diff options
author | Sridhar Siricilla <sridhar.siricilla@intel.com> | 2019-11-27 16:02:47 +0530 |
---|---|---|
committer | Patrick Georgi <pgeorgi@google.com> | 2020-03-15 13:10:36 +0000 |
commit | d16187ed2a6bf23022119c735d24c14d6fafae4b (patch) | |
tree | fd1435f7a4e1ce215ff41523e11f4a0697e396df /Documentation/security | |
parent | 39ff703aa989ebdc056dd27e181fd135a551f522 (diff) |
soc/intel/common/block/cse: Modify handling of HMRFPO_ENABLE command
Below changes are done:
1. Allow execution of HMRFPO_ENABLE command if CSE meets below
prerequisites:
- Current operation mode(COM) is Normal and Curret working state(CWS)
is Normal.
-(or) COM is Soft Temp Disable and CWS is Normal if ME's
Firmware SKU is Custom.
2. Check response status.
3. Add documentation for send_hmrfpo_enable_msg().
4. Rename padding field of hmrfpo_enable_resp to reserved.
The HMRFPO (Host ME Region Flash Protection Override) mode prevents CSE to
execute SPI I/O cycles to CSE region, and unlocks the CSE region to perform
updates to it. This command is only valid before EOP(End of Post).
For Custom SKU, follow below procedure to place CSE in HMRFPO mode:
1. Ensure CSE boots from BP1. When CSE boots from BP1, it will have
opmode Temp Disable Mode.
2. Send HMRFPO_ENABLE command to CSE. Then, CSE enters HMRFPO mode.
CSE Firmware Custom SKU Image Layout:
= [RO] + [RW + DATA PART] = [BP1] + [BP2 + DATA PART]
Here, BP1 will have reduced functionality of BP2, and the BP1 will be
CSE's RO partition and [BP2 + DATA PART] together will represent
CSE's RW partition. CSE can boot from either BP1(RO) or BP2(RW).
CSE Image Layout in Consumer SKU: BP2 + BP3 + DATA PART
TEST=Verfied on hatch board.
Change-Id: I7c87998fa105947e5ba4638a8e68625e46703448
Signed-off-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37283
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Diffstat (limited to 'Documentation/security')
0 files changed, 0 insertions, 0 deletions