diff options
author | Mary Ruthven <mruthven@chromium.org> | 2022-05-04 08:12:23 -0700 |
---|---|---|
committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2022-05-04 22:05:22 +0000 |
commit | 4986283df5e1c595f308a9d4a7704af9de2ba38f (patch) | |
tree | d5e6b74bffeadbe03da648f29a41cd7ccac3d5d0 | |
parent | 0bbd42b38a1acc04b93a66b0b029413ddc794b2a (diff) | |
download | chrome-ec-4986283df5e1c595f308a9d4a7704af9de2ba38f.tar.gz |
ap_ro_integrity_check: update hash until the bid type is saved
On some devices the board id flags are set to lock in the phase and the
board id type isn't set until the board is finalized. RO may be changed
until the board id type is written. Change the check from
board_id_is_erased to board_id_type_is_blank, so the factory can update
the AP RO hash until the board is finalized.
This is the same check we do in sn_bits. Try to read the board id and
then check the type. In the future, we may want to consolidate.
BUG=b:230430292
TEST=manual
Clear the board id
Set the hash
python ap_ro_hash.py GBB
gsctool -aA prints the digest
Set the BID flags
gsctool -ai 0xffffffff:0x1234
Clear the hash
gsctool -aH
gsctool -aA
get hash rc: 10 AP RO hash unprogrammed
Set the hash
python ap_ro_hash.py GBB
gsctool -aA prints the digest
Clear the hash
gsctool -aH
gsctool -aA
get hash rc: 10 AP RO hash unprogrammed
Set the BID type
gsctool -ai $(cros_config / brand-code):0x1234
Verify cr50 rejects setting the hash
python ap_ro_hash.py GBB
ERROR: Cr50 returned 7 (BID programmed)
Change-Id: I440ee84b3c86e16f027a8b9dcd51ea3031171ea1
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3627808
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
-rw-r--r-- | common/ap_ro_integrity_check.c | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/common/ap_ro_integrity_check.c b/common/ap_ro_integrity_check.c index 7724ae2585..8c12e851a4 100644 --- a/common/ap_ro_integrity_check.c +++ b/common/ap_ro_integrity_check.c @@ -537,11 +537,23 @@ static enum vendor_cmd_rc vc_seed_ap_ro_check(enum vendor_cmd_cc code, *response_size = 1; /* Just in case there is an error. */ - /* Neither write nor erase are allowed once Board ID is programmed. */ + /* + * Neither write nor erase are allowed once Board ID type is programmed. + * + * Check the board id type insead of board_id_is_erased, because the + * board id flags may be written before finalization. Board id type is + * a better indicator for when RO is finalized and when to lock out + * setting the hash. + */ #ifndef CR50_DEV - if (!board_id_is_erased()) { - *response = ARCVE_BID_PROGRAMMED; - return VENDOR_RC_NOT_ALLOWED; + { + struct board_id bid; + + if (read_board_id(&bid) != EC_SUCCESS || + !board_id_type_is_blank(&bid)) { + *response = ARCVE_BID_PROGRAMMED; + return VENDOR_RC_NOT_ALLOWED; + } } #endif |