sb/intel/*: add option to lockdown chipset on normal boot path
On platforms with a PCH, some registers within host bridge should be
locked down on each normal boot path (done by either coreboot or
payload) and S3 resume (always done by coreboot).
A function to perform such locking is implemented in src/northbridge/
intel/*/finalize.c, and is designed as the handler of an #SMI triggered
with outb(APM_CNT_FINALIZE, APM_CNT), but currently this #SMI is only
triggered during s3 resume, and not on normal boot path. This problem
has beed discussed in
https://mail.coreboot.org/pipermail/coreboot/2017-August/084924.html .
This time, an option "INTEL_CHIPSET_LOCKDOWN" within src/southbridge/
intel/common/Kconfig is added to control the actual locking, which
depends on several compatibility flags, including
"HAVE_INTEL_CHIPSET_LOCKDOWN".
In this commit, "ibexpeak", "bd82x6x", "fsp_bd82x6x", and "lynxpoint"
have the flag "HAVE_INTEL_CHIPSET_LOCKDOWN" selected.
The change is only well tested on Sandy Bridge, my Lenovo x230.
Change-Id: I43d4142291c8737b29738c41e8c484328b297b55
Signed-off-by: Bill XIE <persmule@gmail.com>
Reviewed-on: https://review.coreboot.org/21129
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
diff --git a/src/southbridge/intel/bd82x6x/Kconfig b/src/southbridge/intel/bd82x6x/Kconfig
index c24c71c..9eb3111 100644
--- a/src/southbridge/intel/bd82x6x/Kconfig
+++ b/src/southbridge/intel/bd82x6x/Kconfig
@@ -39,6 +39,7 @@
select HAVE_INTEL_FIRMWARE
select SOUTHBRIDGE_INTEL_COMMON_GPIO
select RTC
+ select HAVE_INTEL_CHIPSET_LOCKDOWN
config EHCI_BAR
hex
diff --git a/src/southbridge/intel/bd82x6x/lpc.c b/src/southbridge/intel/bd82x6x/lpc.c
index ca26250..901f71b 100644
--- a/src/southbridge/intel/bd82x6x/lpc.c
+++ b/src/southbridge/intel/bd82x6x/lpc.c
@@ -829,9 +829,12 @@
static void lpc_final(struct device *dev)
{
- if (CONFIG_HAVE_SMI_HANDLER && acpi_is_wakeup_s3()) {
- /* Call SMM finalize() handlers before resume */
- outb(0xcb, 0xb2);
+ /* Call SMM finalize() handlers before resume */
+ if (IS_ENABLED(CONFIG_HAVE_SMI_HANDLER)) {
+ if (IS_ENABLED(CONFIG_INTEL_CHIPSET_LOCKDOWN) ||
+ acpi_is_wakeup_s3()) {
+ outb(APM_CNT_FINALIZE, APM_CNT);
+ }
}
}
diff --git a/src/southbridge/intel/common/Kconfig b/src/southbridge/intel/common/Kconfig
index 23fb8ce..669569e 100644
--- a/src/southbridge/intel/common/Kconfig
+++ b/src/southbridge/intel/common/Kconfig
@@ -4,3 +4,16 @@
def_bool n
config SOUTHBRIDGE_INTEL_COMMON_SMBUS
def_bool n
+config HAVE_INTEL_CHIPSET_LOCKDOWN
+ def_bool n
+
+config INTEL_CHIPSET_LOCKDOWN
+ depends on HAVE_INTEL_CHIPSET_LOCKDOWN && HAVE_SMI_HANDLER && !CHROMEOS
+ #ChromeOS's payload seems to handle finalization on its on.
+ bool "Lock down chipset in coreboot"
+ default y
+ help
+ Some registers within host bridge on particular chipsets should be
+ locked down on each normal boot path (done by either coreboot or payload)
+ and S3 resume (always done by coreboot). Select this to let coreboot
+ to do this on normal boot path.
