From 6d4c1f5f43cd1ca0324b9199af9e4a65966dc301 Mon Sep 17 00:00:00 2001 From: Rizwan Qureshi Date: Fri, 26 Oct 2018 16:54:42 +0530 Subject: lib/boot_device: Add API for write protect a region Add API that should be implemented by the boot media drivers for write-protecting a subregion. Change-Id: I4c9376e2c2c7a4852f13c65824c6cd64a1c6ac0a Signed-off-by: Rizwan Qureshi Reviewed-on: https://review.coreboot.org/c/28724 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Rudolph --- src/drivers/spi/boot_device_rw_nommap.c | 43 +++++++++++++++++++++++++++++++++ src/include/boot_device.h | 24 ++++++++++++++++++ src/lib/boot_device.c | 7 ++++++ 3 files changed, 74 insertions(+) (limited to 'src') diff --git a/src/drivers/spi/boot_device_rw_nommap.c b/src/drivers/spi/boot_device_rw_nommap.c index 64d81c5b00..d01d778ca4 100644 --- a/src/drivers/spi/boot_device_rw_nommap.c +++ b/src/drivers/spi/boot_device_rw_nommap.c @@ -108,3 +108,46 @@ const struct spi_flash *boot_device_spi_flash(void) return car_get_var_ptr(&sfg); } + +int boot_device_wp_region(struct region_device *rd, + const enum bootdev_prot_type type) +{ + uint32_t ctrlr_pr; + + /* Ensure boot device has been initialized at least once. */ + boot_device_init(); + + const struct spi_flash *boot_dev = boot_device_spi_flash(); + + if (boot_dev == NULL) + return -1; + + if (type == MEDIA_WP) { + if (spi_flash_is_write_protected(boot_dev, + region_device_region(rd)) != 1) { + return spi_flash_set_write_protected(boot_dev, + region_device_region(rd), true, + SPI_WRITE_PROTECTION_REBOOT); + } + + /* Already write protected */ + return 0; + } + + switch (type) { + case CTRLR_WP: + ctrlr_pr = WRITE_PROTECT; + break; + case CTRLR_RP: + ctrlr_pr = READ_PROTECT; + break; + case CTRLR_RWP: + ctrlr_pr = READ_WRITE_PROTECT; + break; + default: + return -1; + } + + return spi_flash_ctrlr_protect_region(boot_dev, + region_device_region(rd), ctrlr_pr); +} diff --git a/src/include/boot_device.h b/src/include/boot_device.h index cc70442e1e..c882968e58 100644 --- a/src/include/boot_device.h +++ b/src/include/boot_device.h @@ -18,6 +18,22 @@ #include +/* + * Boot device region can be protected by 2 sources, media and controller. + * The following modes are identified. It depends on the flash chip and the + * controller if mode is actually supported. + * + * MEDIA_WP : Flash/Boot device enforces write protect + * CTRLR_WP : Controller device enforces write protect + * CTRLR_RP : Controller device enforces read protect + * CTRLR_RWP : Controller device enforces read-write protect + */ +enum bootdev_prot_type { + CTRLR_WP = 1, + CTRLR_RP = 2, + CTRLR_RWP = 3, + MEDIA_WP = 4, +}; /* * Please note that the read-only boot device may not be coherent with * the read-write boot device. Thus, mixing mmap() and writeat() is @@ -44,6 +60,14 @@ int boot_device_ro_subregion(const struct region *sub, int boot_device_rw_subregion(const struct region *sub, struct region_device *subrd); +/* + * Write protect a sub-region of the boot device represented + * by the region device. + * Returns 0 on success, < 0 on error. + */ +int boot_device_wp_region(struct region_device *rd, + const enum bootdev_prot_type type); + /* * Initialize the boot device. This may be called multiple times within * a stage so boot device implementations should account for this behavior. diff --git a/src/lib/boot_device.c b/src/lib/boot_device.c index efbbedb23e..429a6d8710 100644 --- a/src/lib/boot_device.c +++ b/src/lib/boot_device.c @@ -20,6 +20,13 @@ void __weak boot_device_init(void) /* Provide weak do-nothing init. */ } +int __weak boot_device_wp_region(struct region_device *rd, + const enum bootdev_prot_type type) +{ + /* return a failure, make aware WP is not implemented */ + return -1; +} + static int boot_device_subregion(const struct region *sub, struct region_device *subrd, const struct region_device *parent) -- cgit v1.2.3