patina_boot: add partition module (lock_partition_write, write_partition_raw, bp_write)

[kat-perez]

Summary

Adds a patina_boot::partition module with three helpers for platforms building System Recovery Environment (SRE) flows that own boot-partition lifecycle:

• lock_partition_write(device_path) — NVMe Set Features FID 11h (Boot Partition Write Protection Configuration) to place BP0 + BP1 in Write Protect Until Power Cycle.
• write_partition_raw(device_path, data) — BlockIo WriteBlocks + FlushBlocks at LBA 0 of any BlockIo-exposed partition.
• bp_write(device_path, bank_id, data) — chunked NVMe Firmware Image Download + Firmware Commit (action 110b DownloadBP, BPID at CDW10 bit 31) targeting BP0 or BP1.

This recovers the work from closed PRs #1488 and #1489 (closed 2026-05-12 when the SRE orchestrator moved out of patina_boot) plus adds the BP-write side that those PRs didn't cover.

All 85 existing unit tests pass.

Hardware verification

End-to-end Pass-Thru command bytes exercised on a Surface Maa bench (Kioxia KBG8HZNS512G, NVMe 2.0, CAP.BPS=1, BPSZ = 8192 × 128 KiB = 1 GiB) via a one-off shell-app harness:

Layer	Verified
EFI_NVM_EXPRESS_PASS_THRU_PROTOCOL reachable via BootServices.locate_device_path	✅
Identify Controller (CNS=01h) returns expected MDTS / FWUG	✅ (MDTS=7 → 512 KiB cap, FWUG=4 → 16 KiB granularity)
Firmware Image Download accepts FWUG-aligned chunks with NUMD/OFST dword encoding	✅
Firmware Commit BPID encoding — bit 31 of CDW10, NOT bits 31:30	✅ (this PR's bp_write is correct; the harness's first version had this wrong and tripped "Boot Partition Write Prohibited" against the active BP0)

Known controller quirk (documented inline in bp_write)

The Kioxia KBG8 firmware rejects cumulative Firmware Image Download past 16 MiB with command-specific status 14h "Overlapping Range" — even though NVMe 1.4 spec requires acceptance of up to BPSIZE worth of bytes before Commit. This helper trusts the spec; consumers needing full-BP writes on Kioxia BG8 will hit this and may need vendor workarounds (intermediate Commits or alternate sequence). Other NVMe controllers should work as-is.

Caveats for reviewers

• lock_partition_write's CDW11 layout (BP0WPS bits 2:0, BP1WPS bits 5:3) is inherited unchanged from the closed PR #1488. I have not yet validated it against the actual NVMe 1.4 §5.21.1.13 Figure 312 layout on hardware. Worth a careful spec read before depending on it.
• BPSIZE is not read by this helper — caller passes a correctly-sized data slice. A separate read of the BPINFO MMIO register is needed to learn BPSIZE; that requires PCI BAR access and is out of scope here.
• FW_COMMIT_ACTION_ACTIVATE_BP (commit action 111b) is defined but unused; reserved for a future bp_activate() helper.

Refs

• Closed predecessor PRs: [feature/patina-boot] patina_boot: Add NVMe boot-partition write-lock helper patina#1488, #1489
• Tracking issues: Add partition write-lock helper to patina-boot odp-platform-common#61, #71
• Related: Integrate patina_sre::SreBootManager into surface_patina_intel odp-platform-common#83, #91, #97

[codecov-commenter]

Codecov Report

❌ Patch coverage is 67.68868% with 137 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
patina_boot/src/partition.rs	67.69%	137 Missing ⚠️

📢 Thoughts on this report? Let us know!