diff options
| author | Mary Ruthven <mruthven@chromium.org> | 2021-10-07 11:32:43 -0500 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-11-03 23:05:33 +0000 |
| commit | 4c379058916c3e6c21f682f7f1fc17a551fa9b40 (patch) | |
| tree | b9d8c589e68a17a91ada75f312fb7e96e22f1d28 | |
| parent | 736abf79d18e0dd043eb80b34c5e20b17919627e (diff) | |
| download | chrome-ec-4c379058916c3e6c21f682f7f1fc17a551fa9b40.tar.gz | |
ap_ro_status: report the button status if verification is unsupported
Shimless RMA needs to know if the button combo triggered AP RO
verification even if AP RO verification isn't supported. This change
adds two new responses AP_RO_UNSUPPORTED_TRIGGERED(5) and
AP_RO_UNSUPPORTED_NOT_TRIGGERED(4) to tell if the button combo was
pressed on a board that doesn't support AP RO verification.
The old AP_RO_UNSUPPORTED value, 3, isn't returned by cr50 anymore.
AP_RO_PASS(1) and AP_RO_FAIL(2) are still used. They both mean the combo
was triggered.
AP_RO_NOT_RUN(0) is still used. It still means the combo wasn't
triggered.
Summary of the states
- pressed - AP_RO_PASS(1), AP_RO_FAIL(2), AP_RO_UNSUPPORTED_TRIGGERED(5)
- not pressed - AP_RO_NOT_RUN(0) and AP_RO_UNSUPPORTED_NOT_TRIGGERED(4)
- unknown - AP_RO_UNSUPPORTED_UNKNOWN(3)
The prepvt branch doesn't have AP RO verification v2, so there were
merge conflicts.
BUG=b:181000999
TEST=use gsctool to get the AP RO verification status on cr50 images
with the new and old version of the get AP RO status vendor command.
Change-Id: Ib2b33e69a4d4165fc2c13437a919b8f2a83c1bba
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3213112
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit 484f31b694f04a3b027e3129f5153044a296ee5c)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3229794
Reviewed-by: Andrey Pronin <apronin@chromium.org>
(cherry picked from commit 25f54f2c9b89994689a63b7a3a4731c3e0961419)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3260177
| -rw-r--r-- | common/ap_ro_integrity_check.c | 31 | ||||
| -rw-r--r-- | include/ap_ro_integrity_check.h | 4 |
2 files changed, 19 insertions, 16 deletions
diff --git a/common/ap_ro_integrity_check.c b/common/ap_ro_integrity_check.c index f6592d1ca9..b7b09c68bc 100644 --- a/common/ap_ro_integrity_check.c +++ b/common/ap_ro_integrity_check.c @@ -84,13 +84,14 @@ static const struct ap_ro_check *p_chk = * Track if the AP RO hash was validated this boot. Must be cleared every AP * reset. */ -static uint8_t validated_ap_ro_boot; +static enum ap_ro_status apro_result = AP_RO_NOT_RUN; void ap_ro_device_reset(void) { - if (validated_ap_ro_boot) - CPRINTS("%s: clear validated state", __func__); - validated_ap_ro_boot = 0; + if (apro_result == AP_RO_NOT_RUN) + return; + CPRINTS("%s: clear apro result", __func__); + apro_result = AP_RO_NOT_RUN; } static int ap_ro_erase_hash(void) @@ -273,8 +274,10 @@ int validate_ap_ro(void) uint8_t digest[SHA256_DIGEST_SIZE]; int rv; - if (ap_ro_check_unsupported(true)) + if (ap_ro_check_unsupported(true)) { + apro_result = AP_RO_UNSUPPORTED_TRIGGERED; return EC_ERROR_INVAL; + } enable_ap_spi_hash_shortcut(); usb_spi_sha256_start(&ctx); @@ -291,6 +294,7 @@ int validate_ap_ro(void) usb_spi_sha256_final(&ctx, digest, sizeof(digest)); if (memcmp(digest, p_chk->payload.digest, sizeof(digest))) { + apro_result = AP_RO_FAIL; CPRINTS("AP RO verification FAILED!"); CPRINTS("Calculated digest %ph", HEX_BUF(digest, sizeof(digest))); @@ -300,9 +304,9 @@ int validate_ap_ro(void) ap_ro_add_flash_event(APROF_CHECK_FAILED); rv = EC_ERROR_CRC; } else { + apro_result = AP_RO_PASS; ap_ro_add_flash_event(APROF_CHECK_SUCCEEDED); rv = EC_SUCCESS; - validated_ap_ro_boot = 1; CPRINTS("AP RO verification SUCCEEDED!"); } disable_ap_spi_hash_shortcut(); @@ -362,13 +366,14 @@ static int ap_ro_info_cmd(int argc, char **argv) } #endif rv = ap_ro_check_unsupported(false); + ccprintf("result : %d\n", apro_result); + ccprintf("supported : %s\n", rv ? "no" : "yes"); if (rv == ARCVE_FLASH_READ_FAILED) return EC_ERROR_CRC; /* No verification possible. */ /* All other AP RO verificaiton unsupported reasons are fine */ if (rv) return EC_SUCCESS; - ccprintf("boot validated: %s\n", validated_ap_ro_boot ? "yes" : "no"); ccprintf("sha256 hash %ph\n", HEX_BUF(p_chk->payload.digest, sizeof(p_chk->payload.digest))); ccprintf("Covered ranges:\n"); @@ -393,7 +398,7 @@ static enum vendor_cmd_rc vc_get_ap_ro_status(enum vendor_cmd_cc code, void *buf, size_t input_size, size_t *response_size) { - uint8_t rv = AP_RO_NOT_RUN; + uint8_t rv = apro_result; uint8_t *response = buf; CPRINTS("Check AP RO status"); @@ -402,13 +407,9 @@ static enum vendor_cmd_rc vc_get_ap_ro_status(enum vendor_cmd_cc code, if (input_size) return VENDOR_RC_BOGUS_ARGS; - if (ap_ro_check_unsupported(false)) - rv = AP_RO_UNSUPPORTED; - else if (ec_rst_override()) - rv = AP_RO_FAIL; - else if (validated_ap_ro_boot) - rv = AP_RO_PASS; - + if ((apro_result != AP_RO_UNSUPPORTED_TRIGGERED) && + (ap_ro_check_unsupported(false) != ARCVE_OK)) + rv = AP_RO_UNSUPPORTED_NOT_TRIGGERED; *response_size = 1; response[0] = rv; return VENDOR_RC_SUCCESS; diff --git a/include/ap_ro_integrity_check.h b/include/ap_ro_integrity_check.h index b07e4b71c7..12d701c44b 100644 --- a/include/ap_ro_integrity_check.h +++ b/include/ap_ro_integrity_check.h @@ -12,7 +12,9 @@ enum ap_ro_status { AP_RO_NOT_RUN = 0, AP_RO_PASS, AP_RO_FAIL, - AP_RO_UNSUPPORTED, + AP_RO_UNSUPPORTED_UNKNOWN, /* Deprecated */ + AP_RO_UNSUPPORTED_NOT_TRIGGERED, + AP_RO_UNSUPPORTED_TRIGGERED, }; /* * validate_ap_ro: based on information saved in an H1 RO flash page verify |