diff options
author | Daisuke Nojiri <dnojiri@chromium.org> | 2018-01-09 11:02:45 -0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-01-09 21:13:39 -0800 |
commit | 67b8bb85da1d73d72582490390c7c6fd13b266ef (patch) | |
tree | bc9da01eeb0743bb08d43794afe067157431def0 /common/vboot | |
parent | a5fe9099d8dcb7a1ec62f32fab2ed9fae6cf31b0 (diff) | |
download | chrome-ec-67b8bb85da1d73d72582490390c7c6fd13b266ef.tar.gz |
EFS: Add EFS_VERIFY host command
If a bios carries an EC image signed by a wrong key, EFS EC falls back
to the previous slot upon reboot. Vboot currently does not handle this
case and tries to update the EC with an incompatible image again.
When this happens, a user sees 'applying critical update' screen
repeatedly.
This patch adds EFS_VERIFYV host command. Vboot on AP calls it to check
whether the EC likes a newly updated image or not. If the verification
fails, it's considered as update failure and vboot displays 'broken'
screen.
BUG=b:71719323
BRANCH=none
TEST=Flash EC SPI with an image which has a different RO key. Boot DUT
and let it run software sync. EC-RO rejects the updated image and falls
back to the previous one. The update counter is incremented and vboot
shows the 'broken' screen, requesting recovery.
Change-Id: I8a107a376963baa146ff691c50d80018ec3e429c
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/858159
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'common/vboot')
-rw-r--r-- | common/vboot/vboot.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/common/vboot/vboot.c b/common/vboot/vboot.c index d8f12f6a98..47cf1aa10a 100644 --- a/common/vboot/vboot.c +++ b/common/vboot/vboot.c @@ -111,6 +111,25 @@ static int verify_slot(enum system_image_copy_t slot) return EC_SUCCESS; } +static int hc_verify_slot(struct host_cmd_handler_args *args) +{ + const struct ec_params_efs_verify *p = args->params; + enum system_image_copy_t slot; + + switch (p->region) { + case EC_FLASH_REGION_ACTIVE: + slot = system_get_active_copy(); + break; + case EC_FLASH_REGION_UPDATE: + slot = system_get_update_copy(); + break; + default: + return EC_RES_INVALID_PARAM; + } + return verify_slot(slot) ? EC_RES_ERROR : EC_RES_SUCCESS; +} +DECLARE_HOST_COMMAND(EC_CMD_EFS_VERIFY, hc_verify_slot, EC_VER_MASK(0)); + static int verify_and_jump(void) { enum system_image_copy_t slot; |