Add system_is_locked() to prevent sysjump on consumer systems

This returns true when both HW and SW write protect are enabled. Once WP is enabled, sysjump will be locked out. system_is_locked() can be used to gate other dangerous-ish commands too. Signed-off-by: Randall Spangler <rspangler@chromium.org> BUG=chrome-os-partner:7468 TEST=manual sysinfo -> unlocked, copy A sysjump B -> works flashwp lock reboot (make sure flashinfo shows WP asserted and flash locked; note there is a HW bug on proto1 which makes this flaky) sysinfo -> locked, copy A sysjump B -> fails (remove WP screw) reboot hard flashwp unlock Change-Id: I849b573675c2c1cb4c44b9a05d6973e38247ca23
author: Randall Spangler <rspangler@chromium.org> 2012-05-25 14:57:09 -0700
committer: Randall Spangler <rspangler@chromium.org> 2012-05-25 15:03:47 -0700
commit: 7ecd1d6d3c23b6acb13f90062d062647ddb4fed3 (patch)
tree: 796393a5afc4290d974f4ab391a0003c72c3056e /common/main.c
parent: e704c712ad473160e97717f139ab3929bcd249c1 (diff)
download: chrome-ec-7ecd1d6d3c23b6acb13f90062d062647ddb4fed3.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/common/main.c b/common/main.c
index 6b4dfb704c..74a698460e 100644
--- a/common/main.c
+++ b/common/main.c
@@ -110,6 +110,11 @@ int main(void)
 	 * Note that steps above here may be done TWICE per boot, once in the
 	 * RO image and once in the RW image. */
 	vboot_init();
+
+	/* If system is locked, disable system jumps now that vboot has had its
+	 * chance to jump to a RW image. */
+	if (system_is_locked())
+		system_disable_jump();
 #endif
 
 	/* Initialize other driver modules.  These can occur in any order.
author	Randall Spangler <rspangler@chromium.org>	2012-05-25 14:57:09 -0700
committer	Randall Spangler <rspangler@chromium.org>	2012-05-25 15:03:47 -0700
commit	7ecd1d6d3c23b6acb13f90062d062647ddb4fed3 (patch)
tree	796393a5afc4290d974f4ab391a0003c72c3056e /common/main.c
parent	e704c712ad473160e97717f139ab3929bcd249c1 (diff)
download	chrome-ec-7ecd1d6d3c23b6acb13f90062d062647ddb4fed3.tar.gz