Attention is currently required from: Patrick Rudolph. Marc Jones has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/51227 )
Change subject: soc/intel/xeon_sp: Lockdown SPI BIOS controls ......................................................................
soc/intel/xeon_sp: Lockdown SPI BIOS controls
Lockdown SPI based on Intel BWG recommendation.
Change-Id: I6999b7ad17615b8390f6c7b3d0a874e58bccc481 Signed-off-by: Marc Jones marcjones@sysproconsulting.com --- M src/soc/intel/xeon_sp/lockdown.c 1 file changed, 26 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/27/51227/1
diff --git a/src/soc/intel/xeon_sp/lockdown.c b/src/soc/intel/xeon_sp/lockdown.c index 0e21680..7e8cbd6 100644 --- a/src/soc/intel/xeon_sp/lockdown.c +++ b/src/soc/intel/xeon_sp/lockdown.c @@ -1,11 +1,34 @@ /* SPDX-License-Identifier: GPL-2.0-only */
#include <device/mmio.h> +#include <device/pci_ops.h> #include <intelblocks/cfg.h> #include <intelblocks/lpc_lib.h> #include <intelblocks/pmclib.h> #include <intelpch/lockdown.h> +#include <soc/pci_devs.h> #include <soc/pm.h> +#include <soc/spi.h> + +static void spi_set_bios_interface_lock_down(void) +{ + uint8_t bc_cntl; + + bc_cntl = pci_read_config8(PCH_DEV_SPI, BIOS_SPI_BC); + bc_cntl |= SPI_BC_LE | SPI_BC_EISS; + pci_write_config8(PCH_DEV_SPI, BIOS_SPI_BC, bc_cntl); + + /* Read back after performing lock down */ + pci_read_config8(PCH_DEV_SPI, BIOS_SPI_BC); +} + +static void spi_lockdown_config(int chipset_lockdown) +{ + /* Set BIOS Interface Lock, BIOS Lock */ + if (chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) { + spi_set_bios_interface_lock_down(); + } +}
static void lpc_lockdown_config(int chipset_lockdown) { @@ -51,6 +74,9 @@ /* LPC lock down configuration */ lpc_lockdown_config(chipset_lockdown);
+ /* LPC lock down configuration */ + spi_lockdown_config(chipset_lockdown); + /* PMC lock down configuration */ pmc_lockdown_config(chipset_lockdown); }