security/vboot: Back up CMOS data later boot phase

Introduce POSTPONE_SPI_ACCESS to save CMOS data in a later boot phase
to avoid flash access delay by other boot controllers.

Intel has pre-CPU boot controllers (e.g. CSE) which load non-CPU
firmwares. Boot-critical firmwares are loaded before CPU reset and
non-boot-critical firmwares are loaded during CPU boot. If another
controller accesses SPI to load firmwares, reading SPI by CPU is ok,
but writing to SPI for saving CMOS data can take ~30ms sometimes.
Saving CMOS data usually takes less than 1ms.


Before this change, sometimes it delays like below:
BS: callback (0x7386f908) @ src/security/vboot/vbnv_cmos.c:122 (32 ms)
After this change, the delay is less than 1 ms:
BS: callback (0x7386f908) @ src/security/vboot/vbnv_cmos.c:122 (0 ms)

TEST
1. Enable DEBUG_BOOT_STATE
2. Check time
BS: callback (0x7386f908) @ src/security/vboot/vbnv_cmos.c:120 (0 ms)

Signed-off-by: Wonkyu Kim <wonkyu.kim@intel.com>
Change-Id: I8836c14601beb56c614605b9840c8506d6d8536c
Reviewed-on: https://review.coreboot.org/c/coreboot/+/87738
Reviewed-by: Subrata Banik <subratabanik@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>

src/Kconfig

@@ -1563,3 +1563,12 @@ config HAVE_RAMSTAGE
 
 config SEPARATE_ROMSTAGE
 	default y
+
+config POSTPONE_SPI_ACCESS
+	bool
+	help
+	  Enable this option to postpone SPI access to later boot phase
+	  (BS_PAYLOAD_BOOT) to prevent flash write access delays caused by
+	  simultaneous accesses from other SPI masters like CSE. This symptom
+	  was found in Intel SoCs (Panther Lake and Wildcat Lake) but it can be
+	  used other SOCs.

src/security/vboot/vbnv_cmos.c

@@ -115,5 +115,10 @@ static void back_up_vbnv_cmos(void *unused)
 	/* Save to flash, will only be saved if different. */
 	save_vbnv_flash(vbnv_cmos);
 }
+
+#if CONFIG(POSTPONE_SPI_ACCESS)
+BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_LOAD, BS_ON_EXIT, back_up_vbnv_cmos, NULL);
+#else
 BOOT_STATE_INIT_ENTRY(BS_POST_DEVICE, BS_ON_EXIT, back_up_vbnv_cmos, NULL);
 #endif
+#endif