From fb2ebbced7f64218667d5647f39c3d49d57a3159 Mon Sep 17 00:00:00 2001
From: Jonathan Zhang <jonzhang@meta.com>
Date: Wed, 26 Oct 2022 16:19:40 -0700
Subject: soc/intel/xeon_sp: Lock down LPC configuration

For LPC, set BIOS interface lock.

Also set the LPC BIOS control to match the SPI BIOS control settings.
BIOS control EISS and WPD are set when the BOOTMEDIA_SMM_BWP config
option is set.

Change-Id: I3e3edc63c0d43b11b0999239ea49304772a05275
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>
Signed-off-by: Jonathan Zhang <jonzhang@meta.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68876
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
---
 src/soc/intel/xeon_sp/lockdown.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'src')

diff --git a/src/soc/intel/xeon_sp/lockdown.c b/src/soc/intel/xeon_sp/lockdown.c
index 49f3f5a0ee..7dc1f9834f 100644
--- a/src/soc/intel/xeon_sp/lockdown.c
+++ b/src/soc/intel/xeon_sp/lockdown.c
@@ -3,11 +3,25 @@
 #include <device/mmio.h>
 #include <device/pci.h>
 #include <intelblocks/cfg.h>
+#include <intelblocks/lpc_lib.h>
 #include <intelblocks/pmclib.h>
 #include <intelpch/lockdown.h>
 #include <soc/pci_devs.h>
 #include <soc/pm.h>
 
+static void lpc_lockdown_config(void)
+{
+	/* Set BIOS Interface Lock, BIOS Lock */
+	lpc_set_bios_interface_lock_down();
+
+	/* Only allow writes in SMM */
+	if (CONFIG(BOOTMEDIA_SMM_BWP)) {
+		lpc_set_eiss();
+		lpc_enable_wp();
+	}
+	lpc_set_lock_enable();
+}
+
 static void pmc_lockdown_config(int chipset_lockdown)
 {
 	uint8_t *pmcbase;
@@ -36,6 +50,7 @@ static void sata_lockdown_config(int chipset_lockdown)
 
 void soc_lockdown_config(int chipset_lockdown)
 {
+	lpc_lockdown_config();
 	pmc_lockdown_config(chipset_lockdown);
 	sata_lockdown_config(chipset_lockdown);
 }
-- 
cgit v1.2.3