GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

soc/intel/cannonlake: Clean up FSP chipset lockdown configuration 

Use a variable to store if the FSP should be responsible for the chipset
lockdown and use it for setting related configuration options. Thus, get
rid of that if-else-clause and adjust comments.

Change-Id: I202c212ec8e9ac63f5512c2e74040c23e1562b9a
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52842
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
This commit is contained in:
Felix Singer 2021-05-03 02:21:05 +02:00 committed by Tim Wawrzynczak
parent c6d7166942
commit 85ebab8541
1 changed files with 12 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/soc/intel/cannonlake/fsp_params.c
View File

@ -642,35 +642,20 @@ void platform_fsp_silicon_init_params_cb(FSPS_UPD *supd)
#endif
/* Chipset Lockdown */
if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT) {
tconfig->PchLockDownGlobalSmi = 0;
tconfig->PchLockDownBiosInterface = 0;
params->PchLockDownBiosLock = 0;
params->PchLockDownRtcMemoryLock = 0;
const bool lockdown_by_fsp = get_lockdown_config() == CHIPSET_LOCKDOWN_FSP;
tconfig->PchLockDownGlobalSmi = lockdown_by_fsp;
tconfig->PchLockDownBiosInterface = lockdown_by_fsp;
params->PchLockDownBiosLock = lockdown_by_fsp;
params->PchLockDownRtcMemoryLock = lockdown_by_fsp;
#if CONFIG(SOC_INTEL_COMETLAKE)
/*
* Skip SPI Flash Lockdown from inside FSP.
* Making this config "0" means FSP won't set the FLOCKDN bit
* of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL).
* So, it becomes coreboot's responsibility to set this bit
* before end of POST for security concerns.
*/
params->SpiFlashCfgLockDown = 0;
/*
* Making this config "0" means FSP won't set the FLOCKDN bit
* of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL).
* So, it becomes coreboot's responsibility to set this bit
* before end of POST for security concerns.
*/
params->SpiFlashCfgLockDown = lockdown_by_fsp;
#endif
} else {
tconfig->PchLockDownGlobalSmi = 1;
tconfig->PchLockDownBiosInterface = 1;
params->PchLockDownBiosLock = 1;
params->PchLockDownRtcMemoryLock = 1;
#if CONFIG(SOC_INTEL_COMETLAKE)
/*
* Enable SPI Flash Lockdown from inside FSP.
* Making this config "1" means FSP will set the FLOCKDN bit
* of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL).
*/
params->SpiFlashCfgLockDown = 1;
#endif
}
#if !CONFIG(SOC_INTEL_COMETLAKE)
params->VrPowerDeliveryDesign = config->VrPowerDeliveryDesign;