diff options
author | Randall Spangler <rspangler@chromium.org> | 2012-05-25 14:57:09 -0700 |
---|---|---|
committer | Randall Spangler <rspangler@chromium.org> | 2012-05-25 15:03:47 -0700 |
commit | 7ecd1d6d3c23b6acb13f90062d062647ddb4fed3 (patch) | |
tree | 796393a5afc4290d974f4ab391a0003c72c3056e /board | |
parent | e704c712ad473160e97717f139ab3929bcd249c1 (diff) | |
download | chrome-ec-7ecd1d6d3c23b6acb13f90062d062647ddb4fed3.tar.gz |
Add system_is_locked() to prevent sysjump on consumer systems
This returns true when both HW and SW write protect are enabled.
Once WP is enabled, sysjump will be locked out.
system_is_locked() can be used to gate other dangerous-ish commands too.
Signed-off-by: Randall Spangler <rspangler@chromium.org>
BUG=chrome-os-partner:7468
TEST=manual
sysinfo -> unlocked, copy A
sysjump B -> works
flashwp lock
reboot
(make sure flashinfo shows WP asserted and flash locked; note there is a
HW bug on proto1 which makes this flaky)
sysinfo -> locked, copy A
sysjump B -> fails
(remove WP screw)
reboot hard
flashwp unlock
Change-Id: I849b573675c2c1cb4c44b9a05d6973e38247ca23
Diffstat (limited to 'board')
-rw-r--r-- | board/bds/board.h | 1 | ||||
-rw-r--r-- | board/daisy/board.h | 7 | ||||
-rw-r--r-- | board/snow/board.h | 7 |
3 files changed, 15 insertions, 0 deletions
diff --git a/board/bds/board.h b/board/bds/board.h index f22b1e8603..f9d1ef7751 100644 --- a/board/bds/board.h +++ b/board/bds/board.h @@ -10,6 +10,7 @@ /* Optional features */ #define CONFIG_CONSOLE_CMDHELP +#define CONFIG_SYSTEM_UNLOCKED /* Allow dangerous commands */ enum adc_channel { diff --git a/board/daisy/board.h b/board/daisy/board.h index 625df877b5..14270d8906 100644 --- a/board/daisy/board.h +++ b/board/daisy/board.h @@ -17,6 +17,13 @@ /* use I2C for host communication */ #define CONFIG_I2C +/* Allow dangerous commands all the time, since we don't have a write protect + * switch. */ +/* TODO: (crosbug.com/p/9986) This is a serious security hole and should be + * removed in mass production. We add this to allow manual firmware update. + * Once we complete the vboot and autoupdate, we should remove this. */ +#define CONFIG_SYSTEM_UNLOCKED + /* By default, enable all console messages except keyboard */ #define CC_DEFAULT (CC_ALL & ~CC_MASK(CC_KEYSCAN)) diff --git a/board/snow/board.h b/board/snow/board.h index dac98a22ed..0c6d301b9d 100644 --- a/board/snow/board.h +++ b/board/snow/board.h @@ -17,6 +17,13 @@ /* use I2C for host communication */ #define CONFIG_I2C +/* Allow dangerous commands all the time, since we don't have a write protect + * switch. */ +/* TODO: (crosbug.com/p/9986) This is a serious security hole and should be + * removed in mass production. We add this to allow manual firmware update. + * Once we complete the vboot and autoupdate, we should remove this. */ +#define CONFIG_SYSTEM_UNLOCKED + /* By default, enable all console messages except keyboard */ #define CC_DEFAULT (CC_ALL & ~CC_MASK(CC_KEYSCAN)) |