soc/intel/apollolake: Disable HECI1 before jumping to OS This change disables HECI1 device at the end of boot sequence. It uses the P2SB messaging to disable HECI1 device before hiding P2SB and dropping privilege level. BUG=b:119074978 BRANCH=None TEST=Verified that HECI1 device is not visible in lspci on octopus. Change-Id: Id6abfd0c71a466d0cf8f19ae9b91f1d3446e3d09 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/29534 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Karthik Ramasubramanian <kramasub@google.com> Reviewed-by: Kane Chen <kane.chen@intel.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org>

commit: d2c2f83964ff43141011c52c27e6eca7f1e5263a [log] [tgz]
author: Furquan Shaikh <furquan@google.com> Wed Nov 07 10:24:31 2018 -0800
committer: Aaron Durbin <adurbin@chromium.org> Fri Nov 09 18:22:05 2018 +0000
tree: 2134d323847125089573806a548aae317c3ab5de
parent: 890788eb6304a7b88906422a97dbb5c1bc717ee4 [diff]
diff --git a/src/soc/intel/apollolake/chip.c b/src/soc/intel/apollolake/chip.c
index e6904da..e70bfa3 100644
--- a/src/soc/intel/apollolake/chip.c
+++ b/src/soc/intel/apollolake/chip.c

@@ -39,15 +39,16 @@
 #include <intelblocks/itss.h>
 #include <intelblocks/pmclib.h>
 #include <romstage_handoff.h>
+#include <soc/cpu.h>
+#include <soc/heci.h>
+#include <soc/intel/common/vbt.h>
 #include <soc/iomap.h>
 #include <soc/itss.h>
-#include <soc/intel/common/vbt.h>
 #include <soc/nvs.h>
 #include <soc/pci_devs.h>
-#include <spi-generic.h>
-#include <soc/cpu.h>
 #include <soc/pm.h>
 #include <soc/systemagent.h>
+#include <spi-generic.h>
 #include <timer.h>
 
 #include "chip.h"
@@ -715,8 +716,16 @@
 void platform_fsp_notify_status(enum fsp_notify_phase phase)
 {
 	if (phase == END_OF_FIRMWARE) {
+
+		/*
+		 * Before hiding P2SB device and dropping privilege level,
+		 * dump CSE status and disable HECI1 interface.
+		 */
+		heci_cse_lockdown();
+
 		/* Hide the P2SB device to align with previous behavior. */
 		p2sb_hide();
+
 		/*
 		 * As per guidelines BIOS is recommended to drop CPU privilege
 		 * level to IA_UNTRUSTED. After that certain device registers

diff --git a/src/soc/intel/apollolake/cse.c b/src/soc/intel/apollolake/cse.c
index 9051dc3..cfb3b8a 100644
--- a/src/soc/intel/apollolake/cse.c
+++ b/src/soc/intel/apollolake/cse.c

@@ -19,6 +19,11 @@
 #include <console/console.h>
 #include <fmap.h>
 #include <intelblocks/cse.h>
+#include <intelblocks/p2sb.h>
+#include <intelblocks/pcr.h>
+#include <soc/heci.h>
+#include <soc/iomap.h>
+#include <soc/pcr_ids.h>
 #include <soc/pci_devs.h>
 #include <device/pci_ops.h>
 #include <stdint.h>
@@ -187,7 +192,7 @@
 	return reg;
 }
 
-static void dump_cse_state(void *unused)
+static void dump_cse_state(void)
 {
 	uint32_t fwsts1;
 
@@ -218,6 +223,25 @@
 	}
 	printk(BIOS_DEBUG, "\n");
 }
+
+#define PCR_PSFX_T0_SHDW_PCIEN		0x1C
+#define PCR_PSFX_T0_SHDW_PCIEN_FUNDIS	(1 << 8)
+
+static void disable_heci1(void)
+{
+	pcr_or32(PID_PSF3, PSF3_BASE_ADDRESS + PCR_PSFX_T0_SHDW_PCIEN,
+		 PCR_PSFX_T0_SHDW_PCIEN_FUNDIS);
+}
+
+void heci_cse_lockdown(void)
+{
+	dump_cse_state();
+
+	/*
+	 * It is safe to disable HECI1 now since we won't be talking to the ME
+	 * anymore.
+	 */
+	disable_heci1();
+}
+
 BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_ENTRY, fpf_blown, NULL);
-BOOT_STATE_INIT_ENTRY(BS_OS_RESUME, BS_ON_ENTRY, dump_cse_state, NULL);
-BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_LOAD, BS_ON_EXIT, dump_cse_state, NULL);

diff --git a/src/soc/intel/apollolake/include/soc/heci.h b/src/soc/intel/apollolake/include/soc/heci.h
index ac28b14..26d0ea9 100644
--- a/src/soc/intel/apollolake/include/soc/heci.h
+++ b/src/soc/intel/apollolake/include/soc/heci.h

@@ -42,4 +42,7 @@
 /* Returns true if CSE is done with whatever it was doing */
 bool heci_cse_done(void);
 
+/* Dump CSE state and lockdown HECI1 interface using P2SB message. */
+void heci_cse_lockdown(void);
+
 #endif

diff --git a/src/soc/intel/apollolake/include/soc/iomap.h b/src/soc/intel/apollolake/include/soc/iomap.h
index eea1e61..b1cf3da 100644
--- a/src/soc/intel/apollolake/include/soc/iomap.h
+++ b/src/soc/intel/apollolake/include/soc/iomap.h

@@ -45,6 +45,7 @@
 #define SRAM_SIZE_2			(4 * KiB)
 
 #define HECI1_BASE_ADDRESS		0xfed1a000
+#define PSF3_BASE_ADDRESS		0x1e00
 
 /* Temporary BAR for SPI until PCI enumeration assigns a BAR in ramstage. */
 #define SPI_BASE_ADDRESS		0xfe010000

diff --git a/src/soc/intel/apollolake/include/soc/pcr_ids.h b/src/soc/intel/apollolake/include/soc/pcr_ids.h
index dba69b1..4af8f2c 100644
--- a/src/soc/intel/apollolake/include/soc/pcr_ids.h
+++ b/src/soc/intel/apollolake/include/soc/pcr_ids.h

@@ -35,8 +35,10 @@
 #define PID_LPC		0xD2
 #define PID_MODPHY	0xA5
 
-#define PID_AUNIT	0x4d
-#define PID_BUNIT	0x4c
+#define PID_AUNIT	0x4D
+#define PID_BUNIT	0x4C
 #define PID_TUNIT	0x52
 
+#define PID_PSF3	0xC6
+
 #endif	/* SOC_INTEL_APL_PCR_H */
commit	d2c2f83964ff43141011c52c27e6eca7f1e5263a	[log] [tgz]
author	Furquan Shaikh <furquan@google.com>	Wed Nov 07 10:24:31 2018 -0800
committer	Aaron Durbin <adurbin@chromium.org>	Fri Nov 09 18:22:05 2018 +0000
tree	2134d323847125089573806a548aae317c3ab5de
parent	890788eb6304a7b88906422a97dbb5c1bc717ee4 [diff]