From cd8072191d337f83003d5f79024428961a62866d Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Tue, 24 Feb 2026 09:16:23 +0100 Subject: [PATCH] soc/amd/common/block/psp: Get ROM Armor state from HSTI Add a function to return ROM Armor state from HSTI bits. As soon as ROM Armor is enforced never check HSTI bits again as it cannot be deactivated without a reboot. TEST=Function returns 0 before running command MBOX_BIOS_CMD_ARMOR_ENTER_SMM_MODE and returns 1 after sending it to PSP. Signed-off-by: Patrick Rudolph Change-Id: Ic9cf99b7f2461aa85fbd76998da5d035bf9e5ae3 Reviewed-on: https://review.coreboot.org/c/coreboot/+/91703 Reviewed-by: Angel Pons Tested-by: build bot (Jenkins) --- .../amd/common/block/include/amdblocks/psp.h | 6 +++++ src/soc/amd/common/block/psp/psp.c | 27 +++++++++++++++++++ src/soc/amd/common/block/psp/psp_def.h | 1 + 3 files changed, 34 insertions(+) diff --git a/src/soc/amd/common/block/include/amdblocks/psp.h b/src/soc/amd/common/block/include/amdblocks/psp.h index 40197396fe..5f0807870d 100644 --- a/src/soc/amd/common/block/include/amdblocks/psp.h +++ b/src/soc/amd/common/block/include/amdblocks/psp.h @@ -95,5 +95,11 @@ bool psp_ftpm_is_active(void); void psp_ftpm_needs_recovery(bool *psp_rpmc_nvram, bool *psp_nvram, bool *psp_dir); +#if ENV_RAMSTAGE || ENV_SMM +bool psp_get_hsti_state_rom_armor_enforced(void); +#else +/* ROM Armor might get activated after SMM has been set up. It's safe to return false here. */ +static inline bool psp_get_hsti_state_rom_armor_enforced(void) { return false; } +#endif #endif /* AMD_BLOCK_PSP_H */ diff --git a/src/soc/amd/common/block/psp/psp.c b/src/soc/amd/common/block/psp/psp.c index 98eb0f9e84..6368e028c5 100644 --- a/src/soc/amd/common/block/psp/psp.c +++ b/src/soc/amd/common/block/psp/psp.c @@ -101,6 +101,33 @@ enum cb_err psp_get_hsti_state(uint32_t *state) return CB_SUCCESS; } +/* + * Returns true if ROM Armor is enforced, that is after PSP command + * MBOX_BIOS_CMD_ARMOR_ENTER_SMM_MODE has been executed, false otherwise. + * + * When ROM Armor is enforced the result will be cached. + */ +#if ENV_RAMSTAGE || ENV_SMM +bool psp_get_hsti_state_rom_armor_enforced(void) +{ + uint32_t hsti_state; + + static bool enforced; + if (enforced) + return true; /* ROM Armor already enforced, no need to check again */ + + if (psp_get_hsti_state(&hsti_state) != CB_SUCCESS) { + printk(BIOS_EMERG, "PSP: Failed to get HSTI state\n"); + return false; + } + enforced = hsti_state & HSTI_STATE_ROM_ARMOR_ENFORCED; + if (enforced) + printk(BIOS_INFO, "PSP: ROM Armor enforced\n"); + + return enforced; +} +#endif + /* * Notify the PSP that the system is completing the boot process. Upon * receiving this command, the PSP will only honor commands where the buffer diff --git a/src/soc/amd/common/block/psp/psp_def.h b/src/soc/amd/common/block/psp/psp_def.h index 9d60c264bf..c1513337cf 100644 --- a/src/soc/amd/common/block/psp/psp_def.h +++ b/src/soc/amd/common/block/psp/psp_def.h @@ -27,6 +27,7 @@ #define MBOX_BIOS_CMD_S3_DATA_INFO 0x08 #define MBOX_BIOS_CMD_NOP 0x09 #define MBOX_BIOS_CMD_HSTI_QUERY 0x14 +#define HSTI_STATE_ROM_ARMOR_ENFORCED BIT(11) #define MBOX_BIOS_CMD_PSB_AUTO_FUSING 0x21 #define MBOX_BIOS_CMD_PSP_CAPS_QUERY 0x27 #define MBOX_BIOS_CMD_SET_SPL_FUSE 0x2d