Attention is currently required from: Tim Wawrzynczak, Subrata Banik, Sridhar Siricilla, Patrick Rudolph, EricR Lai. Rizwan Qureshi has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/58513 )

Change subject: soc/intel/common: Check if CSE is function disable ......................................................................

Patch Set 3:

(1 comment)

File src/soc/intel/common/block/cse/cse.c:

https://review.coreboot.org/c/coreboot/+/58513/comment/93c80431_25161221 PS3, Line 251: /* : * If ME is already hidden then reading ME HFS1 register would be wrong and will : * receive junk, hence, return `true` as CSE is already disable. : */ : if (!is_cse_enabled()) : return true;

Can the CSE get function disabled in any other Operating Mode other than Soft Temp Disable?

Below are the operation modes where BIOS/FSP should function disable the CSE

2 - DEBUG MODE - Can only be enabled or disabled from FIT tool 3 - Soft Temporary Disable - entered when DID timeout or when ME_DISABLE message is sent from host 4 - SECOVR_JMPR - This is when the HDA_SDO is sampled high. To override the flash descriptor override protection, used in factory and repair to flash full image 5 - SECOVR_MEI_MSG - This mode is entered after a global reset post sending a HMRFPO enable message. Typically Used in factory and repair flow as well. 7 - ENHANCED DEBUG MODE - Can only be enabled or disabled from FIT tool

For details refer document number 627331 - Alder Lake Platform Intel® Converged Security and Management Engine BIOS specification