diff options
| author | Randall Spangler <rspangler@chromium.org> | 2018-05-18 15:02:40 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-05-23 20:35:12 -0700 |
| commit | f07e300fe457575394c21d040cfc80e6dc2829f0 (patch) | |
| tree | 2957d7410b0fd17095ba46a9e9c3e809242aa99e /common/extension.c | |
| parent | 7784fba59d7eb7992c2f0e2df24a819fe06c2828 (diff) | |
| download | chrome-ec-f07e300fe457575394c21d040cfc80e6dc2829f0.tar.gz | |
cr50: tpm_alt_extension() specifies command origin is USB
Previously, calls to tpm_alt_extension() were treated as if they came
from the AP via the TPM interface, even though they actually
originated from the cr50 console, which is accessible via the USB
interface.
This affects the following console commands:
spi_hash - was already allowed as both a safe console command and via
the USB vendor command interface. No change.
rma_auth - was allowed as a safe console command, but not via the USB
vendor command interface. Now allowed from both. No change in
security, since anyone could already do it via the console.
Unfortunately, getting a challenge fails because commands issued via
the USB vendor command interface have a maximum payload of 32 bytes
and the challenge is bigger than that; that's tracked in b:80098603.
ccd - was already allowed as a safe console command. This directly
called ccd_command_wrapper() for lock, open, and password subcommands.
It made an extra check for password set for the unlock subcommand.
Moved the unlock check to the vendor command handler. Also changed
the order of checks so that FWMP disabling unlock and open supersedes
an existing password; this matches go/ccd-open-simple. (That has no
effect on existing systems, because CCD is disabled at a higher
level.)
Reduces code size by 8 bytes.
BUG=b:79983505
BRANCH=cr50
TEST=manual, on a CR50_DEV=1 build
Compile with DEBUG_EXTENSION defined to print extra debug output
'ccd lock' now shows as coming from USB
'ccd unlock' fails because no password is set
'ccd unlock' and 'ccd open' fail if FWMP disallows unlock
'rma_auth' prints a challenge
'gsctool -t -r' prints a challenge from AP root shell
'gsctool -r 12345678' returns error 6 (incorrect challenge), rather
than error 127 (no such command).
'gsctool -I' works from the host
'gsctool -t -I' still works from AP root shell
Change-Id: I2cd1027f5135b9c336df97ee4b1b1a15354728b4
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1068102
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Diffstat (limited to 'common/extension.c')
| -rw-r--r-- | common/extension.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/common/extension.c b/common/extension.c index f63734025f..d75bbbe4f3 100644 --- a/common/extension.c +++ b/common/extension.c @@ -35,7 +35,9 @@ uint32_t extension_route_command(uint16_t command_code, case VENDOR_CC_SET_BOARD_ID: #endif /* defined(CR50_DEV) */ case EXTENSION_POST_RESET: /* Always need to reset. */ + case VENDOR_CC_CCD: case VENDOR_CC_GET_BOARD_ID: + case VENDOR_CC_RMA_CHALLENGE_RESPONSE: case VENDOR_CC_SPI_HASH: /* Requires physical presence. */ case VENDOR_CC_TURN_UPDATE_ON: break; |