lockdown: Add Kconfigs for SPI media protection mode

SPI_WRITE_PROTECTION_REBOOT seems to be a Winbond thing, other vendors such as Macronix only support permanent protection but conditional on the WP# pin state. Change-Id: Iba7c1229c82c86e1303d74c7bc8f89662b5bb58c Signed-off-by: Daniel Gröber <dxld@darkboxed.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41747 Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Patrick Rudolph <siro@das-labor.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-26 22:18:44 +02:00 · 2020-05-26 22:18:44 +02:00 · 16dbbeb895
parent 231020132c
commit 16dbbeb895
2 changed files with 38 additions and 2 deletions
--- a/src/drivers/spi/boot_device_rw_nommap.c
+++ b/src/drivers/spi/boot_device_rw_nommap.c
@ -96,9 +96,17 @@ int boot_device_wp_region(const struct region_device *rd,
 	if (type == MEDIA_WP) {
 		if (spi_flash_is_write_protected(boot_dev,
 						 region_device_region(rd)) != 1) {
+			enum spi_flash_status_reg_lockdown lock =
+				SPI_WRITE_PROTECTION_REBOOT;
+			if (CONFIG(BOOTMEDIA_SPI_LOCK_REBOOT))
+				lock = SPI_WRITE_PROTECTION_REBOOT;
+			else if (CONFIG(BOOTMEDIA_SPI_LOCK_PIN))
+				lock = SPI_WRITE_PROTECTION_PIN;
+			else if (CONFIG(BOOTMEDIA_SPI_LOCK_PERMANENT))
+				lock = SPI_WRITE_PROTECTION_PERMANENT;
+
 			return spi_flash_set_write_protected(boot_dev,
-						region_device_region(rd),
-						SPI_WRITE_PROTECTION_REBOOT);
+						region_device_region(rd), lock);
 		}

 		/* Already write protected */
--- a/src/security/lockdown/Kconfig
+++ b/src/security/lockdown/Kconfig
@ -82,3 +82,31 @@ config BOOTMEDIA_LOCK_IN_VERSTAGE
 	  possible. This option prevents using write protecting facilities in
 	  ramstage, like the MRC cache for example.
 	  Use this option if you don't trust code running after verstage.
+
+choice
+	prompt "SPI Flash write protection duration"
+	default BOOTMEDIA_SPI_LOCK_REBOOT
+	depends on BOOTMEDIA_LOCK_CHIP
+	depends on BOOT_DEVICE_SPI_FLASH
+
+config BOOTMEDIA_SPI_LOCK_REBOOT
+	bool "Lock SPI flash until next reboot"
+	help
+	  The SPI chip is locked until power is removed and re-applied.
+	  Supported by Winbond parts.
+
+config BOOTMEDIA_SPI_LOCK_PIN
+	bool "Lock SPI flash using WP# pin"
+	help
+	  The SPI chip is locked using a non-volatile configuration bit. Writes
+	  are only possible if the WP# is not asserted. Supported by Winbond
+	  and Macronix parts.
+
+config BOOTMEDIA_SPI_LOCK_PERMANENT
+	bool "Lock SPI flash permanently"
+	help
+	  The SPI chip is permanently locked using a non-volatile configuration
+	  bit. No writes are ever possible again after we perform the lock.
+	  Supported by Winbond parts.
+
+endchoice