Duncan Laurie has uploaded this change for review. ( https://review.coreboot.org/25347

Change subject: soc/intel: Limit xDCI feature when VBOOT is enabled ......................................................................

soc/intel: Limit xDCI feature when VBOOT is enabled

When CONFIG_VBOOT is enabled then the xDCI controller should only be enabled if the system is in developer mode. This prevents a system in normal/verified mode from being used as a USB peripheral device which could potentially be used to access user data.

Change-Id: Ie3ee9dd7077c094a01fd857a2e4033a12ce8979b Signed-off-by: Duncan Laurie dlaurie@chromium.org --- M src/soc/intel/apollolake/chip.c M src/soc/intel/apollolake/xdci.c M src/soc/intel/cannonlake/Kconfig M src/soc/intel/cannonlake/chip.c M src/soc/intel/common/block/include/intelblocks/xdci.h M src/soc/intel/common/block/xdci/xdci.c M src/soc/intel/skylake/Kconfig M src/soc/intel/skylake/chip_fsp20.c 8 files changed, 23 insertions(+), 3 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/47/25347/1

diff --git a/src/soc/intel/apollolake/chip.c b/src/soc/intel/apollolake/chip.c index cac2f11..d93985e 100644 --- a/src/soc/intel/apollolake/chip.c +++ b/src/soc/intel/apollolake/chip.c @@ -30,6 +30,7 @@ #include <intelblocks/fast_spi.h> #include <intelblocks/p2sb.h> #include <intelblocks/msr.h> +#include <intelblocks/xdci.h> #include <fsp/api.h> #include <fsp/util.h> #include <intelblocks/cpulib.h> @@ -585,6 +586,10 @@ glk_fsp_silicon_init_params_cb(cfg, silconfig); else apl_fsp_silicon_init_params_cb(cfg, silconfig); + + /* Disable xDCI device if it should not be enabled */ + dev = dev_find_slot(0, PCH_DEVFN_XDCI); + silconfig->UsbOtg = xdci_can_enable() ? dev->enabled : 0; }

struct chip_operations soc_intel_apollolake_ops = { diff --git a/src/soc/intel/apollolake/xdci.c b/src/soc/intel/apollolake/xdci.c index 4c3047c..07207b3 100644 --- a/src/soc/intel/apollolake/xdci.c +++ b/src/soc/intel/apollolake/xdci.c @@ -54,7 +54,7 @@ * enabled. If it's disabled assume the switch was already done * in FSP. */ - if (!dev->enabled || !xdci_dev->enabled) + if (!dev->enabled || !xdci_dev->enabled || !xdci_can_enable()) return;

printk(BIOS_INFO, "Putting port 0 into host mode.\n"); diff --git a/src/soc/intel/cannonlake/Kconfig b/src/soc/intel/cannonlake/Kconfig index dab6622..fc73210 100644 --- a/src/soc/intel/cannonlake/Kconfig +++ b/src/soc/intel/cannonlake/Kconfig @@ -70,6 +70,7 @@ select SOC_INTEL_COMMON_BLOCK_SPI select SOC_INTEL_COMMON_BLOCK_TIMER select SOC_INTEL_COMMON_BLOCK_UART + select SOC_INTEL_COMMON_BLOCK_XDCI select SOC_INTEL_COMMON_NHLT select SOC_INTEL_COMMON_RESET select SSE2 diff --git a/src/soc/intel/cannonlake/chip.c b/src/soc/intel/cannonlake/chip.c index b2689b0..c64de71 100644 --- a/src/soc/intel/cannonlake/chip.c +++ b/src/soc/intel/cannonlake/chip.c @@ -19,6 +19,7 @@ #include <device/pci.h> #include <fsp/api.h> #include <fsp/util.h> +#include <intelblocks/xdci.h> #include <romstage_handoff.h> #include <soc/intel/common/vbt.h> #include <soc/pci_devs.h> @@ -262,7 +263,7 @@ } }

- params->XdciEnable = config->XdciEnable; + params->XdciEnable = xdci_can_enable() ? config->XdciEnable : 0;

/* PCI Express */ for (i = 0; i < ARRAY_SIZE(config->PcieClkSrcUsage); i++) { diff --git a/src/soc/intel/common/block/include/intelblocks/xdci.h b/src/soc/intel/common/block/include/intelblocks/xdci.h index fa25513..1158056 100644 --- a/src/soc/intel/common/block/include/intelblocks/xdci.h +++ b/src/soc/intel/common/block/include/intelblocks/xdci.h @@ -17,5 +17,6 @@ #define SOC_INTEL_COMMON_BLOCK_XDCI_H

void soc_xdci_init(struct device *dev); +int xdci_can_enable(void);

#endif /* SOC_INTEL_COMMON_BLOCK_XDCI_H */ diff --git a/src/soc/intel/common/block/xdci/xdci.c b/src/soc/intel/common/block/xdci/xdci.c index 10e6f0d..07093df 100644 --- a/src/soc/intel/common/block/xdci/xdci.c +++ b/src/soc/intel/common/block/xdci/xdci.c @@ -19,9 +19,19 @@ #include <device/pci.h> #include <device/pci_ids.h> #include <intelblocks/xdci.h> +#include <security/vboot/vboot_common.h>

__attribute__((weak)) void soc_xdci_init(struct device *dev) { /* no-op */ }

+/* Only allow xDCI controller in developer mode if VBOOT is enabled */ +int xdci_can_enable(void) +{ + if (IS_ENABLED(CONFIG_VBOOT)) + return vboot_developer_mode_enabled() ? 1 : 0; + else + return 1; +} + static struct device_operations usb_xdci_ops = { .read_resources = &pci_dev_read_resources, .set_resources = &pci_dev_set_resources, diff --git a/src/soc/intel/skylake/Kconfig b/src/soc/intel/skylake/Kconfig index aac4a8f..f3719a5 100644 --- a/src/soc/intel/skylake/Kconfig +++ b/src/soc/intel/skylake/Kconfig @@ -84,6 +84,7 @@ select SOC_INTEL_COMMON_BLOCK_SPI select SOC_INTEL_COMMON_BLOCK_TIMER select SOC_INTEL_COMMON_BLOCK_UART + select SOC_INTEL_COMMON_BLOCK_XDCI select SOC_INTEL_COMMON_BLOCK_XHCI select SOC_INTEL_COMMON_GFX_OPREGION select SOC_INTEL_COMMON_NHLT diff --git a/src/soc/intel/skylake/chip_fsp20.c b/src/soc/intel/skylake/chip_fsp20.c index 3bc66b2..3b1407b 100644 --- a/src/soc/intel/skylake/chip_fsp20.c +++ b/src/soc/intel/skylake/chip_fsp20.c @@ -26,6 +26,7 @@ #include <device/pci.h> #include <fsp/api.h> #include <fsp/util.h> +#include <intelblocks/xdci.h> #include <romstage_handoff.h> #include <soc/acpi.h> #include <soc/intel/common/vbt.h> @@ -221,7 +222,7 @@ params->PchHdaEnable = config->EnableAzalia; params->PchHdaIoBufferOwnership = config->IoBufferOwnership; params->PchHdaDspEnable = config->DspEnable; - params->XdciEnable = config->XdciEnable; + params->XdciEnable = xdci_can_enable() ? config->XdciEnable : 0; params->Device4Enable = config->Device4Enable; params->SataEnable = config->EnableSata; params->SataMode = config->SataMode;