ap_ro_integrity_check: skip verify based on RLZ

Some factories programmed hashes into devices that don't support reading
from AP flash while EC_RST_L is asserted. Skip AP RO verification on
these devices if the RLZ is blocked.

BUG=b:185783841
TEST=manual
	Set board id to YVRQ:0x10
	Verify AP RO verification can be triggered

	Set board id to VYRC:0x10
	Verify AP RO verification is skipped even if the hash is stored.

Change-Id: I7ef5ceafd55ae5e90b4a754d1e92317a9a745ef9
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2950313
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>

1 files changed, 69 insertions, 0 deletions

diff --git a/board/cr50/board.c b/board/cr50/board.c
index a69bf5ba5d..bf9878eda9 100644
--- a/board/cr50/board.c
+++ b/board/cr50/board.c
@@ -755,6 +755,75 @@ static void  check_board_id_mismatch(void)
 	system_reset(0);
 }
 
+/*****************************************************************************/
+/*
+ * Certain boards need to skip AP RO verification even when the hash is saved.
+ * Block AP RO verification based on the board id type.
+ */
+#define BLOCKED_BID_COUNT 7
+/*
+ * This contains the ap ro verification board id blocklist. Skip AP RO
+ * verification if the board id is found in the blocklist.
+ */
+const uint32_t ap_ro_board_id_blocklist[] = {
+	/* b/185783841 block verification on unsupported devices. */
+	0x54514155, /* TQAU */
+	0x524c4745, /* RLGE */
+	0x56595243, /* VYRC */
+	0x44554b49, /* DUKI */
+	0x4346554c, /* CFUL */
+	0x5248444e, /* RHDN */
+	0x454b574c  /* EKWL */
+};
+BUILD_ASSERT(ARRAY_SIZE(ap_ro_board_id_blocklist) == BLOCKED_BID_COUNT);
+
+
+#define AP_RO_ALLOW_BID 1
+#define AP_RO_BLOCK_BID 2
+
+int ap_ro_board_id_blocked(void)
+{
+	static int checked_ap_ro_bid;
+	struct board_id id;
+	int i;
+
+	/*
+	 * Don't allow ap ro verification if the image board id is mismatched.
+	 * This ensures the device can boot to get an update.
+	 */
+	if (board_id_is_mismatched())
+		return 1;
+
+	if (checked_ap_ro_bid)
+		return checked_ap_ro_bid == AP_RO_BLOCK_BID;
+
+	/*
+	 * If cr50 can't read the board id for some reason, return 1 just to
+	 * be safe.
+	 */
+	if (read_board_id(&id) != EC_SUCCESS) {
+		CPRINTS("%s: BID read error", __func__);
+		return 1;
+	}
+
+	if (board_id_is_blank(&id))
+		return 0;
+
+	/*
+	 * Cache the board id block state, so cr50 doesn't need to keep reading
+	 * and checking the RLZ. The board id can't change if it's already set.
+	 */
+	checked_ap_ro_bid = AP_RO_ALLOW_BID;
+	for (i = 0; i < ARRAY_SIZE(ap_ro_board_id_blocklist); i++) {
+		if (id.type == ap_ro_board_id_blocklist[i]) {
+			checked_ap_ro_bid = AP_RO_BLOCK_BID;
+			break;
+		}
+	}
+	return checked_ap_ro_bid == AP_RO_BLOCK_BID;
+}
+/*****************************************************************************/
+
 /*
  * Check if ITE SYNC sequence generation was requested before the reset, if so
  * - clear the request and call the function to generate the sequence.