2020-04-02 23:48:27 +02:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0-only */
|
2013-09-27 01:22:09 +02:00
|
|
|
|
2015-05-15 20:15:34 +02:00
|
|
|
#ifndef _BOOT_DEVICE_H_
|
|
|
|
#define _BOOT_DEVICE_H_
|
2013-09-27 01:22:09 +02:00
|
|
|
|
2015-09-08 20:34:43 +02:00
|
|
|
#include <commonlib/region.h>
|
2013-09-27 01:22:09 +02:00
|
|
|
|
2018-10-26 13:24:42 +02:00
|
|
|
/*
|
|
|
|
* Boot device region can be protected by 2 sources, media and controller.
|
|
|
|
* The following modes are identified. It depends on the flash chip and the
|
|
|
|
* controller if mode is actually supported.
|
|
|
|
*
|
|
|
|
* MEDIA_WP : Flash/Boot device enforces write protect
|
|
|
|
* CTRLR_WP : Controller device enforces write protect
|
|
|
|
* CTRLR_RP : Controller device enforces read protect
|
|
|
|
* CTRLR_RWP : Controller device enforces read-write protect
|
|
|
|
*/
|
|
|
|
enum bootdev_prot_type {
|
|
|
|
CTRLR_WP = 1,
|
|
|
|
CTRLR_RP = 2,
|
|
|
|
CTRLR_RWP = 3,
|
|
|
|
MEDIA_WP = 4,
|
|
|
|
};
|
2016-08-10 18:42:42 +02:00
|
|
|
/*
|
|
|
|
* Please note that the read-only boot device may not be coherent with
|
|
|
|
* the read-write boot device. Thus, mixing mmap() and writeat() is
|
|
|
|
* most likely not to work so don't rely on such semantics.
|
|
|
|
*/
|
|
|
|
|
2020-03-05 21:51:08 +01:00
|
|
|
/* Return the region_device for the read-only boot device. This is the root
|
|
|
|
device for all CBFS boot devices. */
|
2015-05-15 20:15:34 +02:00
|
|
|
const struct region_device *boot_device_ro(void);
|
|
|
|
|
2016-08-10 18:42:42 +02:00
|
|
|
/* Return the region_device for the read-write boot device. */
|
|
|
|
const struct region_device *boot_device_rw(void);
|
|
|
|
|
2015-05-15 20:15:34 +02:00
|
|
|
/*
|
|
|
|
* Create a sub-region of the read-only boot device.
|
|
|
|
* Returns 0 on success, < 0 on error.
|
|
|
|
*/
|
|
|
|
int boot_device_ro_subregion(const struct region *sub,
|
|
|
|
struct region_device *subrd);
|
|
|
|
|
2016-08-10 18:42:42 +02:00
|
|
|
/*
|
|
|
|
* Create a sub-region of the read-write boot device.
|
|
|
|
* Returns 0 on success, < 0 on error.
|
|
|
|
*/
|
|
|
|
int boot_device_rw_subregion(const struct region *sub,
|
|
|
|
struct region_device *subrd);
|
|
|
|
|
2018-10-26 13:24:42 +02:00
|
|
|
/*
|
|
|
|
* Write protect a sub-region of the boot device represented
|
|
|
|
* by the region device.
|
|
|
|
* Returns 0 on success, < 0 on error.
|
|
|
|
*/
|
2019-05-09 13:43:49 +02:00
|
|
|
int boot_device_wp_region(const struct region_device *rd,
|
2018-10-26 13:24:42 +02:00
|
|
|
const enum bootdev_prot_type type);
|
|
|
|
|
2015-05-15 20:15:34 +02:00
|
|
|
/*
|
|
|
|
* Initialize the boot device. This may be called multiple times within
|
|
|
|
* a stage so boot device implementations should account for this behavior.
|
|
|
|
**/
|
|
|
|
void boot_device_init(void);
|
|
|
|
|
2019-12-03 19:43:06 +01:00
|
|
|
/*
|
|
|
|
* Restrict read/write access to the bootmedia using platform defined rules.
|
|
|
|
*/
|
2019-05-08 18:36:39 +02:00
|
|
|
#if CONFIG(BOOTMEDIA_LOCK_NONE) || (CONFIG(BOOTMEDIA_LOCK_IN_VERSTAGE) && ENV_RAMSTAGE)
|
2019-12-03 19:43:06 +01:00
|
|
|
static inline void boot_device_security_lockdown(void) {}
|
|
|
|
#else
|
|
|
|
void boot_device_security_lockdown(void);
|
|
|
|
#endif
|
2015-05-15 20:15:34 +02:00
|
|
|
#endif /* _BOOT_DEVICE_H_ */
|