Have verified and confirmed that coreboot process as well, it is
disabling the BIOS write protect and Enable Prefetching and Caching as part
/* Disable the BIOS write protect so write commands are allowed. */
bios_cntl &= ~SPIBAR_BIOS_CONTROL_EISS;
bios_cntl |= SPIBAR_BIOS_CONTROL_WPD;
/* Enable Prefetching and caching. */
bios_cntl |= SPIBAR_BIOS_CONTROL_PREFETCH_ENABLE;
bios_cntl &= ~SPIBAR_BIOS_CONTROL_CACHE_DISABLE;
On Mon, Oct 26, 2020 at 1:08 AM David Hendricks <david.hendricks(a)gmail.com>
I have tried to disable it using setcpi utility and it remains the same
value. Also the flashrom utility also tries but
it remains the same.
Warning: BIOS region SMM protection is enabled!
Warning: Setting Bios Control at 0xdc from 0xab to 0x89 failed.
Also FLOCKDN=1 is set as 1 as well.
I can clearly tell the BIOS region is read and writable but Protected
registers are read only that's also the reason I am not able to write the
What are the options/methods to unlock / disable the Bios Write
enable(BIOS_CNTL) or to access the HSFS registers to set the FLOCKDN bit to
Since BIOS_CNTL is 0xab, the SMM_BWP, BLE, and BIOSWE bits are set. This
means that you can only write to the BIOS region from within SMM. You
should not be able to change this from userspace.
The BLE and BIOSWE bits are not set by default. You mentioned that you're
using coreboot, can you check the source code to see if BIOS_CNTL is
getting set anywhere? You can also check if FLOCKDN is getting set,
possibly by FSP (look for the SpiFlashCfgLockDown FSP parameter getting