search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
mb/google/nissa/var/rull: Configure Acoustic noise mitigation
[coreboot2.git] / src / soc / amd / common / block / psp / psb.c
blob5e497a2cad58d37c12c85a2e44d031dfe2d115ee
1 /* SPDX-License-Identifier: GPL-2.0-only */
2
3 #include <amdblocks/reset.h>
4 #include <bootstate.h>
5 #include <console/console.h>
6 #include <device/mmio.h>
7 #include <types.h>
8
9 #include "psp_def.h"
10
11 #define PSB_STATUS_OFFSET 0x10994
12
13 #define FUSE_PLATFORM_SECURE_BOOT_EN BIT(24)
14
15 #define PSB_TEST_STATUS_MASK 0xff
16 #define PSB_FUSING_READY_MASK BIT(8)
17
18 /* PSB Test Status and Error Codes (doc#56654) */
19 #define PSB_TEST_STATUS_PASS 0x00
20 #define PSB_TEST_STATUS_FUSE_READ_ERR 0x3e
21 #define PSB_TEST_STATUS_BIOS_KEY_BAD_USAGE 0x81
22 #define PSB_TEST_STATUS_BIOS_RTM_SIG_NOENT 0x82
23 #define PSB_TEST_STATUS_BIOS_RTM_COPY_ERR 0x83
24 #define PSB_TEST_STATUS_BIOS_RTM_BAD_SIG 0x84
25 #define PSB_TEST_STATUS_BIOS_KEY_BAD_SIG 0x85
26 #define PSB_TEST_STATUS_PLATFORM_BAD_ID 0x86
27 #define PSB_TEST_STATUS_BIOS_COPY_BIT_UNSET 0x87
28 #define PSB_TEST_STATUS_BIOS_CA_BAD_SIG 0x8a
29 #define PSB_TEST_STATUS_BIOS_CA_BAD_USAGE 0x8b
30 #define PSB_TEST_STATUS_BIOS_KEY_BAD_REVISION 0x8c
31
32 #define FUSE_STATUS_SUCCESS 0x00
33 #define FUSE_STATUS_NOT_ALLOWED 0x09
34 #define FUSE_STATUS_FUSING_ERR 0x0a
35 #define FUSE_STATUS_BOOT_DONE 0x0b
36
37 static const char *psb_test_status_to_string(uint32_t status)
38 {
39 switch (status) {
40 case PSB_TEST_STATUS_PASS:
41 return "Psb Test Status PASS";
42 case PSB_TEST_STATUS_FUSE_READ_ERR:
43 return "Error reading fuse info";
44 case PSB_TEST_STATUS_BIOS_KEY_BAD_USAGE:
45 return "OEM BIOS signing key usage flag violation";
46 case PSB_TEST_STATUS_BIOS_RTM_SIG_NOENT:
47 return "BIOS RTM signature entry not found";
48 case PSB_TEST_STATUS_BIOS_RTM_COPY_ERR:
49 return "BIOS copy to DRAM failed";
50 case PSB_TEST_STATUS_BIOS_RTM_BAD_SIG:
51 return "BIOS RTM signature verification failed";
52 case PSB_TEST_STATUS_BIOS_KEY_BAD_SIG:
53 return "OEM BIOS signing key failed signature verification";
54 case PSB_TEST_STATUS_PLATFORM_BAD_ID:
55 return "Platform vendor id and/or model id binding violation";
56 case PSB_TEST_STATUS_BIOS_COPY_BIT_UNSET:
57 return "BIOS copy bit unset for reset image";
58 case PSB_TEST_STATUS_BIOS_CA_BAD_SIG:
59 return "OEM BIOS signing CA key failed signature verification";
60 case PSB_TEST_STATUS_BIOS_CA_BAD_USAGE:
61 return "OEM BIOS signing CA key usage flag violation";
62 case PSB_TEST_STATUS_BIOS_KEY_BAD_REVISION:
63 return "OEM BIOS signing key revision violation";
64 default:
65 return "Unknown failure";
66 }
67 }
68
69 static const char *fuse_status_to_string(uint32_t status)
70 {
71 switch (status) {
72 case FUSE_STATUS_SUCCESS:
73 return "PSB Fusing completed successfully";
74 case FUSE_STATUS_NOT_ALLOWED:
