soc/intel/tigerlake: Lock PAM registers in finalize
Use the support from the previous patch to have coreboot lock the PAM
registers instead of the FSP when the lockdown configuration is set to
coreboot.
Change-Id: Ice4c727f2b75893cd012345a556fd21d9807dfaa
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/57147
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-by: Furquan Shaikh <furquan@google.com>
diff --git a/src/soc/intel/tigerlake/finalize.c b/src/soc/intel/tigerlake/finalize.c
index a28dccd..6ed60e7 100644
--- a/src/soc/intel/tigerlake/finalize.c
+++ b/src/soc/intel/tigerlake/finalize.c
@@ -15,8 +15,10 @@
#include <intelblocks/lpc_lib.h>
#include <intelblocks/pcr.h>
#include <intelblocks/pmclib.h>
+#include <intelblocks/systemagent.h>
#include <intelblocks/tco.h>
#include <intelblocks/thermal.h>
+#include <intelpch/lockdown.h>
#include <soc/p2sb.h>
#include <soc/pci_devs.h>
#include <soc/pcr_ids.h>
@@ -66,6 +68,12 @@
}
}
+static void sa_finalize(void)
+{
+ if (get_lockdown_config() == CHIPSET_LOCKDOWN_COREBOOT)
+ sa_lock_pam();
+}
+
static void soc_finalize(void *unused)
{
printk(BIOS_DEBUG, "Finalizing chipset.\n");
@@ -73,6 +81,7 @@
pch_finalize();
apm_control(APM_CNT_FINALIZE);
tbt_finalize();
+ sa_finalize();
/* Indicate finalize step with post code */
post_code(POST_OS_BOOT);
diff --git a/src/soc/intel/tigerlake/fsp_params.c b/src/soc/intel/tigerlake/fsp_params.c
index 1d7db64..15ba280 100644
--- a/src/soc/intel/tigerlake/fsp_params.c
+++ b/src/soc/intel/tigerlake/fsp_params.c
@@ -398,6 +398,7 @@
params->PchLockDownBiosInterface = lockdown_by_fsp;
params->PchUnlockGpioPads = !lockdown_by_fsp;
params->RtcMemoryLock = lockdown_by_fsp;
+ params->SkipPamLock = !lockdown_by_fsp;
/* coreboot will send EOP before loading payload */
params->EndOfPostMessage = EOP_DISABLE;