GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

soc/intel/skylake: Clean up FSP chipset lockdown configuration 

Use a variable to store if the FSP should be responsible for the chipset
lockdown and use it for setting related configuration options. Thus, get
rid of that if-clause and adjust comments.

This changes behavior since now related options are always set,
depending on if coreboot or the FSP should be responsible for the
chipset lockdown. This ensures a defined state independent from the
default configuration of the FSP.

Change-Id: I0c43a11a40a474de4af22aa5506b1d387809bda2
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52843
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
This commit is contained in:
Felix Singer 2021-05-03 02:25:08 +02:00 committed by Tim Wawrzynczak
parent 85ebab8541
commit 5385b4daa8
1 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/soc/intel/skylake/chip.c
View File

@ -409,19 +409,19 @@ void platform_fsp_silicon_init_params_cb(FSPS_UPD *supd)
* do the changes and then lock it back in coreboot during finalize.
*/
tconfig->PchSbAccessUnlock = (config->HeciEnabled == 0) ? 1 : 0;
if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT) {
tconfig->PchLockDownBiosInterface = 0;
params->PchLockDownBiosLock = 0;
params->PchLockDownSpiEiss = 0;
/*
* Skip Spi Flash Lockdown from inside FSP.
* Making this config "0" means FSP won't set the FLOCKDN bit
* of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL).
* So, it becomes coreboot's responsibility to set this bit
* before end of POST for security concerns.
*/
params->SpiFlashCfgLockDown = 0;
}
const bool lockdown_by_fsp = get_lockdown_config() == CHIPSET_LOCKDOWN_FSP;
tconfig->PchLockDownBiosInterface = lockdown_by_fsp;
params->PchLockDownBiosLock = lockdown_by_fsp;
params->PchLockDownSpiEiss = lockdown_by_fsp;
/*
* Making this config "0" means FSP won't set the FLOCKDN bit
* of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL).
* So, it becomes coreboot's responsibility to set this bit
* before end of POST for security concerns.
*/
params->SpiFlashCfgLockDown = lockdown_by_fsp;
/* FSP should let coreboot set subsystem IDs, which are read/write-once */
params->DefaultSvid = 0;
params->PchSubSystemVendorId = 0;