soc/intel/broadwell: Add Kconfig option to hide Intel ME
On broadwell devices, coreboot currently disables and hides the ME PCI
interface by default, without any way to opt out of this behavior.
Add a Kconfig option to allow for leaving the ME PCI interface
enabled, but set the default to disabled as to leave the current
behavior unchanged.
Change-Id: If670d548c46834740f4e21bb2361b537807c32bf
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/71196
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
diff --git a/src/soc/intel/broadwell/pch/Kconfig b/src/soc/intel/broadwell/pch/Kconfig
index 4800f3f..5a80d32 100644
--- a/src/soc/intel/broadwell/pch/Kconfig
+++ b/src/soc/intel/broadwell/pch/Kconfig
@@ -66,3 +66,11 @@
config CONSOLE_UART_BASE_ADDRESS
default 0xd6000000 if SERIALIO_UART_CONSOLE
+
+config DISABLE_ME_PCI
+ bool "Disable Intel ME PCI interface (MEI1)"
+ default y
+ help
+ Disable and hide the ME PCI interface during finalize stage of boot.
+ This will prevent the OS (and userspace apps) from interacting with
+ the ME via the PCI interface after boot.
diff --git a/src/soc/intel/broadwell/pch/me.c b/src/soc/intel/broadwell/pch/me.c
index f1750d2..08917fd 100644
--- a/src/soc/intel/broadwell/pch/me.c
+++ b/src/soc/intel/broadwell/pch/me.c
@@ -601,6 +601,9 @@
if (!mei_base_address || mei_base_address == (u8 *)0xfffffff0)
return;
+ if (!CONFIG(DISABLE_ME_PCI))
+ return;
+
/* Make sure IO is disabled */
reg16 = pci_read_config16(dev, PCI_COMMAND);
reg16 &= ~(PCI_COMMAND_MASTER |
@@ -1023,7 +1026,7 @@
static void intel_me_enable(struct device *dev)
{
/* Avoid talking to the device in S3 path */
- if (acpi_is_wakeup_s3()) {
+ if (acpi_is_wakeup_s3() && CONFIG(DISABLE_ME_PCI)) {
dev->enabled = 0;
pch_disable_devfn(dev);
}