Felix Held has submitted this change. ( https://review.coreboot.org/c/coreboot/+/61520 )
Change subject: soc/intel/common/cse: Add function to perform global reset lock ......................................................................
soc/intel/common/cse: Add function to perform global reset lock
This patch implements `cse_control_global_reset_lock()` as per ME BWG (doc: 627331) recommendation.
It is recommended that BIOS should set this bit early on in the boot sequence, and then clear it and set the CF9LOCK bit prior to loading the OS in both an Intel CSME Enabled and a Intel CSME Disabled system.
Note: For CSE-Lite SKUs BIOS should set CF9LOCK bit unconditionally.
BUG=b:211954778 TEST=Able to build and boot Brya.
Signed-off-by: Subrata Banik subratabanik@google.com Change-Id: I3894b2cd8b90dc033f475384486815ab2fadf381 Reviewed-on: https://review.coreboot.org/c/coreboot/+/61520 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Arthur Heymans arthur@aheymans.xyz Reviewed-by: Lean Sheng Tan sheng.tan@9elements.com Reviewed-by: Sridhar Siricilla sridhar.siricilla@intel.com --- M src/soc/intel/common/block/cse/cse.c M src/soc/intel/common/block/include/intelblocks/cse.h 2 files changed, 23 insertions(+), 0 deletions(-)
Approvals: build bot (Jenkins): Verified Arthur Heymans: Looks good to me, approved Lean Sheng Tan: Looks good to me, approved Sridhar Siricilla: Looks good to me, approved
diff --git a/src/soc/intel/common/block/cse/cse.c b/src/soc/intel/common/block/cse/cse.c index a9a619c..5140369 100644 --- a/src/soc/intel/common/block/cse/cse.c +++ b/src/soc/intel/common/block/cse/cse.c @@ -11,6 +11,7 @@ #include <device/pci_ids.h> #include <device/pci_ops.h> #include <intelblocks/cse.h> +#include <intelblocks/pmclib.h> #include <option.h> #include <security/vboot/misc.h> #include <security/vboot/vboot_common.h> @@ -1008,6 +1009,25 @@ } }
+void cse_control_global_reset_lock(void) +{ + /* + * As per ME BWG recommendation the BIOS should not lock down CF9GR bit during + * manufacturing and re-manufacturing environment if HFSTS1 [4] is set. Note: + * this recommendation is not applicable for CSE-Lite SKUs where BIOS should set + * CF9LOCK bit irrespectively. + * + * Other than that, make sure payload/OS can't trigger global reset. + * + * BIOS must also ensure that CF9GR is cleared and locked (Bit31 of ETR3) + * prior to transferring control to the OS. + */ + if (CONFIG(SOC_INTEL_CSE_LITE_SKU) || cse_is_hfs1_spi_protected()) + pmc_global_reset_disable_and_lock(); + else + pmc_global_reset_enable(false); +} + #if ENV_RAMSTAGE
/* diff --git a/src/soc/intel/common/block/include/intelblocks/cse.h b/src/soc/intel/common/block/include/intelblocks/cse.h index c2efab1..e67d9d8 100644 --- a/src/soc/intel/common/block/include/intelblocks/cse.h +++ b/src/soc/intel/common/block/include/intelblocks/cse.h @@ -495,6 +495,9 @@ /* Function sets D0I3 for all HECI devices */ void heci_set_to_d0i3(void);
+/* Function performs the global reset lock */ +void cse_control_global_reset_lock(void); + /* * SoC override API to make heci1 disable using PCR. *