diff options
author | Aseda Aboagye <aaboagye@google.com> | 2021-06-15 23:24:26 -0700 |
---|---|---|
committer | Karthik Ramasubramanian <kramasub@google.com> | 2021-06-19 00:08:20 +0000 |
commit | bd503978d4fd57fe38cae3588748ee52b1bfdcae (patch) | |
tree | c3f942e3d29b25bc7572c10311514bb7d49fb5ac /src/mainboard/google/dedede/smihandler.c | |
parent | 633560568d5cc24da52f1089f0ae4ca362f7de2f (diff) |
mb/google/dedede: Configure CBI EEPROM WP
On dedede boards without Cr50, the CrOS Board Info (CBI) EEPROM write
protect signal is decoupled from the hardware write protect signal.
Instead, we'd like for it to mirror the software write protect status.
This commit simply checks the software write protect status of the SPI
flash and sets the CBI EEPROM write protect if it's enabled. To prevent
changing the WP signal at run-time, the GPIO configuration is also
locked down after the level has been set. If HW WP is deasserted, the
CBI EEPROM WP will be deasserted as well.
BUG=b:191189275,b:184592299
BRANCH=None
TEST=Build and flash lalala, disable SW WP by running `flashrom -p host
--wp-disable` from a root shell and verify that the GPIO is asserted
after a reboot. Export the gpio via sysfs and verify that attempting to
change the value of the GPIO is futile. Enable SW WP via `flashrom -p
host --wp-enable` and reboot the DUT. Again, export the GPIO via sysfs
and verify that attempts to change the GPIO value are futile.
localhost ~ # iotools mem_read32 0xfd6e08d0
0x44000200
localhost ~ # cd /sys/class/gpio/
localhost /sys/class/gpio # echo 217 > export
localhost /sys/class/gpio # cd gpio217/
localhost /sys/class/gpio/gpio217 # echo out > direction
localhost /sys/class/gpio/gpio217 # cat value
0
localhost /sys/class/gpio/gpio217 # echo 1 > value
localhost /sys/class/gpio/gpio217 # cat value
1
localhost /sys/class/gpio/gpio217 # iotools mem_read32 0xfd6e08d0
0x44000200
Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Change-Id: Ic103037921ec7d2f96f86178675c11a3a1357d1b
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55558
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Diffstat (limited to 'src/mainboard/google/dedede/smihandler.c')
-rw-r--r-- | src/mainboard/google/dedede/smihandler.c | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/src/mainboard/google/dedede/smihandler.c b/src/mainboard/google/dedede/smihandler.c index c50578da70..33c6b2ef53 100644 --- a/src/mainboard/google/dedede/smihandler.c +++ b/src/mainboard/google/dedede/smihandler.c @@ -1,11 +1,16 @@ /* SPDX-License-Identifier: GPL-2.0-or-later */ +#include <baseboard/gpio.h> #include <baseboard/variants.h> +#include <console/console.h> #include <cpu/x86/smm.h> #include <ec/google/chromeec/ec.h> #include <ec/google/chromeec/smm.h> #include <elog.h> +#include <gpio.h> +#include <intelblocks/gpio.h> #include <intelblocks/smihandler.h> +#include <spi_flash.h> #include <variant/ec.h> void mainboard_smi_gpi_handler(const struct gpi_status *sts) @@ -47,3 +52,54 @@ void mainboard_smi_espi_handler(void) void __weak variant_smi_sleep(u8 slp_typ) { } + +static void mainboard_config_cbi_wp(void) +{ + int hw_wp = gpio_get(GPIO_PCH_WP); + const struct spi_flash *spi_flash_dev = boot_device_spi_flash(); + uint8_t sr1; + int rv; + + /* + * The CBI EEPROM WP should mirror our software write protect status if + * hardware write protect is set. If software write protect status is + * set at all via status register 1, that should be a sufficient signal. + * If the hardware WP is not set, or software write protect is not set + * while hardware write protect is set, deassert the CBI EEPROM WP. + * + * HW WP | SW WP | CBI WP + * ------|-------|------- + * 0 | X | 0 + * 1 | 0 | 0 + * 1 | 1 | 1 + */ + if (spi_flash_status(spi_flash_dev, &sr1) < 0) { + printk(BIOS_ERR, "MB: Failed to read SPI status register 1\n"); + printk(BIOS_ERR, "MB: CBI EEPROM WP cannot change!"); + return; + } + + /* + * Note that we are assuming that the Status Register protect bits are + * are located at this index and that 1 means hardware protected. This + * should be the case for these boards. + */ + const bool is_wp = !!(sr1 & 0x80) && hw_wp; + printk(BIOS_INFO, "MB: SPI flash is %swrite protected\n", + is_wp ? "" : "not "); + + /* Inverted because the signal is active low. */ + gpio_set(GPP_B16, !is_wp); + + /* Lock the configuration down. */ + rv = gpio_lock_pad(GPP_B16, GPIO_LOCK_FULL); + if (rv) + printk(BIOS_ERR, "MB: Failed to lock CBI WP (rv=%d)\n", + rv); +} + +void mainboard_smi_finalize(void) +{ + if (CONFIG(BOARD_GOOGLE_BASEBOARD_DEDEDE_TPM2)) + mainboard_config_cbi_wp(); +} |