This patch removes the extremely dangerous unprotect_jedec function which is not used at all within flashrom code, and renames the misleadingly named protect_jedec function to start_program_jedec. Calls to protect_jedec after flashing are removed, because a) on LPC chips, the command sent by protoct_jedec is not even in the datasheet and b) on parallel chips, the block write command issued before already contained the software protection sequence, so software protection is definitely enabled.
This patch also removes two clones of protect_jedec
Background: JEDEC Software Data Protection started as an optional feature, which was disabled on the first single-voltage-flash chips. The software data protection is the need to prefix a write with a magic "write enable" command, while without write protection every write access into the chip's address space modifies flash content. This magic write enable command also tells the flash chip that the programmer obviously support sending write-enable commands and turns off the "any write modifies flash content" mode. There also exist a two-command (6 writes) sequence that disables Software Data Protection completey, which should only ever be used to prepare updating with a device that can't handle software data protection.
Regards, Michael Karcher
Index: flash.h =================================================================== --- flash.h (Revision 777) +++ flash.h (Arbeitskopie) @@ -647,8 +647,7 @@ uint8_t oddparity(uint8_t val); void toggle_ready_jedec(chipaddr dst); void data_polling_jedec(chipaddr dst, uint8_t data); -void unprotect_jedec(chipaddr bios); -void protect_jedec(chipaddr bios); +void start_program_jedec(chipaddr bios); int write_byte_program_jedec(chipaddr bios, uint8_t *src, chipaddr dst); int probe_jedec(struct flashchip *flash); Index: jedec.c =================================================================== --- jedec.c (Revision 777) +++ jedec.c (Arbeitskopie) @@ -64,25 +64,11 @@ } }
-void unprotect_jedec(chipaddr bios) +void start_program_jedec(chipaddr bios) { chip_writeb(0xAA, bios + 0x5555); chip_writeb(0x55, bios + 0x2AAA); - chip_writeb(0x80, bios + 0x5555); - chip_writeb(0xAA, bios + 0x5555); - chip_writeb(0x55, bios + 0x2AAA); - chip_writeb(0x20, bios + 0x5555); - - programmer_delay(200); -} - -void protect_jedec(chipaddr bios) -{ - chip_writeb(0xAA, bios + 0x5555); - chip_writeb(0x55, bios + 0x2AAA); chip_writeb(0xA0, bios + 0x5555); - - programmer_delay(200); }
int probe_jedec(struct flashchip *flash) @@ -270,9 +256,7 @@
retry: /* Issue JEDEC Data Unprotect comand */ - chip_writeb(0xAA, bios + 0x5555); - chip_writeb(0x55, bios + 0x2AAA); - chip_writeb(0xA0, bios + 0x5555); + start_program_jedec(bios);
/* transfer data from source to destination */ for (i = 0; i < page_size; i++) { @@ -312,9 +296,7 @@
retry: /* Issue JEDEC Byte Program command */ - chip_writeb(0xAA, bios + 0x5555); - chip_writeb(0x55, bios + 0x2AAA); - chip_writeb(0xA0, bios + 0x5555); + start_program_jedec(bios);
/* transfer data from source to destination */ chip_writeb(*src, dst); @@ -348,7 +330,6 @@ int i; int total_size = flash->total_size * 1024; int page_size = flash->page_size; - chipaddr bios = flash->virtual_memory;
if (erase_chip_jedec(flash)) { fprintf(stderr,"ERASE FAILED!\n"); @@ -363,7 +344,6 @@ printf("\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b"); } printf("\n"); - protect_jedec(bios);
return 0; } Index: sharplhf00l04.c =================================================================== --- sharplhf00l04.c (Revision 777) +++ sharplhf00l04.c (Arbeitskopie) @@ -179,7 +179,6 @@ printf("\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b"); } printf("\n"); - protect_jedec(bios);
return 0; } Index: stm50flw0x0x.c =================================================================== --- stm50flw0x0x.c (Revision 777) +++ stm50flw0x0x.c (Arbeitskopie) @@ -31,15 +31,6 @@ #include "flash.h" #include "flashchips.h"
-void protect_stm50flw0x0x(chipaddr bios) -{ - chip_writeb(0xAA, bios + 0x5555); - chip_writeb(0x55, bios + 0x2AAA); - chip_writeb(0xA0, bios + 0x5555); - - programmer_delay(200); -} - int probe_stm50flw0x0x(struct flashchip *flash) { int result = probe_jedec(flash); @@ -189,7 +180,6 @@ int i; int total_size = flash->total_size * 1024; int page_size = flash->page_size; - chipaddr bios = flash->virtual_memory;
