Add VB_INIT_FLAG_SW_WP_ENABLED to VbInit() input flags.
We need to know not only whether the HW WP pin is asserted, but whether the
flash chip has configured its software protection registers to actually
protect anything. This flag can be used to indicate that.
BUG=chrome-os-partner:13265
BRANCH=link
TEST=none
This just adds the flag. Nothing actually sets the flag yet, so there's
nothing to test.
Change-Id: Icba9945fb56eb3a4681486c630cbbdc9232485ef
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/31642
Reviewed-by: Randall Spangler <rspangler@chromium.org>
diff --git a/firmware/include/vboot_api.h b/firmware/include/vboot_api.h
index b5f3fb3..3d9b692 100644
--- a/firmware/include/vboot_api.h
+++ b/firmware/include/vboot_api.h
@@ -181,6 +181,9 @@
#define VB_INIT_FLAG_EC_SOFTWARE_SYNC 0x00000200
/* EC on this platform is slow to update. */
#define VB_INIT_FLAG_EC_SLOW_UPDATE 0x00000400
+/* Software write protect was enabled at boot time. This is separate from the
+ * HW write protect. Both must be set for flash write protection to work. */
+#define VB_INIT_FLAG_SW_WP_ENABLED 0x00000800
/* Output flags for VbInitParams.out_flags. Used to indicate
* potential boot paths and configuration to the calling firmware
diff --git a/firmware/include/vboot_struct.h b/firmware/include/vboot_struct.h
index f8451a3..4f48d9f 100644
--- a/firmware/include/vboot_struct.h
+++ b/firmware/include/vboot_struct.h
@@ -237,6 +237,8 @@
#define VBSD_EC_SOFTWARE_SYNC 0x00000800
/* VbInit() was told that the EC firmware is slow to update */
#define VBSD_EC_SLOW_UPDATE 0x00001000
+/* Firmware software write protect was enabled at boot time */
+#define VBSD_BOOT_FIRMWARE_SW_WP_ENABLED 0x00002000
/* Supported flags by header version. It's ok to add new flags while keeping
* struct version 2 as long as flag-NOT-present is the correct value for
diff --git a/firmware/lib/vboot_api_init.c b/firmware/lib/vboot_api_init.c
index 8d1540b..0a1ee43 100644
--- a/firmware/lib/vboot_api_init.c
+++ b/firmware/lib/vboot_api_init.c
@@ -56,6 +56,8 @@
shared->flags |= VBSD_BOOT_REC_SWITCH_ON;
if (iparams->flags & VB_INIT_FLAG_WP_ENABLED)
shared->flags |= VBSD_BOOT_FIRMWARE_WP_ENABLED;
+ if (iparams->flags & VB_INIT_FLAG_SW_WP_ENABLED)
+ shared->flags |= VBSD_BOOT_FIRMWARE_SW_WP_ENABLED;
if (iparams->flags & VB_INIT_FLAG_S3_RESUME)
shared->flags |= VBSD_BOOT_S3_RESUME;
if (iparams->flags & VB_INIT_FLAG_RO_NORMAL_SUPPORT)
diff --git a/host/lib/crossystem.c b/host/lib/crossystem.c
index b565543..a19384d 100644
--- a/host/lib/crossystem.c
+++ b/host/lib/crossystem.c
@@ -38,7 +38,8 @@
VDAT_INT_DEVSW_BOOT, /* Dev switch position at boot */
VDAT_INT_DEVSW_VIRTUAL, /* Dev switch is virtual */
VDAT_INT_RECSW_BOOT, /* Recovery switch position at boot */
- VDAT_INT_WPSW_BOOT, /* WP switch position at boot */
+ VDAT_INT_HW_WPSW_BOOT, /* Hardware WP switch position at boot */
+ VDAT_INT_SW_WPSW_BOOT, /* Flash chip's WP setting at boot */
VDAT_INT_FW_VERSION_TPM, /* Current firmware version in TPM */
VDAT_INT_KERNEL_VERSION_TPM, /* Current kernel version in TPM */
@@ -364,9 +365,12 @@
case VDAT_INT_RECSW_BOOT:
value = (sh->flags & VBSD_BOOT_REC_SWITCH_ON ? 1 : 0);
break;
- case VDAT_INT_WPSW_BOOT:
+ case VDAT_INT_HW_WPSW_BOOT:
value = (sh->flags & VBSD_BOOT_FIRMWARE_WP_ENABLED ? 1 : 0);
break;
+ case VDAT_INT_SW_WPSW_BOOT:
+ value = (sh->flags & VBSD_BOOT_FIRMWARE_SW_WP_ENABLED ? 1 : 0);
+ break;
case VDAT_INT_RECOVERY_REASON:
value = sh->recovery_reason;
break;
@@ -432,7 +436,9 @@
} else if (!strcasecmp(name, "recoverysw_boot")) {
value = GetVdatInt(VDAT_INT_RECSW_BOOT);
} else if (!strcasecmp(name, "wpsw_boot")) {
- value = GetVdatInt(VDAT_INT_WPSW_BOOT);
+ value = GetVdatInt(VDAT_INT_HW_WPSW_BOOT);
+ } else if (!strcasecmp(name, "sw_wpsw_boot")) {
+ value = GetVdatInt(VDAT_INT_SW_WPSW_BOOT);
} else if (!strcasecmp(name,"vdat_flags")) {
value = GetVdatInt(VDAT_INT_FLAGS);
} else if (!strcasecmp(name,"tpm_fwver")) {
diff --git a/tests/vboot_api_init_tests.c b/tests/vboot_api_init_tests.c
index 3816e07..c10e7d0 100644
--- a/tests/vboot_api_init_tests.c
+++ b/tests/vboot_api_init_tests.c
@@ -144,6 +144,12 @@
TEST_EQ(shared->flags, VBSD_BOOT_FIRMWARE_WP_ENABLED, " shared flags WP");
ResetMocks();
+ iparams.flags = VB_INIT_FLAG_SW_WP_ENABLED;
+ TestVbInit(0, 0, "Flags test SW WP");
+ TEST_EQ(shared->flags, VBSD_BOOT_FIRMWARE_SW_WP_ENABLED,
+ " shared flags SW WP");
+
+ ResetMocks();
iparams.flags = VB_INIT_FLAG_RO_NORMAL_SUPPORT;
TestVbInit(0, 0, " flags test RO normal");
TEST_EQ(shared->flags, VBSD_BOOT_RO_NORMAL_SUPPORT,
diff --git a/utility/crossystem_main.c b/utility/crossystem_main.c
index 1b92665..7528f01 100644
--- a/utility/crossystem_main.c
+++ b/utility/crossystem_main.c
@@ -70,6 +70,8 @@
{"ro_fwid", IS_STRING, "Read-only firmware ID"},
{"savedmem_base", 0, "RAM debug data area physical address", "0x%08x"},
{"savedmem_size", 0, "RAM debug data area size in bytes"},
+ {"sw_wpsw_boot", 0,
+ "Firmware write protect software setting enabled at boot"},
{"tpm_fwver", 0, "Firmware version stored in TPM", "0x%08x"},
{"tpm_kernver", 0, "Kernel version stored in TPM", "0x%08x"},
{"tried_fwb", 0, "Tried firmware B before A this boot"},