Age | Commit message (Collapse) | Author |
|
This patch to ensures that coreboot is performing SPI
registers lockdown after PCI enumeration is done.
This requirements are intended to support platform security
guideline where all required chipset registers are expected
to be in lock down stage before launching any 3rd party
code as in option rom etc.
coreboot has to change its execution order to meet those
requirements. Hence SPI lock down programming has been moved
right after pci resource allocation is donei, so that
SPI registers can be lock down before calling post pci
enumeration FSP NotifyPhase() API which is targeted to
be done in BS_DEV_ENABLE-BS_ON_ENTRY.
TEST=Ensure SPIBAR+HSFSTS(0x04) register FLOCKDN bit and WRSDIS
bit is set. Also, Bits 8-12 of SPIBAR+DLOCK(0x0C) register is set.
Change-Id: I8f5a952656e51d3bf365917b90d3056b46f899c5
Signed-off-by: Barnali Sarkar <barnali.sarkar@intel.com>
Reviewed-on: https://review.coreboot.org/21064
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
This patch to ensures that coreboot is performing DMI
registers lockdown after PCI enumeration is done.
This requirements are intended to support platform security
guideline where all required chipset registers are expected
to be in lock down stage before launching any 3rd party
code as in option rom etc.
coreboot has to change its execution order to meet those
requirements. Hence BIOS Interface lock down through Sideband
access has been moved right after pci resource allocation is done,
so that BILD lock down is getting executed along with LPC and SPI
BIOS interface lockdown settings before calling post pci
enumeration FSP NotifyPhase() API which is targeted to
be done in BS_DEV_ENABLE-BS_ON_ENTRY.
TEST=Ensure DMI register offset 0x274c bit 0 is set.
Change-Id: Ie66701d5bd8c8f389e23fb30c8595dd83cf6b1ae
Signed-off-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-on: https://review.coreboot.org/21030
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
This patch to ensures that coreboot is performing PMC
registers lockdown after PCI enumeration is done.
This requirements are intended to support platform security
guideline where all required chipset registers are expected
to be in lock down stage before launching any 3rd party
code as in option rom etc.
coreboot has to change its execution order to meet those
requirements. Hence PMC register lock down has been moved
right after pci resource allocation is done, so that
PMC registers can be lock down before calling post pci
enumeration FSP NotifyPhase() API which is targeted to
be done in BS_DEV_ENABLE-BS_ON_ENTRY.
TEST=Ensure PMC MMIO register 0xC4 bit 31 is set.
Change-Id: Ibd86a38fa78752ce007da63a9ccdd991ca21ab92
Signed-off-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-on: https://review.coreboot.org/21029
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
This patch to ensures that coreboot is performing LPC
registers lockdown after PCI enumeration is done.
This requirements are intended to support platform security
guideline where all required chipset registers are expected
to be in lock down stage before launching any 3rd party
code as in option rom etc.
coreboot has to change its execution order to meet those
requirements. Hence lpc register lock down has been moved
right after pci resource allocation is done, so that
lpc registers can be lock down before calling post pci
enumeration FSP NotifyPhase() API which is targeted to
be done in BS_DEV_ENABLE-BS_ON_ENTRY.
TEST=Ensure LPC register 0xDC bit 1 and 7 is set.
Change-Id: I705a3a3c6ddc72ae7895419442d67b82f541edee
Signed-off-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-on: https://review.coreboot.org/21000
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|