diff options
author | Patrick Rudolph <patrick.rudolph@9elements.com> | 2018-11-07 15:24:37 +0100 |
---|---|---|
committer | Philipp Deppenwiese <zaolin.daisuki@gmail.com> | 2018-12-04 07:11:56 +0000 |
commit | fb444b0d201e39a91c28531892fd50571ada2ad4 (patch) | |
tree | 0324f44f39a6bcd18a7bbc8599f628352cb7a7c9 /src/mainboard | |
parent | e736015fffc973ccbd6de54751e312a1fda387dc (diff) | |
download | coreboot-fb444b0d201e39a91c28531892fd50571ada2ad4.tar.xz |
mb/opencellular/elgon: Enable write protection
* Verify the flash write protection on each boot
* Program non-volatile write protection on first boot
Tested using I715791b8ae5d1db1ef587321ae5c9daa10eb7dbc.
The bootblock is write-protected as long as the #WP pin is asserted low:
* Reprogramming of the status register fails.
* Trying to write to WP_RO region fails.
Programming the WP_RO is only possible if #WP pin is high.
Change-Id: I6a940c69ecb1dfd9704b2101c263570bebc5540e
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/29532
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Diffstat (limited to 'src/mainboard')
-rw-r--r-- | src/mainboard/opencellular/elgon/bootblock.c | 45 |
1 files changed, 44 insertions, 1 deletions
diff --git a/src/mainboard/opencellular/elgon/bootblock.c b/src/mainboard/opencellular/elgon/bootblock.c index e6109f1072..9dfd1b8ba3 100644 --- a/src/mainboard/opencellular/elgon/bootblock.c +++ b/src/mainboard/opencellular/elgon/bootblock.c @@ -18,6 +18,9 @@ #include <soc/spi.h> #include <soc/uart.h> #include <soc/gpio.h> +#include <spi_flash.h> +#include <console/console.h> +#include <fmap.h> #include "mainboard.h" void bootblock_mainboard_early_init(void) @@ -49,8 +52,48 @@ static void configure_spi_flash(void) gpio_output(ELGON_GPIO_SPI_MUX, 1); } +/** + * Handle flash write protection. + * This code verifies the write-protection on each boot. + * Enabling the write protection does only run on the first boot. + * An error is fatal as it breaks the Chain Of Trust. + */ +static void protect_ro_rgn_spi_flash(void) +{ + const struct spi_flash *flash = boot_device_spi_flash(); + const char *fmapname = "WP_RO"; + struct region ro_rgn; + + if (fmap_locate_area(fmapname, &ro_rgn)) { + printk(BIOS_ERR, "%s: No %s FMAP section.\n", __func__, + fmapname); + die("Can't verify flash protections!"); + } + + u8 reg8 = 0; + spi_flash_status(flash, ®8); + + /* Check if SRP0 is set and RO region is protected */ + if (!(reg8 & 0x80) || + spi_flash_is_write_protected(flash, &ro_rgn) != 1) { + printk(BIOS_WARNING, "%s: FMAP section %s is not write-protected\n", + __func__, fmapname); + + /* + * Need to protect flash region : + * WP_RO read only and use /WP pin + * non-volatile programming + */ + if (spi_flash_set_write_protected(flash, &ro_rgn, 1, + SPI_WRITE_PROTECTION_PIN) != 0) + die("Failed to write-protect WP_RO region!"); + } + printk(BIOS_INFO, "%s: FMAP section %s is write-protected\n", + __func__, fmapname); +} + void bootblock_mainboard_init(void) { configure_spi_flash(); - // FIXME: Check SPI flash WP bits + protect_ro_rgn_spi_flash(); } |