New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 676465 link

Starred by 2 users
Status: Assigned
Owner:
briannorris@chromium.org
Cc:
twreid@chromium.org
djkurtz@chromium.org
dchan@chromium.org
venkatar...@chromium.org
adurbin@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug



Sign in to add a comment

MTD: Do not clobber block protect bits during init

Reported by dhend...@chromium.org, Dec 21 2016 
MTD clobbers block protect bits during initialization: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/chromeos-4.4/drivers/mtd/spi-nor/spi-nor.c#1350

The reason given in the comment doesn't match what we've observed on the 25-series SPI chips we use on all Chromebooks. But even if it did, it's not desireable to change these bits unexpectedly. Hardware WP is often disabled during testing since many of our platforms use ECs with internal flash which requires the device to be rebooted for the change to take effect, at which point HW WP can be re-enabled. So having MTD unexpectedly clobber the block protect bits of the AP firmware ROM causes confusion for developers and testers and can leave the machine in an unprotected state (SW WP enabled with range set to [0, 0] usually means unprotected, even with HW WP asserted).

The behavior also makes it so that the test team needs special care for platforms which use MTD. To avoid special cases, we should make platforms which use MTD behave the same as platforms which don't.

We can probably just add a devicetree variable for jedec,spi-nor devices which governs this behavior and make sure it gets set for any new MTD-using device. We could also remove the code entirely, but that might face some upstream opposition from people who find it useful (I honestly don't know who this might be, but perhaps there are NOR flash devices I'm unfamiliar with that really need this).

Comment 1 by dchan@google.com, Dec 21 2016

Cc: twreid@chromium.org

Comment 2 by briannorris@chromium.org, Dec 22 2016

Labels: OS-Chrome
The driver is pretty old. There may be some exceptional cases that worked like this a long time ago, or maybe some odd flash from a different series than we use. Anyway:

> it's not desireable to change these bits unexpectedly

I agree.

> We can probably just add a devicetree variable for jedec,spi-nor devices

There's already sort of a flag for this. See "lock":

http://lxr.free-electrons.com/source/Documentation/devicetree/bindings/mtd/partition.txt#L35

That's currently only supported for partitions, and not on every driver.

I can look at cleaning that up.

Comment 3 by briannorris@chromium.org, Dec 22 2016 

Oh BTW, I think one reason other people might want the current behavior: if they want to be able to mount a R/W filesystem from NOR flash immediately (without some initramfs code to unlock the device before mounting). So supporting the above optional flag seems reasonable.

Comment 4 by dhend...@chromium.org, Dec 22 2016 

Re #2: Yep, "lock" seems to be what we want if it can be supported in spi-nor easily.

Re #3: That makes perfect sense. The comment is still rather misleading IMO given our use case, but the explanation you provided sounds good. Not sure if it's worth putting effort into re-wording it upstream.

Thanks for checking into this!

Comment 5 by jwer...@chromium.org, Jan 12 2017 

I still don't really get it... what does "tend to power up with the bits set" mean? Aren't these bits supposed to be sticky? Isn't the whole block protection mechanism based on the status register being persistent? In that case I also don't see how wanting it writeable immediately would matter... wouldn't you just turn off the protection in that case and it should stay off across reboots?

According to my usual motto "if you can't figure out why it is written that way, assume that whoever wrote it had no clue what they were doing", I'd suggest trying to take it out completely first. If anyone upstream complains they can tell you which parts exactly behave in this way, if any. I think chances are that nobody will care because this probably didn't make any sense in the first place.

Comment 6 by dhend...@chromium.org, Jan 12 2017 

Re #5: I think that's just leftover from some very old chips where the scheme was to have software WP block erase/write operations even if hardware /WP is not asserted. AFAIK this is just a naive protection for noisy environments and multi-slave SPI channels. An example is the AMIC A25L020: http://www.amictechnology.com/datasheets/A25L020.pdf (table 7).

Flashrom also attempts to clear those bits, but it restores them when it's done. Perhaps the same method can be applied to the kernel where block protect is changed only when an erase/write operation is requested instead of lazily clobbering them at startup. That would at least be more consistent with the intention of the scheme on old chips since the chip won't be left totally unprotected when content is not being changed, although there would be performance penalty due to the extra transactions that might be significant if the NOR flash is used as a filesystem or some such.

Comment 7 by briannorris@chromium.org, Feb 14 2018

Labels: -Pri-1 Pri-3
This was obviously not time critical...

Sign in to add a comment