Have verified and confirmed that coreboot process as well, it is disabling the BIOS write protect and Enable Prefetching and Caching as part of fast_spi_init().
/* Disable the BIOS write protect so write commands are allowed. */ bios_cntl &= ~SPIBAR_BIOS_CONTROL_EISS; bios_cntl |= SPIBAR_BIOS_CONTROL_WPD; /* Enable Prefetching and caching. */ bios_cntl |= SPIBAR_BIOS_CONTROL_PREFETCH_ENABLE; bios_cntl &= ~SPIBAR_BIOS_CONTROL_CACHE_DISABLE;
On Mon, Oct 26, 2020 at 1:08 AM David Hendricks email@example.com wrote:
I have tried to disable it using setcpi utility and it remains the same
value. Also the flashrom utility also tries but it remains the same.
Warning: BIOS region SMM protection is enabled! Warning: Setting Bios Control at 0xdc from 0xab to 0x89 failed.
Also FLOCKDN=1 is set as 1 as well.
I can clearly tell the BIOS region is read and writable but Protected registers are read only that's also the reason I am not able to write the BIOS region.
What are the options/methods to unlock / disable the Bios Write enable(BIOS_CNTL) or to access the HSFS registers to set the FLOCKDN bit to 0.
Since BIOS_CNTL is 0xab, the SMM_BWP, BLE, and BIOSWE bits are set. This means that you can only write to the BIOS region from within SMM. You should not be able to change this from userspace.
The BLE and BIOSWE bits are not set by default. You mentioned that you're using coreboot, can you check the source code to see if BIOS_CNTL is getting set anywhere? You can also check if FLOCKDN is getting set, possibly by FSP (look for the SpiFlashCfgLockDown FSP parameter getting set).