diff options
Diffstat (limited to 'common/rwsig.c')
-rw-r--r-- | common/rwsig.c | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/common/rwsig.c b/common/rwsig.c index f7d9429270..d2218ba77e 100644 --- a/common/rwsig.c +++ b/common/rwsig.c @@ -152,13 +152,43 @@ void check_rw_signature(void) hash = SHA256_final(&ctx); good = rsa_verify(key, sig, hash, rsa_workbuf); + if (!good) + goto out; + +#ifdef CONFIG_ROLLBACK + /* + * Signature verified: we know that rw_rollback_version is valid, check + * if rollback information should be updated. + */ + if (rw_rollback_version != min_rollback_version) { + /* + * This will fail if the rollback block is protected (RW image + * will unprotect that block later on). + */ + int ret = rollback_update(rw_rollback_version); + + if (ret == 0) { + CPRINTS("Rollback updated to %d", + rw_rollback_version); + } else if (ret != EC_ERROR_ACCESS_DENIED) { + CPRINTS("Rollback update error %d", ret); + good = 0; + } + } + + /* + * Lock the ROLLBACK region, this will cause the board to reboot if the + * region is not already protected. + */ + rollback_lock(); +#endif out: + CPRINTS("RW verify %s", good ? "OK" : "FAILED"); + if (good) { - CPRINTS("RW image verified"); /* Jump to the RW firmware */ system_run_image_copy(SYSTEM_IMAGE_RW); } else { - CPRINTS("RSA verify FAILED"); pd_log_event(PD_EVENT_ACC_RW_FAIL, 0, 0, NULL); /* RW firmware is invalid : do not jump there */ if (system_is_locked()) |