summaryrefslogtreecommitdiff
path: root/src/soc/intel/tigerlake/finalize.c
diff options
context:
space:
mode:
authorJohn Zhao <john.zhao@intel.com>2020-05-01 22:04:00 -0700
committerPatrick Georgi <pgeorgi@google.com>2020-07-07 17:29:56 +0000
commit5d16a25e0cece666e9275a1c627050bfd918b6ac (patch)
tree2f6bbc3a8bcf9ddce34ae8dac94cdff20eea9e35 /src/soc/intel/tigerlake/finalize.c
parentcb01c2a315d20ca0eb0269b7917a9884d7f4c2fd (diff)
downloadcoreboot-5d16a25e0cece666e9275a1c627050bfd918b6ac.tar.xz
soc/intel/tigerlake: Disable Thunderbolt PCIe root ports bus master
This change disables Thunderbolt PCIe root ports bus master before handing over to payload in order to mitigate the threat from the unauthorized external DMA. In this state, the PCIe root ports would be considered as trusted to not forward any DMA transactions to downstream endpoint devices. BUG=b:141609884 TEST=Verified PCIe resource has been allocated properly and USB behind Thunderbolt dock is enumerated successfully. Change-Id: I9650b9dd4df1f9bee53ae3737b7bf60b2ef8017b Signed-off-by: John Zhao <john.zhao@intel.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/40968 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Diffstat (limited to 'src/soc/intel/tigerlake/finalize.c')
-rw-r--r--src/soc/intel/tigerlake/finalize.c14
1 files changed, 14 insertions, 0 deletions
diff --git a/src/soc/intel/tigerlake/finalize.c b/src/soc/intel/tigerlake/finalize.c
index 534abd9453..5bf01de7f0 100644
--- a/src/soc/intel/tigerlake/finalize.c
+++ b/src/soc/intel/tigerlake/finalize.c
@@ -67,12 +67,26 @@ static void pch_finalize(void)
pmc_clear_pmcon_sts();
}
+static void tbt_finalize(void)
+{
+ int i;
+ const struct device *dev;
+
+ /* Disable Thunderbolt PCIe root ports bus master */
+ for (i = 0; i < NUM_TBT_FUNCTIONS; i++) {
+ dev = pcidev_path_on_root(SA_DEVFN_TBT(i));
+ if (dev)
+ pci_dev_disable_bus_master(dev);
+ }
+}
+
static void soc_finalize(void *unused)
{
printk(BIOS_DEBUG, "Finalizing chipset.\n");
pch_finalize();
apm_control(APM_CNT_FINALIZE);
+ tbt_finalize();
/* Indicate finalize step with post code */
post_code(POST_OS_BOOT);