summaryrefslogtreecommitdiff
path: root/chip/g/config_chip.h
diff options
context:
space:
mode:
authorVadim Bendebury <vbendeb@chromium.org>2020-04-24 18:41:17 -0700
committerCommit Bot <commit-bot@chromium.org>2020-05-22 03:35:06 +0000
commit907629953aaf6a03fe2cf73de1748e40e580a073 (patch)
treed6ded95d24b4308faf14d1600845206a195d1cf2 /chip/g/config_chip.h
parent70c81db54fff163b7b4bfe2b4a02e2b10e906bed (diff)
downloadchrome-ec-907629953aaf6a03fe2cf73de1748e40e580a073.tar.gz
Add AP RO integrity check implementation.
This patch adds code which accepts the vendor command communicating the list of the AP firmware sections to verify and the expected cumulative sha256 sum value of the sections. The vendor command payload is checked for sanity: each range offset is not expected to exceed 32M bytes (the largest possible SPI flash size) and each size is not expected to exceed 4M bytes. If any inconsistencies are found in the payload, or the flash integrity space is already programmed, an error is returned to the AP. It the command validity check succeeds, the payload of the vendor command is prepended by a header including the number of the flash regions to check and a 4 byte checksum of the stored information. This combined information is stored in the dedicated H1 flash space, specifically the RO_B region, at offset of 0x3000, 2K bytes page below the region used for the flash log. The valid RO range in upgrade_fw.c:set_valid_sections() is modified to prevent erasing of the AP RO hash value during Cr50 RO updates. The new file also introduces a function used to verify the AP flash when requested. The returned value indicates one of three conditions: - valid verification information not found - AP flash integrity verification failed - AP flash integrity verification succeeded A new console command allows to examine the contents of the space where the list of ranges and the sum are stored. CR50_DEV builds also allow to erase the page. BUG=b:153764696 TEST=with the rest of the patches applied verified successful execution of the AP RO verification sequence. Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: I1894ef897a86e9d60b9f5bcff3a680f632239e1b Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2171398 Reviewed-by: Andrey Pronin <apronin@chromium.org>
Diffstat (limited to 'chip/g/config_chip.h')
-rw-r--r--chip/g/config_chip.h8
1 files changed, 8 insertions, 0 deletions
diff --git a/chip/g/config_chip.h b/chip/g/config_chip.h
index 7c60567dfc..dcd85c86d1 100644
--- a/chip/g/config_chip.h
+++ b/chip/g/config_chip.h
@@ -160,6 +160,14 @@
(CONFIG_PROGRAM_MEMORY_BASE + CHIP_RO_B_MEM_OFF + CONFIG_RO_SIZE - \
CONFIG_FLASH_LOG_SPACE)
+/* Space reserved for RO hashes */
+#define AP_RO_DATA_SPACE_SIZE CONFIG_FLASH_BANK_SIZE
+#define AP_RO_DATA_SPACE_ADDR (CONFIG_FLASH_LOG_BASE - AP_RO_DATA_SPACE_SIZE)
+
+/* Maximum space available for the RO image */
+#define MAX_RO_CODE_SIZE (CONFIG_RO_SIZE - CONFIG_FLASH_LOG_SPACE - \
+ AP_RO_DATA_SPACE_SIZE)
+
/* Use software crypto (libcryptoc). */
#define CONFIG_LIBCRYPTOC
#endif /* __CROS_EC_CONFIG_CHIP_H */