1428 lines
38 KiB
C
1428 lines
38 KiB
C
/* Copyright 2012 The Chromium OS Authors. All rights reserved.
|
|
* Use of this source code is governed by a BSD-style license that can be
|
|
* found in the LICENSE file.
|
|
*/
|
|
|
|
/* Flash memory module for Chrome EC - common functions */
|
|
|
|
#include "common.h"
|
|
#include "console.h"
|
|
#include "flash.h"
|
|
#include "gpio.h"
|
|
#include "hooks.h"
|
|
#include "host_command.h"
|
|
#include "otp.h"
|
|
#include "rwsig.h"
|
|
#include "shared_mem.h"
|
|
#include "system.h"
|
|
#include "util.h"
|
|
#include "vboot_hash.h"
|
|
|
|
/*
|
|
* Contents of erased flash, as a 32-bit value. Most platforms erase flash
|
|
* bits to 1.
|
|
*/
|
|
#ifndef CONFIG_FLASH_ERASED_VALUE32
|
|
#define CONFIG_FLASH_ERASED_VALUE32 (-1U)
|
|
#endif
|
|
|
|
#ifdef CONFIG_FLASH_PSTATE
|
|
|
|
/*
|
|
* If flash isn't mapped to the EC's address space, it's probably SPI, and
|
|
* should be using SPI write protect, not PSTATE.
|
|
*/
|
|
#if !defined(CONFIG_INTERNAL_STORAGE) || !defined(CONFIG_MAPPED_STORAGE)
|
|
#error "PSTATE should only be used with internal mem-mapped flash."
|
|
#endif
|
|
|
|
#ifdef CONFIG_FLASH_PSTATE_BANK
|
|
/* Persistent protection state - emulates a SPI status register for flashrom */
|
|
/* NOTE: It's not expected that RO and RW will support
|
|
* differing PSTATE versions. */
|
|
#define PERSIST_STATE_VERSION 3 /* Expected persist_state.version */
|
|
|
|
/* Flags for persist_state.flags */
|
|
/* Protect persist state and RO firmware at boot */
|
|
#define PERSIST_FLAG_PROTECT_RO 0x02
|
|
#define PSTATE_VALID_FLAGS BIT(0)
|
|
#define PSTATE_VALID_SERIALNO BIT(1)
|
|
|
|
struct persist_state {
|
|
uint8_t version; /* Version of this struct */
|
|
uint8_t flags; /* Lock flags (PERSIST_FLAG_*) */
|
|
uint8_t valid_fields; /* Flags for valid data. */
|
|
uint8_t reserved; /* Reserved; set 0 */
|
|
#ifdef CONFIG_SERIALNO_LEN
|
|
uint8_t serialno[CONFIG_SERIALNO_LEN]; /* Serial number. */
|
|
#else
|
|
uint8_t padding[4 % CONFIG_FLASH_WRITE_SIZE];
|
|
#endif
|
|
};
|
|
/* written with flash_physical_write, need to respect alignment constraints */
|
|
#ifndef CHIP_FAMILY_STM32L /* STM32L1xx is somewhat lying to us */
|
|
BUILD_ASSERT(sizeof(struct persist_state) % CONFIG_FLASH_WRITE_SIZE == 0);
|
|
#endif
|
|
|
|
#else /* !CONFIG_FLASH_PSTATE_BANK */
|
|
|
|
/*
|
|
* Flags for write protect state depend on the erased value of flash. The
|
|
* locked value must be the same as the unlocked value with one or more bits
|
|
* transitioned away from the erased state. That way, it is possible to
|
|
* rewrite the data in-place to set the lock.
|
|
*
|
|
* STM32F0x can only write 0x0000 to a non-erased half-word, which means
|
|
* PSTATE_MAGIC_LOCKED isn't quite as pretty. That's ok; the only thing
|
|
* we actually need to detect is PSTATE_MAGIC_UNLOCKED, since that's the
|
|
* only value we'll ever alter, and the only value which causes us not to
|
|
* lock the flash at boot.
|
|
*/
|
|
#if (CONFIG_FLASH_ERASED_VALUE32 == -1U)
|
|
#define PSTATE_MAGIC_UNLOCKED 0x4f4e5057 /* "WPNO" */
|
|
#define PSTATE_MAGIC_LOCKED 0x00000000 /* "" */
|
|
#elif (CONFIG_FLASH_ERASED_VALUE32 == 0)
|
|
#define PSTATE_MAGIC_UNLOCKED 0x4f4e5057 /* "WPNO" */
|
|
#define PSTATE_MAGIC_LOCKED 0x5f5f5057 /* "WP__" */
|
|
#else
|
|
/* What kind of wacky flash doesn't erase all bits to 1 or 0? */
|
|
#error "PSTATE needs magic values for this flash architecture."
|
|
#endif
|
|
|
|
/*
|
|
* Rewriting the write protect flag in place currently requires a minimum write
|
|
* size <= the size of the flag value.
|
|
*
|
|
* We could work around this on chips with larger minimum write size by reading
|
|
* the write block containing the flag into RAM, changing it to the locked
|
|
* value, and then rewriting that block. But we should only pay for that
|
|
* complexity when we run across another chip which needs it.
|
|
*/
|
|
#if (CONFIG_FLASH_WRITE_SIZE > 4)
|
|
#error "Non-bank-based PSTATE requires flash write size <= 32 bits."
|
|
#endif
|
|
|
|
const uint32_t pstate_data __attribute__((section(".rodata.pstate"))) =
|
|
#ifdef CONFIG_FLASH_PSTATE_LOCKED
|
|
PSTATE_MAGIC_LOCKED;
|
|
#else
|
|
PSTATE_MAGIC_UNLOCKED;
|
|
#endif
|
|
|
|
#endif /* !CONFIG_FLASH_PSTATE_BANK */
|
|
#endif /* CONFIG_FLASH_PSTATE */
|
|
|
|
#ifdef CONFIG_FLASH_MULTIPLE_REGION
|
|
const struct ec_flash_bank *flash_bank_info(int bank)
|
|
{
|
|
int i;
|
|
for (i = 0; i < ARRAY_SIZE(flash_bank_array); i++) {
|
|
if (bank < flash_bank_array[i].count)
|
|
return &flash_bank_array[i];
|
|
bank -= flash_bank_array[i].count;
|
|
}
|
|
|
|
return NULL;
|
|
}
|
|
|
|
int flash_bank_size(int bank)
|
|
{
|
|
int rv;
|
|
const struct ec_flash_bank *info = flash_bank_info(bank);
|
|
|
|
if (!info)
|
|
return -1;
|
|
|
|
rv = BIT(info->size_exp);
|
|
ASSERT(rv > 0);
|
|
return rv;
|
|
}
|
|
|
|
int flash_bank_erase_size(int bank)
|
|
{
|
|
int rv;
|
|
const struct ec_flash_bank *info = flash_bank_info(bank);
|
|
|
|
if (!info)
|
|
return -1;
|
|
|
|
rv = BIT(info->erase_size_exp);
|
|
ASSERT(rv > 0);
|
|
return rv;
|
|
}
|
|
|
|
int flash_bank_index(int offset)
|
|
{
|
|
int bank_offset = 0, i;
|
|
|
|
if (offset == 0)
|
|
return bank_offset;
|
|
|
|
for (i = 0; i < ARRAY_SIZE(flash_bank_array); i++) {
|
|
int all_sector_size = flash_bank_array[i].count <<
|
|
flash_bank_array[i].size_exp;
|
|
if (offset >= all_sector_size) {
|
|
offset -= all_sector_size;
|
|
bank_offset += flash_bank_array[i].count;
|
|
continue;
|
|
}
|
|
if (offset & ((1 << flash_bank_array[i].size_exp) - 1))
|
|
return -1;
|
|
return bank_offset + (offset >> flash_bank_array[i].size_exp);
|
|
}
|
|
if (offset != 0)
|
|
return -1;
|
|
return bank_offset;
|
|
}
|
|
|
|
int flash_bank_count(int offset, int size)
|
|
{
|
|
int begin = flash_bank_index(offset);
|
|
int end = flash_bank_index(offset + size);
|
|
|
|
if (begin == -1 || end == -1)
|
|
return -1;
|
|
return end - begin;
|
|
}
|
|
|
|
int flash_bank_start_offset(int bank)
|
|
{
|
|
int i;
|
|
int offset;
|
|
int bank_size;
|
|
|
|
if (bank < 0)
|
|
return -1;
|
|
|
|
offset = 0;
|
|
for (i = 0; i < bank; i++) {
|
|
bank_size = flash_bank_size(i);
|
|
if (bank_size < 0)
|
|
return -1;
|
|
offset += bank_size;
|
|
}
|
|
|
|
return offset;
|
|
}
|
|
|
|
#endif /* CONFIG_FLASH_MULTIPLE_REGION */
|
|
|
|
static int flash_range_ok(int offset, int size_req, int align)
|
|
{
|
|
if (offset < 0 || size_req < 0 ||
|
|
offset > CONFIG_FLASH_SIZE ||
|
|
size_req > CONFIG_FLASH_SIZE ||
|
|
offset + size_req > CONFIG_FLASH_SIZE ||
|
|
(offset | size_req) & (align - 1))
|
|
return 0; /* Invalid range */
|
|
|
|
return 1;
|
|
}
|
|
|
|
#ifdef CONFIG_MAPPED_STORAGE
|
|
/**
|
|
* Get the physical memory address of a flash offset
|
|
*
|
|
* This is used for direct flash access. We assume that the flash is
|
|
* contiguous from this start address through to the end of the usable
|
|
* flash.
