[coreboot-gerrit] New patch to review for filo: 747369c Refactor flash locking for supported Intel chipsets
Nico Huber (nico.huber@secunet.com)
gerrit at coreboot.org
Wed Jul 3 16:17:11 CEST 2013
Nico Huber (nico.huber at secunet.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/3595
-gerrit
commit 747369c2646d851e83220e22f64dda37b4f695d4
Author: Nico Huber <nico.huber at secunet.com>
Date: Wed Jul 3 15:10:58 2013 +0200
Refactor flash locking for supported Intel chipsets
This should make things more readable when support for more
chipsets comes.
Change-Id: I6df6673fa1961ab20796210577950e7be6c12316
Signed-off-by: Nico Huber <nico.huber at secunet.com>
---
drivers/intel.c | 72 ++++++++++++++++++++++++++++++---------------------------
1 file changed, 38 insertions(+), 34 deletions(-)
diff --git a/drivers/intel.c b/drivers/intel.c
index 62d23b5..d2153b7 100644
--- a/drivers/intel.c
+++ b/drivers/intel.c
@@ -49,25 +49,50 @@
#define ICH9_SPI_OPTYPE 0x3896
#define ICH9_SPI_OPMENU 0x3898
-typedef enum {
- ICH7, ICH9,
-} ich_t;
-
-int intel_lockdown_flash(void)
+static void lockdown_flash_ich7(void)
{
u8 reg8;
u32 reg32;
- ich_t ich;
- reg32 = pci_read_config32(PCI_DEV(0,0x1f, 0), 0);
+ debug("Locking BIOS to read-only... ");
+ reg8 = pci_read_config8(PCI_DEV(0,0x1f,0), 0xdc); /* BIOS_CNTL */
+ debug(" BIOS Lockdown Enable: %s; BIOS Write-Enable: %s\n",
+ (reg8&2)?"on":"off", (reg8&1)?"rw":"ro");
+
+ reg8 &= ~(1 << 0); /* clear BIOSWE */
+ pci_write_config8(PCI_DEV(0,0x1f,0), 0xdc, reg8);
+
+ reg8 |= (1 << 1); /* set BLE */
+ pci_write_config8(PCI_DEV(0,0x1f,0), 0xdc, reg8);
+
+ reg32 = RCBA32(0x3410); /* GCS - General Control and Status */
+ reg32 |= 1; /* BILD - BIOS Interface Lockdown */
+ RCBA32(0x3410) = reg32; /* Set BUC.TS and GCS.BBS to RO */
+}
+
+static void lockdown_flash_ich9_empty_ops(void)
+{
+ /* Lock SPI interface with empty opcode registers */
+ RCBA16(ICH9_SPI_PREOP) = 0x0000;
+ RCBA16(ICH9_SPI_OPTYPE) = 0x0000;
+ RCBA32(ICH9_SPI_OPMENU + 0) = 0x00000000;
+ RCBA32(ICH9_SPI_OPMENU + 4) = 0x00000000;
+ RCBA16(ICH9_SPI_HSFS) |= ICH9_SPI_HSFS_FLOCKDN;
+}
+
+int intel_lockdown_flash(void)
+{
+ const u32 reg32 = pci_read_config32(PCI_DEV(0,0x1f, 0), 0);
switch (reg32) {
+
/* ICH7 */
case 0x27b08086:
case 0x27b88086:
case 0x27b98086:
case 0x27bd8086:
- ich = ICH7;
+ lockdown_flash_ich7();
break;
+
/* ICH9 */
case 0x29128086:
case 0x29148086:
@@ -75,38 +100,17 @@ int intel_lockdown_flash(void)
case 0x29178086:
case 0x29188086:
case 0x29198086:
- ich = ICH9;
+ lockdown_flash_ich7();
+ /* Coreboot doesn't use flash regions for ICH9 based
+ boards, so we just lock empty SPI opcodes instead
+ of setting up any write protection. */
+ lockdown_flash_ich9_empty_ops();
break;
default:
debug("Not an ICH7 or ICH9 southbridge\n");
return -1;
}
- /* Now try this: */
- debug("Locking BIOS to read-only... ");
- reg8 = pci_read_config8(PCI_DEV(0,0x1f,0), 0xdc); /* BIOS_CNTL */
- debug(" BIOS Lockdown Enable: %s; BIOS Write-Enable: %s\n",
- (reg8&2)?"on":"off", (reg8&1)?"rw":"ro");
-
- reg8 &= ~(1 << 0); /* clear BIOSWE */
- pci_write_config8(PCI_DEV(0,0x1f,0), 0xdc, reg8);
-
- reg8 |= (1 << 1); /* set BLE */
- pci_write_config8(PCI_DEV(0,0x1f,0), 0xdc, reg8);
-
- reg32 = RCBA32(0x3410); /* GCS - General Control and Status */
- reg32 |= 1; /* BILD - BIOS Interface Lockdown */
- RCBA32(0x3410) = reg32; /* Set BUC.TS and GCS.BBS to RO */
-
- /* Lock SPI interface with empty opcode registers on ICH9. */
- if (ICH9 == ich) {
- RCBA16(ICH9_SPI_PREOP) = 0x0000;
- RCBA16(ICH9_SPI_OPTYPE) = 0x0000;
- RCBA32(ICH9_SPI_OPMENU + 0) = 0x00000000;
- RCBA32(ICH9_SPI_OPMENU + 4) = 0x00000000;
- RCBA16(ICH9_SPI_HSFS) |= ICH9_SPI_HSFS_FLOCKDN;
- }
-
debug("BIOS hard locked until next full reset.\n");
return 0;
More information about the coreboot-gerrit
mailing list