From 2dc1ac3ffcbef2da74f717472b8404ba5bc65e1e Mon Sep 17 00:00:00 2001
From: Louis Collard <louiscollard@chromium.org>
Date: Fri, 21 Sep 2018 11:45:23 +0800
Subject: cr50: Only allow SN hash to be written if board ID is not set.

This should restrict SN hash such that is can only be written at
factory (before board id), with the exception of some edge cases
where devices that have left factory do not have a board id set.

BUG=b:111195266
TEST=tested locally on soraka
BRANCH=none

Change-Id: I2ae39e2db4b1a01ec5ec9855634357434f01020b
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1237696
Reviewed-by: Andrey Pronin <apronin@chromium.org>
---
 chip/g/sn_bits.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/chip/g/sn_bits.c b/chip/g/sn_bits.c
index 2e12db832f..e56aa7408f 100644
--- a/chip/g/sn_bits.c
+++ b/chip/g/sn_bits.c
@@ -3,6 +3,7 @@
  * found in the LICENSE file.
  */
 
+#include "board_id.h"
 #include "board_space.h"
 #include "console.h"
 #include "extension.h"
@@ -73,6 +74,7 @@ static int write_sn_data(struct sn_data *sn_data, int header_only)
 
 	return rv;
 }
+
 /**
  * Initialize SN data space in flash INFO1, and write sn hash. This can only
  * be called once per device; subsequent calls on a device that has already
@@ -150,6 +152,7 @@ static enum vendor_cmd_rc vc_sn_set_hash(enum vendor_cmd_cc code,
 					 size_t input_size,
 					 size_t *response_size)
 {
+	struct board_id bid;
 	uint32_t sn_hash[3];
 	uint8_t *pbuf = buf;
 
@@ -160,12 +163,22 @@ static enum vendor_cmd_rc vc_sn_set_hash(enum vendor_cmd_cc code,
 		return VENDOR_RC_BOGUS_ARGS;
 	}
 
+	/*
+	 * Only allow writing sn bits if we can successfully verify
+	 * that the board ID has not been writen yet.
+	 */
+	if (read_board_id(&bid) != EC_SUCCESS ||
+	    ~(bid.type & bid.type_inv & bid.flags) != 0) {
+		*pbuf = EC_ERROR_ACCESS_DENIED;
+		return *pbuf;
+	}
+
 	memcpy(&sn_hash, pbuf, sizeof(sn_hash));
 
 	/* We care about the LSB only. */
 	*pbuf = (uint8_t) write_sn_hash(sn_hash);
 
-	return *pbuf;
+	return VENDOR_RC_NOT_ALLOWED;
 }
 DECLARE_VENDOR_COMMAND(VENDOR_CC_SN_SET_HASH, vc_sn_set_hash);
 
-- 
cgit v1.2.1