diff options
-rw-r--r-- | common/vboot_hash.c | 17 | ||||
-rw-r--r-- | include/config.h | 25 | ||||
-rw-r--r-- | zephyr/app/ec/main.c | 8 |
3 files changed, 46 insertions, 4 deletions
diff --git a/common/vboot_hash.c b/common/vboot_hash.c index 04e3ae5f7f..9a6b9c196b 100644 --- a/common/vboot_hash.c +++ b/common/vboot_hash.c @@ -127,10 +127,27 @@ static void hash_next_chunk(size_t size) static void vboot_hash_all_chunks(void) { + uint64_t prev_watchdog; + + if (IS_ENABLED(CONFIG_VBOOT_HASH_RELOAD_WATCHDOG)) { + prev_watchdog = get_time().val; + watchdog_reload(); + } + do { size_t size = MIN(CHUNK_SIZE, data_size - curr_pos); hash_next_chunk(size); curr_pos += size; + + if (IS_ENABLED(CONFIG_VBOOT_HASH_RELOAD_WATCHDOG)) { + uint64_t cur_time = get_time().val; + + if ((cur_time - prev_watchdog) > + (CONFIG_WATCHDOG_PERIOD_MS * 1000 / 2)) { + watchdog_reload(); + prev_watchdog = cur_time; + } + } } while (curr_pos < data_size); hash = SHA256_final(&ctx); diff --git a/include/config.h b/include/config.h index 7f61f5cf94..a72534aa88 100644 --- a/include/config.h +++ b/include/config.h @@ -4894,6 +4894,15 @@ /* Support computing hash of code for verified boot */ #undef CONFIG_VBOOT_HASH +/* + * Reload the watchdog at 1/2 the watchdog period during hash + * calculation. When CONFIG_SHA256_HW_ACCELERATE and + * CONFIG_SHA256_UNROLLED are disabled, the hash calculation may trip + * the watchdog. This option becomes enabled by default when both + * those options are disabled. + */ +#undef CONFIG_VBOOT_HASH_RELOAD_WATCHDOG + /* Support for secure temporary storage for verified boot */ #undef CONFIG_VSTORE @@ -6177,4 +6186,20 @@ "when CONFIG_SYSTEM_UNLOCK is also enabled." #endif /* CONFIG_BYPASS_CBI_EEPROM_WP_CHECK && !CONFIG_SYSTEM_UNLOCK */ +/* + * Enable CONFIG_VBOOT_HASH_RELOAD_WATCHDOG by default when these + * conditions are met: + * - Watchdog enabled + * - No hardware acceleration for SHA256 calculation + * - Loops for SHA256 calculation are not unrolled + * + * See the CONFIG_VBOOT_HASH_RELOAD_WATCHDOG entry in this file for an + * explanation as to why this is necessary. + */ +#if defined(CONFIG_WATCHDOG) && !defined(CONFIG_SHA256_HW_ACCELERATE) && \ + !defined(CONFIG_SHA256_UNROLLED) && \ + !defined(CONFIG_VBOOT_HASH_RELOAD_WATCHDOG) +#define CONFIG_VBOOT_HASH_RELOAD_WATCHDOG +#endif + #endif /* __CROS_EC_CONFIG_H */ diff --git a/zephyr/app/ec/main.c b/zephyr/app/ec/main.c index d0bf87475d..e297dae2d9 100644 --- a/zephyr/app/ec/main.c +++ b/zephyr/app/ec/main.c @@ -42,6 +42,10 @@ void main(void) } } + if (IS_ENABLED(CONFIG_PLATFORM_EC_WATCHDOG)) { + watchdog_init(); + } + if (IS_ENABLED(CONFIG_PLATFORM_EC_VBOOT)) { /* * For RO, it behaves as follows: @@ -52,10 +56,6 @@ void main(void) vboot_main(); } - if (IS_ENABLED(CONFIG_PLATFORM_EC_WATCHDOG)) { - watchdog_init(); - } - /* Call init hooks before main tasks start */ if (IS_ENABLED(CONFIG_PLATFORM_EC_HOOKS)) { hook_notify(HOOK_INIT); |