Manualshelf

Datasheet

ManualsBrandsIntel Manualscomputer componentsCT80618003201AA
251252253254255256257258259260
ACPI Devices
Intel
®
Atom™ Processor E6xx Series Datasheet
259
The processor provides these protections in hardware. Note that it is critical that the
hardware must not allow malicious software to modify the address or opcode pointers
after determining that a cycle is allowed to run, such that the actual cycle that runs on
SPI should have been blocked.
If the command associated with an atomic cycle sequence is blocked according to the
processor configuration, the processor must not run any of the sequence.
A blocked command will appear to software to finish, except that the Blocked Access
Status bit in Offset 00h: SPIS – SPI Status register is set in this case.
11.9.5.14.1 BIOS Range Write Protection
The processor provides a method for blocking writes to specific ranges in the SPI flash
when the Protected BIOS Ranges are enabled. This is achieved by checking the Opcode
type information (which can be locked down by the initial Boot BIOS) and the address
of the requested command against the base and limit fields of a Write Protected BIOS
range.
In order to keep the hardware simple, only the initial address is checked. Since writes
wrap within a page, there should be no issue with writes illegally occurring in the next
page (assuming the BIOS has configured the Protection Limit to align with the edge of
a page).
Note that once BIOS has locked down the Protected BIOS Range registers, this
mechanism remains in place until the next system reset.
11.9.5.14.2 SMI# Based Global Write Protection
The processor provides a method for blocking writes to the SPI flash when the Write
Protect bit is cleared (i.e., protected) in Offset D8h: BC: BIOS Control Register. This is
achieved by checking the Opcode type information (which can be locked down by the
initial Boot BIOS) of the requested command.
The Write Protect and Lock Enable bits interact in the same manner for SPI BIOS as
they do for the FWH BIOS.
11.9.5.14.3 SPI Flash Address Range Protection
The System Flash (BIOS) occupies the top part of the SPI Flash Memory Device when
sharing this space with the Manageability functions. In order to prevent the system
from illegally accessing or modifying information in the Manageability areas, the
processor checks outgoing addresses with the Offset 50h: BBAR – BIOS Base Address
register and blocks any cycles with addresses below that value. This includes Direct
Memory Reads to the SPI flash. In the case of Direct Memory Reads, the processor
must return all 1s in the read completion.
Table 384. Flash Protection Summary
Mechanism Accesses
Blocked
Range
Specific
Reset-Override or SMI#-
Override
Equivalent Function on FWH
BIOS Range
Write
Protection
Writes Yes Reset Override FWH Sector Protection
SMI#-Based
Global Write
Protection
Writes No SMI# Override
Same as Write Protect in
previous chipset for FWH