diff options
author | Vadim Bendebury <vbendeb@chromium.org> | 2020-04-14 11:10:45 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2020-04-14 23:32:08 +0000 |
commit | 5b5a4485101120cfac3739caa7da4ba8fae884cc (patch) | |
tree | 1a02f81d18741df9c37988f839865ec65c8089e0 | |
parent | adc20080797ae9958b5355ba743b6b97290bf07f (diff) | |
download | chrome-ec-5b5a4485101120cfac3739caa7da4ba8fae884cc.tar.gz |
VENDOR_CC_WP: allow to enable write protection (WP)
The gsctool utility allows to examine the device WP status, but does
not allow to set it. It would be useful to provide the user with a
means of enabling WP at any time.
This patch extends the existing vendor command VENDOR_CC_WP
implementation to allow an optional one byte parameter. If the
parameter is present, the Cr50 will unconditionally invoke
set_wp_state(1) when processing the command.
BUG=b:153881773
TEST=with the corresponding gsctool.c changes coming up in the next
patch verified that attempts to enable WP when running the
unmodified Cr50 image fail with error message "Early Cr50
versions do not support setting WP", and that the updated Cr50
image allows to enable WP using 'gsctool -a -w enable'
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I75c200bbb9085e9f74c227ef80f782defdaaa29e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2149519
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
-rw-r--r-- | board/cr50/wp.c | 11 | ||||
-rw-r--r-- | include/tpm_vendor_cmds.h | 7 |
2 files changed, 17 insertions, 1 deletions
diff --git a/board/cr50/wp.c b/board/cr50/wp.c index 55c7edcdc4..d8d8f760b9 100644 --- a/board/cr50/wp.c +++ b/board/cr50/wp.c @@ -129,9 +129,18 @@ static enum vendor_cmd_rc vc_set_wp(enum vendor_cmd_cc code, *response_size = 0; /* There shouldn't be any args */ - if (input_size) + if (input_size > 1) return VENDOR_RC_BOGUS_ARGS; + if (input_size == 1) { + uint8_t *cmd = buf; + + if (*cmd != WP_ENABLE) + return VENDOR_RC_BOGUS_ARGS; + + set_wp_state(1); + } + /* Get current wp settings */ if (board_forcing_wp()) response |= WPV_FORCE; diff --git a/include/tpm_vendor_cmds.h b/include/tpm_vendor_cmds.h index 9f37e1a33c..4cb3683d49 100644 --- a/include/tpm_vendor_cmds.h +++ b/include/tpm_vendor_cmds.h @@ -198,6 +198,13 @@ enum vendor_cmd_rc { VENDOR_RC_ERR = 0x500, }; +/* VENDOR_CC_WP options, only WP_ENABLE is accepted. */ +enum wp_options { + WP_NONE, + WP_CHECK, + WP_ENABLE +}; + /* * The TPMv2 Spec mandates that vendor-specific command codes have bit 29 set, * while bits 15-0 indicate the command. All other bits should be zero. |