1
0
mirror of https://review.coreboot.org/flashrom.git synced 2025-10-25 03:20:41 +02:00
Commit Graph

7 Commits

Author SHA1 Message Date
Michał Iwanicki
2a092bbef7 Fail immediately when trying to write/erase wp regions
This patch introduces chipset-level protections and adds checks that
abort writing to flash if any of the requested regions are
write-protected by chip, dynamically by a chipset, or are defined as
read-only.

This change is done so it's harder for user to brick his own platform.
Information about read-only regions can easily be missed as flashrom
can output a lot of information on screen. Even if you notice you might
not know if one of the regions you requested falls inside read-only
range, especially if using different names for those regions.
If you are flashing multiple regions or ones that partially overlap with
read-only parts then that could result in flashrom failing in the
middle leaving you in unknown state.

This patch was tested with multiple combinations of
unprotected/protected regions:

- dummy programmer

```sh
flashrom -p dummy:hwwp=yes,emulate=S25FL128L --wp-enable \
  --wp-range 0x00040000,0x00fc0000 \
  -l <(echo '00000000:0004ffff part1') -i part1 -E
```

- internal programmer on Protectli VP6670 with Dasharo UEFI firmware
with locked BIOS boot medium (PR0, part of bios region)

```sh
flashrom -p internal --ifd -i me -i bios -w test.rom
```

Normal reads and flashing non-protected regions was also tested.

Change-Id: Ia0dd847923e20ff0081ceae68984369e98952c2f
Signed-off-by: Michał Iwanicki <michal.iwanicki@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/89222
Reviewed-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
2025-09-30 00:13:45 +00:00
Matt DeVillier
b9e0a3ce70 cli_classic.c: Make -r/-w/-v argument optional when using -i
Make the filename parameter directly following -r/-w/-v optional, since
the -i parameter allows the image to be written to be sourced from
multiple files, regions to be read from flash and written to separate
image files, and regions to be verified using an image file only
containing that region.

Since the filename parameter following -w/-v was ignored when a
filename was specified following `-i <region>:<filename>`, this patch
essentially removes the requirement to provide an unused parameter.

Based on https://review.coreboot.org/c/flashrom/+/52362.

TEST=run the following commands on a supported board:
flashrom -p internal -r /tmp/coreboot.rom
flashrom -p internal -r --ifd -i bios:/tmp/coreboot.rom
flashrom -p internal -r /tmp/coreboot.rom --ifd -i bios:/tmp/bios.bin
flashrom -p internal -w /tmp/coreboot.rom
flashrom -p internal -w --ifd -i bios:/tmp/coreboot.rom
flashrom -p internal -w /tmp/coreboot.rom --ifd -i bios:/tmp/bios.bin
flashrom -p internal -v /tmp/coreboot.rom
flashrom -p internal -v --ifd -i bios:/tmp/coreboot.rom
flashrom -p internal -v /tmp/coreboot.rom --ifd -i bios:/tmp/bios.bin

Change-Id: I6eba095d478f1a7bdbc3854627a656f93dd9e452
Signed-off-by: Matt DeVillier <matt.devillier@gmail.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/85159
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
2024-12-06 06:15:56 +00:00
Peter Marheine
d7e4240263 Add clarification to struct flash_region on chipoff_t
Although chipoff_t is fairly clearly documented on its own, it seems
fairly frequent that developers will treat the end address of a flash
region as an exclusive upper bound rather than the inclusive one it
should be; for example CB:82496 fixes an incorrect use that affected
multiple sites, and CB:73571 stemmed from a similar cause. Add a
clarifying comment to call attention to this, to help programmers avoid
making similar mistakes in the future.

Change-Id: I80b61a87ca31bd5a116224aadb4e211ee6841e1f
Signed-off-by: Peter Marheine <pmarheine@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/82677
Reviewed-by: Hsuan-ting Chen <roccochen@google.com>
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-05-31 00:27:07 +00:00
Aarya Chaumal
b868038303 flash.h: Make functions global that will be used for new erase algorithm
The new erase algorithm uses some of the functions which are static to
`flashrom.c`. So make these functions global and add prototypes to
`include\flash.h` and `include\layout.h'.

Change-Id: I7ee7e208948337b88467935fd2861b5f9ad6af9d
Signed-off-by: Aarya Chaumal <aarya.chaumal@gmail.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/71174
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
2023-01-16 01:51:59 +00:00
Nikolai Artemiev
e712c39507 layout.h: Add {read,write}_prot flags to flash_region
Add protection bits to `struct flash_region` to keep track of the CSME
restrictions for each flash region.

BUG=b:260440773
BRANCH=none
TEST=builds

Change-Id: I0e5b3b4369dc868a8a64338935c5c5249b9a4ada
CoAuthored-by: Edward O'Callaghan <quasisec@google.com>
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Signed-off-by: Nikolai Artemiev <nartemiev@google.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/70437
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-12-15 23:57:12 +00:00
Nikolai Artemiev
66655b7423 layout: Factor out flash_region structure from romentry
The romentry structure is the container ADT with some
annotated meta-data such as 'included' or 'file' however
the substantive substructure is a 'flash_region'. Therefore
factor this out.

That is to say, the link list node 'romentry' is obscured by the implementation details of its use-case of 'flash_region' that we
clear up here.

BUG=b:260440773
BRANCH=none
TEST=flashrom_tester

Change-Id: I768742b73db901df5b5208fcbcb8a324a06014c2
CoAuthored-by: Nikolai Artemiev <nartemiev@google.com>
Signed-off-by: Nikolai Artemiev <nartemiev@google.com>
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/69196
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-12-15 23:55:03 +00:00
Thomas Heijligen
87d7b110d6 Introduce an include directory for header files
Move all header files to the new `include` directory.
Adapt include directives and build systems to the new directory.

Change-Id: Iaddd6bbfa0624b166d422f665877f096983bf4cf
Signed-off-by: Felix Singer <felix.singer@secunet.com>
Signed-off-by: Thomas Heijligen <thomas.heijligen@secunet.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/58622
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
2022-04-29 01:50:46 +00:00