Hung-Te Lin submitted this change.

View Change

soc/intel/xeon_sp: Lock down DMI3 PCI registers

This is required for CBnT.

Change-Id: If5637eb8dd7de406b24b92100b68c5fa11c16854
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47448
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
---
M src/soc/intel/xeon_sp/cpx/include/soc/pci_devs.h
M src/soc/intel/xeon_sp/skx/include/soc/pci_devs.h
M src/soc/intel/xeon_sp/uncore.c
3 files changed, 36 insertions(+), 0 deletions(-)

diff --git a/src/soc/intel/xeon_sp/cpx/include/soc/pci_devs.h b/src/soc/intel/xeon_sp/cpx/include/soc/pci_devs.h
index 198d385..6ddcce4 100644
--- a/src/soc/intel/xeon_sp/cpx/include/soc/pci_devs.h
+++ b/src/soc/intel/xeon_sp/cpx/include/soc/pci_devs.h
@@ -122,4 +122,9 @@
 // ========== IOAPIC Definitions for DMAR/ACPI ========
 #define PCH_IOAPIC_ID                   0x08
 
+// DMI3 B0D0F0 registers
+#define DMI3_DEVID		0x2020
+#define DMIRCBAR		0x50
+#define ERRINJCON		0x1d8
+
 #endif /* _SOC_PCI_DEVS_H_ */
diff --git a/src/soc/intel/xeon_sp/skx/include/soc/pci_devs.h b/src/soc/intel/xeon_sp/skx/include/soc/pci_devs.h
index ce223cc..5fa2a38 100644
--- a/src/soc/intel/xeon_sp/skx/include/soc/pci_devs.h
+++ b/src/soc/intel/xeon_sp/skx/include/soc/pci_devs.h
@@ -167,4 +167,9 @@
 // ========== IOAPIC Definitions for DMAR/ACPI ========
 #define PCH_IOAPIC_ID                   0x08
 
+// DMI3 B0D0F0 registers
+#define DMI3_DEVID		0x2020
+#define DMIRCBAR		0x50
+#define ERRINJCON		0x1d8
+
 #endif /* _SOC_PCI_DEVS_H_ */
diff --git a/src/soc/intel/xeon_sp/uncore.c b/src/soc/intel/xeon_sp/uncore.c
index 00623a8..2663023 100644
--- a/src/soc/intel/xeon_sp/uncore.c
+++ b/src/soc/intel/xeon_sp/uncore.c
@@ -348,3 +348,29 @@
 	.vendor   = PCI_VENDOR_ID_INTEL,
 	.device   = MMAP_VTD_STACK_CFG_REG_DEVID,
 };
+
+static void dmi3_init(struct device *dev)
+{
+	/* Disable error injection */
+	pci_or_config16(dev, ERRINJCON, 1 << 0);
+
+	/*
+	 * DMIRCBAR registers are not TXT lockable, but the BAR enable
+	 * bit is. TXT requires that DMIRCBAR be disabled for security.
+	 */
+	pci_and_config32(dev, DMIRCBAR, ~(1 << 0));
+}
+
+static struct device_operations dmi3_ops = {
+	.read_resources		= pci_dev_read_resources,
+	.set_resources		= pci_dev_set_resources,
+	.enable_resources	= pci_dev_enable_resources,
+	.init			= dmi3_init,
+	.ops_pci		= &soc_pci_ops,
+};
+
+static const struct pci_driver dmi3_driver __pci_driver = {
+	.ops		= &dmi3_ops,
+	.vendor		= PCI_VENDOR_ID_INTEL,
+	.device		= DMI3_DEVID,
+};

To view, visit change 47448. To unsubscribe, or for help writing mail filters, visit settings.