Aamir Bohra has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/41534 )
Change subject: soc/intel/jasperlake: Use coreboot lock down config ......................................................................
soc/intel/jasperlake: Use coreboot lock down config
Allow lockdown configuration from using CHIPSET_LOCKDOWN_COREBOOT config.
TEST=Build and boot waddledoo board
Change-Id: I3abaa737580ef45b98cabfa23edd84162037dd70 Signed-off-by: Aamir Bohra aamir.bohra@intel.com --- M src/soc/intel/jasperlake/fsp_params.c 1 file changed, 13 insertions(+), 2 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/34/41534/1
diff --git a/src/soc/intel/jasperlake/fsp_params.c b/src/soc/intel/jasperlake/fsp_params.c index 45162f9..eafc374 100644 --- a/src/soc/intel/jasperlake/fsp_params.c +++ b/src/soc/intel/jasperlake/fsp_params.c @@ -7,6 +7,7 @@ #include <intelblocks/lpss.h> #include <intelblocks/mp_init.h> #include <intelblocks/xdci.h> +#include <intelpch/lockdown.h> #include <soc/intel/common/vbt.h> #include <soc/pci_devs.h> #include <soc/ramstage.h> @@ -105,8 +106,18 @@ params->SkipMpInit = !CONFIG_USE_INTEL_FSP_MP_INIT; }
- /* Unlock upper 8 bytes of RTC RAM */ - params->RtcMemoryLock = 0; + /* Chipset Lockdown */ + if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT) { + params->PchLockDownGlobalSmi = 0; + params->PchLockDownBiosInterface = 0; + params->PchUnlockGpioPads = 1; + params->RtcMemoryLock = 0; + } else { + params->PchLockDownGlobalSmi = 1; + params->PchLockDownBiosInterface = 1; + params->PchUnlockGpioPads = 0; + params->RtcMemoryLock = 1; + }
/* Enable End of Post in PEI phase */ params->EndOfPostMessage = EOP_PEI;
Maulik V Vaghela has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/41534 )
Change subject: soc/intel/jasperlake: Use coreboot lock down config ......................................................................
Patch Set 1: Code-Review+2
Karthik Ramasubramanian has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/41534 )
Change subject: soc/intel/jasperlake: Use coreboot lock down config ......................................................................
Patch Set 4: Code-Review+2
Furquan Shaikh has submitted this change. ( https://review.coreboot.org/c/coreboot/+/41534 )
Change subject: soc/intel/jasperlake: Use coreboot lock down config ......................................................................
soc/intel/jasperlake: Use coreboot lock down config
Allow lockdown configuration from using CHIPSET_LOCKDOWN_COREBOOT config.
TEST=Build and boot waddledoo board
Change-Id: I3abaa737580ef45b98cabfa23edd84162037dd70 Signed-off-by: Aamir Bohra aamir.bohra@intel.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/41534 Reviewed-by: Karthik Ramasubramanian kramasub@google.com Reviewed-by: Maulik V Vaghela maulik.v.vaghela@intel.com Tested-by: build bot (Jenkins) no-reply@coreboot.org --- M src/soc/intel/jasperlake/fsp_params.c 1 file changed, 13 insertions(+), 2 deletions(-)
Approvals: build bot (Jenkins): Verified Maulik V Vaghela: Looks good to me, approved Karthik Ramasubramanian: Looks good to me, approved
diff --git a/src/soc/intel/jasperlake/fsp_params.c b/src/soc/intel/jasperlake/fsp_params.c index 45162f9..eafc374 100644 --- a/src/soc/intel/jasperlake/fsp_params.c +++ b/src/soc/intel/jasperlake/fsp_params.c @@ -7,6 +7,7 @@ #include <intelblocks/lpss.h> #include <intelblocks/mp_init.h> #include <intelblocks/xdci.h> +#include <intelpch/lockdown.h> #include <soc/intel/common/vbt.h> #include <soc/pci_devs.h> #include <soc/ramstage.h> @@ -105,8 +106,18 @@ params->SkipMpInit = !CONFIG_USE_INTEL_FSP_MP_INIT; }
- /* Unlock upper 8 bytes of RTC RAM */ - params->RtcMemoryLock = 0; + /* Chipset Lockdown */ + if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT) { + params->PchLockDownGlobalSmi = 0; + params->PchLockDownBiosInterface = 0; + params->PchUnlockGpioPads = 1; + params->RtcMemoryLock = 0; + } else { + params->PchLockDownGlobalSmi = 1; + params->PchLockDownBiosInterface = 1; + params->PchUnlockGpioPads = 0; + params->RtcMemoryLock = 1; + }
/* Enable End of Post in PEI phase */ params->EndOfPostMessage = EOP_PEI;
9elements QA has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/41534 )
Change subject: soc/intel/jasperlake: Use coreboot lock down config ......................................................................
Patch Set 5:
Automatic boot test returned (PASS/FAIL/TOTAL): 4/0/4 Emulation targets: "QEMU x86 q35/ich9" using payload TianoCore : SUCCESS : https://lava.9esec.io/r/4270 "QEMU x86 q35/ich9" using payload SeaBIOS : SUCCESS : https://lava.9esec.io/r/4269 "QEMU x86 i440fx/piix4" using payload SeaBIOS : SUCCESS : https://lava.9esec.io/r/4268 "QEMU AArch64" using payload LinuxBoot_u-root_kexec : SUCCESS : https://lava.9esec.io/r/4267
Please note: This test is under development and might not be accurate at all!
-
9elements QA (Code Review) -
Aamir Bohra (Code Review)
-
Furquan Shaikh (Code Review)
-
Karthik Ramasubramanian (Code Review)
-
Maulik V Vaghela (Code Review)