soc/intel/common: add generic gpio lock mechanism

For added security, there are some gpios that an SoC will want to lock
once initially configured, such as gpios attached to non-host (x86)
controllers, so that they can't be recofigured at a later point in
time by rogue code.

Likewise, a mainboard may have some gpios connected to secure busses
and/or devices that they want to protect from being changed post
initial configuration.

This change adds a generic gpio locking mechanism that allows the SoC
to export a list of GPIOs to be locked down and allows the mainboard
to export a list of GPIOs that it wants locked down once
initialization is complete.

Use the SOC_INTEL_COMMON_BLOCK_SMM_LOCK_GPIO_PADS Kconfig option to
enable this feature.

BUG=b:201430600
TEST='emerge-brya coreboot chromeos-bootimage', flash and verify
brya0 boots successfully to kernel.

Signed-off-by: Nick Vaccaro <nvaccaro@google.com>
Change-Id: I42979fb89567d8bcd9392da4fb8c4113ef427b14
Reviewed-on: https://review.coreboot.org/c/coreboot/+/58351
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>

2 files changed, 45 insertions, 0 deletions

diff --git a/src/soc/intel/common/block/smm/Kconfig b/src/soc/intel/common/block/smm/Kconfig
index 77ba00c027..2d960d6b47 100644
--- a/src/soc/intel/common/block/smm/Kconfig
+++ b/src/soc/intel/common/block/smm/Kconfig
@@ -8,6 +8,13 @@ config SOC_INTEL_COMMON_BLOCK_SMM_IO_TRAP
 	help
 	  Intel Processor trap flag if it is supported
 
+config SOC_INTEL_COMMON_BLOCK_SMM_LOCK_GPIO_PADS
+	bool
+	help
+	  Enable locking of security-sensitive SoC and mainboard GPIOs.
+	  An SoC may provide a list of gpios to lock, and the mainboard
+	  may also provide a list of gpios to lock.
+
 config SOC_INTEL_COMMON_BLOCK_SMM_ESPI_DISABLE
 	bool
 	default n
diff --git a/src/soc/intel/common/block/smm/smihandler.c b/src/soc/intel/common/block/smm/smihandler.c
index e1eadb6676..32de2f6cf1 100644
--- a/src/soc/intel/common/block/smm/smihandler.c
+++ b/src/soc/intel/common/block/smm/smihandler.c
@@ -311,6 +311,40 @@ static void southbridge_smi_store(
 	}
 }
 
+__weak const struct gpio_lock_config *soc_gpio_lock_config(size_t *num)
+{
+	*num = 0;
+	return NULL;
+}
+
+__weak const struct gpio_lock_config *mb_gpio_lock_config(size_t *num)
+{
+	*num = 0;
+	return NULL;
+}
+
+static void soc_lock_gpios(void)
+{
+	const struct gpio_lock_config *soc_gpios;
+	const struct gpio_lock_config *mb_gpios;
+	size_t soc_gpio_num;
+	size_t mb_gpio_num;
+
+	/* get list of gpios from SoC */
+	soc_gpios = soc_gpio_lock_config(&soc_gpio_num);
+
+	/* get list of gpios from mainboard */
+	mb_gpios = mb_gpio_lock_config(&mb_gpio_num);
+
+	/* Lock any soc requested gpios */
+	if (soc_gpio_num)
+		gpio_lock_pads(soc_gpios, soc_gpio_num);
+
+	/* Lock any mainboard requested gpios */
+	if (mb_gpio_num)
+		gpio_lock_pads(mb_gpios, mb_gpio_num);
+}
+
 static void finalize(void)
 {
 	static int finalize_done;
@@ -337,6 +371,10 @@ static void finalize(void)
 	 */
 	mainboard_smi_finalize();
 
+	/* Lock down all GPIOs that may have been requested by the SoC and/or the mainboard. */
+	if (CONFIG(SOC_INTEL_COMMON_BLOCK_SMM_LOCK_GPIO_PADS))
+		soc_lock_gpios();
+
 	/* Specific SOC SMI handler during ramstage finalize phase */
 	smihandler_soc_at_finalize();
 }