diff options
author | Vadim Bendebury <vbendeb@chromium.org> | 2017-02-20 12:15:52 -0800 |
---|---|---|
committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2018-03-13 23:50:04 +0000 |
commit | 6f65dda5ac5ba02a5e6f732a8a688223864736c1 (patch) | |
tree | af8e1b651793d7a289765b71679858d6b80094eb | |
parent | 92750be00e4e40593582ecaf9313b8ada6280559 (diff) | |
download | chrome-ec-6f65dda5ac5ba02a5e6f732a8a688223864736c1.tar.gz |
g: rate limit firmware updates
This patch introduces a delay between accepted cr50 firmware upload
attempts. The next attempt to write into the same or lower address in
flash would be accepted no sooner than in 60 seconds after the
previous attempt.
This would prevent a rogue user from wearing the flash by repeated
uploads to the same address.
This limitation is not imposed by dev images (those compiled with
CR50_DEV=1).
BRANCH=none
BUG=chrome-os-partner:63098
TEST=verified that attempts to update soon after the previous update
result in the following error message issued by usb_updater:
sending 0x2d8b8 bytes to 0x4000
Error: status 0x9
Modified usb_updater to send one random pdu twice. Observed the
same error message.
Original Change-Id: Idca55ad091d09daaddd0a4cad5b1f871af1ede93
Original Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original Reviewed-on: https://chromium-review.googlesource.com/445496
Original Reviewed-by: Randall Spangler <rspangler@chromium.org>
Conflicts:
chip/g/upgrade_fw.c
chip/g/upgrade_fw.h
Change-Id: Ic631ec21e082858980f6adf51c16bc479ed2f9b8
Reviewed-on: https://chromium-review.googlesource.com/958702
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
-rw-r--r-- | chip/g/upgrade_fw.h | 5 | ||||
-rw-r--r-- | extra/usb_updater/usb_updater.c | 1 |
2 files changed, 5 insertions, 1 deletions
diff --git a/chip/g/upgrade_fw.h b/chip/g/upgrade_fw.h index 3ad2620426..3833d26036 100644 --- a/chip/g/upgrade_fw.h +++ b/chip/g/upgrade_fw.h @@ -134,4 +134,9 @@ enum return_value { UPGRADE_MALLOC_ERROR = 7, }; +/* + * This is the size of the update frame payload, unless this is the last chunk + * of the image. + */ +#define SIGNED_TRANSFER_SIZE 1024 #endif /* ! __EC_CHIP_G_UPGRADE_FW_H */ diff --git a/extra/usb_updater/usb_updater.c b/extra/usb_updater/usb_updater.c index e41c3027b1..50d7cfaf3c 100644 --- a/extra/usb_updater/usb_updater.c +++ b/extra/usb_updater/usb_updater.c @@ -179,7 +179,6 @@ struct upgrade_pkt { char data[0]; } __packed; -#define SIGNED_TRANSFER_SIZE 1024 #define MAX_BUF_SIZE (SIGNED_TRANSFER_SIZE + sizeof(struct upgrade_pkt)) struct usb_endpoint { |