diff options
| author | Daisuke Nojiri <dnojiri@chromium.org> | 2019-10-21 10:07:48 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-02-09 08:31:43 +0000 |
| commit | 37151225f4d791204a75173eec64ebfdaf2cbdec (patch) | |
| tree | a9680e1fd0897c1ea6e0461055760c42944fdee7 /include/vboot_hash.h | |
| parent | a4f7c8ef7c0b9b3206f67299414c2cbd2a5fe84a (diff) | |
| download | chrome-ec-37151225f4d791204a75173eec64ebfdaf2cbdec.tar.gz | |
EFS2: Implement Early Firmware Selection ver.2
EFS v1 allowed Chromeboxes to verify RW without AP. EFS v2 will bring
the benefts to Chromebooks, which are:
- Reduce RO dependency and presence. Allow more code to be updated
in the fields.
- Remove jumptag and workarounds needed for late sysjump.
Major imporvements over v1 are:
- No A/B slot required.
- No signature in RW or public key in RO.
- Rollback-attack protection.
- Verifies only RW being used instead of whole RW section.
For battery-equipped devices, additional benefts are:
- Immediate boot on drained battery.
- Support recovery mode regardless of battery condition.
- Faster charge in S5/G3.
EC-Cr50 communication is based on the shared UART (go/ec-cr50-comm).
EFS2 is documented in go/ec-efs2.
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
BUG=chromium:1045217,chromium:141143112
BRANCH=none
TEST=Boot Helios in NORMAL/NO_BOOT/NO_BOOT_RECOVERY/RECOVERY mode.
TEST=Wake up EC from hibernate.
TEST=Make EC assert PACKET_MODE to wake up Cr50 from deepsleep.
Change-Id: I98a4fe1ecc59d106810a75daec3c424f953ff880
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2015357
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
Tested-by: Daisuke Nojiri <dnojiri@chromium.org>
Auto-Submit: Daisuke Nojiri <dnojiri@chromium.org>
Diffstat (limited to 'include/vboot_hash.h')
| -rw-r--r-- | include/vboot_hash.h | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/include/vboot_hash.h b/include/vboot_hash.h index 3d66a7c56d..126872393e 100644 --- a/include/vboot_hash.h +++ b/include/vboot_hash.h @@ -11,6 +11,23 @@ #include "common.h" /** + * Get hash of RW image. + * + * Your task will be blocked until hash computation is done. Hashing can be + * aborted only due to internal errors (e.g. read error) but not external + * causes. + * + * This is expected to be called before tasks are initialized. If it's called + * after tasks are started, it may starve lower priority tasks. + * + * See chromium:1047870 for some optimization. + * + * @param dst (OUT) Address where computed hash is stored. + * @return enum ec_error_list. + */ +int vboot_get_rw_hash(const uint8_t **dst); + +/** * Invalidate the hash if the hashed data overlaps the specified region. * * @param offset Region start offset in flash |