From 38d3ef763179db8e00eb09131e6521e9d6be14c0 Mon Sep 17 00:00:00 2001
From: Hung-Te Lin <hungte@chromium.org>
Date: Thu, 6 Jan 2011 09:59:35 +0800
Subject: [PATCH] vboot_reference/make_dev_firmware: check write protection
 status before making changes

Complete the missing part of "checking (and disabling) write protection status.
This also helps to prevent erasing RW regions on system with WP enabled and
then causing boot failure.

BUG=chrome-os-partner:1276
TEST=(1) On CR-48 with WP enabled, run make_dev_firmware.sh without turning off WP.
         Result: Error message "Write protection is still enabled. Please verify
         that hardware write protection is disabled." (as expected)
     (2) Disable WP and run again.
         Result: firmware has been changed successfully.

Change-Id: Iaf2243cb2cd3c7f83ce4f36543ea3da1e3ca55a1

Review URL: http://codereview.chromium.org/5987010
---
 scripts/image_signing/make_dev_firmware.sh | 24 +++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/scripts/image_signing/make_dev_firmware.sh b/scripts/image_signing/make_dev_firmware.sh
index f432c0bdd9..4faf9dce7b 100755
--- a/scripts/image_signing/make_dev_firmware.sh
+++ b/scripts/image_signing/make_dev_firmware.sh
@@ -44,6 +44,21 @@ EXEC_LOG="$(make_temp_file)"
 # Functions
 # ----------------------------------------------------------------------------
 
+# Disables write protection status registers
+disable_write_protection() {
+  # No need to change WP status in file mode
+  if [ -n "$FLAGS_to" ]; then
+    return $FLAGS_TRUE
+  fi
+
+  # --wp-disable command may return success even if WP is still enabled,
+  # so we should use --wp-status to verify the results.
+  echo "Disabling system software write protection status..."
+  (flashrom --wp-disable && flashrom --wp-status) 2>&1 |
+    tee "$EXEC_LOG" |
+    grep -q '^WP: .* is disabled\.$'
+}
+
 # Reads $IMAGE from $FLAGS_from
 read_image() {
   if [ -z "$FLAGS_from" ]; then
@@ -123,7 +138,14 @@ main() {
     ensure_files_exist "$FLAGS_from"
   fi
 
-  # TODO(hungte) check if GPIO.3 (WP) is enabled
+  debug_msg "Checking software write protection status"
+  disable_write_protection ||
+    if is_debug_mode; then
+      err_die "Failed to disable WP. Diagnose Message: $(cat "$EXEC_LOG")"
+    else
+      err_die "Write protection is still enabled. " \
+              "Please verify that hardware write protection is disabled."
+    fi
 
   debug_msg "Pulling image to $IMAGE"
   (read_image && [ -s "$IMAGE" ]) ||