soc/intel/xeon_sp: Lock down DMI3 PCI registers

This is required for CBnT.

Change-Id: If5637eb8dd7de406b24b92100b68c5fa11c16854
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47448
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
This commit is contained in:
Arthur Heymans 2020-11-10 16:46:18 +01:00 committed by Hung-Te Lin
parent b0ab41e027
commit 42a6f7e417
3 changed files with 36 additions and 0 deletions

View file

@ -122,4 +122,9 @@
// ========== IOAPIC Definitions for DMAR/ACPI ========
#define PCH_IOAPIC_ID 0x08
// DMI3 B0D0F0 registers
#define DMI3_DEVID 0x2020
#define DMIRCBAR 0x50
#define ERRINJCON 0x1d8
#endif /* _SOC_PCI_DEVS_H_ */

View file

@ -167,4 +167,9 @@
// ========== IOAPIC Definitions for DMAR/ACPI ========
#define PCH_IOAPIC_ID 0x08
// DMI3 B0D0F0 registers
#define DMI3_DEVID 0x2020
#define DMIRCBAR 0x50
#define ERRINJCON 0x1d8
#endif /* _SOC_PCI_DEVS_H_ */

View file

@ -348,3 +348,29 @@ static const struct pci_driver vtd_driver __pci_driver = {
.vendor = PCI_VENDOR_ID_INTEL,
.device = MMAP_VTD_STACK_CFG_REG_DEVID,
};
static void dmi3_init(struct device *dev)
{
/* Disable error injection */
pci_or_config16(dev, ERRINJCON, 1 << 0);
/*
* DMIRCBAR registers are not TXT lockable, but the BAR enable
* bit is. TXT requires that DMIRCBAR be disabled for security.
*/
pci_and_config32(dev, DMIRCBAR, ~(1 << 0));
}
static struct device_operations dmi3_ops = {
.read_resources = pci_dev_read_resources,
.set_resources = pci_dev_set_resources,
.enable_resources = pci_dev_enable_resources,
.init = dmi3_init,
.ops_pci = &soc_pci_ops,
};
static const struct pci_driver dmi3_driver __pci_driver = {
.ops = &dmi3_ops,
.vendor = PCI_VENDOR_ID_INTEL,
.device = DMI3_DEVID,
};