diff options
author | Subrata Banik <subrata.banik@intel.com> | 2017-08-17 15:49:58 +0530 |
---|---|---|
committer | Aaron Durbin <adurbin@chromium.org> | 2017-08-25 17:58:08 +0000 |
commit | c204aaa23b8455457920a56a85b0128f9818f461 (patch) | |
tree | aab5c43aae02df5f04ccea3d903a04d887012c9d /src/soc/intel/skylake/chip.h | |
parent | bcefbe163f70ef2590be252057d626e788047b16 (diff) | |
download | coreboot-c204aaa23b8455457920a56a85b0128f9818f461.tar.xz |
soc/intel/skylake: Add LPC and SPI lock down config option
This patch to provide new config options to perform LPC and SPI
lock down either by FSP or coreboot.
Remove EISS bit programming as well.
TEST=Build and boot Eve and Poppy.
Change-Id: If174915b4d0c581f36b54b2b8cd970a93c6454bc
Signed-off-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-on: https://review.coreboot.org/21068
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Diffstat (limited to 'src/soc/intel/skylake/chip.h')
-rw-r--r-- | src/soc/intel/skylake/chip.h | 35 |
1 files changed, 9 insertions, 26 deletions
diff --git a/src/soc/intel/skylake/chip.h b/src/soc/intel/skylake/chip.h index ea985db11a..beb5a7aa0b 100644 --- a/src/soc/intel/skylake/chip.h +++ b/src/soc/intel/skylake/chip.h @@ -262,29 +262,10 @@ struct soc_intel_skylake_config { /* Enable SMI_LOCK bit to prevent writes to the Global SMI Enable bit.*/ u8 LockDownConfigGlobalSmi; /* - * Enable BIOS Interface Lock Down bit to prevent writes to the Backup - * Control Register. Top Swap bit and the General Control and Status - * Registers Boot BIOS Straps. - */ - u8 LockDownConfigBiosInterface; - /* * Enable RTC lower and upper 128 byte Lock bits to lock Bytes 38h-3Fh * in the upper and and lower 128-byte bank of RTC RAM. */ u8 LockDownConfigRtcLock; - /* - * When enabled, the BIOS Region can only be modified from SMM after - * EndOfDxe protocol is installed - */ - u8 LockDownConfigBiosLock; - /* - * Enable InSMM.STS (EISS) in SPI If this bit is set, then WPD must be a - * '1' and InSMM.STS must be '1' also in order to write to BIOS regions - * of SPI Flash. If this bit is clear, then the InSMM.STS is a don't - * care. The BIOS must set the EISS bit while BIOS Guard support is - * enabled. - */ - u8 LockDownConfigSpiEiss; /* Subsystem Vendor ID of the PCH devices*/ u16 PchConfigSubSystemVendorId; /* Subsystem ID of the PCH devices*/ @@ -493,14 +474,16 @@ struct soc_intel_skylake_config { * 0b - Disabled */ u8 eist_enable; - /* - * Skip Spi Flash Lockdown from inside FSP. - * Making this config "0" means FSP won't set the FLOCKDN bit of - * SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL). - * So, it becomes coreboot's responsibility to set this bit before - * end of POST for security concerns. + /* Chipset (LPC and SPI) Lock Down + * 1b - coreboot to handle lockdown + * 0b - FSP to handle lockdown */ - u8 SpiFlashCfgLockDown; + enum { + /* lock according to binary UPD settings */ + CHIPSET_LOCKDOWN_FSP, + /* coreboot handles locking */ + CHIPSET_LOCKDOWN_COREBOOT, + } chipset_lockdown; }; typedef struct soc_intel_skylake_config config_t; |