Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 5d16a25e0cece666e9275a1c627050bfd918b6ac^! / .
commit5d16a25e0cece666e9275a1c627050bfd918b6ac[log] [tgz]
authorJohn Zhao <john.zhao@intel.com>Fri May 01 22:04:00 2020 -0700
committerPatrick Georgi <pgeorgi@google.com>Tue Jul 07 17:29:56 2020 +0000
tree2f6bbc3a8bcf9ddce34ae8dac94cdff20eea9e35
parentcb01c2a315d20ca0eb0269b7917a9884d7f4c2fd [diff]
soc/intel/tigerlake: Disable Thunderbolt PCIe root ports bus master

This change disables Thunderbolt PCIe root ports bus master before
handing over to payload in order to mitigate the threat from the
unauthorized external DMA. In this state, the PCIe root ports would
be considered as trusted to not forward any DMA transactions to
downstream endpoint devices.

BUG=b:141609884
TEST=Verified PCIe resource has been allocated properly and USB behind
Thunderbolt dock is enumerated successfully.

Change-Id: I9650b9dd4df1f9bee53ae3737b7bf60b2ef8017b
Signed-off-by: John Zhao <john.zhao@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40968
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>

diff --git a/src/soc/intel/tigerlake/finalize.c b/src/soc/intel/tigerlake/finalize.c
index 534abd9..5bf01de 100644
--- a/src/soc/intel/tigerlake/finalize.c
+++ b/src/soc/intel/tigerlake/finalize.c

@@ -67,12 +67,26 @@
 	pmc_clear_pmcon_sts();
 }
 
+static void tbt_finalize(void)
+{
+	int i;
+	const struct device *dev;
+
+	/* Disable Thunderbolt PCIe root ports bus master */
+	for (i = 0; i < NUM_TBT_FUNCTIONS; i++) {
+		dev = pcidev_path_on_root(SA_DEVFN_TBT(i));
+		if (dev)
+			pci_dev_disable_bus_master(dev);
+	}
+}
+
 static void soc_finalize(void *unused)
 {
 	printk(BIOS_DEBUG, "Finalizing chipset.\n");
 
 	pch_finalize();
 	apm_control(APM_CNT_FINALIZE);
+	tbt_finalize();
 
 	/* Indicate finalize step with post code */
 	post_code(POST_OS_BOOT);

diff --git a/src/soc/intel/tigerlake/include/soc/pci_devs.h b/src/soc/intel/tigerlake/include/soc/pci_devs.h
index ee3e894..82d83605 100644
--- a/src/soc/intel/tigerlake/include/soc/pci_devs.h
+++ b/src/soc/intel/tigerlake/include/soc/pci_devs.h

@@ -35,6 +35,8 @@
 #define  SA_DEV_IPU		PCI_DEV(0, SA_DEV_SLOT_IPU, 0)
 
 #define SA_DEV_SLOT_TBT		0x07
+#define SA_DEVFN_TBT(x)		PCI_DEVFN(SA_DEV_SLOT_TBT, (x))
+#define NUM_TBT_FUNCTIONS	4
 #define  SA_DEVFN_TBT0		PCI_DEVFN(SA_DEV_SLOT_TBT, 0)
 #define  SA_DEVFN_TBT1		PCI_DEVFN(SA_DEV_SLOT_TBT, 1)
 #define  SA_DEVFN_TBT2		PCI_DEVFN(SA_DEV_SLOT_TBT, 2)