soc/intel/common: Add function to check if xDCI is allowed
When CONFIG_VBOOT is enabled then the xDCI controller should only be enabled if the system is in developer mode. This prevents a system in normal/verified mode from being used as a USB peripheral device which could potentially be used to access user data. This change adds a function to return whether xDCI can be enabled or not, which will be used by the SOCs. Change-Id: Ie3ee9dd7077c094a01fd857a2e4033a12ce8979b Signed-off-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-on: https://review.coreboot.org/25347 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This commit is contained in:
parent
969ef10f54
commit
4df7d2c495
|
@ -17,5 +17,6 @@
|
|||
#define SOC_INTEL_COMMON_BLOCK_XDCI_H
|
||||
|
||||
void soc_xdci_init(struct device *dev);
|
||||
int xdci_can_enable(void);
|
||||
|
||||
#endif /* SOC_INTEL_COMMON_BLOCK_XDCI_H */
|
||||
|
|
|
@ -19,9 +19,19 @@
|
|||
#include <device/pci.h>
|
||||
#include <device/pci_ids.h>
|
||||
#include <intelblocks/xdci.h>
|
||||
#include <security/vboot/vboot_common.h>
|
||||
|
||||
__attribute__((weak)) void soc_xdci_init(struct device *dev) { /* no-op */ }
|
||||
|
||||
/* Only allow xDCI controller in developer mode if VBOOT is enabled */
|
||||
int xdci_can_enable(void)
|
||||
{
|
||||
if (IS_ENABLED(CONFIG_VBOOT))
|
||||
return vboot_developer_mode_enabled() ? 1 : 0;
|
||||
else
|
||||
return 1;
|
||||
}
|
||||
|
||||
static struct device_operations usb_xdci_ops = {
|
||||
.read_resources = &pci_dev_read_resources,
|
||||
.set_resources = &pci_dev_set_resources,
|
||||
|
|
Loading…
Reference in New Issue