|
|
*
|
|
* @param offset Flash offset to get address of
|
|
* @param dataptrp Returns pointer to memory address of flash offset
|
|
* @return pointer to flash memory offset, if ok, else NULL
|
|
*/
|
|
static const char *flash_physical_dataptr(int offset)
|
|
{
|
|
return (char *)((uintptr_t)CONFIG_MAPPED_STORAGE_BASE + offset);
|
|
}
|
|
|
|
int flash_dataptr(int offset, int size_req, int align, const char **ptrp)
|
|
{
|
|
if (!flash_range_ok(offset, size_req, align))
|
|
return -1; /* Invalid range */
|
|
if (ptrp)
|
|
*ptrp = flash_physical_dataptr(offset);
|
|
|
|
return CONFIG_FLASH_SIZE - offset;
|
|
}
|
|
#endif
|
|
|
|
#ifdef CONFIG_FLASH_PSTATE
|
|
#ifdef CONFIG_FLASH_PSTATE_BANK
|
|
|
|
/**
|
|
* Read and return persistent state flags (EC_FLASH_PROTECT_*)
|
|
*/
|
|
static uint32_t flash_read_pstate(void)
|
|
{
|
|
const struct persist_state *pstate =
|
|
(const struct persist_state *)
|
|
flash_physical_dataptr(CONFIG_FW_PSTATE_OFF);
|
|
|
|
if ((pstate->version == PERSIST_STATE_VERSION) &&
|
|
(pstate->valid_fields & PSTATE_VALID_FLAGS) &&
|
|
(pstate->flags & PERSIST_FLAG_PROTECT_RO)) {
|
|
/* Lock flag is known to be set */
|
|
return EC_FLASH_PROTECT_RO_AT_BOOT;
|
|
} else {
|
|
#ifdef CONFIG_WP_ALWAYS
|
|
return PERSIST_FLAG_PROTECT_RO;
|
|
#else
|
|
return 0;
|
|
#endif
|
|
}
|
|
}
|
|
|
|
#ifdef CONFIG_SERIALNO_LEN
|
|
/**
|
|
* Read and return persistent serial number.
|
|
*/
|
|
const char *flash_read_pstate_serial(void)
|
|
{
|
|
const struct persist_state *pstate =
|
|
(const struct persist_state *)
|
|
flash_physical_dataptr(CONFIG_FW_PSTATE_OFF);
|
|
|
|
if ((pstate->version == PERSIST_STATE_VERSION) &&
|
|
(pstate->valid_fields & PSTATE_VALID_SERIALNO)) {
|
|
return (const char *)(pstate->serialno);
|
|
}
|
|
|
|
return NULL;
|
|
}
|
|
#endif
|
|
|
|
/**
|
|
* Write persistent state after erasing.
|
|
*
|
|
* @param pstate New data to set in pstate. NOT memory mapped
|
|
* old pstate as it will be erased.
|
|
* @return EC_SUCCESS, or nonzero if error.
|
|
*/
|
|
static int flash_write_pstate_data(struct persist_state *newpstate)
|
|
{
|
|
int rv;
|
|
|
|
/* Erase pstate */
|
|
rv = flash_physical_erase(CONFIG_FW_PSTATE_OFF,
|
|
CONFIG_FW_PSTATE_SIZE);
|
|
if (rv)
|
|
return rv;
|
|
|
|
/*
|
|
* Note that if we lose power in here, we'll lose the pstate contents.
|
|
* That's ok, because it's only possible to write the pstate before
|
|
* it's protected.
|
|
*/
|
|
|
|
/* Write the updated pstate */
|
|
return flash_physical_write(CONFIG_FW_PSTATE_OFF, sizeof(*newpstate),
|
|
(const char *)newpstate);
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
* Validate and Init persistent state datastructure.
|
|
*
|
|
* @param pstate A pstate data structure. Will be valid at complete.
|
|
* @return EC_SUCCESS, or nonzero if error.
|
|
*/
|
|
static int validate_pstate_struct(struct persist_state *pstate)
|
|
{
|
|
if (pstate->version != PERSIST_STATE_VERSION) {
|
|
memset(pstate, 0, sizeof(*pstate));
|
|
pstate->version = PERSIST_STATE_VERSION;
|
|
}
|
|
|
|
return EC_SUCCESS;
|
|
}
|
|
|
|
/**
|
|
* Write persistent state from pstate, erasing if necessary.
|
|
*
|
|
* @param flags New flash write protect flags to set in pstate.
|
|
* @return EC_SUCCESS, or nonzero if error.
|
|
*/
|
|
static int flash_write_pstate(uint32_t flags)
|
|
{
|
|
struct persist_state newpstate;
|
|
const struct persist_state *pstate =
|
|
(const struct persist_state *)
|
|
flash_physical_dataptr(CONFIG_FW_PSTATE_OFF);
|
|
|
|
/* Only check the flags we write to pstate */
|
|
flags &= EC_FLASH_PROTECT_RO_AT_BOOT;
|
|
|
|
/* Check if pstate has actually changed */
|
|
if (flags == flash_read_pstate())
|
|
return EC_SUCCESS;
|
|
|
|
/* Cache the old copy for read/modify/write. */
|
|
memcpy(&newpstate, pstate, sizeof(newpstate));
|
|
validate_pstate_struct(&newpstate);
|
|
|
|
if (flags & EC_FLASH_PROTECT_RO_AT_BOOT)
|
|
newpstate.flags |= PERSIST_FLAG_PROTECT_RO;
|
|
else
|
|
newpstate.flags &= ~PERSIST_FLAG_PROTECT_RO;
|
|
newpstate.valid_fields |= PSTATE_VALID_FLAGS;
|
|
|
|
return flash_write_pstate_data(&newpstate);
|
|
}
|
|
|
|
#ifdef CONFIG_SERIALNO_LEN
|
|
/**
|
|
* Write persistent serial number to pstate, erasing if necessary.
|
|
*
|
|
* @param serialno New iascii serial number to set in pstate.
|
|
* @return EC_SUCCESS, or nonzero if error.
