Change in coreboot[master]: mainboard/: Register chipset_lockdown on xeon_sp mainboards - coreboot-gerrit

20 Mar 2021

Marc Jones has submitted this change. ( https://review.coreboot.org/c/coreboot/+/51388 )
Change subject: mainboard/: Register chipset_lockdown on xeon_sp mainboards
......................................................................
mainboard/: Register chipset_lockdown on xeon_sp mainboards
Set chipset_lockdown in devicetree for recommended security settings.
Change-Id: Ie27450dd32463243b1456932a1d39d40afa81da1
Signed-off-by: Marc Jones marcjones@sysproconsulting.com
Reviewed-on: https://review.coreboot.org/c/coreboot/+/51388
Reviewed-by: Arthur Heymans arthur@aheymans.xyz
Reviewed-by: Jay Talbott JayTalbott@sysproconsulting.com
Reviewed-by: Angel Pons th3fanbus@gmail.com
Tested-by: build bot (Jenkins) no-reply@coreboot.org
---
M src/mainboard/intel/cedarisland_crb/devicetree.cb
M src/mainboard/ocp/deltalake/devicetree.cb
M src/mainboard/ocp/tiogapass/devicetree.cb
3 files changed, 13 insertions(+), 0 deletions(-)
Approvals:
  build bot (Jenkins): Verified
  Arthur Heymans: Looks good to me, approved
  Angel Pons: Looks good to me, approved
  Jay Talbott: Looks good to me, but someone else must approve

diff --git a/src/mainboard/intel/cedarisland_crb/devicetree.cb b/src/mainboard/intel/cedarisland_crb/devicetree.cb
index a82f022..4691c05 100644
--- a/src/mainboard/intel/cedarisland_crb/devicetree.cb
+++ b/src/mainboard/intel/cedarisland_crb/devicetree.cb
@@ -1,4 +1,9 @@
 chip soc/intel/xeon_sp/cpx
+
+	register "common_soc_config" = "{
+		.chipset_lockdown = CHIPSET_LOCKDOWN_COREBOOT,
+	}"
+
    device cpu_cluster 0 on
    	device lapic 0 on end
    end
diff --git a/src/mainboard/ocp/deltalake/devicetree.cb b/src/mainboard/ocp/deltalake/devicetree.cb
index 70dd6d6..08ac3e3 100644
--- a/src/mainboard/ocp/deltalake/devicetree.cb
+++ b/src/mainboard/ocp/deltalake/devicetree.cb
@@ -48,6 +48,10 @@
register "cstate_states" = "CSTATES_C1C6"
+	register "common_soc_config" = "{
+		.chipset_lockdown = CHIPSET_LOCKDOWN_COREBOOT,
+	}"
+
    device cpu_cluster 0 on
      device lapic 0 on end
    end
diff --git a/src/mainboard/ocp/tiogapass/devicetree.cb b/src/mainboard/ocp/tiogapass/devicetree.cb
index 833bb20..8504438 100644
--- a/src/mainboard/ocp/tiogapass/devicetree.cb
+++ b/src/mainboard/ocp/tiogapass/devicetree.cb
@@ -40,6 +40,10 @@
register "gen2_dec" = "0x000c0ca1" # IPMI KCS
+	register "common_soc_config" = "{
+		.chipset_lockdown = CHIPSET_LOCKDOWN_COREBOOT,
+	}"
+
    device cpu_cluster 0 on
      device lapic 0 on end
    end
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/51388
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ie27450dd32463243b1456932a1d39d40afa81da1
Gerrit-Change-Number: 51388
Gerrit-PatchSet: 6
Gerrit-Owner: Marc Jones marc@marcjonesconsulting.com
Gerrit-Reviewer: Angel Pons th3fanbus@gmail.com
Gerrit-Reviewer: Anjaneya "Reddy" Chagam anjaneya.chagam@intel.com
Gerrit-Reviewer: Arthur Heymans arthur@aheymans.xyz
Gerrit-Reviewer: Jay Talbott JayTalbott@sysproconsulting.com
Gerrit-Reviewer: Johnny Lin Johnny_Lin@wiwynn.com
Gerrit-Reviewer: Jonathan Zhang jonzhang@fb.com
Gerrit-Reviewer: Marc Jones marc@marcjonesconsulting.com
Gerrit-Reviewer: Morgan Jang Morgan_Jang@wiwynn.com
Gerrit-Reviewer: Stefan Reinauer stefan.reinauer@coreboot.org
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-MessageType: merged



    