diff options
| author | Mary Ruthven <mruthven@chromium.org> | 2021-06-09 15:10:16 -0500 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-06-18 18:45:09 +0000 |
| commit | b231b059c0947522e4a0c9815eab1a5c2601718f (patch) | |
| tree | 1adcf61ffc011a8782660ec7ee2c86f856d94ef7 /common/ap_ro_integrity_check.c | |
| parent | 3e2b82328c52ea8f5f8f226997249b680bd527a8 (diff) | |
| download | chrome-ec-b231b059c0947522e4a0c9815eab1a5c2601718f.tar.gz | |
ap_ro_integrity_check: skip verify based on RLZ
Some factories programmed hashes into devices that don't support reading
from AP flash while EC_RST_L is asserted. Skip AP RO verification on
these devices if the RLZ is blocked.
BUG=b:185783841
TEST=manual
Set board id to YVRQ:0x10
Verify AP RO verification can be triggered
Set board id to VYRC:0x10
Verify AP RO verification is skipped even if the hash is stored.
Change-Id: I7ef5ceafd55ae5e90b4a754d1e92317a9a745ef9
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2950313
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Diffstat (limited to 'common/ap_ro_integrity_check.c')
| -rw-r--r-- | common/ap_ro_integrity_check.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/common/ap_ro_integrity_check.c b/common/ap_ro_integrity_check.c index 86bfbbea23..f2339ddb86 100644 --- a/common/ap_ro_integrity_check.c +++ b/common/ap_ro_integrity_check.c @@ -226,10 +226,16 @@ static int verify_ap_ro_check_space(void) * ARCVE_OK if AP RO verification is supported. * ARCVE_NOT_PROGRAMMED if the hash is not programmed. * ARCVE_FLASH_READ_FAILED if there was an error reading the hash. + * ARCVE_BOARD_ID_BLOCKED if ap ro verification is disabled for the board's rlz */ static enum ap_ro_check_vc_errors ap_ro_check_unsupported(int add_flash_event) { + if (ap_ro_board_id_blocked()) { + CPRINTS("%s: BID blocked", __func__); + return ARCVE_BOARD_ID_BLOCKED; + } + if (p_chk->header.num_ranges == (uint16_t)~0) { CPRINTS("%s: RO verification not programmed", __func__); if (add_flash_event) @@ -344,12 +350,11 @@ static int ap_ro_info_cmd(int argc, char **argv) } #endif rv = ap_ro_check_unsupported(false); - if (rv == ARCVE_NOT_PROGRAMMED) - return EC_SUCCESS; if (rv == ARCVE_FLASH_READ_FAILED) return EC_ERROR_CRC; /* No verification possible. */ + /* All other AP RO verificaiton unsupported reasons are fine */ if (rv) - return EC_ERROR_UNKNOWN; + return EC_SUCCESS; ccprintf("sha256 hash %ph\n", HEX_BUF(p_chk->payload.digest, sizeof(p_chk->payload.digest))); |