Star Labs has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/52800 )
Change subject: Added CMOS option to disable ME ......................................................................
Added CMOS option to disable ME
Signed-off-by: Sean Rhodes sean@starlabs.systems Change-Id: I374db3b7c0ded71cdc18f27970252fec7220cc20 --- M src/soc/intel/cannonlake/me.c M src/soc/intel/common/block/cse/cse.c M src/soc/intel/skylake/me.c M src/soc/intel/tigerlake/me.c 4 files changed, 42 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/00/52800/1
diff --git a/src/soc/intel/cannonlake/me.c b/src/soc/intel/cannonlake/me.c index 7bbe1ae..e949716 100644 --- a/src/soc/intel/cannonlake/me.c +++ b/src/soc/intel/cannonlake/me.c @@ -154,5 +154,8 @@ hfsts6.fields.txt_support ? "YES" : "NO"); }
+#if CONFIG(ME_STATE_BY_CMOS) +BOOT_STATE_INIT_ENTRY(BS_OS_RESUME_CHECK, BS_ON_EXIT, disable_me, NULL); +#endif BOOT_STATE_INIT_ENTRY(BS_DEV_ENABLE, BS_ON_EXIT, print_me_fw_version, NULL); BOOT_STATE_INIT_ENTRY(BS_OS_RESUME_CHECK, BS_ON_EXIT, dump_me_status, NULL); diff --git a/src/soc/intel/common/block/cse/cse.c b/src/soc/intel/common/block/cse/cse.c index c6f87b4..2beb5a5 100644 --- a/src/soc/intel/common/block/cse/cse.c +++ b/src/soc/intel/common/block/cse/cse.c @@ -14,6 +14,8 @@ #include <soc/me.h> #include <string.h> #include <timer.h> +#include <option.h> +#include <types.h>
#define MAX_HECI_MESSAGE_RETRY_COUNT 5
@@ -794,6 +796,37 @@ return resp.status; }
+void disable_me(void *unused) +{ + /* First check if ME should be disabled */ + u8 me_state = get_int_option("me_state", 0xff); + printk(BIOS_DEBUG, "CMOS: me_state = %d\n", me_state); + if (me_state == 1) { + printk(BIOS_DEBUG, "HECI: Sending command to disable\n"); + int status; + + struct mkhi_hdr reply; + struct disable_command { + struct mkhi_hdr hdr; + uint32_t rule_id; + uint8_t rule_len; + uint32_t rule_data; + } __packed; + struct disable_command msg = { + .hdr = { + .group_id = 0x03, + .command = 0x03, + }, + .rule_id = 6, + .rule_len = 4, + .rule_data = 0, + }; + size_t reply_size; + status = heci_send_receive(&msg, sizeof(msg), &reply, &reply_size); + printk(BIOS_DEBUG, "HECI: Disable ME set %s!\n", status ? "success" : "failure"); + } +} + void print_me_fw_version(void *unused) { struct version { diff --git a/src/soc/intel/skylake/me.c b/src/soc/intel/skylake/me.c index 89491f8..d85c83d 100644 --- a/src/soc/intel/skylake/me.c +++ b/src/soc/intel/skylake/me.c @@ -361,4 +361,7 @@ * This can't be put in intel_me_status because by the time control * reaches there, ME doesn't respond to GET_FW_VERSION command. */ +#if CONFIG(ME_STATE_BY_CMOS) +BOOT_STATE_INIT_ENTRY(BS_OS_RESUME_CHECK, BS_ON_EXIT, disable_me, NULL); +#endif BOOT_STATE_INIT_ENTRY(BS_DEV_ENABLE, BS_ON_EXIT, print_me_fw_version, NULL); diff --git a/src/soc/intel/tigerlake/me.c b/src/soc/intel/tigerlake/me.c index da1a299..27d87e0 100644 --- a/src/soc/intel/tigerlake/me.c +++ b/src/soc/intel/tigerlake/me.c @@ -162,6 +162,8 @@ printk(BIOS_DEBUG, "ME: TXT Support : %s\n", hfsts6.fields.txt_support ? "YES" : "NO"); } - +#if CONFIG(ME_STATE_BY_CMOS) +BOOT_STATE_INIT_ENTRY(BS_OS_RESUME_CHECK, BS_ON_EXIT, disable_me, NULL); +#endif BOOT_STATE_INIT_ENTRY(BS_DEV_ENABLE, BS_ON_EXIT, print_me_fw_version, NULL); BOOT_STATE_INIT_ENTRY(BS_OS_RESUME_CHECK, BS_ON_EXIT, dump_me_status, NULL);