diff options
| author | Tom Hughes <tomhughes@chromium.org> | 2020-05-28 18:03:04 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-05-30 05:16:49 +0000 |
| commit | d96af17c10edb47dd82389da1db47ea7e76f2914 (patch) | |
| tree | 4c1b4ddd5d52f27312b02c049d4c67f3e75f451e | |
| parent | 5a2c16ee17339b96eef8351157673253738b461b (diff) | |
| download | chrome-ec-d96af17c10edb47dd82389da1db47ea7e76f2914.tar.gz | |
stm32: Disable option bytes if RO is protected on boot
BRANCH=none
BUG=b:155897971
TEST=On bloonchipper after flashing flash_write_protect.bin test:
* Enable HW WP: dut-control fw_wp_en:on
* Reboot to RO: reboot ro
* Enable flash protection: runtest 1
=> PASS
* Reboot to RO: reboot ro
* Try to disable flash protection: runtest 2
=> PASS
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Change-Id: Ie7bc4d8b518ef1387f77666072a510a8fbfb1d90
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2220738
Commit-Queue: Yicheng Li <yichengli@chromium.org>
Tested-by: Yicheng Li <yichengli@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
| -rw-r--r-- | chip/stm32/flash-f.c | 12 | ||||
| -rw-r--r-- | chip/stm32/flash-stm32f3.c | 5 |
2 files changed, 12 insertions, 5 deletions
diff --git a/chip/stm32/flash-f.c b/chip/stm32/flash-f.c index 298b5ecac9..b192d44255 100644 --- a/chip/stm32/flash-f.c +++ b/chip/stm32/flash-f.c @@ -559,11 +559,12 @@ int flash_physical_protect_at_boot(uint32_t new_flags) val |= 1 << block; } if (original_val != val) { - write_optb(STM32_FLASH_nWRP_ALL, - val << STM32_FLASH_nWRP_OFFSET); + int rv = write_optb(STM32_FLASH_nWRP_ALL, + val << STM32_FLASH_nWRP_OFFSET); + if (rv != EC_SUCCESS) + return rv; } - return flash_physical_protect_at_boot_update_rdp_pstate(new_flags); } @@ -748,6 +749,11 @@ int flash_pre_init(void) return EC_SUCCESS; if (prot_flags & EC_FLASH_PROTECT_GPIO_ASSERTED) { + if (prot_flags & EC_FLASH_PROTECT_RO_NOW) { + /* Enable physical protection for RO (0 means RO). */ + flash_physical_protect_now(0); + } + if ((prot_flags & EC_FLASH_PROTECT_RO_AT_BOOT) && !(prot_flags & EC_FLASH_PROTECT_RO_NOW)) { /* diff --git a/chip/stm32/flash-stm32f3.c b/chip/stm32/flash-stm32f3.c index 60182a5e4a..ea5ba1a1b6 100644 --- a/chip/stm32/flash-stm32f3.c +++ b/chip/stm32/flash-stm32f3.c @@ -129,8 +129,9 @@ int flash_physical_protect_now(int all) return EC_SUCCESS; } - /* No way to protect just the RO flash until next boot */ - return EC_ERROR_INVAL; + disable_flash_option_bytes(); + + return EC_SUCCESS; } uint32_t flash_physical_get_valid_flags(void) |