[NOT FOR MERGE] Optiplex STM

.gitmodules

@@ -51,3 +51,7 @@
 	url = ../qc_blobs.git
 	update = none
 	ignore = dirty
+[submodule "3rdparty/stm"]
+	path = 3rdparty/stm
+	url = ../STM
+	branch = stmpe

configs/config.dell_optiplex_9010_sff_stm

@@ -0,0 +1,23 @@
+CONFIG_USE_OPTION_TABLE=y
+CONFIG_VENDOR_DELL=y
+CONFIG_ONBOARD_VGA_IS_PRIMARY=y
+CONFIG_CBFS_SIZE=0x400000
+CONFIG_INCLUDE_SMSC_SCH5545_EC_FW=y
+CONFIG_SMSC_SCH5545_EC_FW_FILE="smsc_sch5545_ecfw.bin"
+CONFIG_PCIEXP_CLK_PM=y
+CONFIG_SEABIOS_PS2_TIMEOUT=3000
+CONFIG_USBDEBUG=y
+CONFIG_USBDEBUG_DONGLE_FTDI_FT232H=y
+CONFIG_TPM_MEASURED_BOOT=y
+CONFIG_STM=y
+CONFIG_MSEG_SIZE=0x400000
+CONFIG_STM_STMPE_ENABLED=y
+CONFIG_STM_HEAPSIZE=0x280000
+CONFIG_STM_TTYS0_BASE=0x3f8
+CONFIG_STM_CBMEM_CONSOLE=y
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y
+CONFIG_POST_DEVICE_LPC=y
+CONFIG_SEABIOS_ADD_SERCON_PORT_FILE=y
+CONFIG_SEABIOS_DEBUG_LEVEL=0
+CONFIG_DEBUG_SMI=y
+CONFIG_HAVE_EM100_SUPPORT=y

src/cpu/intel/model_206ax/Kconfig

@@ -22,11 +22,11 @@ config CPU_SPECIFIC_OPTIONS
 
 config SMM_TSEG_SIZE
 	hex
-	default 0x800000
+	default 0x1000000
 
 config SMM_RESERVED_SIZE
 	hex
-	default 0x100000
+	default 0x200000
 
 # Intel Enhanced Debug region must be 4MB
 config IED_REGION_SIZE

src/mainboard/dell/optiplex_9010/Kconfig

@@ -19,6 +19,7 @@ config BOARD_SPECIFIC_OPTIONS
 	select HAVE_OPTION_TABLE
 	select HAVE_CMOS_DEFAULT
 	select PCIEXP_L1_SUB_STATE
+	select IDT_IN_EVERY_STAGE
 
 config MAINBOARD_DIR
 	string

src/security/intel/stm/Kconfig

@@ -27,20 +27,93 @@ menu "SMI Transfer Monitor (STM)"
 
 config MSEG_SIZE
 	hex "mseg size"
-	default 0x400000
+	default 0x100000
 	help
-		STM only - 0x100000
-		STM/PE   - 0x300000+ depending on the amount of memory needed
-		                     for the protected execution virtual
-		                     machine (VM/PE)
+	  The MSEG_SIZE of 0x100000 assumes that:
+	      IED_REGION_SIZE   = 0x400000
+	      SMM_RESERVED_SIZE = 0x200000
+	      SMM_TSEG_SIZE     = 0x800000
+
+	  To use STM/PE, a larger MSEG_SIZE is necessary.  This can be
+	  done by either increasing SMM_TSEG_SIZE or reducing the
+	  IED_REGION_SIZE and/or SMM_RESERVED_SIZE or some combination
+	  of the three.
+	  NOTE: The authors experience is that these configuration
+	  parameters have to be changed at the soc Konfig for them to
+	  be applied.
+	  Minimum sizes:
+	        STM only - 0x100000 - Supports up to 38 processor threads
+	                 - 0x200000 - Supports up to 102 processor threads
+	        STM/PE   - 0x300000+ depending on the amount of memory needed
+	                             for the protected execution virtual
+	                             machine (VM/PE)
+
+config STM_STMPE_ENABLED
+	bool "STM/PE Enabled"
+	default n
+	help
+	  STM/PE provides for additional virtual machines in SMRAM
+	  that provides a protected execution environment for
+	  applications such as introspection, which need to be
+	  protected from malicious code.  More information can be
+	  found on the stmpe branch of
+	  https://review.coreboot.org/STM
+
 
 config BIOS_RESOURCE_LIST_SIZE
-	hex "bios_resource_list_size"
+	hex "bios resource list size"
 	default 0x1000
+	help
+	  The BIOS resource list defines the resources that the
+	  SMI handler needs.  This list is created during the
+	  coreboot bootup.  Unless there has been a lot of elements
+	  added to this list, this value should not change.
 
