diff options
author | Randall Spangler <rspangler@chromium.org> | 2012-12-10 09:43:49 -0800 |
---|---|---|
committer | Gerrit <chrome-bot@google.com> | 2012-12-10 15:14:38 -0800 |
commit | ad2adc4022c24ea8f883ab2ae61b0a6989743d56 (patch) | |
tree | c701ea92f8d7ea9f1cbf1d18630885e41c4baf8a /include/vboot_hash.h | |
parent | c26a242e947a110ea3cf0c43d8274eebb9aaeb5a (diff) | |
download | chrome-ec-ad2adc4022c24ea8f883ab2ae61b0a6989743d56.tar.gz |
Invalidate hash if flash operation changes the hashed region
This prevents the EC from returning a stale hash.
BUG=chrome-os-partner:16668
BRANCH=link,snow
TEST=manual, with WP disabled
From EC console
- Boot system and wait a second
- hash --> prints valid hash
- flasherase 0x20000 0x1000
- hash --> invalid
- hash rw
- hash --> prints valid hash
- flashwrite 0x20000 0x1000
- hash --> invalid
- hash rw
- flasherase 0x38000 0x1000
- flashwrite 0x38000 0x1000
- hash --> still valid (since 0x38000 is outside the rw section)
From root shell
- ectool hash --> prints valid hash
- ectool flasherase 0x20000 0x1000
- ectool hash --> invalid
- ectool hash recalc RW
- ectool hash --> prints valid hash
- echo 'Making a hash of this' > /tmp/hashofthis
- ectool flashwrite 0x20000 /tmp/hashofthis
- ectool hash --> invalid
- ectool hash recalc RW
- ectool flasherase 0x38000 0x1000
- ectool flashwrite 0x38000 /tmp/hashofthis
- ectool hash --> still valid (since 0x38000 is outside the rw section)
Change-Id: Id915a504a7bc70b8b8c339b5ce55dc5bad5838fe
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/39484
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Diffstat (limited to 'include/vboot_hash.h')
-rw-r--r-- | include/vboot_hash.h | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/include/vboot_hash.h b/include/vboot_hash.h new file mode 100644 index 0000000000..002282b346 --- /dev/null +++ b/include/vboot_hash.h @@ -0,0 +1,23 @@ +/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +/* Verified boot hashing memory module for Chrome EC */ + +#ifndef __CROS_EC_VBOOT_HASH_H +#define __CROS_EC_VBOOT_HASH_H + +#include "common.h" + +/** + * Invalidate the hash if the hashed data overlaps the specified region. + * + * @param offset Region start offset in flash + * @param size Size of region in bytes + * + * @return non-zero if the region overlapped the hashed region. + */ +int vboot_hash_invalidate(int offset, int size); + +#endif /* __CROS_EC_VBOOT_HASH_H */ |