soc/intel/cannonlake: Allow coreboot to handle required chipset lockdown

This patch disables FSP-S chipset lockdown UPDs and lets coreboot perform
chipset lockdown in ramstage.

BUG=b:138200201
TEST=FSP debug build suggests those UPDs are disable now.

Change-Id: I7e53c4e4987a7b0e7f475c92b0f797d94fdd60f4
Signed-off-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34541
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
This commit is contained in:
Subrata Banik 2019-07-24 13:43:22 +05:30 committed by Furquan Shaikh
parent 669e155ad2
commit 990a05d261
1 changed files with 34 additions and 0 deletions

View File

@ -19,6 +19,7 @@
#include <fsp/api.h> #include <fsp/api.h>
#include <fsp/util.h> #include <fsp/util.h>
#include <intelblocks/xdci.h> #include <intelblocks/xdci.h>
#include <intelpch/lockdown.h>
#include <soc/intel/common/vbt.h> #include <soc/intel/common/vbt.h>
#include <soc/pci_devs.h> #include <soc/pci_devs.h>
#include <soc/ramstage.h> #include <soc/ramstage.h>
@ -402,6 +403,39 @@ void platform_fsp_silicon_init_params_cb(FSPS_UPD *supd)
configure_gspi_cs(i, config, configure_gspi_cs(i, config,
&params->SerialIoSpiCsPolarity[0], NULL, NULL); &params->SerialIoSpiCsPolarity[0], NULL, NULL);
#endif #endif
/* Chipset Lockdown */
if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT) {
tconfig->PchLockDownGlobalSmi = 0;
tconfig->PchLockDownBiosInterface = 0;
params->PchLockDownBiosLock = 0;
params->PchLockDownRtcMemoryLock = 0;
/*
* TODO: Disable SpiFlashCfgLockDown config after FSP provides
* dedicated UPD
*
* Skip SPI Flash Lockdown from inside FSP.
* Making this config "0" means FSP won't set the FLOCKDN bit
* of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL).
* So, it becomes coreboot's responsibility to set this bit
* before end of POST for security concerns.
*/
// params->SpiFlashCfgLockDown = 0;
} else {
tconfig->PchLockDownGlobalSmi = 1;
tconfig->PchLockDownBiosInterface = 1;
params->PchLockDownBiosLock = 1;
params->PchLockDownRtcMemoryLock = 1;
/*
* TODO: Enable SpiFlashCfgLockDown config after FSP provides
* dedicated UPD
*
* Enable SPI Flash Lockdown from inside FSP.
* Making this config "1" means FSP will set the FLOCKDN bit
* of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL).
*/
// params->SpiFlashCfgLockDown = 1;
}
} }
/* Mainboard GPIO Configuration */ /* Mainboard GPIO Configuration */