summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorShifei Lu <shifeix.a.lu@intel.com>2015-06-11 02:17:06 +0000
committerzwei4 <zwei4@Edk2>2015-06-11 02:17:06 +0000
commitfb1a4e361e9b6ef15142000fc3a79f5f31777de7 (patch)
tree5639d3d3b78308c4de364105d1f599dd78a8ce42
parent5374d621c509cbdc22beef7f4cd3526b02c93243 (diff)
downloadedk2-platforms-fb1a4e361e9b6ef15142000fc3a79f5f31777de7.tar.xz
Add code to protect the whole BIOS region on SPI flash, except UEFI Variable region.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Shifei Lu <shifeix.a.lu@intel.com> Reviewed-by: David Wei <david.wei@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17618 6f19259b-4bc3-4df7-8a09-765794883524
-rw-r--r--Vlv2TbltDevicePkg/PlatformDxe/Platform.c42
-rw-r--r--Vlv2TbltDevicePkg/PlatformDxe/PlatformDxe.inf7
2 files changed, 43 insertions, 6 deletions
diff --git a/Vlv2TbltDevicePkg/PlatformDxe/Platform.c b/Vlv2TbltDevicePkg/PlatformDxe/Platform.c
index 760b8b00b4..dba84fb659 100644
--- a/Vlv2TbltDevicePkg/PlatformDxe/Platform.c
+++ b/Vlv2TbltDevicePkg/PlatformDxe/Platform.c
@@ -353,12 +353,23 @@ SpiBiosProtectionFunction(
{
UINTN mPciD31F0RegBase;
- UINTN BiosFlaLower = 0;
- UINTN BiosFlaLimit = 0x7fffff;
-
- BiosFlaLower = PcdGet32(PcdFlashMicroCodeAddress)-PcdGet32(PcdFlashAreaBaseAddress);
+ UINTN BiosFlaLower0;
+ UINTN BiosFlaLimit0;
+ UINTN BiosFlaLower1;
+ UINTN BiosFlaLimit1;
+
+ BiosFlaLower0 = PcdGet32(PcdFlashMicroCodeAddress)-PcdGet32(PcdFlashAreaBaseAddress);
+ BiosFlaLimit0 = PcdGet32(PcdFlashMicroCodeSize)-1;
+ #ifdef MINNOW2_FSP_BUILD
+ BiosFlaLower1 = PcdGet32(PcdFlashFvFspBase)-PcdGet32(PcdFlashAreaBaseAddress);
+ BiosFlaLimit1 = (PcdGet32(PcdFlashFvRecoveryBase)-PcdGet32(PcdFlashFvFspBase)+PcdGet32(PcdFlashFvRecoverySize))-1;
+ #else
+ BiosFlaLower1 = PcdGet32(PcdFlashFvMainBase)-PcdGet32(PcdFlashAreaBaseAddress);
+ BiosFlaLimit1 = (PcdGet32(PcdFlashFvRecoveryBase)-PcdGet32(PcdFlashFvMainBase)+PcdGet32(PcdFlashFvRecoverySize))-1;
+ #endif
+
mPciD31F0RegBase = MmPciAddress (0,
DEFAULT_PCI_BUS_NUMBER_PCH,
PCI_DEVICE_NUMBER_PCH_LPC,
@@ -391,7 +402,7 @@ SpiBiosProtectionFunction(
//
MmioOr32((UINTN)(SpiBase + R_PCH_SPI_PR0),
B_PCH_SPI_PR0_RPE|B_PCH_SPI_PR0_WPE|\
- (B_PCH_SPI_PR0_PRB_MASK&(BiosFlaLower>>12))|(B_PCH_SPI_PR0_PRL_MASK&(BiosFlaLimit>>12)<<16));
+ (B_PCH_SPI_PR0_PRB_MASK&(BiosFlaLower0>>12))|(B_PCH_SPI_PR0_PRL_MASK&(BiosFlaLimit0>>12)<<16));
//
//Lock down PR0
@@ -405,6 +416,25 @@ SpiBiosProtectionFunction(
DEBUG((EFI_D_ERROR, "Failed to lock down PR0.\n"));
}
+ //
+ //Set PR1
+ //
+
+ MmioOr32((UINTN)(SpiBase + R_PCH_SPI_PR1),
+ B_PCH_SPI_PR1_RPE|B_PCH_SPI_PR1_WPE|\
+ (B_PCH_SPI_PR1_PRB_MASK&(BiosFlaLower1>>12))|(B_PCH_SPI_PR1_PRL_MASK&(BiosFlaLimit1>>12)<<16));
+
+ //
+ //Lock down PR1
+ //
+ MmioOr16 ((UINTN) (SpiBase + R_PCH_SPI_HSFS), (UINT16) (B_PCH_SPI_HSFS_FLOCKDN));
+
+ //
+ // Verify if it's really locked.
+ //
+ if ((MmioRead16 (SpiBase + R_PCH_SPI_HSFS) & B_PCH_SPI_HSFS_FLOCKDN) == 0) {
+ DEBUG((EFI_D_ERROR, "Failed to lock down PR1.\n"));
+ }
return;
}
@@ -690,7 +720,7 @@ InitializePlatform (
&mReadyToBootEvent
);
//
- // Create a ReadyToBoot Event to run enable PR0 and lock down
+ // Create a ReadyToBoot Event to run enable PR0/PR1 and lock down,unlock variable region
//
if(mSystemConfiguration.SpiRwProtect==1) {
Status = EfiCreateEventReadyToBootEx (
diff --git a/Vlv2TbltDevicePkg/PlatformDxe/PlatformDxe.inf b/Vlv2TbltDevicePkg/PlatformDxe/PlatformDxe.inf
index daf6d70184..27216b7879 100644
--- a/Vlv2TbltDevicePkg/PlatformDxe/PlatformDxe.inf
+++ b/Vlv2TbltDevicePkg/PlatformDxe/PlatformDxe.inf
@@ -62,6 +62,7 @@
Vlv2DeviceRefCodePkg/Vlv2DeviceRefCodePkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
+ IntelFspWrapperPkg/IntelFspWrapperPkg.dec
[LibraryClasses]
BaseLib
@@ -133,7 +134,13 @@
gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
gPlatformModuleTokenSpaceGuid.PcdFlashAreaBaseAddress
gPlatformModuleTokenSpaceGuid.PcdFlashMicroCodeAddress
+ gPlatformModuleTokenSpaceGuid.PcdFlashMicroCodeSize
gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdFastPS2Detection
+ gPlatformModuleTokenSpaceGuid.PcdFlashFvMainBase
+ gPlatformModuleTokenSpaceGuid.PcdFlashFvRecoveryBase
+ gPlatformModuleTokenSpaceGuid.PcdFlashFvRecoverySize
+ gFspWrapperTokenSpaceGuid.PcdFlashFvFspBase
+
[Depex]
gEfiPciRootBridgeIoProtocolGuid AND