soc/intel/skylake: Move LPC lock down config after resource allocation

This patch to ensures that coreboot is performing LPC
registers lockdown after PCI enumeration is done.

This requirements are intended to support platform security
guideline where all required chipset registers are expected
to be in lock down stage before launching any 3rd party
code as in option rom etc.

coreboot has to change its execution order to meet those
requirements. Hence lpc register lock down has been moved
right after pci resource allocation is done, so that
lpc registers can be lock down before calling post pci
enumeration FSP NotifyPhase() API which is targeted to
be done in BS_DEV_ENABLE-BS_ON_ENTRY.

TEST=Ensure LPC register 0xDC bit 1 and 7 is set.

Change-Id: I705a3a3c6ddc72ae7895419442d67b82f541edee
Signed-off-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-on: https://review.coreboot.org/21000
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This commit is contained in:
Subrata Banik 2017-08-14 16:15:33 +05:30 committed by Aaron Durbin
parent 2d1dd5943d
commit b51f54b518
3 changed files with 53 additions and 13 deletions

View file

@ -53,6 +53,7 @@ ramstage-y += gspi.c
ramstage-y += i2c.c
ramstage-y += igd.c
ramstage-y += irq.c
ramstage-y += lockdown.c
ramstage-y += lpc.c
ramstage-y += me.c
ramstage-y += memmap.c

View file

@ -186,25 +186,12 @@ static void soc_lockdown(void)
if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) {
/* Bios Interface Lock */
pci_write_config8(PCH_DEV_LPC, BIOS_CNTL,
pci_read_config8(PCH_DEV_LPC,
BIOS_CNTL) | LPC_BC_BILD);
/* Reads back for posted write to take effect */
pci_read_config8(PCH_DEV_LPC, BIOS_CNTL);
fast_spi_set_bios_interface_lock_down();
/* GCS reg of DMI */
pcr_or8(PID_DMI, PCR_DMI_GCS, PCR_DMI_GCS_BILD);
/* Bios Lock */
pci_write_config8(PCH_DEV_LPC, BIOS_CNTL,
pci_read_config8(PCH_DEV_LPC,
BIOS_CNTL) | LPC_BC_LE);
/* Ensure an additional read back after performing lock down */
pci_read_config8(PCH_DEV_LPC, BIOS_CNTL);
fast_spi_set_lock_enable();
}
}

View file

@ -0,0 +1,52 @@
/*
* This file is part of the coreboot project.
*
* Copyright (C) 2017 Intel Corporation.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#include <arch/io.h>
#include <bootstate.h>
#include <chip.h>
#include <soc/lpc.h>
#include <soc/pci_devs.h>
#include <string.h>
static void lpc_lockdown_config(void)
{
static struct soc_intel_skylake_config *config;
struct device *dev;
uint8_t reg_mask = 0;
dev = PCH_DEV_LPC;
/* Check if LPC is enabled, else return */
if (dev == NULL || dev->chip_info == NULL)
return;
config = dev->chip_info;
/* Set Bios Interface Lock, Bios Lock */
if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT)
reg_mask |= LPC_BC_BILD | LPC_BC_LE;
pci_or_config8(dev, BIOS_CNTL, reg_mask);
/* Ensure an additional read back after performing lock down */
pci_read_config8(dev, BIOS_CNTL);
}
static void platform_lockdown_config(void *unused)
{
/* LPC lock down configuration */
lpc_lockdown_config();
}
BOOT_STATE_INIT_ENTRY(BS_DEV_RESOURCES, BS_ON_EXIT, platform_lockdown_config,
NULL);