 config STM_BINARY_FILE
 	string "STM binary file"
-	default "3rdparty/blobs/cpu/intel/stm/stm.bin"
+	default "3rdparty/stm/Stm/build/StmPkg/Core/stm.bin"
+	help
+	  Location of the STM binary file.  The default location is
+	  where the file will be located when coreboot builds
+	  the STM.
+
+config STM_HEAPSIZE
+	hex "stm heapsize"
+	default 0x46000
+	help
+	  The STM_HEAPSIZE defines the heap space that is available
+	  to the STM.  The default size assumes a MSEG_SIZE of 0x100000.
+	  For STM/PE this size should be a minimum of 0x246000.
+
+config STM_TTYS0_BASE
+	hex "stm uart"
+	default TTYS0_BASE if TTYS0_BASE
+	default 0x000
+	help
+	  Defines the serial port for STM console output.  0x000 indicatea
+	  no serial port.
+
+config STM_CBMEM_CONSOLE
+	bool "STM cbmem console"
+	default n
+	depends on CONSOLE_CBMEM
+	help
+	  Places the STM console output into the cbmem.
+
+choice
+	prompt "Select STM console output"
+
+config STM_CONSOLE_DEBUG
+	bool "Debug output"
+	depends on STM_CBMEM_CONSOLE || STM_TTYS0_BASE
+	help
+	  "Produces all STM console output"
+
+config STM_CONSOLE_RELEASE
+	bool "Deactivate console output"
+	help
+	  "No console output is produced"
+endchoice
 
 endmenu #STM
 

src/security/intel/stm/Makefile

@@ -0,0 +1,38 @@
+# SPDX-License-Identifier: BSD-2-Clause
+
+project_name=STM
+project_dir=../../../../3rdparty/stm/
+build_dir=$(project_dir)/Stm/build
+project_git_branch=$(CONFIG_STM_GIT_BRANCH)
+
+ifeq ($(CONFIG_STM_CONSOLE_DEBUG),y)
+STM_BUILD="debug"
+endif
+
+ifeq ($(CONFIG_STM_CONSOLE_RELEASE),y)
+STM_BUILD="release"
+endif
+
+
+all: build
+
+build:
+	echo "STM - Build"
+	cd $(project_dir)/Stm; \
+	mkdir -p build; \
+	cd build; \
+	cmake .. -DBIOS=coreboot \
+		-DUART=$(CONFIG_STM_TTYS0_BASE) \
+		-DHEAPSIZE=$(CONFIG_STM_HEAPSIZE) \
+		-DCBMEM_ENABLE=$(CONFIG_STM_CBMEM_CONSOLE) \
+		-DSTMPE_ENABLED=$(CONFIG_STM_STMPE_ENABLED) \
+		-DBUILD=$(STM_BUILD); \
+	$(MAKE);
+
+clean:
+	#rm -rf $(build_dir)
+
+distclean:
+	#rm -rf $(project_dir)
+
+.PHONY: build clean distclean

src/security/intel/stm/Makefile.inc

@@ -8,3 +8,15 @@ stm.bin-type := raw
 ramstage-$(CONFIG_STM) += SmmStm.c
 ramstage-$(CONFIG_STM) += StmPlatformSmm.c
 ramstage-$(CONFIG_STM) += StmPlatformResource.c
+
+3rdparty/stm/Stm/build/StmPkg/Core/stm.bin:
+	$(MAKE) -C src/security/intel/stm \
+		CONFIG_STM_TTYSO_BASE=$(CONFIG_STM_TTYSO_BASE) \
+		CONFIG_STM_HEAPSIZE=$(CONFIG_STM_HEAPSIZE) \
+		CONFIG_STM_CONSOLE_DEBUG=$(CONFIG_STM_CONSOLE_DEBUG) \
+		CONFIG_STM_CONSOLE_RELEASE=$(CONFIG_STM_CONSOLE_RELEASE) \
+		CONFIG_STM_GIT_BRANCH=$(CONFIG_STM_GIT_BRANCH) \
+		CONFIG_STM_STMPE_ENABLED=$(CONFIG_STM_STMPE_ENABLED) \
+		CONFIG_STM_CBMEM_CONSOLE=$(CONFIG_STM_CBMEM_CONSOLE)
+
+.PHONY: 3rdparty/stm/Stm/build/StmPkg/Core/stm.bin

src/security/intel/stm/SmmStm.c

@@ -477,7 +477,7 @@ int add_pi_resource(STM_RSC *resource_list, uint32_t num_entries)
 		return -1; // INVALID_PARAMETER;
 
 	resource_size = get_resource_size(resource_list, num_entries);
-	printk(BIOS_DEBUG, "STM: ResourceSize - 0x%08lx\n", resource_size);
+	printk(BIOS_DEBUG, "STM: ResourceSize - 0x%08x\n", (int) resource_size);
 	if (resource_size == 0)
 		return -1; // INVALID_PARAMETER;