From 5385b4daa89cdf4077bce91f917f63ea7b82438c Mon Sep 17 00:00:00 2001 From: Felix Singer Date: Mon, 3 May 2021 02:25:08 +0200 Subject: soc/intel/skylake: Clean up FSP chipset lockdown configuration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use a variable to store if the FSP should be responsible for the chipset lockdown and use it for setting related configuration options. Thus, get rid of that if-clause and adjust comments. This changes behavior since now related options are always set, depending on if coreboot or the FSP should be responsible for the chipset lockdown. This ensures a defined state independent from the default configuration of the FSP. Change-Id: I0c43a11a40a474de4af22aa5506b1d387809bda2 Signed-off-by: Felix Singer Reviewed-on: https://review.coreboot.org/c/coreboot/+/52843 Tested-by: build bot (Jenkins) Reviewed-by: Angel Pons Reviewed-by: Michael Niewöhner --- src/soc/intel/skylake/chip.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'src/soc/intel') diff --git a/src/soc/intel/skylake/chip.c b/src/soc/intel/skylake/chip.c index 39799114ef..c99067db3d 100644 --- a/src/soc/intel/skylake/chip.c +++ b/src/soc/intel/skylake/chip.c @@ -409,19 +409,19 @@ void platform_fsp_silicon_init_params_cb(FSPS_UPD *supd) * do the changes and then lock it back in coreboot during finalize. */ tconfig->PchSbAccessUnlock = (config->HeciEnabled == 0) ? 1 : 0; - if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT) { - tconfig->PchLockDownBiosInterface = 0; - params->PchLockDownBiosLock = 0; - params->PchLockDownSpiEiss = 0; - /* - * Skip Spi Flash Lockdown from inside FSP. - * Making this config "0" means FSP won't set the FLOCKDN bit - * of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL). - * So, it becomes coreboot's responsibility to set this bit - * before end of POST for security concerns. - */ - params->SpiFlashCfgLockDown = 0; - } + + const bool lockdown_by_fsp = get_lockdown_config() == CHIPSET_LOCKDOWN_FSP; + tconfig->PchLockDownBiosInterface = lockdown_by_fsp; + params->PchLockDownBiosLock = lockdown_by_fsp; + params->PchLockDownSpiEiss = lockdown_by_fsp; + /* + * Making this config "0" means FSP won't set the FLOCKDN bit + * of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL). + * So, it becomes coreboot's responsibility to set this bit + * before end of POST for security concerns. + */ + params->SpiFlashCfgLockDown = lockdown_by_fsp; + /* FSP should let coreboot set subsystem IDs, which are read/write-once */ params->DefaultSvid = 0; params->PchSubSystemVendorId = 0; -- cgit v1.2.3