From d3b49deb809faee08137219bf3184abfacad2a76 Mon Sep 17 00:00:00 2001
From: Wei-Ning Huang <wnhuang@google.com>
Date: Mon, 8 May 2017 08:02:06 +0800
Subject: [PATCH] rwsig: protect flash with EC_FLASH_PROTECT_ALL_NOW whenever
 possible

Use EC_FLASH_PROTECT_ALL_NOW to protect all flash before jump if
posisble. If EC_FLASH_PROTECT_ALL_NOW does not work, try
EC_FLASH_PROTECT_ALL_AT_BOOT next.

BUG=b:37584134
TEST=on rose:
     1) `flashwp enable`
     2) `reboot`
     3) `flashinfo` flags contains 'all_now'

Change-Id: I2773410e97fae082fc6c20d47bdae3d991c57063
Reviewed-on: https://chromium-review.googlesource.com/497155
Commit-Ready: Wei-Ning Huang <wnhuang@chromium.org>
Tested-by: Wei-Ning Huang <wnhuang@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
---
 common/rwsig.c | 35 +++++++++++++++++++++--------------
 1 file changed, 21 insertions(+), 14 deletions(-)

diff --git a/common/rwsig.c b/common/rwsig.c
index 31174798a2..1471008122 100644
--- a/common/rwsig.c
+++ b/common/rwsig.c
@@ -36,23 +36,30 @@ void rwsig_jump_now(void)
 {
 	/* Protect all flash before jumping to RW. */
 
-	/*
-	 * This may do nothing if WP is not enabled, RO is not
-	 * protected, or if ALL_AT_BOOT is already set.
-	 */
-	flash_set_protect(EC_FLASH_PROTECT_ALL_AT_BOOT, -1);
+	/* This may do nothing if WP is not enabled, RO is not protected. */
+	flash_set_protect(EC_FLASH_PROTECT_ALL_NOW, -1);
 
-	if (!(flash_get_protect() & EC_FLASH_PROTECT_ALL_NOW) &&
-	      flash_get_protect() & EC_FLASH_PROTECT_ALL_AT_BOOT) {
-		/*
-		 * If flash protection is still not enabled (some chips may
-		 * be able to enable it immediately), reboot.
-		 */
-		cflush();
-		system_reset(SYSTEM_RESET_HARD | SYSTEM_RESET_PRESERVE_FLAGS);
+	/*
+	 * For chips that does not support EC_FLASH_PROTECT_ALL_NOW, use
+	 * EC_FLASH_PROTECT_ALL_AT_BOOT.
+	 */
+	if (system_is_locked() &&
+	    !(flash_get_protect() & EC_FLASH_PROTECT_ALL_NOW)) {
+		flash_set_protect(EC_FLASH_PROTECT_ALL_AT_BOOT, -1);
+
+		if (!(flash_get_protect() & EC_FLASH_PROTECT_ALL_NOW) &&
+		    flash_get_protect() & EC_FLASH_PROTECT_ALL_AT_BOOT) {
+			/*
+			 * If flash protection is still not enabled (some chips
+			 * may be able to enable it immediately), reboot.
+			 */
+			cflush();
+			system_reset(SYSTEM_RESET_HARD |
+				     SYSTEM_RESET_PRESERVE_FLAGS);
+		}
 	}
 
-	/* When system is locked, only boot to RW is all flash is protected. */
+	/* When system is locked, only boot to RW if all flash is protected. */
 	if (!system_is_locked() ||
 	    flash_get_protect() & EC_FLASH_PROTECT_ALL_NOW)
 		system_run_image_copy(SYSTEM_IMAGE_RW);