Change in coreboot[master]: [WIP] drivers/mrc_cache: Drop get_write_protect_state() stubs - coreboot-gerrit

8 Nov 2021


      Attention is currently required from: Jason Glenesk, Marshall Dawson, Tim Wawrzynczak, Kyösti Mälkki, Andrey Petrov, Alexander Couzens, Patrick Rudolph, Yu-Ping Wu, Felix Held.
Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/58968 )
Change subject: [WIP] drivers/mrc_cache: Drop get_write_protect_state() stubs
......................................................................
Patch Set 3:
(2 comments)
Commit Message:
https://review.coreboot.org/c/coreboot/+/58968/comment/eb10a215_99027297 
PS3, Line 11: from soc/.
I think MRC_SETTINGS_PROTECT is supposed to be a capability Kconfig (i.e. "this platform supports MRC settings protection"), not a choice Kconfig ("I want to protect MRC settings"). Not sure why it is menuconfig visible, that might be a mistake. You can't just remove it from the SoC and turn it on by default for CONFIG_CHROMEOS, because some platforms that use the MRC cache driver (e.g. recent Arm devices) don't support flash-controller-based protection.
I think we just don't have a user choice Kconfig for this because nobody ever needed one. Why do you think it's necessary? There should never really be a reason for the OS to touch the MRC cache anyway so I think the idea was just that nobody would ever have a reason not to want it protected.
File src/security/vboot/bootmode.c:
https://review.coreboot.org/c/coreboot/+/58968/comment/6df03d27_08547714 
PS3, Line 65: int __weak get_write_protect_state(void)
Moving this out of VBOOT_NO_BOARD_SUPPORT makes me uneasy because that makes it easier to accidentally forget to override this function and not notice. There is no other way that would be visible other than the MRC cache being unprotected.
Honestly, I'm not sure there's a reason to explicitly check the hardware WP# line for this anyway. If the flash is unprotected, the status register SRP0 would also be disabled anyway. We used to do that because we had that GPIO available for vboot anyway (in fact I believe it started like that and the extra SRP0 check was added later), but now vboot doesn't need this pin anymore and having to define it for every board just for the MRC cache protection behavior seems a bit cumbersome. Maybe we can just take that part out and decide this based on SRP0 alone?
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/58968
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I8db0394645df1917b686339fa79432ccfc6960a2
Gerrit-Change-Number: 58968
Gerrit-PatchSet: 3
Gerrit-Owner: Kyösti Mälkki kyosti.malkki@gmail.com
Gerrit-Reviewer: Alexander Couzens lynxis@fe80.eu
Gerrit-Reviewer: Andrey Petrov andrey.petrov@gmail.com
Gerrit-Reviewer: Felix Held felix-coreboot@felixheld.de
Gerrit-Reviewer: Jason Glenesk jason.glenesk@gmail.com
Gerrit-Reviewer: Julius Werner jwerner@chromium.org
Gerrit-Reviewer: Marshall Dawson marshalldawson3rd@gmail.com
Gerrit-Reviewer: Patrick Rudolph siro@das-labor.org
Gerrit-Reviewer: Tim Wawrzynczak twawrzynczak@chromium.org
Gerrit-Reviewer: Yu-Ping Wu yupingso@google.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-CC: Paul Menzel paulepanter@mailbox.org
Gerrit-Attention: Jason Glenesk jason.glenesk@gmail.com
Gerrit-Attention: Marshall Dawson marshalldawson3rd@gmail.com
Gerrit-Attention: Tim Wawrzynczak twawrzynczak@chromium.org
Gerrit-Attention: Kyösti Mälkki kyosti.malkki@gmail.com
Gerrit-Attention: Andrey Petrov andrey.petrov@gmail.com
Gerrit-Attention: Alexander Couzens lynxis@fe80.eu
Gerrit-Attention: Patrick Rudolph siro@das-labor.org
Gerrit-Attention: Yu-Ping Wu yupingso@google.com
Gerrit-Attention: Felix Held felix-coreboot@felixheld.de
Gerrit-Comment-Date: Mon, 08 Nov 2021 22:51:41 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Gerrit-MessageType: comment