lib/boot_device: Add API for write protect a region

Add API that should be implemented by the boot media drivers
for write-protecting a subregion.

Change-Id: I4c9376e2c2c7a4852f13c65824c6cd64a1c6ac0a
Signed-off-by: Rizwan Qureshi <rizwan.qureshi@intel.com>
Reviewed-on: https://review.coreboot.org/c/28724
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
This commit is contained in:
Rizwan Qureshi 2018-10-26 16:54:42 +05:30 committed by Patrick Georgi
parent f9f5093644
commit 6d4c1f5f43
3 changed files with 74 additions and 0 deletions

View File

@ -108,3 +108,46 @@ const struct spi_flash *boot_device_spi_flash(void)
return car_get_var_ptr(&sfg); return car_get_var_ptr(&sfg);
} }
int boot_device_wp_region(struct region_device *rd,
const enum bootdev_prot_type type)
{
uint32_t ctrlr_pr;
/* Ensure boot device has been initialized at least once. */
boot_device_init();
const struct spi_flash *boot_dev = boot_device_spi_flash();
if (boot_dev == NULL)
return -1;
if (type == MEDIA_WP) {
if (spi_flash_is_write_protected(boot_dev,
region_device_region(rd)) != 1) {
return spi_flash_set_write_protected(boot_dev,
region_device_region(rd), true,
SPI_WRITE_PROTECTION_REBOOT);
}
/* Already write protected */
return 0;
}
switch (type) {
case CTRLR_WP:
ctrlr_pr = WRITE_PROTECT;
break;
case CTRLR_RP:
ctrlr_pr = READ_PROTECT;
break;
case CTRLR_RWP:
ctrlr_pr = READ_WRITE_PROTECT;
break;
default:
return -1;
}
return spi_flash_ctrlr_protect_region(boot_dev,
region_device_region(rd), ctrlr_pr);
}

View File

@ -18,6 +18,22 @@
#include <commonlib/region.h> #include <commonlib/region.h>
/*
* Boot device region can be protected by 2 sources, media and controller.
* The following modes are identified. It depends on the flash chip and the
* controller if mode is actually supported.
*
* MEDIA_WP : Flash/Boot device enforces write protect
* CTRLR_WP : Controller device enforces write protect
* CTRLR_RP : Controller device enforces read protect
* CTRLR_RWP : Controller device enforces read-write protect
*/
enum bootdev_prot_type {
CTRLR_WP = 1,
CTRLR_RP = 2,
CTRLR_RWP = 3,
MEDIA_WP = 4,
};
/* /*
* Please note that the read-only boot device may not be coherent with * Please note that the read-only boot device may not be coherent with
* the read-write boot device. Thus, mixing mmap() and writeat() is * the read-write boot device. Thus, mixing mmap() and writeat() is
@ -44,6 +60,14 @@ int boot_device_ro_subregion(const struct region *sub,
int boot_device_rw_subregion(const struct region *sub, int boot_device_rw_subregion(const struct region *sub,
struct region_device *subrd); struct region_device *subrd);
/*
* Write protect a sub-region of the boot device represented
* by the region device.
* Returns 0 on success, < 0 on error.
*/
int boot_device_wp_region(struct region_device *rd,
const enum bootdev_prot_type type);
/* /*
* Initialize the boot device. This may be called multiple times within * Initialize the boot device. This may be called multiple times within
* a stage so boot device implementations should account for this behavior. * a stage so boot device implementations should account for this behavior.

View File

@ -20,6 +20,13 @@ void __weak boot_device_init(void)
/* Provide weak do-nothing init. */ /* Provide weak do-nothing init. */
} }
int __weak boot_device_wp_region(struct region_device *rd,
const enum bootdev_prot_type type)
{
/* return a failure, make aware WP is not implemented */
return -1;
}
static int boot_device_subregion(const struct region *sub, static int boot_device_subregion(const struct region *sub,
struct region_device *subrd, struct region_device *subrd,
const struct region_device *parent) const struct region_device *parent)