sravan/system76-coreboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

soc/intel/alderlake: Check MANUF_LOCK when logging manufacturing mode

Browse Source 
As per Intel doc #627331 Section 3.6.1 "Intel CSME Production Machine
Determination", from ADL onwards there are three criteria which
determine whether a device is in production mode:
1. Fuses are programmed
2. SPI descriptor is locked
3. Manufacturing variables are locked

When logging whether the device is in manufacturing mode, 1 and 2 are
already checked. Add a check for 3 as well.

Also add logs for each individual criteria so it's easy to tell why the
overall Manufacturing Mode is set or not.

BUG=b:255462682
TEST=On a nivviks which has not gone through EOM:
Before:
[DEBUG]  ME: Manufacturing Mode          : YES
[DEBUG]  ME: SPI Protection Mode Enabled : NO

After:
[DEBUG]  ME: Manufacturing Mode          : YES
[DEBUG]  ME: SPI Protection Mode Enabled : NO
[DEBUG]  ME: FPFs Committed              : NO
[DEBUG]  ME: Manufacturing Vars Locked   : NO

On an anahera which has gone through EOM:
Before:
[DEBUG]  ME: Manufacturing Mode          : NO
[DEBUG]  ME: SPI Protection Mode Enabled : YES

After:
[DEBUG]  ME: Manufacturing Mode          : NO
[DEBUG]  ME: SPI Protection Mode Enabled : YES
[DEBUG]  ME: FPFs Committed              : YES
[DEBUG]  ME: Manufacturing Vars Locked   : YES

Change-Id: Iac605baa291ab5cc5f28464006f4828c12c748fe
Signed-off-by: Reka Norman <rekanorman@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69324
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Kapil Porwal <kapilporwal@google.com>
Reviewed-by: Kangheui Won <khwon@chromium.org>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit is contained in:
Reka Norman
2022-11-08 10:58:27 +11:00
committed by Felix Held
parent 08c77dadf3
commit bedc9b75a7
1 changed files with 23 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/soc/intel/alderlake/me.c
View File

@@ -102,11 +102,25 @@ static void log_me_ro_write_protection_info(bool mfg_mode)
base, limit); base, limit);
} }
/* If EOM is disabled, but CSE RO is not write protected, log error */ /*
* If manufacturing mode is disabled, but CSE RO is not write protected,
* log error.
*/
if (!mfg_mode && !cse_ro_wp_en) if (!mfg_mode && !cse_ro_wp_en)
printk(BIOS_ERR, "ME: Write protection for CSE RO is not enabled\n"); printk(BIOS_ERR, "ME: Write protection for CSE RO is not enabled\n");
} }
static bool is_manuf_mode(union me_hfsts1 hfsts1, union me_hfsts6 hfsts6)
{
/*
* ME manufacturing mode is disabled if the descriptor is locked, fuses
* are programmed and manufacturing variables are locked.
*/
return !((hfsts1.fields.mfg_mode == 0) &&
(hfsts6.fields.fpf_soc_lock == 1) &&
(hfsts6.fields.manuf_lock == 1));
}
static void dump_me_status(void *unused) static void dump_me_status(void *unused)
{ {
union me_hfsts1 hfsts1; union me_hfsts1 hfsts1;
@@ -115,6 +129,7 @@ static void dump_me_status(void *unused)
union me_hfsts4 hfsts4; union me_hfsts4 hfsts4;
union me_hfsts5 hfsts5; union me_hfsts5 hfsts5;
union me_hfsts6 hfsts6; union me_hfsts6 hfsts6;
bool manuf_mode;
if (!is_cse_enabled()) if (!is_cse_enabled())
return; return;
@@ -133,19 +148,19 @@ static void dump_me_status(void *unused)
printk(BIOS_DEBUG, "ME: HFSTS5 : 0x%08X\n", hfsts5.data); printk(BIOS_DEBUG, "ME: HFSTS5 : 0x%08X\n", hfsts5.data);
printk(BIOS_DEBUG, "ME: HFSTS6 : 0x%08X\n", hfsts6.data); printk(BIOS_DEBUG, "ME: HFSTS6 : 0x%08X\n", hfsts6.data);
/* manuf_mode = is_manuf_mode(hfsts1, hfsts6);
* Lock Descriptor, and Fuses must be programmed on a
* production system to indicate ME Manufacturing mode is disabled.
*/
printk(BIOS_DEBUG, "ME: Manufacturing Mode : %s\n", printk(BIOS_DEBUG, "ME: Manufacturing Mode : %s\n",
((hfsts1.fields.mfg_mode == 0) && manuf_mode ? "YES" : "NO");
(hfsts6.fields.fpf_soc_lock == 1)) ? "NO" : "YES");
/* /*
* The SPI Protection Mode bit reflects SPI descriptor * The SPI Protection Mode bit reflects SPI descriptor
* locked(0) or unlocked(1). * locked(0) or unlocked(1).
*/ */
printk(BIOS_DEBUG, "ME: SPI Protection Mode Enabled : %s\n", printk(BIOS_DEBUG, "ME: SPI Protection Mode Enabled : %s\n",
hfsts1.fields.mfg_mode ? "NO" : "YES"); hfsts1.fields.mfg_mode ? "NO" : "YES");
printk(BIOS_DEBUG, "ME: FPFs Committed : %s\n",
hfsts6.fields.fpf_soc_lock ? "YES" : "NO");
printk(BIOS_DEBUG, "ME: Manufacturing Vars Locked : %s\n",
hfsts6.fields.manuf_lock ? "YES" : "NO");
printk(BIOS_DEBUG, "ME: FW Partition Table : %s\n", printk(BIOS_DEBUG, "ME: FW Partition Table : %s\n",
hfsts1.fields.fpt_bad ? "BAD" : "OK"); hfsts1.fields.fpt_bad ? "BAD" : "OK");
printk(BIOS_DEBUG, "ME: Bringup Loader Failure : %s\n", printk(BIOS_DEBUG, "ME: Bringup Loader Failure : %s\n",
@@ -180,7 +195,7 @@ static void dump_me_status(void *unused)
hfsts6.fields.txt_support ? "YES" : "NO"); hfsts6.fields.txt_support ? "YES" : "NO");
if (CONFIG(SOC_INTEL_CSE_LITE_SKU)) if (CONFIG(SOC_INTEL_CSE_LITE_SKU))
log_me_ro_write_protection_info(!!hfsts1.fields.mfg_mode); log_me_ro_write_protection_info(manuf_mode);
} }
BOOT_STATE_INIT_ENTRY(BS_DEV_ENABLE, BS_ON_EXIT, print_me_fw_version, NULL); BOOT_STATE_INIT_ENTRY(BS_DEV_ENABLE, BS_ON_EXIT, print_me_fw_version, NULL);