75 return "Fusing not allowed or already done";
76 case FUSE_STATUS_FUSING_ERR:
77 return "Fuse programming failed";
78 case FUSE_STATUS_BOOT_DONE:
79 return "Issued after BOOT DONE";
80 default:
81 return "Unknown failure";
82 }
83 }
84
85 static enum cb_err get_psb_status(uint32_t *psb_status_value)
86 {
87 const uintptr_t psp_mmio = get_psp_mmio_base();
88
89 if (!psp_mmio) {
90 printk(BIOS_WARNING, "PSP: PSP_ADDR_MSR uninitialized\n");
91 return CB_ERR;
92 }
93 *psb_status_value = read32p(psp_mmio | PSB_STATUS_OFFSET);
94 return CB_SUCCESS;
95 }
96
97 /*
98 * Request Platform Secure Boot enablement via the PSP if it is not already
99 * enabled. Upon receiving this command, the PSP will program all PSB fuses
100 * so long as the BIOS signing key token is valid.
101 */
102 static enum cb_err psb_enable(void)
103 {
104 uint32_t status;
105 struct mbox_default_buffer buffer = {
106 .header = {
107 .size = sizeof(buffer)
108 }
109 };
110
111 if (get_psb_status(&status) != CB_SUCCESS) {
112 printk(BIOS_ERR, "PSP: Failed to get base address.\n");
113 return CB_ERR;
114 }
115
116 printk(BIOS_INFO, "PSB: Status = %x\n", status);
117
118 if (status & FUSE_PLATFORM_SECURE_BOOT_EN) {
119 printk(BIOS_DEBUG, "PSB: Already enabled\n");
120 return CB_SUCCESS;
121 }
122
123 if (soc_read_c2p38(&status) != CB_SUCCESS) {
124 printk(BIOS_ERR, "PSP: Failed to get base address.\n");
125 return CB_ERR;
126 }
127
128 printk(BIOS_INFO, "PSB: HSTI = %x\n", status);
129
130 const uint32_t psb_test_status = status & PSB_TEST_STATUS_MASK;
131
132 if (psb_test_status != PSB_TEST_STATUS_PASS) {
133 printk(BIOS_ERR, "PSB: %s\n", psb_test_status_to_string(psb_test_status));
134 return CB_ERR;
135 }
136
137 if (!(status & PSB_FUSING_READY_MASK)) {
138 printk(BIOS_ERR, "PSB: Fusing not allowed\n");
139 return CB_ERR;
140 }
141
142 printk(BIOS_DEBUG, "PSB: Enable...\n");
143
144 const int cmd_status = send_psp_command(MBOX_BIOS_CMD_PSB_AUTO_FUSING, &buffer);
145
146 psp_print_cmd_status(cmd_status, &buffer.header);
147
148 if (cmd_status) {
149 printk(BIOS_ERR, "PSB: Fusing request failed: %d\n", cmd_status);
150 return CB_ERR;
151 }
152
153 const uint32_t fuse_status = read32(&buffer.header.status);
154 if (fuse_status != FUSE_STATUS_SUCCESS) {
155 printk(BIOS_ERR, "PSB: %s\n", fuse_status_to_string(fuse_status));
156 return CB_ERR;
157 }
158
159 printk(BIOS_NOTICE, "PSB: Rebooting\n");
160 cold_reset();
161 }
162
163 static void enable_secure_boot(void *unused)
164 {
165 /*
166 * Enable secure boot before loading payload. Psb fusing is done late in
167 * boot process to avoid any fuse access conflicts with other components
168 * which happens during boot process.
169 */
170 if (psb_enable() == CB_ERR)
171 printk(BIOS_NOTICE, "Enabling PSB failed.\n");
172 }
173
174 BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_LOAD, BS_ON_ENTRY, enable_secure_boot, NULL);
coreboot repo mirror