soc/intel/common/cse: Add function to perform global reset lock

This patch implements `cse_control_global_reset_lock()` as per ME BWG
(doc: 627331) recommendation.

It is recommended that BIOS should set this bit early on in the boot
sequence, and then clear it and set the CF9LOCK bit prior to loading
the OS in both an Intel CSME Enabled and a Intel CSME Disabled system.

Note: For CSE-Lite SKUs BIOS should set CF9LOCK bit unconditionally.

BUG=b:211954778
TEST=Able to build and boot Brya.

Signed-off-by: Subrata Banik <subratabanik@google.com>
Change-Id: I3894b2cd8b90dc033f475384486815ab2fadf381
Reviewed-on: https://review.coreboot.org/c/coreboot/+/61520
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
This commit is contained in:
Subrata Banik 2022-02-01 00:26:55 +05:30 committed by Felix Held
parent 71f03b4630
commit 80c9289712
2 changed files with 23 additions and 0 deletions

View File

@ -11,6 +11,7 @@
#include <device/pci_ids.h>
#include <device/pci_ops.h>
#include <intelblocks/cse.h>
#include <intelblocks/pmclib.h>
#include <option.h>
#include <security/vboot/misc.h>
#include <security/vboot/vboot_common.h>
@ -1008,6 +1009,25 @@ void heci_set_to_d0i3(void)
}
}
void cse_control_global_reset_lock(void)
{
/*
* As per ME BWG recommendation the BIOS should not lock down CF9GR bit during
* manufacturing and re-manufacturing environment if HFSTS1 [4] is set. Note:
* this recommendation is not applicable for CSE-Lite SKUs where BIOS should set
* CF9LOCK bit irrespectively.
*
* Other than that, make sure payload/OS can't trigger global reset.
*
* BIOS must also ensure that CF9GR is cleared and locked (Bit31 of ETR3)
* prior to transferring control to the OS.
*/
if (CONFIG(SOC_INTEL_CSE_LITE_SKU) || cse_is_hfs1_spi_protected())
pmc_global_reset_disable_and_lock();
else
pmc_global_reset_enable(false);
}
#if ENV_RAMSTAGE
/*

View File

@ -495,6 +495,9 @@ void cse_set_to_d0i3(void);
/* Function sets D0I3 for all HECI devices */
void heci_set_to_d0i3(void);
/* Function performs the global reset lock */
void cse_control_global_reset_lock(void);
/*
* SoC override API to make heci1 disable using PCR.
*