Change in coreboot[master]: soc/intel/cannonlake: Allow coreboot to handle SPI lockdown

List overview All Threads
Download

newer

older

Change in coreboot[master]:...

Subrata Banik (Code Review)

9 Sep 2019 9 Sep '19

6:13 a.m.

Subrata Banik has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/35299 )

Change subject: soc/intel/cannonlake: Allow coreboot to handle SPI lockdown ......................................................................

soc/intel/cannonlake: Allow coreboot to handle SPI lockdown

This patch disables FSP-S SPI lockdown UPDs and lets coreboot perform SPI lockdown (i.e.flash register DLOCK, FLOCKDN, and WRSDIS before end of post) in ramstage.

BUG=b:138200201 TEST=FSP debug build suggests those UPDs are disable now.

Change-Id: Id7a6b9859e058b9f1ec1bd45d2c388c02b8ac18c Signed-off-by: Subrata Banik subrata.banik@intel.com --- M src/soc/intel/cannonlake/fsp_params.c 1 file changed, 2 insertions(+), 8 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/99/35299/1

diff --git a/src/soc/intel/cannonlake/fsp_params.c b/src/soc/intel/cannonlake/fsp_params.c index 5cdddc6..9495f84 100644 --- a/src/soc/intel/cannonlake/fsp_params.c +++ b/src/soc/intel/cannonlake/fsp_params.c @@ -419,30 +419,24 @@ params->PchLockDownBiosLock = 0; params->PchLockDownRtcMemoryLock = 0; /* - * TODO: Disable SpiFlashCfgLockDown config after FSP provides - * dedicated UPD - * * Skip SPI Flash Lockdown from inside FSP. * Making this config "0" means FSP won't set the FLOCKDN bit * of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL). * So, it becomes coreboot's responsibility to set this bit * before end of POST for security concerns. */ - // params->SpiFlashCfgLockDown = 0; + params->SpiFlashCfgLockDown = 0; } else { tconfig->PchLockDownGlobalSmi = 1; tconfig->PchLockDownBiosInterface = 1; params->PchLockDownBiosLock = 1; params->PchLockDownRtcMemoryLock = 1; /* - * TODO: Enable SpiFlashCfgLockDown config after FSP provides - * dedicated UPD - * * Enable SPI Flash Lockdown from inside FSP. * Making this config "1" means FSP will set the FLOCKDN bit * of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL). */ - // params->SpiFlashCfgLockDown = 1; + params->SpiFlashCfgLockDown = 1; } }

Attachments:

attachment.htm (text/html — 4.1 KB)

Show replies by date

Subrata Banik (Code Review)

9 Sep 9 Sep

6:45 a.m.

Hello Patrick Rudolph, Aamir Bohra, Tim Wawrzynczak, V Sowmya, build bot (Jenkins), Furquan Shaikh,

I'd like you to reexamine a change. Please visit

https://review.coreboot.org/c/coreboot/+/35299

to look at the new patch set (#2).

Change subject: soc/intel/cannonlake: Allow coreboot to handle SPI lockdown ......................................................................

soc/intel/cannonlake: Allow coreboot to handle SPI lockdown

This patch disables FSP-S SPI lockdown UPDs and lets coreboot perform SPI lockdown (i.e.flash register DLOCK, FLOCKDN, and WRSDIS before end of post) in ramstage.

BUG=b:138200201 TEST=FSP debug build suggests those UPDs are disable now.

Change-Id: Id7a6b9859e058b9f1ec1bd45d2c388c02b8ac18c Signed-off-by: Subrata Banik subrata.banik@intel.com --- M src/soc/intel/cannonlake/fsp_params.c 1 file changed, 6 insertions(+), 8 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/99/35299/2

-- To view, visit https://review.coreboot.org/c/coreboot/+/35299 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Id7a6b9859e058b9f1ec1bd45d2c388c02b8ac18c Gerrit-Change-Number: 35299 Gerrit-PatchSet: 2 Gerrit-Owner: Subrata Banik subrata.banik@intel.com Gerrit-Reviewer: Aamir Bohra aamir.bohra@intel.com Gerrit-Reviewer: Furquan Shaikh furquan@google.com Gerrit-Reviewer: Patrick Rudolph siro@das-labor.org Gerrit-Reviewer: Subrata Banik subrata.banik@intel.com Gerrit-Reviewer: Tim Wawrzynczak twawrzynczak@chromium.org Gerrit-Reviewer: V Sowmya v.sowmya@intel.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-MessageType: newpatchset

Arthur Heymans (Code Review)

7:58 a.m.

Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/35299 )

Change subject: soc/intel/cannonlake: Allow coreboot to handle SPI lockdown ......................................................................

