From 091dfa1ca027d93fc6a78ded758b6ccd49c0f72a Mon Sep 17 00:00:00 2001
From: Tim Wawrzynczak <twawrzynczak@chromium.org>
Date: Tue, 24 Aug 2021 09:32:09 -0600
Subject: soc/intel/alderlake: Lock PAM registers in finalize

Use the support from the previous patch to have coreboot lock the PAM
registers instead of the FSP when the lockdown configuration is set to
coreboot.

TEST=boot to OS, read PCI 0:0.0 config register 0x80, value is 0x31

Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Change-Id: I0c3e16edeab6f85a79eb10e1477d95952b554a18
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57146
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-by: Furquan Shaikh <furquan@google.com>
---
 src/soc/intel/alderlake/finalize.c   | 9 +++++++++
 src/soc/intel/alderlake/fsp_params.c | 1 +
 2 files changed, 10 insertions(+)

(limited to 'src')

diff --git a/src/soc/intel/alderlake/finalize.c b/src/soc/intel/alderlake/finalize.c
index f76e81c356..c71096de67 100644
--- a/src/soc/intel/alderlake/finalize.c
+++ b/src/soc/intel/alderlake/finalize.c
@@ -16,8 +16,10 @@
 #include <intelblocks/lpc_lib.h>
 #include <intelblocks/pcr.h>
 #include <intelblocks/pmclib.h>
+#include <intelblocks/systemagent.h>
 #include <intelblocks/tco.h>
 #include <intelblocks/thermal.h>
+#include <intelpch/lockdown.h>
 #include <soc/p2sb.h>
 #include <soc/pci_devs.h>
 #include <soc/pcr_ids.h>
@@ -82,6 +84,12 @@ static void tbt_finalize(void)
 	}
 }
 
+static void sa_finalize(void)
+{
+	if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT)
+		sa_lock_pam();
+}
+
 static void soc_finalize(void *unused)
 {
 	printk(BIOS_DEBUG, "Finalizing chipset.\n");
@@ -89,6 +97,7 @@ static void soc_finalize(void *unused)
 	pch_finalize();
 	apm_control(APM_CNT_FINALIZE);
 	tbt_finalize();
+	sa_finalize();
 
 	/* Indicate finalize step with post code */
 	post_code(POST_OS_BOOT);
diff --git a/src/soc/intel/alderlake/fsp_params.c b/src/soc/intel/alderlake/fsp_params.c
index 3accdbb408..7e1afde38b 100644
--- a/src/soc/intel/alderlake/fsp_params.c
+++ b/src/soc/intel/alderlake/fsp_params.c
@@ -406,6 +406,7 @@ static void fill_fsps_chipset_lockdown_params(FSP_S_CONFIG *s_cfg,
 	s_cfg->PchLockDownBiosInterface = lockdown_by_fsp;
 	s_cfg->PchUnlockGpioPads = !lockdown_by_fsp;
 	s_cfg->RtcMemoryLock = lockdown_by_fsp;
+	s_cfg->SkipPamLock = !lockdown_by_fsp;
 
 	/* coreboot will send EOP before loading payload */
 	s_cfg->EndOfPostMessage = EOP_DISABLE;
-- 
cgit v1.2.3