From 08d9e212d0086a1bff68e78251eedf6434b9245c Mon Sep 17 00:00:00 2001 From: Vadim Bendebury Date: Tue, 28 Dec 2021 16:35:49 -0800 Subject: ap_ro_verification: fix cached verification state The apro_result variable saves the state reported by an attempted AP RO verification, setting this variable to AP_RO_FAIL prevents releasing of the EC reset on the following reboots. In case verification could not be run because control structures have not been found, and there is no evidence of a previously succeeding verification, apro_result has to be set to AP_RO_UNSUPPORTED_TRIGGERED. BUG=b:211762871 TEST=verified various states of AP RO verification, in particular confirmed that running verification on a device where it is not supported does not prevent future reboots. Signed-off-by: Vadim Bendebury Change-Id: I74ad47a6fd92c6d906e723df6e7d37520ff92b27 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3360089 Reviewed-by: Andrey Pronin --- common/ap_ro_integrity_check.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/common/ap_ro_integrity_check.c b/common/ap_ro_integrity_check.c index 14fdb0f876..939a618c64 100644 --- a/common/ap_ro_integrity_check.c +++ b/common/ap_ro_integrity_check.c @@ -1447,21 +1447,24 @@ static uint8_t do_ap_ro_check(void) if (rv != ROV_SUCCEEDED) { /* Failure reason has already been reported. */ - apro_result = AP_RO_FAIL; ap_ro_add_flash_event(APROF_CHECK_FAILED); - /* - * Map failures into EC_ERROR_CRC, this will make sure that in - * case this was invoked by the operator keypress, the device - * will not continue booting. - * - * Both explicit failure to verify OR any error if cached - * descriptor was found should block the booting. - */ if ((rv == ROV_FAILED) || check_is_required()) { + apro_result = AP_RO_FAIL; keep_ec_in_reset(); + /* + * Map failures into EC_ERROR_CRC, this will make sure + * that in case this was invoked by the operator + * keypress, the device will not continue booting. + * + * Both explicit failure to verify OR any error if + * cached descriptor was found should block the + * booting. + */ return EC_ERROR_CRC; } + + apro_result = AP_RO_UNSUPPORTED_TRIGGERED; return EC_ERROR_UNIMPLEMENTED; } -- cgit v1.2.1