mb/opencellular/elgon: Enable write protection

* Verify the flash write protection on each boot * Program non-volatile write protection on first boot Tested using I715791b8ae5d1db1ef587321ae5c9daa10eb7dbc. The bootblock is write-protected as long as the #WP pin is asserted low: * Reprogramming of the status register fails. * Trying to write to WP_RO region fails. Programming the WP_RO is only possible if #WP pin is high. Change-Id: I6a940c69ecb1dfd9704b2101c263570bebc5540e Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/29532 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-11-07 15:24:37 +01:00
parent e736015fff
commit fb444b0d20
1 changed files with 44 additions and 1 deletions
--- a/src/mainboard/opencellular/elgon/bootblock.c
+++ b/src/mainboard/opencellular/elgon/bootblock.c
@@ -18,6 +18,9 @@
 #include <soc/spi.h>
 #include <soc/uart.h>
 #include <soc/gpio.h>
+#include <spi_flash.h>
+#include <console/console.h>
+#include <fmap.h>
 #include "mainboard.h"

 void bootblock_mainboard_early_init(void)
@@ -49,8 +52,48 @@ static void configure_spi_flash(void)
 	gpio_output(ELGON_GPIO_SPI_MUX, 1);
 }

+/**
+ * Handle flash write protection.
+ * This code verifies the write-protection on each boot.
+ * Enabling the write protection does only run on the first boot.
+ * An error is fatal as it breaks the Chain Of Trust.
+ */
+static void protect_ro_rgn_spi_flash(void)
+{
+	const struct spi_flash *flash = boot_device_spi_flash();
+	const char *fmapname = "WP_RO";
+	struct region ro_rgn;
+
+	if (fmap_locate_area(fmapname, &ro_rgn)) {
+		printk(BIOS_ERR, "%s: No %s FMAP section.\n", __func__,
+			fmapname);
+		die("Can't verify flash protections!");
+	}
+
+	u8 reg8 = 0;
+	spi_flash_status(flash, &reg8);
+
+	/* Check if SRP0 is set and RO region is protected */
+	if (!(reg8 & 0x80) ||
+	    spi_flash_is_write_protected(flash, &ro_rgn) != 1) {
+		printk(BIOS_WARNING, "%s: FMAP section %s is not write-protected\n",
+			 __func__, fmapname);
+
+		/*
+		* Need to protect flash region :
+		* WP_RO read only and use /WP pin
+		* non-volatile programming
+		*/
+		if (spi_flash_set_write_protected(flash, &ro_rgn, 1,
+		    SPI_WRITE_PROTECTION_PIN) != 0)
+			die("Failed to write-protect WP_RO region!");
+	}
+	printk(BIOS_INFO, "%s: FMAP section %s is write-protected\n",
+	       __func__, fmapname);
+}
+
 void bootblock_mainboard_init(void)
 {
 	configure_spi_flash();
-	// FIXME: Check SPI flash WP bits
+	protect_ro_rgn_spi_flash();
 }