diff options
author | Reka Norman <rekanorman@chromium.org> | 2022-11-08 10:58:27 +1100 |
---|---|---|
committer | Felix Held <felix-coreboot@felixheld.de> | 2022-11-17 13:22:17 +0000 |
commit | bedc9b75a7d58c9647a5e980a81ddca471d60b50 (patch) | |
tree | e0b7d3331e96f073e962f0d863f55f3b48c9227b /src/soc | |
parent | 08c77dadf359d42ef99e86647b7b4c73c3cc9f0e (diff) |
soc/intel/alderlake: Check MANUF_LOCK when logging manufacturing mode
As per Intel doc #627331 Section 3.6.1 "Intel CSME Production Machine
Determination", from ADL onwards there are three criteria which
determine whether a device is in production mode:
1. Fuses are programmed
2. SPI descriptor is locked
3. Manufacturing variables are locked
When logging whether the device is in manufacturing mode, 1 and 2 are
already checked. Add a check for 3 as well.
Also add logs for each individual criteria so it's easy to tell why the
overall Manufacturing Mode is set or not.
BUG=b:255462682
TEST=On a nivviks which has not gone through EOM:
Before:
[DEBUG] ME: Manufacturing Mode : YES
[DEBUG] ME: SPI Protection Mode Enabled : NO
After:
[DEBUG] ME: Manufacturing Mode : YES
[DEBUG] ME: SPI Protection Mode Enabled : NO
[DEBUG] ME: FPFs Committed : NO
[DEBUG] ME: Manufacturing Vars Locked : NO
On an anahera which has gone through EOM:
Before:
[DEBUG] ME: Manufacturing Mode : NO
[DEBUG] ME: SPI Protection Mode Enabled : YES
After:
[DEBUG] ME: Manufacturing Mode : NO
[DEBUG] ME: SPI Protection Mode Enabled : YES
[DEBUG] ME: FPFs Committed : YES
[DEBUG] ME: Manufacturing Vars Locked : YES
Change-Id: Iac605baa291ab5cc5f28464006f4828c12c748fe
Signed-off-by: Reka Norman <rekanorman@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69324
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Reviewed-by: Kangheui Won <khwon@chromium.org>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/soc')
-rw-r--r-- | src/soc/intel/alderlake/me.c | 31 |
1 files changed, 23 insertions, 8 deletions
diff --git a/src/soc/intel/alderlake/me.c b/src/soc/intel/alderlake/me.c index a965807c44..4937cedeac 100644 --- a/src/soc/intel/alderlake/me.c +++ b/src/soc/intel/alderlake/me.c @@ -102,11 +102,25 @@ static void log_me_ro_write_protection_info(bool mfg_mode) base, limit); } - /* If EOM is disabled, but CSE RO is not write protected, log error */ + /* + * If manufacturing mode is disabled, but CSE RO is not write protected, + * log error. + */ if (!mfg_mode && !cse_ro_wp_en) printk(BIOS_ERR, "ME: Write protection for CSE RO is not enabled\n"); } +static bool is_manuf_mode(union me_hfsts1 hfsts1, union me_hfsts6 hfsts6) +{ + /* + * ME manufacturing mode is disabled if the descriptor is locked, fuses + * are programmed and manufacturing variables are locked. + */ + return !((hfsts1.fields.mfg_mode == 0) && + (hfsts6.fields.fpf_soc_lock == 1) && + (hfsts6.fields.manuf_lock == 1)); +} + static void dump_me_status(void *unused) { union me_hfsts1 hfsts1; @@ -115,6 +129,7 @@ static void dump_me_status(void *unused) union me_hfsts4 hfsts4; union me_hfsts5 hfsts5; union me_hfsts6 hfsts6; + bool manuf_mode; if (!is_cse_enabled()) return; @@ -133,19 +148,19 @@ static void dump_me_status(void *unused) printk(BIOS_DEBUG, "ME: HFSTS5 : 0x%08X\n", hfsts5.data); printk(BIOS_DEBUG, "ME: HFSTS6 : 0x%08X\n", hfsts6.data); - /* - * Lock Descriptor, and Fuses must be programmed on a - * production system to indicate ME Manufacturing mode is disabled. - */ + manuf_mode = is_manuf_mode(hfsts1, hfsts6); printk(BIOS_DEBUG, "ME: Manufacturing Mode : %s\n", - ((hfsts1.fields.mfg_mode == 0) && - (hfsts6.fields.fpf_soc_lock == 1)) ? "NO" : "YES"); + manuf_mode ? "YES" : "NO"); /* * The SPI Protection Mode bit reflects SPI descriptor * locked(0) or unlocked(1). */ printk(BIOS_DEBUG, "ME: SPI Protection Mode Enabled : %s\n", hfsts1.fields.mfg_mode ? "NO" : "YES"); + printk(BIOS_DEBUG, "ME: FPFs Committed : %s\n", + hfsts6.fields.fpf_soc_lock ? "YES" : "NO"); + printk(BIOS_DEBUG, "ME: Manufacturing Vars Locked : %s\n", + hfsts6.fields.manuf_lock ? "YES" : "NO"); printk(BIOS_DEBUG, "ME: FW Partition Table : %s\n", hfsts1.fields.fpt_bad ? "BAD" : "OK"); printk(BIOS_DEBUG, "ME: Bringup Loader Failure : %s\n", @@ -180,7 +195,7 @@ static void dump_me_status(void *unused) hfsts6.fields.txt_support ? "YES" : "NO"); if (CONFIG(SOC_INTEL_CSE_LITE_SKU)) - log_me_ro_write_protection_info(!!hfsts1.fields.mfg_mode); + log_me_ro_write_protection_info(manuf_mode); } BOOT_STATE_INIT_ENTRY(BS_DEV_ENABLE, BS_ON_EXIT, print_me_fw_version, NULL); |