diff options
Diffstat (limited to 'common/ec_efs.c')
-rw-r--r-- | common/ec_efs.c | 46 |
1 files changed, 42 insertions, 4 deletions
diff --git a/common/ec_efs.c b/common/ec_efs.c index fabc549ec8..d7bc881872 100644 --- a/common/ec_efs.c +++ b/common/ec_efs.c @@ -7,10 +7,16 @@ #include "common.h" #include "console.h" #include "ec_comm.h" +#include "ccd_config.h" #include "crc8.h" #include "ec_commands.h" #include "extension.h" #include "hooks.h" +#ifndef BOARD_HOST +#include "Global.h" +#include "NV_fp.h" +#include "nvmem.h" +#endif #include "registers.h" #include "system.h" #include "tpm_nvmem.h" @@ -288,15 +294,47 @@ void ec_efs_print_status(void) #endif } -#ifdef CR50_RELAXED -void ec_efs_corrupt_hash(void) +enum ec_error_list ec_efs_corrupt_hash(void) { +#ifndef BOARD_HOST + struct vb2_secdata_kernel secdata; + const uint8_t secdata_size = sizeof(struct vb2_secdata_kernel); + TPM_HANDLE object_handle; + NV_INDEX nvIndex; + uint8_t size_to_crc; int i; + /* Check CCD is opened */ + if (ccd_get_state() != CCD_STATE_OPENED) { + ccprintf("CCD is not opened\n"); + return EC_ERROR_ACCESS_DENIED; + } + + /* Read the kernel secdata */ + if (read_tpm_nvmem(KERNEL_NV_INDEX, secdata_size, + (void *)&secdata) != TPM_READ_SUCCESS) + return EC_ERROR_VBOOT_DATA_UNDERSIZED; + + /* Modify hash */ for (i = 0; i < SHA256_DIGEST_SIZE; i++) - ec_efs_ctx.hash[i] = ~ec_efs_ctx.hash[i] + 0x01; -} + secdata.ec_hash[i] = ~ec_efs_ctx.hash[i] + 0x01; + + size_to_crc = secdata_size - + offsetof(struct vb2_secdata_kernel, crc8) - + sizeof(secdata.crc8); + secdata.crc8 = crc8((uint8_t *)&secdata.reserved0, size_to_crc); + + /* Corrupt KERNEL_NV_INDEX in nvmem cache. */ + object_handle = HR_NV_INDEX + KERNEL_NV_INDEX; + NvGetIndexInfo(object_handle, &nvIndex); + NvWriteIndexData(object_handle, &nvIndex, 0, secdata_size, &secdata); + nvmem_unlock_cache(1); + + /* Reload the corrupted ECRW-hash from kernel secdata. */ + ec_efs_refresh(); #endif + return EC_SUCCESS; +} #ifdef BOARD_HOST uint8_t ec_efs_get_boot_mode(void) |