Nico Huber submitted this change.

View Change

soc/intel/skylake: set LT_LOCK_MEMORY at end of POST

Use the new common function to set LT_LOCK_MEMORY at end of POST to
protect SMM in accordance to Intel BWG.

Tested successfully on X11SSH-M by disabling SGX and running chipsec.

Change-Id: I623e20a34667e4df313aeab49bb57907ec75f8a8
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36355
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
---
M src/soc/intel/skylake/finalize.c
1 file changed, 4 insertions(+), 0 deletions(-)

diff --git a/src/soc/intel/skylake/finalize.c b/src/soc/intel/skylake/finalize.c
index 4cc9c83..58a8701 100644
--- a/src/soc/intel/skylake/finalize.c
+++ b/src/soc/intel/skylake/finalize.c
@@ -20,6 +20,7 @@
 #include <bootstate.h>
 #include <console/console.h>
 #include <console/post_codes.h>
+#include <cpu/x86/mp.h>
 #include <cpu/x86/smm.h>
 #include <device/pci.h>
 #include <intelblocks/cpulib.h>
@@ -123,6 +124,9 @@
 		reg8 |= SMI_LOCK;
 		pci_write_config8(dev, GEN_PMCON_A, reg8);
 	}
+
+	/* Lock chipset memory registers to protect SMM */
+	mp_run_on_all_cpus(cpu_lt_lock_memory, NULL);
 }
 
 static void soc_finalize(void *unused)

To view, visit change 36355. To unsubscribe, or for help writing mail filters, visit settings.