Skip to content

Commit

Permalink
UefiCpuPkg/CommonFeature: Always set FEATURE_CONTROL.Lock
Browse files Browse the repository at this point in the history 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1305

The patch reverts commit 1ed6498
* UefiCpuPkg/CommonFeature: Skip locking when the feature is disabled

FEATURE_CONTROL.Lock bit is controlled by feature
CPU_FEATURE_LOCK_FEATURE_CONTROL_REGISTER. The commit 1ed649 fixes
a bug that when the feature is disabled, the Lock bit is cleared.
But it's a security hole if the bit is cleared when booting OS.
We can argue that platform needs to make sure the value
of PcdCpuFeaturesUserConfiguration should be set properly to make
sure feature CPU_FEATURE_LOCK_FEATURE_CONTROL_REGISTER is enabled.

But it's better to guarantee this in the generic core code.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
  • Loading branch information
@niruiyu
niruiyu committed Nov 14, 2018
1 parent bd224a5 commit 8558838
Showing 1 changed file with 1 addition and 10 deletions.
11 changes: 1 addition & 10 deletions UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
/** @file
Features in MSR_IA32_FEATURE_CONTROL register.
Copyright (c) 2017 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Expand Down Expand Up @@ -184,15 +184,6 @@ LockFeatureControlRegisterInitialize (
{
MSR_IA32_FEATURE_CONTROL_REGISTER *MsrRegister;

//
// When Lock Feature Control Register feature is disabled,
// just skip the MSR lock bit setting.
// The MSR lock bit is cleared by default and write-once in a boot.
//
if (!State) {
return RETURN_SUCCESS;
}

//
// The scope of Lock bit in the MSR_IA32_FEATURE_CONTROL is core for
// below processor type, only program MSR_IA32_FEATURE_CONTROL for thread 0 in each
Expand Down

0 comments on commit 8558838

Please sign in to comment.