soc/intel/common: Add check before sending HMRFPO_ENABLE command

This patch adds a check to determine if the CSE's current operation mode
is ME_HFS1_COM_SECOVER_MEI_MSG or not before sending HMRFPO_ENABLE
command to CSE. If CSE is already in the ME_HFS1_COM_SECOVER_MEI_MSG,
coreboot skips sending HMRFPO_ENABLE command to CSE to unlock the CSE RW
partition.

TEST=Verify sending HMRFPO_ENABLE command on Brya system.

Signed-off-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Change-Id: I387ac7c7296ab06b9bb440d5d40c3286bf879d3b
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59698
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
This commit is contained in:
Sridhar Siricilla 2021-11-27 19:56:47 +05:30 committed by Tim Wawrzynczak
parent b9277bad50
commit 49c25f2cef
1 changed files with 6 additions and 0 deletions

View File

@ -744,6 +744,12 @@ int cse_hmrfpo_enable(void)
struct hmrfpo_enable_resp resp; struct hmrfpo_enable_resp resp;
size_t resp_size = sizeof(struct hmrfpo_enable_resp); size_t resp_size = sizeof(struct hmrfpo_enable_resp);
if (cse_is_hfs1_com_secover_mei_msg()) {
printk(BIOS_DEBUG, "HECI: CSE is already in security override mode, "
"skip sending HMRFPO_ENABLE command to CSE\n");
return 1;
}
printk(BIOS_DEBUG, "HECI: Send HMRFPO Enable Command\n"); printk(BIOS_DEBUG, "HECI: Send HMRFPO Enable Command\n");
if (!cse_is_hmrfpo_enable_allowed()) { if (!cse_is_hmrfpo_enable_allowed()) {