Patch Set 2: Code-Review+1

(1 comment)

https://review.coreboot.org/c/coreboot/+/35299/2/src/soc/intel/cannonlake/fs... File src/soc/intel/cannonlake/fsp_params.c:

https://review.coreboot.org/c/coreboot/+/35299/2/src/soc/intel/cannonlake/fs... PS2, Line 421: # Is the reason for using the preprocessor, that other SOC have different UPD?

-- To view, visit https://review.coreboot.org/c/coreboot/+/35299 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Id7a6b9859e058b9f1ec1bd45d2c388c02b8ac18c Gerrit-Change-Number: 35299 Gerrit-PatchSet: 2 Gerrit-Owner: Subrata Banik subrata.banik@intel.com Gerrit-Reviewer: Aamir Bohra aamir.bohra@intel.com Gerrit-Reviewer: Arthur Heymans arthur@aheymans.xyz Gerrit-Reviewer: Furquan Shaikh furquan@google.com Gerrit-Reviewer: Patrick Rudolph siro@das-labor.org Gerrit-Reviewer: Subrata Banik subrata.banik@intel.com Gerrit-Reviewer: Tim Wawrzynczak twawrzynczak@chromium.org Gerrit-Reviewer: V Sowmya v.sowmya@intel.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-Comment-Date: Mon, 09 Sep 2019 05:58:20 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

Subrata Banik (Code Review)

8:13 a.m.

Subrata Banik has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/35299 )

Change subject: soc/intel/cannonlake: Allow coreboot to handle SPI lockdown ......................................................................

Patch Set 2:

(1 comment)

https://review.coreboot.org/c/coreboot/+/35299/2/src/soc/intel/cannonlake/fs... File src/soc/intel/cannonlake/fsp_params.c:

https://review.coreboot.org/c/coreboot/+/35299/2/src/soc/intel/cannonlake/fs... PS2, Line 421: #

...

Is the reason for using the preprocessor, that other SOC have different UPD?

yes you got it right. Other SOCs like CNL, CFL, WHL doesn't have FSP UPD to skip SPI lockdown options and those products are in production now so code changes are not feasible hence added the support in CML and due to compilation issue guarding it.

-- To view, visit https://review.coreboot.org/c/coreboot/+/35299 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Id7a6b9859e058b9f1ec1bd45d2c388c02b8ac18c Gerrit-Change-Number: 35299 Gerrit-PatchSet: 2 Gerrit-Owner: Subrata Banik subrata.banik@intel.com Gerrit-Reviewer: Aamir Bohra aamir.bohra@intel.com Gerrit-Reviewer: Arthur Heymans arthur@aheymans.xyz Gerrit-Reviewer: Furquan Shaikh furquan@google.com Gerrit-Reviewer: Patrick Rudolph siro@das-labor.org Gerrit-Reviewer: Subrata Banik subrata.banik@intel.com Gerrit-Reviewer: Tim Wawrzynczak twawrzynczak@chromium.org Gerrit-Reviewer: V Sowmya v.sowmya@intel.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-Comment-Date: Mon, 09 Sep 2019 06:13:09 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: Arthur Heymans arthur@aheymans.xyz Gerrit-MessageType: comment

Furquan Shaikh (Code Review)

8:35 a.m.

Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/35299 )

Change subject: soc/intel/cannonlake: Allow coreboot to handle SPI lockdown ......................................................................

Patch Set 2: Code-Review+2

-- To view, visit https://review.coreboot.org/c/coreboot/+/35299 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Id7a6b9859e058b9f1ec1bd45d2c388c02b8ac18c Gerrit-Change-Number: 35299 Gerrit-PatchSet: 2 Gerrit-Owner: Subrata Banik subrata.banik@intel.com Gerrit-Reviewer: Aamir Bohra aamir.bohra@intel.com Gerrit-Reviewer: Arthur Heymans arthur@aheymans.xyz Gerrit-Reviewer: Furquan Shaikh furquan@google.com Gerrit-Reviewer: Patrick Rudolph siro@das-labor.org Gerrit-Reviewer: Subrata Banik subrata.banik@intel.com Gerrit-Reviewer: Tim Wawrzynczak twawrzynczak@chromium.org Gerrit-Reviewer: V Sowmya v.sowmya@intel.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-Comment-Date: Mon, 09 Sep 2019 06:35:02 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

V Sowmya (Code Review)

10:39 a.m.

V Sowmya has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/35299 )

Change subject: soc/intel/cannonlake: Allow coreboot to handle SPI lockdown ......................................................................

