soc/intel/xeon_sp: Lock down DMI3 PCI registers This is required for CBnT. Change-Id: If5637eb8dd7de406b24b92100b68c5fa11c16854 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/47448 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>

commit: 42a6f7e417f64a475f6e2b54ea59ee0a733a9c79 [log] [tgz]
author: Arthur Heymans <arthur@aheymans.xyz> Tue Nov 10 16:46:18 2020 +0100
committer: Hung-Te Lin <hungte@chromium.org> Mon Dec 28 13:39:23 2020 +0000
tree: 8d21e58d01cbda59faaa2e8a87634987d92c55eb
parent: b0ab41e0279e47d3bb09d6cddc803686859e6985 [diff] [blame]
diff --git a/src/soc/intel/xeon_sp/uncore.c b/src/soc/intel/xeon_sp/uncore.c
index 00623a8..2663023 100644
--- a/src/soc/intel/xeon_sp/uncore.c
+++ b/src/soc/intel/xeon_sp/uncore.c

@@ -348,3 +348,29 @@
 	.vendor   = PCI_VENDOR_ID_INTEL,
 	.device   = MMAP_VTD_STACK_CFG_REG_DEVID,
 };
+
+static void dmi3_init(struct device *dev)
+{
+	/* Disable error injection */
+	pci_or_config16(dev, ERRINJCON, 1 << 0);
+
+	/*
+	 * DMIRCBAR registers are not TXT lockable, but the BAR enable
+	 * bit is. TXT requires that DMIRCBAR be disabled for security.
+	 */
+	pci_and_config32(dev, DMIRCBAR, ~(1 << 0));
+}
+
+static struct device_operations dmi3_ops = {
+	.read_resources		= pci_dev_read_resources,
+	.set_resources		= pci_dev_set_resources,
+	.enable_resources	= pci_dev_enable_resources,
+	.init			= dmi3_init,
+	.ops_pci		= &soc_pci_ops,
+};
+
+static const struct pci_driver dmi3_driver __pci_driver = {
+	.ops		= &dmi3_ops,
+	.vendor		= PCI_VENDOR_ID_INTEL,
+	.device		= DMI3_DEVID,
+};
commit	42a6f7e417f64a475f6e2b54ea59ee0a733a9c79	[log] [tgz]
author	Arthur Heymans <arthur@aheymans.xyz>	Tue Nov 10 16:46:18 2020 +0100
committer	Hung-Te Lin <hungte@chromium.org>	Mon Dec 28 13:39:23 2020 +0000
tree	8d21e58d01cbda59faaa2e8a87634987d92c55eb
parent	b0ab41e0279e47d3bb09d6cddc803686859e6985 [diff] [blame]