Subrata Banik has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/63627 )

Change subject: soc/intel/cmn/pch/lockdown: Perform additional SPI lock configuration ......................................................................

soc/intel/cmn/pch/lockdown: Perform additional SPI lock configuration

This patch performs additional SPI lock configuration as per Intel Flash Security Specification.

BUG=b:211954778 TEST=Able to build google/brya and verified all flash security recommendations are being met.

Signed-off-by: Subrata Banik subratabanik@google.com Change-Id: I922db8b46ac0d0523b91fc5aced88e38c8d8a560 --- M src/soc/intel/common/pch/lockdown/lockdown.c 1 file changed, 11 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/27/63627/1

diff --git a/src/soc/intel/common/pch/lockdown/lockdown.c b/src/soc/intel/common/pch/lockdown/lockdown.c index 5ab0611..fb7af1c 100644 --- a/src/soc/intel/common/pch/lockdown/lockdown.c +++ b/src/soc/intel/common/pch/lockdown/lockdown.c @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: GPL-2.0-only */

#include <bootstate.h> +#include <console/console.h> #include <intelblocks/cfg.h> #include <intelblocks/dmi.h> #include <intelblocks/fast_spi.h> @@ -57,9 +58,19 @@ /* Discrete Lock Flash PR registers */ fast_spi_pr_dlock();

+ /* Check if SPI transaction is pending */ + if (fast_spi_cycle_in_progress() < 0) + die("SPI Cycle Pending!"); + + /* Clear any outstanding status like AEL, FCERR, FDONE, SAF etc. */ + fast_spi_clear_outstanding_status(); + /* Lock FAST_SPIBAR */ fast_spi_lock_bar();

+ /* Set Vendor Component Lock (VCL) */ + fast_spi_vscc0_lock(); + /* Set BIOS Interface Lock, BIOS Lock */ if (chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) { /* BIOS Interface Lock */