diff options
author | Vadim Bendebury <vbendeb@google.com> | 2017-09-01 19:16:33 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2017-09-05 16:04:27 -0700 |
commit | 848cf8f7983bd1b7df3429de9b99124215de1539 (patch) | |
tree | 9b5182baf7a97a59f2b61005217f93c86f532747 /chip/g/upgrade_fw.c | |
parent | 653a18ffc412403963f6bc4b705c256062bf2f72 (diff) | |
download | chrome-ec-848cf8f7983bd1b7df3429de9b99124215de1539.tar.gz |
g: improve update error reporting
When checking if the new contents are allowed the updater can reject
the image for different reasons, let's make it possible to pass the
actual rejection reason to the caller of the contents_allowed()
function.
BRANCH=cr50
BUG=none
TEST=verified that attempts to update to an older image are still
being rejected with the proper error code (as generated by
contents_allowed() now).
Change-Id: I24ac7671c4f461ec089f272581723ec2c3a232ff
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/650811
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Diffstat (limited to 'chip/g/upgrade_fw.c')
-rw-r--r-- | chip/g/upgrade_fw.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/chip/g/upgrade_fw.c b/chip/g/upgrade_fw.c index c21e847685..305d3ff7c9 100644 --- a/chip/g/upgrade_fw.c +++ b/chip/g/upgrade_fw.c @@ -178,14 +178,15 @@ static int new_is_older(const struct SignedHeader *new, } /* - * Check if this chunk of data is a rollback attempt, or is unaligned and + * Check if this chunk of data is a rollback attempt, or is unaligned, or * overlaps RO or RW header. * - * Return False if this is such an attempt or an overlap, when in prod mode; - * otherwise return True. + * Return False if there is any of the above problems and set the passed in + * error_code pointer to the proper error_code. */ static int contents_allowed(uint32_t block_offset, - size_t body_size, void *upgrade_data) + size_t body_size, void *upgrade_data, + uint8_t *error_code) { /* Pointer to RO or RW header in flash, to compare against. */ const struct SignedHeader *header; @@ -220,6 +221,8 @@ static int contents_allowed(uint32_t block_offset, CPRINTF("%s:" " unaligned block overlaps\n", __func__); + *error_code = + UPGRADE_UNALIGNED_BLOCK_ERROR; return 0; } } @@ -231,12 +234,14 @@ static int contents_allowed(uint32_t block_offset, /* This block is a header (ro or rw) of the new image. */ if (body_size < sizeof(struct SignedHeader)) { CPRINTF("%s: block too short\n", __func__); + *error_code = UPGRADE_TRUNCATED_HEADER_ERROR; return 0; } /* upgrade_data is the new header. */ if (new_is_older(upgrade_data, header)) { CPRINTF("%s: rejecting an older header.\n", __func__); + *error_code = UPGRADE_ROLLBACK_ERROR; return 0; } @@ -295,7 +300,8 @@ static void new_chunk_written(uint32_t block_offset) } static int contents_allowed(uint32_t block_offset, - size_t body_size, void *upgrade_data) + size_t body_size, void *upgrade_data, + uint8_t *error_code) { return 1; } @@ -385,10 +391,9 @@ void fw_upgrade_command_handler(void *body, } upgrade_data = cmd_body + 1; - if (!contents_allowed(block_offset, body_size, upgrade_data)) { - *error_code = UPGRADE_ROLLBACK_ERROR; + if (!contents_allowed(block_offset, body_size, + upgrade_data, error_code)) return; - } /* Check if the block will fit into the valid area. */ *error_code = check_update_chunk(block_offset, body_size); |