commit d1fb5641b6ae3710b7d6c444000a6cbbe0cb6f74
author Nico Huber <nico.huber@secunet.com> Mon Jul 01 16:02:36 2013 +0200
committer Stefan Reinauer <stefan.reinauer@coreboot.org> Wed Jul 10 00:48:33 2013 +0200
tree 5217d776e6b58cdcdf2ccedd7210630626119aef
parent 4f78b187499d8e1f4a2fe3dad8e0997c91f15762

sandybridge: Add option to lock SPI regions on resume

Add an option to mark all SPI regions write protected on each S3 resume.
We were used to lock the SPI interface in the payload which isn't run on
the resume path. So we have to do it here.

For the write protection to be effective, all write opcodes in the
opmenu have to be marked correctly (as write operations) and the whole
SPI interface has to be locked. Both is already done.

Change-Id: I5c268ae8850642f5e82f18c28c71cf1ae248dbff
Signed-off-by: Nico Huber <nico.huber@secunet.com>
Reviewed-on: http://review.coreboot.org/3594
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Ronald G. Minnich <rminnich@gmail.com>
Reviewed-by: Patrick Georgi <patrick@georgi-clan.de>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>

src/southbridge/intel/bd82x6x/finalize.c

diff --git a/src/southbridge/intel/bd82x6x/finalize.c b/src/southbridge/intel/bd82x6x/finalize.c
index bcc2f3d..331e26ca 100644
--- a/src/southbridge/intel/bd82x6x/finalize.c
+++ b/src/southbridge/intel/bd82x6x/finalize.c
@@ -26,6 +26,14 @@
 
 void intel_pch_finalize_smm(void)
 {
+#if CONFIG_LOCK_SPI_ON_RESUME
+	/* Copy flash regions from FREG0-4 to PR0-4
+	   and enable write protection bit31 */
+	int i;
+	for (i = 0; i < 20; i += 4)
+		RCBA32(0x3874 + i) = RCBA32(0x3854 + i) | (1 << 31);
+#endif
+
 	/* Set SPI opcode menu */
 	RCBA16(0x3894) = SPI_OPPREFIX;
 	RCBA16(0x3896) = SPI_OPTYPE;