meta-google: Service to enable/disable eSPI
Change-Id: I2ff0e6284e952e55f81e2c76fedb49c81f4855b2
Signed-off-by: John Wedig <johnwedig@google.com>
diff --git a/meta-google/recipes-google/bare-metal-espi/bare-metal-espi.bb b/meta-google/recipes-google/bare-metal-espi/bare-metal-espi.bb
new file mode 100644
index 0000000..522c9bd
--- /dev/null
+++ b/meta-google/recipes-google/bare-metal-espi/bare-metal-espi.bb
@@ -0,0 +1,29 @@
+SUMMARY = "Disable eSPI while the customer's host OS is running"
+DESCRIPTION = "Disable eSPI while an untrusted host OS is running"
+PR = "r1"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
+
+inherit systemd
+
+SRC_URI += " \
+ file://disable-espi.service \
+"
+
+DEPENDS += "systemd"
+
+RDEPENDS:${PN}:append = " \
+ bare-metal-active \
+ espi-control \
+ "
+
+SYSTEMD_PACKAGES = "${PN}"
+SYSTEMD_SERVICE:${PN} = " \
+ disable-espi.service \
+ "
+
+do_install:append() {
+ install -d ${D}${systemd_system_unitdir}
+ install -m 0644 ${WORKDIR}/disable-espi.service ${D}${systemd_system_unitdir}
+}
diff --git a/meta-google/recipes-google/bare-metal-espi/bare-metal-espi/disable-espi.service b/meta-google/recipes-google/bare-metal-espi/bare-metal-espi/disable-espi.service
new file mode 100644
index 0000000..0cb9994
--- /dev/null
+++ b/meta-google/recipes-google/bare-metal-espi/bare-metal-espi/disable-espi.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Disable eSPI bus
+BindsTo=gbmc-bare-metal-active.target
+Before=gbmc-bare-metal-active.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=true
+ExecStart=/usr/libexec/npcm7xx-espi-control -d
+ExecStop=/usr/libexec/npcm7xx-espi-control
+
+[Install]
+WantedBy=gbmc-bare-metal-active.target