diff options
| author | Subrata Banik <subratabanik@google.com> | 2023-06-03 16:42:46 +0530 |
|---|---|---|
| committer | Subrata Banik <subratabanik@google.com> | 2023-06-06 01:37:22 +0000 |
| commit | 5b0929f9d7e6ec4339471be365416a1991baae33 (patch) | |
| tree | a71afcdb5cd2757bcfc9eb02fb39007990cdfcc4 | |
| parent | 0c7292f993ebcb145c1187db1f257e88cf8fa60a (diff) | |
| download | coreboot-5b0929f9d7e6ec4339471be365416a1991baae33.tar.gz coreboot-5b0929f9d7e6ec4339471be365416a1991baae33.tar.bz2 coreboot-5b0929f9d7e6ec4339471be365416a1991baae33.zip | |
vboot: Drop argument to select slot from `vb2ex_ec_protect()`
vboot code changes have eliminated the redundant call to WP the EC-RO
region as protecting RW flash implies protecting both RO and RW flash,
so the call to protect RO is redundant. google/rex currently takes
about 17 ms to lock down the EC.
Along with vboot changes, this patch drops argument to choose between
RO and RW slot to protect while calling into `vb2ex_ec_protect()`.
It ensures vb2ex_ec_protect() is explicitly meant for protecting RW
regions.
w/o this patch:
517:waiting for EC to allow higher power draw 846,196 (17,297)
w/ this patch:
517:waiting for EC to allow higher power draw 838,258 (9,719)
Additionally, update vboot submodule to upstream main to avoid the
compilation error.
Updating from commit id 35f50c3154e5:
Fix build error when compiling without -DNDEBUG
to commit id 034907b279c9db:
vboot_reference: eliminate redundant call to write protect EC-RO
Change-Id: I2974f0cb43ba800c2aaeac4876ebaa052b5ee793
Signed-off-by: Subrata Banik <subratabanik@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/75521
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Himanshu Sahdev <himanshu.sahdev@intel.com>
Reviewed-by: Harsha B R <harsha.b.r@intel.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
| m--------- | 3rdparty/vboot | 0 | ||||
| -rw-r--r-- | src/security/vboot/ec_sync.c | 11 |
2 files changed, 4 insertions, 7 deletions
diff --git a/3rdparty/vboot b/3rdparty/vboot -Subproject 35f50c3154e58821cc027bf13be2b949bc4c90f +Subproject 034907b279c9db1faa7dd5633fa114043643376 diff --git a/src/security/vboot/ec_sync.c b/src/security/vboot/ec_sync.c index 47a6dbd350e4..ac65dbd189f4 100644 --- a/src/security/vboot/ec_sync.c +++ b/src/security/vboot/ec_sync.c @@ -186,15 +186,12 @@ static vb2_error_t ec_hash_image(enum vb2_firmware_selection select, /* * Asks the EC to protect or unprotect the specified flash region. */ -static vb2_error_t ec_protect_flash(enum vb2_firmware_selection select, int enable) +static vb2_error_t ec_protect_flash(int enable) { struct ec_response_flash_protect resp; uint32_t protected_region = EC_FLASH_PROTECT_ALL_NOW; const uint32_t mask = EC_FLASH_PROTECT_ALL_NOW | EC_FLASH_PROTECT_ALL_AT_BOOT; - if (select == VB_SELECT_FIRMWARE_READONLY) - protected_region = EC_FLASH_PROTECT_RO_NOW; - if (google_chromeec_flash_protect(mask, enable ? mask : 0, &resp) != 0) return VB2_ERROR_UNKNOWN; @@ -331,7 +328,7 @@ static vb2_error_t ec_update_image(enum vb2_firmware_selection select) size_t image_size; /* Un-protect the flash region */ - rv = ec_protect_flash(select, 0); + rv = ec_protect_flash(0); if (rv != VB2_SUCCESS) return rv; @@ -490,9 +487,9 @@ vb2_error_t vb2ex_ec_hash_image(enum vb2_firmware_selection select, /* * Vboot callback for EC flash protection. */ -vb2_error_t vb2ex_ec_protect(enum vb2_firmware_selection select) +vb2_error_t vb2ex_ec_protect(void) { - return ec_protect_flash(select, 1); + return ec_protect_flash(1); } /* |