From a6ce030a8423461a5026e30198e3e71c33b3d6c3 Mon Sep 17 00:00:00 2001 From: Nicolas Boichat Date: Tue, 1 Aug 2017 10:40:22 +0800 Subject: hammer: Disable USB I2C passthrough when system is locked Leaving the I2C passthrough to the trackpad open causes security issues, let's make sure we disable that in the field, whenever the WP screw is on (and system is locked, which will be synonymous for production firmwares). BRANCH=none BUG=b:37926507 TEST=- In board/hammer/board.h, uncomment CONFIG_SYSTEM_UNLOCKED - Flash hammer (both RO and RW) - Trackpad updating still works (touchpad_updater on DUT) - Make sure WP is on dut-control -p 9000 fw_wp_vref:pp3300 fw_wp_en:on fw_wp:on - hammer console: flashwp true; reboot - Trackpad updating fails (cannot read iap password.) Change-Id: I247bb9c62ea00d6cb3631c919d27305f4d291d68 Signed-off-by: Nicolas Boichat Reviewed-on: https://chromium-review.googlesource.com/595290 Commit-Ready: Nicolas Boichat Tested-by: Nicolas Boichat Reviewed-by: Aseda Aboagye --- board/hammer/board.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'board/hammer') diff --git a/board/hammer/board.c b/board/hammer/board.c index a3e90dc14b..f3b693e93a 100644 --- a/board/hammer/board.c +++ b/board/hammer/board.c @@ -80,7 +80,12 @@ BUILD_ASSERT(ARRAY_SIZE(pwm_channels) == PWM_CH_COUNT); int usb_i2c_board_enable(void) { return EC_SUCCESS; } void usb_i2c_board_disable(void) {} -int usb_i2c_board_is_enabled(void) { return 1; } + +int usb_i2c_board_is_enabled(void) +{ + /* Disable I2C passthrough when the system is locked */ + return !system_is_locked(); +} #ifdef CONFIG_KEYBOARD_BOARD_CONFIG struct keyboard_scan_config keyscan_config = { -- cgit v1.2.1