diff options
| author | Vadim Bendebury <vbendeb@chromium.org> | 2020-04-24 18:41:17 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-06-12 22:18:18 +0000 |
| commit | e670654714105bf08c096de3e61bc83b9f0b6f64 (patch) | |
| tree | a56f74d14351ccb4dc38bdcad8d23f3902ede58b /chip/g/upgrade_fw.c | |
| parent | 2432e4c725b525cbf8f302a4e85de89f005eaaf9 (diff) | |
| download | chrome-ec-e670654714105bf08c096de3e61bc83b9f0b6f64.tar.gz | |
Add AP RO integrity check implementation.
This patch adds code which accepts the vendor command communicating
the list of the AP firmware sections to verify and the expected
cumulative sha256 sum value of the sections.
The vendor command payload is checked for sanity: each range offset is
not expected to exceed 32M bytes (the largest possible SPI flash size)
and each size is not expected to exceed 4M bytes.
If any inconsistencies are found in the payload, or the flash
integrity space is already programmed, an error is returned to the AP.
It the command validity check succeeds, the payload of the vendor
command is prepended by a header including the number of the flash
regions to check and a 4 byte checksum of the stored information.
This combined information is stored in the dedicated H1 flash space,
specifically the RO_B region, at offset of 0x3000, 2K bytes page below
the region used for the flash log.
The valid RO range in upgrade_fw.c:set_valid_sections() is modified to
prevent erasing of the AP RO hash value during Cr50 RO updates.
The new file also introduces a function used to verify the AP flash
when requested. The returned value indicates one of three conditions:
- valid verification information not found
- AP flash integrity verification failed
- AP flash integrity verification succeeded
A new console command allows to examine the contents of the space
where the list of ranges and the sum are stored. CR50_DEV builds also
allow to erase the page.
BUG=b:153764696
TEST=with the rest of the patches applied verified successful
execution of the AP RO verification sequence.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I1894ef897a86e9d60b9f5bcff3a680f632239e1b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2171398
Reviewed-by: Andrey Pronin <apronin@chromium.org>
(cherry picked from commit 907629953aaf6a03fe2cf73de1748e40e580a073)
Change-Id: I73ea7f82e86c8f6724d9f2cc85e1885d448b7b01
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2242406
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
Diffstat (limited to 'chip/g/upgrade_fw.c')
| -rw-r--r-- | chip/g/upgrade_fw.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/chip/g/upgrade_fw.c b/chip/g/upgrade_fw.c index 6a2a0cc102..35d0c54549 100644 --- a/chip/g/upgrade_fw.c +++ b/chip/g/upgrade_fw.c @@ -63,8 +63,7 @@ static void set_valid_sections(void) } valid_sections.ro_top_offset = valid_sections.ro_base_offset + - CONFIG_RO_SIZE - 0x800; /* 2K for certs! */ - + MAX_RO_CODE_SIZE; valid_sections.rw_top_offset = valid_sections.rw_base_offset + CONFIG_RW_SIZE; } |