rollback: Add function to fetch secret

BRANCH=none
BUG=b:38486828
TEST=Flash hammer

Change-Id: I50088a78e75d6ea8d62e439fdc8bf18d46319462
Reviewed-on: https://chromium-review.googlesource.com/532474
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>

2 files changed, 36 insertions, 0 deletions

diff --git a/common/rollback.c b/common/rollback.c
index 840229c85d..e43bfe07b7 100644
--- a/common/rollback.c
+++ b/common/rollback.c
@@ -106,6 +106,32 @@ int32_t rollback_get_minimum_version(void)
 	return data.rollback_min_version;
 }
 
+#ifdef CONFIG_ROLLBACK_SECRET_SIZE
+int rollback_get_secret(uint8_t *secret)
+{
+	struct rollback_data data;
+	uint8_t first;
+	int i = 0;
+
+	if (get_latest_rollback(&data) < 0)
+		return EC_ERROR_UNKNOWN;
+
+	/* Check that secret is not full of 0x00 or 0xff */
+	first = data.secret[0];
+	if (first == 0x00 || first == 0xff) {
+		for (i = 1; i < sizeof(data.secret); i++) {
+			if (data.secret[i] != first)
+				goto good;
+		}
+		return EC_ERROR_UNKNOWN;
+	}
+
+good:
+	memcpy(secret, data.secret, sizeof(data.secret));
+	return EC_SUCCESS;
+}
+#endif
+
 int rollback_lock(void)
 {
 	int ret;
diff --git a/include/rollback.h b/include/rollback.h
index 51f945e089..e51d5c94a2 100644
--- a/include/rollback.h
+++ b/include/rollback.h
@@ -19,6 +19,16 @@
 int rollback_get_minimum_version(void);
 
 /**
+ * Get device secret from rollback protection block.
+ *
+ * @param secret CONFIG_ROLLBACK_SECRET_SIZE-long buffer to copy the secret to.
+ *
+ * @return EC_SUCCESS on success, EC_ERROR_* on error (e.g. secret is not
+ * initialized)
+ */
+int rollback_get_secret(uint8_t *secret);
+
+/**
  * Update rollback protection block to the version passed as parameter.
  *
  * @param next_min_version	Minimum version to write in rollback block.