[flashrom] [PATCH] remove JEDEC protect/unprotect

Sean Nelson audiohacked at gmail.com
Wed Nov 25 17:27:21 CET 2009 

On 11/25/2009 7:11 AM, Michael Karcher wrote:
> This patch removes the extremely dangerous unprotect_jedec function
> which is not used at all within flashrom code, and renames the
> misleadingly named protect_jedec function to start_program_jedec. Calls
> to protect_jedec after flashing are removed, because
>   a) on LPC chips, the command sent by protoct_jedec is not even in the
> datasheet and
>   b) on parallel chips, the block write command issued before already
> contained the software protection sequence, so software protection is
> definitely enabled.
>
> This patch also removes two clones of protect_jedec
>
> Background: JEDEC Software Data Protection started as an optional
> feature, which was disabled on the first single-voltage-flash chips. The
> software data protection is the need to prefix a write with a magic
> "write enable" command, while without write protection every write
> access into the chip's address space modifies flash content. This magic
> write enable command also tells the flash chip that the programmer
> obviously support sending write-enable commands and turns off the "any
> write modifies flash content" mode. There also exist a two-command (6
> writes) sequence that disables Software Data Protection completey, which
> should only ever be used to prepare updating with a device that can't
> handle software data protection.
>
> Regards,
>    Michael Karcher
>
> Index: flash.h
> ===================================================================
> --- flash.h	(Revision 777)
> +++ flash.h	(Arbeitskopie)
> @@ -647,8 +647,7 @@
>   uint8_t oddparity(uint8_t val);
>   void toggle_ready_jedec(chipaddr dst);
>   void data_polling_jedec(chipaddr dst, uint8_t data);
> -void unprotect_jedec(chipaddr bios);
> -void protect_jedec(chipaddr bios);
> +void start_program_jedec(chipaddr bios);
>   int write_byte_program_jedec(chipaddr bios, uint8_t *src,
>   			     chipaddr dst);
>   int probe_jedec(struct flashchip *flash);
> Index: jedec.c
> ===================================================================
> --- jedec.c	(Revision 777)
> +++ jedec.c	(Arbeitskopie)
> @@ -64,25 +64,11 @@
>   	}
>   }
>
> -void unprotect_jedec(chipaddr bios)
> +void start_program_jedec(chipaddr bios)
>   {
>   	chip_writeb(0xAA, bios + 0x5555);
>   	chip_writeb(0x55, bios + 0x2AAA);
> -	chip_writeb(0x80, bios + 0x5555);
> -	chip_writeb(0xAA, bios + 0x5555);
> -	chip_writeb(0x55, bios + 0x2AAA);
> -	chip_writeb(0x20, bios + 0x5555);
> -
> -	programmer_delay(200);
> -}
> -
> -void protect_jedec(chipaddr bios)
> -{
> -	chip_writeb(0xAA, bios + 0x5555);
> -	chip_writeb(0x55, bios + 0x2AAA);
>   	chip_writeb(0xA0, bios + 0x5555);
> -
> -	programmer_delay(200);
>   }
>
>   int probe_jedec(struct flashchip *flash)
> @@ -270,9 +256,7 @@
>
>   retry:
>   	/* Issue JEDEC Data Unprotect comand */
> -	chip_writeb(0xAA, bios + 0x5555);
> -	chip_writeb(0x55, bios + 0x2AAA);
> -	chip_writeb(0xA0, bios + 0x5555);
> +	start_program_jedec(bios);
>
>   	/* transfer data from source to destination */
>   	for (i = 0; i<  page_size; i++) {
> @@ -312,9 +296,7 @@
>
>   retry:
>   	/* Issue JEDEC Byte Program command */
> -	chip_writeb(0xAA, bios + 0x5555);
> -	chip_writeb(0x55, bios + 0x2AAA);
> -	chip_writeb(0xA0, bios + 0x5555);
> +	start_program_jedec(bios);
>
>   	/* transfer data from source to destination */
>   	chip_writeb(*src, dst);
> @@ -348,7 +330,6 @@
