mainboard/: Register chipset_lockdown on xeon_sp mainboards

Set chipset_lockdown in devicetree for recommended security settings.

Change-Id: Ie27450dd32463243b1456932a1d39d40afa81da1
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51388
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Jay Talbott <JayTalbott@sysproconsulting.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>

2 files changed, 8 insertions, 0 deletions

diff --git a/src/mainboard/ocp/deltalake/devicetree.cb b/src/mainboard/ocp/deltalake/devicetree.cb
index 70dd6d683b..08ac3e35c1 100644
--- a/src/mainboard/ocp/deltalake/devicetree.cb
+++ b/src/mainboard/ocp/deltalake/devicetree.cb
@@ -48,6 +48,10 @@ chip soc/intel/xeon_sp/cpx
 
 	register "cstate_states" = "CSTATES_C1C6"
 
+	register "common_soc_config" = "{
+		.chipset_lockdown = CHIPSET_LOCKDOWN_COREBOOT,
+	}"
+
 	device cpu_cluster 0 on
 	  device lapic 0 on end
 	end
diff --git a/src/mainboard/ocp/tiogapass/devicetree.cb b/src/mainboard/ocp/tiogapass/devicetree.cb
index 833bb20e21..850443854f 100644
--- a/src/mainboard/ocp/tiogapass/devicetree.cb
+++ b/src/mainboard/ocp/tiogapass/devicetree.cb
@@ -40,6 +40,10 @@ chip soc/intel/xeon_sp/skx
 
 	register "gen2_dec" = "0x000c0ca1" # IPMI KCS
 
+	register "common_soc_config" = "{
+		.chipset_lockdown = CHIPSET_LOCKDOWN_COREBOOT,
+	}"
+
 	device cpu_cluster 0 on
 	  device lapic 0 on end
 	end