add support for using flash commands to overwrite rwsig

When verifying RW using rwsig, we need to be able to erase the RW
signature to remain in RO. This change excludes the RW signature from
the area protected by system_unsafe_to_overwrite, so flash write can be
used to overwrite the RW signature while still in the RW system image.

BUG=none
BRANCH=lucid
TEST="ectool flashwrite 0x1ff00 corrupt_sig" runs successfully, and on
reboot the EC firmware verification fails.

Change-Id: I7e234664ae564eef30a8b021ea0539b6c0ae898e
Reviewed-on: https://chromium-review.googlesource.com/356810
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Shawn N <shawnn@chromium.org>

1 files changed, 5 insertions, 0 deletions

diff --git a/common/system.c b/common/system.c
index c1236f083c..ec7b16c91e 100644
--- a/common/system.c
+++ b/common/system.c
@@ -15,6 +15,7 @@
 #include "host_command.h"
 #include "i2c.h"
 #include "lpc.h"
+#include "rsa.h"
 #include "spi_flash.h"
 #ifdef CONFIG_MPU
 #include "mpu.h"
@@ -419,6 +420,10 @@ test_mockable int system_unsafe_to_overwrite(uint32_t offset, uint32_t size)
 		r_offset = CONFIG_EC_WRITABLE_STORAGE_OFF +
 			   CONFIG_RW_STORAGE_OFF;
 		r_size = CONFIG_RW_SIZE;
+#ifdef CONFIG_RWSIG
+		/* Allow RW sig to be overwritten */
+		r_size -= CONFIG_RW_SIG_SIZE;
+#endif
 		break;
 	default:
 		return 0;