Patch Set 2: Code-Review+2

-- To view, visit https://review.coreboot.org/c/coreboot/+/35299 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Id7a6b9859e058b9f1ec1bd45d2c388c02b8ac18c Gerrit-Change-Number: 35299 Gerrit-PatchSet: 2 Gerrit-Owner: Subrata Banik subrata.banik@intel.com Gerrit-Reviewer: Aamir Bohra aamir.bohra@intel.com Gerrit-Reviewer: Arthur Heymans arthur@aheymans.xyz Gerrit-Reviewer: Furquan Shaikh furquan@google.com Gerrit-Reviewer: Patrick Rudolph siro@das-labor.org Gerrit-Reviewer: Subrata Banik subrata.banik@intel.com Gerrit-Reviewer: Tim Wawrzynczak twawrzynczak@chromium.org Gerrit-Reviewer: V Sowmya v.sowmya@intel.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-Comment-Date: Mon, 09 Sep 2019 08:39:53 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

Patrick Georgi (Code Review)

3:31 p.m.

Patrick Georgi has submitted this change. ( https://review.coreboot.org/c/coreboot/+/35299 )

Change subject: soc/intel/cannonlake: Allow coreboot to handle SPI lockdown ......................................................................

soc/intel/cannonlake: Allow coreboot to handle SPI lockdown

This patch disables FSP-S SPI lockdown UPDs and lets coreboot perform SPI lockdown (i.e.flash register DLOCK, FLOCKDN, and WRSDIS before end of post) in ramstage.

BUG=b:138200201 TEST=FSP debug build suggests those UPDs are disable now.

Change-Id: Id7a6b9859e058b9f1ec1bd45d2c388c02b8ac18c Signed-off-by: Subrata Banik subrata.banik@intel.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/35299 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Arthur Heymans arthur@aheymans.xyz Reviewed-by: Furquan Shaikh furquan@google.com Reviewed-by: V Sowmya v.sowmya@intel.com --- M src/soc/intel/cannonlake/fsp_params.c 1 file changed, 6 insertions(+), 8 deletions(-)

Approvals: build bot (Jenkins): Verified Furquan Shaikh: Looks good to me, approved Arthur Heymans: Looks good to me, but someone else must approve V Sowmya: Looks good to me, approved

diff --git a/src/soc/intel/cannonlake/fsp_params.c b/src/soc/intel/cannonlake/fsp_params.c index 06c556c..4038335 100644 --- a/src/soc/intel/cannonlake/fsp_params.c +++ b/src/soc/intel/cannonlake/fsp_params.c @@ -421,31 +421,29 @@ tconfig->PchLockDownBiosInterface = 0; params->PchLockDownBiosLock = 0; params->PchLockDownRtcMemoryLock = 0; +#if CONFIG(SOC_INTEL_COMETLAKE) /* - * TODO: Disable SpiFlashCfgLockDown config after FSP provides - * dedicated UPD - * * Skip SPI Flash Lockdown from inside FSP. * Making this config "0" means FSP won't set the FLOCKDN bit * of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL). * So, it becomes coreboot's responsibility to set this bit * before end of POST for security concerns. */ - // params->SpiFlashCfgLockDown = 0; + params->SpiFlashCfgLockDown = 0; +#endif } else { tconfig->PchLockDownGlobalSmi = 1; tconfig->PchLockDownBiosInterface = 1; params->PchLockDownBiosLock = 1; params->PchLockDownRtcMemoryLock = 1; +#if CONFIG(SOC_INTEL_COMETLAKE) /* - * TODO: Enable SpiFlashCfgLockDown config after FSP provides - * dedicated UPD - * * Enable SPI Flash Lockdown from inside FSP. * Making this config "1" means FSP will set the FLOCKDN bit * of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL). */ - // params->SpiFlashCfgLockDown = 1; + params->SpiFlashCfgLockDown = 1; +#endif } }

-- To view, visit https://review.coreboot.org/c/coreboot/+/35299 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Id7a6b9859e058b9f1ec1bd45d2c388c02b8ac18c Gerrit-Change-Number: 35299 Gerrit-PatchSet: 3 Gerrit-Owner: Subrata Banik subrata.banik@intel.com Gerrit-Reviewer: Aamir Bohra aamir.bohra@intel.com Gerrit-Reviewer: Arthur Heymans arthur@aheymans.xyz Gerrit-Reviewer: Furquan Shaikh furquan@google.com Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com Gerrit-Reviewer: Patrick Rudolph siro@das-labor.org Gerrit-Reviewer: Subrata Banik subrata.banik@intel.com Gerrit-Reviewer: Tim Wawrzynczak twawrzynczak@chromium.org Gerrit-Reviewer: V Sowmya v.sowmya@intel.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net Gerrit-MessageType: merged

1902

days inactive

1902

days old

coreboot-gerrit@coreboot.org

6 comments

5 participants

tags (0)

participants (5)

Arthur Heymans (Code Review)
Furquan Shaikh (Code Review)
Patrick Georgi (Code Review)
Subrata Banik (Code Review)
V Sowmya (Code Review)