diff options
| author | Michael Ellerman <mpe@ellerman.id.au> | 2019-11-01 22:22:55 +1100 |
|---|---|---|
| committer | Oliver O'Halloran <oohall@gmail.com> | 2019-11-04 10:52:47 +1100 |
| commit | 387ffa7569fb32d8a2a5e30f321da0a6b7f72932 (patch) | |
| tree | 25616c6c795ea52f8d01dcf4dcac3b4044b84bde /external | |
| parent | 6214cb800db981d1944615da577dfa46ecf3bfb8 (diff) | |
| download | skiboot-387ffa7569fb32d8a2a5e30f321da0a6b7f72932.zip skiboot-387ffa7569fb32d8a2a5e30f321da0a6b7f72932.tar.gz skiboot-387ffa7569fb32d8a2a5e30f321da0a6b7f72932.tar.bz2 | |
mambo: Add more tweakable security flags
This allows us to test various combinations of the Linux
spectre/meltdown mitigations.
The default values of the existing settings remain the same.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
Diffstat (limited to 'external')
| -rw-r--r-- | external/mambo/skiboot.tcl | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/external/mambo/skiboot.tcl b/external/mambo/skiboot.tcl index a16bd32..82209ad 100644 --- a/external/mambo/skiboot.tcl +++ b/external/mambo/skiboot.tcl @@ -89,6 +89,21 @@ mconfig net_tapdev MAMBO_NET_TAPDEV "tap0" # set to 0 to disable. When enabled it causes Linux's RFI flush to be enabled. mconfig speculation_policy_favor_security MAMBO_SPECULATION_POLICY_FAVOR_SECURITY 1 +# These values ~= P9N DD2.3, except for fw_count_cache_flush_assist=0 because it +# exercises more kernel code. +# See https://github.com/open-power/hostboot/blob/7ce2a9daac0ccf759376929b2ec40bbbc7ca3398/src/usr/hdat/hdatiplparms.H#L520 +mconfig needs_l1d_flush_msr_hv MAMBO_NEEDS_L1D_FLUSH_MSR_HV 1 +mconfig needs_l1d_flush_msr_pr MAMBO_NEEDS_L1D_FLUSH_MSR_PR 1 +mconfig fw_l1d_thread_split MAMBO_FW_L1D_THREAD_SPLIT 1 +mconfig needs_spec_barrier MAMBO_NEEDS_SPEC_BARRIER 1 +mconfig fw_bcctrl_serialized MAMBO_FW_BCCTRL_SERIALIZED 0 +mconfig fw_count_cache_disabled MAMBO_FW_COUNT_CACHE_DISABLED 0 +mconfig needs_count_cache_flush MAMBO_NEEDS_COUNT_CACHE_FLUSH 1 +mconfig fw_count_cache_flush_assist MAMBO_COUNT_CACHE_FLUSH_ASSIST 0 +mconfig inst_spec_barrier_ori31 MAMBO_INST_SPEC_BARRIER_ORI31 1 +mconfig inst_l1d_flush_trig2 MAMBO_INST_L1D_FLUSH_TRIG2 1 +mconfig inst_l1d_flush_ori30 MAMBO_INST_L1D_FLUSH_ORI30 0 + # # Create machine config # @@ -351,9 +366,17 @@ proc add_feature_node { parent name { value 1 } } { set np [mysim of addchild $opal_node "fw-features" ""] add_feature_node $np "speculation-policy-favor-security" $mconf(speculation_policy_favor_security) -add_feature_node $np "needs-l1d-flush-msr-hv-1-to-0" -add_feature_node $np "needs-l1d-flush-msr-pr-0-to-1" -add_feature_node $np "needs-spec-barrier-for-bound-checks" +add_feature_node $np "needs-l1d-flush-msr-hv-1-to-0" $mconf(needs_l1d_flush_msr_hv) +add_feature_node $np "needs-l1d-flush-msr-pr-0-to-1" $mconf(needs_l1d_flush_msr_pr) +add_feature_node $np "fw-l1d-thread-split" $mconf(fw_l1d_thread_split) +add_feature_node $np "needs-spec-barrier-for-bound-checks" $mconf(needs_spec_barrier) +add_feature_node $np "fw-bcctrl-serialized" $mconf(fw_bcctrl_serialized) +add_feature_node $np "fw-count-cache-disabled" $mconf(fw_count_cache_disabled) +add_feature_node $np "needs-count-cache-flush-on-context-switch" $mconf(needs_count_cache_flush) +add_feature_node $np "fw-count-cache-flush-bcctr2,0,0" $mconf(fw_count_cache_flush_assist) +add_feature_node $np "inst-spec-barrier-ori31,31,0" $mconf(inst_spec_barrier_ori31) +add_feature_node $np "inst-l1d-flush-trig2" $mconf(inst_l1d_flush_trig2) +add_feature_node $np "inst-l1d-flush-ori30,30,0" $mconf(inst_l1d_flush_ori30) # Init CPUs |