diff options
author | Vadim Bendebury <vbendeb@chromium.org> | 2021-10-13 15:27:54 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-10-14 18:13:58 +0000 |
commit | 5c95b1abffdb48495ea0f0309e3fa66e88074be7 (patch) | |
tree | e70c98c079deb744d7552299578bc9c2740a109b /include | |
parent | b72f2a1c948ad6e1a5a4402cf07121d815400d58 (diff) | |
download | chrome-ec-5c95b1abffdb48495ea0f0309e3fa66e88074be7.tar.gz |
ap_ro_verification: Do not allow over USB
It should not be possible to trigger AP RO verification by sending the
vendor command over the USB interface, it should be triggered only
when the user enters the existing key sequence, or when coming from
the AP as a TPM command.
When verification is triggered by the key sequence the verification
function is still invoked as a TPM vendor command, because a context
switch into TPM task is required to be able to use its large stack.
The problem is that when TPM task processes context switching
commands, it unconditionally sets the bit indicating that they come
from USB. This is required for some CCD commands, but not for the AP
RO verification request.
Let's introduce a new flag to be able to tell between commands coming
from USB and from alternative sources, and allow AP RO verification be
triggered by alternative sources but not from USB.
BUG=b:202902506
TEST=AP RO verification still could be triggered by key presses and
through a TPM command coming from the AP, but is rejected if sent
over USB by the host.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Ib3b5bd9867cc3038d9123b23c7a25886331a179c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3221776
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/extension.h | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/include/extension.h b/include/extension.h index 5ce0410f57..451ad62672 100644 --- a/include/extension.h +++ b/include/extension.h @@ -14,12 +14,13 @@ /* Flags for vendor or extension commands */ enum vendor_cmd_flags { + /* Command is coming from the USB interface. */ + VENDOR_CMD_FROM_USB = BIT(0), /* - * Command is coming from the USB interface (either via the vendor - * command endpoint or the console). If this flag is not present, - * the command is coming from the AP. + * Command is coming through TPM task, but was not originated in the + * AP. */ - VENDOR_CMD_FROM_USB = BIT(0), + VENDOR_CMD_FROM_ALT_IF = BIT(1), }; /* Parameters for vendor commands */ |