diff options
| author | Aseda Aboagye <aaboagye@google.com> | 2017-02-15 16:56:10 -0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-02-18 17:26:59 -0800 |
| commit | 114f5cee5ac4af758882a7557cbdf91fbc8e4698 (patch) | |
| tree | 0afea58938e54b67116f861780d73cceb4a54f22 /include | |
| parent | 4ed404432904c3f8e6c9d64e8bb306daf3c687f5 (diff) | |
| download | chrome-ec-114f5cee5ac4af758882a7557cbdf91fbc8e4698.tar.gz | |
g: extension: Add a whitelist for vendor commands.
The USB FW upgrade endpoint should really only accept vendor commands
required to perform the firmware update. This commit adds a whitelist
that is checked whenever a vendor command is received over this
endpoint.
The allowed commands over USB are the following:
- EXTENSION_POST_RESET
- VENDOR_CC_IMMEDIATE_RESET (only for dev images)
There is also functionality to have a whitelist for vendor commands that
come over the TPM interface.
BUG=chrome-os-partner:62815
BRANCH=None
TEST=Flash Cr50 with image containing this change. Verify that an
upgrade over USB to newer image works.
TEST=Try using usb_updater to send a vendor command that's not in the
whitelist. Verify that the vendor command is dropped.
Change-Id: I71f8ba090a1cc6c9e7c30ce0dd3c25259e8f292f
Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Reviewed-on: https://chromium-review.googlesource.com/443447
Commit-Ready: Aseda Aboagye <aaboagye@chromium.org>
Tested-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/extension.h | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/include/extension.h b/include/extension.h index 3b960f5439..28a0dc7d06 100644 --- a/include/extension.h +++ b/include/extension.h @@ -26,8 +26,12 @@ typedef enum vendor_cmd_rc (*extension_handler)(enum vendor_cmd_cc code, size_t command_size, size_t *response_size); -/* +/** * Find handler for an extension command. + * + * Use the interface specific function call in order to check the policies for + * handling the commands on that interface. + * * @param command_code Code associated with a extension command handler. * @param buffer Data to be processd by the handler, the same space * is used for data returned by the handler. @@ -36,10 +40,14 @@ typedef enum vendor_cmd_rc (*extension_handler)(enum vendor_cmd_cc code, * data returned by the handler. A single byte return * usually indicates an error and contains the error code. */ -uint32_t extension_route_command(uint16_t command_code, - void *buffer, - size_t command_size, - size_t *size); +uint32_t usb_extension_route_command(uint16_t command_code, + void *buffer, + size_t command_size, + size_t *size); +uint32_t tpm_extension_route_command(uint16_t command_code, + void *buffer, + size_t command_size, + size_t *size); /* Pointer table */ struct extension_command { |