summaryrefslogtreecommitdiff
path: root/src/soc
diff options
context:
space:
mode:
Diffstat (limited to 'src/soc')
-rw-r--r--src/soc/intel/skylake/chip.c9
-rw-r--r--src/soc/intel/skylake/chip.h35
-rw-r--r--src/soc/intel/skylake/chip_fsp20.c26
-rw-r--r--src/soc/intel/skylake/finalize.c20
4 files changed, 30 insertions, 60 deletions
diff --git a/src/soc/intel/skylake/chip.c b/src/soc/intel/skylake/chip.c
index ab069488a0..7014c24d9e 100644
--- a/src/soc/intel/skylake/chip.c
+++ b/src/soc/intel/skylake/chip.c
@@ -147,11 +147,12 @@ void soc_silicon_init_params(SILICON_INIT_UPD *params)
params->EnableSata = config->EnableSata;
params->SataMode = config->SataMode;
params->LockDownConfigGlobalSmi = config->LockDownConfigGlobalSmi;
- params->LockDownConfigBiosInterface =
- config->LockDownConfigBiosInterface;
params->LockDownConfigRtcLock = config->LockDownConfigRtcLock;
- params->LockDownConfigBiosLock = config->LockDownConfigBiosLock;
- params->LockDownConfigSpiEiss = config->LockDownConfigSpiEiss;
+ if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) {
+ params->LockDownConfigBiosInterface = 0;
+ params->LockDownConfigBiosLock = 0;
+ params->LockDownConfigSpiEiss = 0;
+ }
params->PchConfigSubSystemVendorId = config->PchConfigSubSystemVendorId;
params->PchConfigSubSystemId = config->PchConfigSubSystemId;
params->WakeConfigWolEnableOverride =
diff --git a/src/soc/intel/skylake/chip.h b/src/soc/intel/skylake/chip.h
index ea985db11a..beb5a7aa0b 100644
--- a/src/soc/intel/skylake/chip.h
+++ b/src/soc/intel/skylake/chip.h
@@ -262,29 +262,10 @@ struct soc_intel_skylake_config {
/* Enable SMI_LOCK bit to prevent writes to the Global SMI Enable bit.*/
u8 LockDownConfigGlobalSmi;
/*
- * Enable BIOS Interface Lock Down bit to prevent writes to the Backup
- * Control Register. Top Swap bit and the General Control and Status
- * Registers Boot BIOS Straps.
- */
- u8 LockDownConfigBiosInterface;
- /*
* Enable RTC lower and upper 128 byte Lock bits to lock Bytes 38h-3Fh
* in the upper and and lower 128-byte bank of RTC RAM.
*/
u8 LockDownConfigRtcLock;
- /*
- * When enabled, the BIOS Region can only be modified from SMM after
- * EndOfDxe protocol is installed
- */
- u8 LockDownConfigBiosLock;
- /*
- * Enable InSMM.STS (EISS) in SPI If this bit is set, then WPD must be a
- * '1' and InSMM.STS must be '1' also in order to write to BIOS regions
- * of SPI Flash. If this bit is clear, then the InSMM.STS is a don't
- * care. The BIOS must set the EISS bit while BIOS Guard support is
- * enabled.
- */
- u8 LockDownConfigSpiEiss;
/* Subsystem Vendor ID of the PCH devices*/
u16 PchConfigSubSystemVendorId;
/* Subsystem ID of the PCH devices*/
@@ -493,14 +474,16 @@ struct soc_intel_skylake_config {
* 0b - Disabled
*/
u8 eist_enable;
- /*
- * Skip Spi Flash Lockdown from inside FSP.
- * Making this config "0" means FSP won't set the FLOCKDN bit of
- * SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL).
- * So, it becomes coreboot's responsibility to set this bit before
- * end of POST for security concerns.
