diff options
author | Bruce Allan <bruce.w.allan@intel.com> | 2008-10-01 20:18:35 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-10-01 20:31:25 -0400 |
commit | 4a7703582836f55a1cbad0e2c1c6ebbee3f9b3a7 (patch) | |
tree | 8ebe25b1ef16c8fd4ced6d356232ddca94ef97a2 /drivers/net/e1000e/param.c | |
parent | 20b918dc77b383e9779dafceee3f2198a6f7b0e5 (diff) |
e1000e: write protect ICHx NVM to prevent malicious write/erase
Set the hardware to ignore all write/erase cycles to the GbE region in
the ICHx NVM. This feature can be disabled by the WriteProtectNVM module
parameter (enabled by default) only after a hardware reset, but
the machine must be power cycled before trying to enable writes.
Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
CC: arjan@linux.intel.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'drivers/net/e1000e/param.c')
-rw-r--r-- | drivers/net/e1000e/param.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/drivers/net/e1000e/param.c b/drivers/net/e1000e/param.c index ed912e023a72..d91dbf7ba434 100644 --- a/drivers/net/e1000e/param.c +++ b/drivers/net/e1000e/param.c | |||
@@ -133,6 +133,15 @@ E1000_PARAM(SmartPowerDownEnable, "Enable PHY smart power down"); | |||
133 | */ | 133 | */ |
134 | E1000_PARAM(KumeranLockLoss, "Enable Kumeran lock loss workaround"); | 134 | E1000_PARAM(KumeranLockLoss, "Enable Kumeran lock loss workaround"); |
135 | 135 | ||
136 | /* | ||
137 | * Write Protect NVM | ||
138 | * | ||
139 | * Valid Range: 0, 1 | ||
140 | * | ||
141 | * Default Value: 1 (enabled) | ||
142 | */ | ||
143 | E1000_PARAM(WriteProtectNVM, "Write-protect NVM [WARNING: disabling this can lead to corrupted NVM]"); | ||
144 | |||
136 | struct e1000_option { | 145 | struct e1000_option { |
137 | enum { enable_option, range_option, list_option } type; | 146 | enum { enable_option, range_option, list_option } type; |
138 | const char *name; | 147 | const char *name; |
@@ -388,4 +397,25 @@ void __devinit e1000e_check_options(struct e1000_adapter *adapter) | |||
388 | opt.def); | 397 | opt.def); |
389 | } | 398 | } |
390 | } | 399 | } |
400 | { /* Write-protect NVM */ | ||
401 | const struct e1000_option opt = { | ||
402 | .type = enable_option, | ||
403 | .name = "Write-protect NVM", | ||
404 | .err = "defaulting to Enabled", | ||
405 | .def = OPTION_ENABLED | ||
406 | }; | ||
407 | |||
408 | if (adapter->flags & FLAG_IS_ICH) { | ||
409 | if (num_WriteProtectNVM > bd) { | ||
410 | unsigned int write_protect_nvm = WriteProtectNVM[bd]; | ||
411 | e1000_validate_option(&write_protect_nvm, &opt, | ||
412 | adapter); | ||
413 | if (write_protect_nvm) | ||
414 | adapter->flags |= FLAG_READ_ONLY_NVM; | ||
415 | } else { | ||
416 | if (opt.def) | ||
417 | adapter->flags |= FLAG_READ_ONLY_NVM; | ||
418 | } | ||
419 | } | ||
420 | } | ||
391 | } | 421 | } |