GNUBoot/coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
coreboot-kgpe-d16/src/soc/intel/skylake/finalize.c
Subrata Banik 97a09454d2 soc/intel/skylake: Move DMI lock down config after resource allocation 
This patch to ensures that coreboot is performing DMI
registers lockdown after PCI enumeration is done.

This requirements are intended to support platform security
guideline where all required chipset registers are expected
to be in lock down stage before launching any 3rd party
code as in option rom etc.

coreboot has to change its execution order to meet those
requirements. Hence BIOS Interface lock down through Sideband
access has been moved right after pci resource allocation is done,
so that BILD lock down is getting executed along with LPC and SPI
BIOS interface lockdown settings before calling post pci
enumeration FSP NotifyPhase() API which is targeted to
be done in BS_DEV_ENABLE-BS_ON_ENTRY.

TEST=Ensure DMI register offset 0x274c bit 0 is set.

Change-Id: Ie66701d5bd8c8f389e23fb30c8595dd83cf6b1ae
Signed-off-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-on: https://review.coreboot.org/21030
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2017-08-26 06:03:00 +00:00

190 lines
4.6 KiB
C
Raw Blame History

/*
* This file is part of the coreboot project.
*
* Copyright (C) 2014 Google Inc.
* Copyright (C) 2015 Intel Corporation.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#include <arch/io.h>
#include <bootstate.h>
#include <chip.h>
#include <console/console.h>
#include <console/post_codes.h>
#include <cpu/x86/smm.h>
#include <device/pci.h>
#include <intelblocks/fast_spi.h>
#include <intelblocks/pcr.h>
#include <reg_script.h>
#include <spi-generic.h>
#include <soc/lpc.h>
#include <soc/me.h>
#include <soc/p2sb.h>
#include <soc/pci_devs.h>
#include <soc/pcr_ids.h>
#include <soc/pm.h>
#include <soc/smbus.h>
#include <soc/systemagent.h>
#include <stdlib.h>
#define PSF_BASE_ADDRESS 0xA00
#define PCR_PSFX_T0_SHDW_PCIEN 0x1C
#define PCR_PSFX_T0_SHDW_PCIEN_FUNDIS (1 << 8)
static void pch_configure_endpoints(device_t dev, int epmask_id, uint32_t mask)
{
uint32_t reg32;
reg32 = pci_read_config32(dev, PCH_P2SB_EPMASK(epmask_id));
pci_write_config32(dev, PCH_P2SB_EPMASK(epmask_id), reg32 | mask);
}
static void disable_sideband_access(void)
{
device_t dev;
u8 reg8;
uint32_t mask;
dev = PCH_DEV_P2SB;
/*
* Set p2sb PCI offset EPMASK5 C4h [29, 28, 27, 26] to disable Sideband
* access for PCI Root Bridge.
* Set p2sb PCI offset EPMASK5 C4h [17, 16,10, 1] to disable Sideband
* access for MIPI controller.
*/
mask = (1 << 29) | (1 << 28) | (1 << 27) | (1 << 26) | (1 << 17) |
(1 << 16) | (1 << 10) | (1 << 1);
pch_configure_endpoints(dev, 5, mask);
/*
* Set p2sb PCI offset EPMASK7 CCh ports E6, E5 (bits 6, 5)
* to disable Sideband access for XHCI controller.
*/
mask = (1 << 6) | (1 << 5);
pch_configure_endpoints(dev, 7, mask);
/* Set the "Endpoint Mask Lock!", P2SB PCI offset E2h bit[1] to 1. */
reg8 = pci_read_config8(dev, PCH_P2SB_E0 + 2);
pci_write_config8(dev, PCH_P2SB_E0 + 2, reg8 | (1 << 1));
/* hide p2sb device */
pci_write_config8(dev, PCH_P2SB_E0 + 1, 1);
}
static void pch_disable_heci(void)
{
device_t dev = PCH_DEV_P2SB;
/*
* if p2sb device 1f.1 is not present or hidden in devicetree
* p2sb device becomes NULL
*/
if (!dev)
return;
/* unhide p2sb device */
pci_write_config8(dev, PCH_P2SB_E0 + 1, 0);
/* disable heci */
pcr_or32(PID_PSF1, PSF_BASE_ADDRESS + PCR_PSFX_T0_SHDW_PCIEN,
PCR_PSFX_T0_SHDW_PCIEN_FUNDIS);
disable_sideband_access();
}
static void pch_finalize_script(void)
{
device_t dev;
uint32_t reg32;
uint8_t *pmcbase;
config_t *config;
u8 reg8;
/* Set FAST_SPI opcode menu */
fast_spi_set_opcode_menu();
/* Lock FAST_SPIBAR */
fast_spi_lock_bar();
/* Display me status before we hide it */
intel_me_status();
dev = PCH_DEV_PMC;
pmcbase = pmc_mmio_regs();
config = dev->chip_info;
/*
* Disable ACPI PM timer based on dt policy
*
* Disabling ACPI PM timer is necessary for XTAL OSC shutdown.
* Disabling ACPI PM timer also switches off TCO
*/
if (config->PmTimerDisabled) {
reg8 = read8(pmcbase + PCH_PWRM_ACPI_TMR_CTL);
reg8 |= (1 << 1);
write8(pmcbase + PCH_PWRM_ACPI_TMR_CTL, reg8);
}
/* Disable XTAL shutdown qualification for low power idle. */
if (config->s0ix_enable) {
reg32 = read32(pmcbase + CIR31C);
reg32 |= XTALSDQDIS;
write32(pmcbase + CIR31C, reg32);
}
/* we should disable Heci1 based on the devicetree policy */
if (config->HeciEnabled == 0)
pch_disable_heci();
}
static void soc_lockdown(void)
{
u8 reg8;
device_t dev;
const struct device *dev1 = dev_find_slot(0, PCH_DEVFN_LPC);
const struct soc_intel_skylake_config *config = dev1->chip_info;
/* Global SMI Lock */
if (config->LockDownConfigGlobalSmi == 0) {
dev = PCH_DEV_PMC;
reg8 = pci_read_config8(dev, GEN_PMCON_A);
reg8 |= SMI_LOCK;
pci_write_config8(dev, GEN_PMCON_A, reg8);
}
if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) {
/* Bios Interface Lock */
fast_spi_set_bios_interface_lock_down();
/* Bios Lock */
fast_spi_set_lock_enable();
}
}
static void soc_finalize(void *unused)
{
printk(BIOS_DEBUG, "Finalizing chipset.\n");
pch_finalize_script();
soc_lockdown();
printk(BIOS_DEBUG, "Finalizing SMM.\n");
outb(APM_CNT_FINALIZE, APM_CNT);
/* Indicate finalize step with post code */
post_code(POST_OS_BOOT);
}
BOOT_STATE_INIT_ENTRY(BS_OS_RESUME, BS_ON_ENTRY, soc_finalize, NULL);
BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_LOAD, BS_ON_EXIT, soc_finalize, NULL);
Reference in a new issue View git blame Copy permalink