From 992cc2d332b3991ef8eefb3ce59b18c33d85b245 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Filip=20Lewi=C5=84ski?= <filip.lewinski@3mdeb.com>
Date: Thu, 22 Aug 2024 11:54:58 +0200
Subject: [PATCH] src/soc/intel/baytrail/smihandler.c: wip
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Filip Lewiński <filip.lewinski@3mdeb.com>
---
 src/soc/intel/baytrail/Makefile.mk            |  2 +
 src/soc/intel/baytrail/include/soc/lockdown.h |  7 ++
 src/soc/intel/baytrail/include/soc/spi.h      |  2 +
 src/soc/intel/baytrail/lockdown.c             | 72 +++++++++++++++++++
 src/soc/intel/baytrail/smihandler.c           | 12 +++-
 5 files changed, 94 insertions(+), 1 deletion(-)
 create mode 100644 src/soc/intel/baytrail/include/soc/lockdown.h
 create mode 100644 src/soc/intel/baytrail/lockdown.c

diff --git a/src/soc/intel/baytrail/Makefile.mk b/src/soc/intel/baytrail/Makefile.mk
index 2f825d3746f..de81d743aa2 100644
--- a/src/soc/intel/baytrail/Makefile.mk
+++ b/src/soc/intel/baytrail/Makefile.mk
@@ -51,6 +51,7 @@ ramstage-y += southcluster.c
 ramstage-y += txe.c
 ramstage-y += txei.c
 ramstage-y += xhci.c
+ramstage-y += lockdown.c
 ramstage-$(CONFIG_ELOG) += elog.c
 ramstage-$(CONFIG_VGA_ROM_RUN) += int15.c
 
@@ -63,6 +64,7 @@ endif
 smm-y += iosf.c
 smm-y += pmutil.c
 smm-y += smihandler.c
+smm-y += lockdown.c
 smm-y += tsc_freq.c
 
 # Remove as ramstage gets fleshed out
diff --git a/src/soc/intel/baytrail/include/soc/lockdown.h b/src/soc/intel/baytrail/include/soc/lockdown.h
new file mode 100644
index 00000000000..04c44b3fa0a
--- /dev/null
+++ b/src/soc/intel/baytrail/include/soc/lockdown.h
@@ -0,0 +1,7 @@
+#include <stdbool.h>
+
+
+void platform_lockdown_config(void *unused);
+void enable_smm_bwp(void);
+bool wpd_status(void);
+void disable_smm_bwp(void);
diff --git a/src/soc/intel/baytrail/include/soc/spi.h b/src/soc/intel/baytrail/include/soc/spi.h
index baac3838468..f01dee0ba67 100644
--- a/src/soc/intel/baytrail/include/soc/spi.h
+++ b/src/soc/intel/baytrail/include/soc/spi.h
@@ -24,6 +24,7 @@
 #define UVSCC				0xc8
 #define SCS				0xf8
 # define SMIWPEN			(0x1 << 7)
+# define SMIWPST			(0x1 << 0) // SMI WP Status bit at position 0 in BCR
 #define BCR				0xfc
 # define EISS				(0x1 << 5)
 # define SRC_MASK			(0x3 << 2)
@@ -33,6 +34,7 @@
 # define BCR_LE				(0x1 << 1)
 # define BCR_WPD			(0x1 << 0)
 
+
 /*
  * SPI lockdown configuration.
  */
diff --git a/src/soc/intel/baytrail/lockdown.c b/src/soc/intel/baytrail/lockdown.c
new file mode 100644
index 00000000000..a9f7ef69b29
--- /dev/null
+++ b/src/soc/intel/baytrail/lockdown.c
@@ -0,0 +1,72 @@
+#include <stdint.h>
+#include <acpi/acpi_gnvs.h>
+#include <arch/io.h>
+#include <device/pci_ops.h>
+#include <console/console.h>
+#include <cpu/x86/cache.h>
+#include <cpu/x86/smm.h>
+#include <cpu/intel/em64t100_save_state.h>
+#include <device/pci_def.h>
+#include <elog.h>
+#include <halt.h>
+#include <spi-generic.h>
+#include <smmstore.h>
+#include <soc/spi.h>
+#include <soc/iomap.h>
+#include <soc/iosf.h>
+#include <soc/pci_devs.h>
+#include <soc/pm.h>
+#include <soc/nvs.h>
+#include <soc/device_nvs.h>
+#include <soc/lockdown.h>
+#include <bootstate.h>
+
+// huge overkill with the includes
+// let's worry about that later, when it works
+
+void enable_smm_bwp(void){
+	void *scs = (void *)(SPI_BASE_ADDRESS + SCS);
+	void *bcr = (void *)(SPI_BASE_ADDRESS + BCR);
+	uint32_t reg;
+
+	// Set to enable SMI generation on WP attempts
+	reg = read32(scs);
+	reg |= SMIWPEN;  // Set SMIWPEN
+	write32(scs, reg);
+
+	reg = read32(bcr);
+	// Set to enforce SMM-based protection
+	reg |= EISS;
+	// Set to lock the BIOS write protection settings
+	reg |= BCR_LE;
+	// Unset WPDisable
+	reg &= ~BCR_WPD;
+	write32(bcr, reg);
+}
+
+void disable_smm_bwp(void){
+	void *scs = (void *)(SPI_BASE_ADDRESS + SCS);
+	void *bcr = (void *)(SPI_BASE_ADDRESS + BCR);
+	uint32_t reg;
+
+	write32(scs, read32(scs) & ~SMIWPEN);
+	reg = (read32(bcr) & ~SRC_MASK) | BCR_WPD;
+	reg &= ~EISS;
+	write32(bcr, reg);
+}
+
+bool wpd_status(void)
+{
+	void *bcr = (void *)(SPI_BASE_ADDRESS + BCR);
+	uint32_t reg;
+	reg = read32(bcr);
+	return (reg & BCR_WPD);
+}
+
+void platform_lockdown_config(void *unused){
+	if(CONFIG(BOOTMEDIA_SMM_BWP)){
+		enable_smm_bwp();
+	}
+}
+
+BOOT_STATE_INIT_ENTRY(BS_DEV_RESOURCES, BS_ON_EXIT, platform_lockdown_config, NULL);
diff --git a/src/soc/intel/baytrail/smihandler.c b/src/soc/intel/baytrail/smihandler.c
index 9a478437fda..cc86de4bc62 100644
--- a/src/soc/intel/baytrail/smihandler.c
+++ b/src/soc/intel/baytrail/smihandler.c
@@ -13,12 +13,14 @@
 #include <halt.h>
 #include <spi-generic.h>
 #include <smmstore.h>
-
+#include <soc/spi.h>
+#include <soc/iomap.h>
 #include <soc/iosf.h>
 #include <soc/pci_devs.h>
 #include <soc/pm.h>
 #include <soc/nvs.h>
 #include <soc/device_nvs.h>
+#include <soc/lockdown.h>
 
 void southbridge_smi_set_eos(void)
 {
@@ -265,6 +267,14 @@ static void southbridge_smi_store(void)
 	/* drivers/smmstore/smi.c */
 	ret = smmstore_exec(sub_command, (void *)reg_ebx);
 	io_smi->rax = ret;
+
+	if (!wpd_status()) {
+//		set_insmm_sts(true);
+		//disable smm_bwp
+		//clear the smi
+		enable_smm_bwp();
+//		set_insmm_sts(false);
+	}
 }
 
 static void southbridge_smi_apmc(void)