diff options
author | Tristan Corrick <tristan@corrick.kiwi> | 2018-11-30 22:53:50 +1300 |
---|---|---|
committer | Patrick Georgi <pgeorgi@google.com> | 2018-12-03 13:14:06 +0000 |
commit | 63626b1a4a31588995ff6f0ba42952b6086cbded (patch) | |
tree | 968555763c26df36af3e64b7322b3c68d6c19913 /src/southbridge/intel/bd82x6x | |
parent | 32ceed8f269e48d9d500ee2ec9ba5b3f4435285e (diff) | |
download | coreboot-63626b1a4a31588995ff6f0ba42952b6086cbded.tar.xz |
sb/intel/common: Create a common PCH finalise implementation
The common finalise code is used by bd82x6x, Lynx Point, and Ibex Peak.
Lynx Point now benefits from being able to write-protect the flash chip.
For Lynx Point, writing the SPI OPMENU now happens in ramstage, as done
in bd82x6x.
Tested on an ASRock H81M-HDS (Lynx Point). When write-protection is
configured, flashrom reports all flash regions as read-only, and does
not manage to alter the contents of the flash chip.
Also tested on an ASUS P8H61-M LX (Cougar Point). Everything seems to
work as before.
Change-Id: I781082b1ed507b00815d1e85aec3e56ae5a4bef2
Signed-off-by: Tristan Corrick <tristan@corrick.kiwi>
Reviewed-on: https://review.coreboot.org/c/29977
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Diffstat (limited to 'src/southbridge/intel/bd82x6x')
-rw-r--r-- | src/southbridge/intel/bd82x6x/Kconfig | 40 | ||||
-rw-r--r-- | src/southbridge/intel/bd82x6x/Makefile.inc | 2 | ||||
-rw-r--r-- | src/southbridge/intel/bd82x6x/finalize.c | 76 | ||||
-rw-r--r-- | src/southbridge/intel/bd82x6x/pch.h | 4 | ||||
-rw-r--r-- | src/southbridge/intel/bd82x6x/smihandler.c | 1 |
5 files changed, 3 insertions, 120 deletions
diff --git a/src/southbridge/intel/bd82x6x/Kconfig b/src/southbridge/intel/bd82x6x/Kconfig index d906ea7f25..1396a6395b 100644 --- a/src/southbridge/intel/bd82x6x/Kconfig +++ b/src/southbridge/intel/bd82x6x/Kconfig @@ -25,6 +25,7 @@ config SOUTH_BRIDGE_OPTIONS # dummy def_bool y select ACPI_INTEL_HARDWARE_SLEEP_VALUES select SOUTHBRIDGE_INTEL_COMMON + select SOUTHBRIDGE_INTEL_COMMON_FINALIZE select SOUTHBRIDGE_INTEL_COMMON_RCBA_PIRQ select SOUTHBRIDGE_INTEL_COMMON_SMBUS select SOUTHBRIDGE_INTEL_COMMON_SPI @@ -67,42 +68,3 @@ config HPET_MIN_TICKS default 0x80 endif - -if SOUTHBRIDGE_INTEL_BD82X6X || SOUTHBRIDGE_INTEL_C216 || SOUTHBRIDGE_INTEL_IBEXPEAK - -choice - prompt "Flash locking during chipset lockdown" - default LOCK_SPI_FLASH_NONE - -config LOCK_SPI_FLASH_NONE - bool "Don't lock flash sections" - -config LOCK_SPI_FLASH_RO - bool "Write-protect all flash sections" - help - Select this if you want to write-protect the whole firmware flash - chip. The locking will take place during the chipset lockdown, which - is either triggered by coreboot (when INTEL_CHIPSET_LOCKDOWN is set) - or has to be triggered later (e.g. by the payload or the OS). - - NOTE: If you trigger the chipset lockdown unconditionally, - you won't be able to write to the flash chip using the - internal programmer any more. - -config LOCK_SPI_FLASH_NO_ACCESS - bool "Write-protect all flash sections and read-protect non-BIOS sections" - help - Select this if you want to protect the firmware flash against all - further accesses (with the exception of the memory mapped BIOS re- - gion which is always readable). The locking will take place during - the chipset lockdown, which is either triggered by coreboot (when - INTEL_CHIPSET_LOCKDOWN is set) or has to be triggered later (e.g. - by the payload or the OS). - - NOTE: If you trigger the chipset lockdown unconditionally, - you won't be able to write to the flash chip using the - internal