[coreboot-gerrit] Change in coreboot[master]: sb/intel/i82801gx: Add the option to lock the platform

Arthur Heymans (Code Review) gerrit at coreboot.org
Mon Jan 22 14:46:29 CET 2018 

Arthur Heymans has uploaded this change for review. ( https://review.coreboot.org/23358


Change subject: sb/intel/i82801gx: Add the option to lock the platform
......................................................................

sb/intel/i82801gx: Add the option to lock the platform

This allows to lock down spi among other things
Mostly copied from bd82x6x.

Tested on Intel DG41WV with the MRC_CACHE driver write protecting the
mrc_cache region.

Change-Id: If9c3a6118f4586d51c093edec896c347ba904b8f
Signed-off-by: Arthur Heymans <arthur at aheymans.xyz>
---
M src/southbridge/intel/i82801gx/Kconfig
M src/southbridge/intel/i82801gx/Makefile.inc
M src/southbridge/intel/i82801gx/i82801gx.h
M src/southbridge/intel/i82801gx/lpc.c
M src/southbridge/intel/i82801gx/smihandler.c
5 files changed, 79 insertions(+), 2 deletions(-)



  git pull ssh://review.coreboot.org:29418/coreboot refs/changes/58/23358/1

diff --git a/src/southbridge/intel/i82801gx/Kconfig b/src/southbridge/intel/i82801gx/Kconfig
index 9fd19ed..2670d23 100644
--- a/src/southbridge/intel/i82801gx/Kconfig
+++ b/src/southbridge/intel/i82801gx/Kconfig
@@ -26,6 +26,7 @@
 	select SOUTHBRIDGE_INTEL_COMMON_GPIO
 	select SOUTHBRIDGE_INTEL_COMMON_SMBUS
 	select SOUTHBRIDGE_INTEL_COMMON_SPI
+	select HAVE_INTEL_CHIPSET_LOCKDOWN
 
 if SOUTHBRIDGE_INTEL_I82801GX
 
diff --git a/src/southbridge/intel/i82801gx/Makefile.inc b/src/southbridge/intel/i82801gx/Makefile.inc
index bb68d93..aa72e1f 100644
--- a/src/southbridge/intel/i82801gx/Makefile.inc
+++ b/src/southbridge/intel/i82801gx/Makefile.inc
@@ -35,7 +35,7 @@
 
 ramstage-$(CONFIG_HAVE_SMI_HANDLER) += smi.c
 ramstage-$(CONFIG_HAVE_SMI_HANDLER) += ../../../cpu/x86/smm/smmrelocate.S
-smm-$(CONFIG_HAVE_SMI_HANDLER) += smihandler.c
+smm-$(CONFIG_HAVE_SMI_HANDLER) += smihandler.c finalize.c
 
 romstage-y += early_smbus.c early_lpc.c
 
diff --git a/src/southbridge/intel/i82801gx/i82801gx.h b/src/southbridge/intel/i82801gx/i82801gx.h
index df744fc..5f9cdc4 100644
--- a/src/southbridge/intel/i82801gx/i82801gx.h
+++ b/src/southbridge/intel/i82801gx/i82801gx.h
@@ -47,6 +47,7 @@
 void i82801gx_enable(device_t dev);
 #endif
 void gpi_route_interrupt(u8 gpi, u8 mode);
+void intel_ich_finalize_smm(void);
 #else
 void enable_smbus(void);
 int smbus_read_byte(unsigned int device, unsigned int address);
@@ -368,6 +369,53 @@
 #define DEVACT_STS	0x44
 #define SS_CNT		0x50
 #define C3_RES		0x54
+#define TCO1_CNT	0x68
+
+/* SPIBAR
+ *
+ * SPI Opcode Menu setup for SPIBAR lockdown
+ * should support most common flash chips.
+ */
+
+#define PREOP		0x54
+#define OPTYPE		0x56
+#define OPMENU		0x58
+
+#define SPI_OPMENU_0 0x01 /* WRSR: Write Status Register */
+#define SPI_OPTYPE_0 0x01 /* Write, no address */
+
+#define SPI_OPMENU_1 0x02 /* BYPR: Byte Program */
+#define SPI_OPTYPE_1 0x03 /* Write, address required */
+
+#define SPI_OPMENU_2 0x03 /* READ: Read Data */
+#define SPI_OPTYPE_2 0x02 /* Read, address required */
+
+#define SPI_OPMENU_3 0x05 /* RDSR: Read Status Register */
+#define SPI_OPTYPE_3 0x00 /* Read, no address */
+
+#define SPI_OPMENU_4 0x20 /* SE20: Sector Erase 0x20 */
+#define SPI_OPTYPE_4 0x03 /* Write, address required */
+
+#define SPI_OPMENU_5 0x9f /* RDID: Read ID */
+#define SPI_OPTYPE_5 0x00 /* Read, no address */
+
+#define SPI_OPMENU_6 0xd8 /* BED8: Block Erase 0xd8 */
+#define SPI_OPTYPE_6 0x03 /* Write, address required */
+
+#define SPI_OPMENU_7 0x0b /* FAST: Fast Read */
+#define SPI_OPTYPE_7 0x02 /* Read, address required */
+
+#define SPI_OPMENU_UPPER ((SPI_OPMENU_7 << 24) | (SPI_OPMENU_6 << 16) | \
+			  (SPI_OPMENU_5 << 8) | SPI_OPMENU_4)
+#define SPI_OPMENU_LOWER ((SPI_OPMENU_3 << 24) | (SPI_OPMENU_2 << 16) | \
+			  (SPI_OPMENU_1 << 8) | SPI_OPMENU_0)
+
+#define SPI_OPTYPE ((SPI_OPTYPE_7 << 14) | (SPI_OPTYPE_6 << 12) | \
+		    (SPI_OPTYPE_5 << 10) | (SPI_OPTYPE_4 << 8) |  \
+		    (SPI_OPTYPE_3 << 6) | (SPI_OPTYPE_2 << 4) |	  \
+		    (SPI_OPTYPE_1 << 2) | (SPI_OPTYPE_0))
+
+#define SPI_OPPREFIX ((0x50 << 8) | 0x06) /* EWSR and WREN */
 
