diff options
author | Subrata Banik <subratabanik@google.com> | 2022-04-22 19:48:40 +0530 |
---|---|---|
committer | Felix Held <felix-coreboot@felixheld.de> | 2022-04-27 12:37:43 +0000 |
commit | 2b594816eaa4629e549fcd2ca06f4395806ec78b (patch) | |
tree | 28c7465dd00156d9f86055122df27311853bc9a1 | |
parent | 0231ab17616ff519ef52b5b323fc1ce6efc79f61 (diff) |
soc/intel/cmn/lockdown: Perform SA lockdown configuration
`sa_lockdown_cfg` function ensures locking the PAM register hence,
skip dedicated calling into `sa_lock_pam()` from the SoC
`finalize.c` file. Dropped sa_lock_pam() call from ADL/CNL/EHL/JSL
and TGL.
Additionally, this patch enforces SA lockdown configuration for SKL
and ICL as well.
BUG=b:211954778
TEST=Able to build google/brya with these changes.
> localhost ~ # lspci -xxx | less
00:00.0 Host bridge: Device 8086:4601 (rev 04)
Bit 0 for all PAM registers a.k.a, PAMx_0_0_0_PCI.LOCK bit is set
(meaning locked).
Signed-off-by: Subrata Banik <subratabanik@google.com>
Change-Id: Ibd464d2507393ed0c746eb1fbd10e36092ed5599
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63518
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
-rw-r--r-- | src/soc/intel/alderlake/finalize.c | 8 | ||||
-rw-r--r-- | src/soc/intel/cannonlake/finalize.c | 8 | ||||
-rw-r--r-- | src/soc/intel/common/pch/lockdown/lockdown.c | 13 | ||||
-rw-r--r-- | src/soc/intel/elkhartlake/finalize.c | 8 | ||||
-rw-r--r-- | src/soc/intel/jasperlake/finalize.c | 8 | ||||
-rw-r--r-- | src/soc/intel/tigerlake/finalize.c | 8 |
6 files changed, 13 insertions, 40 deletions
diff --git a/src/soc/intel/alderlake/finalize.c b/src/soc/intel/alderlake/finalize.c index 7498f3f7fa..e97d63fcea 100644 --- a/src/soc/intel/alderlake/finalize.c +++ b/src/soc/intel/alderlake/finalize.c @@ -19,7 +19,6 @@ #include <intelblocks/pmclib.h> #include <intelblocks/systemagent.h> #include <intelblocks/tco.h> -#include <intelpch/lockdown.h> #include <soc/p2sb.h> #include <soc/pci_devs.h> #include <soc/pcr_ids.h> @@ -74,12 +73,6 @@ static void tbt_finalize(void) } } -static void sa_finalize(void) -{ - if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT) - sa_lock_pam(); -} - static void heci_finalize(void) { heci_set_to_d0i3(); @@ -94,7 +87,6 @@ static void soc_finalize(void *unused) pch_finalize(); apm_control(APM_CNT_FINALIZE); tbt_finalize(); - sa_finalize(); if (CONFIG(USE_FSP_NOTIFY_PHASE_READY_TO_BOOT) && CONFIG(USE_FSP_NOTIFY_PHASE_END_OF_FIRMWARE)) heci_finalize(); diff --git a/src/soc/intel/cannonlake/finalize.c b/src/soc/intel/cannonlake/finalize.c index 541037726e..e45ae9ae98 100644 --- a/src/soc/intel/cannonlake/finalize.c +++ b/src/soc/intel/cannonlake/finalize.c @@ -14,7 +14,6 @@ #include <intelblocks/systemagent.h> #include <intelblocks/tco.h> #include <intelblocks/thermal.h> -#include <intelpch/lockdown.h> #include <soc/p2sb.h> #include <soc/pci_devs.h> #include <soc/pcr_ids.h> @@ -83,19 +82,12 @@ static void pch_finalize(void) } -static void sa_finalize(void) -{ - if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT) - sa_lock_pam(); -} - static void soc_finalize(void *unused) { printk(BIOS_DEBUG, "Finalizing chipset.