For added security, there are some gpios that an SoC will want to lock
once initially configured, such as gpios attached to non-host (x86)
controllers, so that they can't be recofigured at a later point in
time by rogue code.
Likewise, a mainboard may have some gpios connected to secure busses
and/or devices that they want to protect from being changed post
initial configuration.
This change adds a generic gpio locking mechanism that allows the SoC
to export a list of GPIOs to be locked down and allows the mainboard
to export a list of GPIOs that it wants locked down once
initialization is complete.
Use the SOC_INTEL_COMMON_BLOCK_SMM_LOCK_GPIO_PADS Kconfig option to
enable this feature.
BUG=b:201430600
TEST='emerge-brya coreboot chromeos-bootimage', flash and verify
brya0 boots successfully to kernel.
Signed-off-by: Nick Vaccaro <nvaccaro@google.com>
Change-Id: I42979fb89567d8bcd9392da4fb8c4113ef427b14
Reviewed-on: https://review.coreboot.org/c/coreboot/+/58351
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
b6f29c9bf4