diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2020-06-15 15:31:09 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-08-11 23:38:44 +0000 |
| commit | 56e2e3957bd7dbc2ebf0b7c801a873059d7fb85c (patch) | |
| tree | aab1bafe60d3ddf87f5c5b5a3cda06427e73504b | |
| parent | 93d2e42cb636219f978ed82a3542cb19fb12d8fb (diff) | |
| download | chrome-ec-56e2e3957bd7dbc2ebf0b7c801a873059d7fb85c.tar.gz | |
console: add service functions to enable/disable console output
FIPS 140-2 certification requires that security related output from
module should be disabled until completion of known-answer tests.
However, it's tricky to justify what output is security related, as
most of output data can be used to track current execution stage which
may be helpful for attacker. So, its safer to disable any output for
a short time once internal testing is done.
Provide console_disable_output() and console_enable_output()
functions which are supposed to be used by board initialization code
driving FIPS mode initialization.
BUG=b:138577539
TEST=manual; make buildall -j
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I42902acef7a5e99142ce2b6517ae511f63206e93
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2247103
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
(cherry picked from commit 770e5cecfdc2ddd761b5b1cdb78e29c936e6cb92)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2311232
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit 710f3b490e85c0b1dcf3cfc1f09429259f2fdbd9)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350280
| -rw-r--r-- | common/console_output.c | 11 | ||||
| -rw-r--r-- | include/console.h | 10 |
2 files changed, 21 insertions, 0 deletions
diff --git a/common/console_output.c b/common/console_output.c index e83f239b32..ba5779ff09 100644 --- a/common/console_output.c +++ b/common/console_output.c @@ -17,6 +17,17 @@ static uint32_t channel_mask = CC_DEFAULT; static uint32_t channel_mask_saved = CC_DEFAULT; +void console_disable_output(void) +{ + channel_mask_saved = channel_mask; + channel_mask = 0; +} + +void console_enable_output(void) +{ + channel_mask = channel_mask_saved; +} + /* * List of channel names; * diff --git a/include/console.h b/include/console.h index 5f6ec046f7..3bc585b652 100644 --- a/include/console.h +++ b/include/console.h @@ -151,6 +151,16 @@ void cflush(void); void console_has_input(void); /** + * Disable console output by disabling all channels + */ +void console_disable_output(void); + +/** + * Enable console output to default channels + */ +void console_enable_output(void); + +/** * Register a console command handler. * * @param name Command name; must not be the beginning of another |