+ /* Chipset (LPC and SPI) Lock Down
+ * 1b - coreboot to handle lockdown
+ * 0b - FSP to handle lockdown
*/
- u8 SpiFlashCfgLockDown;
+ enum {
+ /* lock according to binary UPD settings */
+ CHIPSET_LOCKDOWN_FSP,
+ /* coreboot handles locking */
+ CHIPSET_LOCKDOWN_COREBOOT,
+ } chipset_lockdown;
};
typedef struct soc_intel_skylake_config config_t;
diff --git a/src/soc/intel/skylake/chip_fsp20.c b/src/soc/intel/skylake/chip_fsp20.c
index c5ecc97b01..aa612ede0a 100644
--- a/src/soc/intel/skylake/chip_fsp20.c
+++ b/src/soc/intel/skylake/chip_fsp20.c
@@ -201,7 +201,6 @@ void platform_fsp_silicon_init_params_cb(FSPS_UPD *supd)
params->SataEnable = config->EnableSata;
params->SataMode = config->SataMode;
tconfig->PchLockDownGlobalSmi = config->LockDownConfigGlobalSmi;
- tconfig->PchLockDownBiosInterface = config->LockDownConfigBiosInterface;
tconfig->PchLockDownRtcLock = config->LockDownConfigRtcLock;
/*
* To disable HECI, the Psf needs to be left unlocked
@@ -210,9 +209,19 @@ void platform_fsp_silicon_init_params_cb(FSPS_UPD *supd)
* do the changes and then lock it back in coreboot during finalize.
*/
tconfig->PchSbAccessUnlock = (config->HeciEnabled == 0) ? 1 : 0;
-
- params->PchLockDownBiosLock = config->LockDownConfigBiosLock;
- params->PchLockDownSpiEiss = config->LockDownConfigSpiEiss;
+ if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) {
+ tconfig->PchLockDownBiosInterface = 0;
+ params->PchLockDownBiosLock = 0;
+ params->PchLockDownSpiEiss = 0;
+ /*
+ * Skip Spi Flash Lockdown from inside FSP.
+ * Making this config "0" means FSP won't set the FLOCKDN bit
+ * of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL).
+ * So, it becomes coreboot's responsibility to set this bit
+ * before end of POST for security concerns.
+ */
+ params->SpiFlashCfgLockDown = 0;
+ }
params->PchSubSystemVendorId = config->PchConfigSubSystemVendorId;
params->PchSubSystemId = config->PchConfigSubSystemId;
params->PchPmWolEnableOverride = config->WakeConfigWolEnableOverride;
@@ -248,15 +257,6 @@ void platform_fsp_silicon_init_params_cb(FSPS_UPD *supd)
params->ShowSpiController = dev->enabled;
/*
- * Skip Spi Flash Lockdown from inside FSP.
- * Making this config "0" means FSP won't set the FLOCKDN bit of
- * SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL).
- * So, it becomes coreboot's responsibility to set this bit before
- * end of POST for security concerns.
- */
- params->SpiFlashCfgLockDown = config->SpiFlashCfgLockDown;
-
- /*
* Send VR specific mailbox commands:
* 000b - no VR specific command sent
* 001b - VR mailbox command specifically for the MPS IMPV8 VR
diff --git a/src/soc/intel/skylake/finalize.c b/src/soc/intel/skylake/finalize.c
index 9759382149..404d217a87 100644
--- a/src/soc/intel/skylake/finalize.c
+++ b/src/soc/intel/skylake/finalize.c
@@ -184,8 +184,8 @@ static void soc_lockdown(void)
pci_write_config8(dev, GEN_PMCON_A, reg8);
}
- /* Bios Interface Lock */
- if (config->LockDownConfigBiosInterface == 0) {
+ if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) {
+ /* Bios Interface Lock */
pci_write_config8(PCH_DEV_LPC, BIOS_CNTL,
pci_read_config8(PCH_DEV_LPC,
BIOS_CNTL) | LPC_BC_BILD);
@@ -196,10 +196,8 @@ static void soc_lockdown(void)
/* GCS reg of DMI */
pcr_or8(PID_DMI, PCR_DMI_GCS, PCR_DMI_GCS_BILD);
- }
- /* Bios Lock */
- if (config->LockDownConfigBiosLock == 0) {
+ /* Bios Lock */
pci_write_config8(PCH_DEV_LPC, BIOS_CNTL,
pci_read_config8(PCH_DEV_LPC,
BIOS_CNTL) | LPC_BC_LE);
@@ -209,18 +207,6 @@ static void soc_lockdown(void)
fast_spi_set_lock_enable();
}
-
- /* SPIEiss */
- if (config->LockDownConfigSpiEiss == 0) {
- pci_write_config8(PCH_DEV_LPC, BIOS_CNTL,
- pci_read_config8(PCH_DEV_LPC,
- BIOS_CNTL) | LPC_BC_EISS);
-
- /* Ensure an additional read back after performing lock down */
- pci_read_config8(PCH_DEV_LPC, BIOS_CNTL);
-
- fast_spi_set_eiss();
- }
}
static void soc_finalize(void *unused)
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-02 02:10:14 +0000