EFS: Add EFS_VERIFY host command

If a bios carries an EC image signed by a wrong key, EFS EC falls back
to the previous slot upon reboot. Vboot currently does not handle this
case and tries to update the EC with an incompatible image again.
When this happens, a user sees 'applying critical update' screen
repeatedly.

This patch adds EFS_VERIFYV host command. Vboot on AP calls it to check
whether the EC likes a newly updated image or not. If the verification
fails, it's considered as update failure and vboot displays 'broken'
screen.

BUG=b:71719323
BRANCH=none
TEST=Flash EC SPI with an image which has a different RO key. Boot DUT
and let it run software sync. EC-RO rejects the updated image and falls
back to the previous one. The update counter is incremented and vboot
shows the 'broken' screen, requesting recovery.

Change-Id: I8a107a376963baa146ff691c50d80018ec3e429c
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/858159
Reviewed-by: Randall Spangler <rspangler@chromium.org>

1 files changed, 7 insertions, 0 deletions

diff --git a/include/ec_commands.h b/include/ec_commands.h
index e4ba2d0b96..189618731a 100644
--- a/include/ec_commands.h
+++ b/include/ec_commands.h
@@ -4561,6 +4561,13 @@ struct __ec_align4 ec_params_rwsig_action {
 	uint32_t action;
 };
 
+/* Run verification on a slot */
+#define EC_CMD_EFS_VERIFY	0x011E
+
+struct __ec_align1 ec_params_efs_verify {
+	uint8_t region;		/* enum ec_flash_region */
+};
+
 /*****************************************************************************/
 /* The command range 0x200-0x2FF is reserved for Rotor. */