[openfirmware] [commit] r2510 - cpu/arm/olpc/1.75 dev/olpc/spiflash
repository service
svn at openfirmware.info
Thu Sep 15 08:08:18 CEST 2011
Author: quozl
Date: Thu Sep 15 08:08:18 2011
New Revision: 2510
URL: http://tracker.coreboot.org/trac/openfirmware/changeset/2510
Log:
OLPC XO-1.75 - enforce SPI FLASH write protect during security startup, #11228
Modified:
cpu/arm/olpc/1.75/fw.bth
dev/olpc/spiflash/flashif.fth
dev/olpc/spiflash/spiflash.fth
Modified: cpu/arm/olpc/1.75/fw.bth
==============================================================================
--- cpu/arm/olpc/1.75/fw.bth Thu Sep 15 07:39:43 2011 (r2509)
+++ cpu/arm/olpc/1.75/fw.bth Thu Sep 15 08:08:18 2011 (r2510)
@@ -82,9 +82,16 @@
false to stand-init-debug?
\ true to stand-init-debug?
+: sec-trg ( -- ) d# 73 gpio-set ; \ rising edge latches SPI_WP# low
+: sec-trg? ( -- bit ) d# 73 gpio-pin@ ;
+
+alias ec-indexed-io-off sec-trg
+alias ec-indexed-io-off? sec-trg?
+alias ec-ixio-reboot ec-power-cycle \ clears latch, brings SPI_WP# high
+
false value secure?
-: protect-fw ( -- ) ;
+: protect-fw ( -- ) secure? if flash-protect sec-trg then ;
hex
: i-key-wait ( ms -- pressed? )
@@ -280,9 +287,6 @@
defer rm-go-hook \ Not used, but makes security happy
: tsc@ ( -- d.ticks ) timer0@ u>d ;
d# 6500 constant ms-factor
-0 value ec-indexed-io-off? \ !!!
-: ec-indexed-io-off ( -- ) ; \ !!!
-: ec-ixio-reboot ( -- ) ; \ !!!
\ idt1338 rtc and ram address map
\ 00 -> 0f rtc
Modified: dev/olpc/spiflash/flashif.fth
==============================================================================
--- dev/olpc/spiflash/flashif.fth Thu Sep 15 07:39:43 2011 (r2509)
+++ dev/olpc/spiflash/flashif.fth Thu Sep 15 08:08:18 2011 (r2510)
@@ -9,6 +9,7 @@
defer flash-read ( adr len offset -- )
defer flash-verify ( adr len offset -- mismatch? )
defer flash-erase-block ( offset -- )
+defer flash-protect ( -- )
h# 10.0000 value /flash
h# 10000 value /flash-block
Modified: dev/olpc/spiflash/spiflash.fth
==============================================================================
--- dev/olpc/spiflash/spiflash.fth Thu Sep 15 07:39:43 2011 (r2509)
+++ dev/olpc/spiflash/spiflash.fth Thu Sep 15 08:08:18 2011 (r2510)
@@ -91,6 +91,38 @@
1 spi-cmd ( b ) spi-out stop-writing
;
+\ Protect the device from further writes, by setting the Status
+\ Register Protect (SRP) bit, and the Block Protect (BP2 BP1 BP0)
+\ bits.
+
+\ Caller must then lower /WP pin, which prevents further write access
+\ to the status register until the /WP pin is raised.
+
+: spi-protect ( -- ) h# 9c spi-write-status ;
+
+\ Turn off the protection bits.
+
+\ Is only permitted by the device if the /WP pin is high, otherwise it
+\ is ignored and the status register protection bits are unchanged.
+
+: spi-unprotect ( -- ) h# 0 spi-write-status ;
+
+\ Check if the device is protected from further writes, by testing for
+\ a set SRP, and if so trying to clear it, and checking if it remained
+\ clear.
+
+: spi-protected? ( -- flag )
+ spi-read-status h# 80 and if
+ spi-read-status ( status )
+ spi-unprotect ( status )
+ spi-read-status h# 80 and if ( status )
+ drop true exit ( status )
+ then ( status )
+ spi-write-status
+ then
+ false
+;
+
\ Erase a 64k block
: erase-spi-block ( offset -- ) h# d8 setup-spi-write stop-writing ;
@@ -282,7 +314,7 @@
( default ) true abort" Unsupported SPI FLASH ID"
endcase
to write-spi-flash
- 0 spi-write-status \ Turn off write protect bits
+ spi-unprotect
;
\ Display a message telling what kind of part was found
@@ -299,14 +331,17 @@
then
;
-
: spi-flash-open ( -- )
\ One retry
spi-start ['] spi-identify catch if
spi-start spi-identify
then
;
-: spi-flash-write-enable ( -- ) flash-open .spi-id cr ;
+
+: spi-flash-write-enable ( -- )
+ flash-open .spi-id cr
+ spi-protected? abort" Write Protected SPI FLASH"
+;
: use-spi-flash-read ( -- ) ['] read-spi-flash to flash-read ;
@@ -319,6 +354,7 @@
['] write-spi-flash to flash-write
['] verify-spi-flash to flash-verify
['] erase-spi-block to flash-erase-block
+ ['] spi-protect to flash-protect
use-spi-flash-read \ Might be overridden
h# 10.0000 to /flash
/spi-eblock to /flash-block
More information about the openfirmware
mailing list