programmer any more. - -endchoice - -endif diff --git a/src/southbridge/intel/bd82x6x/Makefile.inc b/src/southbridge/intel/bd82x6x/Makefile.inc index c00b2c4263..24d7e2d24e 100644 --- a/src/southbridge/intel/bd82x6x/Makefile.inc +++ b/src/southbridge/intel/bd82x6x/Makefile.inc @@ -35,7 +35,7 @@ ramstage-y += watchdog.c ramstage-$(CONFIG_ELOG) += elog.c -smm-$(CONFIG_HAVE_SMI_HANDLER) += smihandler.c me.c me_8.x.c finalize.c pch.c +smm-$(CONFIG_HAVE_SMI_HANDLER) += smihandler.c me.c me_8.x.c pch.c romstage-y += early_smbus.c me_status.c romstage-y += early_spi.c early_pch_common.c diff --git a/src/southbridge/intel/bd82x6x/finalize.c b/src/southbridge/intel/bd82x6x/finalize.c deleted file mode 100644 index a08535e979..0000000000 --- a/src/southbridge/intel/bd82x6x/finalize.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright (C) 2012 The Chromium OS Authors. All rights reserved. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation; version 2 of - * the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ - -#include <arch/io.h> -#include <device/pci_ops.h> -#include <console/post_codes.h> -#include <cpu/x86/smm.h> -#include <southbridge/intel/common/pmbase.h> -#include <spi-generic.h> -#include "chip.h" -#include "pch.h" - -void intel_pch_finalize_smm(void) -{ - if (IS_ENABLED(CONFIG_LOCK_SPI_FLASH_RO) || - IS_ENABLED(CONFIG_LOCK_SPI_FLASH_NO_ACCESS)) { - /* Copy flash regions from FREG0-4 to PR0-4 - and enable write protection bit31 */ - int i; - u32 lockmask = (1 << 31); - if (IS_ENABLED(CONFIG_LOCK_SPI_FLASH_NO_ACCESS)) - lockmask |= (1 << 15); - for (i = 0; i < 20; i += 4) - RCBA32(0x3874 + i) = RCBA32(0x3854 + i) | lockmask; - } - - /* Lock SPIBAR */ - RCBA32_OR(0x3804, (1 << 15)); - -#if IS_ENABLED(CONFIG_SPI_FLASH_SMM) - /* Re-init SPI driver to handle locked BAR */ - spi_init(); -#endif - - /* TCLOCKDN: TC Lockdown */ - RCBA32_OR(0x0050, (1 << 31)); - - /* BIOS Interface Lockdown */ - RCBA32_OR(0x3410, (1 << 0)); - - /* Function Disable SUS Well Lockdown */ - RCBA_AND_OR(8, 0x3420, ~0U, (1 << 7)); - - /* Global SMI Lock */ - pci_or_config16(PCH_LPC_DEV, GEN_PMCON_1, 1 << 4); - - /* GEN_PMCON Lock */ - pci_or_config8(PCH_LPC_DEV, GEN_PMCON_LOCK, (1 << 1) | (1 << 2)); - - /* ETR3: CF9GR Lockdown */ - pci_update_config32(PCH_LPC_DEV, ETR3, ~ETR3_CF9GR, ETR3_CF9LOCK); - - /* R/WO registers */ - RCBA32(0x21a4) = RCBA32(0x21a4); - pci_write_config32(PCI_DEV(0, 27, 0), 0x74, - pci_read_config32(PCI_DEV(0, 27, 0), 0x74)); - - /* TCO_Lock */ - write_pmbase16(TCO1_CNT, read_pmbase16(TCO1_CNT) | TCO_LOCK); - - /* Indicate finalize step with post code */ - outb(POST_OS_BOOT, 0x80); -} diff --git a/src/southbridge/intel/bd82x6x/pch.h b/src/southbridge/intel/bd82x6x/pch.h index bb0d5c4a95..280ac7d6ef 100644 --- a/src/southbridge/intel/bd82x6x/pch.h +++ b/src/southbridge/intel/bd82x6x/pch.h @@ -56,10 +56,6 @@ #ifndef __ACPI__ #define DEBUG_PERIODIC_SMIS 0 -#if defined(__SMM__) && !defined(__ASSEMBLER__) -void intel_pch_finalize_smm(void); -#endif - #if !defined(__ASSEMBLER__) #if !defined(__PRE_RAM__) #if !defined(__SIMPLE_DEVICE__) diff --git a/src/southbridge/intel/bd82x6x/smihandler.c b/src/southbridge/intel/bd82x6x/smihandler.c index 03d26876df..6291867e3f 100644 --- a/src/southbridge/intel/bd82x6x/smihandler.c +++ b/src/southbridge/intel/bd82x6x/smihandler.c @@ -32,6 +32,7 @@ #include <southbridge/intel/common/gpio.h> #include <cpu/intel/model_206ax/model_206ax.h> #include <southbridge/intel/common/pmutil.h> +#include <southbridge/intel/common/finalize.h> static global_nvs_t *gnvs; global_nvs_t *smm_get_gnvs(void) |