From d72d7d1ba0e57efa27e87c73500a7f47e7acd4d2 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Tue, 24 Feb 2026 09:36:34 +0100 Subject: [PATCH] soc/amd/common/block/spi: Check if ROM Armor is enforced Before trying to use the SPI flash controller in ramstage or SMM check if the bus can be claimed. If ROM Armor is enabled abort claiming the bus. Sanity check as the caller must use PSP mailbox interface when ROM Armor is enabled. This commit introduces SOC_AMD_COMMON_BLOCK_PSP_ROM_ARMOR3, that will be used in the following commits to active ROM Armor support. Signed-off-by: Patrick Rudolph Change-Id: Id93747df92bfca46c15a1438c2804c0c574c9f99 Reviewed-on: https://review.coreboot.org/c/coreboot/+/91704 Tested-by: build bot (Jenkins) Reviewed-by: Angel Pons --- src/soc/amd/common/block/psp/psp.c | 3 ++ src/soc/amd/common/block/spi/Kconfig | 38 +++++++++++++++++++++ src/soc/amd/common/block/spi/fch_spi_ctrl.c | 6 ++++ 3 files changed, 47 insertions(+) diff --git a/src/soc/amd/common/block/psp/psp.c b/src/soc/amd/common/block/psp/psp.c index 6368e028c5..b8e908a928 100644 --- a/src/soc/amd/common/block/psp/psp.c +++ b/src/soc/amd/common/block/psp/psp.c @@ -112,6 +112,9 @@ bool psp_get_hsti_state_rom_armor_enforced(void) { uint32_t hsti_state; + if (!CONFIG(SOC_AMD_COMMON_BLOCK_PSP_ROM_ARMOR3)) + return false; + static bool enforced; if (enforced) return true; /* ROM Armor already enforced, no need to check again */ diff --git a/src/soc/amd/common/block/spi/Kconfig b/src/soc/amd/common/block/spi/Kconfig index 085c02a2f6..10e88a98bb 100644 --- a/src/soc/amd/common/block/spi/Kconfig +++ b/src/soc/amd/common/block/spi/Kconfig @@ -132,3 +132,41 @@ config TPM_SPI_SPEED 3: 16.66MHz 4: 100MHz 5: 800KHz + +config SOC_AMD_COMMON_BLOCK_PSP_ROM_ARMOR3 + bool "Enable ROM Armor 3" + select BOOT_DEVICE_NOT_SPI_FLASH + select BOOT_DEVICE_MEMORY_MAPPED + select BOOT_DEVICE_SUPPORTS_WRITES + select SPI_FLASH + select SPI_FLASH_SMM + depends on HAVE_SMI_HANDLER + depends on SOC_AMD_COMMON_BLOCK_PSP + depends on SOC_AMD_COMMON_BLOCK_SPI + depends on !SOC_AMD_COMMON_BLOCK_PSP_SMI + help + Select this option to use PSP ROM Armor3 protocol for SPI flash + operations. This routes SPI read/write/erase operations through + the SMM PSP firmware mailbox interface instead of direct FCH SPI + controller access. After MPinit the SPI will become read only from + x86 perspective and the SPI Ctrl interface will be deactived. + + You will be only able to write SPI regions that are marked 'writable' or + are whitelisted by BIOS directory entries 0x6d (AMD_BIOS_NV_ST). To gain + direct access to the SPI flash, you must issue a reboot. + + WARNING: Since the flash access in the SMI handler is a blocking + operation during which all cores stay in SMM, an erase operation may + lock up the system for a long enough time to be noticeable. Reads and + writes with small data sizes are less problematic. This is AMD + specific design and should be enabled when you don't want to service + PSP SMI requests (see CONFIG_SOC_AMD_COMMON_BLOCK_PSP_SMI). + +config SOC_AMD_PSP_ROM_ARMOR_64K_ERASE + bool + depends on SOC_AMD_COMMON_BLOCK_PSP_ROM_ARMOR3 + default n + help + Enable 64KB erase block size support in addition to 4KB blocks. + This can improve erase performance when erasing large regions. + The PSP firmware must support 64KB erase commands for this to work. diff --git a/src/soc/amd/common/block/spi/fch_spi_ctrl.c b/src/soc/amd/common/block/spi/fch_spi_ctrl.c index 114c733244..79010a60c9 100644 --- a/src/soc/amd/common/block/spi/fch_spi_ctrl.c +++ b/src/soc/amd/common/block/spi/fch_spi_ctrl.c @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: GPL-2.0-only */ #include +#include #include #include #include @@ -342,6 +343,11 @@ static int spi_ctrlr_claim_bus(const struct spi_slave *slave) { uint8_t reg8; + if (psp_get_hsti_state_rom_armor_enforced()) { + printk(BIOS_ERR, "PSP ROM Armor is enforced, cannot access SPI flash directly\n"); + return -1; + } + if (CONFIG(SOC_AMD_COMMON_BLOCK_PSP_SMI)) { if (ENV_RAMSTAGE || ENV_SMM) { reg8 = spi_read8(SPI_MISC_CNTRL);