From 7ef5376123d4d0ebb811795fcee1de7066f65a0f Mon Sep 17 00:00:00 2001 From: Sean Rhodes Date: Wed, 8 Jun 2022 15:00:26 +0100 Subject: [PATCH] soc/intel/apollolake: Configure FSP UPDs to allow coreboot to lockdown Configure FSP S UPDs to allow coreboot to handle the lockdown. The main change here is setting `Write Protection Support` to 0, as the default is Enabled, which shouldn't allow writes (even though it seems to). The UPDs are identical on APL and GLK, but all ones configured in this patch have been there since their initial releases. Signed-off-by: Sean Rhodes Change-Id: I35185b498315511f3236758caebfe2f9c28fd04a Reviewed-on: https://review.coreboot.org/c/coreboot/+/65039 Reviewed-by: Nico Huber Reviewed-by: Angel Pons Tested-by: build bot (Jenkins) --- src/soc/intel/apollolake/chip.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/soc/intel/apollolake/chip.c b/src/soc/intel/apollolake/chip.c index da2d00adb7..5bee9bfdbb 100644 --- a/src/soc/intel/apollolake/chip.c +++ b/src/soc/intel/apollolake/chip.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -697,11 +698,13 @@ void platform_fsp_silicon_init_params_cb(FSPS_UPD *silupd) silconfig->SkipMpInit = !CONFIG(USE_INTEL_FSP_MP_INIT); - /* Disable setting of EISS bit in FSP. */ - silconfig->SpiEiss = 0; - - /* Disable FSP from locking access to the RTC NVRAM */ - silconfig->RtcLock = 0; + /* coreboot handles the lockdown */ + silconfig->LockDownGlobalSmi = 0; + silconfig->BiosLock = 0; + silconfig->BiosInterface = 0; + silconfig->WriteProtectionEnable[0] = 0; + silconfig->SpiEiss = 0; + silconfig->RtcLock = 0; /* Enable Audio clk gate and power gate */ silconfig->HDAudioClkGate = cfg->hdaudio_clk_gate_enable;