Attention is currently required from: Marc Jones.
Hello Marc Jones,
I'd like you to do a code review. Please visit
https://review.coreboot.org/c/coreboot/+/68876
to review the following change.
Change subject: soc/intel/xeon_sp: lockdown LPC configuration ......................................................................
soc/intel/xeon_sp: lockdown LPC configuration
For LPC, set BIOS interface lock.
Also set the LPC BIOS control to match the SPI BIOS control settings. BIOS contriol EISS and WPD are set when the BOOTMEDIA_SMM_BWP config option is set.
Change-Id: I3e3edc63c0d43b11b0999239ea49304772a05275 Signed-off-by: Marc Jones marcjones@sysproconsulting.com Signed-off-by: Jonathan Zhang jonzhang@meta.com --- M src/soc/intel/xeon_sp/lockdown.c 1 file changed, 32 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/76/68876/1
diff --git a/src/soc/intel/xeon_sp/lockdown.c b/src/soc/intel/xeon_sp/lockdown.c index 49f3f5a..7dc1f98 100644 --- a/src/soc/intel/xeon_sp/lockdown.c +++ b/src/soc/intel/xeon_sp/lockdown.c @@ -3,11 +3,25 @@ #include <device/mmio.h> #include <device/pci.h> #include <intelblocks/cfg.h> +#include <intelblocks/lpc_lib.h> #include <intelblocks/pmclib.h> #include <intelpch/lockdown.h> #include <soc/pci_devs.h> #include <soc/pm.h>
+static void lpc_lockdown_config(void) +{ + /* Set BIOS Interface Lock, BIOS Lock */ + lpc_set_bios_interface_lock_down(); + + /* Only allow writes in SMM */ + if (CONFIG(BOOTMEDIA_SMM_BWP)) { + lpc_set_eiss(); + lpc_enable_wp(); + } + lpc_set_lock_enable(); +} + static void pmc_lockdown_config(int chipset_lockdown) { uint8_t *pmcbase; @@ -36,6 +50,7 @@
void soc_lockdown_config(int chipset_lockdown) { + lpc_lockdown_config(); pmc_lockdown_config(chipset_lockdown); sata_lockdown_config(chipset_lockdown); }