soc/intel/skylake: Move SPI lock down config after resource allocation
This patch to ensures that coreboot is performing SPI registers lockdown after PCI enumeration is done. This requirements are intended to support platform security guideline where all required chipset registers are expected to be in lock down stage before launching any 3rd party code as in option rom etc. coreboot has to change its execution order to meet those requirements. Hence SPI lock down programming has been moved right after pci resource allocation is donei, so that SPI registers can be lock down before calling post pci enumeration FSP NotifyPhase() API which is targeted to be done in BS_DEV_ENABLE-BS_ON_ENTRY. TEST=Ensure SPIBAR+HSFSTS(0x04) register FLOCKDN bit and WRSDIS bit is set. Also, Bits 8-12 of SPIBAR+DLOCK(0x0C) register is set. Change-Id: I8f5a952656e51d3bf365917b90d3056b46f899c5 Signed-off-by: Barnali Sarkar <barnali.sarkar@intel.com> Reviewed-on: https://review.coreboot.org/21064 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This commit is contained in:
parent
b26e01a067
commit
0818a2a774
|
@ -21,7 +21,6 @@
|
|||
#include <console/post_codes.h>
|
||||
#include <cpu/x86/smm.h>
|
||||
#include <device/pci.h>
|
||||
#include <intelblocks/fast_spi.h>
|
||||
#include <intelblocks/pcr.h>
|
||||
#include <reg_script.h>
|
||||
#include <spi-generic.h>
|
||||
|
@ -109,12 +108,6 @@ static void pch_finalize_script(void)
|
|||
config_t *config;
|
||||
u8 reg8;
|
||||
|
||||
/* Set FAST_SPI opcode menu */
|
||||
fast_spi_set_opcode_menu();
|
||||
|
||||
/* Lock FAST_SPIBAR */
|
||||
fast_spi_lock_bar();
|
||||
|
||||
/* Display me status before we hide it */
|
||||
intel_me_status();
|
||||
|
||||
|
@ -149,26 +142,24 @@ static void pch_finalize_script(void)
|
|||
|
||||
static void soc_lockdown(void)
|
||||
{
|
||||
struct soc_intel_skylake_config *config;
|
||||
struct device *dev;
|
||||
u8 reg8;
|
||||
device_t dev;
|
||||
const struct device *dev1 = dev_find_slot(0, PCH_DEVFN_LPC);
|
||||
const struct soc_intel_skylake_config *config = dev1->chip_info;
|
||||
|
||||
dev = PCH_DEV_PMC;
|
||||
|
||||
/* Check if PMC is enabled, else return */
|
||||
if (dev == NULL || dev->chip_info == NULL)
|
||||
return;
|
||||
|
||||
config = dev->chip_info;
|
||||
|
||||
/* Global SMI Lock */
|
||||
if (config->LockDownConfigGlobalSmi == 0) {
|
||||
dev = PCH_DEV_PMC;
|
||||
reg8 = pci_read_config8(dev, GEN_PMCON_A);
|
||||
reg8 |= SMI_LOCK;
|
||||
pci_write_config8(dev, GEN_PMCON_A, reg8);
|
||||
}
|
||||
|
||||
if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) {
|
||||
/* Bios Interface Lock */
|
||||
fast_spi_set_bios_interface_lock_down();
|
||||
|
||||
/* Bios Lock */
|
||||
fast_spi_set_lock_enable();
|
||||
}
|
||||
}
|
||||
|
||||
static void soc_finalize(void *unused)
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
#include <arch/io.h>
|
||||
#include <bootstate.h>
|
||||
#include <chip.h>
|
||||
#include <intelblocks/fast_spi.h>
|
||||
#include <intelblocks/pcr.h>
|
||||
#include <soc/lpc.h>
|
||||
#include <soc/pci_devs.h>
|
||||
|
@ -26,18 +27,12 @@
|
|||
#define PCR_DMI_GCS 0x274C
|
||||
#define PCR_DMI_GCS_BILD (1 << 0)
|
||||
|
||||
static void lpc_lockdown_config(void)
|
||||
static void lpc_lockdown_config(const struct soc_intel_skylake_config *config)
|
||||
{
|
||||
static struct soc_intel_skylake_config *config;
|
||||
struct device *dev;
|
||||
uint8_t reg_mask = 0;
|
||||
|
||||
dev = PCH_DEV_LPC;
|
||||
/* Check if LPC is enabled, else return */
|
||||
if (dev == NULL || dev->chip_info == NULL)
|
||||
return;
|
||||
|
||||
config = dev->chip_info;
|
||||
|
||||
/* Set Bios Interface Lock, Bios Lock */
|
||||
if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT)
|
||||
|
@ -62,14 +57,57 @@ static void pmc_lockdown_config(void)
|
|||
|
||||
static void dmi_lockdown_config(void)
|
||||
{
|
||||
/* GCS reg of DMI */
|
||||
/*
|
||||
* GCS reg of DMI
|
||||
*
|
||||
* When set, prevents GCS.BBS from being changed
|
||||
* GCS.BBS: (Boot BIOS Strap) This field determines the destination
|
||||
* of accesses to the BIOS memory range.
|
||||
* Bits Description
|
||||
* “0b”: SPI
|
||||
* “1b”: LPC/eSPI
|
||||
*/
|
||||
pcr_or8(PID_DMI, PCR_DMI_GCS, PCR_DMI_GCS_BILD);
|
||||
}
|
||||
|
||||
static void spi_lockdown_config(const struct soc_intel_skylake_config *config)
|
||||
{
|
||||
/* Set FAST_SPI opcode menu */
|
||||
fast_spi_set_opcode_menu();
|
||||
|
||||
/* Discrete Lock Flash PR registers */
|
||||
fast_spi_pr_dlock();
|
||||
|
||||
/* Lock FAST_SPIBAR */
|
||||
fast_spi_lock_bar();
|
||||
|
||||
/* Set Bios Interface Lock, Bios Lock */
|
||||
if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) {
|
||||
/* Bios Interface Lock */
|
||||
fast_spi_set_bios_interface_lock_down();
|
||||
|
||||
/* Bios Lock */
|
||||
fast_spi_set_lock_enable();
|
||||
}
|
||||
}
|
||||
|
||||
static void platform_lockdown_config(void *unused)
|
||||
{
|
||||
struct soc_intel_skylake_config *config;
|
||||
struct device *dev;
|
||||
|
||||
dev = PCH_DEV_SPI;
|
||||
/* Check if device is valid, else return */
|
||||
if (dev == NULL || dev->chip_info == NULL)
|
||||
return;
|
||||
|
||||
config = dev->chip_info;
|
||||
|
||||
/* LPC lock down configuration */
|
||||
lpc_lockdown_config();
|
||||
lpc_lockdown_config(config);
|
||||
|
||||
/* SPI lock down configuration */
|
||||
spi_lockdown_config(config);
|
||||
|
||||
/* DMI lock down configuration */
|
||||
dmi_lockdown_config();
|
||||
|
|
Loading…
Reference in New Issue