diff options
author | Mary Ruthven <mruthven@chromium.org> | 2020-10-13 05:05:33 +1100 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-02-23 21:31:35 +0000 |
commit | 50a2d11af1bf1e2c243390de7900f3e5ad2c0f1d (patch) | |
tree | 3cf11b825ed965dde43d9b2294d9731bca3a7545 | |
parent | d7e4695a3e454303be034825292dca49cdebe630 (diff) | |
download | chrome-ec-50a2d11af1bf1e2c243390de7900f3e5ad2c0f1d.tar.gz |
add get apro hash vendor command
Add a vendor command to get the saved AP RO hash, so the factory can
compare the saved hash to the hash they're trying to set.
BUG=b:168634745
TEST=none
Change-Id: Icf644d66f978709e777372f2fe1d80094f60b3e0
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2547197
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit 6c1c62276e26d7043d7be7f1496d0041049e9f53)
Change-Id: I81dccfa557d48ea4af95e0ce0fedd54dfeff17df
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2669286
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit d7d8765ebd01dc8f5ca9b8e1777c38e646aa1dde)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2713835
-rw-r--r-- | common/ap_ro_integrity_check.c | 29 | ||||
-rw-r--r-- | common/extension.c | 1 | ||||
-rw-r--r-- | include/tpm_vendor_cmds.h | 5 |
3 files changed, 35 insertions, 0 deletions
diff --git a/common/ap_ro_integrity_check.c b/common/ap_ro_integrity_check.c index ec11e54fd2..3ec0296d9c 100644 --- a/common/ap_ro_integrity_check.c +++ b/common/ap_ro_integrity_check.c @@ -275,6 +275,35 @@ void ap_ro_add_flash_event(enum ap_ro_verification_ev event) flash_log_add_event(FE_LOG_AP_RO_VERIFICATION, sizeof(ev), &ev); } +static enum vendor_cmd_rc vc_get_ap_ro_hash(enum vendor_cmd_cc code, + void *buf, size_t input_size, + size_t *response_size) +{ + int rv; + uint8_t *response = buf; + + *response_size = 0; + if (input_size) + return VENDOR_RC_BOGUS_ARGS; + + if ((p_chk->header.num_ranges == (uint16_t)~0) && + (p_chk->header.checksum == ~0)) { + *response_size = 1; + *response = ARCVE_NOT_PROGRAMMED; + return VENDOR_RC_INTERNAL_ERROR; + } + + rv = verify_ap_ro_check_space(); + if (rv != EC_SUCCESS) + return VENDOR_RC_READ_FLASH_FAIL; + + *response_size = SHA256_DIGEST_SIZE; + memcpy(buf, p_chk->payload.digest, *response_size); + + return VENDOR_RC_SUCCESS; +} +DECLARE_VENDOR_COMMAND(VENDOR_CC_GET_AP_RO_HASH, vc_get_ap_ro_hash); + static int ap_ro_info_cmd(int argc, char **argv) { int rv; diff --git a/common/extension.c b/common/extension.c index 141b15fab9..e2eccabbcc 100644 --- a/common/extension.c +++ b/common/extension.c @@ -35,6 +35,7 @@ uint32_t extension_route_command(struct vendor_cmd_params *p) #endif /* defined(CR50_DEV) */ case EXTENSION_POST_RESET: /* Always need to reset. */ case VENDOR_CC_CCD: + case VENDOR_CC_GET_AP_RO_HASH: case VENDOR_CC_GET_BOARD_ID: case VENDOR_CC_GET_BOOT_MODE: case VENDOR_CC_RMA_CHALLENGE_RESPONSE: diff --git a/include/tpm_vendor_cmds.h b/include/tpm_vendor_cmds.h index 179f8e8e06..f147e15589 100644 --- a/include/tpm_vendor_cmds.h +++ b/include/tpm_vendor_cmds.h @@ -148,6 +148,10 @@ enum vendor_cmd_cc { VENDOR_CC_SEED_AP_RO_CHECK = 54, + /* VENDOR_CC_FIPS_CMD = 55, */ + + VENDOR_CC_GET_AP_RO_HASH = 56, + LAST_VENDOR_COMMAND = 65535, }; @@ -254,6 +258,7 @@ enum ap_ro_check_vc_errors { ARCVE_BID_PROGRAMMED = 7, ARCVE_FLASH_ERASE_FAILED = 8, ARCVE_TOO_MANY_RANGES = 9, + ARCVE_NOT_PROGRAMMED = 10, }; /* Structure for VENDOR_CC_SPI_HASH request which follows tpm_header */ |