diff options
author | Mary Ruthven <mruthven@chromium.org> | 2021-06-09 15:10:16 -0500 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-06-18 18:45:09 +0000 |
commit | b231b059c0947522e4a0c9815eab1a5c2601718f (patch) | |
tree | 1adcf61ffc011a8782660ec7ee2c86f856d94ef7 /board | |
parent | 3e2b82328c52ea8f5f8f226997249b680bd527a8 (diff) | |
download | chrome-ec-b231b059c0947522e4a0c9815eab1a5c2601718f.tar.gz |
ap_ro_integrity_check: skip verify based on RLZ
Some factories programmed hashes into devices that don't support reading
from AP flash while EC_RST_L is asserted. Skip AP RO verification on
these devices if the RLZ is blocked.
BUG=b:185783841
TEST=manual
Set board id to YVRQ:0x10
Verify AP RO verification can be triggered
Set board id to VYRC:0x10
Verify AP RO verification is skipped even if the hash is stored.
Change-Id: I7ef5ceafd55ae5e90b4a754d1e92317a9a745ef9
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2950313
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Diffstat (limited to 'board')
-rw-r--r-- | board/cr50/board.c | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/board/cr50/board.c b/board/cr50/board.c index a69bf5ba5d..bf9878eda9 100644 --- a/board/cr50/board.c +++ b/board/cr50/board.c @@ -755,6 +755,75 @@ static void check_board_id_mismatch(void) system_reset(0); } +/*****************************************************************************/ +/* + * Certain boards need to skip AP RO verification even when the hash is saved. + * Block AP RO verification based on the board id type. + */ +#define BLOCKED_BID_COUNT 7 +/* + * This contains the ap ro verification board id blocklist. Skip AP RO + * verification if the board id is found in the blocklist. + */ +const uint32_t ap_ro_board_id_blocklist[] = { + /* b/185783841 block verification on unsupported devices. */ + 0x54514155, /* TQAU */ + 0x524c4745, /* RLGE */ + 0x56595243, /* VYRC */ + 0x44554b49, /* DUKI */ + 0x4346554c, /* CFUL */ + 0x5248444e, /* RHDN */ + 0x454b574c /* EKWL */ +}; +BUILD_ASSERT(ARRAY_SIZE(ap_ro_board_id_blocklist) == BLOCKED_BID_COUNT); + + +#define AP_RO_ALLOW_BID 1 +#define AP_RO_BLOCK_BID 2 + +int ap_ro_board_id_blocked(void) +{ + static int checked_ap_ro_bid; + struct board_id id; + int i; + + /* + * Don't allow ap ro verification if the image board id is mismatched. + * This ensures the device can boot to get an update. + */ + if (board_id_is_mismatched()) + return 1; + + if (checked_ap_ro_bid) + return checked_ap_ro_bid == AP_RO_BLOCK_BID; + + /* + * If cr50 can't read the board id for some reason, return 1 just to + * be safe. + */ + if (read_board_id(&id) != EC_SUCCESS) { + CPRINTS("%s: BID read error", __func__); + return 1; + } + + if (board_id_is_blank(&id)) + return 0; + + /* + * Cache the board id block state, so cr50 doesn't need to keep reading + * and checking the RLZ. The board id can't change if it's already set. + */ + checked_ap_ro_bid = AP_RO_ALLOW_BID; + for (i = 0; i < ARRAY_SIZE(ap_ro_board_id_blocklist); i++) { + if (id.type == ap_ro_board_id_blocklist[i]) { + checked_ap_ro_bid = AP_RO_BLOCK_BID; + break; + } + } + return checked_ap_ro_bid == AP_RO_BLOCK_BID; +} +/*****************************************************************************/ + /* * Check if ITE SYNC sequence generation was requested before the reset, if so * - clear the request and call the function to generate the sequence. |