From f332e47f5696335de2167b6163de0cdbfe63df92 Mon Sep 17 00:00:00 2001 From: Marc Jones Date: Tue, 9 Mar 2021 12:14:06 -0700 Subject: [PATCH] mainboard/: Register chipset_lockdown on xeon_sp mainboards Set chipset_lockdown in devicetree for recommended security settings. Change-Id: Ie27450dd32463243b1456932a1d39d40afa81da1 Signed-off-by: Marc Jones Reviewed-on: https://review.coreboot.org/c/coreboot/+/51388 Reviewed-by: Arthur Heymans Reviewed-by: Jay Talbott Reviewed-by: Angel Pons Tested-by: build bot (Jenkins) --- src/mainboard/intel/cedarisland_crb/devicetree.cb | 5 +++++ src/mainboard/ocp/deltalake/devicetree.cb | 4 ++++ src/mainboard/ocp/tiogapass/devicetree.cb | 4 ++++ 3 files changed, 13 insertions(+) diff --git a/src/mainboard/intel/cedarisland_crb/devicetree.cb b/src/mainboard/intel/cedarisland_crb/devicetree.cb index a82f022c0b..4691c0541b 100644 --- a/src/mainboard/intel/cedarisland_crb/devicetree.cb +++ b/src/mainboard/intel/cedarisland_crb/devicetree.cb @@ -1,4 +1,9 @@ chip soc/intel/xeon_sp/cpx + + register "common_soc_config" = "{ + .chipset_lockdown = CHIPSET_LOCKDOWN_COREBOOT, + }" + device cpu_cluster 0 on device lapic 0 on end end diff --git a/src/mainboard/ocp/deltalake/devicetree.cb b/src/mainboard/ocp/deltalake/devicetree.cb index 70dd6d683b..08ac3e35c1 100644 --- a/src/mainboard/ocp/deltalake/devicetree.cb +++ b/src/mainboard/ocp/deltalake/devicetree.cb @@ -48,6 +48,10 @@ chip soc/intel/xeon_sp/cpx register "cstate_states" = "CSTATES_C1C6" + register "common_soc_config" = "{ + .chipset_lockdown = CHIPSET_LOCKDOWN_COREBOOT, + }" + device cpu_cluster 0 on device lapic 0 on end end diff --git a/src/mainboard/ocp/tiogapass/devicetree.cb b/src/mainboard/ocp/tiogapass/devicetree.cb index 833bb20e21..850443854f 100644 --- a/src/mainboard/ocp/tiogapass/devicetree.cb +++ b/src/mainboard/ocp/tiogapass/devicetree.cb @@ -40,6 +40,10 @@ chip soc/intel/xeon_sp/skx register "gen2_dec" = "0x000c0ca1" # IPMI KCS + register "common_soc_config" = "{ + .chipset_lockdown = CHIPSET_LOCKDOWN_COREBOOT, + }" + device cpu_cluster 0 on device lapic 0 on end end