Clone this repo:
  1. 6ed9655 OWNERS: Add roccochen and jjsu by roccochen@chromium.com · 3 months ago factory-rex-15708.B firmware-rex-15709.B main release-R122-15753.B release-R123-15786.B stabilize-15714.B stabilize-15756.B stabilize-15793.B
  2. abc266b imports: Keep up with flashrom by roccochen@chromium.com · 3 months ago
  3. be7a40d main.c: print machine-ready version of SR value/mask pairs by Jett Rink · 10 months ago factory-brya-15684.B factory-corsola-15196.B factory-nissa-15199.B factory-skyrim-15384.B firmware-cr50-mp-15611.B firmware-cr50-prepvt-15608.B release-R115-15474.B release-R116-15509.B release-R117-15572.B release-R118-15604.B release-R119-15633.B release-R120-15662.B release-R121-15699.B stabilize-15474.38.B stabilize-15474.53.B stabilize-15474.70.B stabilize-15483.B stabilize-15485.B stabilize-15509.37.B stabilize-15509.63.B stabilize-15509.72.B stabilize-15511.B stabilize-15519.B stabilize-15531.B stabilize-15532.B stabilize-15561.B stabilize-15562.B stabilize-15563.B stabilize-15564.B stabilize-15572.16.B stabilize-15572.39.B stabilize-15572.4.B stabilize-15572.50.B stabilize-15572.57.B stabilize-15572.63.B stabilize-15588.B stabilize-15604.16.B stabilize-15604.45.B stabilize-15604.56.B stabilize-15604.57.B stabilize-15610.B stabilize-15633.44.B stabilize-15633.58.B stabilize-15633.69.B stabilize-15642.B stabilize-15654.B stabilize-15662.64.B stabilize-15662.76.B stabilize-15662.78.B stabilize-15662.80.B stabilize-15662.88.B stabilize-15677.B stabilize-15699.58.B stabilize-15699.66.B stabilize-quickfix-15662.77.B
  4. d68a197 README: Explain vendor chip name -> flashrom name mapping process by Nikolai Artemiev · 10 months ago
  5. 308a3bb README.md: Add initial inline documentation by Edward O'Callaghan · 10 months ago

ap_wpsr tool

The ap_wpsr tool was built to address specific requirements of AP RO verification that intends to measure SR contents for invariance after signature validation.

The tool leverages the flashrom SPI flash chips database to produce theoretical mask,value pairs for a given WP configuration (i.e. protection range start and length) and flash chip part name.

limitations

There are however some limitations. While the tool is pure logic (no side-effects) and intended to calculate values with reasonable fidelity there could however be inaccuracies.

These inaccuracies can be the result of any combination of the following factors:

  • Incorrect writeprotoct SR topology data within the database.
  • Duplicate chips or otherwise ambiguous chip identifiers (id or string name).
  • OTP fused values within the SPI flash chip itself.

A precise flash chip name is required to be cited physically on what chip is being worked with (and not via probing or other inferences). This precise name needs to be mapped to the corresponding name within the database to produce the tool output products. The output products must be cross-validated with the datasheet to ensure the products are consistent with expectations and any errors in the database are corrected with a patch back to the canonical flashrom flashchips database upstream.

usage

An example usage could be ./ap_wpsr -n "W25Q128.V" -s 0x40000 -l 0xFC0000.

finding chip names

The ap_wpsr tool needs to be given the name of the flashrom chip entry to use for calculating mask,value pairs. This name may not match the vendor name, for example the chip “W25Q128FVSIG” corresponds to a flashrom entry called “W25Q128.V”.

These steps should be followed to find the flashrom chip name for your chip:

  • Check the chip's datasheet to find the vendor and device ID values.
  • Inspect flashchips.h to find matching ID define macros.
  • Inspect flashchips.c to find the chip entry that uses those ID macros
  • If there are multiple flashrom chip entries with the same IDs, check all of them against the datasheet to find the correct one.
  • Finally, check that the chip entry has a reg_bits field and that it matches the datasheet exactly. Verify that all WP-related bits in the datasheet are included in reg_bits and vice versa.
  • If there are no matching chip entries, create one for the chip and send a patch to upstream flashrom for review.
  • Pass the matching entry's name to the tool via the -n option.

src structure

There are two key parts to the tool imports/ and shim/. The shim/ directory just contains enough symbols to allow linking of the imports/ source taken from upstream flashrom. The imports/ contains two key ingredients - the chip database and the writeprotection calculation code. These should be kept up to date by importing fresh copies from flashrom.