diff options
author | Nicolas Boichat <drinkcat@google.com> | 2017-05-22 12:19:42 +0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2017-05-25 04:27:41 -0700 |
commit | ccad39d1b871db0223e7c7b51a696c97461670d3 (patch) | |
tree | 3ca8caa1ba0966592ce282562c1ed259ba27cc23 /common/firmware_image.S | |
parent | 661259ebff96a3acc1f72701b90ea2c4955addc6 (diff) | |
download | chrome-ec-ccad39d1b871db0223e7c7b51a696c97461670d3.tar.gz |
rollback: Add option to store secret in rollback info
For pairing purpose, we want to store some secret random number in
the base. The most convenient location for this is the rollback
region.
Since the rollback region can now be updated without incrementing
rollback_min_version (when we add entropy to the secret), we need
to add an increasing id to tell the code which rollback region is
the latest.
We also add console commands to manually add entropy.
BRANCH=none
BUG=b:38486828
TEST=Flash hammer (with or without CONFIG_ROLLBACK_ENTROPY_SIZE set)
rollbackinfo => 1 version 0 block, 1 empty block, RW verifies
correctly.
rollbackupdate 0; rollbackinfo => No change
rollbackupdate 1; reboot => RO refuses to jump to RW
only when CONFIG_ROLLBACK_ENTROPY_SIZE is set:
rollbackinfo => Secret is [00..00] on both blocks (so the data
was copied correctly)
rollbackupdate 2, 3, 4; rollbackinfo => Writes alternate
between the 2 blocks.
rollbackupdate 2 => Refuses to downgrade version
TEST=From blank secret [00..00], 'rollbackaddent Hello' updates it
to [ba..fa], which matches the output of:
(dd if=/dev/zero bs=1 count=32; echo -n Hello) | sha256sum
Change-Id: I79c3e790e56e21958cc1b4ba05bd4e5f359d3090
Reviewed-on: https://chromium-review.googlesource.com/511985
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Diffstat (limited to 'common/firmware_image.S')
-rw-r--r-- | common/firmware_image.S | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/common/firmware_image.S b/common/firmware_image.S index ed78bad3ce..79661c2866 100644 --- a/common/firmware_image.S +++ b/common/firmware_image.S @@ -33,7 +33,11 @@ #ifdef CONFIG_ROLLBACK /* Note: matches struct rollback_data in common/rollback.c. */ .section .image.ROLLBACK, "a" +.long 0 .long CONFIG_ROLLBACK_VERSION +#ifdef CONFIG_ROLLBACK_SECRET_SIZE +.space CONFIG_ROLLBACK_SECRET_SIZE, 0 +#endif .long CROS_EC_ROLLBACK_COOKIE #endif |