On Wed, Nov 23, 2016 at 02:37:23PM +0100, Borislav Petkov wrote:
> You can't reenable it:
>
> "LockOut (R/WO)
> Set 1 to prevent further writes to MSR_PPIN_CTL. Writing 1 to
> MSR_PPINCTL[bit 0] is permitted only if MSR_PPIN_CTL[bit 1] is
> clear, Default is 0."
Well, almost.
"Enable_PPIN (R/W)
If 1, enables MSR_PPIN to be accessible using RDMSR. Once set,
attempt to write 1 to MSR_PPIN_CTL[bit 0] will cause #GP.
If 0, an attempt to read MSR_PPIN will cause #GP. Default is 0."
Frankly, I don't get what the deal behind that locking out is. And it
says that BIOS should provide an opt-in so that agent can read the PPIN
and then that agent should *disable* it again by writing 01b to the CTL
MSR.
But then the first paragraph above says that the write
MSR_PPIN_CTL[0]=1b will #GP because MSR_PPIN_CTL[1] will be 1 for the
agent to read out MSR_PPIN first.
I guess we need to write a 00b first to disable PPIN and then write 01b
to lock it out.
So AFAIU, the steps will be:
* BIOS writes 10b
* agent reads MSR_PPIN
* agent writes 00b to disable MSR_PPIN
* agent writes 01b because bit 1 is clear now and it won't #GP.
Meh...
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284
(AG Nürnberg)
--
