diff options
-rw-r--r-- | common/ec_comm.c | 24 | ||||
-rw-r--r-- | common/ec_efs.c | 46 | ||||
-rw-r--r-- | common/nvmem.c | 14 | ||||
-rw-r--r-- | include/ec_comm.h | 2 | ||||
-rw-r--r-- | include/nvmem.h | 8 |
5 files changed, 69 insertions, 25 deletions
diff --git a/common/ec_comm.c b/common/ec_comm.c index eaf26b4509..18ea225ef9 100644 --- a/common/ec_comm.c +++ b/common/ec_comm.c @@ -323,20 +323,18 @@ static int command_ec_comm(int argc, char **argv) } if (argc > 1) { -#ifdef CR50_RELAXED - if (!strcasecmp(argv[1], "corrupt")) - ec_efs_corrupt_hash(); - else if (!strcasecmp(argv[1], "reload")) - ec_efs_refresh(); - else + if (!strcasecmp(argv[1], "corrupt")) { + int result = ec_efs_corrupt_hash(); + + if (result != EC_SUCCESS) + return result; + } else { return EC_ERROR_PARAM1; + } /* * let's keep processing so that we can see how the context * values are changed. */ -#else - return EC_ERROR_PARAM_COUNT; -#endif } /* @@ -361,12 +359,6 @@ static int command_ec_comm(int argc, char **argv) return EC_SUCCESS; } DECLARE_SAFE_CONSOLE_COMMAND(ec_comm, command_ec_comm, -#ifdef CR50_RELAXED - "[corrupt|reload]", - "Dump EC-CR50-comm status, or corrupt ECRW hash," - "or reload it" -#else - NULL, + "[corrupt]", "Dump EC-CR50-comm status" -#endif ); diff --git a/common/ec_efs.c b/common/ec_efs.c index fabc549ec8..d7bc881872 100644 --- a/common/ec_efs.c +++ b/common/ec_efs.c @@ -7,10 +7,16 @@ #include "common.h" #include "console.h" #include "ec_comm.h" +#include "ccd_config.h" #include "crc8.h" #include "ec_commands.h" #include "extension.h" #include "hooks.h" +#ifndef BOARD_HOST +#include "Global.h" +#include "NV_fp.h" +#include "nvmem.h" +#endif #include "registers.h" #include "system.h" #include "tpm_nvmem.h" @@ -288,15 +294,47 @@ void ec_efs_print_status(void) #endif } -#ifdef CR50_RELAXED -void ec_efs_corrupt_hash(void) +enum ec_error_list ec_efs_corrupt_hash(void) { +#ifndef BOARD_HOST + struct vb2_secdata_kernel secdata; + const uint8_t secdata_size = sizeof(struct vb2_secdata_kernel); + TPM_HANDLE object_handle; + NV_INDEX nvIndex; + uint8_t size_to_crc; int i; + /* Check CCD is opened */ + if (ccd_get_state() != CCD_STATE_OPENED) { + ccprintf("CCD is not opened\n"); + return EC_ERROR_ACCESS_DENIED; + } + + /* Read the kernel secdata */ + if (read_tpm_nvmem(KERNEL_NV_INDEX, secdata_size, + (void *)&secdata) != TPM_READ_SUCCESS) + return EC_ERROR_VBOOT_DATA_UNDERSIZED; + + /* Modify hash */ for (i = 0; i < SHA256_DIGEST_SIZE; i++) - ec_efs_ctx.hash[i] = ~ec_efs_ctx.hash[i] + 0x01; -} + secdata.ec_hash[i] = ~ec_efs_ctx.hash[i] + 0x01; + + size_to_crc = secdata_size - + offsetof(struct vb2_secdata_kernel, crc8) - + sizeof(secdata.crc8); + secdata.crc8 = crc8((uint8_t *)&secdata.reserved0, size_to_crc); + + /* Corrupt KERNEL_NV_INDEX in nvmem cache. */ + object_handle = HR_NV_INDEX + KERNEL_NV_INDEX; + NvGetIndexInfo(object_handle, &nvIndex); + NvWriteIndexData(object_handle, &nvIndex, 0, secdata_size, &secdata); + nvmem_unlock_cache(1); + + /* Reload the corrupted ECRW-hash from kernel secdata. */ + ec_efs_refresh(); #endif + return EC_SUCCESS; +} #ifdef BOARD_HOST uint8_t ec_efs_get_boot_mode(void) diff --git a/common/nvmem.c b/common/nvmem.c index 42fc0ba161..92e097077a 100644 --- a/common/nvmem.c +++ b/common/nvmem.c @@ -106,11 +106,8 @@ static int nvmem_save(void) rv = new_nvmem_save(); - if (rv == EC_SUCCESS) - nvmem_act_partition = NVMEM_NOT_INITIALIZED; + nvmem_unlock_cache(rv == EC_SUCCESS); - nvmem_mutex.write_in_progress = 0; - nvmem_release_cache(); return rv; } @@ -507,3 +504,12 @@ void nvmem_clear_cache(void) nvmem_save(); } + +void nvmem_unlock_cache(int init_act_partition) +{ + if (init_act_partition) + nvmem_act_partition = NVMEM_NOT_INITIALIZED; + + nvmem_mutex.write_in_progress = 0; + nvmem_release_cache(); +} diff --git a/include/ec_comm.h b/include/ec_comm.h index c599868488..dd4d105d4a 100644 --- a/include/ec_comm.h +++ b/include/ec_comm.h @@ -42,7 +42,7 @@ void ec_efs_refresh(void); /* print EC-EFS status */ void ec_efs_print_status(void); /* corrupt ECRW hash */ -void ec_efs_corrupt_hash(void); +enum ec_error_list ec_efs_corrupt_hash(void); #ifdef BOARD_HOST /* return the current boot mode. For test purpose only. */ diff --git a/include/nvmem.h b/include/nvmem.h index f48c9cd9c4..00dc4b7879 100644 --- a/include/nvmem.h +++ b/include/nvmem.h @@ -212,6 +212,14 @@ void nvmem_clear_cache(void); void nvmem_wipe_cache(void); +/* + * Unlock nvmem mutex lock. + * + * @param init_act_partition: boolean to request to initialize active nvmem + * partition status or not. + */ +void nvmem_unlock_cache(int init_act_partition); + #ifdef __cplusplus } #endif |