soc/intel/cmn/lockdown: Perform SA lockdown configuration

`sa_lockdown_cfg` function ensures locking the PAM register hence, skip dedicated calling into `sa_lock_pam()` from the SoC `finalize.c` file. Dropped sa_lock_pam() call from ADL/CNL/EHL/JSL and TGL. Additionally, this patch enforces SA lockdown configuration for SKL and ICL as well. BUG=b:211954778 TEST=Able to build google/brya with these changes. > localhost ~ # lspci -xxx | less 00:00.0 Host bridge: Device 8086:4601 (rev 04) Bit 0 for all PAM registers a.k.a, PAMx_0_0_0_PCI.LOCK bit is set (meaning locked). Signed-off-by: Subrata Banik <subratabanik@google.com> Change-Id: Ibd464d2507393ed0c746eb1fbd10e36092ed5599 Reviewed-on: https://review.coreboot.org/c/coreboot/+/63518 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
2022-04-22 19:48:40 +05:30 · 2022-04-22 19:48:40 +05:30 · 2b594816ea
parent 0231ab1761
commit 2b594816ea
6 changed files with 13 additions and 40 deletions
--- a/src/soc/intel/alderlake/finalize.c
+++ b/src/soc/intel/alderlake/finalize.c
@ -19,7 +19,6 @@
 #include <intelblocks/pmclib.h>
 #include <intelblocks/systemagent.h>
 #include <intelblocks/tco.h>
 #include <intelpch/lockdown.h>
 #include <soc/p2sb.h>
 #include <soc/pci_devs.h>
 #include <soc/pcr_ids.h>
@ -74,12 +73,6 @@ static void tbt_finalize(void)
 	}
 }
 static void sa_finalize(void)
 {
 	if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT)
 		sa_lock_pam();
 }
 static void heci_finalize(void)
 {
 	heci_set_to_d0i3();
@ -94,7 +87,6 @@ static void soc_finalize(void *unused)
 	pch_finalize();
 	apm_control(APM_CNT_FINALIZE);
 	tbt_finalize();
 	sa_finalize();
 	if (CONFIG(USE_FSP_NOTIFY_PHASE_READY_TO_BOOT) &&
 			 CONFIG(USE_FSP_NOTIFY_PHASE_END_OF_FIRMWARE))
 		heci_finalize();
--- a/src/soc/intel/cannonlake/finalize.c
+++ b/src/soc/intel/cannonlake/finalize.c
@ -14,7 +14,6 @@
 #include <intelblocks/systemagent.h>
 #include <intelblocks/tco.h>
 #include <intelblocks/thermal.h>
 #include <intelpch/lockdown.h>
 #include <soc/p2sb.h>
 #include <soc/pci_devs.h>
 #include <soc/pcr_ids.h>
@ -83,19 +82,12 @@ static void pch_finalize(void)
 }
 static void sa_finalize(void)
 {
 	if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT)
 		sa_lock_pam();
 }
 static void soc_finalize(void *unused)
 {
 	printk(BIOS_DEBUG, "Finalizing chipset.\n");
 	pch_finalize();
 	apm_control(APM_CNT_FINALIZE);
 	sa_finalize();
 	if (CONFIG(DISABLE_HECI1_AT_PRE_BOOT) &&
 			CONFIG(SOC_INTEL_COMMON_BLOCK_HECI1_DISABLE_USING_PMC_IPC))
 		heci1_disable();
--- a/src/soc/intel/common/pch/lockdown/lockdown.c
+++ b/src/soc/intel/common/pch/lockdown/lockdown.c
@ -5,6 +5,7 @@
 #include <intelblocks/fast_spi.h>
 #include <intelblocks/lpc_lib.h>
 #include <intelblocks/pcr.h>
 #include <intelblocks/systemagent.h>
 #include <intelpch/lockdown.h>
 #include <intelblocks/gpmr.h>
 #include <soc/pci_devs.h>
@ -107,6 +108,15 @@ static void lpc_lockdown_config(int chipset_lockdown)
 	}
 }
 static void sa_lockdown_config(int chipset_lockdown)
 {
 	if (!CONFIG(SOC_INTEL_COMMON_BLOCK_SA))
 		return;
 	if (chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT)
 		sa_lock_pam();
 }
 /*
 * platform_lockdown_config has 2 major part.
