Angel Pons | 32859fc | 2020-04-02 23:48:27 +0200 | [diff] [blame] | 1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
Aaron Durbin | c6588c5 | 2015-05-15 13:15:34 -0500 | [diff] [blame] | 2 | |
| 3 | #ifndef _BOOT_DEVICE_H_ |
| 4 | #define _BOOT_DEVICE_H_ |
| 5 | |
Aaron Durbin | dc9f5cd | 2015-09-08 13:34:43 -0500 | [diff] [blame] | 6 | #include <commonlib/region.h> |
Aaron Durbin | c6588c5 | 2015-05-15 13:15:34 -0500 | [diff] [blame] | 7 | |
Aaron Durbin | dcbccd6 | 2016-08-10 11:42:42 -0500 | [diff] [blame] | 8 | /* |
Rizwan Qureshi | 6d4c1f5 | 2018-10-26 16:54:42 +0530 | [diff] [blame] | 9 | * Boot device region can be protected by 2 sources, media and controller. |
| 10 | * The following modes are identified. It depends on the flash chip and the |
| 11 | * controller if mode is actually supported. |
| 12 | * |
| 13 | * MEDIA_WP : Flash/Boot device enforces write protect |
| 14 | * CTRLR_WP : Controller device enforces write protect |
| 15 | * CTRLR_RP : Controller device enforces read protect |
| 16 | * CTRLR_RWP : Controller device enforces read-write protect |
| 17 | */ |
| 18 | enum bootdev_prot_type { |
| 19 | CTRLR_WP = 1, |
| 20 | CTRLR_RP = 2, |
| 21 | CTRLR_RWP = 3, |
| 22 | MEDIA_WP = 4, |
| 23 | }; |
| 24 | /* |
Aaron Durbin | dcbccd6 | 2016-08-10 11:42:42 -0500 | [diff] [blame] | 25 | * Please note that the read-only boot device may not be coherent with |
| 26 | * the read-write boot device. Thus, mixing mmap() and writeat() is |
| 27 | * most likely not to work so don't rely on such semantics. |
| 28 | */ |
| 29 | |
Julius Werner | 0d9072b | 2020-03-05 12:51:08 -0800 | [diff] [blame] | 30 | /* Return the region_device for the read-only boot device. This is the root |
| 31 | device for all CBFS boot devices. */ |
Aaron Durbin | c6588c5 | 2015-05-15 13:15:34 -0500 | [diff] [blame] | 32 | const struct region_device *boot_device_ro(void); |
| 33 | |
Aaron Durbin | dcbccd6 | 2016-08-10 11:42:42 -0500 | [diff] [blame] | 34 | /* Return the region_device for the read-write boot device. */ |
| 35 | const struct region_device *boot_device_rw(void); |
| 36 | |
Aaron Durbin | c6588c5 | 2015-05-15 13:15:34 -0500 | [diff] [blame] | 37 | /* |
| 38 | * Create a sub-region of the read-only boot device. |
| 39 | * Returns 0 on success, < 0 on error. |
| 40 | */ |
| 41 | int boot_device_ro_subregion(const struct region *sub, |
| 42 | struct region_device *subrd); |
| 43 | |
| 44 | /* |
Aaron Durbin | dcbccd6 | 2016-08-10 11:42:42 -0500 | [diff] [blame] | 45 | * Create a sub-region of the read-write boot device. |
| 46 | * Returns 0 on success, < 0 on error. |
| 47 | */ |
| 48 | int boot_device_rw_subregion(const struct region *sub, |
| 49 | struct region_device *subrd); |
| 50 | |
| 51 | /* |
Rizwan Qureshi | 6d4c1f5 | 2018-10-26 16:54:42 +0530 | [diff] [blame] | 52 | * Write protect a sub-region of the boot device represented |
| 53 | * by the region device. |
| 54 | * Returns 0 on success, < 0 on error. |
| 55 | */ |
Patrick Rudolph | 2be0b50 | 2019-05-09 13:43:49 +0200 | [diff] [blame] | 56 | int boot_device_wp_region(const struct region_device *rd, |
Rizwan Qureshi | 6d4c1f5 | 2018-10-26 16:54:42 +0530 | [diff] [blame] | 57 | const enum bootdev_prot_type type); |
| 58 | |
| 59 | /* |
Aaron Durbin | c6588c5 | 2015-05-15 13:15:34 -0500 | [diff] [blame] | 60 | * Initialize the boot device. This may be called multiple times within |
| 61 | * a stage so boot device implementations should account for this behavior. |
| 62 | **/ |
| 63 | void boot_device_init(void); |
| 64 | |
Patrick Rudolph | 78feacc | 2019-12-03 19:43:06 +0100 | [diff] [blame] | 65 | /* |
| 66 | * Restrict read/write access to the bootmedia using platform defined rules. |
| 67 | */ |
Patrick Rudolph | 6093c50 | 2019-05-08 18:36:39 +0200 | [diff] [blame] | 68 | #if CONFIG(BOOTMEDIA_LOCK_NONE) || (CONFIG(BOOTMEDIA_LOCK_IN_VERSTAGE) && ENV_RAMSTAGE) |
Patrick Rudolph | 78feacc | 2019-12-03 19:43:06 +0100 | [diff] [blame] | 69 | static inline void boot_device_security_lockdown(void) {} |
| 70 | #else |
| 71 | void boot_device_security_lockdown(void); |
| 72 | #endif |
Aaron Durbin | c6588c5 | 2015-05-15 13:15:34 -0500 | [diff] [blame] | 73 | #endif /* _BOOT_DEVICE_H_ */ |