diff options
-rw-r--r-- | src/soc/intel/skylake/chip.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/src/soc/intel/skylake/chip.c b/src/soc/intel/skylake/chip.c index 39799114ef..c99067db3d 100644 --- a/src/soc/intel/skylake/chip.c +++ b/src/soc/intel/skylake/chip.c @@ -409,19 +409,19 @@ void platform_fsp_silicon_init_params_cb(FSPS_UPD *supd) * do the changes and then lock it back in coreboot during finalize. */ tconfig->PchSbAccessUnlock = (config->HeciEnabled == 0) ? 1 : 0; - if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT) { - tconfig->PchLockDownBiosInterface = 0; - params->PchLockDownBiosLock = 0; - params->PchLockDownSpiEiss = 0; - /* - * Skip Spi Flash Lockdown from inside FSP. - * Making this config "0" means FSP won't set the FLOCKDN bit - * of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL). - * So, it becomes coreboot's responsibility to set this bit - * before end of POST for security concerns. - */ - params->SpiFlashCfgLockDown = 0; - } + + const bool lockdown_by_fsp = get_lockdown_config() == CHIPSET_LOCKDOWN_FSP; + tconfig->PchLockDownBiosInterface = lockdown_by_fsp; + params->PchLockDownBiosLock = lockdown_by_fsp; + params->PchLockDownSpiEiss = lockdown_by_fsp; + /* + * Making this config "0" means FSP won't set the FLOCKDN bit + * of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL). + * So, it becomes coreboot's responsibility to set this bit + * before end of POST for security concerns. + */ + params->SpiFlashCfgLockDown = lockdown_by_fsp; + /* FSP should let coreboot set subsystem IDs, which are read/write-once */ params->DefaultSvid = 0; params->PchSubSystemVendorId = 0; |