diff options
author | Subrata Banik <subrata.banik@intel.com> | 2017-08-14 16:15:33 +0530 |
---|---|---|
committer | Aaron Durbin <adurbin@chromium.org> | 2017-08-25 18:02:06 +0000 |
commit | b51f54b518bf17a1bfb678d3d14dcf0996d882d2 (patch) | |
tree | 1e016479f41745936f40edbfe11d4a6d1405b1d5 /src/soc | |
parent | 2d1dd5943d12a6ef46ab6d3d580545e89622e47d (diff) |
soc/intel/skylake: Move LPC lock down config after resource allocation
This patch to ensures that coreboot is performing LPC
registers lockdown after PCI enumeration is done.
This requirements are intended to support platform security
guideline where all required chipset registers are expected
to be in lock down stage before launching any 3rd party
code as in option rom etc.
coreboot has to change its execution order to meet those
requirements. Hence lpc register lock down has been moved
right after pci resource allocation is done, so that
lpc registers can be lock down before calling post pci
enumeration FSP NotifyPhase() API which is targeted to
be done in BS_DEV_ENABLE-BS_ON_ENTRY.
TEST=Ensure LPC register 0xDC bit 1 and 7 is set.
Change-Id: I705a3a3c6ddc72ae7895419442d67b82f541edee
Signed-off-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-on: https://review.coreboot.org/21000
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Diffstat (limited to 'src/soc')
-rw-r--r-- | src/soc/intel/skylake/Makefile.inc | 1 | ||||
-rw-r--r-- | src/soc/intel/skylake/finalize.c | 13 | ||||
-rw-r--r-- | src/soc/intel/skylake/lockdown.c | 52 |
3 files changed, 53 insertions, 13 deletions
diff --git a/src/soc/intel/skylake/Makefile.inc b/src/soc/intel/skylake/Makefile.inc index baf6f01751..7046b8106c 100644 --- a/src/soc/intel/skylake/Makefile.inc +++ b/src/soc/intel/skylake/Makefile.inc @@ -53,6 +53,7 @@ ramstage-y += gspi.c ramstage-y += i2c.c ramstage-y += igd.c ramstage-y += irq.c +ramstage-y += lockdown.c ramstage-y += lpc.c ramstage-y += me.c ramstage-y += memmap.c diff --git a/src/soc/intel/skylake/finalize.c b/src/soc/intel/skylake/finalize.c index 404d217a87..a793e9551c 100644 --- a/src/soc/intel/skylake/finalize.c +++ b/src/soc/intel/skylake/finalize.c @@ -186,25 +186,12 @@ static void soc_lockdown(void) if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) { /* Bios Interface Lock */ - pci_write_config8(PCH_DEV_LPC, BIOS_CNTL, - pci_read_config8(PCH_DEV_LPC, - BIOS_CNTL) | LPC_BC_BILD); - /* Reads back for posted write to take effect */ - pci_read_config8(PCH_DEV_LPC, BIOS_CNTL); - fast_spi_set_bios_interface_lock_down(); /* GCS reg of DMI */ pcr_or8(PID_DMI, PCR_DMI_GCS, PCR_DMI_GCS_BILD); /* Bios Lock */ - pci_write_config8(PCH_DEV_LPC, BIOS_CNTL, - pci_read_config8(PCH_DEV_LPC, - BIOS_CNTL) | LPC_BC_LE); - - /* Ensure an additional read back after performing lock down */ - pci_read_config8(PCH_DEV_LPC, BIOS_CNTL); - fast_spi_set_lock_enable(); } } diff --git a/src/soc/intel/skylake/lockdown.c b/src/soc/intel/skylake/lockdown.c new file mode 100644 index 0000000000..ac138c20b3 --- /dev/null +++ b/src/soc/intel/skylake/lockdown.c @@ -0,0 +1,52 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2017 Intel Corporation. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <arch/io.h> +#include <bootstate.h> +#include <chip.h> +#include <soc/lpc.h> +#include <soc/pci_devs.h> +#include <string.h> + +static void lpc_lockdown_config(void) +{ + static struct soc_intel_skylake_config *config; + struct device *dev; + uint8_t reg_mask = 0; + + dev = PCH_DEV_LPC; + /* Check if LPC is enabled, else return */ + if (dev == NULL || dev->chip_info == NULL) + return; + + config = dev->chip_info; + + /* Set Bios Interface Lock, Bios Lock */ + if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) + reg_mask |= LPC_BC_BILD | LPC_BC_LE; + + pci_or_config8(dev, BIOS_CNTL, reg_mask); + /* Ensure an additional read back after performing lock down */ + pci_read_config8(dev, BIOS_CNTL); +} + +static void platform_lockdown_config(void *unused) +{ + /* LPC lock down configuration */ + lpc_lockdown_config(); +} + +BOOT_STATE_INIT_ENTRY(BS_DEV_RESOURCES, BS_ON_EXIT, platform_lockdown_config, + NULL); |