|
|
*/
|
|
int flash_write_pstate_serial(const char *serialno)
|
|
{
|
|
int i;
|
|
struct persist_state newpstate;
|
|
const struct persist_state *pstate =
|
|
(const struct persist_state *)
|
|
flash_physical_dataptr(CONFIG_FW_PSTATE_OFF);
|
|
|
|
/* Check that this is OK */
|
|
if (!serialno)
|
|
return EC_ERROR_INVAL;
|
|
|
|
/* Cache the old copy for read/modify/write. */
|
|
memcpy(&newpstate, pstate, sizeof(newpstate));
|
|
validate_pstate_struct(&newpstate);
|
|
|
|
/* Copy in serialno. */
|
|
for (i = 0; i < CONFIG_SERIALNO_LEN - 1; i++) {
|
|
newpstate.serialno[i] = serialno[i];
|
|
if (serialno[i] == 0)
|
|
break;
|
|
}
|
|
for (; i < CONFIG_SERIALNO_LEN; i++)
|
|
newpstate.serialno[i] = 0;
|
|
newpstate.valid_fields |= PSTATE_VALID_SERIALNO;
|
|
|
|
return flash_write_pstate_data(&newpstate);
|
|
}
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#else /* !CONFIG_FLASH_PSTATE_BANK */
|
|
|
|
/**
|
|
* Return the address of the pstate data in EC-RO.
|
|
*/
|
|
static const uintptr_t get_pstate_addr(void)
|
|
{
|
|
uintptr_t addr = (uintptr_t)&pstate_data;
|
|
|
|
/* Always use the pstate data in RO, even if we're RW */
|
|
if (system_is_in_rw())
|
|
addr += CONFIG_RO_MEM_OFF - CONFIG_RW_MEM_OFF;
|
|
|
|
return addr;
|
|
}
|
|
|
|
/**
|
|
* Read and return persistent state flags (EC_FLASH_PROTECT_*)
|
|
*/
|
|
static uint32_t flash_read_pstate(void)
|
|
{
|
|
/* Check for the unlocked magic value */
|
|
if (*(const uint32_t *)get_pstate_addr() == PSTATE_MAGIC_UNLOCKED)
|
|
return 0;
|
|
|
|
/* Anything else is locked */
|
|
return EC_FLASH_PROTECT_RO_AT_BOOT;
|
|
}
|
|
|
|
/**
|
|
* Write persistent state from pstate, erasing if necessary.
|
|
*
|
|
* @param flags New flash write protect flags to set in pstate.
|
|
* @return EC_SUCCESS, or nonzero if error.
|
|
*/
|
|
static int flash_write_pstate(uint32_t flags)
|
|
{
|
|
const uint32_t new_pstate = PSTATE_MAGIC_LOCKED;
|
|
|
|
/* Only check the flags we write to pstate */
|
|
flags &= EC_FLASH_PROTECT_RO_AT_BOOT;
|
|
|
|
/* Check if pstate has actually changed */
|
|
if (flags == flash_read_pstate())
|
|
return EC_SUCCESS;
|
|
|
|
/* We can only set the protect flag, not clear it */
|
|
if (!(flags & EC_FLASH_PROTECT_RO_AT_BOOT))
|
|
return EC_ERROR_ACCESS_DENIED;
|
|
|
|
/*
|
|
* Write a new pstate. We can overwrite the existing value, because
|
|
* we're only moving bits from the erased state to the unerased state.
|
|
*/
|
|
return flash_physical_write(get_pstate_addr() -
|
|
CONFIG_PROGRAM_MEMORY_BASE,
|
|
sizeof(new_pstate),
|
|
(const char *)&new_pstate);
|
|
}
|
|
|
|
#endif /* !CONFIG_FLASH_PSTATE_BANK */
|
|
#endif /* CONFIG_FLASH_PSTATE */
|
|
|
|
int flash_is_erased(uint32_t offset, int size)
|
|
{
|
|
const uint32_t *ptr;
|
|
|
|
#ifdef CONFIG_MAPPED_STORAGE
|
|
/* Use pointer directly to flash */
|
|
if (flash_dataptr(offset, size, sizeof(uint32_t),
|
|
(const char **)&ptr) < 0)
|
|
return 0;
|
|
|
|
flash_lock_mapped_storage(1);
|
|
for (size /= sizeof(uint32_t); size > 0; size--, ptr++)
|
|
if (*ptr != CONFIG_FLASH_ERASED_VALUE32) {
|
|
flash_lock_mapped_storage(0);
|
|
return 0;
|
|
}
|
|
|
|
flash_lock_mapped_storage(0);
|
|
#else
|
|
/* Read flash a chunk at a time */
|
|
uint32_t buf[8];
|
|
int bsize;
|
|
|
|
while (size) {
|
|
bsize = MIN(size, sizeof(buf));
|
|
|
|
if (flash_read(offset, bsize, (char *)buf))
|
|
return 0;
|
|
|
|
size -= bsize;
|
|
offset += bsize;
|
|
|
|
ptr = buf;
|
|
for (bsize /= sizeof(uint32_t); bsize > 0; bsize--, ptr++)
|
|
if (*ptr != CONFIG_FLASH_ERASED_VALUE32)
|
|
return 0;
|
|
|
|
}
|
|
#endif
|
|
|
|
return 1;
|
|
}
|
|
|
|
int flash_read(int offset, int size, char *data)
|
|
{
|
|
#ifdef CONFIG_MAPPED_STORAGE
|
|
const char *src;
|
|
|
|
if (flash_dataptr(offset, size, 1, &src) < 0)
|
|
return EC_ERROR_INVAL;
|
|
|
|
flash_lock_mapped_storage(1);
|
|
memcpy(data, src, size);
|
|
flash_lock_mapped_storage(0);
|
|
return EC_SUCCESS;
|
|
#else
|
|
return flash_physical_read(offset, size, data);
|
|
#endif
|
|
}
|
|
|
|
static void flash_abort_or_invalidate_hash(int offset, int size)
|
|
{
|
|
#ifdef CONFIG_VBOOT_HASH
|
|
if (vboot_hash_in_progress()) {
|
|
/* Abort hash calculation when flash update is in progress. */
|
|
vboot_hash_abort();
|
|
return;
|
|
}
|
|
|
|
#ifdef CONFIG_EXTERNAL_STORAGE
|
|
/*
|
|
* If EC executes in RAM and is currently in RW, we keep the current
|
|
* hash. On the next hash check, AP will catch hash mismatch between the
|
|
* flash copy and the RAM copy, then take necessary actions.
|
|
*/
|
|
if (system_is_in_rw())
|
|
return;
|
|
#endif
|
|
|
|
/* If EC executes in place, we need to invalidate the cached hash. */
|
|
vboot_hash_invalidate(offset, size);
|
|
#endif
|
|
|
|
#ifdef HAS_TASK_RWSIG
|
|
/*
|
|
* If RW flash has been written to, make sure we do not automatically
|
|
* jump to RW after the timeout.
