summaryrefslogtreecommitdiff
path: root/src/soc/intel
diff options
context:
space:
mode:
authorBarnali Sarkar <barnali.sarkar@intel.com>2017-08-17 11:52:39 +0530
committerAaron Durbin <adurbin@chromium.org>2017-08-26 16:30:31 +0000
commit0818a2a774e12f4522d139e8b6f3a39a8e1aa935 (patch)
treef0955666bc5410486f83a3bd44512a2582af8ca5 /src/soc/intel
parentb26e01a06718cc1a49a7c277c831b572a7301210 (diff)
downloadcoreboot-0818a2a774e12f4522d139e8b6f3a39a8e1aa935.tar.xz
soc/intel/skylake: Move SPI lock down config after resource allocation
This patch to ensures that coreboot is performing SPI registers lockdown after PCI enumeration is done. This requirements are intended to support platform security guideline where all required chipset registers are expected to be in lock down stage before launching any 3rd party code as in option rom etc. coreboot has to change its execution order to meet those requirements. Hence SPI lock down programming has been moved right after pci resource allocation is donei, so that SPI registers can be lock down before calling post pci enumeration FSP NotifyPhase() API which is targeted to be done in BS_DEV_ENABLE-BS_ON_ENTRY. TEST=Ensure SPIBAR+HSFSTS(0x04) register FLOCKDN bit and WRSDIS bit is set. Also, Bits 8-12 of SPIBAR+DLOCK(0x0C) register is set. Change-Id: I8f5a952656e51d3bf365917b90d3056b46f899c5 Signed-off-by: Barnali Sarkar <barnali.sarkar@intel.com> Reviewed-on: https://review.coreboot.org/21064 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Diffstat (limited to 'src/soc/intel')
-rw-r--r--src/soc/intel/skylake/finalize.c29
-rw-r--r--src/soc/intel/skylake/lockdown.c56
2 files changed, 57 insertions, 28 deletions
diff --git a/src/soc/intel/skylake/finalize.c b/src/soc/intel/skylake/finalize.c
index 335435ad9d..770cc1bf77 100644
--- a/src/soc/intel/skylake/finalize.c
+++ b/src/soc/intel/skylake/finalize.c
@@ -21,7 +21,6 @@
#include <console/post_codes.h>
#include <cpu/x86/smm.h>
#include <device/pci.h>
-#include <intelblocks/fast_spi.h>
#include <intelblocks/pcr.h>
#include <reg_script.h>
#include <spi-generic.h>
@@ -109,12 +108,6 @@ static void pch_finalize_script(void)
config_t *config;
u8 reg8;
- /* Set FAST_SPI opcode menu */
- fast_spi_set_opcode_menu();
-
- /* Lock FAST_SPIBAR */
- fast_spi_lock_bar();
-
/* Display me status before we hide it */
intel_me_status();
@@ -149,26 +142,24 @@ static void pch_finalize_script(void)
static void soc_lockdown(void)
{
+ struct soc_intel_skylake_config *config;
+ struct device *dev;
u8 reg8;
- device_t dev;
- const struct device *dev1 = dev_find_slot(0, PCH_DEVFN_LPC);
- const struct soc_intel_skylake_config *config = dev1->chip_info;
+
+ dev = PCH_DEV_PMC;
+
+ /* Check if PMC is enabled, else return */
+ if (dev == NULL || dev->chip_info == NULL)
+ return;
+
+ config = dev->chip_info;
/* Global SMI Lock */
if (config->LockDownConfigGlobalSmi == 0) {
- dev = PCH_DEV_PMC;
reg8 = pci_read_config8(dev, GEN_PMCON_A);
reg8 |= SMI_LOCK;
pci_write_config8(dev, GEN_PMCON_A, reg8);
}
-
- if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) {
- /* Bios Interface Lock */
- fast_spi_set_bios_interface_lock_down();
-
- /* Bios Lock */
- fast_spi_set_lock_enable();
- }
}
static void soc_finalize(void *unused)
diff --git a/src/soc/intel/skylake/lockdown.c b/src/soc/intel/skylake/lockdown.c
index 5bbf546de0..8c34fa73ed 100644
--- a/src/soc/intel/skylake/lockdown.c
+++ b/src/soc/intel/skylake/lockdown.c
@@ -16,6 +16,7 @@
#include <arch/io.h>
#include <bootstate.h>
#include <chip.h>
+#include <intelblocks/fast_spi.h>
#include <intelblocks/pcr.h>
#include <soc/lpc.h>
#include <soc/pci_devs.h>
@@ -26,18 +27,12 @@
#define PCR_DMI_GCS 0x274C
#define PCR_DMI_GCS_BILD (1 << 0)
-static void lpc_lockdown_config(void)
+static void lpc_lockdown_config(const struct soc_intel_skylake_config *config)
{
- static struct soc_intel_skylake_config *config;
struct device *dev;
uint8_t reg_mask = 0;
dev = PCH_DEV_LPC;
- /* Check if LPC is enabled, else return */
- if (dev == NULL || dev->chip_info == NULL)
- return;
-
- config = dev->chip_info;
/* Set Bios Interface Lock, Bios Lock */
if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT)
@@ -62,14 +57,57 @@ static void pmc_lockdown_config(void)
static void dmi_lockdown_config(void)
{
- /* GCS reg of DMI */
+ /*
+ * GCS reg of DMI
+ *
+ * When set, prevents GCS.BBS from being changed
+ * GCS.BBS: (Boot BIOS Strap) This field determines the destination
+ * of accesses to the BIOS memory range.
+ * Bits Description
+ * “0b”: SPI
+ * “1b”: LPC/eSPI
+ */
pcr_or8(PID_DMI, PCR_DMI_GCS, PCR_DMI_GCS_BILD);
}
+static void spi_lockdown_config(const struct soc_intel_skylake_config *config)
+{
+ /* Set FAST_SPI opcode menu */
+ fast_spi_set_opcode_menu();
+
+ /* Discrete Lock Flash PR registers */
+ fast_spi_pr_dlock();
+
+ /* Lock FAST_SPIBAR */
+ fast_spi_lock_bar();
+
+ /* Set Bios Interface Lock, Bios Lock */
+ if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) {
+ /* Bios Interface Lock */
+ fast_spi_set_bios_interface_lock_down();
+
+ /* Bios Lock */
+ fast_spi_set_lock_enable();
+ }
+}
+
static void platform_lockdown_config(void *unused)
{
+ struct soc_intel_skylake_config *config;
+ struct device *dev;
+
+ dev = PCH_DEV_SPI;
+ /* Check if device is valid, else return */
+ if (dev == NULL || dev->chip_info == NULL)
+ return;
+
+ config = dev->chip_info;
+
/* LPC lock down configuration */
- lpc_lockdown_config();
+ lpc_lockdown_config(config);
+
+ /* SPI lock down configuration */
+ spi_lockdown_config(config);
/* DMI lock down configuration */
dmi_lockdown_config();