diff options
author | Mary Ruthven <mruthven@chromium.org> | 2021-06-09 15:10:16 -0500 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-06-18 18:45:09 +0000 |
commit | b231b059c0947522e4a0c9815eab1a5c2601718f (patch) | |
tree | 1adcf61ffc011a8782660ec7ee2c86f856d94ef7 /include | |
parent | 3e2b82328c52ea8f5f8f226997249b680bd527a8 (diff) | |
download | chrome-ec-b231b059c0947522e4a0c9815eab1a5c2601718f.tar.gz |
ap_ro_integrity_check: skip verify based on RLZ
Some factories programmed hashes into devices that don't support reading
from AP flash while EC_RST_L is asserted. Skip AP RO verification on
these devices if the RLZ is blocked.
BUG=b:185783841
TEST=manual
Set board id to YVRQ:0x10
Verify AP RO verification can be triggered
Set board id to VYRC:0x10
Verify AP RO verification is skipped even if the hash is stored.
Change-Id: I7ef5ceafd55ae5e90b4a754d1e92317a9a745ef9
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2950313
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/ap_ro_integrity_check.h | 6 | ||||
-rw-r--r-- | include/tpm_vendor_cmds.h | 1 |
2 files changed, 7 insertions, 0 deletions
diff --git a/include/ap_ro_integrity_check.h b/include/ap_ro_integrity_check.h index 0edc477c88..30181289e6 100644 --- a/include/ap_ro_integrity_check.h +++ b/include/ap_ro_integrity_check.h @@ -27,4 +27,10 @@ int validate_ap_ro(void); */ void ap_ro_add_flash_event(enum ap_ro_verification_ev event); +/* + * ap_ro_board_id_blocked: Returns True if AP RO verification is disabled for + * the board's RLZ. + */ +int ap_ro_board_id_blocked(void); + #endif /* ! __CR50_INCLUDE_AP_RO_INTEGRITY_CHECK_H */ diff --git a/include/tpm_vendor_cmds.h b/include/tpm_vendor_cmds.h index b919b3e922..40c1849e86 100644 --- a/include/tpm_vendor_cmds.h +++ b/include/tpm_vendor_cmds.h @@ -262,6 +262,7 @@ enum ap_ro_check_vc_errors { ARCVE_TOO_MANY_RANGES = 9, ARCVE_NOT_PROGRAMMED = 10, ARCVE_FLASH_READ_FAILED = 11, + ARCVE_BOARD_ID_BLOCKED = 12, }; /* Structure for VENDOR_CC_SPI_HASH request which follows tpm_header */ |