|
|
*/
|
|
if ((offset >= CONFIG_RW_MEM_OFF &&
|
|
offset < (CONFIG_RW_MEM_OFF + CONFIG_RW_SIZE)) ||
|
|
((offset + size) > CONFIG_RW_MEM_OFF &&
|
|
(offset + size) <= (CONFIG_RW_MEM_OFF + CONFIG_RW_SIZE)) ||
|
|
(offset < CONFIG_RW_MEM_OFF &&
|
|
(offset + size) > (CONFIG_RW_MEM_OFF + CONFIG_RW_SIZE)))
|
|
rwsig_abort();
|
|
#endif
|
|
}
|
|
|
|
int flash_write(int offset, int size, const char *data)
|
|
{
|
|
if (!flash_range_ok(offset, size, CONFIG_FLASH_WRITE_SIZE))
|
|
return EC_ERROR_INVAL; /* Invalid range */
|
|
|
|
flash_abort_or_invalidate_hash(offset, size);
|
|
|
|
return flash_physical_write(offset, size, data);
|
|
}
|
|
|
|
int flash_erase(int offset, int size)
|
|
{
|
|
#ifndef CONFIG_FLASH_MULTIPLE_REGION
|
|
if (!flash_range_ok(offset, size, CONFIG_FLASH_ERASE_SIZE))
|
|
return EC_ERROR_INVAL; /* Invalid range */
|
|
#endif
|
|
|
|
flash_abort_or_invalidate_hash(offset, size);
|
|
|
|
return flash_physical_erase(offset, size);
|
|
}
|
|
|
|
int flash_protect_at_boot(uint32_t new_flags)
|
|
{
|
|
#ifdef CONFIG_FLASH_PSTATE
|
|
uint32_t new_pstate_flags = new_flags & EC_FLASH_PROTECT_RO_AT_BOOT;
|
|
|
|
/* Read the current persist state from flash */
|
|
if (flash_read_pstate() != new_pstate_flags) {
|
|
/* Need to update pstate */
|
|
int rv;
|
|
|
|
#ifdef CONFIG_FLASH_PSTATE_BANK
|
|
/* Fail if write protect block is already locked */
|
|
if (flash_physical_get_protect(PSTATE_BANK))
|
|
return EC_ERROR_ACCESS_DENIED;
|
|
#endif
|
|
|
|
/* Write the desired flags */
|
|
rv = flash_write_pstate(new_pstate_flags);
|
|
if (rv)
|
|
return rv;
|
|
}
|
|
|
|
#ifdef CONFIG_FLASH_PROTECT_NEXT_BOOT
|
|
/*
|
|
* Try updating at-boot protection state, if on a platform where write
|
|
* protection only changes after a reboot. Otherwise we wouldn't
|
|
* update it until after the next reboot, and we'd need to reboot
|
|
* again. Ignore errors, because the protection registers might
|
|
* already be locked this boot, and we'll still apply the correct state
|
|
* again on the next boot.
|
|
*
|
|
* This assumes PSTATE immediately follows RO, which it does on
|
|
* all STM32 platforms (which are the only ones with this config).
|
|
*/
|
|
flash_physical_protect_at_boot(new_flags);
|
|
#endif
|
|
|
|
return EC_SUCCESS;
|
|
#else
|
|
return flash_physical_protect_at_boot(new_flags);
|
|
#endif
|
|
}
|
|
|
|
uint32_t flash_get_protect(void)
|
|
{
|
|
uint32_t flags = 0;
|
|
int i;
|
|
/* Region protection status */
|
|
int not_protected[FLASH_REGION_COUNT] = {0};
|
|
#ifdef CONFIG_ROLLBACK
|
|
/* Flags that must be set to set ALL_NOW flag. */
|
|
const uint32_t all_flags = EC_FLASH_PROTECT_RO_NOW |
|
|
EC_FLASH_PROTECT_RW_NOW |
|
|
EC_FLASH_PROTECT_ROLLBACK_NOW;
|
|
#else
|
|
const uint32_t all_flags = EC_FLASH_PROTECT_RO_NOW |
|
|
EC_FLASH_PROTECT_RW_NOW;
|
|
#endif
|
|
|
|
/* Read write protect GPIO */
|
|
#ifdef CONFIG_WP_ALWAYS
|
|
flags |= EC_FLASH_PROTECT_GPIO_ASSERTED;
|
|
#elif defined(CONFIG_WP_ACTIVE_HIGH)
|
|
if (gpio_get_level(GPIO_WP))
|
|
flags |= EC_FLASH_PROTECT_GPIO_ASSERTED;
|
|
#else
|
|
if (!gpio_get_level(GPIO_WP_L))
|
|
flags |= EC_FLASH_PROTECT_GPIO_ASSERTED;
|
|
#endif
|
|
|
|
#ifdef CONFIG_FLASH_PSTATE
|
|
/* Read persistent state of RO-at-boot flag */
|
|
flags |= flash_read_pstate();
|
|
#endif
|
|
|
|
/* Scan flash protection */
|
|
for (i = 0; i < PHYSICAL_BANKS; i++) {
|
|
int is_ro = (i >= WP_BANK_OFFSET &&
|
|
i < WP_BANK_OFFSET + WP_BANK_COUNT);
|
|
enum flash_region region = is_ro ? FLASH_REGION_RO :
|
|
FLASH_REGION_RW;
|
|
int bank_flag = is_ro ? EC_FLASH_PROTECT_RO_NOW :
|
|
EC_FLASH_PROTECT_RW_NOW;
|
|
|
|
#ifdef CONFIG_ROLLBACK
|
|
if (i >= ROLLBACK_BANK_OFFSET &&
|
|
i < ROLLBACK_BANK_OFFSET + ROLLBACK_BANK_COUNT) {
|
|
region = FLASH_REGION_ROLLBACK;
|
|
bank_flag = EC_FLASH_PROTECT_ROLLBACK_NOW;
|
|
}
|
|
#endif
|
|
|
|
if (flash_physical_get_protect(i)) {
|
|
/* At least one bank in the region is protected */
|
|
flags |= bank_flag;
|
|
if (not_protected[region])
|
|
flags |= EC_FLASH_PROTECT_ERROR_INCONSISTENT;
|
|
} else {
|
|
/* At least one bank in the region is NOT protected */
|
|
not_protected[region] = 1;
|
|
if (flags & bank_flag)
|
|
flags |= EC_FLASH_PROTECT_ERROR_INCONSISTENT;
|
|
}
|
|
}
|
|
|
|
if ((flags & all_flags) == all_flags)
|
|
flags |= EC_FLASH_PROTECT_ALL_NOW;
|
|
|
|
/*
|
|
* If the RW or ROLLBACK banks are protected but the RO banks aren't,
|
|
* that's inconsistent.
|
|
*
|
|
* Note that we check this before adding in the physical flags below,
|
|
* since some chips can also protect ALL_NOW for the current boot by
|
|
* locking up the flash program-erase registers.
|
|
*/
|
|
if ((flags & all_flags) && !(flags & EC_FLASH_PROTECT_RO_NOW))
|
|
flags |= EC_FLASH_PROTECT_ERROR_INCONSISTENT;
|
|
|
|
#ifndef CONFIG_FLASH_PROTECT_RW
|
|
/* RW flag was used for intermediate computations, clear it now. */
|
|
flags &= ~EC_FLASH_PROTECT_RW_NOW;
|
|
#endif
|
|
|
|
/* Add in flags from physical layer */
|
|
return flags | flash_physical_get_protect_flags();
|
|
}
|
|
|
|
int flash_set_protect(uint32_t mask, uint32_t flags)
|
|
{
|
|
int retval = EC_SUCCESS;
|
|
int rv;
|
|
int old_flags_at_boot = flash_get_protect() &
|
|
(EC_FLASH_PROTECT_RO_AT_BOOT | EC_FLASH_PROTECT_RW_AT_BOOT |
|
|
EC_FLASH_PROTECT_ROLLBACK_AT_BOOT |
|
|
EC_FLASH_PROTECT_ALL_AT_BOOT);
|
|
int new_flags_at_boot = old_flags_at_boot;
|
|
|
|
/* Sanitize input flags */
|
|
flags = flags & mask;
|
|
|
|
/*
|
|
* Process flags we can set. Track the most recent error, but process
|
|
* all flags before returning.
|
|
*/
|
|
|
|
/*
|
|
* AT_BOOT flags are trickier than NOW flags, as they can be set
|
|
* when HW write protection is disabled and can be unset without
|
|
* a reboot.
|
|
*
|
|
* If we are only setting/clearing RO_AT_BOOT, things are simple.
|
|
* Setting ALL_AT_BOOT is processed only if HW write protection is
|
|
* enabled and RO_AT_BOOT is set, so it's also simple.
|
|
*
|
|
* The most tricky one is when we want to clear ALL_AT_BOOT. We need
|
|
* to determine whether to clear protection for the entire flash or
|
|
* leave RO protected. There are two cases that we want to keep RO
|
|
* protected:
|
|
* 1. RO_AT_BOOT was already set before flash_set_protect() is
|
|
* called.
