John Zhao has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/40968 )
Change subject: soc/intel/tigerlake: Clear TBT PCIe root ports BME at exit boot service ......................................................................
soc/intel/tigerlake: Clear TBT PCIe root ports BME at exit boot service
Vt-d based security platform requires the system firmware to clear bus master enable(BME) bit for all Thunderbolt PCIe root ports, bridges and devices at exit boot service. In this state with BME bit cleared, the PCI root ports would be considered as trusted to not forward any DMA transaction to download endpoint devices.
BUG=141609884 TEST=built image and booted to kernel successfully.
Change-Id: I9650b9dd4df1f9bee53ae3737b7bf60b2ef8017b Signed-off-by: John Zhao john.zhao@intel.com --- M src/soc/intel/tigerlake/chip.c 1 file changed, 44 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/68/40968/1
diff --git a/src/soc/intel/tigerlake/chip.c b/src/soc/intel/tigerlake/chip.c index 073c8d2..a0007f3 100644 --- a/src/soc/intel/tigerlake/chip.c +++ b/src/soc/intel/tigerlake/chip.c @@ -3,6 +3,7 @@
#include <device/device.h> #include <device/pci.h> +#include <device/pci_ids.h> #include <fsp/api.h> #include <fsp/util.h> #include <intelblocks/acpi.h> @@ -15,6 +16,7 @@ #include <soc/pci_devs.h> #include <soc/ramstage.h> #include <soc/soc_chip.h> +#include <soc/systemagent.h>
#if CONFIG(HAVE_ACPI_TABLES) const char *soc_acpi_name(const struct device *dev) @@ -114,6 +116,48 @@ gpio_pm_configure(value, TOTAL_GPIO_COMM); }
+static void clear_tbt_pcie_rp_bme(struct device *dev, uint16_t device_id) +{ + uint16_t reg16; + + if (dev) { + if ((pci_read_config16(dev, PCI_DEVICE_ID) == device_id)) { + reg16 = pci_read_config16(dev, PCI_COMMAND); + + /* Check if BME bit is enabled before */ + if ((reg16 & PCI_COMMAND_MASTER) == PCI_COMMAND_MASTER) { + reg16 &= ~PCI_COMMAND_MASTER; + pci_write_config16(dev, PCI_COMMAND, reg16); + } + } + } +} + +void platform_fsp_notify_status(enum fsp_notify_phase phase) +{ + if (phase == END_OF_FIRMWARE) { + struct device *dev; + + /* Check if VT-d is enabled */ + dev = pcidev_path_on_root(SA_DEVFN_ROOT); + if ((pci_read_config32(dev, CAPID0_A) & VTD_DISABLE)) + return; + + /* Clear Thunderbolt PCIe root ports Bus Master Enable(BME) bit */ + dev = pcidev_path_on_root(SA_DEVFN_TBT0); + clear_tbt_pcie_rp_bme(dev, PCI_DEVICE_ID_INTEL_TGL_TBT_RP0); + + dev = pcidev_path_on_root(SA_DEVFN_TBT1); + clear_tbt_pcie_rp_bme(dev, PCI_DEVICE_ID_INTEL_TGL_TBT_RP1); + + dev = pcidev_path_on_root(SA_DEVFN_TBT2); + clear_tbt_pcie_rp_bme(dev, PCI_DEVICE_ID_INTEL_TGL_TBT_RP2); + + dev = pcidev_path_on_root(SA_DEVFN_TBT3); + clear_tbt_pcie_rp_bme(dev, PCI_DEVICE_ID_INTEL_TGL_TBT_RP3); + } +} + void soc_init_pre_device(void *chip_info) { /* Snapshot the current GPIO IRQ polarities. FSP is setting a