diff options
-rw-r--r-- | common/ap_ro_integrity_check.c | 30 | ||||
-rw-r--r-- | extra/usb_updater/gsctool.c | 12 | ||||
-rw-r--r-- | include/ap_ro_integrity_check.h | 4 |
3 files changed, 28 insertions, 18 deletions
diff --git a/common/ap_ro_integrity_check.c b/common/ap_ro_integrity_check.c index 8465983eea..37e2a6311c 100644 --- a/common/ap_ro_integrity_check.c +++ b/common/ap_ro_integrity_check.c @@ -315,7 +315,7 @@ static const struct ap_ro_check *p_chk = * Track if the AP RO hash was validated this boot. Must be cleared every AP * reset. */ -static uint8_t validated_ap_ro_boot; +static enum ap_ro_status apro_result = AP_RO_NOT_RUN; /* * In dev signed Cr50 images this is the hash of @@ -488,9 +488,10 @@ static int verify_keyblock(const struct kb_container *kbc, /* Clear validate_ap_ro_boot state. */ void ap_ro_device_reset(void) { - if (validated_ap_ro_boot) - CPRINTS("%s: clear validated state", __func__); - validated_ap_ro_boot = 0; + if (apro_result == AP_RO_NOT_RUN) + return; + CPRINTS("%s: clear apro result", __func__); + apro_result = AP_RO_NOT_RUN; } /* Erase flash page containing the AP RO verification data hash. */ @@ -1361,8 +1362,10 @@ static uint8_t do_ap_ro_check(void) support_status = ap_ro_check_unsupported(true); if ((support_status == ARCVE_BOARD_ID_BLOCKED) || - (support_status == ARCVE_FLASH_READ_FAILED)) + (support_status == ARCVE_FLASH_READ_FAILED)) { + apro_result = AP_RO_UNSUPPORTED_TRIGGERED; return EC_ERROR_UNIMPLEMENTED; + } enable_ap_spi_hash_shortcut(); @@ -1398,6 +1401,7 @@ static uint8_t do_ap_ro_check(void) disable_ap_spi_hash_shortcut(); if (rv != EC_SUCCESS) { + apro_result = AP_RO_FAIL; /* Failure reason has already been reported. */ ap_ro_add_flash_event(APROF_CHECK_FAILED); @@ -1408,8 +1412,8 @@ static uint8_t do_ap_ro_check(void) */ rv = EC_ERROR_CRC; } else { + apro_result = AP_RO_PASS; ap_ro_add_flash_event(APROF_CHECK_SUCCEEDED); - validated_ap_ro_boot = 1; CPRINTS("AP RO verification SUCCEEDED!"); } @@ -1507,13 +1511,14 @@ static int ap_ro_info_cmd(int argc, char **argv) } #endif rv = ap_ro_check_unsupported(false); + ccprintf("result : %d\n", apro_result); + ccprintf("supported : %s\n", rv ? "no" : "yes"); if (rv == ARCVE_FLASH_READ_FAILED) return EC_ERROR_CRC; /* No verification possible. */ /* All other AP RO verificaiton unsupported reasons are fine */ if (rv) return EC_SUCCESS; - ccprintf("boot validated: %s\n", validated_ap_ro_boot ? "yes" : "no"); ccprintf("sha256 hash %ph\n", HEX_BUF(p_chk->payload.digest, sizeof(p_chk->payload.digest))); ccprintf("Covered ranges:\n"); @@ -1538,7 +1543,7 @@ static enum vendor_cmd_rc vc_get_ap_ro_status(enum vendor_cmd_cc code, void *buf, size_t input_size, size_t *response_size) { - uint8_t rv = AP_RO_NOT_RUN; + uint8_t rv = apro_result; uint8_t *response = buf; CPRINTS("Check AP RO status"); @@ -1547,12 +1552,9 @@ static enum vendor_cmd_rc vc_get_ap_ro_status(enum vendor_cmd_cc code, if (input_size) return VENDOR_RC_BOGUS_ARGS; - if (ap_ro_check_unsupported(false)) - rv = AP_RO_UNSUPPORTED; - else if (ec_rst_override()) - rv = AP_RO_FAIL; - else if (validated_ap_ro_boot) - rv = AP_RO_PASS; + if ((apro_result != AP_RO_UNSUPPORTED_TRIGGERED) && + (ap_ro_check_unsupported(false) != ARCVE_OK)) + rv = AP_RO_UNSUPPORTED_NOT_TRIGGERED; *response_size = 1; response[0] = rv; diff --git a/extra/usb_updater/gsctool.c b/extra/usb_updater/gsctool.c index fed12126df..cf28976755 100644 --- a/extra/usb_updater/gsctool.c +++ b/extra/usb_updater/gsctool.c @@ -2306,7 +2306,7 @@ static int process_get_apro_boot_status(struct transfer_descriptor *td) } /* Print the response and meaning, as in 'enum ap_ro_status'. */ - printf("AP RO status = %d: ", response); + printf("apro result (%d) : ", response); switch (response) { case AP_RO_NOT_RUN: printf("not run\n"); @@ -2317,8 +2317,14 @@ static int process_get_apro_boot_status(struct transfer_descriptor *td) case AP_RO_FAIL: printf("FAIL\n"); break; - case AP_RO_UNSUPPORTED: - printf("unsupported\n"); + case AP_RO_UNSUPPORTED_TRIGGERED: + printf("not supported\ntriggered: yes\n"); + break; + case AP_RO_UNSUPPORTED_UNKNOWN: + printf("not supported\ntriggered: unknown\n"); + break; + case AP_RO_UNSUPPORTED_NOT_TRIGGERED: + printf("not supported\ntriggered: no\n"); break; default: fprintf(stderr, "unknown status\n"); diff --git a/include/ap_ro_integrity_check.h b/include/ap_ro_integrity_check.h index b07e4b71c7..12d701c44b 100644 --- a/include/ap_ro_integrity_check.h +++ b/include/ap_ro_integrity_check.h @@ -12,7 +12,9 @@ enum ap_ro_status { AP_RO_NOT_RUN = 0, AP_RO_PASS, AP_RO_FAIL, - AP_RO_UNSUPPORTED, + AP_RO_UNSUPPORTED_UNKNOWN, /* Deprecated */ + AP_RO_UNSUPPORTED_NOT_TRIGGERED, + AP_RO_UNSUPPORTED_TRIGGERED, }; /* * validate_ap_ro: based on information saved in an H1 RO flash page verify |