For Qualcomm's platform with eMMC boot, it relies on eMMC-4.4 spec's POWER-ON-WRITE-PROTECT feature to protect modem side data. This feature (power-on-write-protect) is enabled and config'd at the end of OSBL, and when config'd, there is no way to switch those protected partition to become writable partition unless the eMMC device is reset.
Thus this feature can protect writing to protected modem partitions.
Pls note this feature (power-on-write-protect) appeared in eMMC spec since eMMC4.3+. Thus for eMMC device which is not compliant to eMMC4.3+ or higher, modem side data cannot not be protected. The power-on-write-protect commands sent to the sub eMMC4.3+ device are ignored and not respond.
Also in eMMC4.4 and beyond, there is one more pin defined (device reset) compared to eMMC4.3 or eMMC4.2 or spec with lower revisions. To prevent malicious SW or external HW to solely reset the eMMC device and make all partitions in eMMC devices into read/write state, it is required to bound the eMMC reset pin to system reset pin. In this way there is no way to solely reset the eMMC device from application processor side.
In summary, there are two requirements to utilize eMMC-4.4 power-on-write-protect feature to protect modem side data:
1. eMMC device must compliant to eMMC4.4 or higher. (Strictly speaking, it should be eMMC4.3+ or higher, but eMMC4.3+ is a transient spec and most vendors do not have production samples that only compliant to eMMC4.3+).
2. eMMC device's reset pin must be tied to system reset pin.
does linux kernel implement such API?
ReplyDeleteyes, sure
ReplyDelete