diff options
author | Barnali Sarkar <barnali.sarkar@intel.com> | 2017-08-17 11:52:39 +0530 |
---|---|---|
committer | Aaron Durbin <adurbin@chromium.org> | 2017-08-26 16:30:31 +0000 |
commit | 0818a2a774e12f4522d139e8b6f3a39a8e1aa935 (patch) | |
tree | f0955666bc5410486f83a3bd44512a2582af8ca5 | |
parent | b26e01a06718cc1a49a7c277c831b572a7301210 (diff) |
soc/intel/skylake: Move SPI lock down config after resource allocation
This patch to ensures that coreboot is performing SPI
registers lockdown after PCI enumeration is done.
This requirements are intended to support platform security
guideline where all required chipset registers are expected
to be in lock down stage before launching any 3rd party
code as in option rom etc.
coreboot has to change its execution order to meet those
requirements. Hence SPI lock down programming has been moved
right after pci resource allocation is donei, so that
SPI registers can be lock down before calling post pci
enumeration FSP NotifyPhase() API which is targeted to
be done in BS_DEV_ENABLE-BS_ON_ENTRY.
TEST=Ensure SPIBAR+HSFSTS(0x04) register FLOCKDN bit and WRSDIS
bit is set. Also, Bits 8-12 of SPIBAR+DLOCK(0x0C) register is set.
Change-Id: I8f5a952656e51d3bf365917b90d3056b46f899c5
Signed-off-by: Barnali Sarkar <barnali.sarkar@intel.com>
Reviewed-on: https://review.coreboot.org/21064
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
-rw-r--r-- | src/soc/intel/skylake/finalize.c | 29 | ||||
-rw-r--r-- | src/soc/intel/skylake/lockdown.c | 56 |
2 files changed, 57 insertions, 28 deletions
diff --git a/src/soc/intel/skylake/finalize.c b/src/soc/intel/skylake/finalize.c index 335435ad9d..770cc1bf77 100644 --- a/src/soc/intel/skylake/finalize.c +++ b/src/soc/intel/skylake/finalize.c @@ -21,7 +21,6 @@ #include <console/post_codes.h> #include <cpu/x86/smm.h> #include <device/pci.h> -#include <intelblocks/fast_spi.h> #include <intelblocks/pcr.h> #include <reg_script.h> #include <spi-generic.h> @@ -109,12 +108,6 @@ static void pch_finalize_script(void) config_t *config; u8 reg8; - /* Set FAST_SPI opcode menu */ - fast_spi_set_opcode_menu(); - - /* Lock FAST_SPIBAR */ - fast_spi_lock_bar(); - /* Display me status before we hide it */ intel_me_status(); @@ -149,26 +142,24 @@ static void pch_finalize_script(void) static void soc_lockdown(void) { + struct soc_intel_skylake_config *config; + struct device *dev; u8 reg8; - device_t dev; - const struct device *dev1 = dev_find_slot(0, PCH_DEVFN_LPC); - const struct soc_intel_skylake_config *config = dev1->chip_info; + + dev = PCH_DEV_PMC; + + /* Check if PMC is enabled, else return */ + if (dev == NULL || dev->chip_info == NULL) + return; + + config = dev->chip_info; /* Global SMI Lock */ if (config->LockDownConfigGlobalSmi == 0) { - dev = PCH_DEV_PMC; reg8 = pci_read_config8(dev, GEN_PMCON_A); reg8 |= SMI_LOCK; pci_write_config8(dev, GEN_PMCON_A, reg8); } - - if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) { - /* Bios Interface Lock */ - fast_spi_set_bios_interface_lock_down(); - - /* Bios Lock */ - fast_spi_set_lock_enable(); - } } static void soc_finalize(void *unused) diff --git a/src/soc/intel/skylake/lockdown.c b/src/soc/intel/skylake/lockdown.c index 5bbf546de0..8c34fa73ed 100644 --- a/src/soc/intel/skylake/lockdown.c +++ b/src/soc/intel/skylake/lockdown.c @@ -16,6 +16,7 @@ #include <arch/io.h> #include <bootstate.h> #include <chip.h> +#include <intelblocks/fast_spi.h> #include <intelblocks/pcr.h> #include <soc/lpc.h> #include <soc/pci_devs.h> @@ -26,18 +27,12 @@ #define PCR_DMI_GCS 0x274C #define PCR_DMI_GCS_BILD (1 << 0) -static void lpc_lockdown_config(void) +static void lpc_lockdown_config(const struct soc_intel_skylake_config *config) { - static struct soc_intel_skylake_config *config; struct device *dev; uint8_t reg_mask = 0; dev = PCH_DEV_LPC; - /* Check if LPC is enabled, else return */ - if (dev == NULL || dev->chip_info == NULL) - return; - - config = dev->chip_info; /* Set Bios Interface Lock, Bios Lock */ if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) @@ -62,14 +57,57 @@ static void pmc_lockdown_config(void) static void dmi_lockdown_config(void) { - /* GCS reg of DMI */ + /* + * GCS reg of DMI + * + * When set, prevents GCS.BBS from being changed + * GCS.BBS: (Boot BIOS Strap) This field determines the destination + * of accesses to the BIOS memory range. + * Bits Description + * “0b”: SPI + * “1b”: LPC/eSPI + */ pcr_or8(PID_DMI, PCR_DMI_GCS, PCR_DMI_GCS_BILD); } +static void spi_lockdown_config(const struct soc_intel_skylake_config *config) +{ + /* Set FAST_SPI opcode menu */ + fast_spi_set_opcode_menu(); + + /* Discrete Lock Flash PR registers */ + fast_spi_pr_dlock(); + + /* Lock FAST_SPIBAR */ + fast_spi_lock_bar(); + + /* Set Bios Interface Lock, Bios Lock */ + if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) { + /* Bios Interface Lock */ + fast_spi_set_bios_interface_lock_down(); + + /* Bios Lock */ + fast_spi_set_lock_enable(); + } +} + static void platform_lockdown_config(void *unused) { + struct soc_intel_skylake_config *config; + struct device *dev; + + dev = PCH_DEV_SPI; + /* Check if device is valid, else return */ + if (dev == NULL || dev->chip_info == NULL) + return; + + config = dev->chip_info; + /* LPC lock down configuration */ - lpc_lockdown_config(); + lpc_lockdown_config(config); + + /* SPI lock down configuration */ + spi_lockdown_config(config); /* DMI lock down configuration */ dmi_lockdown_config(); |