Attention is currently required from: Nico Huber, Angel Pons, Patrick Rudolph. Benjamin Doron has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/50048 )

Change subject: soc/intel/{skylake,cannonlake}: Co-ordinate lockdown configuration ......................................................................

Patch Set 7:

(1 comment)

File src/soc/intel/skylake/chip.c:

https://review.coreboot.org/c/coreboot/+/50048/comment/8ddd9f08_a2b69932 PS5, Line 332: }

Yeah, I'm working on it.

Oh, I didn't know. Currently, I have the initial lock working (but the system hangs on writes to SPI) and I've found that the BIOSWR_STS bit in the TCO_STS register - `(1 << 8)` in the common smihandler - is only applicable to LPC BIOS writes, so smihandler_soc_check_illegal_access() probably is returning early. Instead, we need to check SPI_SYNC_SS in SPI BIOS_CONTROL.

Additionally, there's an MSR to set (0x1fe on Skylake and Cannonlake) when EISS is set. I'll test what I have, then I can push patches.