soc/intel/apollolake: Disable HECI1 before jumping to OS

This change disables HECI1 device at the end of boot sequence. It uses
the P2SB messaging to disable HECI1 device before hiding P2SB and
dropping privilege level.

BUG=b:119074978
BRANCH=None
TEST=Verified that HECI1 device is not visible in lspci on octopus.

Change-Id: Id6abfd0c71a466d0cf8f19ae9b91f1d3446e3d09
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://review.coreboot.org/29534
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Reviewed-by: Kane Chen <kane.chen@intel.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>

src/soc/intel/apollolake/chip.c

@@ -39,15 +39,16 @@
 #include <intelblocks/itss.h>
 #include <intelblocks/pmclib.h>
 #include <romstage_handoff.h>
+#include <soc/cpu.h>
+#include <soc/heci.h>
+#include <soc/intel/common/vbt.h>
 #include <soc/iomap.h>
 #include <soc/itss.h>
-#include <soc/intel/common/vbt.h>
 #include <soc/nvs.h>
 #include <soc/pci_devs.h>
-#include <spi-generic.h>
-#include <soc/cpu.h>
 #include <soc/pm.h>
 #include <soc/systemagent.h>
+#include <spi-generic.h>
 #include <timer.h>
 
 #include "chip.h"
@@ -715,8 +716,16 @@ static int check_xdci_enable(void)
 void platform_fsp_notify_status(enum fsp_notify_phase phase)
 {
 	if (phase == END_OF_FIRMWARE) {
+
+		/*
+		 * Before hiding P2SB device and dropping privilege level,
+		 * dump CSE status and disable HECI1 interface.
+		 */
+		heci_cse_lockdown();
+
 		/* Hide the P2SB device to align with previous behavior. */
 		p2sb_hide();
+
 		/*
 		 * As per guidelines BIOS is recommended to drop CPU privilege
 		 * level to IA_UNTRUSTED. After that certain device registers

src/soc/intel/apollolake/cse.c

@@ -19,6 +19,11 @@
 #include <console/console.h>
 #include <fmap.h>
 #include <intelblocks/cse.h>
+#include <intelblocks/p2sb.h>
+#include <intelblocks/pcr.h>
+#include <soc/heci.h>
+#include <soc/iomap.h>
+#include <soc/pcr_ids.h>
 #include <soc/pci_devs.h>
 #include <device/pci_ops.h>
 #include <stdint.h>
@@ -187,7 +192,7 @@ static uint32_t dump_status(int index, int reg_addr)
 	return reg;
 }
 
-static void dump_cse_state(void *unused)
+static void dump_cse_state(void)
 {
 	uint32_t fwsts1;
 
@@ -218,6 +223,25 @@ static void dump_cse_state(void *unused)
 	}
 	printk(BIOS_DEBUG, "\n");
 }
+
+#define PCR_PSFX_T0_SHDW_PCIEN		0x1C
+#define PCR_PSFX_T0_SHDW_PCIEN_FUNDIS	(1 << 8)
+
+static void disable_heci1(void)
+{
+	pcr_or32(PID_PSF3, PSF3_BASE_ADDRESS + PCR_PSFX_T0_SHDW_PCIEN,
+		 PCR_PSFX_T0_SHDW_PCIEN_FUNDIS);
+}
+
+void heci_cse_lockdown(void)
+{
+	dump_cse_state();
+
+	/*
+	 * It is safe to disable HECI1 now since we won't be talking to the ME
+	 * anymore.
+	 */
+	disable_heci1();
+}
+
 BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_ENTRY, fpf_blown, NULL);
-BOOT_STATE_INIT_ENTRY(BS_OS_RESUME, BS_ON_ENTRY, dump_cse_state, NULL);
-BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_LOAD, BS_ON_EXIT, dump_cse_state, NULL);

src/soc/intel/apollolake/include/soc/heci.h

@@ -42,4 +42,7 @@ bool heci_cse_normal(void);
 /* Returns true if CSE is done with whatever it was doing */
 bool heci_cse_done(void);
 
+/* Dump CSE state and lockdown HECI1 interface using P2SB message. */
+void heci_cse_lockdown(void);
+
 #endif

src/soc/intel/apollolake/include/soc/iomap.h

@@ -45,6 +45,7 @@
 #define SRAM_SIZE_2			(4 * KiB)
 
 #define HECI1_BASE_ADDRESS		0xfed1a000
+#define PSF3_BASE_ADDRESS		0x1e00
 
 /* Temporary BAR for SPI until PCI enumeration assigns a BAR in ramstage. */
 #define SPI_BASE_ADDRESS		0xfe010000

src/soc/intel/apollolake/include/soc/pcr_ids.h

@@ -35,8 +35,10 @@
 #define PID_LPC		0xD2
 #define PID_MODPHY	0xA5
 
-#define PID_AUNIT	0x4d
-#define PID_BUNIT	0x4c
+#define PID_AUNIT	0x4D
+#define PID_BUNIT	0x4C
 #define PID_TUNIT	0x52
 
+#define PID_PSF3	0xC6
+
 #endif	/* SOC_INTEL_APL_PCR_H */