Subrata Banik has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/63630 )

Change subject: soc/intel/cmn/pch/lockdown: Implement LPC lock down configuration ......................................................................

soc/intel/cmn/pch/lockdown: Implement LPC lock down configuration

This patch implements a helper function to perform LPC registers lock down configuration.

BUG=b:211954778 TEST=Able to build and boot google/redrix to OS. Verified LPC PCI configuration register offset 0xDC bits BILD and LE are set.

Signed-off-by: Subrata Banik subratabanik@google.com Change-Id: I3e49b783e5db0ff40238e6e9259e48a4ecca66f8 --- M src/soc/intel/common/pch/lockdown/lockdown.c 1 file changed, 20 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/30/63630/1

diff --git a/src/soc/intel/common/pch/lockdown/lockdown.c b/src/soc/intel/common/pch/lockdown/lockdown.c index 56d0462..fda056c 100644 --- a/src/soc/intel/common/pch/lockdown/lockdown.c +++ b/src/soc/intel/common/pch/lockdown/lockdown.c @@ -5,6 +5,7 @@ #include <intelblocks/cfg.h> #include <intelblocks/dmi.h> #include <intelblocks/fast_spi.h> +#include <intelblocks/lpc_lib.h> #include <intelblocks/pcr.h> #include <intelpch/lockdown.h> #include <soc/pci_devs.h> @@ -90,6 +91,22 @@ } }

+static void lpc_lockdown_config(int chipset_lockdown) +{ + /* Set BIOS Interface Lock, BIOS Lock */ + if (chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) { + /* BIOS Interface Lock */ + lpc_set_bios_interface_lock_down(); + + /* Only allow writes in SMM */ + if (CONFIG(BOOTMEDIA_SMM_BWP)) + lpc_set_eiss(); + + /* BIOS Lock */ + lpc_set_lock_enable(); + } +} + /* * platform_lockdown_config has 2 major part. * 1. Common SoC lockdown configuration. @@ -104,6 +121,9 @@ /* SPI lock down configuration */ fast_spi_lockdown_cfg(chipset_lockdown);

+ /* LPC lock down configuration */ + lpc_lockdown_config(chipset_lockdown); + /* DMI lock down configuration */ dmi_lockdown_cfg();