From 42a6f7e417f64a475f6e2b54ea59ee0a733a9c79 Mon Sep 17 00:00:00 2001 From: Arthur Heymans Date: Tue, 10 Nov 2020 16:46:18 +0100 Subject: [PATCH] soc/intel/xeon_sp: Lock down DMI3 PCI registers This is required for CBnT. Change-Id: If5637eb8dd7de406b24b92100b68c5fa11c16854 Signed-off-by: Arthur Heymans Reviewed-on: https://review.coreboot.org/c/coreboot/+/47448 Tested-by: build bot (Jenkins) Reviewed-by: Angel Pons --- .../intel/xeon_sp/cpx/include/soc/pci_devs.h | 5 ++++ .../intel/xeon_sp/skx/include/soc/pci_devs.h | 5 ++++ src/soc/intel/xeon_sp/uncore.c | 26 +++++++++++++++++++ 3 files changed, 36 insertions(+) diff --git a/src/soc/intel/xeon_sp/cpx/include/soc/pci_devs.h b/src/soc/intel/xeon_sp/cpx/include/soc/pci_devs.h index 198d385829..6ddcce4cfe 100644 --- a/src/soc/intel/xeon_sp/cpx/include/soc/pci_devs.h +++ b/src/soc/intel/xeon_sp/cpx/include/soc/pci_devs.h @@ -122,4 +122,9 @@ // ========== IOAPIC Definitions for DMAR/ACPI ======== #define PCH_IOAPIC_ID 0x08 +// DMI3 B0D0F0 registers +#define DMI3_DEVID 0x2020 +#define DMIRCBAR 0x50 +#define ERRINJCON 0x1d8 + #endif /* _SOC_PCI_DEVS_H_ */ diff --git a/src/soc/intel/xeon_sp/skx/include/soc/pci_devs.h b/src/soc/intel/xeon_sp/skx/include/soc/pci_devs.h index ce223cc2d4..5fa2a38387 100644 --- a/src/soc/intel/xeon_sp/skx/include/soc/pci_devs.h +++ b/src/soc/intel/xeon_sp/skx/include/soc/pci_devs.h @@ -167,4 +167,9 @@ // ========== IOAPIC Definitions for DMAR/ACPI ======== #define PCH_IOAPIC_ID 0x08 +// DMI3 B0D0F0 registers +#define DMI3_DEVID 0x2020 +#define DMIRCBAR 0x50 +#define ERRINJCON 0x1d8 + #endif /* _SOC_PCI_DEVS_H_ */ diff --git a/src/soc/intel/xeon_sp/uncore.c b/src/soc/intel/xeon_sp/uncore.c index 00623a86af..2663023742 100644 --- a/src/soc/intel/xeon_sp/uncore.c +++ b/src/soc/intel/xeon_sp/uncore.c @@ -348,3 +348,29 @@ static const struct pci_driver vtd_driver __pci_driver = { .vendor = PCI_VENDOR_ID_INTEL, .device = MMAP_VTD_STACK_CFG_REG_DEVID, }; + +static void dmi3_init(struct device *dev) +{ + /* Disable error injection */ + pci_or_config16(dev, ERRINJCON, 1 << 0); + + /* + * DMIRCBAR registers are not TXT lockable, but the BAR enable + * bit is. TXT requires that DMIRCBAR be disabled for security. + */ + pci_and_config32(dev, DMIRCBAR, ~(1 << 0)); +} + +static struct device_operations dmi3_ops = { + .read_resources = pci_dev_read_resources, + .set_resources = pci_dev_set_resources, + .enable_resources = pci_dev_enable_resources, + .init = dmi3_init, + .ops_pci = &soc_pci_ops, +}; + +static const struct pci_driver dmi3_driver __pci_driver = { + .ops = &dmi3_ops, + .vendor = PCI_VENDOR_ID_INTEL, + .device = DMI3_DEVID, +};