soc/intel/cannonlake: Allow coreboot to handle SPI lockdown

This patch disables FSP-S SPI lockdown UPDs and lets coreboot perform
SPI lockdown (i.e.flash register DLOCK, FLOCKDN, and WRSDIS before
end of post) in ramstage.

BUG=b:138200201
TEST=FSP debug build suggests those UPDs are disable now.

Change-Id: Id7a6b9859e058b9f1ec1bd45d2c388c02b8ac18c
Signed-off-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35299
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: V Sowmya <v.sowmya@intel.com>

src/soc/intel/cannonlake/fsp_params.c

@@ -421,31 +421,29 @@ void platform_fsp_silicon_init_params_cb(FSPS_UPD *supd)
 		tconfig->PchLockDownBiosInterface = 0;
 		params->PchLockDownBiosLock = 0;
 		params->PchLockDownRtcMemoryLock = 0;
+#if CONFIG(SOC_INTEL_COMETLAKE)
 		/*
-		 * TODO: Disable SpiFlashCfgLockDown config after FSP provides
-		 * dedicated UPD
-		 *
 		 * Skip SPI Flash Lockdown from inside FSP.
 		 * Making this config "0" means FSP won't set the FLOCKDN bit
 		 * of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL).
 		 * So, it becomes coreboot's responsibility to set this bit
 		 * before end of POST for security concerns.
 		 */
-		// params->SpiFlashCfgLockDown = 0;
+		params->SpiFlashCfgLockDown = 0;
+#endif
 	} else {
 		tconfig->PchLockDownGlobalSmi = 1;
 		tconfig->PchLockDownBiosInterface = 1;
 		params->PchLockDownBiosLock = 1;
 		params->PchLockDownRtcMemoryLock = 1;
+#if CONFIG(SOC_INTEL_COMETLAKE)
 		/*
-		 * TODO: Enable SpiFlashCfgLockDown config after FSP provides
-		 * dedicated UPD
-		 *
 		 * Enable SPI Flash Lockdown from inside FSP.
 		 * Making this config "1" means FSP will set the FLOCKDN bit
 		 * of SPIBAR + 0x04 (i.e., Bit 15 of BIOS_HSFSTS_CTL).
 		 */
-		// params->SpiFlashCfgLockDown = 1;
+		params->SpiFlashCfgLockDown = 1;
+#endif
 	}
 }