soc/intel/skylake: Clean up FSP chipset lockdown configuration
Use a variable to store if the FSP should be responsible for the chipset lockdown and use it for setting related configuration options. Thus, get rid of that if-clause and adjust comments. This changes behavior since now related options are always set, depending on if coreboot or the FSP should be responsible for the chipset lockdown. This ensures a defined state independent from the default configuration of the FSP. Change-Id: I0c43a11a40a474de4af22aa5506b1d387809bda2 Signed-off-by: Felix Singer <felixsinger@posteo.net> Reviewed-on: https://review.coreboot.org/c/coreboot/+/52843 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
This commit is contained in:
parent
85ebab8541
commit
5385b4daa8
|
@ -409,19 +409,19 @@ void platform_fsp_silicon_init_params_cb(FSPS_UPD *supd)
|
|||
* do the changes and then lock it back in coreboot during finalize.
|
||||
*/
|
||||
tconfig->PchSbAccessUnlock = (config->HeciEnabled == 0) ? 1 : 0;
|
||||
if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT) {
|
||||
tconfig->PchLockDownBiosInterface = 0;
|
||||
params->PchLockDownBiosLock = 0;
|
||||
params->PchLockDownSpiEiss = 0;
|
||||
|
||||
const bool lockdown_by_fsp = get_lockdown_config() == CHIPSET_LOCKDOWN_FSP;
|
||||
tconfig->PchLockDownBiosInterface = lockdown_by_fsp;
|
||||
params->PchLockDownBiosLock = lockdown_by_fsp;
|
||||
params->PchLockDownSpiEiss = lockdown_by_fsp;
|
||||
/*
|
||||
* Skip Spi Flash Lockdown from inside FSP.
|
||||
* Making this config "0" means FSP won't set the FLOCKDN bit
|
||||
* of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL).
|
||||
* So, it becomes coreboot's responsibility to set this bit
|
||||
* before end of POST for security concerns.
|
||||
*/
|
||||
params->SpiFlashCfgLockDown = 0;
|
||||
}
|
||||
params->SpiFlashCfgLockDown = lockdown_by_fsp;
|
||||
|
||||
/* FSP should let coreboot set subsystem IDs, which are read/write-once */
|
||||
params->DefaultSvid = 0;
|
||||
params->PchSubSystemVendorId = 0;
|
||||
|
|
Loading…
Reference in New Issue