|
|
* 2. RO_AT_BOOT was not set, but it's requested to be set by
|
|
* the caller of flash_set_protect().
|
|
*/
|
|
|
|
new_flags_at_boot &= ~(mask & EC_FLASH_PROTECT_RO_AT_BOOT);
|
|
new_flags_at_boot |= flags & EC_FLASH_PROTECT_RO_AT_BOOT;
|
|
|
|
/* Removing ALL must also remove RW/ROLLBACK */
|
|
if ((mask & EC_FLASH_PROTECT_ALL_AT_BOOT) &&
|
|
!(flags & EC_FLASH_PROTECT_ALL_AT_BOOT)) {
|
|
new_flags_at_boot &= ~EC_FLASH_PROTECT_ALL_AT_BOOT;
|
|
#ifdef CONFIG_FLASH_PROTECT_RW
|
|
new_flags_at_boot &= ~EC_FLASH_PROTECT_RW_AT_BOOT;
|
|
#endif
|
|
#ifdef CONFIG_ROLLBACK
|
|
new_flags_at_boot &= ~EC_FLASH_PROTECT_ROLLBACK_AT_BOOT;
|
|
#endif
|
|
}
|
|
|
|
#ifdef CONFIG_FLASH_PROTECT_RW
|
|
/* Removing RW must also remove ALL (otherwise nothing will happen). */
|
|
if ((mask & EC_FLASH_PROTECT_RW_AT_BOOT) &&
|
|
!(flags & EC_FLASH_PROTECT_RW_AT_BOOT)) {
|
|
new_flags_at_boot &= ~EC_FLASH_PROTECT_RW_AT_BOOT;
|
|
new_flags_at_boot &= ~EC_FLASH_PROTECT_ALL_AT_BOOT;
|
|
}
|
|
#endif
|
|
|
|
#ifdef CONFIG_ROLLBACK
|
|
if ((mask & EC_FLASH_PROTECT_ROLLBACK_AT_BOOT) &&
|
|
!(flags & EC_FLASH_PROTECT_ROLLBACK_AT_BOOT)) {
|
|
new_flags_at_boot &= ~EC_FLASH_PROTECT_ROLLBACK_AT_BOOT;
|
|
new_flags_at_boot &= ~EC_FLASH_PROTECT_ALL_AT_BOOT;
|
|
}
|
|
#endif
|
|
|
|
if (new_flags_at_boot != old_flags_at_boot) {
|
|
rv = flash_protect_at_boot(new_flags_at_boot);
|
|
if (rv)
|
|
retval = rv;
|
|
old_flags_at_boot = new_flags_at_boot;
|
|
}
|
|
|
|
/*
|
|
* All subsequent flags only work if write protect is enabled (that is,
|
|
* hardware WP flag) *and* RO is protected at boot (software WP flag).
|
|
*/
|
|
if ((~flash_get_protect()) & (EC_FLASH_PROTECT_GPIO_ASSERTED |
|
|
EC_FLASH_PROTECT_RO_AT_BOOT))
|
|
return retval;
|
|
|
|
/*
|
|
* The case where ALL/RW/ROLLBACK_AT_BOOT is unset is already covered
|
|
* above, so we do not need to mask it out.
|
|
*/
|
|
new_flags_at_boot |= flags & EC_FLASH_PROTECT_ALL_AT_BOOT;
|
|
|
|
#ifdef CONFIG_FLASH_PROTECT_RW
|
|
new_flags_at_boot |= flags & EC_FLASH_PROTECT_RW_AT_BOOT;
|
|
#endif
|
|
|
|
#ifdef CONFIG_ROLLBACK
|
|
new_flags_at_boot |= flags & EC_FLASH_PROTECT_ROLLBACK_AT_BOOT;
|
|
#endif
|
|
|
|
if (new_flags_at_boot != old_flags_at_boot) {
|
|
rv = flash_protect_at_boot(new_flags_at_boot);
|
|
if (rv)
|
|
retval = rv;
|
|
}
|
|
|
|
if (flags & EC_FLASH_PROTECT_RO_NOW) {
|
|
rv = flash_physical_protect_now(0);
|
|
if (rv)
|
|
retval = rv;
|
|
}
|
|
|
|
if (flags & EC_FLASH_PROTECT_ALL_NOW) {
|
|
rv = flash_physical_protect_now(1);
|
|
if (rv)
|
|
retval = rv;
|
|
}
|
|
return retval;
|
|
}
|
|
|
|
#ifdef CONFIG_FLASH_DEFERRED_ERASE
|
|
static volatile enum ec_status erase_rc = EC_RES_SUCCESS;
|
|
static struct ec_params_flash_erase_v1 erase_info;
|
|
|
|
static void flash_erase_deferred(void)
|
|
{
|
|
erase_rc = EC_RES_BUSY;
|
|
if (flash_erase(erase_info.params.offset, erase_info.params.size))
|
|
erase_rc = EC_RES_ERROR;
|
|
else
|
|
erase_rc = EC_RES_SUCCESS;
|
|
}
|
|
DECLARE_DEFERRED(flash_erase_deferred);
|
|
#endif
|
|
|
|
/*****************************************************************************/
|
|
/* Console commands */
|
|
|
|
#ifdef CONFIG_CMD_FLASHINFO
|
|
static int command_flash_info(int argc, char **argv)
|
|
{
|
|
int i, flags;
|
|
|
|
ccprintf("Usable: %4d KB\n", CONFIG_FLASH_SIZE / 1024);
|
|
ccprintf("Write: %4d B (ideal %d B)\n", CONFIG_FLASH_WRITE_SIZE,
|
|
CONFIG_FLASH_WRITE_IDEAL_SIZE);
|
|
#ifdef CONFIG_FLASH_MULTIPLE_REGION
|
|
ccprintf("Regions:\n");
|
|
for (i = 0; i < ARRAY_SIZE(flash_bank_array); i++) {
|
|
ccprintf(" %d region%s:\n",
|
|
flash_bank_array[i].count,
|
|
(flash_bank_array[i].count == 1 ? "" : "s"));
|
|
ccprintf(" Erase: %4d B (to %d-bits)\n",
|
|
1 << flash_bank_array[i].erase_size_exp,
|
|
CONFIG_FLASH_ERASED_VALUE32 ? 1 : 0);
|
|
ccprintf(" Size/Protect: %4d B\n",
|
|
1 << flash_bank_array[i].size_exp);
|
|
}
|
|
#else
|
|
ccprintf("Erase: %4d B (to %d-bits)\n", CONFIG_FLASH_ERASE_SIZE,
|
|
CONFIG_FLASH_ERASED_VALUE32 ? 1 : 0);
|
|
ccprintf("Protect: %4d B\n", CONFIG_FLASH_BANK_SIZE);
|
|
#endif
|
|
flags = flash_get_protect();
|
|
ccprintf("Flags: ");
|
|
if (flags & EC_FLASH_PROTECT_GPIO_ASSERTED)
|
|
ccputs(" wp_gpio_asserted");
|
|
if (flags & EC_FLASH_PROTECT_RO_AT_BOOT)
|
|
ccputs(" ro_at_boot");
|
|
if (flags & EC_FLASH_PROTECT_ALL_AT_BOOT)
|
|
ccputs(" all_at_boot");
|
|
if (flags & EC_FLASH_PROTECT_RO_NOW)
|
|
ccputs(" ro_now");
|
|
if (flags & EC_FLASH_PROTECT_ALL_NOW)
|
|
ccputs(" all_now");
|
|
#ifdef CONFIG_FLASH_PROTECT_RW
|
|
if (flags & EC_FLASH_PROTECT_RW_AT_BOOT)
|
|
ccputs(" rw_at_boot");
|
|
if (flags & EC_FLASH_PROTECT_RW_NOW)
|
|
ccputs(" rw_now");
|
|
#endif
|
|
if (flags & EC_FLASH_PROTECT_ERROR_STUCK)
|
|
ccputs(" STUCK");
|
|
if (flags & EC_FLASH_PROTECT_ERROR_INCONSISTENT)
|
|
ccputs(" INCONSISTENT");
|
|
#ifdef CONFIG_ROLLBACK
|
|
if (flags & EC_FLASH_PROTECT_ROLLBACK_AT_BOOT)
|
|
ccputs(" rollback_at_boot");
|
|
if (flags & EC_FLASH_PROTECT_ROLLBACK_NOW)
|
|
ccputs(" rollback_now");
|
|
#endif
|
|
ccputs("\n");
|
|
|
|
ccputs("Protected now:");
|
|
