diff options
-rw-r--r-- | common/usb_update.c | 24 | ||||
-rw-r--r-- | include/update_fw.h | 2 |
2 files changed, 26 insertions, 0 deletions
diff --git a/common/usb_update.c b/common/usb_update.c index 0c14d8dfbf..153411b5e0 100644 --- a/common/usb_update.c +++ b/common/usb_update.c @@ -11,6 +11,7 @@ #include "flash.h" #include "queue_policies.h" #include "host_command.h" +#include "rollback.h" #include "rwsig.h" #include "system.h" #include "update_fw.h" @@ -201,7 +202,30 @@ static int try_vendor_command(struct consumer const *consumer, size_t count) flash_set_protect(EC_FLASH_PROTECT_ROLLBACK_AT_BOOT, 0); response = EC_RES_SUCCESS; break; +#ifdef CONFIG_ROLLBACK_SECRET_SIZE +#ifdef CONFIG_ROLLBACK_UPDATE + case UPDATE_EXTRA_CMD_INJECT_ENTROPY: { + /* + * Check that we are provided enough data (header + + * 2 bytes subcommand + secret length). + */ + int header_size = sizeof(*cmd_buffer) + 2; + int entropy_count = count-header_size; + + if (entropy_count < CONFIG_ROLLBACK_SECRET_SIZE) { + CPRINTS("Entropy too short"); + response = EC_RES_INVALID_PARAM; + break; + } + + CPRINTS("Adding %db of entropy", entropy_count); + /* Add the whole buffer to entropy. */ + rollback_add_entropy(buffer+header_size, entropy_count); + break; + } #endif +#endif /* CONFIG_ROLLBACK_SECRET_SIZE */ +#endif /* CONFIG_ROLLBACK */ default: response = EC_RES_INVALID_COMMAND; } diff --git a/include/update_fw.h b/include/update_fw.h index a5fb27ed22..72e278fcc6 100644 --- a/include/update_fw.h +++ b/include/update_fw.h @@ -162,6 +162,8 @@ enum update_extra_command { UPDATE_EXTRA_CMD_STAY_IN_RO = 2, UPDATE_EXTRA_CMD_UNLOCK_RW = 3, UPDATE_EXTRA_CMD_UNLOCK_ROLLBACK = 4, + UPDATE_EXTRA_CMD_INJECT_ENTROPY = 5, + UPDATE_EXTRA_CMD_PAIR_CHALLENGE = 6, }; void fw_update_command_handler(void *body, |