summaryrefslogtreecommitdiff
path: root/src/soc
diff options
context:
space:
mode:
authorJonathan Zhang <jonzhang@meta.com>2022-10-26 16:19:40 -0700
committerMartin L Roth <gaumless@gmail.com>2022-12-22 18:48:45 +0000
commitfb2ebbced7f64218667d5647f39c3d49d57a3159 (patch)
tree356bd540bbbfe5c5e2cbd187b0b4fc0c9a8beab2 /src/soc
parent39ede0af15f17bf853d7b3208d301dc623251c29 (diff)
soc/intel/xeon_sp: Lock down LPC configuration
For LPC, set BIOS interface lock. Also set the LPC BIOS control to match the SPI BIOS control settings. BIOS control EISS and WPD are set when the BOOTMEDIA_SMM_BWP config option is set. Change-Id: I3e3edc63c0d43b11b0999239ea49304772a05275 Signed-off-by: Marc Jones <marcjones@sysproconsulting.com> Signed-off-by: Jonathan Zhang <jonzhang@meta.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68876 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: David Hendricks <david.hendricks@gmail.com>
Diffstat (limited to 'src/soc')
-rw-r--r--src/soc/intel/xeon_sp/lockdown.c15
1 files changed, 15 insertions, 0 deletions
diff --git a/src/soc/intel/xeon_sp/lockdown.c b/src/soc/intel/xeon_sp/lockdown.c
index 49f3f5a0ee..7dc1f9834f 100644
--- a/src/soc/intel/xeon_sp/lockdown.c
+++ b/src/soc/intel/xeon_sp/lockdown.c
@@ -3,11 +3,25 @@
#include <device/mmio.h>
#include <device/pci.h>
#include <intelblocks/cfg.h>
+#include <intelblocks/lpc_lib.h>
#include <intelblocks/pmclib.h>
#include <intelpch/lockdown.h>
#include <soc/pci_devs.h>
#include <soc/pm.h>
+static void lpc_lockdown_config(void)
+{
+ /* Set BIOS Interface Lock, BIOS Lock */
+ lpc_set_bios_interface_lock_down();
+
+ /* Only allow writes in SMM */
+ if (CONFIG(BOOTMEDIA_SMM_BWP)) {
+ lpc_set_eiss();
+ lpc_enable_wp();
+ }
+ lpc_set_lock_enable();
+}
+
static void pmc_lockdown_config(int chipset_lockdown)
{
uint8_t *pmcbase;
@@ -36,6 +50,7 @@ static void sata_lockdown_config(int chipset_lockdown)
void soc_lockdown_config(int chipset_lockdown)
{
+ lpc_lockdown_config();
pmc_lockdown_config(chipset_lockdown);
sata_lockdown_config(chipset_lockdown);
}