commit d77b97dc9aa9e2fe8e1c5fc6adf1cd34550bb832
author Marc Jones <marcjones@sysproconsulting.com> Tue Apr 06 15:28:40 2021 -0600
committer Marc Jones <marc@marcjonesconsulting.com> Wed Apr 21 18:01:16 2021 +0000
tree e73be992ce6cfcf5d4ad6768e4feac4c22876e84
parent a5761efd14a20b2eb419f27bb8142ae04f1b326e

soc/intel/xeon_sp: Set PAM0123 lock

Set the PAM0123 lock as indicated by the Intel documentation.
This is set is finalize to allow any part of coreboot to update
the PAM prior to booting.

Change-Id: I3cdb7fc08eb903d799d585c56107de92f034b186
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52165
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jay Talbott <JayTalbott@sysproconsulting.com>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>

src/soc/intel/xeon_sp/finalize.c

diff --git a/src/soc/intel/xeon_sp/finalize.c b/src/soc/intel/xeon_sp/finalize.c
index bfcf212..044c1cc 100644
--- a/src/soc/intel/xeon_sp/finalize.c
+++ b/src/soc/intel/xeon_sp/finalize.c
@@ -4,12 +4,30 @@
 #include <console/console.h>
 #include <console/debug.h>
 #include <cpu/x86/smm.h>
+#include <device/pci.h>
+#include <intelpch/lockdown.h>
+#include <soc/pci_devs.h>
+#include <soc/util.h>
+
+#include "chip.h"
+
+static void lock_pam0123(void)
+{
+	const struct device *dev;
+
+	if (get_lockdown_config() != CHIPSET_LOCKDOWN_COREBOOT)
+		return;
+
+	dev = pcidev_path_on_bus(get_stack_busno(1), PCI_DEVFN(SAD_ALL_DEV, SAD_ALL_FUNC));
+	pci_or_config32(dev, SAD_ALL_PAM0123_CSR, PAM_LOCK);
+}
 
 static void soc_finalize(void *unused)
 {
 	printk(BIOS_DEBUG, "Finalizing chipset.\n");
 
 	apm_control(APM_CNT_FINALIZE);
+	lock_pam0123();
 
 	post_code(POST_OS_BOOT);
 }