diff options
| -rw-r--r-- | board/cr50/wp.c | 19 | ||||
| -rw-r--r-- | board/cr50/wp.h | 5 | ||||
| -rw-r--r-- | common/ccd_config.c | 13 |
3 files changed, 31 insertions, 6 deletions
diff --git a/board/cr50/wp.c b/board/cr50/wp.c index 63de13ed0b..41a676ff91 100644 --- a/board/cr50/wp.c +++ b/board/cr50/wp.c @@ -152,6 +152,18 @@ DECLARE_SAFE_CONSOLE_COMMAND(wp, command_wp, "[<BOOLEAN>/follow_batt_pres [atboot]]", "Get/set the flash HW write-protect signal"); +void set_wp_follow_ccd_config(void) +{ + if (ccd_get_flag(CCD_FLAG_OVERRIDE_WP_AT_BOOT)) { + /* Reset to at-boot state specified by CCD */ + force_write_protect(1, ccd_get_flag + (CCD_FLAG_OVERRIDE_WP_STATE_ENABLED)); + } else { + /* Reset to WP based on battery-present (val is ignored) */ + force_write_protect(0, 1); + } +} + void init_wp_state(void) { /* Check system reset flags after CCD config is initially loaded */ @@ -170,13 +182,8 @@ void init_wp_state(void) /* Write protected if battery is present */ set_wp_state(board_battery_is_present()); } - } else if (ccd_get_flag(CCD_FLAG_OVERRIDE_WP_AT_BOOT)) { - /* Reset to at-boot state specified by CCD */ - force_write_protect(1, ccd_get_flag( - CCD_FLAG_OVERRIDE_WP_STATE_ENABLED)); } else { - /* Reset to WP based on battery-present (val is ignored) */ - force_write_protect(0, 1); + set_wp_follow_ccd_config(); } } diff --git a/board/cr50/wp.h b/board/cr50/wp.h index 6d93145ba6..35c02ae215 100644 --- a/board/cr50/wp.h +++ b/board/cr50/wp.h @@ -21,4 +21,9 @@ void init_wp_state(void); */ void read_fwmp(void); +/** + * Set WP as dicated by CCD configuration. + */ +void set_wp_follow_ccd_config(void); + #endif /* ! __EC_BOARD_CR50_WP_H */ diff --git a/common/ccd_config.c b/common/ccd_config.c index 3e8165e97f..18b9aaa077 100644 --- a/common/ccd_config.c +++ b/common/ccd_config.c @@ -24,6 +24,7 @@ #include "tpm_registers.h" #include "tpm_vendor_cmds.h" #include "trng.h" +#include "wp.h" #define CPRINTS(format, args...) cprints(CC_CCD, format, ## args) #define CPRINTF(format, args...) cprintf(CC_CCD, format, ## args) @@ -1530,6 +1531,7 @@ static enum vendor_cmd_rc ccd_disable_rma(enum vendor_cmd_cc code, do { if (raw_has_password()) { error_line = __LINE__; + rv = EC_ERROR_ACCESS_DENIED; break; } @@ -1571,6 +1573,17 @@ static enum vendor_cmd_rc ccd_disable_rma(enum vendor_cmd_cc code, ccd_lock(NULL, 0, NULL); + + /* + * We do it here to make sure that the device comes out of RMA + * with WP enabled, but in general CCD reset needs to enforce + * WP state. + * + * TODO(rspangler): sort out CCD state and WP correlation, + * b/73075443. + */ + set_wp_follow_ccd_config(); + *response_size = 0; return VENDOR_RC_SUCCESS; } while (0); |