for (i = 0; i < PHYSICAL_BANKS; i++) {
|
|
if (!(i & 31))
|
|
ccputs("\n ");
|
|
else if (!(i & 7))
|
|
ccputs(" ");
|
|
ccputs(flash_physical_get_protect(i) ? "Y" : ".");
|
|
}
|
|
ccputs("\n");
|
|
return EC_SUCCESS;
|
|
}
|
|
DECLARE_SAFE_CONSOLE_COMMAND(flashinfo, command_flash_info,
|
|
NULL,
|
|
"Print flash info");
|
|
#endif /* CONFIG_CMD_FLASHINFO */
|
|
|
|
#ifdef CONFIG_CMD_FLASH
|
|
static int command_flash_erase(int argc, char **argv)
|
|
{
|
|
int offset = -1;
|
|
int size = -1;
|
|
int rv;
|
|
|
|
if (flash_get_protect() & EC_FLASH_PROTECT_ALL_NOW)
|
|
return EC_ERROR_ACCESS_DENIED;
|
|
|
|
rv = parse_offset_size(argc, argv, 1, &offset, &size);
|
|
if (rv)
|
|
return rv;
|
|
|
|
ccprintf("Erasing %d bytes at 0x%x...\n", size, offset);
|
|
return flash_erase(offset, size);
|
|
}
|
|
DECLARE_CONSOLE_COMMAND(flasherase, command_flash_erase,
|
|
"offset size",
|
|
"Erase flash");
|
|
|
|
static int command_flash_write(int argc, char **argv)
|
|
{
|
|
int offset = -1;
|
|
int size = -1;
|
|
int rv;
|
|
char *data;
|
|
int i;
|
|
|
|
if (flash_get_protect() & EC_FLASH_PROTECT_ALL_NOW)
|
|
return EC_ERROR_ACCESS_DENIED;
|
|
|
|
rv = parse_offset_size(argc, argv, 1, &offset, &size);
|
|
if (rv)
|
|
return rv;
|
|
|
|
if (size > shared_mem_size())
|
|
size = shared_mem_size();
|
|
|
|
/* Acquire the shared memory buffer */
|
|
rv = shared_mem_acquire(size, &data);
|
|
if (rv) {
|
|
ccputs("Can't get shared mem\n");
|
|
return rv;
|
|
}
|
|
|
|
/* Fill the data buffer with a pattern */
|
|
for (i = 0; i < size; i++)
|
|
data[i] = i;
|
|
|
|
ccprintf("Writing %d bytes to 0x%x...\n", size, offset);
|
|
rv = flash_write(offset, size, data);
|
|
|
|
/* Free the buffer */
|
|
shared_mem_release(data);
|
|
|
|
return rv;
|
|
}
|
|
DECLARE_CONSOLE_COMMAND(flashwrite, command_flash_write,
|
|
"offset size",
|
|
"Write pattern to flash");
|
|
|
|
static int command_flash_read(int argc, char **argv)
|
|
{
|
|
int offset = -1;
|
|
int size = 256;
|
|
int rv;
|
|
char *data;
|
|
int i;
|
|
|
|
rv = parse_offset_size(argc, argv, 1, &offset, &size);
|
|
if (rv)
|
|
return rv;
|
|
|
|
if (size > shared_mem_size())
|
|
size = shared_mem_size();
|
|
|
|
/* Acquire the shared memory buffer */
|
|
rv = shared_mem_acquire(size, &data);
|
|
if (rv) {
|
|
ccputs("Can't get shared mem\n");
|
|
return rv;
|
|
}
|
|
|
|
/* Read the data */
|
|
if (flash_read(offset, size, data)) {
|
|
shared_mem_release(data);
|
|
return EC_ERROR_INVAL;
|
|
}
|
|
|
|
/* Dump it */
|
|
for (i = 0; i < size; i++) {
|
|
if ((offset + i) % 16) {
|
|
ccprintf(" %02x", data[i]);
|
|
} else {
|
|
ccprintf("\n%08x: %02x", offset + i, data[i]);
|
|
cflush();
|
|
}
|
|
}
|
|
ccprintf("\n");
|
|
|
|
/* Free the buffer */
|
|
shared_mem_release(data);
|
|
|
|
return EC_SUCCESS;
|
|
}
|
|
DECLARE_CONSOLE_COMMAND(flashread, command_flash_read,
|
|
"offset [size]",
|
|
"Read flash");
|
|
#endif
|
|
|
|
static int command_flash_wp(int argc, char **argv)
|
|
{
|
|
int val;
|
|
|
|
if (argc < 2)
|
|
return EC_ERROR_PARAM_COUNT;
|
|
|
|
if (!strcasecmp(argv[1], "now"))
|
|
return flash_set_protect(EC_FLASH_PROTECT_ALL_NOW, -1);
|
|
|
|
if (!strcasecmp(argv[1], "all"))
|
|
return flash_set_protect(EC_FLASH_PROTECT_ALL_AT_BOOT, -1);
|
|
|
|
if (!strcasecmp(argv[1], "noall"))
|
|
return flash_set_protect(EC_FLASH_PROTECT_ALL_AT_BOOT, 0);
|
|
|
|
#ifdef CONFIG_FLASH_PROTECT_RW
|
|
if (!strcasecmp(argv[1], "rw"))
|
|
return flash_set_protect(EC_FLASH_PROTECT_RW_AT_BOOT, -1);
|
|
|
|
if (!strcasecmp(argv[1], "norw"))
|
|
return flash_set_protect(EC_FLASH_PROTECT_RW_AT_BOOT, 0);
|
|
#endif
|
|
|
|
#ifdef CONFIG_ROLLBACK
|
|
if (!strcasecmp(argv[1], "rb"))
|
|
return flash_set_protect(EC_FLASH_PROTECT_ROLLBACK_AT_BOOT, -1);
|
|
|
|
if (!strcasecmp(argv[1], "norb"))
|
|
return flash_set_protect(EC_FLASH_PROTECT_ROLLBACK_AT_BOOT, 0);
|
|
#endif
|
|
|
|
/* Do this last, since anything starting with 'n' means "no" */
|
|
if (parse_bool(argv[1], &val))
|
|
return flash_set_protect(EC_FLASH_PROTECT_RO_AT_BOOT,
|
|
val ? -1 : 0);
|
|
|
|
return EC_ERROR_PARAM1;
|
|
}
|
|
DECLARE_CONSOLE_COMMAND(flashwp, command_flash_wp,
|
|
"<BOOLEAN> | now | all | noall"
|
|
#ifdef CONFIG_FLASH_PROTECT_RW
|
|
" | rw | norw"
|
|
#endif
|
|
#ifdef CONFIG_ROLLBACK
|
|
" | rb | norb"
|
|
#endif
|
|
, "Modify flash write protect");
|
|
|
|
/*****************************************************************************/
|
|
/* Host commands */
|
|
|
|
/*
|
|
* All internal EC code assumes that offsets are provided relative to
|
|
* physical address zero of storage. In some cases, the region of storage
|
|
* belonging to the EC is not physical address zero - a non-zero fmap_base
|
|
* indicates so. Since fmap_base is not yet handled correctly by external
|
|
* code, we must perform the adjustment in our host command handlers -
|
|
* adjust all offsets so they are relative to the beginning of the storage
|
|
* region belonging to the EC. TODO(crbug.com/529365): Handle fmap_base
|
|
* correctly in flashrom, dump_fmap, etc. and remove EC_FLASH_REGION_START.
