diff options
author | Mary Ruthven <mruthven@chromium.org> | 2020-10-13 05:07:41 +1100 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-02-25 16:58:09 +0000 |
commit | 605784de166da2c46d8f9716c4478dab5e628504 (patch) | |
tree | b828c3c1eb35eaabd206b0f8ec4a38cfe61d6e82 | |
parent | a7d383c38872481b1849d812f477c4c39352aa0a (diff) | |
download | chrome-ec-605784de166da2c46d8f9716c4478dab5e628504.tar.gz |
Reland "ap_ro_hash: add a maximum number of ranges"
This is a reland of d7e4695a3e454303be034825292dca49cdebe630
Original change's description:
> ap_ro_hash: add a maximum number of ranges
>
> It's unlikely any factory process will try to use more than 32 ranges.
> This change adds a hard limit to ensure they don't.
>
> BUG=none
> TEST=none
>
> Change-Id: I411777c15e52c0af7a59e717bdacbae092dad3ab
> Signed-off-by: Mary Ruthven <mruthven@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2547196
> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
> (cherry picked from commit 26b886623c4e2184f142498b769c415b4e08ac38)
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2669285
> (cherry picked from commit b807edf02c14ed175dd2ec90c131347ff00b4e7d)
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2713834
Bug: none
Change-Id: Idacff4d68020ed3226ee621f59daae67c082639e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2718504
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
-rw-r--r-- | common/ap_ro_integrity_check.c | 14 | ||||
-rw-r--r-- | include/tpm_vendor_cmds.h | 1 |
2 files changed, 15 insertions, 0 deletions
diff --git a/common/ap_ro_integrity_check.c b/common/ap_ro_integrity_check.c index bb9f62abd6..ec11e54fd2 100644 --- a/common/ap_ro_integrity_check.c +++ b/common/ap_ro_integrity_check.c @@ -27,6 +27,16 @@ struct flash_range { uint32_t range_size; } __packed; +/* + * A somewhat arbitrary maximum number of AP RO hash ranges to save. There are + * 27 regions in a FMAP layout. The AP RO ranges should only be from the RO + * region. It's unlikely anyone will need more than 32 ranges. + * If there are AP RO hash issues, the team will likely need to look at the + * value of each range what part of the FMAP it corresponds to. Enforce a limit + * to the number of ranges, so it's easier to debug and to make people consider + * why they would need more than 32 ranges. + */ +#define APRO_MAX_NUM_RANGES 32 /* Values used for sanity check of the flash_range structure fields. */ #define MAX_SUPPORTED_FLASH_SIZE (32 * 1024 * 1024) #define MAX_SUPPORTED_RANGE_SIZE (4 * 1024 * 1024) @@ -132,6 +142,10 @@ static enum vendor_cmd_rc vc_seed_ap_ro_check(enum vendor_cmd_cc code, vc_num_of_ranges = (input_size - SHA256_DIGEST_SIZE) / sizeof(struct flash_range); + if (vc_num_of_ranges > APRO_MAX_NUM_RANGES) { + *response = ARCVE_TOO_MANY_RANGES; + return VENDOR_RC_BOGUS_ARGS; + } for (i = 0; i < vc_num_of_ranges; i++) { if (vc_payload->ranges[i].range_size > MAX_SUPPORTED_RANGE_SIZE) { diff --git a/include/tpm_vendor_cmds.h b/include/tpm_vendor_cmds.h index 20336f637d..179f8e8e06 100644 --- a/include/tpm_vendor_cmds.h +++ b/include/tpm_vendor_cmds.h @@ -253,6 +253,7 @@ enum ap_ro_check_vc_errors { ARCVE_FLASH_WRITE_FAILED = 6, ARCVE_BID_PROGRAMMED = 7, ARCVE_FLASH_ERASE_FAILED = 8, + ARCVE_TOO_MANY_RANGES = 9, }; /* Structure for VENDOR_CC_SPI_HASH request which follows tpm_header */ |