diff options
| author | Daisuke Nojiri <dnojiri@chromium.org> | 2018-04-18 09:39:47 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-05-04 03:02:49 -0700 |
| commit | 84a843bf63ad287bdf63285ccdf3c955b65f7a33 (patch) | |
| tree | eda1f348a363fbd90a20cbc8fd97c6af90c347f0 | |
| parent | 74d08a581d9f08cfa5b5c02ad56267384fb42c9b (diff) | |
| download | chrome-ec-84a843bf63ad287bdf63285ccdf3c955b65f7a33.tar.gz | |
CBI: Disallow board version and OEM ID to be reprogrammed
This patch makes CBI refuse to change board version and OEM ID.
When CONFIG_SYSTEM_UNLOCKED is defined, this restriction is removed.
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
BUG=b:74946347
BRANCH=none
TEST=buildall
Change-Id: I6ceda5764af56ed18a575f5563eaf294bb2876d0
Reviewed-on: https://chromium-review.googlesource.com/1017225
Commit-Ready: Jett Rink <jettrink@chromium.org>
Tested-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
| -rw-r--r-- | common/cbi.c | 7 | ||||
| -rw-r--r-- | include/config.h | 3 | ||||
| -rw-r--r-- | util/ectool.c | 8 |
3 files changed, 15 insertions, 3 deletions
diff --git a/common/cbi.c b/common/cbi.c index 584a6e8415..0b6704a6a3 100644 --- a/common/cbi.c +++ b/common/cbi.c @@ -264,6 +264,13 @@ static int hc_cbi_set(struct host_cmd_handler_args *args) const struct __ec_align4 ec_params_set_cbi *p = args->params; int rv; +#ifndef CONFIG_SYSTEM_UNLOCKED + /* These fields are not allowed to be reprogrammed regardless the + * hardware WP state. They're considered as a part of the hardware. */ + if (p->tag == CBI_TAG_BOARD_VERSION || p->tag == CBI_TAG_OEM_ID) + return EC_RES_ACCESS_DENIED; +#endif + if (p->flag & CBI_SET_INIT) { memset(cbi, 0, sizeof(cbi)); memcpy(head->magic, cbi_magic, sizeof(cbi_magic)); diff --git a/include/config.h b/include/config.h index 4c343acbb0..feb7de7903 100644 --- a/include/config.h +++ b/include/config.h @@ -2514,6 +2514,9 @@ * * NOTE: This should ONLY be defined during bringup, and should never be * defined on a shipping / released platform. + * + * When defined, CBI allows ectool to reprogram all the fields. Once undefined, + * it refuses to change certain fields. (e.g. board version, OEM ID) */ #undef CONFIG_SYSTEM_UNLOCKED diff --git a/util/ectool.c b/util/ectool.c index 87f30a9bc5..8b1432b697 100644 --- a/util/ectool.c +++ b/util/ectool.c @@ -6507,8 +6507,8 @@ static void cmd_cbi_help(char *cmd) " 0: BOARD_VERSION\n" " 1: OEM_ID\n" " 2: SKU_ID\n" - " <size> is the size of the data" - " <value> is integer to be set. No raw data support yet." + " <size> is the size of the data\n" + " <value> is integer to be set. No raw data support yet.\n" " [get_flag] is combination of:\n" " 01b: Invalidate cache and reload data from EEPROM\n" " [set_flag] is combination of:\n" @@ -6609,7 +6609,9 @@ static int cmd_cbi(int argc, char *argv[]) p, sizeof(*p) + size, NULL, 0); if (rv < 0) { if (rv == -EC_RES_ACCESS_DENIED - EECRESULT) - fprintf(stderr, "Write failed. WP enabled?\n"); + fprintf(stderr, "Write failed. Write-protect " + "is enabled or EC explicitly refused " + "to change the requested field."); else fprintf(stderr, "Error code: %d\n", rv); return rv; |