soc/intel/common: Add check before sending HMRFPO_ENABLE command
This patch adds a check to determine if the CSE's current operation mode
is ME_HFS1_COM_SECOVER_MEI_MSG or not before sending HMRFPO_ENABLE
command to CSE. If CSE is already in the ME_HFS1_COM_SECOVER_MEI_MSG,
coreboot skips sending HMRFPO_ENABLE command to CSE to unlock the CSE RW
partition.
TEST=Verify sending HMRFPO_ENABLE command on Brya system.
Signed-off-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Change-Id: I387ac7c7296ab06b9bb440d5d40c3286bf879d3b
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59698
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
diff --git a/src/soc/intel/common/block/cse/cse.c b/src/soc/intel/common/block/cse/cse.c
index b46d3e4..a80ab48 100644
--- a/src/soc/intel/common/block/cse/cse.c
+++ b/src/soc/intel/common/block/cse/cse.c
@@ -744,6 +744,12 @@
struct hmrfpo_enable_resp resp;
size_t resp_size = sizeof(struct hmrfpo_enable_resp);
+ if (cse_is_hfs1_com_secover_mei_msg()) {
+ printk(BIOS_DEBUG, "HECI: CSE is already in security override mode, "
+ "skip sending HMRFPO_ENABLE command to CSE\n");
+ return 1;
+ }
+
printk(BIOS_DEBUG, "HECI: Send HMRFPO Enable Command\n");
if (!cse_is_hmrfpo_enable_allowed()) {