diff options
| author | Aseda Aboagye <aaboagye@google.com> | 2017-02-01 17:43:00 -0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-02-02 16:42:51 -0800 |
| commit | 04cf17251c05bdb02091938c23cf0319ed829979 (patch) | |
| tree | bf88d376446656d209b1670b39c78deb0a5b0f21 | |
| parent | eb5ab132163c31c4ae7c79d279af8d1763da42f9 (diff) | |
| download | chrome-ec-04cf17251c05bdb02091938c23cf0319ed829979.tar.gz | |
cr50: usb_spi: Block SPI when console locked.
The commit changes the behaviour to block accesses over the USB-SPI
bridge while the console is restricted.
BUG=chrome-os-partner:62340
BRANCH=None
TEST=Build and flash cr50 on snappy; lock console; try to flash EC bin
using CCD. Verify that it fails with flashrom not able to find a flash
chip.
TEST=Disable console lock; Try to flash EC bin; verify it succeeds.
TEST=Repeat above tests but trying to read AP flash instead.
TEST=make -j buildall
Change-Id: Ib69af1a7372d841783acee2262efbf995d031234
Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Reviewed-on: https://chromium-review.googlesource.com/435437
Commit-Ready: Aseda Aboagye <aaboagye@chromium.org>
Tested-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
| -rw-r--r-- | board/cr50/usb_spi.c | 13 | ||||
| -rw-r--r-- | chip/g/usb_spi.c | 8 | ||||
| -rw-r--r-- | chip/g/usb_spi.h | 4 |
3 files changed, 20 insertions, 5 deletions
diff --git a/board/cr50/usb_spi.c b/board/cr50/usb_spi.c index ea9c2258ed..ff4055ff98 100644 --- a/board/cr50/usb_spi.c +++ b/board/cr50/usb_spi.c @@ -70,9 +70,16 @@ static void update_finished(void) } DECLARE_DEFERRED(update_finished); -void usb_spi_board_enable(struct usb_spi_config const *config) +int usb_spi_board_enable(struct usb_spi_config const *config) { hook_call_deferred(&update_finished_data, -1); + + /* Prevent SPI access if the console is currently locked. */ + if (console_is_restricted()) { + CPRINTS("usb_spi access denied (console is restricted."); + return EC_ERROR_ACCESS_DENIED; + } + update_in_progress = 1; disable_ec_ap_spi(); @@ -83,7 +90,7 @@ void usb_spi_board_enable(struct usb_spi_config const *config) enable_ap_spi(); else { CPRINTS("DEVICE NOT SUPPORTED"); - return; + return EC_ERROR_INVAL; } /* Connect DIO A4, A8, and A14 to the SPI peripheral */ @@ -97,6 +104,8 @@ void usb_spi_board_enable(struct usb_spi_config const *config) gpio_get_level(GPIO_AP_FLASH_SELECT) ? "AP" : "EC"); spi_enable(CONFIG_SPI_FLASH_PORT, 1); + + return EC_SUCCESS; } void usb_spi_board_disable(struct usb_spi_config const *config) diff --git a/chip/g/usb_spi.c b/chip/g/usb_spi.c index e03d2935e3..caba2e1ec3 100644 --- a/chip/g/usb_spi.c +++ b/chip/g/usb_spi.c @@ -48,6 +48,8 @@ void usb_spi_deferred(struct usb_spi_config const *config) uint8_t write_count; uint8_t read_count; uint16_t res; + int rv = EC_SUCCESS; + /* * If our overall enabled state has changed we call the board specific * enable or disable routines and save our new state. @@ -57,11 +59,13 @@ void usb_spi_deferred(struct usb_spi_config const *config) if (enabled ^ config->state->enabled) { if (enabled) - usb_spi_board_enable(config); + rv = usb_spi_board_enable(config); else usb_spi_board_disable(config); - config->state->enabled = enabled; + /* Only update our state if we were successful. */ + if (rv == EC_SUCCESS) + config->state->enabled = enabled; } /* diff --git a/chip/g/usb_spi.h b/chip/g/usb_spi.h index c1dfad519c..ed51780ebc 100644 --- a/chip/g/usb_spi.h +++ b/chip/g/usb_spi.h @@ -220,8 +220,10 @@ int usb_spi_interface(struct usb_spi_config const *config, /* * These functions should be implemented by the board to provide any board * specific operations required to enable or disable access to the SPI device. + * usb_spi_board_enable should return EC_SUCCESS on success or an error + * otherwise. */ -void usb_spi_board_enable(struct usb_spi_config const *config); +int usb_spi_board_enable(struct usb_spi_config const *config); void usb_spi_board_disable(struct usb_spi_config const *config); /* |