 * 1. Common SoC lockdown configuration.
@ -127,6 +137,9 @@ static void platform_lockdown_config(void *unused)
 	/* GPMR lock down configuration */
 	gpmr_lockdown_cfg();
 	/* SA lock down configuration */
 	sa_lockdown_config(chipset_lockdown);
 	/* SoC lock down configuration */
 	soc_lockdown_config(chipset_lockdown);
 }
--- a/src/soc/intel/elkhartlake/finalize.c
+++ b/src/soc/intel/elkhartlake/finalize.c
@ -11,7 +11,6 @@
 #include <intelblocks/pmclib.h>
 #include <intelblocks/systemagent.h>
 #include <intelblocks/tco.h>
 #include <intelpch/lockdown.h>
 #include <soc/p2sb.h>
 #include <soc/pci_devs.h>
 #include <soc/pcr_ids.h>
@ -31,19 +30,12 @@ static void pch_finalize(void)
 	pmc_clear_pmcon_sts();
 }
 static void sa_finalize(void)
 {
 	if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT)
 		sa_lock_pam();
 }
 static void soc_finalize(void *unused)
 {
 	printk(BIOS_DEBUG, "Finalizing chipset.\n");
 	pch_finalize();
 	apm_control(APM_CNT_FINALIZE);
 	sa_finalize();
 	/* Indicate finalize step with post code */
 	post_code(POST_OS_BOOT);
--- a/src/soc/intel/jasperlake/finalize.c
+++ b/src/soc/intel/jasperlake/finalize.c
@ -11,7 +11,6 @@
 #include <intelblocks/pmclib.h>
 #include <intelblocks/systemagent.h>
 #include <intelblocks/tco.h>
 #include <intelpch/lockdown.h>
 #include <soc/p2sb.h>
 #include <soc/pci_devs.h>
 #include <soc/pcr_ids.h>
@ -71,19 +70,12 @@ static void pch_finalize(void)
 	pmc_clear_pmcon_sts();
 }
 static void sa_finalize(void)
 {
 	if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT)
 		sa_lock_pam();
 }
 static void soc_finalize(void *unused)
 {
 	printk(BIOS_DEBUG, "Finalizing chipset.\n");
 	pch_finalize();
 	apm_control(APM_CNT_FINALIZE);
 	sa_finalize();
 	/* Indicate finalize step with post code */
 	post_code(POST_OS_BOOT);
--- a/src/soc/intel/tigerlake/finalize.c
+++ b/src/soc/intel/tigerlake/finalize.c
@ -18,7 +18,6 @@
 #include <intelblocks/pmclib.h>
 #include <intelblocks/systemagent.h>
 #include <intelblocks/tco.h>
 #include <intelpch/lockdown.h>
 #include <soc/p2sb.h>
 #include <soc/pci_devs.h>
 #include <soc/pcr_ids.h>
@ -51,12 +50,6 @@ static void tbt_finalize(void)
 	}
 }
 static void sa_finalize(void)
 {
 	if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT)
 		sa_lock_pam();
 }
 static void soc_finalize(void *unused)
 {
 	printk(BIOS_DEBUG, "Finalizing chipset.\n");
@ -64,7 +57,6 @@ static void soc_finalize(void *unused)
 	pch_finalize();
 	apm_control(APM_CNT_FINALIZE);
 	tbt_finalize();
 	sa_finalize();
 	if (CONFIG(DISABLE_HECI1_AT_PRE_BOOT))
 		heci1_disable();