1  /* SPDX-License-Identifier: GPL-2.0-only */
 2  
 3  #ifndef _BOOT_DEVICE_H_
 4  #define _BOOT_DEVICE_H_
 5  
 6  #include <commonlib/region.h>
 7  
 8  /*
 9   * Boot device region can be protected by 2 sources, media and controller.
10   * The following modes are identified. It depends on the flash chip and the
11   * controller if mode is actually supported.
12   *
13   * MEDIA_WP : Flash/Boot device enforces write protect
14   * CTRLR_WP : Controller device enforces write protect
15   * CTRLR_RP : Controller device enforces read protect
16   * CTRLR_RWP : Controller device enforces read-write protect
17   */
18  enum bootdev_prot_type {
19  	CTRLR_WP = 1,
20  	CTRLR_RP = 2,
21  	CTRLR_RWP = 3,
22  	MEDIA_WP = 4,
23  };
24  /*
25   * Please note that the read-only boot device may not be coherent with
26   * the read-write boot device. Thus, mixing mmap() and writeat() is
27   * most likely not to work so don't rely on such semantics.
28   */
29  
30  /* Return the region_device for the read-only boot device. This is the root
31     device for all CBFS boot devices. */
32  const struct region_device *boot_device_ro(void);
33  
34  /* Return the region_device for the read-write boot device. */
35  const struct region_device *boot_device_rw(void);
36  
37  /*
38   * Create a sub-region of the read-only boot device.
39   * Returns 0 on success, < 0 on error.
40   */
41  int boot_device_ro_subregion(const struct region *sub,
42  				struct region_device *subrd);
43  
44  /*
45   * Create a sub-region of the read-write boot device.
46   * Returns 0 on success, < 0 on error.
47   */
48  int boot_device_rw_subregion(const struct region *sub,
49  				struct region_device *subrd);
50  
51  /*
52   * Write protect a sub-region of the boot device represented
53   * by the region device.
54   * Returns 0 on success, < 0 on error.
55   */
56  int boot_device_wp_region(const struct region_device *rd,
57  				const enum bootdev_prot_type type);
58  
59  /*
60   * Initialize the boot device. This may be called multiple times within
61   * a stage so boot device implementations should account for this behavior.
62   **/
63  void boot_device_init(void);
64  
65  /*
66   * Restrict read/write access to the boot-media using platform defined rules.
67   */
68  #if CONFIG(BOOTMEDIA_LOCK_NONE) || (CONFIG(BOOTMEDIA_LOCK_IN_VERSTAGE) && ENV_RAMSTAGE)
69  static inline void boot_device_security_lockdown(void) {}
70  #else
71  void boot_device_security_lockdown(void);
72  #endif
73  #endif /* _BOOT_DEVICE_H_ */