summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--common/ap_ro_integrity_check.c31
-rw-r--r--include/ap_ro_integrity_check.h4
2 files changed, 19 insertions, 16 deletions
diff --git a/common/ap_ro_integrity_check.c b/common/ap_ro_integrity_check.c
index f6592d1ca9..b7b09c68bc 100644
--- a/common/ap_ro_integrity_check.c
+++ b/common/ap_ro_integrity_check.c
@@ -84,13 +84,14 @@ static const struct ap_ro_check *p_chk =
* Track if the AP RO hash was validated this boot. Must be cleared every AP
* reset.
*/
-static uint8_t validated_ap_ro_boot;
+static enum ap_ro_status apro_result = AP_RO_NOT_RUN;
void ap_ro_device_reset(void)
{
- if (validated_ap_ro_boot)
- CPRINTS("%s: clear validated state", __func__);
- validated_ap_ro_boot = 0;
+ if (apro_result == AP_RO_NOT_RUN)
+ return;
+ CPRINTS("%s: clear apro result", __func__);
+ apro_result = AP_RO_NOT_RUN;
}
static int ap_ro_erase_hash(void)
@@ -273,8 +274,10 @@ int validate_ap_ro(void)
uint8_t digest[SHA256_DIGEST_SIZE];
int rv;
- if (ap_ro_check_unsupported(true))
+ if (ap_ro_check_unsupported(true)) {
+ apro_result = AP_RO_UNSUPPORTED_TRIGGERED;
return EC_ERROR_INVAL;
+ }
enable_ap_spi_hash_shortcut();
usb_spi_sha256_start(&ctx);
@@ -291,6 +294,7 @@ int validate_ap_ro(void)
usb_spi_sha256_final(&ctx, digest, sizeof(digest));
if (memcmp(digest, p_chk->payload.digest, sizeof(digest))) {
+ apro_result = AP_RO_FAIL;
CPRINTS("AP RO verification FAILED!");
CPRINTS("Calculated digest %ph",
HEX_BUF(digest, sizeof(digest)));
@@ -300,9 +304,9 @@ int validate_ap_ro(void)
ap_ro_add_flash_event(APROF_CHECK_FAILED);
rv = EC_ERROR_CRC;
} else {
+ apro_result = AP_RO_PASS;
ap_ro_add_flash_event(APROF_CHECK_SUCCEEDED);
rv = EC_SUCCESS;
- validated_ap_ro_boot = 1;
CPRINTS("AP RO verification SUCCEEDED!");
}
disable_ap_spi_hash_shortcut();
@@ -362,13 +366,14 @@ static int ap_ro_info_cmd(int argc, char **argv)
}
#endif
rv = ap_ro_check_unsupported(false);
+ ccprintf("result : %d\n", apro_result);
+ ccprintf("supported : %s\n", rv ? "no" : "yes");
if (rv == ARCVE_FLASH_READ_FAILED)
return EC_ERROR_CRC; /* No verification possible. */
/* All other AP RO verificaiton unsupported reasons are fine */
if (rv)
return EC_SUCCESS;
- ccprintf("boot validated: %s\n", validated_ap_ro_boot ? "yes" : "no");
ccprintf("sha256 hash %ph\n",
HEX_BUF(p_chk->payload.digest, sizeof(p_chk->payload.digest)));
ccprintf("Covered ranges:\n");
@@ -393,7 +398,7 @@ static enum vendor_cmd_rc vc_get_ap_ro_status(enum vendor_cmd_cc code,
void *buf, size_t input_size,
size_t *response_size)
{
- uint8_t rv = AP_RO_NOT_RUN;
+ uint8_t rv = apro_result;
uint8_t *response = buf;
CPRINTS("Check AP RO status");
@@ -402,13 +407,9 @@ static enum vendor_cmd_rc vc_get_ap_ro_status(enum vendor_cmd_cc code,
if (input_size)
return VENDOR_RC_BOGUS_ARGS;
- if (ap_ro_check_unsupported(false))
- rv = AP_RO_UNSUPPORTED;
- else if (ec_rst_override())
- rv = AP_RO_FAIL;
- else if (validated_ap_ro_boot)
- rv = AP_RO_PASS;
-
+ if ((apro_result != AP_RO_UNSUPPORTED_TRIGGERED) &&
+ (ap_ro_check_unsupported(false) != ARCVE_OK))
+ rv = AP_RO_UNSUPPORTED_NOT_TRIGGERED;
*response_size = 1;
response[0] = rv;
return VENDOR_RC_SUCCESS;
diff --git a/include/ap_ro_integrity_check.h b/include/ap_ro_integrity_check.h
index b07e4b71c7..12d701c44b 100644
--- a/include/ap_ro_integrity_check.h
+++ b/include/ap_ro_integrity_check.h
@@ -12,7 +12,9 @@ enum ap_ro_status {
AP_RO_NOT_RUN = 0,
AP_RO_PASS,
AP_RO_FAIL,
- AP_RO_UNSUPPORTED,
+ AP_RO_UNSUPPORTED_UNKNOWN, /* Deprecated */
+ AP_RO_UNSUPPORTED_NOT_TRIGGERED,
+ AP_RO_UNSUPPORTED_TRIGGERED,
};
/*
* validate_ap_ro: based on information saved in an H1 RO flash page verify
View Lorry Controller Status