diff options
| author | Mary Ruthven <mruthven@chromium.org> | 2020-10-13 05:07:41 +1100 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-11-18 22:23:09 +0000 |
| commit | 26b886623c4e2184f142498b769c415b4e08ac38 (patch) | |
| tree | e8e4dda2d650c146b2a47684d939ce5673ee2858 | |
| parent | 7f286afb83447fd6a7a76b23f6d726582de7270f (diff) | |
| download | chrome-ec-26b886623c4e2184f142498b769c415b4e08ac38.tar.gz | |
ap_ro_hash: add a maximum number of ranges
It's unlikely any factory process will try to use more than 32 ranges.
This change adds a hard limit to ensure they don't.
BUG=none
TEST=none
Change-Id: I411777c15e52c0af7a59e717bdacbae092dad3ab
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2547196
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
| -rw-r--r-- | common/ap_ro_integrity_check.c | 14 | ||||
| -rw-r--r-- | include/tpm_vendor_cmds.h | 1 |
2 files changed, 15 insertions, 0 deletions
diff --git a/common/ap_ro_integrity_check.c b/common/ap_ro_integrity_check.c index bb9f62abd6..ec11e54fd2 100644 --- a/common/ap_ro_integrity_check.c +++ b/common/ap_ro_integrity_check.c @@ -27,6 +27,16 @@ struct flash_range { uint32_t range_size; } __packed; +/* + * A somewhat arbitrary maximum number of AP RO hash ranges to save. There are + * 27 regions in a FMAP layout. The AP RO ranges should only be from the RO + * region. It's unlikely anyone will need more than 32 ranges. + * If there are AP RO hash issues, the team will likely need to look at the + * value of each range what part of the FMAP it corresponds to. Enforce a limit + * to the number of ranges, so it's easier to debug and to make people consider + * why they would need more than 32 ranges. + */ +#define APRO_MAX_NUM_RANGES 32 /* Values used for sanity check of the flash_range structure fields. */ #define MAX_SUPPORTED_FLASH_SIZE (32 * 1024 * 1024) #define MAX_SUPPORTED_RANGE_SIZE (4 * 1024 * 1024) @@ -132,6 +142,10 @@ static enum vendor_cmd_rc vc_seed_ap_ro_check(enum vendor_cmd_cc code, vc_num_of_ranges = (input_size - SHA256_DIGEST_SIZE) / sizeof(struct flash_range); + if (vc_num_of_ranges > APRO_MAX_NUM_RANGES) { + *response = ARCVE_TOO_MANY_RANGES; + return VENDOR_RC_BOGUS_ARGS; + } for (i = 0; i < vc_num_of_ranges; i++) { if (vc_payload->ranges[i].range_size > MAX_SUPPORTED_RANGE_SIZE) { diff --git a/include/tpm_vendor_cmds.h b/include/tpm_vendor_cmds.h index 63426cf6dc..68f13876b6 100644 --- a/include/tpm_vendor_cmds.h +++ b/include/tpm_vendor_cmds.h @@ -256,6 +256,7 @@ enum ap_ro_check_vc_errors { ARCVE_FLASH_WRITE_FAILED = 6, ARCVE_BID_PROGRAMMED = 7, ARCVE_FLASH_ERASE_FAILED = 8, + ARCVE_TOO_MANY_RANGES = 9, }; /* Structure for VENDOR_CC_SPI_HASH request which follows tpm_header */ |