Change in coreboot[master]: soc/intel/common/cse: Implement HECI notify - coreboot-gerrit

27 Dec 2021

Attention is currently required from: Patrick Rudolph.
Subrata Banik has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/60405 )
Change subject: soc/intel/common/cse: Implement HECI notify
......................................................................
soc/intel/common/cse: Implement HECI notify
This patch implements required heci operation to perform
prior to booting to OS after platform decides to skip FSP
notify APIsi.e. Ready to Boot and End Of Firmware.
BUG=b:211954778
TEST=Able to build brya with these changes.
Signed-off-by: Subrata Banik subratabanik@google.com
Change-Id: I70bde33f77026e8be165ff082defe3cab6686ec7
---
M src/soc/intel/common/block/cse/Kconfig
M src/soc/intel/common/block/cse/cse_eop.c
2 files changed, 73 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/05/60405/1

diff --git a/src/soc/intel/common/block/cse/Kconfig b/src/soc/intel/common/block/cse/Kconfig
index ec901ca..4dff215 100644
--- a/src/soc/intel/common/block/cse/Kconfig
+++ b/src/soc/intel/common/block/cse/Kconfig
@@ -5,6 +5,15 @@
      Driver for communication with Converged Security Engine (CSE)
      over Host Embedded Controller Interface (HECI)
+config SOC_INTEL_COMMON_BLOCK_HECI_NOTIFY
+	bool
+	default n
+	select SKIP_FSP_NOTIFY_PHASE_READY_TO_BOOT
+	select SKIP_FSP_NOTIFY_PHASE_END_OF_FIRMWARE
+	help
+	  Use this config to perform required heci notify by native coreboot
+	  CSE driver instead calling FSP Notify APIs.
+
 config SOC_INTEL_COMMON_BLOCK_HECI_DISABLE_IN_SMM
    bool
    default y if HECI_DISABLE_USING_SMM
diff --git a/src/soc/intel/common/block/cse/cse_eop.c b/src/soc/intel/common/block/cse/cse_eop.c
index 9ae0fdf..d56f0c7 100644
--- a/src/soc/intel/common/block/cse/cse_eop.c
+++ b/src/soc/intel/common/block/cse/cse_eop.c
@@ -4,9 +4,11 @@
 #include <console/console.h>
 #include <intelblocks/cse.h>
 #include <intelblocks/pmc_ipc.h>
+#include <intelblocks/pmclib.h>
 #include <security/vboot/vboot_common.h>
 #include <soc/intel/common/reset.h>
 #include <soc/pci_devs.h>
+#include <soc/soc_chip.h>
 #include <timestamp.h>
 #include <types.h>
@@ -188,6 +190,25 @@
    }
 }
+static void perform_lock_config(void)
+{
+	/*
+	 * As per ME BWG recommendation the BIOS should not lock down CF9GR bit during
+	 * manufacturing and re-manufacturing environment if HFSTS1 [4] is set.
+	 */
+	if ((cse_is_hfs1_com_normal() || cse_is_hfs1_com_soft_temp_disable()) &&
+			cse_is_hfs1_spi_protected()) {
+		/*
+		 * Make sure payload/OS can't trigger global reset.
+		 * BIOS must also ensure that CF9GR is cleared and locked (Bit31 of ETR3) prior to
+		 * transferring control to the OS.
+		 */
+		pmc_global_reset_disable_and_lock();
+	} else {
+		pmc_global_reset_enable(false);
+	}
+}
+
 static void set_cse_end_of_post(void *unused)
 {
    /*
@@ -208,6 +229,48 @@
    set_cse_device_state(PCH_DEVFN_CSE, DEV_IDLE);
 }
+static void cse_set_to_d0i3(void)
+{
+	if (!is_cse_devfn_visible(PCH_DEVFN_CSE))
+			return;
+
+	set_cse_device_state(PCH_DEVFN_CSE, DEV_IDLE);
+}
+
+static void perform_heci_notify(void *unused)
+{
+	if (!CONFIG(SOC_INTEL_COMMON_BLOCK_HECI_NOTIFY))
+		return;
+
+	/* Step 1: Send EOP to CSE */
+	set_cse_end_of_post(NULL);
+
+	if (CONFIG(SKIP_FSP_NOTIFY_PHASE_READY_TO_BOOT)) {
+		/* Step 2: Perform lock config */
+		perform_lock_config();
+
+		/* Step 3: If devicetree.cb policy is set to disabled, then hide CSE prior to boot */
+		const config_t *conf = config_of_soc();
+
+		if (!conf->HeciEnabled) {
+			cse_set_to_d0i3();
+			cse_disable_mei_devices();
+		}
+	}
+
+	/* Step 4: Setting D0I3 bits for HECI devices */
+	if (CONFIG(SKIP_FSP_NOTIFY_PHASE_END_OF_FIRMWARE))
+		soc_heci_set_d0i3();
+}
+
+/*
+ * Perform HECI notify function when platform selects SOC_INTEL_COMMON_BLOCK_HECI_NOTIFY
+ * that includes sending EOP, lock configuration and put heci to D0i3 etc. Associate
+ * this operation with BS_PAYLOAD_BOOT to ensure its almost the last operation prior
+ * to loading payload.
+ */
+BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_BOOT, BS_ON_ENTRY, perform_heci_notify, NULL);
+
 /*
  * Ideally, to give coreboot maximum flexibility, sending EOP would be done as
  * late possible. If HECI_DISABLE_USING_SMM is selected, then sending EOP must
@@ -217,7 +280,7 @@
  * Otherwise, EOP can be pushed a little later, and can be performed in
  * BS_PAYLOAD_BOOT instead.
  */
-#if !CONFIG(HECI_DISABLE_USING_SMM)
+#if !CONFIG(HECI_DISABLE_USING_SMM) && !CONFIG(SOC_INTEL_COMMON_BLOCK_HECI_NOTIFY)
 BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_BOOT, BS_ON_ENTRY, set_cse_end_of_post, NULL);
 #else
 BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_LOAD, BS_ON_ENTRY, set_cse_end_of_post, NULL);
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/60405
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I70bde33f77026e8be165ff082defe3cab6686ec7
Gerrit-Change-Number: 60405
Gerrit-PatchSet: 1
Gerrit-Owner: Subrata Banik subratabanik@google.com
Gerrit-Reviewer: Patrick Rudolph siro@das-labor.org
Gerrit-Attention: Patrick Rudolph siro@das-labor.org
Gerrit-MessageType: newchange



    