summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBarnali Sarkar <barnali.sarkar@intel.com>2017-07-19 16:27:23 +0530
committerAaron Durbin <adurbin@chromium.org>2017-07-25 14:58:49 +0000
commit4859ce0b815e64e8fbe2cea9407eed83a77a7c6d (patch)
treec19d317487cd68a3e1afb4bee4660305adcc984d
parent50987a7b9e08139829da84958deea7f8bde3d376 (diff)
downloadcoreboot-4859ce0b815e64e8fbe2cea9407eed83a77a7c6d.tar.xz
soc/intel/skylake: Skip Spi Flash Lockdown from FSP
coreboot was setting SPI FPR register to protect the mrc_cache data range stored in flash. This programming was being done after FSP Notify 1. But, FSP was locking the SPI by setting FLOCKDN Bit during Notify phase 1, due to which coreboot was unable to protect that range. As solution, FSP introduced a new UPD SpiFlashCfgLockDown to skip the lockdown of flash on interest of bootloader. Set that UPD to 0 to skip the lockdown of FAST_SPI flash from FSP. The same is being done from coreboot after end of Post at finalize.c file. BUG=b:63049493 BRANCH=none TEST=FPR can be set properly to protect the mrc_cache range. The issue reported in the bug doesn't come when both software and hardware WP is enabled with this patch. Change-Id: I3ffca2f1b05ab2e4ef631275ef7c3a6e23e393aa Signed-off-by: Barnali Sarkar <barnali.sarkar@intel.com> Reviewed-on: https://review.coreboot.org/20645 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
-rw-r--r--src/soc/intel/skylake/chip.h8
-rw-r--r--src/soc/intel/skylake/chip_fsp20.c9
2 files changed, 17 insertions, 0 deletions
diff --git a/src/soc/intel/skylake/chip.h b/src/soc/intel/skylake/chip.h
index 67a6783186..1377237672 100644
--- a/src/soc/intel/skylake/chip.h
+++ b/src/soc/intel/skylake/chip.h
@@ -487,6 +487,14 @@ struct soc_intel_skylake_config {
* 0b - Disabled
*/
u8 eist_enable;
+ /*
+ * Skip Spi Flash Lockdown from inside FSP.
+ * Making this config "0" means FSP won't set the FLOCKDN bit of
+ * SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL).
+ * So, it becomes coreboot's responsibility to set this bit before
+ * end of POST for security concerns.
+ */
+ u8 SpiFlashCfgLockDown;
};
typedef struct soc_intel_skylake_config config_t;
diff --git a/src/soc/intel/skylake/chip_fsp20.c b/src/soc/intel/skylake/chip_fsp20.c
index 8a7cb210e0..4cff6688a8 100644
--- a/src/soc/intel/skylake/chip_fsp20.c
+++ b/src/soc/intel/skylake/chip_fsp20.c
@@ -240,6 +240,15 @@ void platform_fsp_silicon_init_params_cb(FSPS_UPD *supd)
params->ShowSpiController = dev->enabled;
/*
+ * Skip Spi Flash Lockdown from inside FSP.
+ * Making this config "0" means FSP won't set the FLOCKDN bit of
+ * SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL).
+ * So, it becomes coreboot's responsibility to set this bit before
+ * end of POST for security concerns.
+ */
+ params->SpiFlashCfgLockDown = config->SpiFlashCfgLockDown;
+
+ /*
* Send VR specific mailbox commands:
* 000b - no VR specific command sent
* 001b - VR mailbox command specifically for the MPS IMPV8 VR