From c204aaa23b8455457920a56a85b0128f9818f461 Mon Sep 17 00:00:00 2001 From: Subrata Banik Date: Thu, 17 Aug 2017 15:49:58 +0530 Subject: soc/intel/skylake: Add LPC and SPI lock down config option This patch to provide new config options to perform LPC and SPI lock down either by FSP or coreboot. Remove EISS bit programming as well. TEST=Build and boot Eve and Poppy. Change-Id: If174915b4d0c581f36b54b2b8cd970a93c6454bc Signed-off-by: Subrata Banik Reviewed-on: https://review.coreboot.org/21068 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin --- src/soc/intel/skylake/chip_fsp20.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'src/soc/intel/skylake/chip_fsp20.c') diff --git a/src/soc/intel/skylake/chip_fsp20.c b/src/soc/intel/skylake/chip_fsp20.c index c5ecc97b01..aa612ede0a 100644 --- a/src/soc/intel/skylake/chip_fsp20.c +++ b/src/soc/intel/skylake/chip_fsp20.c @@ -201,7 +201,6 @@ void platform_fsp_silicon_init_params_cb(FSPS_UPD *supd) params->SataEnable = config->EnableSata; params->SataMode = config->SataMode; tconfig->PchLockDownGlobalSmi = config->LockDownConfigGlobalSmi; - tconfig->PchLockDownBiosInterface = config->LockDownConfigBiosInterface; tconfig->PchLockDownRtcLock = config->LockDownConfigRtcLock; /* * To disable HECI, the Psf needs to be left unlocked @@ -210,9 +209,19 @@ void platform_fsp_silicon_init_params_cb(FSPS_UPD *supd) * do the changes and then lock it back in coreboot during finalize. */ tconfig->PchSbAccessUnlock = (config->HeciEnabled == 0) ? 1 : 0; - - params->PchLockDownBiosLock = config->LockDownConfigBiosLock; - params->PchLockDownSpiEiss = config->LockDownConfigSpiEiss; + if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) { + tconfig->PchLockDownBiosInterface = 0; + params->PchLockDownBiosLock = 0; + params->PchLockDownSpiEiss = 0; + /* + * Skip Spi Flash Lockdown from inside FSP. + * Making this config "0" means FSP won't set the FLOCKDN bit + * of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL). + * So, it becomes coreboot's responsibility to set this bit + * before end of POST for security concerns. + */ + params->SpiFlashCfgLockDown = 0; + } params->PchSubSystemVendorId = config->PchConfigSubSystemVendorId; params->PchSubSystemId = config->PchConfigSubSystemId; params->PchPmWolEnableOverride = config->WakeConfigWolEnableOverride; @@ -247,15 +256,6 @@ void platform_fsp_silicon_init_params_cb(FSPS_UPD *supd) dev = dev_find_slot(0, PCH_DEVFN_SPI); params->ShowSpiController = dev->enabled; - /* - * Skip Spi Flash Lockdown from inside FSP. - * Making this config "0" means FSP won't set the FLOCKDN bit of - * SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL). - * So, it becomes coreboot's responsibility to set this bit before - * end of POST for security concerns. - */ - params->SpiFlashCfgLockDown = config->SpiFlashCfgLockDown; - /* * Send VR specific mailbox commands: * 000b - no VR specific command sent -- cgit v1.2.3