diff options
author | Tim Wawrzynczak <twawrzynczak@chromium.org> | 2021-06-18 10:34:09 -0600 |
---|---|---|
committer | Tim Wawrzynczak <twawrzynczak@chromium.org> | 2021-06-30 22:19:23 +0000 |
commit | 9fdd2b264b1163009b5c3b0fd0a78df88d719192 (patch) | |
tree | 97ea42937aadc0d360e0d724504d93bfdbff428c /src/soc/intel/common/block/include/intelblocks/cse.h | |
parent | a96e9cb0b444e2d40c5ed625bbbe0e74bd510b1d (diff) | |
download | coreboot-9fdd2b264b1163009b5c3b0fd0a78df88d719192.tar.gz coreboot-9fdd2b264b1163009b5c3b0fd0a78df88d719192.tar.bz2 coreboot-9fdd2b264b1163009b5c3b0fd0a78df88d719192.zip |
soc/intel/common/block/cse: Add BWG error recovery to EOP failure
This patch adds functionality to attempt to allow booting in a secure
configuration (albeit with potentially reduced functionality) when the
CSE EOP message fails in any way. These steps come from the CSME BWG
(13.5, 15.0, 16.), and tell the CSE to disable the MEI bus, which
disables further communication from the host. This is followed by
requesting the PMC to disable the MEI devices. If these steps are
successful, then the boot firmware can continue to boot to the
OS. Otherwise, die() is called, prefering not to boot over leaving the
insecure MEI bus available.
BUG=b:191362590
TEST=Set FSP UPD to disable sending EOP; called this function from a
BS_PAYLOAD_LOAD, ON_ENTRY entry; observed that with just
cse_mei_bus_disable() called, Linux can no longer communicate over MEI:
[ 16.198759] mei_me 0000:00:16.0: wait hw ready failed
[ 16.204488] mei_me 0000:00:16.0: hw_start failed ret = -62
[ 16.210804] mei_me 0000:00:16.0: H_RST is set = 0x80000031
[ 18.245909] mei_me 0000:00:16.0: wait hw ready failed
[ 18.251601] mei_me 0000:00:16.0: hw_start failed ret = -62
[ 18.257785] mei_me 0000:00:16.0: reset: reached maximal consecutive..
[ 18.267622] mei_me 0000:00:16.0: reset failed ret = -19
[ 18.273580] mei_me 0000:00:16.0: link layer initialization failed.
[ 18.280521] mei_me 0000:00:16.0: init hw failure.
[ 18.285880] mei_me 0000:00:16.0: initialization failed.
Calling both error recovery functions causes all of the slot 16 devices
to fail to enumerate in the OS
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Change-Id: I06abf36a9d9d8a5f2afba6002dd5695dd2107db1
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55675
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/soc/intel/common/block/include/intelblocks/cse.h')
-rw-r--r-- | src/soc/intel/common/block/include/intelblocks/cse.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/soc/intel/common/block/include/intelblocks/cse.h b/src/soc/intel/common/block/include/intelblocks/cse.h index 43f3137d6ae8..153cb228dab4 100644 --- a/src/soc/intel/common/block/include/intelblocks/cse.h +++ b/src/soc/intel/common/block/include/intelblocks/cse.h @@ -25,6 +25,9 @@ /* Get Firmware Version Command Id */ #define MKHI_GEN_GET_FW_VERSION 0x2 +/* MEI bus disable command. Must be sent to MEI client endpoint, not MKHI */ +#define MEI_BUS_DISABLE_COMMAND 0xc + /* Set End-of-POST in CSE */ #define MKHI_END_OF_POST 0xc @@ -220,6 +223,9 @@ int cse_hmrfpo_get_status(void); /* Fixed Address MEI Header's ME Address field value */ #define HECI_MKHI_ADDR 0x07 +/* Fixed Address MEI Header's ME Address for MEI bus messages */ +#define HECI_MEI_ADDR 0x00 + /* HMRFPO Status types */ /* Host can't access ME region */ #define MKHI_HMRFPO_DISABLED 0 |