Subrata Banik has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/35299 )
Change subject: soc/intel/cannonlake: Allow coreboot to handle SPI lockdown ......................................................................
soc/intel/cannonlake: Allow coreboot to handle SPI lockdown
This patch disables FSP-S SPI lockdown UPDs and lets coreboot perform SPI lockdown (i.e.flash register DLOCK, FLOCKDN, and WRSDIS before end of post) in ramstage.
BUG=b:138200201 TEST=FSP debug build suggests those UPDs are disable now.
Change-Id: Id7a6b9859e058b9f1ec1bd45d2c388c02b8ac18c Signed-off-by: Subrata Banik subrata.banik@intel.com --- M src/soc/intel/cannonlake/fsp_params.c 1 file changed, 2 insertions(+), 8 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/99/35299/1
diff --git a/src/soc/intel/cannonlake/fsp_params.c b/src/soc/intel/cannonlake/fsp_params.c index 5cdddc6..9495f84 100644 --- a/src/soc/intel/cannonlake/fsp_params.c +++ b/src/soc/intel/cannonlake/fsp_params.c @@ -419,30 +419,24 @@ params->PchLockDownBiosLock = 0; params->PchLockDownRtcMemoryLock = 0; /* - * TODO: Disable SpiFlashCfgLockDown config after FSP provides - * dedicated UPD - * * Skip SPI Flash Lockdown from inside FSP. * Making this config "0" means FSP won't set the FLOCKDN bit * of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL). * So, it becomes coreboot's responsibility to set this bit * before end of POST for security concerns. */ - // params->SpiFlashCfgLockDown = 0; + params->SpiFlashCfgLockDown = 0; } else { tconfig->PchLockDownGlobalSmi = 1; tconfig->PchLockDownBiosInterface = 1; params->PchLockDownBiosLock = 1; params->PchLockDownRtcMemoryLock = 1; /* - * TODO: Enable SpiFlashCfgLockDown config after FSP provides - * dedicated UPD - * * Enable SPI Flash Lockdown from inside FSP. * Making this config "1" means FSP will set the FLOCKDN bit * of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL). */ - // params->SpiFlashCfgLockDown = 1; + params->SpiFlashCfgLockDown = 1; } }