diff --git a/src/southbridge/intel/fsp_bd82x6x/Kconfig b/src/southbridge/intel/fsp_bd82x6x/Kconfig
index cebd96d..08400b3 100644
--- a/src/southbridge/intel/fsp_bd82x6x/Kconfig
+++ b/src/southbridge/intel/fsp_bd82x6x/Kconfig
@@ -33,6 +33,7 @@
select HAVE_INTEL_FIRMWARE
select SOUTHBRIDGE_INTEL_COMMON
select SOUTHBRIDGE_INTEL_COMMON_SMBUS
+ select HAVE_INTEL_CHIPSET_LOCKDOWN
config EHCI_BAR
hex
diff --git a/src/southbridge/intel/fsp_bd82x6x/lpc.c b/src/southbridge/intel/fsp_bd82x6x/lpc.c
index 4a5bf68..73366f7 100644
--- a/src/southbridge/intel/fsp_bd82x6x/lpc.c
+++ b/src/southbridge/intel/fsp_bd82x6x/lpc.c
@@ -739,6 +739,17 @@
fadt->x_gpe1_blk.addrh = 0x0;
}
+static void lpc_final(struct device *dev)
+{
+ /* Call SMM finalize() handlers before resume */
+ if (IS_ENABLED(CONFIG_HAVE_SMI_HANDLER)) {
+ if (IS_ENABLED(CONFIG_INTEL_CHIPSET_LOCKDOWN) ||
+ acpi_is_wakeup_s3()) {
+ outb(APM_CNT_FINALIZE, APM_CNT);
+ }
+ }
+}
+
static struct pci_operations pci_ops = {
.set_subsystem = set_subsystem,
};
@@ -750,6 +761,7 @@
.write_acpi_tables = acpi_write_hpet,
.acpi_inject_dsdt_generator = southbridge_inject_dsdt,
.init = lpc_init,
+ .final = lpc_final,
.enable = pch_lpc_enable,
.scan_bus = scan_lpc_bus,
.ops_pci = &pci_ops,
diff --git a/src/southbridge/intel/ibexpeak/Kconfig b/src/southbridge/intel/ibexpeak/Kconfig
index 41ace46f..4b78118 100644
--- a/src/southbridge/intel/ibexpeak/Kconfig
+++ b/src/southbridge/intel/ibexpeak/Kconfig
@@ -36,6 +36,7 @@
select ACPI_SATA_GENERATOR
select HAVE_INTEL_FIRMWARE
select SOUTHBRIDGE_INTEL_COMMON_GPIO
+ select HAVE_INTEL_CHIPSET_LOCKDOWN
config EHCI_BAR
hex
diff --git a/src/southbridge/intel/ibexpeak/lpc.c b/src/southbridge/intel/ibexpeak/lpc.c
index a152dfe..bc50f94 100644
--- a/src/southbridge/intel/ibexpeak/lpc.c
+++ b/src/southbridge/intel/ibexpeak/lpc.c
@@ -782,6 +782,17 @@
intel_acpi_pcie_hotplug_generator(chip->pcie_hotplug_map, 8);
}
+static void lpc_final(struct device *dev)
+{
+ /* Call SMM finalize() handlers before resume */
+ if (IS_ENABLED(CONFIG_HAVE_SMI_HANDLER)) {
+ if (IS_ENABLED(CONFIG_INTEL_CHIPSET_LOCKDOWN) ||
+ acpi_is_wakeup_s3()) {
+ outb(APM_CNT_FINALIZE, APM_CNT);
+ }
+ }
+}
+
static struct pci_operations pci_ops = {
.set_subsystem = set_subsystem,
};
@@ -794,6 +805,7 @@
.acpi_fill_ssdt_generator = southbridge_fill_ssdt,
.write_acpi_tables = acpi_write_hpet,
.init = lpc_init,
+ .final = lpc_final,
.enable = pch_lpc_enable,
.scan_bus = scan_lpc_bus,
.ops_pci = &pci_ops,
diff --git a/src/southbridge/intel/lynxpoint/Kconfig b/src/southbridge/intel/lynxpoint/Kconfig
index c65e5d7..646d480 100644
--- a/src/southbridge/intel/lynxpoint/Kconfig
+++ b/src/southbridge/intel/lynxpoint/Kconfig
@@ -34,6 +34,7 @@
select HAVE_SPI_CONSOLE_SUPPORT
select RTC
select SOUTHBRIDGE_INTEL_COMMON_GPIO if !INTEL_LYNXPOINT_LP
+ select HAVE_INTEL_CHIPSET_LOCKDOWN
config INTEL_LYNXPOINT_LP
bool
diff --git a/src/southbridge/intel/lynxpoint/smi.c b/src/southbridge/intel/lynxpoint/smi.c
index 5f1bdf7..386451f 100644
--- a/src/southbridge/intel/lynxpoint/smi.c
+++ b/src/southbridge/intel/lynxpoint/smi.c
@@ -121,13 +121,13 @@
}
/*
- * Finalize system before payload boot if not in ChromeOS environment.
+ * Finalize system before payload boot if INTEL_CHIPSET_LOCKDOWN=y
*/
-#if !IS_ENABLED(CONFIG_CHROMEOS)
+#if IS_ENABLED(CONFIG_INTEL_CHIPSET_LOCKDOWN)
static void finalize_boot(void *unused)
{
- outb(0xcb, 0xb2);
+ outb(APM_CNT_FINALIZE, APM_CNT);
}
BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_BOOT, BS_ON_ENTRY, finalize_boot, NULL);