printf("Erasing page:\n"); for (i = 0; i < total_size / page_size; i++) { @@ -206,7 +196,6 @@ } } printf("\n"); - protect_stm50flw0x0x(bios);
return 0; } @@ -250,7 +239,6 @@ bios + i * page_size, page_size); } printf("\n"); - protect_stm50flw0x0x(bios); free(tmpbuf);
return rc; Index: 82802ab.c =================================================================== --- 82802ab.c (Revision 777) +++ 82802ab.c (Arbeitskopie) @@ -190,7 +190,6 @@ bios + i * page_size, page_size); } printf("\n"); - protect_jedec(bios); free(tmpbuf);
return 0; Index: m29f400bt.c =================================================================== --- m29f400bt.c (Revision 777) +++ m29f400bt.c (Arbeitskopie) @@ -20,15 +20,6 @@
#include "flash.h"
-void protect_m29f400bt(chipaddr bios) -{ - chip_writeb(0xAA, bios + 0xAAA); - chip_writeb(0x55, bios + 0x555); - chip_writeb(0xA0, bios + 0xAAA); - - programmer_delay(200); -} - void write_page_m29f400bt(chipaddr bios, uint8_t *src, chipaddr dst, int page_size) { @@ -194,7 +185,6 @@ write_page_m29f400bt(bios, buf + 0x7c000, bios + 0x7c000, 16 * 1024);
printf("\n"); - //protect_m29f400bt (bios);
return 0; } @@ -248,7 +238,6 @@ write_page_m29f400bt(bios, buf + 0x30000, bios + 0x30000, 64 * 1024);
printf("\n"); - //protect_m29f400bt (bios);
return 0; }
On 11/25/2009 7:11 AM, Michael Karcher wrote:
This patch removes the extremely dangerous unprotect_jedec function which is not used at all within flashrom code, and renames the misleadingly named protect_jedec function to start_program_jedec. Calls to protect_jedec after flashing are removed, because a) on LPC chips, the command sent by protoct_jedec is not even in the datasheet and b) on parallel chips, the block write command issued before already contained the software protection sequence, so software protection is definitely enabled.
This patch also removes two clones of protect_jedec
Background: JEDEC Software Data Protection started as an optional feature, which was disabled on the first single-voltage-flash chips. The software data protection is the need to prefix a write with a magic "write enable" command, while without write protection every write access into the chip's address space modifies flash content. This magic write enable command also tells the flash chip that the programmer obviously support sending write-enable commands and turns off the "any write modifies flash content" mode. There also exist a two-command (6 writes) sequence that disables Software Data Protection completey, which should only ever be used to prepare updating with a device that can't handle software data protection.
Regards, Michael Karcher
Index: flash.h
--- flash.h (Revision 777) +++ flash.h (Arbeitskopie) @@ -647,8 +647,7 @@ uint8_t oddparity(uint8_t val); void toggle_ready_jedec(chipaddr dst); void data_polling_jedec(chipaddr dst, uint8_t data); -void unprotect_jedec(chipaddr bios); -void protect_jedec(chipaddr bios); +void start_program_jedec(chipaddr bios); int write_byte_program_jedec(chipaddr bios, uint8_t *src, chipaddr dst); int probe_jedec(struct flashchip *flash); Index: jedec.c =================================================================== --- jedec.c (Revision 777) +++ jedec.c (Arbeitskopie) @@ -64,25 +64,11 @@ } }
-void unprotect_jedec(chipaddr bios) +void start_program_jedec(chipaddr bios) { chip_writeb(0xAA, bios + 0x5555); chip_writeb(0x55, bios + 0x2AAA);
- chip_writeb(0x80, bios + 0x5555);
- chip_writeb(0xAA, bios + 0x5555);
- chip_writeb(0x55, bios + 0x2AAA);
- chip_writeb(0x20, bios + 0x5555);
- programmer_delay(200);
-}
-void protect_jedec(chipaddr bios) -{
chip_writeb(0xAA, bios + 0x5555);
chip_writeb(0x55, bios + 0x2AAA); chip_writeb(0xA0, bios + 0x5555);
programmer_delay(200); }
int probe_jedec(struct flashchip *flash)
@@ -270,9 +256,7 @@
retry: /* Issue JEDEC Data Unprotect comand */
- chip_writeb(0xAA, bios + 0x5555);
- chip_writeb(0x55, bios + 0x2AAA);
- chip_writeb(0xA0, bios + 0x5555);
start_program_jedec(bios);
