VMX is enabled through a bit in the IA32_FEATURE_CONTROL MSR, which can
be locked. The MSR remains locked after a non-power cycle reset, though.
If the MSR is locked, coreboot bails out and leaves VMX in the state it
was found. Because of this, changes to the VMX enable option in the BMC
only take effect after the system is power cycled.
This behaviour is highly undesirable because users are likely not aware
that a power cycle is required for changes to VMX state to take effect.
So, if VMX is supported, the IA32_FEATURE_CONTROL MSR is locked and the
current VMX state does not match the requested state, then issue a full
reset. This will power cycle the system and unlock the MSR, so that the
desired VMX state can be programmed into the MSR. This is checked early
to avoid needlessly doing time-consuming operations (running FSP) twice
if we know we will need to power cycle the system anyway.
Note that a user may change the VMX setting after the newly-added check
but before the setting is read in ramstage to program the MSR, but this
is a non-issue as firmware settings need a reset to take effect anyway.
TEST: Toggle VMX setting in BMC and reboot without power cycle, observe
coreboot automatically issues a power cycle reset because the MSR
is locked and the VMX state differs. Verify that the system boots
properly with VMX in the correct state after having power cycled.
Change-Id: Id9061ba896a7062da45a86fb26eeb58927184dcb
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/75141
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
7d6362d56b