From d533b16669a3bacb19b2824e6b4bc76a2a18c92a Mon Sep 17 00:00:00 2001 From: Bill XIE Date: Tue, 22 Aug 2017 16:26:22 +0800 Subject: sb/intel/*: add option to lockdown chipset on normal boot path On platforms with a PCH, some registers within host bridge should be locked down on each normal boot path (done by either coreboot or payload) and S3 resume (always done by coreboot). A function to perform such locking is implemented in src/northbridge/ intel/*/finalize.c, and is designed as the handler of an #SMI triggered with outb(APM_CNT_FINALIZE, APM_CNT), but currently this #SMI is only triggered during s3 resume, and not on normal boot path. This problem has beed discussed in https://mail.coreboot.org/pipermail/coreboot/2017-August/084924.html . This time, an option "INTEL_CHIPSET_LOCKDOWN" within src/southbridge/ intel/common/Kconfig is added to control the actual locking, which depends on several compatibility flags, including "HAVE_INTEL_CHIPSET_LOCKDOWN". In this commit, "ibexpeak", "bd82x6x", "fsp_bd82x6x", and "lynxpoint" have the flag "HAVE_INTEL_CHIPSET_LOCKDOWN" selected. The change is only well tested on Sandy Bridge, my Lenovo x230. Change-Id: I43d4142291c8737b29738c41e8c484328b297b55 Signed-off-by: Bill XIE Reviewed-on: https://review.coreboot.org/21129 Tested-by: build bot (Jenkins) Reviewed-by: Nico Huber --- src/southbridge/intel/bd82x6x/Kconfig | 1 + src/southbridge/intel/bd82x6x/lpc.c | 9 ++++++--- src/southbridge/intel/common/Kconfig | 13 +++++++++++++ src/southbridge/intel/fsp_bd82x6x/Kconfig | 1 + src/southbridge/intel/fsp_bd82x6x/lpc.c | 12 ++++++++++++ src/southbridge/intel/ibexpeak/Kconfig | 1 + src/southbridge/intel/ibexpeak/lpc.c | 12 ++++++++++++ src/southbridge/intel/lynxpoint/Kconfig | 1 + src/southbridge/intel/lynxpoint/smi.c | 6 +++--- 9 files changed, 50 insertions(+), 6 deletions(-) diff --git a/src/southbridge/intel/bd82x6x/Kconfig b/src/southbridge/intel/bd82x6x/Kconfig index c24c71c30f..9eb3111661 100644 --- a/src/southbridge/intel/bd82x6x/Kconfig +++ b/src/southbridge/intel/bd82x6x/Kconfig @@ -39,6 +39,7 @@ config SOUTH_BRIDGE_OPTIONS # dummy select HAVE_INTEL_FIRMWARE select SOUTHBRIDGE_INTEL_COMMON_GPIO select RTC + select HAVE_INTEL_CHIPSET_LOCKDOWN config EHCI_BAR hex diff --git a/src/southbridge/intel/bd82x6x/lpc.c b/src/southbridge/intel/bd82x6x/lpc.c index ca26250808..901f71be18 100644 --- a/src/southbridge/intel/bd82x6x/lpc.c +++ b/src/southbridge/intel/bd82x6x/lpc.c @@ -829,9 +829,12 @@ static void southbridge_fill_ssdt(device_t device) static void lpc_final(struct device *dev) { - if (CONFIG_HAVE_SMI_HANDLER && acpi_is_wakeup_s3()) { - /* Call SMM finalize() handlers before resume */ - outb(0xcb, 0xb2); + /* Call SMM finalize() handlers before resume */ + if (IS_ENABLED(CONFIG_HAVE_SMI_HANDLER)) { + if (IS_ENABLED(CONFIG_INTEL_CHIPSET_LOCKDOWN) || + acpi_is_wakeup_s3()) { + outb(APM_CNT_FINALIZE, APM_CNT); + } } } diff --git a/src/southbridge/intel/common/Kconfig b/src/southbridge/intel/common/Kconfig index 23fb8cea5b..669569e18c 100644 --- a/src/southbridge/intel/common/Kconfig +++ b/src/southbridge/intel/common/Kconfig @@ -4,3 +4,16 @@ config SOUTHBRIDGE_INTEL_COMMON_GPIO def_bool n config SOUTHBRIDGE_INTEL_COMMON_SMBUS def_bool n +config HAVE_INTEL_CHIPSET_LOCKDOWN + def_bool n + +config INTEL_CHIPSET_LOCKDOWN + depends on HAVE_INTEL_CHIPSET_LOCKDOWN && HAVE_SMI_HANDLER && !CHROMEOS + #ChromeOS's payload seems to handle finalization on its on. + bool "Lock down chipset in coreboot" + default y + help + Some registers within host bridge on particular chipsets should be + locked down on each normal boot path (done by either coreboot or payload) + and S3 resume (always done by coreboot). Select this to let coreboot + to do this on normal boot path. diff --git a/src/southbridge/intel/fsp_bd82x6x/Kconfig b/src/southbridge/intel/fsp_bd82x6x/Kconfig