diff options
| author | Subrata Banik <subrata.banik@intel.com> | 2019-07-24 13:43:22 +0530 |
|---|---|---|
| committer | Furquan Shaikh <furquan@google.com> | 2019-07-30 16:55:08 +0000 |
| commit | 990a05d26123dc9bfa5e802ac66e1482d0c06f8a (patch) | |
| tree | c3f7623a69156a9649ac2845cb5a7c5998d6b2d6 /src/soc | |
| parent | 669e155ad2738c55e1bd52477a791afa682e23e9 (diff) | |
soc/intel/cannonlake: Allow coreboot to handle required chipset lockdown
This patch disables FSP-S chipset lockdown UPDs and lets coreboot perform
chipset lockdown in ramstage.
BUG=b:138200201
TEST=FSP debug build suggests those UPDs are disable now.
Change-Id: I7e53c4e4987a7b0e7f475c92b0f797d94fdd60f4
Signed-off-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34541
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Diffstat (limited to 'src/soc')
| -rw-r--r-- | src/soc/intel/cannonlake/fsp_params.c | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/src/soc/intel/cannonlake/fsp_params.c b/src/soc/intel/cannonlake/fsp_params.c index 6fb3060d61..f696f79d04 100644 --- a/src/soc/intel/cannonlake/fsp_params.c +++ b/src/soc/intel/cannonlake/fsp_params.c @@ -19,6 +19,7 @@ #include <fsp/api.h> #include <fsp/util.h> #include <intelblocks/xdci.h> +#include <intelpch/lockdown.h> #include <soc/intel/common/vbt.h> #include <soc/pci_devs.h> #include <soc/ramstage.h> @@ -402,6 +403,39 @@ void platform_fsp_silicon_init_params_cb(FSPS_UPD *supd) configure_gspi_cs(i, config, ¶ms->SerialIoSpiCsPolarity[0], NULL, NULL); #endif + + /* Chipset Lockdown */ + if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT) { + tconfig->PchLockDownGlobalSmi = 0; + tconfig->PchLockDownBiosInterface = 0; + params->PchLockDownBiosLock = 0; + params->PchLockDownRtcMemoryLock = 0; + /* + * TODO: Disable SpiFlashCfgLockDown config after FSP provides + * dedicated UPD + * + * Skip SPI Flash Lockdown from inside FSP. + * Making this config "0" means FSP won't set the FLOCKDN bit + * of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL). + * So, it becomes coreboot's responsibility to set this bit + * before end of POST for security concerns. + */ + // params->SpiFlashCfgLockDown = 0; + } else { + tconfig->PchLockDownGlobalSmi = 1; + tconfig->PchLockDownBiosInterface = 1; + params->PchLockDownBiosLock = 1; + params->PchLockDownRtcMemoryLock = 1; + /* + * TODO: Enable SpiFlashCfgLockDown config after FSP provides + * dedicated UPD + * + * Enable SPI Flash Lockdown from inside FSP. + * Making this config "1" means FSP will set the FLOCKDN bit + * of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL). + */ + // params->SpiFlashCfgLockDown = 1; + } } /* Mainboard GPIO Configuration */ |