summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--common/ap_ro_integrity_check.c30
-rw-r--r--extra/usb_updater/gsctool.c12
-rw-r--r--include/ap_ro_integrity_check.h4
3 files changed, 28 insertions, 18 deletions
diff --git a/common/ap_ro_integrity_check.c b/common/ap_ro_integrity_check.c
index 8465983eea..37e2a6311c 100644
--- a/common/ap_ro_integrity_check.c
+++ b/common/ap_ro_integrity_check.c
@@ -315,7 +315,7 @@ static const struct ap_ro_check *p_chk =
* Track if the AP RO hash was validated this boot. Must be cleared every AP
* reset.
*/
-static uint8_t validated_ap_ro_boot;
+static enum ap_ro_status apro_result = AP_RO_NOT_RUN;
/*
* In dev signed Cr50 images this is the hash of
@@ -488,9 +488,10 @@ static int verify_keyblock(const struct kb_container *kbc,
/* Clear validate_ap_ro_boot state. */
void ap_ro_device_reset(void)
{
- if (validated_ap_ro_boot)
- CPRINTS("%s: clear validated state", __func__);
- validated_ap_ro_boot = 0;
+ if (apro_result == AP_RO_NOT_RUN)
+ return;
+ CPRINTS("%s: clear apro result", __func__);
+ apro_result = AP_RO_NOT_RUN;
}
/* Erase flash page containing the AP RO verification data hash. */
@@ -1361,8 +1362,10 @@ static uint8_t do_ap_ro_check(void)
support_status = ap_ro_check_unsupported(true);
if ((support_status == ARCVE_BOARD_ID_BLOCKED) ||
- (support_status == ARCVE_FLASH_READ_FAILED))
+ (support_status == ARCVE_FLASH_READ_FAILED)) {
+ apro_result = AP_RO_UNSUPPORTED_TRIGGERED;
return EC_ERROR_UNIMPLEMENTED;
+ }
enable_ap_spi_hash_shortcut();
@@ -1398,6 +1401,7 @@ static uint8_t do_ap_ro_check(void)
disable_ap_spi_hash_shortcut();
if (rv != EC_SUCCESS) {
+ apro_result = AP_RO_FAIL;
/* Failure reason has already been reported. */
ap_ro_add_flash_event(APROF_CHECK_FAILED);
@@ -1408,8 +1412,8 @@ static uint8_t do_ap_ro_check(void)
*/
rv = EC_ERROR_CRC;
} else {
+ apro_result = AP_RO_PASS;
ap_ro_add_flash_event(APROF_CHECK_SUCCEEDED);
- validated_ap_ro_boot = 1;
CPRINTS("AP RO verification SUCCEEDED!");
}
@@ -1507,13 +1511,14 @@ static int ap_ro_info_cmd(int argc, char **argv)
}
#endif
rv = ap_ro_check_unsupported(false);
+ ccprintf("result : %d\n", apro_result);
+ ccprintf("supported : %s\n", rv ? "no" : "yes");
if (rv == ARCVE_FLASH_READ_FAILED)
return EC_ERROR_CRC; /* No verification possible. */
/* All other AP RO verificaiton unsupported reasons are fine */
if (rv)
return EC_SUCCESS;
- ccprintf("boot validated: %s\n", validated_ap_ro_boot ? "yes" : "no");
ccprintf("sha256 hash %ph\n",
HEX_BUF(p_chk->payload.digest, sizeof(p_chk->payload.digest)));
ccprintf("Covered ranges:\n");
@@ -1538,7 +1543,7 @@ static enum vendor_cmd_rc vc_get_ap_ro_status(enum vendor_cmd_cc code,
void *buf, size_t input_size,
size_t *response_size)
{
- uint8_t rv = AP_RO_NOT_RUN;
+ uint8_t rv = apro_result;
uint8_t *response = buf;
CPRINTS("Check AP RO status");
@@ -1547,12 +1552,9 @@ static enum vendor_cmd_rc vc_get_ap_ro_status(enum vendor_cmd_cc code,
if (input_size)
return VENDOR_RC_BOGUS_ARGS;
- if (ap_ro_check_unsupported(false))
- rv = AP_RO_UNSUPPORTED;
- else if (ec_rst_override())
- rv = AP_RO_FAIL;
- else if (validated_ap_ro_boot)
- rv = AP_RO_PASS;
+ if ((apro_result != AP_RO_UNSUPPORTED_TRIGGERED) &&
+ (ap_ro_check_unsupported(false) != ARCVE_OK))
+ rv = AP_RO_UNSUPPORTED_NOT_TRIGGERED;
*response_size = 1;
response[0] = rv;
diff --git a/extra/usb_updater/gsctool.c b/extra/usb_updater/gsctool.c
index fed12126df..cf28976755 100644
--- a/extra/usb_updater/gsctool.c
+++ b/extra/usb_updater/gsctool.c
@@ -2306,7 +2306,7 @@ static int process_get_apro_boot_status(struct transfer_descriptor *td)
}
/* Print the response and meaning, as in 'enum ap_ro_status'. */
- printf("AP RO status = %d: ", response);
+ printf("apro result (%d) : ", response);
switch (response) {
case AP_RO_NOT_RUN:
printf("not run\n");
@@ -2317,8 +2317,14 @@ static int process_get_apro_boot_status(struct transfer_descriptor *td)
case AP_RO_FAIL:
printf("FAIL\n");
break;
- case AP_RO_UNSUPPORTED:
- printf("unsupported\n");
+ case AP_RO_UNSUPPORTED_TRIGGERED:
+ printf("not supported\ntriggered: yes\n");
+ break;
+ case AP_RO_UNSUPPORTED_UNKNOWN:
+ printf("not supported\ntriggered: unknown\n");
+ break;
+ case AP_RO_UNSUPPORTED_NOT_TRIGGERED:
+ printf("not supported\ntriggered: no\n");
break;
default:
fprintf(stderr, "unknown status\n");
diff --git a/include/ap_ro_integrity_check.h b/include/ap_ro_integrity_check.h
index b07e4b71c7..12d701c44b 100644
--- a/include/ap_ro_integrity_check.h
+++ b/include/ap_ro_integrity_check.h
@@ -12,7 +12,9 @@ enum ap_ro_status {
AP_RO_NOT_RUN = 0,
AP_RO_PASS,
AP_RO_FAIL,
- AP_RO_UNSUPPORTED,
+ AP_RO_UNSUPPORTED_UNKNOWN, /* Deprecated */
+ AP_RO_UNSUPPORTED_NOT_TRIGGERED,
+ AP_RO_UNSUPPORTED_TRIGGERED,
};
/*
* validate_ap_ro: based on information saved in an H1 RO flash page verify
View Lorry Controller Status