diff options
| author | Shifei Lu <shifeix.a.lu@intel.com> | 2015-06-11 02:17:06 +0000 |
|---|---|---|
| committer | zwei4 <zwei4@Edk2> | 2015-06-11 02:17:06 +0000 |
| commit | fb1a4e361e9b6ef15142000fc3a79f5f31777de7 (patch) | |
| tree | 5639d3d3b78308c4de364105d1f599dd78a8ce42 | |
| parent | 5374d621c509cbdc22beef7f4cd3526b02c93243 (diff) | |
| download | edk2-fb1a4e361e9b6ef15142000fc3a79f5f31777de7.zip edk2-fb1a4e361e9b6ef15142000fc3a79f5f31777de7.tar.gz edk2-fb1a4e361e9b6ef15142000fc3a79f5f31777de7.tar.bz2 | |
Add code to protect the whole BIOS region on SPI flash, except UEFI Variable region.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Shifei Lu <shifeix.a.lu@intel.com>
Reviewed-by: David Wei <david.wei@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17618 6f19259b-4bc3-4df7-8a09-765794883524
| -rw-r--r-- | Vlv2TbltDevicePkg/PlatformDxe/Platform.c | 42 | ||||
| -rw-r--r-- | Vlv2TbltDevicePkg/PlatformDxe/PlatformDxe.inf | 7 |
2 files changed, 43 insertions, 6 deletions
diff --git a/Vlv2TbltDevicePkg/PlatformDxe/Platform.c b/Vlv2TbltDevicePkg/PlatformDxe/Platform.c index 760b8b0..dba84fb 100644 --- a/Vlv2TbltDevicePkg/PlatformDxe/Platform.c +++ b/Vlv2TbltDevicePkg/PlatformDxe/Platform.c @@ -353,12 +353,23 @@ SpiBiosProtectionFunction( {
UINTN mPciD31F0RegBase;
- UINTN BiosFlaLower = 0;
- UINTN BiosFlaLimit = 0x7fffff;
-
- BiosFlaLower = PcdGet32(PcdFlashMicroCodeAddress)-PcdGet32(PcdFlashAreaBaseAddress);
+ UINTN BiosFlaLower0;
+ UINTN BiosFlaLimit0;
+ UINTN BiosFlaLower1;
+ UINTN BiosFlaLimit1;
+
+ BiosFlaLower0 = PcdGet32(PcdFlashMicroCodeAddress)-PcdGet32(PcdFlashAreaBaseAddress);
+ BiosFlaLimit0 = PcdGet32(PcdFlashMicroCodeSize)-1;
+ #ifdef MINNOW2_FSP_BUILD
+ BiosFlaLower1 = PcdGet32(PcdFlashFvFspBase)-PcdGet32(PcdFlashAreaBaseAddress);
+ BiosFlaLimit1 = (PcdGet32(PcdFlashFvRecoveryBase)-PcdGet32(PcdFlashFvFspBase)+PcdGet32(PcdFlashFvRecoverySize))-1;
+ #else
+ BiosFlaLower1 = PcdGet32(PcdFlashFvMainBase)-PcdGet32(PcdFlashAreaBaseAddress);
+ BiosFlaLimit1 = (PcdGet32(PcdFlashFvRecoveryBase)-PcdGet32(PcdFlashFvMainBase)+PcdGet32(PcdFlashFvRecoverySize))-1;
+ #endif
+
mPciD31F0RegBase = MmPciAddress (0,
DEFAULT_PCI_BUS_NUMBER_PCH,
PCI_DEVICE_NUMBER_PCH_LPC,
@@ -391,7 +402,7 @@ SpiBiosProtectionFunction( //
MmioOr32((UINTN)(SpiBase + R_PCH_SPI_PR0),
B_PCH_SPI_PR0_RPE|B_PCH_SPI_PR0_WPE|\
- (B_PCH_SPI_PR0_PRB_MASK&(BiosFlaLower>>12))|(B_PCH_SPI_PR0_PRL_MASK&(BiosFlaLimit>>12)<<16));
+ (B_PCH_SPI_PR0_PRB_MASK&(BiosFlaLower0>>12))|(B_PCH_SPI_PR0_PRL_MASK&(BiosFlaLimit0>>12)<<16));
//
//Lock down PR0
@@ -405,6 +416,25 @@ SpiBiosProtectionFunction( DEBUG((EFI_D_ERROR, "Failed to lock down PR0.\n"));
}
+ //
+ //Set PR1
+ //
+
+ MmioOr32((UINTN)(SpiBase + R_PCH_SPI_PR1),
+ B_PCH_SPI_PR1_RPE|B_PCH_SPI_PR1_WPE|\
+ (B_PCH_SPI_PR1_PRB_MASK&(BiosFlaLower1>>12))|(B_PCH_SPI_PR1_PRL_MASK&(BiosFlaLimit1>>12)<<16));
+
+ //
+ //Lock down PR1
+ //
+ MmioOr16 ((UINTN) (SpiBase + R_PCH_SPI_HSFS), (UINT16) (B_PCH_SPI_HSFS_FLOCKDN));
+
+ //
+ // Verify if it's really locked.
+ //
+ if ((MmioRead16 (SpiBase + R_PCH_SPI_HSFS) & B_PCH_SPI_HSFS_FLOCKDN) == 0) {
+ DEBUG((EFI_D_ERROR, "Failed to lock down PR1.\n"));
+ }
return;
}
@@ -690,7 +720,7 @@ InitializePlatform ( &mReadyToBootEvent
);
//
- // Create a ReadyToBoot Event to run enable PR0 and lock down
+ // Create a ReadyToBoot Event to run enable PR0/PR1 and lock down,unlock variable region
//
if(mSystemConfiguration.SpiRwProtect==1) {
Status = EfiCreateEventReadyToBootEx (
diff --git a/Vlv2TbltDevicePkg/PlatformDxe/PlatformDxe.inf b/Vlv2TbltDevicePkg/PlatformDxe/PlatformDxe.inf index daf6d70..27216b7 100644 --- a/Vlv2TbltDevicePkg/PlatformDxe/PlatformDxe.inf +++ b/Vlv2TbltDevicePkg/PlatformDxe/PlatformDxe.inf @@ -62,6 +62,7 @@ Vlv2DeviceRefCodePkg/Vlv2DeviceRefCodePkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
+ IntelFspWrapperPkg/IntelFspWrapperPkg.dec
[LibraryClasses]
BaseLib
@@ -133,7 +134,13 @@ gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
gPlatformModuleTokenSpaceGuid.PcdFlashAreaBaseAddress
gPlatformModuleTokenSpaceGuid.PcdFlashMicroCodeAddress
+ gPlatformModuleTokenSpaceGuid.PcdFlashMicroCodeSize
gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdFastPS2Detection
+ gPlatformModuleTokenSpaceGuid.PcdFlashFvMainBase
+ gPlatformModuleTokenSpaceGuid.PcdFlashFvRecoveryBase
+ gPlatformModuleTokenSpaceGuid.PcdFlashFvRecoverySize
+ gFspWrapperTokenSpaceGuid.PcdFlashFvFspBase
+
[Depex]
gEfiPciRootBridgeIoProtocolGuid AND
|