 UINT32 PcrRtc;
37 UINT16 TcoBase;
38 BOOLEAN ThermalPciMode;
39 BOOLEAN ThermalAcpiMode;
40 UINT32 ThermalPciBase;
41 BOOLEAN ThermalPciModeTbarConfigured;
42
43 ThermalPciMode = FALSE;
44 ThermalAcpiMode = FALSE;
45 ThermalPciModeTbarConfigured = FALSE;
46
47 if ((mFeatureImplemented[1] & HSTI_BYTE1_SECURE_PCH_CONFIGURATION) == 0) {
48 return;
49 }
50
51 Result = TRUE;
52
53 PchSpiBar0 = MmioRead32 (MmPciBase (DEFAULT_PCI_BUS_NUMBER_PCH,PCI_DEVICE_NUMBER_PCH_SPI,PCI_FUNCTION_NUMBER_PCH_SPI) + R_PCH_SPI_BAR0) & ~B_PCH_SPI_BAR0_MASK;
54
55 PchAcpiBaseGet (&PmBase);
56 PchTcoBaseGet (&TcoBase);
57
58 DEBUG ((DEBUG_INFO, " Table 3-10. PCH Security Configuration\n"));
59
60 DEBUG ((DEBUG_INFO, " 1. Thermal Throttling Locks\n"));
61
62 //
63 // Check Device VID and DID , if data is not 0xFFFFFFFF, then it's in PCI Mode
64 //
65 ThermalPciBase = (UINT32) (UINTN) MmPciBase (DEFAULT_PCI_BUS_NUMBER_PCH,PCI_DEVICE_NUMBER_PCH_THERMAL,PCI_FUNCTION_NUMBER_PCH_THERMAL);
66 if (MmioRead32 (ThermalPciBase + PCI_VENDOR_ID_OFFSET) != 0xFFFFFFFF) {
67 ThermalPciMode = TRUE;
68 }
69 if (ThermalPciMode) {
70
71 TbarL = MmioRead32 (ThermalPciBase + R_PCH_THERMAL_TBAR);
72 TbarH = MmioRead32 (ThermalPciBase + R_PCH_THERMAL_TBARH);
73
74 TbarL = TbarL & B_PCH_THERMAL_TBAR_MASK;
75 Tbar = ((UINT64) TbarH << 32) | TbarL;
76
77 //
78 // Check if Tbar is initialized. If Tbar is 0 , then Tbar is not initialized , Use PCH_THERMAL_BASE_ADDRESS for Tbar
79 // and write TbarL and TbarH back to register
80 //
81 if (Tbar == 0) {
82 Tbar = (UINT64) PCH_THERMAL_BASE_ADDRESS;
83 TbarL = (UINT32) Tbar;
84 TbarH = (UINT32) ((UINT64) Tbar >> 32);
85 MmioWrite32 (ThermalPciBase + R_PCH_THERMAL_TBAR, TbarL);
86 MmioWrite32 (ThermalPciBase + R_PCH_THERMAL_TBARH, TbarH);
87 ThermalPciModeTbarConfigured = TRUE;
88 }
89 //
90 // Make sure MSE bit is enabled before trying to access Tbar MMIO
91 //
92 Cmd = MmioRead16 (ThermalPciBase + PCI_COMMAND_OFFSET);
93 MmioWrite16 (ThermalPciBase + PCI_COMMAND_OFFSET, Cmd | EFI_PCI_COMMAND_MEMORY_SPACE);
94
95 //
96 // Not in Pci Mode
97 //
98 } else {
99 Tbar = (UINT64) PCH_THERMAL_BASE_ADDRESS;
100 //
101 // This is to probe the Thermal in ACPI mode.
102 // If Thermal is in ACPI mode, the TBAR must be PCH_THERMAL_BASE_ADDRESS and the offset 0 (TEMP) must return valid temperature.
