summaryrefslogtreecommitdiff
path: root/src/include/boot_device.h
blob: d5237cd45a7ae708d7b4ec482066535797e5dc51 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
/* SPDX-License-Identifier: GPL-2.0-only */
/* This file is part of the coreboot project. */

#ifndef _BOOT_DEVICE_H_
#define _BOOT_DEVICE_H_

#include <commonlib/region.h>

/*
 * Boot device region can be protected by 2 sources, media and controller.
 * The following modes are identified. It depends on the flash chip and the
 * controller if mode is actually supported.
 *
 * MEDIA_WP : Flash/Boot device enforces write protect
 * CTRLR_WP : Controller device enforces write protect
 * CTRLR_RP : Controller device enforces read protect
 * CTRLR_RWP : Controller device enforces read-write protect
 */
enum bootdev_prot_type {
	CTRLR_WP = 1,
	CTRLR_RP = 2,
	CTRLR_RWP = 3,
	MEDIA_WP = 4,
};
/*
 * Please note that the read-only boot device may not be coherent with
 * the read-write boot device. Thus, mixing mmap() and writeat() is
 * most likely not to work so don't rely on such semantics.
 */

/* Return the region_device for the read-only boot device. */
const struct region_device *boot_device_ro(void);

/* Return the region_device for the read-write boot device. */
const struct region_device *boot_device_rw(void);

/*
 * Create a sub-region of the read-only boot device.
 * Returns 0 on success, < 0 on error.
 */
int boot_device_ro_subregion(const struct region *sub,
				struct region_device *subrd);

/*
 * Create a sub-region of the read-write boot device.
 * Returns 0 on success, < 0 on error.
 */
int boot_device_rw_subregion(const struct region *sub,
				struct region_device *subrd);

/*
 * Write protect a sub-region of the boot device represented
 * by the region device.
 * Returns 0 on success, < 0 on error.
 */
int boot_device_wp_region(const struct region_device *rd,
				const enum bootdev_prot_type type);

/*
 * Initialize the boot device. This may be called multiple times within
 * a stage so boot device implementations should account for this behavior.
 **/
void boot_device_init(void);

/*
 * Restrict read/write access to the bootmedia using platform defined rules.
 */
#if CONFIG(BOOTMEDIA_LOCK_NONE) || (CONFIG(BOOTMEDIA_LOCK_IN_VERSTAGE) && ENV_RAMSTAGE)
static inline void boot_device_security_lockdown(void) {}
#else
void boot_device_security_lockdown(void);
#endif
#endif /* _BOOT_DEVICE_H_ */