diff options
author | Vadim Bendebury <vbendeb@chromium.org> | 2017-05-01 12:53:31 -0700 |
---|---|---|
committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2017-05-12 22:05:29 +0000 |
commit | 699ba2a897dccaa8e49061912bdef93fb7b7c0cc (patch) | |
tree | 942f197de77c3d8ac46ee985e849b581353f5066 | |
parent | d0a60b65d3857b8f289843add989ba14935e89f6 (diff) | |
download | chrome-ec-699ba2a897dccaa8e49061912bdef93fb7b7c0cc.tar.gz |
usb_updater: do not filter out dev cr50 versions
The usb_updater code comparing versions to decide which one is newer
filters out values in excess of 1000 to not consider dev build
versions to be newer than the released versions.
In fact this logic is flawed: with node locked RO it is possible to
build dev (self signed) version, which can run on the device, and this
version should take over the released version, if it is currently
present on the device.
If the RO is not node locked, the dev RW version will not verify, so
it is safe to download it to the chip, it would be ignored.
BRANCH=cr50
BUG=none
TEST=with this patch applied it is possible to update self signed
versions running on H1 (the updater considers them newer than
0.0.18 and sends the chip the vendor command to enable the
downloaded image after download completes).
Reviewed-on: https://chromium-review.googlesource.com/492087
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit 32eebe3c5f12c1963bf9bc921839de1168cd7396)
Change-Id: Ibb5761e4bb24fcc7dee5cc10b2f26af7a8e9aa2e
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/505451
-rw-r--r-- | extra/usb_updater/usb_updater.c | 18 |
1 files changed, 6 insertions, 12 deletions
diff --git a/extra/usb_updater/usb_updater.c b/extra/usb_updater/usb_updater.c index fcf6f29554..1ad1378956 100644 --- a/extra/usb_updater/usb_updater.c +++ b/extra/usb_updater/usb_updater.c @@ -774,16 +774,6 @@ static int a_newer_than_b(struct signed_header_version *a, }; size_t i; - /* - * Even though header version fields are 32 bits in size, we don't - * exepect any version field ever exceed say 1000. Anything in excess - * of 1000 should is considered zero. - * - * This would cover old images where one of the RO version fields is - * the number of git patches since last tag (and is in excess of - * 4000), and images where there is no code in a section (all fields - * are set to 0xffffffff). - */ for (i = 0; i < ARRAY_SIZE(fields[0]); i++) { uint32_t a_value; uint32_t b_value; @@ -791,10 +781,14 @@ static int a_newer_than_b(struct signed_header_version *a, a_value = fields[0][i]; b_value = fields[1][i]; - if (a_value > 4000) + /* + * Let's filter out images where the section is not + * initialized and the version field value is set to all ones. + */ + if (a_value == 0xffffffff) a_value = 0; - if (b_value > 4000) + if (b_value == 0xffffffff) b_value = 0; if (a_value != b_value) |