diff options
| author | Vadim Bendebury <vbendeb@chromium.org> | 2021-10-14 21:35:48 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-10-19 02:30:50 +0000 |
| commit | 6bf3837d7e6d2610e4a8a1fbeb10e934320160f9 (patch) | |
| tree | 23283f0c9c8504ba8458a45f851b7162509036c6 /extra | |
| parent | fd3d2aa11e2f0248c4ca721c4da2eb6f856a8edb (diff) | |
| download | chrome-ec-6bf3837d7e6d2610e4a8a1fbeb10e934320160f9.tar.gz | |
ap_ro_verification: do not stop on failing FMAPs
To prevent denial of service attack when a fake FMAP structure is
placed somewhere in the AP flash, then detected by the GSC and
rejected as corrupted, do not stop after finding an FMAP which
includes a pointer to a GVD which fails to verify.
This means the entire flash needs to be scanned, so this patch
eliminates the approach where the flash is scanned at decreasing
intervals until an FMAP section is found. Check all locations at 4K
aligned addresses instead and keep looking until a valid GVD is
located or the entire flash is scanned.
Also fixed some comments and simplified code: there is no need for
looking for the FMAP area entry in the FMAP, the offset of FMAP is
already known.
BUG=b:141191727
TEST=created a fake FMAP entry placed into the RW_A space of a
guybrush image, with a corrupted GVD, programmed the modified
image on a guybrush and attempted AP RO verification.
Observed the GSC report the inconsistent GVD contents and then
find the proper GVD structure in a different FMAP structure, and
successfully validate the GVD structure.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Ic8a930af63e1b90343d8cae6a86e65b06decebfb
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3224810
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Diffstat (limited to 'extra')
0 files changed, 0 insertions, 0 deletions