Attention is currently required from: Tim Wawrzynczak, Nick Vaccaro, Angel Pons, Arthur Heymans, Lean Sheng Tan, Eric Lai. Subrata Banik has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/63518 )

Change subject: soc/intel/common/{sa, adl}: Add `finalize` operation for systemagent ......................................................................

Patch Set 2:

(1 comment)

File src/soc/intel/common/block/systemagent/systemagent.c:

https://review.coreboot.org/c/coreboot/+/63518/comment/c0b1755f_ac8ad4fa PS2, Line 337: skip = CONFIG(USE_FSP_NOTIFY_PHASE_END_OF_FIRMWARE),

is it harmful to attempt to lock the PAM registers twice?

the attribute says RW/L so, next write won't have any impact.

i.e., does this need to be skipped only if the Kconfig is true or can we always send it? i.e., sa_final() would just be set to e.g.

Incase FSP writes it then next write from coreboot doesn't have any value hence, thought of avoiding it.

static void systemagent_final(struct device *dev)
{
        sa_lock_pam();
}

also are there more steps to come here later?

yes, you got me right, I'm planning to implement Intel FAS security register recommendation here for SA/MCH. similarly each common code block to implement CPU, PCH, SPI etc. recommendation so that way, we have good confidence about meeting Intel guideline for each program and if we need SoC override, we can also design accordingly.