Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 317a982ddbc0c79ed0a5b2fc00dab74147e76505 / . / src / include / boot_device.h
blob: 883f37c8c8613e725e09228a3c959e4d28b799bf [file] [log] [blame]
Angel Pons32859fc2020-04-02 23:48:27 +0200[diff] [blame]1/* SPDX-License-Identifier: GPL-2.0-only */
Aaron Durbinc6588c52015-05-15 13:15:34 -0500[diff] [blame]2
3#ifndef _BOOT_DEVICE_H_
4#define _BOOT_DEVICE_H_
5
Aaron Durbindc9f5cd2015-09-08 13:34:43 -0500[diff] [blame]6#include <commonlib/region.h>
Aaron Durbinc6588c52015-05-15 13:15:34 -0500[diff] [blame]7
Aaron Durbindcbccd62016-08-10 11:42:42 -0500[diff] [blame]8/*
Rizwan Qureshi6d4c1f52018-10-26 16:54:42 +0530[diff] [blame]9 * Boot device region can be protected by 2 sources, media and controller.
10 * The following modes are identified. It depends on the flash chip and the
11 * controller if mode is actually supported.
12 *
13 * MEDIA_WP : Flash/Boot device enforces write protect
14 * CTRLR_WP : Controller device enforces write protect
15 * CTRLR_RP : Controller device enforces read protect
16 * CTRLR_RWP : Controller device enforces read-write protect
17 */
18enum bootdev_prot_type {
19 CTRLR_WP = 1,
20 CTRLR_RP = 2,
21 CTRLR_RWP = 3,
22 MEDIA_WP = 4,
23};
24/*
Aaron Durbindcbccd62016-08-10 11:42:42 -0500[diff] [blame]25 * Please note that the read-only boot device may not be coherent with
26 * the read-write boot device. Thus, mixing mmap() and writeat() is
27 * most likely not to work so don't rely on such semantics.
28 */
29
Julius Werner0d9072b2020-03-05 12:51:08 -0800[diff] [blame]30/* Return the region_device for the read-only boot device. This is the root
31 device for all CBFS boot devices. */
Aaron Durbinc6588c52015-05-15 13:15:34 -0500[diff] [blame]32const struct region_device *boot_device_ro(void);
33
Aaron Durbindcbccd62016-08-10 11:42:42 -0500[diff] [blame]34/* Return the region_device for the read-write boot device. */
35const struct region_device *boot_device_rw(void);
36
Aaron Durbinc6588c52015-05-15 13:15:34 -0500[diff] [blame]37/*
38 * Create a sub-region of the read-only boot device.
39 * Returns 0 on success, < 0 on error.
40 */
41int boot_device_ro_subregion(const struct region *sub,
42 struct region_device *subrd);
43
44/*
Aaron Durbindcbccd62016-08-10 11:42:42 -0500[diff] [blame]45 * Create a sub-region of the read-write boot device.
46 * Returns 0 on success, < 0 on error.
47 */
48int boot_device_rw_subregion(const struct region *sub,
49 struct region_device *subrd);
50
51/*
Rizwan Qureshi6d4c1f52018-10-26 16:54:42 +0530[diff] [blame]52 * Write protect a sub-region of the boot device represented
53 * by the region device.
54 * Returns 0 on success, < 0 on error.
55 */
Patrick Rudolph2be0b502019-05-09 13:43:49 +0200[diff] [blame]56int boot_device_wp_region(const struct region_device *rd,
Rizwan Qureshi6d4c1f52018-10-26 16:54:42 +0530[diff] [blame]57 const enum bootdev_prot_type type);
58
59/*
Aaron Durbinc6588c52015-05-15 13:15:34 -0500[diff] [blame]60 * Initialize the boot device. This may be called multiple times within
61 * a stage so boot device implementations should account for this behavior.
62 **/
63void boot_device_init(void);
64
Patrick Rudolph78feacc2019-12-03 19:43:06 +0100[diff] [blame]65/*
Martin Roth3e25f852023-09-04 15:37:07 -0600[diff] [blame]66 * Restrict read/write access to the boot-media using platform defined rules.
Patrick Rudolph78feacc2019-12-03 19:43:06 +0100[diff] [blame]67 */
Patrick Rudolph6093c502019-05-08 18:36:39 +0200[diff] [blame]68#if CONFIG(BOOTMEDIA_LOCK_NONE) || (CONFIG(BOOTMEDIA_LOCK_IN_VERSTAGE) && ENV_RAMSTAGE)
Patrick Rudolph78feacc2019-12-03 19:43:06 +0100[diff] [blame]69static inline void boot_device_security_lockdown(void) {}
70#else
71void boot_device_security_lockdown(void);
72#endif
Aaron Durbinc6588c52015-05-15 13:15:34 -0500[diff] [blame]73#endif /* _BOOT_DEVICE_H_ */