>   	int i;
>   	int total_size = flash->total_size * 1024;
>   	int page_size = flash->page_size;
> -	chipaddr bios = flash->virtual_memory;
>
>   	if (erase_chip_jedec(flash)) {
>   		fprintf(stderr,"ERASE FAILED!\n");
> @@ -363,7 +344,6 @@
>   		printf("\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b");
>   	}
>   	printf("\n");
> -	protect_jedec(bios);
>
>   	return 0;
>   }
> Index: sharplhf00l04.c
> ===================================================================
> --- sharplhf00l04.c	(Revision 777)
> +++ sharplhf00l04.c	(Arbeitskopie)
> @@ -179,7 +179,6 @@
>   		printf("\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b");
>   	}
>   	printf("\n");
> -	protect_jedec(bios);
>
>   	return 0;
>   }
> Index: stm50flw0x0x.c
> ===================================================================
> --- stm50flw0x0x.c	(Revision 777)
> +++ stm50flw0x0x.c	(Arbeitskopie)
> @@ -31,15 +31,6 @@
>   #include "flash.h"
>   #include "flashchips.h"
>
> -void protect_stm50flw0x0x(chipaddr bios)
> -{
> -	chip_writeb(0xAA, bios + 0x5555);
> -	chip_writeb(0x55, bios + 0x2AAA);
> -	chip_writeb(0xA0, bios + 0x5555);
> -
> -	programmer_delay(200);
> -}
> -
>   int probe_stm50flw0x0x(struct flashchip *flash)
>   {
>   	int result = probe_jedec(flash);
> @@ -189,7 +180,6 @@
>   	int i;
>   	int total_size = flash->total_size * 1024;
>   	int page_size = flash->page_size;
> -	chipaddr bios = flash->virtual_memory;
>
>   	printf("Erasing page:\n");
>   	for (i = 0; i<  total_size / page_size; i++) {
> @@ -206,7 +196,6 @@
>   		}
>   	}
>   	printf("\n");
> -	protect_stm50flw0x0x(bios);
>
>   	return 0;
>   }
> @@ -250,7 +239,6 @@
>   					bios + i * page_size, page_size);
>   	}
>   	printf("\n");
> -	protect_stm50flw0x0x(bios);
>   	free(tmpbuf);
>
>   	return rc;
> Index: 82802ab.c
> ===================================================================
> --- 82802ab.c	(Revision 777)
> +++ 82802ab.c	(Arbeitskopie)
> @@ -190,7 +190,6 @@
>   				   bios + i * page_size, page_size);
>   	}
>   	printf("\n");
> -	protect_jedec(bios);
>   	free(tmpbuf);
>
>   	return 0;
> Index: m29f400bt.c
> ===================================================================
> --- m29f400bt.c	(Revision 777)
> +++ m29f400bt.c	(Arbeitskopie)
> @@ -20,15 +20,6 @@
>
>   #include "flash.h"
>
> -void protect_m29f400bt(chipaddr bios)
> -{
> -	chip_writeb(0xAA, bios + 0xAAA);
> -	chip_writeb(0x55, bios + 0x555);
> -	chip_writeb(0xA0, bios + 0xAAA);
> -
> -	programmer_delay(200);
> -}
> -
>   void write_page_m29f400bt(chipaddr bios, uint8_t *src,
>   			  chipaddr dst, int page_size)
>   {
> @@ -194,7 +185,6 @@
>   	write_page_m29f400bt(bios, buf + 0x7c000, bios + 0x7c000, 16 * 1024);
>
>   	printf("\n");
> -	//protect_m29f400bt (bios);
>
>   	return 0;
>   }
> @@ -248,7 +238,6 @@
>   	write_page_m29f400bt(bios, buf + 0x30000, bios + 0x30000, 64 * 1024);
>
>   	printf("\n");
> -	//protect_m29f400bt (bios);
>
>   	return 0;
>   }
>
>
> _______________________________________________
> flashrom mailing list
> flashrom at flashrom.org
> http://www.flashrom.org/mailman/listinfo/flashrom
>    

Nacked-by: Sean Nelson <audiohacked at gmail.com>

I'm not comfortable with removing the protect/unprotect code due to the 
fact that even if datasheets and conventions don't say that it's used, 
chips still might use/need the code. Sometimes functionality found in 
chips isn't documented due to either it's common practice or some other 
reason.

More information about the flashrom mailing list