sravan/system76-coreboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

soc/intel/skylake: Add LPC and SPI lock down config option

Browse Source 
This patch to provide new config options to perform LPC and SPI
lock down either by FSP or coreboot.

Remove EISS bit programming as well.

TEST=Build and boot Eve and Poppy.

Change-Id: If174915b4d0c581f36b54b2b8cd970a93c6454bc
Signed-off-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-on: https://review.coreboot.org/21068
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This commit is contained in:
Subrata Banik
2017-08-17 15:49:58 +05:30
committed by Aaron Durbin
parent bcefbe163f
commit c204aaa23b
15 changed files with 63 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/soc/intel/skylake/chip_fsp20.c
View File

@ -201,7 +201,6 @@ void platform_fsp_silicon_init_params_cb(FSPS_UPD *supd)
params->SataEnable = config->EnableSata;
params->SataMode = config->SataMode;
tconfig->PchLockDownGlobalSmi = config->LockDownConfigGlobalSmi;
tconfig->PchLockDownBiosInterface = config->LockDownConfigBiosInterface;
tconfig->PchLockDownRtcLock = config->LockDownConfigRtcLock;
/*
* To disable HECI, the Psf needs to be left unlocked
@ -210,9 +209,19 @@ void platform_fsp_silicon_init_params_cb(FSPS_UPD *supd)
* do the changes and then lock it back in coreboot during finalize.
*/
tconfig->PchSbAccessUnlock = (config->HeciEnabled == 0) ? 1 : 0;
params->PchLockDownBiosLock = config->LockDownConfigBiosLock;
params->PchLockDownSpiEiss = config->LockDownConfigSpiEiss;
if (config->chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) {
tconfig->PchLockDownBiosInterface = 0;
params->PchLockDownBiosLock = 0;
params->PchLockDownSpiEiss = 0;
/*
* Skip Spi Flash Lockdown from inside FSP.
* Making this config "0" means FSP won't set the FLOCKDN bit
* of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL).
* So, it becomes coreboot's responsibility to set this bit
* before end of POST for security concerns.
*/
params->SpiFlashCfgLockDown = 0;
}
params->PchSubSystemVendorId = config->PchConfigSubSystemVendorId;
params->PchSubSystemId = config->PchConfigSubSystemId;
params->PchPmWolEnableOverride = config->WakeConfigWolEnableOverride;
@ -247,15 +256,6 @@ void platform_fsp_silicon_init_params_cb(FSPS_UPD *supd)
dev = dev_find_slot(0, PCH_DEVFN_SPI);
params->ShowSpiController = dev->enabled;
/*
* Skip Spi Flash Lockdown from inside FSP.
* Making this config "0" means FSP won't set the FLOCKDN bit of
* SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL).
* So, it becomes coreboot's responsibility to set this bit before
* end of POST for security concerns.
*/
params->SpiFlashCfgLockDown = config->SpiFlashCfgLockDown;
/*
* Send VR specific mailbox commands:
* 000b - no VR specific command sent