soc/intel/common: Add function to protect MRC cache

Add support for applying write protection to the MRC cache
region in SPI flash.

This is only enabled if there is write protect GPIO that is
set, and the flash status register reports that the flash
chip is currently write protected.

Then it will call out to a SOC specific function that will
enable write protection on the RW_MRC_CACHE region of flash.

The implementation is not quite as clean as I would like because
there is not a common flash protect interface across SOCs so
instead it relies on a new Kconfig variable to be set that will
indicate a SOC implements the function to protect a region of
SPI flash.

BUG=chrome-os-partner:28234
BRANCH=broadwell
TEST=build and boot on samus
1) with either WPSW=0 or SRP0=0 the PRR is not applied
2) with both WPSW=1 and SRP0=1 the PRR is applied

Change-Id: If5907b7ddf3f966c546ae32dc99aa815beb27587
Signed-off-by: Stefan Reinauer <reinauer@chromium.org>
Original-Commit-Id: a3e0e71dfd7339aab171a26b67aec465a3f332d6
Original-Change-Id: I94e54e4723b1dcdacbb6a05f047d0c0ebc7d8711
Original-Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/241170
Original-Reviewed-by: Shawn N <shawnn@chromium.org>
Reviewed-on: http://review.coreboot.org/9494
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
This commit is contained in:
Duncan Laurie 2015-01-15 15:49:07 -08:00 committed by Patrick Georgi
parent 1006b10206
commit a32b6b9471
4 changed files with 75 additions and 0 deletions

View File

@ -14,6 +14,10 @@ config MRC_SETTINGS_CACHE_SIZE
hex hex
default 0x10000 default 0x10000
config MRC_SETTINGS_PROTECT
bool "Enable protection on MRC settings"
default n
endif # CACHE_MRC_SETTINGS endif # CACHE_MRC_SETTINGS
endif # HAVE_MRC endif # HAVE_MRC

View File

@ -247,6 +247,25 @@ mrc_cache_next_slot(const struct mrc_data_region *region,
return next_slot; return next_slot;
} }
/* Protect RW_MRC_CACHE region with a Protected Range Register */
static int protect_mrc_cache(const struct mrc_data_region *region)
{
#if IS_ENABLED(CONFIG_MRC_SETTINGS_PROTECT)
if (nvm_is_write_protected() <= 0) {
printk(BIOS_INFO, "NOT enabling PRR for RW_MRC_CACHE region\n");
return 1;
}
if (nvm_protect(region->base, region->size) < 0) {
printk(BIOS_ERR, "ERROR setting PRR for RW_MRC_CACHE region\n");
return -1;
}
printk(BIOS_INFO, "Enabled Protected Range on RW_MRC_CACHE region\n");
#endif
return 0;
}
static void update_mrc_cache(void *unused) static void update_mrc_cache(void *unused)
{ {
const struct mrc_saved_data *current_boot; const struct mrc_saved_data *current_boot;
@ -279,6 +298,7 @@ static void update_mrc_cache(void *unused)
!memcmp(&current_saved->data[0], &current_boot->data[0], !memcmp(&current_saved->data[0], &current_boot->data[0],
current_saved->size)) { current_saved->size)) {
printk(BIOS_DEBUG, "MRC cache up to date.\n"); printk(BIOS_DEBUG, "MRC cache up to date.\n");
protect_mrc_cache(&region);
return; return;
} }
} }
@ -301,6 +321,7 @@ static void update_mrc_cache(void *unused)
printk(BIOS_DEBUG, "Failure writing MRC cache to %p.\n", printk(BIOS_DEBUG, "Failure writing MRC cache to %p.\n",
next_slot); next_slot);
} }
protect_mrc_cache(&region);
} }
BOOT_STATE_INIT_ENTRY(BS_WRITE_TABLES, BS_ON_ENTRY, update_mrc_cache, NULL); BOOT_STATE_INIT_ENTRY(BS_WRITE_TABLES, BS_ON_ENTRY, update_mrc_cache, NULL);

View File

@ -23,6 +23,10 @@
#include <string.h> #include <string.h>
#include <spi-generic.h> #include <spi-generic.h>
#include <spi_flash.h> #include <spi_flash.h>
#include <soc/spi.h>
#if CONFIG_CHROMEOS
#include <vendorcode/google/chromeos/chromeos.h>
#endif
#include "nvm.h" #include "nvm.h"
/* This module assumes the flash is memory mapped just below 4GiB in the /* This module assumes the flash is memory mapped just below 4GiB in the
@ -80,3 +84,43 @@ int nvm_write(void *start, const void *data, size_t size)
return -1; return -1;
return flash->write(flash, to_flash_offset(start), size, data); return flash->write(flash, to_flash_offset(start), size, data);
} }
/* Read flash status register to determine if write protect is active */
int nvm_is_write_protected(void)
{
u8 sr1;
u8 wp_gpio = 0;
u8 wp_spi;
if (nvm_init() < 0)
return -1;
#if IS_ENABLED(CONFIG_CHROMEOS)
/* Read Write Protect GPIO if available */
wp_gpio = get_write_protect_state();
#endif
/* Read Status Register 1 */
if (flash->status(flash, &sr1) < 0) {
printk(BIOS_ERR, "Failed to read SPI status register 1\n");
return -1;
}
wp_spi = !!(sr1 & 0x80);
printk(BIOS_DEBUG, "SPI flash protection: WPSW=%d SRP0=%d\n",
wp_gpio, wp_spi);
return wp_gpio && wp_spi;
}
/* Apply protection to a range of flash */
int nvm_protect(void *start, size_t size)
{
#if IS_ENABLED(CONFIG_MRC_SETTINGS_PROTECT)
if (nvm_init() < 0)
return -1;
return spi_flash_protect(to_flash_offset(start), size);
#else
return -1;
#endif
}

View File

@ -31,4 +31,10 @@ int nvm_erase(void *start, size_t size);
/* Write data to NVM. Returns 0 on success < 0 on error. */ /* Write data to NVM. Returns 0 on success < 0 on error. */
int nvm_write(void *start, const void *data, size_t size); int nvm_write(void *start, const void *data, size_t size);
/* Determine if flash device is write protected */
int nvm_is_write_protected(void);
/* Apply protection to a range of flash */
int nvm_protect(void *start, size_t size);
#endif /* _COMMON_NVM_H_ */ #endif /* _COMMON_NVM_H_ */