diff options
author | Felix Singer <felixsinger@posteo.net> | 2021-05-03 02:25:08 +0200 |
---|---|---|
committer | Tim Wawrzynczak <twawrzynczak@chromium.org> | 2021-08-12 21:41:46 +0000 |
commit | 5385b4daa89cdf4077bce91f917f63ea7b82438c (patch) | |
tree | 953ce491e6a4653229afb38f1194a735a2dc4e37 /src/soc | |
parent | 85ebab85419d737a77c9ba0544b8bd35359e541b (diff) |
soc/intel/skylake: Clean up FSP chipset lockdown configuration
Use a variable to store if the FSP should be responsible for the chipset
lockdown and use it for setting related configuration options. Thus, get
rid of that if-clause and adjust comments.
This changes behavior since now related options are always set,
depending on if coreboot or the FSP should be responsible for the
chipset lockdown. This ensures a defined state independent from the
default configuration of the FSP.
Change-Id: I0c43a11a40a474de4af22aa5506b1d387809bda2
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52843
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Diffstat (limited to 'src/soc')
-rw-r--r-- | src/soc/intel/skylake/chip.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/src/soc/intel/skylake/chip.c b/src/soc/intel/skylake/chip.c index 39799114ef..c99067db3d 100644 --- a/src/soc/intel/skylake/chip.c +++ b/src/soc/intel/skylake/chip.c @@ -409,19 +409,19 @@ void platform_fsp_silicon_init_params_cb(FSPS_UPD *supd) * do the changes and then lock it back in coreboot during finalize. */ tconfig->PchSbAccessUnlock = (config->HeciEnabled == 0) ? 1 : 0; - if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT) { - tconfig->PchLockDownBiosInterface = 0; - params->PchLockDownBiosLock = 0; - params->PchLockDownSpiEiss = 0; - /* - * Skip Spi Flash Lockdown from inside FSP. - * Making this config "0" means FSP won't set the FLOCKDN bit - * of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL). - * So, it becomes coreboot's responsibility to set this bit - * before end of POST for security concerns. - */ - params->SpiFlashCfgLockDown = 0; - } + + const bool lockdown_by_fsp = get_lockdown_config() == CHIPSET_LOCKDOWN_FSP; + tconfig->PchLockDownBiosInterface = lockdown_by_fsp; + params->PchLockDownBiosLock = lockdown_by_fsp; + params->PchLockDownSpiEiss = lockdown_by_fsp; + /* + * Making this config "0" means FSP won't set the FLOCKDN bit + * of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL). + * So, it becomes coreboot's responsibility to set this bit + * before end of POST for security concerns. + */ + params->SpiFlashCfgLockDown = lockdown_by_fsp; + /* FSP should let coreboot set subsystem IDs, which are read/write-once */ params->DefaultSvid = 0; params->PchSubSystemVendorId = 0; |