From dd15f8676d55ef1c78f78016ce6c6175d3806174 Mon Sep 17 00:00:00 2001 From: Vadim Bendebury Date: Wed, 27 May 2020 10:26:27 -0700 Subject: ap_ro: add handling of the corrupted hash This patch closes the AP RO verification loop on the Cr50 side. If the check is triggered, the valid AP hash is found, and the RO contents is found to not match the hash, the Cr50 will - assert the EC reset; - set a flag to prevent the code from deasserting EC reset; - start a periodic hook to reassert EC reset in case the user hits power+refresh. This will prevent the Chrome OS device from booting. A new CLI command is being added to display the verification state. In developer images the new command would allow to clear the failure state, when running prod images the only way out of the failure state would be the powercycle. BUG=b:153764696 TEST=verified that erasing or programming AP RO hash when board ID is set is impossible. Verified proper shutdown in case AP RO has is present and the AP RO space is corrupted and recovery using the new cli command when running a dev image. Verified that 'ecrst off' properly reports the override. Signed-off-by: Vadim Bendebury Change-Id: I1029114126a9a79f80385af7bc8d5467738e04ca Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2218676 Reviewed-by: Mary Ruthven --- board/cr50/board.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'board/cr50/board.c') diff --git a/board/cr50/board.c b/board/cr50/board.c index 6843673662..defb033d52 100644 --- a/board/cr50/board.c +++ b/board/cr50/board.c @@ -1175,6 +1175,12 @@ void assert_ec_rst(void) void deassert_ec_rst(void) { + if (ec_rst_override()) { + ccprintf("EC un-reset blocked, try powercycle or Cr50 reboot." + "\n"); + return; + } + wait_ec_rst(0); if (uart_bitbang_is_enabled()) -- cgit v1.2.1