From 1a274f406cd7fc484f67d5d8c8dba5b66504731e Mon Sep 17 00:00:00 2001
From: Subrata Banik <subrata.banik@intel.com>
Date: Wed, 20 Dec 2017 10:11:33 +0530
Subject: soc/intel/cannonlake: Add SoC API to make use SMM common code

Add SoC API to detect any illegal access to write into the
BIOS located in the FWH.

Change-Id: If526cbae9afee47fa272bdf74e04416aff100e88
Signed-off-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-on: https://review.coreboot.org/22870
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
---
 src/soc/intel/cannonlake/smihandler.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'src/soc/intel/cannonlake/smihandler.c')

diff --git a/src/soc/intel/cannonlake/smihandler.c b/src/soc/intel/cannonlake/smihandler.c
index 8c55ce7892..6c57d4a20f 100644
--- a/src/soc/intel/cannonlake/smihandler.c
+++ b/src/soc/intel/cannonlake/smihandler.c
@@ -15,6 +15,8 @@
  * GNU General Public License for more details.
  */
 
+#include <console/console.h>
+#include <intelblocks/fast_spi.h>
 #include <intelblocks/smihandler.h>
 #include <soc/pm.h>
 
@@ -23,6 +25,26 @@ const struct smm_save_state_ops *get_smm_save_state_ops(void)
 	return &em64t101_smm_ops;
 }
 
+void smihandler_check_illegal_access(uint32_t tco_sts)
+{
+	if (!((tco_sts & (1 << 8)) && IS_ENABLED(CONFIG_SPI_FLASH_SMM)
+			&& fast_spi_wpd_status()))
+		return;
+
+	/*
+	 * BWE is RW, so the SMI was caused by a
+	 * write to BWE, not by a write to the BIOS
+	 *
+	 * This is the place where we notice someone
+	 * is trying to tinker with the BIOS. We are
+	 * trying to be nice and just ignore it. A more
+	 * resolute answer would be to power down the
+	 * box.
+	 */
+	printk(BIOS_DEBUG, "Switching back to RO\n");
+	fast_spi_enable_wp();
+}
+
 /* SMI handlers that should be serviced in SCI mode too. */
 uint32_t smi_handler_get_sci_mask(void)
 {
-- 
cgit v1.2.3