Tim Wawrzynczak submitted this change.

View Change

soc/intel/common: Add check before sending HMRFPO_ENABLE command

This patch adds a check to determine if the CSE's current operation mode
is ME_HFS1_COM_SECOVER_MEI_MSG or not before sending HMRFPO_ENABLE
command to CSE. If CSE is already in the ME_HFS1_COM_SECOVER_MEI_MSG,
coreboot skips sending HMRFPO_ENABLE command to CSE to unlock the CSE RW
partition.

TEST=Verify sending HMRFPO_ENABLE command on Brya system.

Signed-off-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Change-Id: I387ac7c7296ab06b9bb440d5d40c3286bf879d3b
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59698
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
---
M src/soc/intel/common/block/cse/cse.c
1 file changed, 6 insertions(+), 0 deletions(-)

diff --git a/src/soc/intel/common/block/cse/cse.c b/src/soc/intel/common/block/cse/cse.c
index b46d3e4..a80ab48 100644
--- a/src/soc/intel/common/block/cse/cse.c
+++ b/src/soc/intel/common/block/cse/cse.c
@@ -744,6 +744,12 @@
 	struct hmrfpo_enable_resp resp;
 	size_t resp_size = sizeof(struct hmrfpo_enable_resp);
 
+	if (cse_is_hfs1_com_secover_mei_msg()) {
+		printk(BIOS_DEBUG, "HECI: CSE is already in security override mode, "
+			       "skip sending HMRFPO_ENABLE command to CSE\n");
+		return 1;
+	}
+
 	printk(BIOS_DEBUG, "HECI: Send HMRFPO Enable Command\n");
 
 	if (!cse_is_hmrfpo_enable_allowed()) {

To view, visit change 59698. To unsubscribe, or for help writing mail filters, visit settings.