|
1 | 1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
2 | 2 |
|
| 3 | +#include <bootstate.h> |
3 | 4 | #include <console/console.h> |
4 | 5 | #include <dasharo/options.h> |
| 6 | +#include <device/mmio.h> |
5 | 7 | #include <drivers/efi/efivars.h> |
| 8 | +#include <fmap.h> |
6 | 9 | #include <option.h> |
7 | 10 | #include <soc/intel/common/reset.h> |
8 | 11 | #include <smmstore.h> |
@@ -285,7 +288,7 @@ uint8_t cse_get_me_disable_mode(void) |
285 | 288 | enum dgpu_state dasharo_dgpu_state(void) |
286 | 289 | { |
287 | 290 | uint8_t dgpu_state = NVIDIA_OPTIMUS; |
288 | | - /* |
| 291 | + /* |
289 | 292 | * 0 - IGPU_ONLY |
290 | 293 | * 1 - NVIDIA_OPTIMUS (iGPU+dGPU) |
291 | 294 | * 2 - DGPU_ONLY |
@@ -540,3 +543,68 @@ bool get_ibecc_option(bool ibecc_default) |
540 | 543 |
|
541 | 544 | return ibecc_en; |
542 | 545 | } |
| 546 | + |
| 547 | +/* Flash Master 1 : HOST/BIOS */ |
| 548 | +#define FLMSTR1 0x80 |
| 549 | + |
| 550 | +/* Flash signature Offset */ |
| 551 | +#define FLASH_SIGN_OFFSET 0x10 |
| 552 | +#define FLMSTR_WR_SHIFT_V2 20 |
| 553 | +#define FLASH_VAL_SIGN 0xFF0A55A |
| 554 | + |
| 555 | +#define SI_DESC_REGION "SI_DESC" |
| 556 | +/* From MTL it is larger, but we still just need the first 4K */ |
| 557 | +#define SI_DESC_SIZE 0x1000 |
| 558 | + |
| 559 | +/* It checks whether host (Flash Master 1) has write access to the Descriptor Region or not */ |
| 560 | +static bool is_descriptor_writeable(uint8_t *desc) |
| 561 | +{ |
| 562 | + /* Check flash has valid signature */ |
| 563 | + if (read32((void *)(desc + FLASH_SIGN_OFFSET)) != FLASH_VAL_SIGN) { |
| 564 | + printk(BIOS_ERR, "Flash Descriptor is not valid\n"); |
| 565 | + return 0; |
| 566 | + } |
| 567 | + /* Check host has write access to the Descriptor Region */ |
| 568 | + if (!((read32((void *)(desc + FLMSTR1)) >> FLMSTR_WR_SHIFT_V2) & BIT(0))) |
| 569 | + return 0; |
| 570 | + |
| 571 | + return 1; |
| 572 | +} |
| 573 | + |
| 574 | +/* |
| 575 | + * This function sets an EFI variable to signal to EDK2 whether the descriptor |
| 576 | + * is locked, which affects the visibility and functionality of certain features |
| 577 | + */ |
| 578 | +static void set_descriptor_lockdown_option(void *unused) |
| 579 | +{ |
| 580 | + uint8_t si_desc_buf[SI_DESC_SIZE]; |
| 581 | + struct region_device desc_rdev, smmstore_rdev; |
| 582 | + uint8_t descriptor_writeable; |
| 583 | + |
| 584 | + if (!CONFIG(INTEL_DESCRIPTOR_MODE_CAPABLE)) |
| 585 | + return; |
| 586 | + |
| 587 | + if (smmstore_lookup_region(&smmstore_rdev)) |
| 588 | + return; |
| 589 | + |
| 590 | + if (fmap_locate_area_as_rdev_rw(SI_DESC_REGION, &desc_rdev) < 0) { |
| 591 | + printk(BIOS_ERR, "Failed to locate %s in the FMAP\n", SI_DESC_REGION); |
| 592 | + return; |
| 593 | + } |
| 594 | + |
| 595 | + if (rdev_readat(&desc_rdev, si_desc_buf, 0, SI_DESC_SIZE) != SI_DESC_SIZE) { |
| 596 | + printk(BIOS_ERR, "Failed to read Descriptor Region from SPI Flash\n"); |
| 597 | + return; |
| 598 | + } |
| 599 | + |
| 600 | + descriptor_writeable = is_descriptor_writeable(si_desc_buf); |
| 601 | + |
| 602 | + printk(BIOS_DEBUG, "Descriptor is %swriteable\n", descriptor_writeable ? "" : "not "); |
| 603 | + |
| 604 | + efi_fv_set_option(&smmstore_rdev, |
| 605 | + &dasharo_system_features_guid, |
| 606 | + "DescriptorWriteable", |
| 607 | + &descriptor_writeable, |
| 608 | + sizeof(descriptor_writeable)); |
| 609 | +} |
| 610 | +BOOT_STATE_INIT_ENTRY(BS_POST_DEVICE, BS_ON_ENTRY, set_descriptor_lockdown_option, NULL); |
0 commit comments