|
|
*/
|
|
#define EC_FLASH_REGION_START MIN(CONFIG_EC_PROTECTED_STORAGE_OFF, \
|
|
CONFIG_EC_WRITABLE_STORAGE_OFF)
|
|
|
|
static enum ec_status flash_command_get_info(struct host_cmd_handler_args *args)
|
|
{
|
|
const struct ec_params_flash_info_2 *p_2 = args->params;
|
|
struct ec_response_flash_info_2 *r_2 = args->response;
|
|
#ifdef CONFIG_FLASH_MULTIPLE_REGION
|
|
int banks_size = ARRAY_SIZE(flash_bank_array);
|
|
const struct ec_flash_bank *banks = flash_bank_array;
|
|
#else
|
|
struct ec_response_flash_info_1 *r_1 = args->response;
|
|
#if CONFIG_FLASH_BANK_SIZE < CONFIG_FLASH_ERASE_SIZE
|
|
#error "Flash: Bank size expected bigger or equal to erase size."
|
|
#endif
|
|
struct ec_flash_bank single_bank = {
|
|
.count = CONFIG_FLASH_SIZE / CONFIG_FLASH_BANK_SIZE,
|
|
.size_exp = __fls(CONFIG_FLASH_BANK_SIZE),
|
|
.write_size_exp = __fls(CONFIG_FLASH_WRITE_SIZE),
|
|
.erase_size_exp = __fls(CONFIG_FLASH_ERASE_SIZE),
|
|
.protect_size_exp = __fls(CONFIG_FLASH_BANK_SIZE),
|
|
};
|
|
int banks_size = 1;
|
|
const struct ec_flash_bank *banks = &single_bank;
|
|
#endif
|
|
int banks_len;
|
|
int ideal_size;
|
|
|
|
/*
|
|
* Compute the ideal amount of data for the host to send us,
|
|
* based on the maximum response size and the ideal write size.
|
|
*/
|
|
ideal_size = (args->response_max -
|
|
sizeof(struct ec_params_flash_write)) &
|
|
~(CONFIG_FLASH_WRITE_IDEAL_SIZE - 1);
|
|
/*
|
|
* If we can't get at least one ideal block, then just want
|
|
* as high a multiple of the minimum write size as possible.
|
|
*/
|
|
if (!ideal_size)
|
|
ideal_size = (args->response_max -
|
|
sizeof(struct ec_params_flash_write)) &
|
|
~(CONFIG_FLASH_WRITE_SIZE - 1);
|
|
|
|
|
|
if (args->version >= 2) {
|
|
args->response_size = sizeof(struct ec_response_flash_info_2);
|
|
r_2->flash_size = CONFIG_FLASH_SIZE - EC_FLASH_REGION_START;
|
|
#if (CONFIG_FLASH_ERASED_VALUE32 == 0)
|
|
r_2->flags = EC_FLASH_INFO_ERASE_TO_0;
|
|
#else
|
|
r_2->flags = 0;
|
|
#endif
|
|
#ifdef CONFIG_FLASH_SELECT_REQUIRED
|
|
r_2->flags |= EC_FLASH_INFO_SELECT_REQUIRED;
|
|
#endif
|
|
r_2->write_ideal_size = ideal_size;
|
|
r_2->num_banks_total = banks_size;
|
|
r_2->num_banks_desc = MIN(banks_size, p_2->num_banks_desc);
|
|
banks_len = r_2->num_banks_desc * sizeof(struct ec_flash_bank);
|
|
memcpy(r_2->banks, banks, banks_len);
|
|
args->response_size += banks_len;
|
|
return EC_RES_SUCCESS;
|
|
}
|
|
#ifdef CONFIG_FLASH_MULTIPLE_REGION
|
|
return EC_RES_INVALID_PARAM;
|
|
#else
|
|
r_1->flash_size = CONFIG_FLASH_SIZE - EC_FLASH_REGION_START;
|
|
r_1->flags = 0;
|
|
r_1->write_block_size = CONFIG_FLASH_WRITE_SIZE;
|
|
r_1->erase_block_size = CONFIG_FLASH_ERASE_SIZE;
|
|
r_1->protect_block_size = CONFIG_FLASH_BANK_SIZE;
|
|
if (args->version == 0) {
|
|
/* Only version 0 fields returned */
|
|
args->response_size = sizeof(struct ec_response_flash_info);
|
|
} else {
|
|
args->response_size = sizeof(struct ec_response_flash_info_1);
|
|
/* Fill in full version 1 struct */
|
|
r_1->write_ideal_size = ideal_size;
|
|
#if (CONFIG_FLASH_ERASED_VALUE32 == 0)
|
|
r_1->flags |= EC_FLASH_INFO_ERASE_TO_0;
|
|
#endif
|
|
#ifdef CONFIG_FLASH_SELECT_REQUIRED
|
|
r_1->flags |= EC_FLASH_INFO_SELECT_REQUIRED;
|
|
#endif
|
|
}
|
|
return EC_RES_SUCCESS;
|
|
#endif /* CONFIG_FLASH_MULTIPLE_REGION */
|
|
}
|
|
#ifdef CONFIG_FLASH_MULTIPLE_REGION
|
|
#define FLASH_INFO_VER EC_VER_MASK(2)
|
|
#else
|
|
#define FLASH_INFO_VER (EC_VER_MASK(0) | EC_VER_MASK(1) | EC_VER_MASK(2))
|
|
#endif
|
|
DECLARE_HOST_COMMAND(EC_CMD_FLASH_INFO,
|
|
flash_command_get_info, FLASH_INFO_VER);
|
|
|
|
|
|
static enum ec_status flash_command_read(struct host_cmd_handler_args *args)
|
|
{
|
|
const struct ec_params_flash_read *p = args->params;
|
|
uint32_t offset = p->offset + EC_FLASH_REGION_START;
|
|
|
|
if (p->size > args->response_max)
|
|
return EC_RES_OVERFLOW;
|
|
|
|
if (flash_read(offset, p->size, args->response))
|
|
return EC_RES_ERROR;
|
|
|
|
args->response_size = p->size;
|
|
|
|
return EC_RES_SUCCESS;
|
|
}
|
|
DECLARE_HOST_COMMAND(EC_CMD_FLASH_READ,
|
|
flash_command_read,
|
|
EC_VER_MASK(0));
|
|
|
|
/**
|
|
* Flash write command
|
|
*
|
|
* Version 0 and 1 are equivalent from the EC-side; the only difference is
|
|
* that the host can only send 64 bytes of data at a time in version 0.
|
|
*/
|
|
static enum ec_status flash_command_write(struct host_cmd_handler_args *args)
|
|
{
|
|
const struct ec_params_flash_write *p = args->params;
|
|
uint32_t offset = p->offset + EC_FLASH_REGION_START;
|
|
|
|
if (flash_get_protect() & EC_FLASH_PROTECT_ALL_NOW)
|
|
return EC_RES_ACCESS_DENIED;
|
|
|
|
if (p->size + sizeof(*p) > args->params_size)
|
|
return EC_RES_INVALID_PARAM;
|
|
|
|
#ifdef CONFIG_INTERNAL_STORAGE
|
|
if (system_unsafe_to_overwrite(offset, p->size))
|
|
return EC_RES_ACCESS_DENIED;
|
|
#endif
|
|
|
|
if (flash_write(offset, p->size, (const uint8_t *)(p + 1)))
|
|
return EC_RES_ERROR;
|
|
|
|
return EC_RES_SUCCESS;
|
|
}
|
|
DECLARE_HOST_COMMAND(EC_CMD_FLASH_WRITE,
|
|
flash_command_write,
|
|
EC_VER_MASK(0) | EC_VER_MASK(EC_VER_FLASH_WRITE));
|
|
|
|
#ifndef CONFIG_FLASH_MULTIPLE_REGION
|
|
/*
|
|
* Make sure our image sizes are a multiple of flash block erase size so that
|
|
* the host can erase the entire image.
