diff options
| -rw-r--r-- | firmware/include/vboot_api.h | 3 | ||||
| -rw-r--r-- | firmware/include/vboot_struct.h | 2 | ||||
| -rw-r--r-- | firmware/lib/vboot_api_init.c | 2 | ||||
| -rw-r--r-- | host/lib/crossystem.c | 12 | ||||
| -rw-r--r-- | tests/vboot_api_init_tests.c | 6 | ||||
| -rw-r--r-- | utility/crossystem_main.c | 2 |
6 files changed, 24 insertions, 3 deletions
diff --git a/firmware/include/vboot_api.h b/firmware/include/vboot_api.h index b5f3fb34..3d9b6921 100644 --- a/firmware/include/vboot_api.h +++ b/firmware/include/vboot_api.h @@ -181,6 +181,9 @@ typedef struct VbCommonParams { #define VB_INIT_FLAG_EC_SOFTWARE_SYNC 0x00000200 /* EC on this platform is slow to update. */ #define VB_INIT_FLAG_EC_SLOW_UPDATE 0x00000400 +/* Software write protect was enabled at boot time. This is separate from the + * HW write protect. Both must be set for flash write protection to work. */ +#define VB_INIT_FLAG_SW_WP_ENABLED 0x00000800 /* Output flags for VbInitParams.out_flags. Used to indicate * potential boot paths and configuration to the calling firmware diff --git a/firmware/include/vboot_struct.h b/firmware/include/vboot_struct.h index f8451a3f..4f48d9fc 100644 --- a/firmware/include/vboot_struct.h +++ b/firmware/include/vboot_struct.h @@ -237,6 +237,8 @@ typedef struct VbKernelPreambleHeader { #define VBSD_EC_SOFTWARE_SYNC 0x00000800 /* VbInit() was told that the EC firmware is slow to update */ #define VBSD_EC_SLOW_UPDATE 0x00001000 +/* Firmware software write protect was enabled at boot time */ +#define VBSD_BOOT_FIRMWARE_SW_WP_ENABLED 0x00002000 /* Supported flags by header version. It's ok to add new flags while keeping * struct version 2 as long as flag-NOT-present is the correct value for diff --git a/firmware/lib/vboot_api_init.c b/firmware/lib/vboot_api_init.c index 8d1540ba..0a1ee434 100644 --- a/firmware/lib/vboot_api_init.c +++ b/firmware/lib/vboot_api_init.c @@ -56,6 +56,8 @@ VbError_t VbInit(VbCommonParams* cparams, VbInitParams* iparams) { shared->flags |= VBSD_BOOT_REC_SWITCH_ON; if (iparams->flags & VB_INIT_FLAG_WP_ENABLED) shared->flags |= VBSD_BOOT_FIRMWARE_WP_ENABLED; + if (iparams->flags & VB_INIT_FLAG_SW_WP_ENABLED) + shared->flags |= VBSD_BOOT_FIRMWARE_SW_WP_ENABLED; if (iparams->flags & VB_INIT_FLAG_S3_RESUME) shared->flags |= VBSD_BOOT_S3_RESUME; if (iparams->flags & VB_INIT_FLAG_RO_NORMAL_SUPPORT) diff --git a/host/lib/crossystem.c b/host/lib/crossystem.c index b5655433..a19384da 100644 --- a/host/lib/crossystem.c +++ b/host/lib/crossystem.c @@ -38,7 +38,8 @@ typedef enum VdatIntField { VDAT_INT_DEVSW_BOOT, /* Dev switch position at boot */ VDAT_INT_DEVSW_VIRTUAL, /* Dev switch is virtual */ VDAT_INT_RECSW_BOOT, /* Recovery switch position at boot */ - VDAT_INT_WPSW_BOOT, /* WP switch position at boot */ + VDAT_INT_HW_WPSW_BOOT, /* Hardware WP switch position at boot */ + VDAT_INT_SW_WPSW_BOOT, /* Flash chip's WP setting at boot */ VDAT_INT_FW_VERSION_TPM, /* Current firmware version in TPM */ VDAT_INT_KERNEL_VERSION_TPM, /* Current kernel version in TPM */ @@ -364,9 +365,12 @@ int GetVdatInt(VdatIntField field) { case VDAT_INT_RECSW_BOOT: value = (sh->flags & VBSD_BOOT_REC_SWITCH_ON ? 1 : 0); break; - case VDAT_INT_WPSW_BOOT: + case VDAT_INT_HW_WPSW_BOOT: value = (sh->flags & VBSD_BOOT_FIRMWARE_WP_ENABLED ? 1 : 0); break; + case VDAT_INT_SW_WPSW_BOOT: + value = (sh->flags & VBSD_BOOT_FIRMWARE_SW_WP_ENABLED ? 1 : 0); + break; case VDAT_INT_RECOVERY_REASON: value = sh->recovery_reason; break; @@ -432,7 +436,9 @@ int VbGetSystemPropertyInt(const char* name) { } else if (!strcasecmp(name, "recoverysw_boot")) { value = GetVdatInt(VDAT_INT_RECSW_BOOT); } else if (!strcasecmp(name, "wpsw_boot")) { - value = GetVdatInt(VDAT_INT_WPSW_BOOT); + value = GetVdatInt(VDAT_INT_HW_WPSW_BOOT); + } else if (!strcasecmp(name, "sw_wpsw_boot")) { + value = GetVdatInt(VDAT_INT_SW_WPSW_BOOT); } else if (!strcasecmp(name,"vdat_flags")) { value = GetVdatInt(VDAT_INT_FLAGS); } else if (!strcasecmp(name,"tpm_fwver")) { diff --git a/tests/vboot_api_init_tests.c b/tests/vboot_api_init_tests.c index 3816e075..c10e7d08 100644 --- a/tests/vboot_api_init_tests.c +++ b/tests/vboot_api_init_tests.c @@ -144,6 +144,12 @@ static void VbInitTest(void) { TEST_EQ(shared->flags, VBSD_BOOT_FIRMWARE_WP_ENABLED, " shared flags WP"); ResetMocks(); + iparams.flags = VB_INIT_FLAG_SW_WP_ENABLED; + TestVbInit(0, 0, "Flags test SW WP"); + TEST_EQ(shared->flags, VBSD_BOOT_FIRMWARE_SW_WP_ENABLED, + " shared flags SW WP"); + + ResetMocks(); iparams.flags = VB_INIT_FLAG_RO_NORMAL_SUPPORT; TestVbInit(0, 0, " flags test RO normal"); TEST_EQ(shared->flags, VBSD_BOOT_RO_NORMAL_SUPPORT, diff --git a/utility/crossystem_main.c b/utility/crossystem_main.c index 1b926655..7528f019 100644 --- a/utility/crossystem_main.c +++ b/utility/crossystem_main.c @@ -70,6 +70,8 @@ const Param sys_param_list[] = { {"ro_fwid", IS_STRING, "Read-only firmware ID"}, {"savedmem_base", 0, "RAM debug data area physical address", "0x%08x"}, {"savedmem_size", 0, "RAM debug data area size in bytes"}, + {"sw_wpsw_boot", 0, + "Firmware write protect software setting enabled at boot"}, {"tpm_fwver", 0, "Firmware version stored in TPM", "0x%08x"}, {"tpm_kernver", 0, "Kernel version stored in TPM", "0x%08x"}, {"tried_fwb", 0, "Tried firmware B before A this boot"}, |