Got it what if we use a different locking mechanism for the WP_RO then. I mean do we have different mechanisms on the intel platform?
There are different options depending on the generation
and flash chip.
Before Skylake, we had direct access to the flash chip and
its status (configuration) registers. Some SPI flashes have
an option to lock the block protection (that cros firmware
uses with the /WP pin) until the next reset. Requirement
here is that the flash chip is known and compatible. What
to do if we encounter an incompatible flash? => always run
recovery mode?
Since Skylake, access to the flash chip is limited. AFAIK,
we can only access the first status register of the flash.
Flash chips I know and that have the until-reset feature
as described above, need access to a secondary status
register, so this won't work here. OTOH, also since Skylake,
we have indidual locking bits for the protected region
registers in the SPI controller. NB. I don't trust this
mechanism, yet. It makes the already too complex SPI
controller even harder to reason about. For instance what
about other interfaces that you could grant access via
FRACC before the global FLOCKDN? is any of them accessible
by the host CPU? (earlier there was one for the GbE device)
However, what we could do to retrofit vboot: Ignore all
that! Either leave the MRC cache unprotected or limit the
setup to a semi-RO MRC cache that can only be filled by
the RO coreboot. Once that's done or when the RO coreboot
decides that an update isn't necessary, lock the RO par-
tition including the MRC cache. Now that I wrote it, it
gets too complex. Maybe just ignore the cache.
To view, visit change 32705. To unsubscribe, or for help writing mail filters, visit settings.