index cebd96d69a..08400b354f 100644 --- a/src/southbridge/intel/fsp_bd82x6x/Kconfig +++ b/src/southbridge/intel/fsp_bd82x6x/Kconfig @@ -33,6 +33,7 @@ config SOUTH_BRIDGE_OPTIONS # dummy select HAVE_INTEL_FIRMWARE select SOUTHBRIDGE_INTEL_COMMON select SOUTHBRIDGE_INTEL_COMMON_SMBUS + select HAVE_INTEL_CHIPSET_LOCKDOWN config EHCI_BAR hex diff --git a/src/southbridge/intel/fsp_bd82x6x/lpc.c b/src/southbridge/intel/fsp_bd82x6x/lpc.c index 4a5bf68ad5..73366f73c1 100644 --- a/src/southbridge/intel/fsp_bd82x6x/lpc.c +++ b/src/southbridge/intel/fsp_bd82x6x/lpc.c @@ -739,6 +739,17 @@ void acpi_fill_fadt(acpi_fadt_t *fadt) fadt->x_gpe1_blk.addrh = 0x0; } +static void lpc_final(struct device *dev) +{ + /* Call SMM finalize() handlers before resume */ + if (IS_ENABLED(CONFIG_HAVE_SMI_HANDLER)) { + if (IS_ENABLED(CONFIG_INTEL_CHIPSET_LOCKDOWN) || + acpi_is_wakeup_s3()) { + outb(APM_CNT_FINALIZE, APM_CNT); + } + } +} + static struct pci_operations pci_ops = { .set_subsystem = set_subsystem, }; @@ -750,6 +761,7 @@ static struct device_operations device_ops = { .write_acpi_tables = acpi_write_hpet, .acpi_inject_dsdt_generator = southbridge_inject_dsdt, .init = lpc_init, + .final = lpc_final, .enable = pch_lpc_enable, .scan_bus = scan_lpc_bus, .ops_pci = &pci_ops, diff --git a/src/southbridge/intel/ibexpeak/Kconfig b/src/southbridge/intel/ibexpeak/Kconfig index 41ace46f7f..4b78118e4d 100644 --- a/src/southbridge/intel/ibexpeak/Kconfig +++ b/src/southbridge/intel/ibexpeak/Kconfig @@ -36,6 +36,7 @@ config SOUTH_BRIDGE_OPTIONS # dummy select ACPI_SATA_GENERATOR select HAVE_INTEL_FIRMWARE select SOUTHBRIDGE_INTEL_COMMON_GPIO + select HAVE_INTEL_CHIPSET_LOCKDOWN config EHCI_BAR hex diff --git a/src/southbridge/intel/ibexpeak/lpc.c b/src/southbridge/intel/ibexpeak/lpc.c index a152dfe8b9..bc50f94d6b 100644 --- a/src/southbridge/intel/ibexpeak/lpc.c +++ b/src/southbridge/intel/ibexpeak/lpc.c @@ -782,6 +782,17 @@ static void southbridge_fill_ssdt(device_t device) intel_acpi_pcie_hotplug_generator(chip->pcie_hotplug_map, 8); } +static void lpc_final(struct device *dev) +{ + /* Call SMM finalize() handlers before resume */ + if (IS_ENABLED(CONFIG_HAVE_SMI_HANDLER)) { + if (IS_ENABLED(CONFIG_INTEL_CHIPSET_LOCKDOWN) || + acpi_is_wakeup_s3()) { + outb(APM_CNT_FINALIZE, APM_CNT); + } + } +} + static struct pci_operations pci_ops = { .set_subsystem = set_subsystem, }; @@ -794,6 +805,7 @@ static struct device_operations device_ops = { .acpi_fill_ssdt_generator = southbridge_fill_ssdt, .write_acpi_tables = acpi_write_hpet, .init = lpc_init, + .final = lpc_final, .enable = pch_lpc_enable, .scan_bus = scan_lpc_bus, .ops_pci = &pci_ops, diff --git a/src/southbridge/intel/lynxpoint/Kconfig b/src/southbridge/intel/lynxpoint/Kconfig index c65e5d7c32..646d480dd8 100644 --- a/src/southbridge/intel/lynxpoint/Kconfig +++ b/src/southbridge/intel/lynxpoint/Kconfig @@ -34,6 +34,7 @@ config SOUTH_BRIDGE_OPTIONS # dummy select HAVE_SPI_CONSOLE_SUPPORT select RTC select SOUTHBRIDGE_INTEL_COMMON_GPIO if !INTEL_LYNXPOINT_LP + select HAVE_INTEL_CHIPSET_LOCKDOWN config INTEL_LYNXPOINT_LP bool diff --git a/src/southbridge/intel/lynxpoint/smi.c b/src/southbridge/intel/lynxpoint/smi.c index 5f1bdf76fa..386451f03e 100644 --- a/src/southbridge/intel/lynxpoint/smi.c +++ b/src/southbridge/intel/lynxpoint/smi.c @@ -121,13 +121,13 @@ void smm_setup_structures(void *gnvs, void *tcg, void *smi1) } /* - * Finalize system before payload boot if not in ChromeOS environment. + * Finalize system before payload boot if INTEL_CHIPSET_LOCKDOWN=y */ -#if !IS_ENABLED(CONFIG_CHROMEOS) +#if IS_ENABLED(CONFIG_INTEL_CHIPSET_LOCKDOWN) static void finalize_boot(void *unused) { - outb(0xcb, 0xb2); + outb(APM_CNT_FINALIZE, APM_CNT); } BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_BOOT, BS_ON_ENTRY, finalize_boot, NULL); -- cgit v1.2.3