 #endif /* __ACPI__ */
 #endif				/* SOUTHBRIDGE_INTEL_I82801GX_I82801GX_H */
diff --git a/src/southbridge/intel/i82801gx/lpc.c b/src/southbridge/intel/i82801gx/lpc.c
index a26b9f8..99571ca 100644
--- a/src/southbridge/intel/i82801gx/lpc.c
+++ b/src/southbridge/intel/i82801gx/lpc.c
@@ -645,6 +645,17 @@
 	}
 }
 
+static void lpc_final(struct device *dev)
+{
+	/* Call SMM finalize() handlers before resume */
+	if (IS_ENABLED(CONFIG_HAVE_SMI_HANDLER)) {
+		if (IS_ENABLED(CONFIG_INTEL_CHIPSET_LOCKDOWN) ||
+		    acpi_is_wakeup_s3()) {
+			outb(APM_CNT_FINALIZE, APM_CNT);
+		}
+	}
+}
+
 static void set_subsystem(device_t dev, unsigned int vendor,
 			unsigned int device)
 {
@@ -698,6 +709,7 @@
 	.scan_bus		= scan_lpc_bus,
 	.enable			= i82801gx_enable,
 	.ops_pci		= &pci_ops,
+	.final			= lpc_final,
 };
 
 /* 27b0: 82801GH (ICH7 DH) */
diff --git a/src/southbridge/intel/i82801gx/smihandler.c b/src/southbridge/intel/i82801gx/smihandler.c
index 3f537c0..dace4d1 100644
--- a/src/southbridge/intel/i82801gx/smihandler.c
+++ b/src/southbridge/intel/i82801gx/smihandler.c
@@ -37,9 +37,14 @@
 /* While we read PMBASE dynamically in case it changed, let's
  * initialize it with a sane value
  */
-u16 pmbase = DEFAULT_PMBASE;
+static u16 pmbase = DEFAULT_PMBASE;
 u8 smm_initialized = 0;
 
+u16 smm_get_pmbase(void)
+{
+	return pmbase;
+}
+
 /* GNVS needs to be updated by an 0xEA PM Trap (B2) after it has been located
  * by coreboot.
  */
@@ -444,6 +449,8 @@
 	}
 }
 
+static int mainboard_finalized = 0;
+
 static void southbridge_smi_apmc(unsigned int node, smm_state_save_area_t *state_save)
 {
 	u32 pmctrl;
@@ -491,6 +498,15 @@
 		smm_initialized = 1;
 		printk(BIOS_DEBUG, "SMI#: Setting up structures to %p\n", gnvs);
 		break;
+	case APM_CNT_FINALIZE:
+		if (mainboard_finalized) {
+			printk(BIOS_DEBUG, "SMI#: Already finalized\n");
+			return;
+		}
+
+		intel_ich_finalize_smm();
+		mainboard_finalized = 1;
+		break;
 	default:
 		printk(BIOS_DEBUG, "SMI#: Unknown function APM_CNT=%02x\n", reg8);
 	}

-- 
To view, visit https://review.coreboot.org/23358
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: If9c3a6118f4586d51c093edec896c347ba904b8f
Gerrit-Change-Number: 23358
Gerrit-PatchSet: 1
Gerrit-Owner: Arthur Heymans <arthur at aheymans.xyz>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20180122/ea67d1a4/attachment-0001.html>

More information about the coreboot-gerrit mailing list