From 9dc62178c97b94e5c308f1c36fd0858c316959e5 Mon Sep 17 00:00:00 2001 From: Bill Richardson Date: Tue, 28 Aug 2012 15:00:51 -0700 Subject: [PATCH] Add VB_INIT_FLAG_SW_WP_ENABLED to VbInit() input flags. We need to know not only whether the HW WP pin is asserted, but whether the flash chip has configured its software protection registers to actually protect anything. This flag can be used to indicate that. BUG=chrome-os-partner:13265 BRANCH=link TEST=none This just adds the flag. Nothing actually sets the flag yet, so there's nothing to test. Change-Id: Icba9945fb56eb3a4681486c630cbbdc9232485ef Signed-off-by: Bill Richardson Reviewed-on: https://gerrit.chromium.org/gerrit/31642 Reviewed-by: Randall Spangler --- firmware/include/vboot_api.h | 3 +++ firmware/include/vboot_struct.h | 2 ++ firmware/lib/vboot_api_init.c | 2 ++ host/lib/crossystem.c | 12 +++++++++--- tests/vboot_api_init_tests.c | 6 ++++++ utility/crossystem_main.c | 2 ++ 6 files changed, 24 insertions(+), 3 deletions(-) diff --git a/firmware/include/vboot_api.h b/firmware/include/vboot_api.h index b5f3fb342b..3d9b692188 100644 --- a/firmware/include/vboot_api.h +++ b/firmware/include/vboot_api.h @@ -181,6 +181,9 @@ typedef struct VbCommonParams { #define VB_INIT_FLAG_EC_SOFTWARE_SYNC 0x00000200 /* EC on this platform is slow to update. */ #define VB_INIT_FLAG_EC_SLOW_UPDATE 0x00000400 +/* Software write protect was enabled at boot time. This is separate from the + * HW write protect. Both must be set for flash write protection to work. */ +#define VB_INIT_FLAG_SW_WP_ENABLED 0x00000800 /* Output flags for VbInitParams.out_flags. Used to indicate * potential boot paths and configuration to the calling firmware diff --git a/firmware/include/vboot_struct.h b/firmware/include/vboot_struct.h index f8451a3f2a..4f48d9fc78 100644 --- a/firmware/include/vboot_struct.h +++ b/firmware/include/vboot_struct.h @@ -237,6 +237,8 @@ typedef struct VbKernelPreambleHeader { #define VBSD_EC_SOFTWARE_SYNC 0x00000800 /* VbInit() was told that the EC firmware is slow to update */ #define VBSD_EC_SLOW_UPDATE 0x00001000 +/* Firmware software write protect was enabled at boot time */ +#define VBSD_BOOT_FIRMWARE_SW_WP_ENABLED 0x00002000 /* Supported flags by header version. It's ok to add new flags while keeping * struct version 2 as long as flag-NOT-present is the correct value for diff --git a/firmware/lib/vboot_api_init.c b/firmware/lib/vboot_api_init.c index 8d1540ba22..0a1ee4348d 100644 --- a/firmware/lib/vboot_api_init.c +++ b/firmware/lib/vboot_api_init.c @@ -56,6 +56,8 @@ VbError_t VbInit(VbCommonParams* cparams, VbInitParams* iparams) { shared->flags |= VBSD_BOOT_REC_SWITCH_ON; if (iparams->flags & VB_INIT_FLAG_WP_ENABLED) shared->flags |= VBSD_BOOT_FIRMWARE_WP_ENABLED; + if (iparams->flags & VB_INIT_FLAG_SW_WP_ENABLED) + shared->flags |= VBSD_BOOT_FIRMWARE_SW_WP_ENABLED; if (iparams->flags & VB_INIT_FLAG_S3_RESUME) shared->flags |= VBSD_BOOT_S3_RESUME; if (iparams->flags & VB_INIT_FLAG_RO_NORMAL_SUPPORT) diff --git a/host/lib/crossystem.c b/host/lib/crossystem.c index b56554331f..a19384daea 100644 --- a/host/lib/crossystem.c +++ b/host/lib/crossystem.c @@ -38,7 +38,8 @@ typedef enum VdatIntField { VDAT_INT_DEVSW_BOOT, /* Dev switch position at boot */ VDAT_INT_DEVSW_VIRTUAL, /* Dev switch is virtual */ VDAT_INT_RECSW_BOOT, /* Recovery switch position at boot */ - VDAT_INT_WPSW_BOOT, /* WP switch position at boot */ + VDAT_INT_HW_WPSW_BOOT, /* Hardware WP switch position at boot */ + VDAT_INT_SW_WPSW_BOOT, /* Flash chip's WP setting at boot */ VDAT_INT_FW_VERSION_TPM, /* Current firmware version in TPM */ VDAT_INT_KERNEL_VERSION_TPM, /* Current kernel version in TPM */ @@ -364,9 +365,12 @@ int GetVdatInt(VdatIntField field) { case VDAT_INT_RECSW_BOOT: value = (sh->flags & VBSD_BOOT_REC_SWITCH_ON ? 1 : 0); break; - case VDAT_INT_WPSW_BOOT: + case VDAT_INT_HW_WPSW_BOOT: value = (sh->flags & VBSD_BOOT_FIRMWARE_WP_ENABLED ? 1 : 0); break; + case VDAT_INT_SW_WPSW_BOOT: + value = (sh->flags & VBSD_BOOT_FIRMWARE_SW_WP_ENABLED ? 1 : 0); + break; case VDAT_INT_RECOVERY_REASON: value = sh->recovery_reason; break; @@ -432,7 +436,9 @@ int VbGetSystemPropertyInt(const char* name) { } else if (!strcasecmp(name, "recoverysw_boot")) { value = GetVdatInt(VDAT_INT_RECSW_BOOT); } else if (!strcasecmp(name, "wpsw_boot")) { - value = GetVdatInt(VDAT_INT_WPSW_BOOT); + value = GetVdatInt(VDAT_INT_HW_WPSW_BOOT); + } else if (!strcasecmp(name, "sw_wpsw_boot")) { + value = GetVdatInt(VDAT_INT_SW_WPSW_BOOT); } else if (!strcasecmp(name,"vdat_flags")) { value = GetVdatInt(VDAT_INT_FLAGS); } else if (!strcasecmp(name,"tpm_fwver")) { diff --git a/tests/vboot_api_init_tests.c b/tests/vboot_api_init_tests.c index 3816e0754c..c10e7d08ee 100644 --- a/tests/vboot_api_init_tests.c +++ b/tests/vboot_api_init_tests.c @@ -143,6 +143,12 @@ static void VbInitTest(void) { TestVbInit(0, 0, "Flags test WP"); TEST_EQ(shared->flags, VBSD_BOOT_FIRMWARE_WP_ENABLED, " shared flags WP"); + ResetMocks(); + iparams.flags = VB_INIT_FLAG_SW_WP_ENABLED; + TestVbInit(0, 0, "Flags test SW WP"); + TEST_EQ(shared->flags, VBSD_BOOT_FIRMWARE_SW_WP_ENABLED, + " shared flags SW WP"); + ResetMocks(); iparams.flags = VB_INIT_FLAG_RO_NORMAL_SUPPORT; TestVbInit(0, 0, " flags test RO normal"); diff --git a/utility/crossystem_main.c b/utility/crossystem_main.c index 1b926655be..7528f01972 100644 --- a/utility/crossystem_main.c +++ b/utility/crossystem_main.c @@ -70,6 +70,8 @@ const Param sys_param_list[] = { {"ro_fwid", IS_STRING, "Read-only firmware ID"}, {"savedmem_base", 0, "RAM debug data area physical address", "0x%08x"}, {"savedmem_size", 0, "RAM debug data area size in bytes"}, + {"sw_wpsw_boot", 0, + "Firmware write protect software setting enabled at boot"}, {"tpm_fwver", 0, "Firmware version stored in TPM", "0x%08x"}, {"tpm_kernver", 0, "Kernel version stored in TPM", "0x%08x"}, {"tried_fwb", 0, "Tried firmware B before A this boot"},