OFW XO-1.75 - lockdown SPI FLASH writes

[wmb@…]

Need to figure out how to protect the boot SPI FLASH from userland writes and thus implement protect-fw .

[wmb@…]

I think it's not possible to use the MMP2 security features to prevent writes to the SPI boot flash. While one can set the SSP1 module to secure mode, thus preventing access to it from the P4J core, I don't see any way to prevent the OS from using the MFPR registers to map GPIOs to those pins, thus enabling writes via a bit-banging driver.

I think we need to reinstate a hardware lockout flip-flop.

[wmb@…]

We also need to lock out EC FLASH writes via the EDI interface. In this case we might be able to just block the EDI chip select line or something, as, unlike the SPI boot FLASH, there is little need to read the EC code after it is write-locked.

[wmb@…]

I checked the 3731 datasheet looking for ways to disable EDI reprogramming from software. No luck. There is a "disable EDI" command, but it is not permanent - having disabled the interface, you can easily re-enable it by repeating the EDI start sequence (empirically determined).

[Quozl]

(hardware change was completed in b1, firmware support for it is in other tickets)