1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
From 60b17a1eee72342ff226761caea2501960d44a30 Mon Sep 17 00:00:00 2001
From: Timothy Pearson <tpearson@raptorengineeringinc.com>
Date: Tue, 7 Apr 2015 13:45:06 -0500
Subject: [PATCH 01/13] southbridge/intel/common/spi: Add Flash lockdown option
Under certain circumstances it is desirable to prevent
software from altering the contents of the Flash device.
This Expert-mode option allows the hardware write protect
to be set on bootup.
Change-Id: I92d3c60a69f1688579d954d0476e30a6892cf4d5
Signed-off-by: Timothy Pearson <tpearson@raptorengineeringinc.com>
---
src/southbridge/intel/common/Kconfig | 9 +++++++++
src/southbridge/intel/common/spi.c | 20 ++++++++++++++------
2 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/src/southbridge/intel/common/Kconfig b/src/southbridge/intel/common/Kconfig
index 949310b..52ada30 100644
--- a/src/southbridge/intel/common/Kconfig
+++ b/src/southbridge/intel/common/Kconfig
@@ -1,2 +1,11 @@
config SOUTHBRIDGE_INTEL_COMMON
def_bool n
+
+config LOCK_DOWN_BIOS
+ bool "Lock down the Flash"
+ default n
+ depends on EXPERT
+ help
+ Lock down the Flash chip to prevent further modification by software.
+ WARNING: Altering the contents of the Flash chip further WILL require
+ a hardware programmer AND physical access to the Flash device!
\ No newline at end of file
diff --git a/src/southbridge/intel/common/spi.c b/src/southbridge/intel/common/spi.c
index 1d3ebf6..04f05ed 100644
--- a/src/southbridge/intel/common/spi.c
+++ b/src/southbridge/intel/common/spi.c
@@ -2,6 +2,7 @@
* Copyright (c) 2011 The Chromium OS Authors.
* Copyright (C) 2009, 2010 Carl-Daniel Hailfinger
* Copyright (C) 2011 Stefan Tauner
+ * Copyright (C) 2015 Timothy Pearson <tpearson@raptorengineeringinc.com>, Raptor Engineering
*
* See file CREDITS for list of people who contributed to this
* project.
@@ -353,11 +354,19 @@ void spi_init(void)
ich_set_bbar(0);
- /* Disable the BIOS write protect so write commands are allowed. */
- pci_read_config_byte(dev, 0xdc, &bios_cntl);
- /* Deassert SMM BIOS Write Protect Disable. */
- bios_cntl &= ~(1 << 5);
- pci_write_config_byte(dev, 0xdc, bios_cntl | 0x1);
+ if (IS_ENABLED(CONFIG_LOCK_DOWN_BIOS)) {
+ /* Engage lockdown */
+ hsfs = readw_(&ich9_spi->hsfs);
+ hsfs = hsfs | HSFS_FLOCKDN;
+ writew_(hsfs, &ich9_spi->hsfs);
+ }
+ else {
+ /* Disable the BIOS write protect so write commands are allowed. */
+ pci_read_config_byte(dev, 0xdc, &bios_cntl);
+ /* Deassert SMM BIOS Write Protect Disable. */
+ bios_cntl &= ~(1 << 5);
+ pci_write_config_byte(dev, 0xdc, bios_cntl | 0x1);
+ }
}
#ifndef __SMM__
static void spi_init_cb(void *unused)
@@ -927,7 +936,6 @@ static int ich_hwseq_write(struct spi_flash *flash,
return 0;
}
-
static struct spi_flash *spi_flash_hwseq(struct spi_slave *spi)
{
struct spi_flash *flash = NULL;
--
1.9.1
|
