soc/intel/skylake: Move LPC lock down config after resource allocation
This patch to ensures that coreboot is performing LPC registers lockdown after PCI enumeration is done. This requirements are intended to support platform security guideline where all required chipset registers are expected to be in lock down stage before launching any 3rd party code as in option rom etc. coreboot has to change its execution order to meet those requirements. Hence lpc register lock down has been moved right after pci resource allocation is done, so that lpc registers can be lock down before calling post pci enumeration FSP NotifyPhase() API which is targeted to be done in BS_DEV_ENABLE-BS_ON_ENTRY. TEST=Ensure LPC register 0xDC bit 1 and 7 is set. Change-Id: I705a3a3c6ddc72ae7895419442d67b82f541edee Signed-off-by: Subrata Banik <subrata.banik@intel.com> Reviewed-on: https://review.coreboot.org/21000 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This commit is contained in:
parent
2d1dd5943d
commit
b51f54b518
3 changed files with 53 additions and 13 deletions
|
@ -53,6 +53,7 @@ ramstage-y += gspi.c
|
|||
ramstage-y += i2c.c
|
||||
ramstage-y += igd.c
|
||||
ramstage-y += irq.c
|
||||
ramstage-y += lockdown.c
|
||||
ramstage-y += lpc.c
|
||||
ramstage-y += me.c
|
||||
ramstage-y += memmap.c
|
||||
|
|
|
@ -186,25 +186,12 @@ static void soc_lockdown(void)
|
|||
|
||||
if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) {
|
||||
/* Bios Interface Lock */
|
||||
pci_write_config8(PCH_DEV_LPC, BIOS_CNTL,
|
||||
pci_read_config8(PCH_DEV_LPC,
|
||||
BIOS_CNTL) | LPC_BC_BILD);
|
||||
/* Reads back for posted write to take effect */
|
||||
pci_read_config8(PCH_DEV_LPC, BIOS_CNTL);
|
||||
|
||||
fast_spi_set_bios_interface_lock_down();
|
||||
|
||||
/* GCS reg of DMI */
|
||||
pcr_or8(PID_DMI, PCR_DMI_GCS, PCR_DMI_GCS_BILD);
|
||||
|
||||
/* Bios Lock */
|
||||
pci_write_config8(PCH_DEV_LPC, BIOS_CNTL,
|
||||
pci_read_config8(PCH_DEV_LPC,
|
||||
BIOS_CNTL) | LPC_BC_LE);
|
||||
|
||||
/* Ensure an additional read back after performing lock down */
|
||||
pci_read_config8(PCH_DEV_LPC, BIOS_CNTL);
|
||||
|
||||
fast_spi_set_lock_enable();
|
||||
}
|
||||
}
|
||||
|
|
52
src/soc/intel/skylake/lockdown.c
Normal file
52
src/soc/intel/skylake/lockdown.c
Normal file
|
@ -0,0 +1,52 @@
|
|||
/*
|
||||
* This file is part of the coreboot project.
|
||||
*
|
||||
* Copyright (C) 2017 Intel Corporation.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; version 2 of the License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*/
|
||||
|
||||
#include <arch/io.h>
|
||||
#include <bootstate.h>
|
||||
#include <chip.h>
|
||||
#include <soc/lpc.h>
|
||||
#include <soc/pci_devs.h>
|
||||
#include <string.h>
|
||||
|
||||
static void lpc_lockdown_config(void)
|
||||
{
|
||||
static struct soc_intel_skylake_config *config;
|
||||
struct device *dev;
|
||||
uint8_t reg_mask = 0;
|
||||
|
||||
dev = PCH_DEV_LPC;
|
||||
/* Check if LPC is enabled, else return */
|
||||
if (dev == NULL || dev->chip_info == NULL)
|
||||
return;
|
||||
|
||||
config = dev->chip_info;
|
||||
|
||||
/* Set Bios Interface Lock, Bios Lock */
|
||||
if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT)
|
||||
reg_mask |= LPC_BC_BILD | LPC_BC_LE;
|
||||
|
||||
pci_or_config8(dev, BIOS_CNTL, reg_mask);
|
||||
/* Ensure an additional read back after performing lock down */
|
||||
pci_read_config8(dev, BIOS_CNTL);
|
||||
}
|
||||
|
||||
static void platform_lockdown_config(void *unused)
|
||||
{
|
||||
/* LPC lock down configuration */
|
||||
lpc_lockdown_config();
|
||||
}
|
||||
|
||||
BOOT_STATE_INIT_ENTRY(BS_DEV_RESOURCES, BS_ON_EXIT, platform_lockdown_config,
|
||||
NULL);
|
Loading…
Reference in a new issue