The FCB block is protected with a ECC code which can correct 1bit errors
and detect 2bit errors. This works fine for all fields except the
fingerprint marker (Containing "FCB") which is used by the ROM to detect
if a FCB is present on that block or not. Here the ROM chooses to check
for the fingerprint *before* running the ECC correction. Thus a FCB is
not used by the ROM anymore when it has a bitflip in the fingerprint
marker. For us this means we have to rewrite the FCB in this case, so
reject the faulty FCB in read_fcb_hamming_13_8() which triggers a
rewrite during the check operation.
Signed-off-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
---
common/imx-bbu-nand-fcb.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/common/imx-bbu-nand-fcb.c b/common/imx-bbu-nand-fcb.c
index 15ddf5d7b0..aaa796bc81 100644
--- a/common/imx-bbu-nand-fcb.c
+++ b/common/imx-bbu-nand-fcb.c
@@ -318,6 +318,16 @@ struct fcb_block *read_fcb_hamming_13_8(void *rawpage)
fcb = rawpage + 12;
ecc = rawpage + 512 + 12;
+ /*
+ * The ROM does the check for the correct fingerprint before correcting
+ * bitflips. This means we cannot allow bitflips in the fingerprint and
+ * bail out with an error if it's not correct.
+ * This is currently done in the i.MX6qdl path. It needs to be checked if
+ * the same happens in the BCH encoded variants (i.MX6ul(l)) aswell.
+ */
+ if (((struct fcb_block *)fcb)->FingerPrint != 0x20424346)
+ return ERR_PTR(-EINVAL);
+
for (i = 0; i < 512; i++) {
parity = ecc[i];
np = calculate_parity_13_8(fcb[i]);
--
2.19.0
_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox
