diff options
| author | Vadim Bendebury <vbendeb@chromium.org> | 2017-06-13 16:07:36 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-06-15 20:13:51 -0700 |
| commit | c54375df264afc9b8bf8d53f4c04b8f78e06f317 (patch) | |
| tree | 1a190efd4e03b2ed5d45e04b377c92d2b313fb2e | |
| parent | 4af07d9b00e8bf9724d60dfd30d6aa3724565a6f (diff) | |
| download | chrome-ec-c54375df264afc9b8bf8d53f4c04b8f78e06f317.tar.gz | |
cr50: check for board ID match at startup
When starting up the Cr50 should check if this image is supposed to
run on a chip with the board ID value read from INFO1.
If it is not supposed to run on this chip, and there is no rollback
counter overflow, set the rollback counter to a value which will
trigger a rollback and reboot.
If rollback counter has already exceeded the threshold - set a flag
indicating that the image is running in the "mismatch" mode and
continue.
BRANCH=cr50
BUG=b:35586335
TEST=with the rest of the patches applied verified both falling back
to an older image and continuing running with the flag set if
rollback is not possible.
Change-Id: I58d97de61dc446aaf1dd06b6e2b6bb426c14a172
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/535977
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
| -rw-r--r-- | board/cr50/board.c | 38 | ||||
| -rw-r--r-- | board/cr50/board.h | 1 |
2 files changed, 35 insertions, 4 deletions
diff --git a/board/cr50/board.c b/board/cr50/board.c index 67b35a85ad..c36e4e9c9d 100644 --- a/board/cr50/board.c +++ b/board/cr50/board.c @@ -2,15 +2,14 @@ * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ - -#include <endian.h> - +#include "board_id.h" #include "clock.h" #include "common.h" #include "console.h" #include "dcrypto/dcrypto.h" #include "device_state.h" #include "ec_version.h" +#include "endian.h" #include "extension.h" #include "flash.h" #include "flash_config.h" @@ -35,8 +34,8 @@ #include "uartn.h" #include "usb_descriptor.h" #include "usb_hid.h" -#include "usb_spi.h" #include "usb_i2c.h" +#include "usb_spi.h" #include "util.h" #include "wp.h" @@ -586,6 +585,35 @@ void decrement_retry_counter(void) } } +static uint8_t mismatched_board_id; + +int board_id_is_mismatched(void) +{ + return !!mismatched_board_id; +} + +static void check_board_id_mismatch(void) +{ + if (!board_id_mismatch()) + return; + + if (system_rollback_detected()) { + /* + * We are in a rollback, the other image must be no good. + * Let's keep going with the TPM disabled, only updates will + * be allowed. + */ + mismatched_board_id = 1; + ccprintf("Board ID mismatched, but can not reboot.\n"); + return; + } + + system_ensure_rollback(); + ccprintf("Rebooting due to board ID mismatch\n"); + cflush(); + system_reset(0); +} + /* Initialize board. */ static void board_init(void) { @@ -611,6 +639,8 @@ static void board_init(void) /* Indication that firmware is running, for debug purposes. */ GREG32(PMU, PWRDN_SCRATCH16) = 0xCAFECAFE; + check_board_id_mismatch(); + /* Enable battery cutoff software support on detachable devices. */ if (system_battery_cutoff_support_required()) set_up_battery_cutoff_monitor(); diff --git a/board/cr50/board.h b/board/cr50/board.h index 0e1f5e4b2f..14257012ad 100644 --- a/board/cr50/board.h +++ b/board/cr50/board.h @@ -195,6 +195,7 @@ int board_use_plt_rst(void); int board_rst_pullup_needed(void); int board_tpm_uses_i2c(void); int board_tpm_uses_spi(void); +int board_id_is_mismatched(void); #endif /* !__ASSEMBLER__ */ |