103 //
104 if (MmioRead16 ((UINT32)Tbar + 0x00) != 0xFFFF) {
105 ThermalAcpiMode = TRUE;
106 }
107 }
108
109 if (ThermalPciMode || ThermalAcpiMode) {
110 if ((MmioRead32 (Tbar + R_PCH_TBAR_TCFD) & B_PCH_TBAR_TCFD_TCD) == 0) {
111 if (((MmioRead8 (Tbar + R_PCH_TBAR_TSC) & B_PCH_TBAR_TSC_PLD) == 0) ||
112 ((MmioRead8 (Tbar + R_PCH_TBAR_TSEL) & B_PCH_TBAR_TSEL_PLD) == 0) ||
113 ((MmioRead8 (Tbar + R_PCH_TBAR_TSMIC) & B_PCH_TBAR_TSMIC_PLD) == 0) ||
114 ((MmioRead32 (Tbar + R_PCH_TBAR_TL) & B_PCH_TBAR_TL_LOCK) == 0) ||
115 ((MmioRead8 (Tbar + R_PCH_TBAR_PHLC) & BIT0) == 0)) {
116
117 HstiErrorString = BuildHstiErrorString (HSTI_BYTE1_SECURE_PCH_CONFIGURATION_ERROR_CODE_1 ,HSTI_PCH_SECURITY_CONFIGURATION, HSTI_BYTE1_SECURE_PCH_CONFIGURATION_ERROR_STRING_1);
118 Status = HstiLibAppendErrorString (
119 PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
120 NULL,
121 HstiErrorString
122 );
123 ASSERT_EFI_ERROR (Status);
124 Result = FALSE;
125 FreePool (HstiErrorString);
126 }
127 }
128 }
129 if (ThermalPciMode) {
130 //
131 // Restore CMD register
132 //
133 MmioWrite16 ((ThermalPciBase + PCI_COMMAND_OFFSET), Cmd);
134 //
135 // If Tbar had been configured because of initialization. Restore Tbar ,TbarH and TbarL
136 //
137 if (ThermalPciModeTbarConfigured) {
138 MmioWrite32 (ThermalPciBase + R_PCH_THERMAL_TBAR, 0);
139 MmioWrite32 (ThermalPciBase + R_PCH_THERMAL_TBARH, 0);
140 }
141 }
142
143 DEBUG ((DEBUG_INFO, " 2. Set Strap Lock\n"));
144
145 Srdl = MmioRead8 (PchSpiBar0 + R_PCH_SPI_SSML);
146 if ((Srdl & B_PCH_SPI_SSML_SSL) == 0) {
147 DEBUG ((DEBUG_INFO, "Set Strap Lock %x\n",Srdl));
148
149 HstiErrorString = BuildHstiErrorString (HSTI_BYTE1_SECURE_PCH_CONFIGURATION_ERROR_CODE_2 ,HSTI_PCH_SECURITY_CONFIGURATION, HSTI_BYTE1_SECURE_PCH_CONFIGURATION_ERROR_STRING_2);
150 Status = HstiLibAppendErrorString (
151 PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
152 NULL,
153 HstiErrorString
154 );
155 ASSERT_EFI_ERROR (Status);
156 Result = FALSE;
157 FreePool (HstiErrorString);
158 }
159
160 DEBUG ((DEBUG_INFO, " 3. ACPI Base Lock\n"));
161
162 GenPmConLock = MmioRead32 (MmPciBase (DEFAULT_PCI_BUS_NUMBER_PCH,PCI_DEVICE_NUMBER_PCH_PMC,PCI_FUNCTION_NUMBER_PCH_PMC) + R_PCH_PMC_GEN_PMCON_B);
163
164 if ((GenPmConLock & B_PCH_PMC_GEN_PMCON_B_ACPI_BASE_LOCK) == 0) {
165
166 HstiErrorString = BuildHstiErrorString (HSTI_BYTE1_SECURE_PCH_CONFIGURATION_ERROR_CODE_2 ,HSTI_PCH_SECURITY_CONFIGURATION, HSTI_BYTE1_SECURE_PCH_CONFIGURATION_ERROR_STRING_2);
167 Status = HstiLibAppendErrorString (
168 PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
169 NULL,
170 HstiErrorString
171 );
172 ASSERT_EFI_ERROR (Status);
173 Result = FALSE;
174 FreePool (HstiErrorString);
175 }
176
177 DEBUG ((DEBUG_INFO, " 4. PM_CFG\n"));
178
179 PchPwrmBaseGet (&PchPwrmBase);
180 PmCfg = MmioRead32 (PchPwrmBase + R_PCH_PWRM_CFG);
181
182 if (((PmCfg & BIT22) == 0) ||
183 ((PmCfg & BIT27) == 0)) {
184
185 HstiErrorString = BuildHstiErrorString (HSTI_BYTE1_SECURE_PCH_CONFIGURATION_ERROR_CODE_3 ,HSTI_PCH_SECURITY_CONFIGURATION, HSTI_BYTE1_SECURE_PCH_CONFIGURATION_ERROR_STRING_3);
186 Status = HstiLibAppendErrorString (
187 PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
188 NULL,
189 HstiErrorString
190 );
191 ASSERT_EFI_ERROR (Status);
192 Result = FALSE;
193 FreePool (HstiErrorString);
194 }
195
196 DEBUG ((DEBUG_INFO, " 5. SMI Enable\n"));
197
198 SmiEn = IoRead32 (PmBase + R_PCH_SMI_EN);