|
|
*/
|
|
BUILD_ASSERT(CONFIG_RO_SIZE % CONFIG_FLASH_ERASE_SIZE == 0);
|
|
BUILD_ASSERT(CONFIG_RW_SIZE % CONFIG_FLASH_ERASE_SIZE == 0);
|
|
#endif
|
|
|
|
static enum ec_status flash_command_erase(struct host_cmd_handler_args *args)
|
|
{
|
|
const struct ec_params_flash_erase *p = args->params;
|
|
int rc = EC_RES_SUCCESS, cmd = FLASH_ERASE_SECTOR;
|
|
uint32_t offset;
|
|
#ifdef CONFIG_FLASH_DEFERRED_ERASE
|
|
const struct ec_params_flash_erase_v1 *p_1 = args->params;
|
|
|
|
if (args->version > 0) {
|
|
cmd = p_1->cmd;
|
|
p = &p_1->params;
|
|
}
|
|
#endif
|
|
offset = p->offset + EC_FLASH_REGION_START;
|
|
|
|
if (flash_get_protect() & EC_FLASH_PROTECT_ALL_NOW)
|
|
return EC_RES_ACCESS_DENIED;
|
|
|
|
#ifdef CONFIG_INTERNAL_STORAGE
|
|
if (system_unsafe_to_overwrite(offset, p->size))
|
|
return EC_RES_ACCESS_DENIED;
|
|
#endif
|
|
|
|
switch (cmd) {
|
|
case FLASH_ERASE_SECTOR:
|
|
#if defined(HAS_TASK_HOSTCMD) && defined(CONFIG_HOST_COMMAND_STATUS)
|
|
args->result = EC_RES_IN_PROGRESS;
|
|
host_send_response(args);
|
|
#endif
|
|
if (flash_erase(offset, p->size))
|
|
return EC_RES_ERROR;
|
|
|
|
break;
|
|
#ifdef CONFIG_FLASH_DEFERRED_ERASE
|
|
case FLASH_ERASE_SECTOR_ASYNC:
|
|
rc = erase_rc;
|
|
if (rc == EC_RES_SUCCESS) {
|
|
memcpy(&erase_info, p_1, sizeof(*p_1));
|
|
hook_call_deferred(&flash_erase_deferred_data,
|
|
100 * MSEC);
|
|
} else {
|
|
/*
|
|
* Not our job to return the result of
|
|
* the previous command.
|
|
*/
|
|
rc = EC_RES_BUSY;
|
|
}
|
|
break;
|
|
case FLASH_ERASE_GET_RESULT:
|
|
rc = erase_rc;
|
|
if (rc != EC_RES_BUSY)
|
|
/* Ready for another command */
|
|
erase_rc = EC_RES_SUCCESS;
|
|
break;
|
|
#endif
|
|
default:
|
|
rc = EC_RES_INVALID_PARAM;
|
|
}
|
|
return rc;
|
|
}
|
|
|
|
|
|
DECLARE_HOST_COMMAND(EC_CMD_FLASH_ERASE, flash_command_erase,
|
|
EC_VER_MASK(0)
|
|
#ifdef CONFIG_FLASH_DEFERRED_ERASE
|
|
| EC_VER_MASK(1)
|
|
#endif
|
|
);
|
|
|
|
static enum ec_status flash_command_protect(struct host_cmd_handler_args *args)
|
|
{
|
|
const struct ec_params_flash_protect *p = args->params;
|
|
struct ec_response_flash_protect *r = args->response;
|
|
|
|
/*
|
|
* Handle requesting new flags. Note that we ignore the return code
|
|
* from flash_set_protect(), since errors will be visible to the caller
|
|
* via the flags in the response. (If we returned error, the caller
|
|
* wouldn't get the response.)
|
|
*/
|
|
if (p->mask)
|
|
flash_set_protect(p->mask, p->flags);
|
|
|
|
/*
|
|
* Retrieve the current flags. The caller can use this to determine
|
|
* which of the requested flags could be set. This is cleaner than
|
|
* simply returning error, because it provides information to the
|
|
* caller about the actual result.
|
|
*/
|
|
r->flags = flash_get_protect();
|
|
|
|
/* Indicate which flags are valid on this platform */
|
|
r->valid_flags =
|
|
EC_FLASH_PROTECT_GPIO_ASSERTED |
|
|
EC_FLASH_PROTECT_ERROR_STUCK |
|
|
EC_FLASH_PROTECT_ERROR_INCONSISTENT |
|
|
flash_physical_get_valid_flags();
|
|
r->writable_flags = flash_physical_get_writable_flags(r->flags);
|
|
|
|
args->response_size = sizeof(*r);
|
|
|
|
return EC_RES_SUCCESS;
|
|
}
|
|
|
|
/*
|
|
* TODO(crbug.com/239197) : Adding both versions to the version mask is a
|
|
* temporary workaround for a problem in the cros_ec driver. Drop
|
|
* EC_VER_MASK(0) once cros_ec driver can send the correct version.
|
|
*/
|
|
DECLARE_HOST_COMMAND(EC_CMD_FLASH_PROTECT,
|
|
flash_command_protect,
|
|
EC_VER_MASK(0) | EC_VER_MASK(1));
|
|
|
|
static enum ec_status
|
|
flash_command_region_info(struct host_cmd_handler_args *args)
|
|
{
|
|
const struct ec_params_flash_region_info *p = args->params;
|
|
struct ec_response_flash_region_info *r = args->response;
|
|
|
|
switch (p->region) {
|
|
case EC_FLASH_REGION_RO:
|
|
r->offset = CONFIG_EC_PROTECTED_STORAGE_OFF +
|
|
CONFIG_RO_STORAGE_OFF -
|
|
EC_FLASH_REGION_START;
|
|
r->size = CONFIG_RO_SIZE;
|
|
break;
|
|
case EC_FLASH_REGION_ACTIVE:
|
|
r->offset = flash_get_rw_offset(system_get_active_copy()) -
|
|
EC_FLASH_REGION_START;
|
|
r->size = CONFIG_RW_SIZE;
|
|
break;
|
|
case EC_FLASH_REGION_WP_RO:
|
|
r->offset = CONFIG_WP_STORAGE_OFF -
|
|
EC_FLASH_REGION_START;
|
|
r->size = CONFIG_WP_STORAGE_SIZE;
|
|
break;
|
|
case EC_FLASH_REGION_UPDATE:
|
|
r->offset = flash_get_rw_offset(system_get_update_copy()) -
|
|
EC_FLASH_REGION_START;
|
|
r->size = CONFIG_RW_SIZE;
|
|
break;
|
|
default:
|
|
return EC_RES_INVALID_PARAM;
|
|
}
|
|
|
|
args->response_size = sizeof(*r);
|
|
return EC_RES_SUCCESS;
|
|
}
|
|
DECLARE_HOST_COMMAND(EC_CMD_FLASH_REGION_INFO,
|
|
flash_command_region_info,
|
|
EC_VER_MASK(EC_VER_FLASH_REGION_INFO));
|
|
|
|
|
|
#ifdef CONFIG_FLASH_SELECT_REQUIRED
|
|
|
|
static enum ec_status flash_command_select(struct host_cmd_handler_args *args)
|
|
{
|
|
const struct ec_params_flash_select *p = args->params;
|
|
|
|
return board_flash_select(p->select);
|
|
}
|
|
DECLARE_HOST_COMMAND(EC_CMD_FLASH_SELECT,
|
|
flash_command_select,
|
|
EC_VER_MASK(0));
|
|
|
|
#endif /* CONFIG_FLASH_SELECT_REQUIRED */
|