GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mb/google/dedede: Configure CBI EEPROM WP 

On dedede boards without Cr50, the CrOS Board Info (CBI) EEPROM write
protect signal is decoupled from the hardware write protect signal.
Instead, we'd like for it to mirror the software write protect status.
This commit simply checks the software write protect status of the SPI
flash and sets the CBI EEPROM write protect if it's enabled.  To prevent
changing the WP signal at run-time, the GPIO configuration is also
locked down after the level has been set.  If HW WP is deasserted, the
CBI EEPROM WP will be deasserted as well.

BUG=b:191189275,b:184592299
BRANCH=None
TEST=Build and flash lalala, disable SW WP by running `flashrom -p host
--wp-disable` from a root shell and verify that the GPIO is asserted
after a reboot.  Export the gpio via sysfs and verify that attempting to
change the value of the GPIO is futile. Enable SW WP via `flashrom -p
host --wp-enable` and reboot the DUT. Again, export the GPIO via sysfs
and verify that attempts to change the GPIO value are futile.

localhost ~ # iotools mem_read32 0xfd6e08d0
0x44000200
localhost ~ # cd /sys/class/gpio/
localhost /sys/class/gpio # echo 217 > export
localhost /sys/class/gpio # cd gpio217/
localhost /sys/class/gpio/gpio217 # echo out > direction
localhost /sys/class/gpio/gpio217 # cat value
0
localhost /sys/class/gpio/gpio217 # echo 1 > value
localhost /sys/class/gpio/gpio217 # cat value
1
localhost /sys/class/gpio/gpio217 # iotools mem_read32 0xfd6e08d0
0x44000200

Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Change-Id: Ic103037921ec7d2f96f86178675c11a3a1357d1b
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55558
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Reviewed-by: Furquan Shaikh <furquan@google.com>
This commit is contained in:
Aseda Aboagye 2021-06-15 23:24:26 -07:00 committed by Karthik Ramasubramanian
parent 633560568d
commit bd503978d4
3 changed files with 64 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/mainboard/google/dedede/Kconfig
View File

@ -29,6 +29,7 @@ config BOARD_GOOGLE_BASEBOARD_DEDEDE
select DRIVERS_INTEL_MIPI_CAMERA select DRIVERS_INTEL_MIPI_CAMERA
select SOC_INTEL_COMMON_BLOCK_IPU select SOC_INTEL_COMMON_BLOCK_IPU
select DRIVERS_GENERIC_ALC1015 select DRIVERS_GENERIC_ALC1015
select SPI_FLASH_SMM
config BOARD_GOOGLE_BASEBOARD_DEDEDE_CR50 config BOARD_GOOGLE_BASEBOARD_DEDEDE_CR50
def_bool n def_bool n

56
src/mainboard/google/dedede/smihandler.c
View File

@ -1,11 +1,16 @@
/* SPDX-License-Identifier: GPL-2.0-or-later */ /* SPDX-License-Identifier: GPL-2.0-or-later */
#include <baseboard/gpio.h>
#include <baseboard/variants.h> #include <baseboard/variants.h>
#include <console/console.h>
#include <cpu/x86/smm.h> #include <cpu/x86/smm.h>
#include <ec/google/chromeec/ec.h> #include <ec/google/chromeec/ec.h>
#include <ec/google/chromeec/smm.h> #include <ec/google/chromeec/smm.h>
#include <elog.h> #include <elog.h>
#include <gpio.h>
#include <intelblocks/gpio.h>
#include <intelblocks/smihandler.h> #include <intelblocks/smihandler.h>
#include <spi_flash.h>
#include <variant/ec.h> #include <variant/ec.h>
void mainboard_smi_gpi_handler(const struct gpi_status *sts) void mainboard_smi_gpi_handler(const struct gpi_status *sts)
@ -47,3 +52,54 @@ void mainboard_smi_espi_handler(void)
void __weak variant_smi_sleep(u8 slp_typ) void __weak variant_smi_sleep(u8 slp_typ)
{ {
} }
static void mainboard_config_cbi_wp(void)
{
int hw_wp = gpio_get(GPIO_PCH_WP);
const struct spi_flash *spi_flash_dev = boot_device_spi_flash();
uint8_t sr1;
int rv;
/*
* The CBI EEPROM WP should mirror our software write protect status if
* hardware write protect is set. If software write protect status is
* set at all via status register 1, that should be a sufficient signal.
* If the hardware WP is not set, or software write protect is not set
* while hardware write protect is set, deassert the CBI EEPROM WP.
*
* HW WP | SW WP | CBI WP
* ------|-------|-------
* 0 | X | 0
* 1 | 0 | 0
* 1 | 1 | 1
*/
if (spi_flash_status(spi_flash_dev, &sr1) < 0) {
printk(BIOS_ERR, "MB: Failed to read SPI status register 1\n");
printk(BIOS_ERR, "MB: CBI EEPROM WP cannot change!");
return;
}
/*
* Note that we are assuming that the Status Register protect bits are
* are located at this index and that 1 means hardware protected. This
* should be the case for these boards.
*/
const bool is_wp = !!(sr1 & 0x80) && hw_wp;
printk(BIOS_INFO, "MB: SPI flash is %swrite protected\n",
is_wp ? "" : "not ");
/* Inverted because the signal is active low. */
gpio_set(GPP_B16, !is_wp);
/* Lock the configuration down. */
rv = gpio_lock_pad(GPP_B16, GPIO_LOCK_FULL);
if (rv)
printk(BIOS_ERR, "MB: Failed to lock CBI WP (rv=%d)\n",
rv);
}
void mainboard_smi_finalize(void)
{
if (CONFIG(BOARD_GOOGLE_BASEBOARD_DEDEDE_TPM2))
mainboard_config_cbi_wp();
}

8
src/mainboard/google/dedede/variants/baseboard/gpio.c
View File

@ -84,7 +84,13 @@ static const struct pad_config gpio_table[] = {
#else /* BOARD_GOOGLE_BASEBOARD_DEDEDE_TPM2 */ #else /* BOARD_GOOGLE_BASEBOARD_DEDEDE_TPM2 */
/* Nothing connected on GSPI1 */ /* Nothing connected on GSPI1 */
PAD_NC(GPP_B15, NONE), PAD_NC(GPP_B15, NONE),
PAD_NC(GPP_B16, NONE), /*
* B16: AP_CBI_EEPROM_WP_L
*
* We default to 0 to keep the EEPROM protected until we know it is safe to
* deassert the write protect signal.
*/
PAD_CFG_GPO(GPP_B16, 0, DEEP),
PAD_NC(GPP_B17, NONE), PAD_NC(GPP_B17, NONE),
PAD_NC(GPP_B18, NONE), PAD_NC(GPP_B18, NONE),
#endif #endif