This patch introduces chipset-level protections and adds checks that
abort writing to flash if any of the requested regions are
write-protected by chip, dynamically by a chipset, or are defined as
read-only.
This change is done so it's harder for user to brick his own platform.
Information about read-only regions can easily be missed as flashrom
can output a lot of information on screen. Even if you notice you might
not know if one of the regions you requested falls inside read-only
range, especially if using different names for those regions.
If you are flashing multiple regions or ones that partially overlap with
read-only parts then that could result in flashrom failing in the
middle leaving you in unknown state.
This patch was tested with multiple combinations of
unprotected/protected regions:
- dummy programmer
```sh
flashrom -p dummy:hwwp=yes,emulate=S25FL128L --wp-enable \
--wp-range 0x00040000,0x00fc0000 \
-l <(echo '00000000:0004ffff part1') -i part1 -E
```
- internal programmer on Protectli VP6670 with Dasharo UEFI firmware
with locked BIOS boot medium (PR0, part of bios region)
```sh
flashrom -p internal --ifd -i me -i bios -w test.rom
```
Normal reads and flashing non-protected regions was also tested.
Change-Id: Ia0dd847923e20ff0081ceae68984369e98952c2f
Signed-off-by: Michał Iwanicki <michal.iwanicki@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/89222
Reviewed-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
Make the filename parameter directly following -r/-w/-v optional, since
the -i parameter allows the image to be written to be sourced from
multiple files, regions to be read from flash and written to separate
image files, and regions to be verified using an image file only
containing that region.
Since the filename parameter following -w/-v was ignored when a
filename was specified following `-i <region>:<filename>`, this patch
essentially removes the requirement to provide an unused parameter.
Based on https://review.coreboot.org/c/flashrom/+/52362.
TEST=run the following commands on a supported board:
flashrom -p internal -r /tmp/coreboot.rom
flashrom -p internal -r --ifd -i bios:/tmp/coreboot.rom
flashrom -p internal -r /tmp/coreboot.rom --ifd -i bios:/tmp/bios.bin
flashrom -p internal -w /tmp/coreboot.rom
flashrom -p internal -w --ifd -i bios:/tmp/coreboot.rom
flashrom -p internal -w /tmp/coreboot.rom --ifd -i bios:/tmp/bios.bin
flashrom -p internal -v /tmp/coreboot.rom
flashrom -p internal -v --ifd -i bios:/tmp/coreboot.rom
flashrom -p internal -v /tmp/coreboot.rom --ifd -i bios:/tmp/bios.bin
Change-Id: I6eba095d478f1a7bdbc3854627a656f93dd9e452
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/85159
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
Although chipoff_t is fairly clearly documented on its own, it seems
fairly frequent that developers will treat the end address of a flash
region as an exclusive upper bound rather than the inclusive one it
should be; for example CB:82496 fixes an incorrect use that affected
multiple sites, and CB:73571 stemmed from a similar cause. Add a
clarifying comment to call attention to this, to help programmers avoid
making similar mistakes in the future.
Change-Id: I80b61a87ca31bd5a116224aadb4e211ee6841e1f
Signed-off-by: Peter Marheine <pmarheine@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/82677
Reviewed-by: Hsuan-ting Chen <roccochen@google.com>
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The new erase algorithm uses some of the functions which are static to
`flashrom.c`. So make these functions global and add prototypes to
`include\flash.h` and `include\layout.h'.
Change-Id: I7ee7e208948337b88467935fd2861b5f9ad6af9d
Signed-off-by: Aarya Chaumal <aarya.chaumal@gmail.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/71174
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
The romentry structure is the container ADT with some
annotated meta-data such as 'included' or 'file' however
the substantive substructure is a 'flash_region'. Therefore
factor this out.
That is to say, the link list node 'romentry' is obscured by the implementation details of its use-case of 'flash_region' that we
clear up here.
BUG=b:260440773
BRANCH=none
TEST=flashrom_tester
Change-Id: I768742b73db901df5b5208fcbcb8a324a06014c2
CoAuthored-by: Nikolai Artemiev <nartemiev@google.com>
Signed-off-by: Nikolai Artemiev <nartemiev@google.com>
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/69196
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
