From d2c2f83964ff43141011c52c27e6eca7f1e5263a Mon Sep 17 00:00:00 2001
From: Furquan Shaikh <furquan@google.com>
Date: Wed, 7 Nov 2018 10:24:31 -0800
Subject: soc/intel/apollolake: Disable HECI1 before jumping to OS

This change disables HECI1 device at the end of boot sequence. It uses
the P2SB messaging to disable HECI1 device before hiding P2SB and
dropping privilege level.

BUG=b:119074978
BRANCH=None
TEST=Verified that HECI1 device is not visible in lspci on octopus.

Change-Id: Id6abfd0c71a466d0cf8f19ae9b91f1d3446e3d09
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://review.coreboot.org/29534
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Reviewed-by: Kane Chen <kane.chen@intel.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
---
 src/soc/intel/apollolake/cse.c | 30 +++++++++++++++++++++++++++---
 1 file changed, 27 insertions(+), 3 deletions(-)

(limited to 'src/soc/intel/apollolake/cse.c')

diff --git a/src/soc/intel/apollolake/cse.c b/src/soc/intel/apollolake/cse.c
index 9051dc330428..cfb3b8a841d7 100644
--- a/src/soc/intel/apollolake/cse.c
+++ b/src/soc/intel/apollolake/cse.c
@@ -19,6 +19,11 @@
 #include <console/console.h>
 #include <fmap.h>
 #include <intelblocks/cse.h>
+#include <intelblocks/p2sb.h>
+#include <intelblocks/pcr.h>
+#include <soc/heci.h>
+#include <soc/iomap.h>
+#include <soc/pcr_ids.h>
 #include <soc/pci_devs.h>
 #include <device/pci_ops.h>
 #include <stdint.h>
@@ -187,7 +192,7 @@ static uint32_t dump_status(int index, int reg_addr)
 	return reg;
 }
 
-static void dump_cse_state(void *unused)
+static void dump_cse_state(void)
 {
 	uint32_t fwsts1;
 
@@ -218,6 +223,25 @@ static void dump_cse_state(void *unused)
 	}
 	printk(BIOS_DEBUG, "\n");
 }
+
+#define PCR_PSFX_T0_SHDW_PCIEN		0x1C
+#define PCR_PSFX_T0_SHDW_PCIEN_FUNDIS	(1 << 8)
+
+static void disable_heci1(void)
+{
+	pcr_or32(PID_PSF3, PSF3_BASE_ADDRESS + PCR_PSFX_T0_SHDW_PCIEN,
+		 PCR_PSFX_T0_SHDW_PCIEN_FUNDIS);
+}
+
+void heci_cse_lockdown(void)
+{
+	dump_cse_state();
+
+	/*
+	 * It is safe to disable HECI1 now since we won't be talking to the ME
+	 * anymore.
+	 */
+	disable_heci1();
+}
+
 BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_ENTRY, fpf_blown, NULL);
-BOOT_STATE_INIT_ENTRY(BS_OS_RESUME, BS_ON_ENTRY, dump_cse_state, NULL);
-BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_LOAD, BS_ON_EXIT, dump_cse_state, NULL);
-- 
cgit v1.2.3