[U-Boot-Users] flash hardware protection with CFI driver does not autoprotect monitor completely

[Wolfgang Denk <wd@denx.de>]

In message <200711181959.55060.matthias.fuchs@esd-electronics.com> you wrote:
> 
> I noticed that the monitor flash autoprotection from drivers/cfi_flash.c is not completely safe.
> It does not protect all bootloader sectors in some situations:
...
> Question: what's the best way to fix this? We could modify the call to flash_protect()

The bst way is to make sure that all sectors that need to be protected
do get protected.

> like this:
> 
> 	flash_protect (FLAG_PROTECT_SET,
> 		       CFG_MONITOR_BASE,
> 		       CFG_MONITOR_BASE + CFG_MONITOR_LEN  - 1,
> 		       flash_get_info(CFG_MONITOR_BASE));
> 
> But I am not sure if this is fine for all architectures. Any ideas?

The problem is that you don't have any guarantee that CFG_MONITOR_LEN
includes the reset vector; also, there might be configurations  where
the U-Boot image is not stored at the end of the flash, so there is a
bigger  gap  between  the image and the sector with the reset vector,
and it would be not good to enforce  protection  on  that  area  that
might be useful to the user otherwise.

I think as a short term fix we might define an additional  area  that
needs  to  be  protected  (the reset vector). Mid/long term we should
change the code so you  can  pass  a  list  of  areas  (start/end  or
start/length  pairs) that will be protected. This would, for example,
also allow to keep certain other  areas  (FDT,  kernel  image,  etc.)
auto-protected as well - configurable by the user ona per-board base.

Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
In an organization, each person rises to the level of his own  incom-
petency                                         - The Peter Principle