xref: /aosp_15_r20/external/coreboot/src/include/boot_device.h (revision b9411a12aaaa7e1e6a6fb7c5e057f44ee179a49c) 
1 /* SPDX-License-Identifier: GPL-2.0-only */
2 
3 #ifndef _BOOT_DEVICE_H_
4 #define _BOOT_DEVICE_H_
5 
6 #include <commonlib/region.h>
7 
8 /*
9  * Boot device region can be protected by 2 sources, media and controller.
10  * The following modes are identified. It depends on the flash chip and the
11  * controller if mode is actually supported.
12  *
13  * MEDIA_WP : Flash/Boot device enforces write protect
14  * CTRLR_WP : Controller device enforces write protect
15  * CTRLR_RP : Controller device enforces read protect
16  * CTRLR_RWP : Controller device enforces read-write protect
17  */
18 enum bootdev_prot_type {
19 	CTRLR_WP = 1,
20 	CTRLR_RP = 2,
21 	CTRLR_RWP = 3,
22 	MEDIA_WP = 4,
23 };
24 /*
25  * Please note that the read-only boot device may not be coherent with
26  * the read-write boot device. Thus, mixing mmap() and writeat() is
27  * most likely not to work so don't rely on such semantics.
28  */
29 
30 /* Return the region_device for the read-only boot device. This is the root
31    device for all CBFS boot devices. */
32 const struct region_device *boot_device_ro(void);
33 
34 /* Return the region_device for the read-write boot device. */
35 const struct region_device *boot_device_rw(void);
36 
37 /*
38  * Create a sub-region of the read-only boot device.
39  * Returns 0 on success, < 0 on error.
40  */
41 int boot_device_ro_subregion(const struct region *sub,
42 				struct region_device *subrd);
43 
44 /*
45  * Create a sub-region of the read-write boot device.
46  * Returns 0 on success, < 0 on error.
47  */
48 int boot_device_rw_subregion(const struct region *sub,
49 				struct region_device *subrd);
50 
51 /*
52  * Write protect a sub-region of the boot device represented
53  * by the region device.
54  * Returns 0 on success, < 0 on error.
55  */
56 int boot_device_wp_region(const struct region_device *rd,
57 				const enum bootdev_prot_type type);
58 
59 /*
60  * Initialize the boot device. This may be called multiple times within
61  * a stage so boot device implementations should account for this behavior.
62  **/
63 void boot_device_init(void);
64 
65 /*
66  * Restrict read/write access to the boot-media using platform defined rules.
67  */
68 #if CONFIG(BOOTMEDIA_LOCK_NONE) || (CONFIG(BOOTMEDIA_LOCK_IN_VERSTAGE) && ENV_RAMSTAGE)
boot_device_security_lockdown(void)69 static inline void boot_device_security_lockdown(void) {}
70 #else
71 void boot_device_security_lockdown(void);
72 #endif
73 #endif /* _BOOT_DEVICE_H_ */
74