diff options
author | Randall Spangler <rspangler@chromium.org> | 2012-05-25 14:57:09 -0700 |
---|---|---|
committer | Randall Spangler <rspangler@chromium.org> | 2012-05-25 15:03:47 -0700 |
commit | 7ecd1d6d3c23b6acb13f90062d062647ddb4fed3 (patch) | |
tree | 796393a5afc4290d974f4ab391a0003c72c3056e /common/main.c | |
parent | e704c712ad473160e97717f139ab3929bcd249c1 (diff) | |
download | chrome-ec-7ecd1d6d3c23b6acb13f90062d062647ddb4fed3.tar.gz |
Add system_is_locked() to prevent sysjump on consumer systems
This returns true when both HW and SW write protect are enabled.
Once WP is enabled, sysjump will be locked out.
system_is_locked() can be used to gate other dangerous-ish commands too.
Signed-off-by: Randall Spangler <rspangler@chromium.org>
BUG=chrome-os-partner:7468
TEST=manual
sysinfo -> unlocked, copy A
sysjump B -> works
flashwp lock
reboot
(make sure flashinfo shows WP asserted and flash locked; note there is a
HW bug on proto1 which makes this flaky)
sysinfo -> locked, copy A
sysjump B -> fails
(remove WP screw)
reboot hard
flashwp unlock
Change-Id: I849b573675c2c1cb4c44b9a05d6973e38247ca23
Diffstat (limited to 'common/main.c')
-rw-r--r-- | common/main.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/common/main.c b/common/main.c index 6b4dfb704c..74a698460e 100644 --- a/common/main.c +++ b/common/main.c @@ -110,6 +110,11 @@ int main(void) * Note that steps above here may be done TWICE per boot, once in the * RO image and once in the RW image. */ vboot_init(); + + /* If system is locked, disable system jumps now that vboot has had its + * chance to jump to a RW image. */ + if (system_is_locked()) + system_disable_jump(); #endif /* Initialize other driver modules. These can occur in any order. |