/* transfer data from source to destination */ for (i = 0; i< page_size; i++) {
@@ -312,9 +296,7 @@
retry: /* Issue JEDEC Byte Program command */
- chip_writeb(0xAA, bios + 0x5555);
- chip_writeb(0x55, bios + 0x2AAA);
- chip_writeb(0xA0, bios + 0x5555);
start_program_jedec(bios);
/* transfer data from source to destination */ chip_writeb(*src, dst);
@@ -348,7 +330,6 @@ int i; int total_size = flash->total_size * 1024; int page_size = flash->page_size;
chipaddr bios = flash->virtual_memory;
if (erase_chip_jedec(flash)) { fprintf(stderr,"ERASE FAILED!\n");
@@ -363,7 +344,6 @@ printf("\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b"); } printf("\n");
protect_jedec(bios);
return 0; }
Index: sharplhf00l04.c
--- sharplhf00l04.c (Revision 777) +++ sharplhf00l04.c (Arbeitskopie) @@ -179,7 +179,6 @@ printf("\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b"); } printf("\n");
protect_jedec(bios);
return 0; }
Index: stm50flw0x0x.c
--- stm50flw0x0x.c (Revision 777) +++ stm50flw0x0x.c (Arbeitskopie) @@ -31,15 +31,6 @@ #include "flash.h" #include "flashchips.h"
-void protect_stm50flw0x0x(chipaddr bios) -{
- chip_writeb(0xAA, bios + 0x5555);
- chip_writeb(0x55, bios + 0x2AAA);
- chip_writeb(0xA0, bios + 0x5555);
- programmer_delay(200);
-}
- int probe_stm50flw0x0x(struct flashchip *flash) { int result = probe_jedec(flash);
@@ -189,7 +180,6 @@ int i; int total_size = flash->total_size * 1024; int page_size = flash->page_size;
chipaddr bios = flash->virtual_memory;
printf("Erasing page:\n"); for (i = 0; i< total_size / page_size; i++) {
@@ -206,7 +196,6 @@ } } printf("\n");
protect_stm50flw0x0x(bios);
return 0; }
@@ -250,7 +239,6 @@ bios + i * page_size, page_size); } printf("\n");
protect_stm50flw0x0x(bios); free(tmpbuf);
return rc;
Index: 82802ab.c
--- 82802ab.c (Revision 777) +++ 82802ab.c (Arbeitskopie) @@ -190,7 +190,6 @@ bios + i * page_size, page_size); } printf("\n");
protect_jedec(bios); free(tmpbuf);
return 0;
Index: m29f400bt.c
--- m29f400bt.c (Revision 777) +++ m29f400bt.c (Arbeitskopie) @@ -20,15 +20,6 @@
#include "flash.h"
-void protect_m29f400bt(chipaddr bios) -{
- chip_writeb(0xAA, bios + 0xAAA);
- chip_writeb(0x55, bios + 0x555);
- chip_writeb(0xA0, bios + 0xAAA);
- programmer_delay(200);
-}
- void write_page_m29f400bt(chipaddr bios, uint8_t *src, chipaddr dst, int page_size) {
@@ -194,7 +185,6 @@ write_page_m29f400bt(bios, buf + 0x7c000, bios + 0x7c000, 16 * 1024);
printf("\n");
//protect_m29f400bt (bios);
return 0; }
@@ -248,7 +238,6 @@ write_page_m29f400bt(bios, buf + 0x30000, bios + 0x30000, 64 * 1024);
printf("\n");
//protect_m29f400bt (bios);
return 0; }
flashrom mailing list flashrom@flashrom.org http://www.flashrom.org/mailman/listinfo/flashrom
Nacked-by: Sean Nelson audiohacked@gmail.com
I'm not comfortable with removing the protect/unprotect code due to the fact that even if datasheets and conventions don't say that it's used, chips still might use/need the code. Sometimes functionality found in chips isn't documented due to either it's common practice or some other reason.
I had a talk with Carl-Daniel about this, since he suggested it and he's in charge: Acked-by: Sean Nelson audiohacked@gmail.com
Am Mittwoch, den 25.11.2009, 16:11 +0100 schrieb Michael Karcher:
This patch removes the extremely dangerous unprotect_jedec function which is not used at all within flashrom code, and renames the misleadingly named protect_jedec function to start_program_jedec.
Signed-off-by: flashrom@mkarcher.dialup.fu-berlin.de
On 26.11.2009 15:09, Michael Karcher wrote:
Am Mittwoch, den 25.11.2009, 16:11 +0100 schrieb Michael Karcher:
This patch removes the extremely dangerous unprotect_jedec function which is not used at all within flashrom code, and renames the misleadingly named protect_jedec function to start_program_jedec.
Signed-off-by: flashrom@mkarcher.dialup.fu-berlin.de
The usual format is to have name and email address in there, like this:
Signed-off-by: Carl-Daniel Hailfinger c-d.hailfinger.devel.2006@gmx.net
I corrected this manually.
Acked-by: Carl-Daniel Hailfinger c-d.hailfinger.devel.2006@gmx.net
Thanks for the patch and the detailed description, committed in r783.
Regards, Carl-Daniel