soc/amd/common/block/psp: Get ROM Armor state from HSTI

Add a function to return ROM Armor state from HSTI bits. As soon as ROM Armor is enforced never check HSTI bits again as it cannot be deactivated without a reboot. TEST=Function returns 0 before running command MBOX_BIOS_CMD_ARMOR_ENTER_SMM_MODE and returns 1 after sending it to PSP. Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Change-Id: Ic9cf99b7f2461aa85fbd76998da5d035bf9e5ae3 Reviewed-on: https://review.coreboot.org/c/coreboot/+/91703 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2026-02-24 09:16:23 +01:00 · 2026-02-24 09:16:23 +01:00 · cd8072191d
commit cd8072191d
parent b42d148171
3 changed files with 34 additions and 0 deletions
--- a/src/soc/amd/common/block/include/amdblocks/psp.h
+++ b/src/soc/amd/common/block/include/amdblocks/psp.h
@ -95,5 +95,11 @@ bool psp_ftpm_is_active(void);
 void psp_ftpm_needs_recovery(bool *psp_rpmc_nvram,
 			     bool *psp_nvram,
 			     bool *psp_dir);
+#if ENV_RAMSTAGE || ENV_SMM
+bool psp_get_hsti_state_rom_armor_enforced(void);
+#else
+/* ROM Armor might get activated after SMM has been set up. It's safe to return false here. */
+static inline bool psp_get_hsti_state_rom_armor_enforced(void) { return false; }
+#endif

 #endif /* AMD_BLOCK_PSP_H */
--- a/src/soc/amd/common/block/psp/psp.c
+++ b/src/soc/amd/common/block/psp/psp.c
@ -101,6 +101,33 @@ enum cb_err psp_get_hsti_state(uint32_t *state)
 	return CB_SUCCESS;
 }

+/*
+ * Returns true if ROM Armor is enforced, that is after PSP command
+ * MBOX_BIOS_CMD_ARMOR_ENTER_SMM_MODE has been executed, false otherwise.
+ *
+ * When ROM Armor is enforced the result will be cached.
+ */
+#if ENV_RAMSTAGE || ENV_SMM
+bool psp_get_hsti_state_rom_armor_enforced(void)
+{
+	uint32_t hsti_state;
+
+	static bool enforced;
+	if (enforced)
+		return true; /* ROM Armor already enforced, no need to check again */
+
+	if (psp_get_hsti_state(&hsti_state) != CB_SUCCESS) {
+		printk(BIOS_EMERG, "PSP: Failed to get HSTI state\n");
+		return false;
+	}
+	enforced = hsti_state & HSTI_STATE_ROM_ARMOR_ENFORCED;
+	if (enforced)
+		printk(BIOS_INFO, "PSP: ROM Armor enforced\n");
+
+	return enforced;
+}
+#endif
+
 /*
 * Notify the PSP that the system is completing the boot process.  Upon
 * receiving this command, the PSP will only honor commands where the buffer
--- a/src/soc/amd/common/block/psp/psp_def.h
+++ b/src/soc/amd/common/block/psp/psp_def.h
@ -27,6 +27,7 @@
 #define MBOX_BIOS_CMD_S3_DATA_INFO		0x08
 #define MBOX_BIOS_CMD_NOP			0x09
 #define MBOX_BIOS_CMD_HSTI_QUERY		0x14
+#define  HSTI_STATE_ROM_ARMOR_ENFORCED		BIT(11)
 #define MBOX_BIOS_CMD_PSB_AUTO_FUSING		0x21
 #define MBOX_BIOS_CMD_PSP_CAPS_QUERY		0x27
 #define MBOX_BIOS_CMD_SET_SPL_FUSE		0x2d