From ef72defdce6e39c41d488db46d555d695310216f Mon Sep 17 00:00:00 2001
From: Matt DeVillier <matt.devillier@gmail.com>
Date: Wed, 21 Dec 2022 14:55:33 -0600
Subject: soc/intel/broadwell: Add Kconfig option to hide Intel ME

On broadwell devices, coreboot currently disables and hides the ME PCI
interface by default, without any way to opt out of this behavior.
Add a Kconfig option to allow for leaving the ME PCI interface
enabled, but set the default to disabled as to leave the current
behavior unchanged.

Change-Id: If670d548c46834740f4e21bb2361b537807c32bf
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/71196
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
---
 src/soc/intel/broadwell/pch/Kconfig | 8 ++++++++
 src/soc/intel/broadwell/pch/me.c    | 5 ++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

(limited to 'src/soc/intel/broadwell')

diff --git a/src/soc/intel/broadwell/pch/Kconfig b/src/soc/intel/broadwell/pch/Kconfig
index 4800f3f804..5a80d32191 100644
--- a/src/soc/intel/broadwell/pch/Kconfig
+++ b/src/soc/intel/broadwell/pch/Kconfig
@@ -66,3 +66,11 @@ config SERIALIO_UART_CONSOLE
 
 config CONSOLE_UART_BASE_ADDRESS
 	default 0xd6000000 if SERIALIO_UART_CONSOLE
+
+config DISABLE_ME_PCI
+	bool "Disable Intel ME PCI interface (MEI1)"
+	default y
+	help
+	  Disable and hide the ME PCI interface during finalize stage of boot.
+	  This will prevent the OS (and userspace apps) from interacting with
+	  the ME via the PCI interface after boot.
diff --git a/src/soc/intel/broadwell/pch/me.c b/src/soc/intel/broadwell/pch/me.c
index f1750d2b22..08917fd6bb 100644
--- a/src/soc/intel/broadwell/pch/me.c
+++ b/src/soc/intel/broadwell/pch/me.c
@@ -601,6 +601,9 @@ static void intel_me_finalize(struct device *dev)
 	if (!mei_base_address || mei_base_address == (u8 *)0xfffffff0)
 		return;
 
+	if (!CONFIG(DISABLE_ME_PCI))
+		return;
+
 	/* Make sure IO is disabled */
 	reg16 = pci_read_config16(dev, PCI_COMMAND);
 	reg16 &= ~(PCI_COMMAND_MASTER |
@@ -1023,7 +1026,7 @@ static void intel_me_init(struct device *dev)
 static void intel_me_enable(struct device *dev)
 {
 	/* Avoid talking to the device in S3 path */
-	if (acpi_is_wakeup_s3()) {
+	if (acpi_is_wakeup_s3() && CONFIG(DISABLE_ME_PCI)) {
 		dev->enabled = 0;
 		pch_disable_devfn(dev);
 	}
-- 
cgit v1.2.3