[coreboot-gerrit] Change in coreboot[master]: soc/intel/cannonlake: Lock PAM registers in finalize

5 Sep 2021

Felix Held has submitted this change. ( https://review.coreboot.org/c/coreboot/+/57184 )
Change subject: soc/intel/cannonlake: Lock PAM registers in finalize
......................................................................
soc/intel/cannonlake: Lock PAM registers in finalize
Use the support from the previous patch to have coreboot lock the PAM
registers instead of the FSP when the lockdown configuration is set to
coreboot.
Change-Id: I6ae22f9df4834508dfa304050fad44d45df45334
Signed-off-by: Tim Wawrzynczak twawrzynczak@chromium.org
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57184
Tested-by: build bot (Jenkins) no-reply@coreboot.org
Reviewed-by: Furquan Shaikh furquan@google.com
---
M src/soc/intel/cannonlake/finalize.c
M src/soc/intel/cannonlake/fsp_params.c
2 files changed, 10 insertions(+), 0 deletions(-)
Approvals:
  build bot (Jenkins): Verified
  Furquan Shaikh: Looks good to me, approved

diff --git a/src/soc/intel/cannonlake/finalize.c b/src/soc/intel/cannonlake/finalize.c
index 8888315..63749f9 100644
--- a/src/soc/intel/cannonlake/finalize.c
+++ b/src/soc/intel/cannonlake/finalize.c
@@ -10,8 +10,10 @@
 #include <intelblocks/lpc_lib.h>
 #include <intelblocks/pcr.h>
 #include <intelblocks/pmclib.h>
+#include <intelblocks/systemagent.h>
 #include <intelblocks/tco.h>
 #include <intelblocks/thermal.h>
+#include <intelpch/lockdown.h>
 #include <soc/p2sb.h>
 #include <soc/pci_devs.h>
 #include <soc/pcr_ids.h>
@@ -80,12 +82,19 @@
}
+static void sa_finalize(void)
+{
+	if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT)
+		sa_lock_pam();
+}
+
 static void soc_finalize(void *unused)
 {
    printk(BIOS_DEBUG, "Finalizing chipset.\n");
pch_finalize();
    apm_control(APM_CNT_FINALIZE);
+	sa_finalize();
/* Indicate finalize step with post code */
    post_code(POST_OS_BOOT);
diff --git a/src/soc/intel/cannonlake/fsp_params.c b/src/soc/intel/cannonlake/fsp_params.c
index dd5f197..1ae27ae 100644
--- a/src/soc/intel/cannonlake/fsp_params.c
+++ b/src/soc/intel/cannonlake/fsp_params.c
@@ -653,6 +653,7 @@
    tconfig->PchLockDownBiosInterface = lockdown_by_fsp;
    params->PchLockDownBiosLock = lockdown_by_fsp;
    params->PchLockDownRtcMemoryLock = lockdown_by_fsp;
+	tconfig->SkipPamLock = !lockdown_by_fsp;
 #if CONFIG(SOC_INTEL_COMETLAKE)
    /*
     * Making this config "0" means FSP won't set the FLOCKDN bit
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/57184
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I6ae22f9df4834508dfa304050fad44d45df45334
Gerrit-Change-Number: 57184
Gerrit-PatchSet: 2
Gerrit-Owner: Tim Wawrzynczak twawrzynczak@chromium.org
Gerrit-Reviewer: Felix Held felix-coreboot@felixheld.de
Gerrit-Reviewer: Furquan Shaikh furquan@google.com
Gerrit-Reviewer: Patrick Rudolph siro@das-labor.org
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-MessageType: merged



    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in coreboot[master]: soc/intel/cannonlake: Lock PAM registers in finalize