\n"); pch_finalize(); apm_control(APM_CNT_FINALIZE); - sa_finalize(); if (CONFIG(DISABLE_HECI1_AT_PRE_BOOT) && CONFIG(SOC_INTEL_COMMON_BLOCK_HECI1_DISABLE_USING_PMC_IPC)) heci1_disable(); diff --git a/src/soc/intel/common/pch/lockdown/lockdown.c b/src/soc/intel/common/pch/lockdown/lockdown.c index d42b88060b..42f01bf6d3 100644 --- a/src/soc/intel/common/pch/lockdown/lockdown.c +++ b/src/soc/intel/common/pch/lockdown/lockdown.c @@ -5,6 +5,7 @@ #include <intelblocks/fast_spi.h> #include <intelblocks/lpc_lib.h> #include <intelblocks/pcr.h> +#include <intelblocks/systemagent.h> #include <intelpch/lockdown.h> #include <intelblocks/gpmr.h> #include <soc/pci_devs.h> @@ -107,6 +108,15 @@ static void lpc_lockdown_config(int chipset_lockdown) } } +static void sa_lockdown_config(int chipset_lockdown) +{ + if (!CONFIG(SOC_INTEL_COMMON_BLOCK_SA)) + return; + + if (chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) + sa_lock_pam(); +} + /* * platform_lockdown_config has 2 major part. * 1. Common SoC lockdown configuration. @@ -127,6 +137,9 @@ static void platform_lockdown_config(void *unused) /* GPMR lock down configuration */ gpmr_lockdown_cfg(); + /* SA lock down configuration */ + sa_lockdown_config(chipset_lockdown); + /* SoC lock down configuration */ soc_lockdown_config(chipset_lockdown); } diff --git a/src/soc/intel/elkhartlake/finalize.c b/src/soc/intel/elkhartlake/finalize.c index ba1b2c4845..493a3ad7c8 100644 --- a/src/soc/intel/elkhartlake/finalize.c +++ b/src/soc/intel/elkhartlake/finalize.c @@ -11,7 +11,6 @@ #include <intelblocks/pmclib.h> #include <intelblocks/systemagent.h> #include <intelblocks/tco.h> -#include <intelpch/lockdown.h> #include <soc/p2sb.h> #include <soc/pci_devs.h> #include <soc/pcr_ids.h> @@ -31,19 +30,12 @@ static void pch_finalize(void) pmc_clear_pmcon_sts(); } -static void sa_finalize(void) -{ - if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT) - sa_lock_pam(); -} - static void soc_finalize(void *unused) { printk(BIOS_DEBUG, "Finalizing chipset.\n"); pch_finalize(); apm_control(APM_CNT_FINALIZE); - sa_finalize(); /* Indicate finalize step with post code */ post_code(POST_OS_BOOT); diff --git a/src/soc/intel/jasperlake/finalize.c b/src/soc/intel/jasperlake/finalize.c index 3b0d49742e..5665d75340 100644 --- a/src/soc/intel/jasperlake/finalize.c +++ b/src/soc/intel/jasperlake/finalize.c @@ -11,7 +11,6 @@ #include <intelblocks/pmclib.h> #include <intelblocks/systemagent.h> #include <intelblocks/tco.h> -#include <intelpch/lockdown.h> #include <soc/p2sb.h> #include <soc/pci_devs.h> #include <soc/pcr_ids.h> @@ -71,19 +70,12 @@ static void pch_finalize(void) pmc_clear_pmcon_sts(); } -static void sa_finalize(void) -{ - if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT) - sa_lock_pam(); -} - static void soc_finalize(void *unused) { printk(BIOS_DEBUG, "Finalizing chipset.\n"); pch_finalize(); apm_control(APM_CNT_FINALIZE); - sa_finalize(); /* Indicate finalize step with post code */ post_code(POST_OS_BOOT); diff --git a/src/soc/intel/tigerlake/finalize.c b/src/soc/intel/tigerlake/finalize.c index 1067278251..283efb50df 100644 --- a/src/soc/intel/tigerlake/finalize.c +++ b/src/soc/intel/tigerlake/finalize.c @@ -18,7 +18,6 @@ #include <intelblocks/pmclib.h> #include <intelblocks/systemagent.h> #include <intelblocks/tco.h> -#include <intelpch/lockdown.h> #include <soc/p2sb.h> #include <soc/pci_devs.h> #include <soc/pcr_ids.h> @@ -51,12 +50,6 @@ static void tbt_finalize(void) } } -static void sa_finalize(void) -{ - if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT) - sa_lock_pam(); -} - static void soc_finalize(void *unused) { printk(BIOS_DEBUG, "Finalizing chipset.\n"); @@ -64,7 +57,6 @@ static void soc_finalize(void *unused) pch_finalize(); apm_control(APM_CNT_FINALIZE); tbt_finalize(); - sa_finalize(); if (CONFIG(DISABLE_HECI1_AT_PRE_BOOT)) heci1_disable(); |