Felix Held has submitted this change. ( https://review.coreboot.org/c/coreboot/+/63627 )

Change subject: soc/intel/cmn/pch/lockdown: Perform additional SPI lock configuration ......................................................................

soc/intel/cmn/pch/lockdown: Perform additional SPI lock configuration

This patch performs additional SPI lock configuration as per Intel Flash Security Specification.

BUG=b:211954778 TEST=Able to build google/brya and verified all flash security recommendations are being met.

Signed-off-by: Subrata Banik subratabanik@google.com Change-Id: I922db8b46ac0d0523b91fc5aced88e38c8d8a560 Reviewed-on: https://review.coreboot.org/c/coreboot/+/63627 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Lean Sheng Tan sheng.tan@9elements.com Reviewed-by: Eric Lai eric_lai@quanta.corp-partner.google.com --- M src/soc/intel/common/pch/lockdown/lockdown.c 1 file changed, 9 insertions(+), 0 deletions(-)

Approvals: build bot (Jenkins): Verified Lean Sheng Tan: Looks good to me, approved Eric Lai: Looks good to me, approved

diff --git a/src/soc/intel/common/pch/lockdown/lockdown.c b/src/soc/intel/common/pch/lockdown/lockdown.c index 739d135..8032b4a 100644 --- a/src/soc/intel/common/pch/lockdown/lockdown.c +++ b/src/soc/intel/common/pch/lockdown/lockdown.c @@ -57,9 +57,18 @@ /* Discrete Lock Flash PR registers */ fast_spi_pr_dlock();

+ /* Check if SPI transaction is pending */ + fast_spi_cycle_in_progress(); + + /* Clear any outstanding status bits like AEL, FCERR, FDONE, SAF etc. */ + fast_spi_clear_outstanding_status(); + /* Lock FAST_SPIBAR */ fast_spi_lock_bar();

+ /* Set Vendor Component Lock (VCL) */ + fast_spi_vscc0_lock(); + /* Set BIOS Interface Lock, BIOS Lock */ if (chipset_lockdown == CHIPSET_LOCKDOWN_COREBOOT) { /* BIOS Interface Lock */

11 is the latest approved patch-set. No files were changed between the latest approved patch-set and the submitted one.