summaryrefslogtreecommitdiff
path: root/src/security/lockdown
diff options
context:
space:
mode:
authorReka Norman <rekanorman@google.com>2023-10-03 09:47:01 +1100
committerSubrata Banik <subratabanik@google.com>2024-01-05 05:12:23 +0000
commitc64be928de8421ea1bb2f575e32d74d58e41d659 (patch)
treebf45f43f69740640cd97be5787a15cc5bdcfd2c6 /src/security/lockdown
parent0f910e7db903fe07698f01685b880065b2f6ca4e (diff)
util/ifdtool: Add support for disabling GPR0
On ChromeOS devices with updateable CSE firmware, the GPR0 (Global Protected Range) register is used to ensure the CSE RO is write protected even when the FLMSTR-based protection is temporarily disabled by coreboot to allow updating the CSE RW. For more details see Documentation/soc/intel/cse_fw_update/cse_fw_update.md Therefore to allow modifying the CSE firmware from the CPU, the descriptor must have both the FLMSTR-based protection disabled (which can be done using ifdtool --unlock), and GPR0 disabled. Add an ifdtool option for disabling GPR0. For now I've added support for all platforms for which I have the SPI programming guide. Support for more platforms can be added in the future if needed. BUG=b:270275115 TEST=Run `ifdtool -p adl -g image.bin -O image-unlocked.bin` on a locked craask image, check the GPR0 field is set to 0. Change-Id: Iee13ce0b702b3c7a443501cb4fc282580869d03a Signed-off-by: Reka Norman <rekanorman@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/79788 Reviewed-by: Subrata Banik <subratabanik@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/security/lockdown')
0 files changed, 0 insertions, 0 deletions