199 if ((SmiEn & B_PCH_SMI_EN_GBL_SMI) == 0x0) {
200
201 HstiErrorString = BuildHstiErrorString (HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_D ,HSTI_PCH_SECURITY_CONFIGURATION, HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_D);
202 Status = HstiLibAppendErrorString (
203 PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
204 NULL,
205 HstiErrorString
206 );
207 ASSERT_EFI_ERROR (Status);
208 Result = FALSE;
209 FreePool (HstiErrorString);
210 }
211
212 DEBUG ((DEBUG_INFO, " 6. SMI Lock\n"));
213
214 GenPmCon1 = MmioRead8 (MmPciBase (DEFAULT_PCI_BUS_NUMBER_PCH,PCI_DEVICE_NUMBER_PCH_PMC,PCI_FUNCTION_NUMBER_PCH_PMC) + R_PCH_PMC_GEN_PMCON_A);
215 if ((GenPmCon1 & B_PCH_PMC_GEN_PMCON_A_SMI_LOCK) == 0x0) {
216 HstiErrorString = BuildHstiErrorString (HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_D ,HSTI_PCH_SECURITY_CONFIGURATION, HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_D);
217 Status = HstiLibAppendErrorString (
218 PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
219 NULL,
220 HstiErrorString
221 );
222 ASSERT_EFI_ERROR (Status);
223 Result = FALSE;
224 FreePool (HstiErrorString);
225 }
226
227 DEBUG ((DEBUG_INFO, " 7. TCO SMI Lock\n"));
228
229 Tco1Cnt = IoRead16 (TcoBase + R_PCH_TCO1_CNT);
230 if ((Tco1Cnt & B_PCH_TCO_CNT_LOCK) == 0x0) {
231 DEBUG ((DEBUG_INFO, "TCO SMI Lock %x\n",(Tco1Cnt & B_PCH_TCO_CNT_LOCK)));
232
233 HstiErrorString = BuildHstiErrorString (HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_E ,HSTI_PCH_SECURITY_CONFIGURATION, HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_E);
234 Status = HstiLibAppendErrorString (
235 PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
236 NULL,
237 HstiErrorString
238 );
239 ASSERT_EFI_ERROR (Status);
240 Result = FALSE;
241 FreePool (HstiErrorString);
242 }
243
244 DEBUG ((DEBUG_INFO, " 8. RTC Bios Interface Lock\n"));
245
246 PcrRtc = MmioRead32 (PCH_PCR_ADDRESS (PID_RTC,R_PCH_PCR_RTC_CONF));
247
248 if ((PcrRtc & BIT31) == 0x0) {
249 DEBUG ((DEBUG_INFO, "Rtc BILD %x\n",(PcrRtc & BIT31)));
250
251 HstiErrorString = BuildHstiErrorString (HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_4 ,HSTI_PCH_SECURITY_CONFIGURATION, HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_4);
252 Status = HstiLibAppendErrorString (
253 PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
254 NULL,
255 HstiErrorString
256 );
257 ASSERT_EFI_ERROR (Status);
258 Result = FALSE;
259 FreePool (HstiErrorString);
260 }
261
262
263 DEBUG ((DEBUG_INFO, " Table 7-7. SPD Configuration and Write Protection\n"));
264
265 Hostc = MmioRead32 (MmPciBase (DEFAULT_PCI_BUS_NUMBER_PCH,PCI_DEVICE_NUMBER_PCH_SMBUS,PCI_FUNCTION_NUMBER_PCH_SMBUS) + R_PCH_SMBUS_HOSTC);
266 if ((Hostc & B_PCH_SMBUS_HOSTC_SPDWD) == 0) {
267
268 HstiErrorString = BuildHstiErrorString (HSTI_BYTE1_SECURE_MEMORY_MAP_CONFIGURATION_ERROR_CODE_4 ,HSTI_PROCESSOR_SPD_SECURITY_CONFIGURATION, HSTI_BYTE1_SECURE_MEMORY_MAP_CONFIGURATION_ERROR_STRING_4);
269 Status = HstiLibAppendErrorString (
270 PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
271 NULL,
272 HstiErrorString
273 );
274 ASSERT_EFI_ERROR (Status);
275 Result = FALSE;
276 FreePool (HstiErrorString);
277 }
278
279 //
280 // ALL PASS
281 //
282 if (Result) {
283 Status = HstiLibSetFeaturesVerified (
284 PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
285 NULL,
286 1,
287 HSTI_BYTE1_SECURE_PCH_CONFIGURATION
288 );
289 ASSERT_EFI_ERROR (Status);
290 }
291
292 return;
293 }
294