diff options
| author | Vadim Bendebury <vbendeb@chromium.org> | 2019-05-15 08:56:47 -0700 |
|---|---|---|
| committer | Vadim Bendebury <vbendeb@chromium.org> | 2019-09-21 19:11:23 -0700 |
| commit | 0d8f4e90442f6eb7f9ecc089f54fc1935150e443 (patch) | |
| tree | 14a7101b5dc544db9a89124eb9c74718141dda4d /test | |
| parent | 137dd70274bca0c1a866c8c4019704eca692d452 (diff) | |
| download | chrome-ec-0d8f4e90442f6eb7f9ecc089f54fc1935150e443.tar.gz | |
nvmem: make page header checksums different between prod and dev
When moving an H1 between prod and dev Cr50 images, it is important to
quickly determine that the NVMEM contents are not retrievable. The
first object verified by the initialization routine is the page
header, but since SHA value is used for integrity verification, it
does not change despite the fact that the mode (and encryption keys as
a result) changed.
Using encrypted header value for integrity verification guarantees
that when transition between prod and dev modes happen the
initialization function discovers it right away and reinitializes
NVMEM instead of trying to interpret corrupted objects.
The host/dcrypto stub used for unit tests and fuzzing needs to be
modified to ensure that page headers read from uninitialized flash do
not look valid (where encrypted value of 0xffffffff is 0xffffffff).
BRANCH=cr50, cr50-mp
BUG=b:129710256
TEST=make buildall -j successd, as well as migration of a Chrome OS
device from legacy to new nvmem layout.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1615423
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
(cherry picked from commit 58e31f4788e369028f960e2fd39b435f1a1c4687)
Change-Id: I4b9be92ccaa66d9ec44dadc17d619676b32ee70c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1644296
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit 56d73d6885deab1c5b6c9b0c15028b947f7e7545)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1705717
(cherry picked from commit ac2f6e97f0658b8869197c2817c687d914d5de55)
Diffstat (limited to 'test')
| -rw-r--r-- | test/build.mk | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/test/build.mk b/test/build.mk index a8632bee92..e279fae70f 100644 --- a/test/build.mk +++ b/test/build.mk @@ -104,6 +104,6 @@ utils-y=utils.o x25519-y=x25519.o TPM2_ROOT := $(CROS_WORKON_SRCROOT)/src/third_party/tpm2 -$(out)/RO/common/new_nvmem.o: CFLAGS += -I$(TPM2_ROOT) +$(out)/RO/common/new_nvmem.o: CFLAGS += -I$(TPM2_ROOT) -I chip/g $(out)/RO/test/nvmem.o: CFLAGS += -I$(TPM2_ROOT) $(out)/RO/test/nvmem_tpm2_mock.o: CFLAGS += -I$(TPM2_ROOT) |