summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVladimir Serbinenko <phcoder@gmail.com>2015-05-12 12:39:53 +0200
committerVladimir Serbinenko <phcoder@gmail.com>2015-05-14 20:00:11 +0200
commitd3b194e6fe0a9d2d730ca9520f9883ce3fa763d7 (patch)
tree203b8a38686c24e48b30e08a40b6991e39bb23d8
parente62cf5210c0c4b51bab803c7a3c8134da866da2b (diff)
downloadcoreboot-d3b194e6fe0a9d2d730ca9520f9883ce3fa763d7.tar.xz
bd82x6x, ibexpeak: Support fully locking ROM on S3 resume.
Currently only RO-lock is supported. Make full lock available as an option. Change-Id: Ib68a1e82733a51053a9adc80ac501b6205c6b8a7 Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com> Reviewed-on: http://review.coreboot.org/10191 Tested-by: build bot (Jenkins) Reviewed-by: Edward O'Callaghan <edward.ocallaghan@koparo.com>
-rw-r--r--src/southbridge/intel/bd82x6x/Kconfig25
-rw-r--r--src/southbridge/intel/bd82x6x/finalize.c17
2 files changed, 33 insertions, 9 deletions
diff --git a/src/southbridge/intel/bd82x6x/Kconfig b/src/southbridge/intel/bd82x6x/Kconfig
index 8c515200b0..8a832aa4cf 100644
--- a/src/southbridge/intel/bd82x6x/Kconfig
+++ b/src/southbridge/intel/bd82x6x/Kconfig
@@ -151,9 +151,19 @@ config LOCK_MANAGEMENT_ENGINE
If unsure, say N.
-config LOCK_SPI_ON_RESUME
+endif
+
+if SOUTHBRIDGE_INTEL_BD82X6X || SOUTHBRIDGE_INTEL_C216 || SOUTHBRIDGE_INTEL_IBEXPEAK
+
+choice
+ prompt "Flash ROM locking on S3 resume"
+ default LOCK_SPI_ON_RESUME_NONE
+
+config LOCK_SPI_ON_RESUME_NONE
+ bool "Don't lock ROM sections on S3 resume"
+
+config LOCK_SPI_ON_RESUME_RO
bool "Lock all flash ROM sections on S3 resume"
- default n
help
If the flash ROM shall be protected against write accesses from the
operating system (OS), the locking procedure has to be repeated after
@@ -161,4 +171,15 @@ config LOCK_SPI_ON_RESUME
ROM from within your OS. Notice: Even with this option, the write lock
has still to be enabled on the normal boot path (e.g. by the payload).
+config LOCK_SPI_ON_RESUME_NO_ACCESS
+ bool "Lock and disable reads all flash ROM sections on S3 resume"
+ help
+ If the flash ROM shall be protected against all accesses from the
+ operating system (OS), the locking procedure has to be repeated after
+ each resume from S3. Select this if you never want to update the flash
+ ROM from within your OS. Notice: Even with this option, the lock
+ has still to be enabled on the normal boot path (e.g. by the payload).
+
+endchoice
+
endif
diff --git a/src/southbridge/intel/bd82x6x/finalize.c b/src/southbridge/intel/bd82x6x/finalize.c
index ad2586cc5d..df7b070adb 100644
--- a/src/southbridge/intel/bd82x6x/finalize.c
+++ b/src/southbridge/intel/bd82x6x/finalize.c
@@ -25,13 +25,16 @@
void intel_pch_finalize_smm(void)
{
-#if CONFIG_LOCK_SPI_ON_RESUME
- /* Copy flash regions from FREG0-4 to PR0-4
- and enable write protection bit31 */
- int i;
- for (i = 0; i < 20; i += 4)
- RCBA32(0x3874 + i) = RCBA32(0x3854 + i) | (1 << 31);
-#endif
+ if (CONFIG_LOCK_SPI_ON_RESUME_RO || CONFIG_LOCK_SPI_ON_RESUME_NO_ACCESS) {
+ /* Copy flash regions from FREG0-4 to PR0-4
+ and enable write protection bit31 */
+ int i;
+ u32 lockmask = (1 << 31);
+ if (CONFIG_LOCK_SPI_ON_RESUME_NO_ACCESS)
+ lockmask |= (1 << 15);
+ for (i = 0; i < 20; i += 4)
+ RCBA32(0x3874 + i) = RCBA32(0x3854 + i) | lockmask;
+ }
/* Set SPI opcode menu */
RCBA16(0x3894) = SPI_OPPREFIX;