Tim Wawrzynczak has submitted this change. ( https://review.coreboot.org/c/coreboot/+/59698 )

Change subject: soc/intel/common: Add check before sending HMRFPO_ENABLE command ......................................................................

soc/intel/common: Add check before sending HMRFPO_ENABLE command

This patch adds a check to determine if the CSE's current operation mode is ME_HFS1_COM_SECOVER_MEI_MSG or not before sending HMRFPO_ENABLE command to CSE. If CSE is already in the ME_HFS1_COM_SECOVER_MEI_MSG, coreboot skips sending HMRFPO_ENABLE command to CSE to unlock the CSE RW partition.

TEST=Verify sending HMRFPO_ENABLE command on Brya system.

Signed-off-by: Sridhar Siricilla sridhar.siricilla@intel.com Change-Id: I387ac7c7296ab06b9bb440d5d40c3286bf879d3b Reviewed-on: https://review.coreboot.org/c/coreboot/+/59698 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Tim Wawrzynczak twawrzynczak@chromium.org --- M src/soc/intel/common/block/cse/cse.c 1 file changed, 6 insertions(+), 0 deletions(-)

Approvals: build bot (Jenkins): Verified Tim Wawrzynczak: Looks good to me, approved

diff --git a/src/soc/intel/common/block/cse/cse.c b/src/soc/intel/common/block/cse/cse.c index b46d3e4..a80ab48 100644 --- a/src/soc/intel/common/block/cse/cse.c +++ b/src/soc/intel/common/block/cse/cse.c @@ -744,6 +744,12 @@ struct hmrfpo_enable_resp resp; size_t resp_size = sizeof(struct hmrfpo_enable_resp);

+ if (cse_is_hfs1_com_secover_mei_msg()) { + printk(BIOS_DEBUG, "HECI: CSE is already in security override mode, " + "skip sending HMRFPO_ENABLE command to CSE\n"); + return 1; + } + printk(BIOS_DEBUG, "HECI: Send HMRFPO Enable Command\n");

if (!cse_is_hmrfpo_enable_allowed()) {