soc/intel/skylake: Move SPI lock down config after resource allocation

This patch to ensures that coreboot is performing SPI
registers lockdown after PCI enumeration is done.

This requirements are intended to support platform security
guideline where all required chipset registers are expected
to be in lock down stage before launching any 3rd party
code as in option rom etc.

coreboot has to change its execution order to meet those
requirements. Hence SPI lock down programming has been moved
right after pci resource allocation is donei, so that
SPI registers can be lock down before calling post pci
enumeration FSP NotifyPhase() API which is targeted to
be done in BS_DEV_ENABLE-BS_ON_ENTRY.

TEST=Ensure SPIBAR+HSFSTS(0x04) register FLOCKDN bit and WRSDIS
bit is set. Also, Bits 8-12 of SPIBAR+DLOCK(0x0C) register is set.

Change-Id: I8f5a952656e51d3bf365917b90d3056b46f899c5
Signed-off-by: Barnali Sarkar <barnali.sarkar@intel.com>
Reviewed-on: https://review.coreboot.org/21064
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This commit is contained in:
Barnali Sarkar 2017-08-17 11:52:39 +05:30 committed by Aaron Durbin
parent b26e01a067
commit 0818a2a774
2 changed files with 57 additions and 28 deletions

View File

@ -21,7 +21,6 @@
#include <console/post_codes.h> #include <console/post_codes.h>
#include <cpu/x86/smm.h> #include <cpu/x86/smm.h>
#include <device/pci.h> #include <device/pci.h>
#include <intelblocks/fast_spi.h>
#include <intelblocks/pcr.h> #include <intelblocks/pcr.h>
#include <reg_script.h> #include <reg_script.h>
#include <spi-generic.h> #include <spi-generic.h>
@ -109,12 +108,6 @@ static void pch_finalize_script(void)
config_t *config; config_t *config;
u8 reg8; u8 reg8;
/* Set FAST_SPI opcode menu */
fast_spi_set_opcode_menu();
/* Lock FAST_SPIBAR */
fast_spi_lock_bar();
/* Display me status before we hide it */ /* Display me status before we hide it */
intel_me_status(); intel_me_status();
@ -149,26 +142,24 @@ static void pch_finalize_script(void)
static void soc_lockdown(void) static void soc_lockdown(void)
{ {
struct soc_intel_skylake_config *config;
struct device *dev;
u8 reg8; u8 reg8;
device_t dev;
const struct device *dev1 = dev_find_slot(0, PCH_DEVFN_LPC); dev = PCH_DEV_PMC;
const struct soc_intel_skylake_config *config = dev1->chip_info;
/* Check if PMC is enabled, else return */
if (dev == NULL || dev->chip_info == NULL)
return;
config = dev->chip_info;
/* Global SMI Lock */ /* Global SMI Lock */
if (config->LockDownConfigGlobalSmi == 0) { if (config->LockDownConfigGlobalSmi == 0) {
dev = PCH_DEV_PMC;
reg8 = pci_read_config8(dev, GEN_PMCON_A); reg8 = pci_read_config8(dev, GEN_PMCON_A);
reg8 |= SMI_LOCK; reg8 |= SMI_LOCK;
pci_write_config8(dev, GEN_PMCON_A, reg8); pci_write_config8(dev, GEN_PMCON_A, reg8);
} }
if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) {
/* Bios Interface Lock */
fast_spi_set_bios_interface_lock_down();
/* Bios Lock */
fast_spi_set_lock_enable();
}
} }
static void soc_finalize(void *unused) static void soc_finalize(void *unused)

View File

@ -16,6 +16,7 @@
#include <arch/io.h> #include <arch/io.h>
#include <bootstate.h> #include <bootstate.h>
#include <chip.h> #include <chip.h>
#include <intelblocks/fast_spi.h>
#include <intelblocks/pcr.h> #include <intelblocks/pcr.h>
#include <soc/lpc.h> #include <soc/lpc.h>
#include <soc/pci_devs.h> #include <soc/pci_devs.h>
@ -26,18 +27,12 @@
#define PCR_DMI_GCS 0x274C #define PCR_DMI_GCS 0x274C
#define PCR_DMI_GCS_BILD (1 << 0) #define PCR_DMI_GCS_BILD (1 << 0)
static void lpc_lockdown_config(void) static void lpc_lockdown_config(const struct soc_intel_skylake_config *config)
{ {
static struct soc_intel_skylake_config *config;
struct device *dev; struct device *dev;
uint8_t reg_mask = 0; uint8_t reg_mask = 0;
dev = PCH_DEV_LPC; dev = PCH_DEV_LPC;
/* Check if LPC is enabled, else return */
if (dev == NULL || dev->chip_info == NULL)
return;
config = dev->chip_info;
/* Set Bios Interface Lock, Bios Lock */ /* Set Bios Interface Lock, Bios Lock */
if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT)
@ -62,14 +57,57 @@ static void pmc_lockdown_config(void)
static void dmi_lockdown_config(void) static void dmi_lockdown_config(void)
{ {
/* GCS reg of DMI */ /*
* GCS reg of DMI
*
* When set, prevents GCS.BBS from being changed
* GCS.BBS: (Boot BIOS Strap) This field determines the destination
* of accesses to the BIOS memory range.
* Bits Description
* 0b: SPI
* 1b: LPC/eSPI
*/
pcr_or8(PID_DMI, PCR_DMI_GCS, PCR_DMI_GCS_BILD); pcr_or8(PID_DMI, PCR_DMI_GCS, PCR_DMI_GCS_BILD);
} }
static void spi_lockdown_config(const struct soc_intel_skylake_config *config)
{
/* Set FAST_SPI opcode menu */
fast_spi_set_opcode_menu();
/* Discrete Lock Flash PR registers */
fast_spi_pr_dlock();
/* Lock FAST_SPIBAR */
fast_spi_lock_bar();
/* Set Bios Interface Lock, Bios Lock */
if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) {
/* Bios Interface Lock */
fast_spi_set_bios_interface_lock_down();
/* Bios Lock */
fast_spi_set_lock_enable();
}
}
static void platform_lockdown_config(void *unused) static void platform_lockdown_config(void *unused)
{ {
struct soc_intel_skylake_config *config;
struct device *dev;
dev = PCH_DEV_SPI;
/* Check if device is valid, else return */
if (dev == NULL || dev->chip_info == NULL)
return;
config = dev->chip_info;
/* LPC lock down configuration */ /* LPC lock down configuration */
lpc_lockdown_config(); lpc_lockdown_config(config);
/* SPI lock down configuration */
spi_lockdown_config(config);
/* DMI lock down configuration */ /* DMI lock down configuration */
dmi_lockdown_config(); dmi_lockdown_config();