lib/boot_device: Add API for write protect a region

Add API that should be implemented by the boot media drivers
for write-protecting a subregion.

Change-Id: I4c9376e2c2c7a4852f13c65824c6cd64a1c6ac0a
Signed-off-by: Rizwan Qureshi <rizwan.qureshi@intel.com>
Reviewed-on: https://review.coreboot.org/c/28724
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>

3 files changed, 74 insertions, 0 deletions

diff --git a/src/drivers/spi/boot_device_rw_nommap.c b/src/drivers/spi/boot_device_rw_nommap.c
index 64d81c5b00..d01d778ca4 100644
--- a/src/drivers/spi/boot_device_rw_nommap.c
+++ b/src/drivers/spi/boot_device_rw_nommap.c
@@ -108,3 +108,46 @@ const struct spi_flash *boot_device_spi_flash(void)
 
 	return car_get_var_ptr(&sfg);
 }
+
+int boot_device_wp_region(struct region_device *rd,
+			  const enum bootdev_prot_type type)
+{
+	uint32_t ctrlr_pr;
+
+	/* Ensure boot device has been initialized at least once. */
+	boot_device_init();
+
+	const struct spi_flash *boot_dev = boot_device_spi_flash();
+
+	if (boot_dev == NULL)
+		return -1;
+
+	if (type == MEDIA_WP) {
+		if (spi_flash_is_write_protected(boot_dev,
+					region_device_region(rd)) != 1) {
+			return spi_flash_set_write_protected(boot_dev,
+						region_device_region(rd), true,
+						SPI_WRITE_PROTECTION_REBOOT);
+		}
+
+		/* Already write protected */
+		return 0;
+	}
+
+	switch (type) {
+	case CTRLR_WP:
+		ctrlr_pr = WRITE_PROTECT;
+		break;
+	case CTRLR_RP:
+		ctrlr_pr = READ_PROTECT;
+		break;
+	case CTRLR_RWP:
+		ctrlr_pr = READ_WRITE_PROTECT;
+		break;
+	default:
+		return -1;
+	}
+
+	return spi_flash_ctrlr_protect_region(boot_dev,
+					region_device_region(rd), ctrlr_pr);
+}
diff --git a/src/include/boot_device.h b/src/include/boot_device.h
index cc70442e1e..c882968e58 100644
--- a/src/include/boot_device.h
+++ b/src/include/boot_device.h
@@ -19,6 +19,22 @@
 #include <commonlib/region.h>
 
 /*
+ * Boot device region can be protected by 2 sources, media and controller.
+ * The following modes are identified. It depends on the flash chip and the
+ * controller if mode is actually supported.
+ *
+ * MEDIA_WP : Flash/Boot device enforces write protect
+ * CTRLR_WP : Controller device enforces write protect
+ * CTRLR_RP : Controller device enforces read protect
+ * CTRLR_RWP : Controller device enforces read-write protect
+ */
+enum bootdev_prot_type {
+	CTRLR_WP = 1,
+	CTRLR_RP = 2,
+	CTRLR_RWP = 3,
+	MEDIA_WP = 4,
+};
+/*
  * Please note that the read-only boot device may not be coherent with
  * the read-write boot device. Thus, mixing mmap() and writeat() is
  * most likely not to work so don't rely on such semantics.
@@ -45,6 +61,14 @@ int boot_device_rw_subregion(const struct region *sub,
 				struct region_device *subrd);
 
 /*
+ * Write protect a sub-region of the boot device represented
+ * by the region device.
+ * Returns 0 on success, < 0 on error.
+ */
+int boot_device_wp_region(struct region_device *rd,
+				const enum bootdev_prot_type type);
+
+/*
  * Initialize the boot device. This may be called multiple times within
  * a stage so boot device implementations should account for this behavior.
  **/
diff --git a/src/lib/boot_device.c b/src/lib/boot_device.c
index efbbedb23e..429a6d8710 100644
--- a/src/lib/boot_device.c
+++ b/src/lib/boot_device.c
@@ -20,6 +20,13 @@ void __weak boot_device_init(void)
 	/* Provide weak do-nothing init. */
 }
 
+int __weak boot_device_wp_region(struct region_device *rd,
+				 const enum bootdev_prot_type type)
+{
+	/* return a failure, make aware WP is not implemented */
+	return -1;
+}
+
 static int boot_device_subregion(const struct region *sub,
 				struct region_device *subrd,
 				const struct region_device *parent)