diff options
| author | Mary Ruthven <mruthven@chromium.org> | 2022-10-12 14:15:55 -0500 |
|---|---|---|
| committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2022-11-15 19:31:00 +0000 |
| commit | 0da1a40dcab248cc04ee49d2fac0e892bcb97fbf (patch) | |
| tree | 661e3dd974bc185b578786d9978ea1da3ec39c17 | |
| parent | 43e93234aeee5923344d8cc230cde8132f881a65 (diff) | |
| download | chrome-ec-0da1a40dcab248cc04ee49d2fac0e892bcb97fbf.tar.gz | |
apro: prevent key_combo0 from releasing reset for 60 seconds
AP RO verification fails pretty quickly if the v1 check data or gbb data
is corrupted. Prevent releasing EC_RST_L for 60 seconds after AP RO
verification fails. This way the user won't accidentally clear the AP RO
status while triggering AP RO verification.
BUG=b:236844541
TEST=save invalid gbbd data. Verify cr50 rejects releasing EC_RST_L for
one minute.
[14.246295 RO Validation triggered]
[14.248630 do_ap_ro_check: found v1 data]
[14.250152 enable_spi_pinmux: AP]
[14.253627 spi_hash_pp_done: AP]
[14.254688 do_ap_ro_check: bad gbbd]
[14.256019 spi_hash_disable]
[14.257102 AP RO FAILED! evt(13)]
[14.733604 AP off]
[15.782028 ap_ro_clear_ec_rst_override: too soon]
[15.782978 Recovery Requested]
[16.953887 ap_ro_clear_ec_rst_override: too soon]
[16.954856 Recovery Requested]
[76.268520 power button pressed]
[76.524902 ap_ro_clear_ec_rst_override: done]
[76.525802 Recovery Requested]
[76.593330 Refresh press registered]
[76.757183 AP UART on]
[76.897575 Power button released, RO Check Detection stopped]
[77.147407 deferred_tpm_rst_isr]
Change-Id: Ifcdf37df228fe21e6ff0810393e49d6adb2b076a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3949624
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit 6fb42d210a39ed93bf8596cd94103f497fdcd869)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4011458
(cherry picked from commit 34e4f65b1a33c0063a29153246f95daa0cda43e0)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4027380
| -rw-r--r-- | common/ap_ro_integrity_check.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/common/ap_ro_integrity_check.c b/common/ap_ro_integrity_check.c index 0db205b118..0c8f16ad18 100644 --- a/common/ap_ro_integrity_check.c +++ b/common/ap_ro_integrity_check.c @@ -27,6 +27,8 @@ #define CPRINTS(format, args...) cprints(CC_SYSTEM, format, ##args) #define CPRINTF(format, args...) cprintf(CC_SYSTEM, format, ##args) +/* Prevent releasing EC_RST_L for 60 seconds after AP RO verification fails */ +#define DELAY_EC_RST_RELEASE (60 * SECOND) /* FMAP must be aligned at 4K or larger power of 2 boundary. */ #define LOWEST_FMAP_ALIGNMENT (4 * 1024) #define FMAP_SIGNATURE "__FMAP__" @@ -1078,11 +1080,18 @@ static void release_ec_reset_override(void) enable_sleep(SLEEP_MASK_AP_RO_VERIFICATION); } +/* The time in the future at which sleeping will be allowed. */ +static uint32_t ap_ro_failed_time; + /* Only call this through a key combo. */ void ap_ro_clear_ec_rst_override(void) { if (!ec_rst_override()) return; + if ((get_time().le.lo - ap_ro_failed_time) < DELAY_EC_RST_RELEASE) { + CPRINTS("%s: too soon", __func__); + return; + } apro_fail_status_cleared = 1; release_ec_reset_override(); ap_ro_add_flash_event(APROF_FAIL_CLEARED); @@ -1105,6 +1114,7 @@ static uint8_t ap_ro_failed_verification(enum ap_ro_verification_ev event) apro_result = AP_RO_FAIL; ap_ro_add_flash_event(event); keep_ec_in_reset(); + ap_ro_failed_time = get_time().le.lo; /* * Map failures into EC_ERROR_CRC, this will make sure that in case this * was invoked by the operator keypress, the device will not continue |