diff options
| author | Mary Ruthven <mruthven@chromium.org> | 2020-10-13 05:05:33 +1100 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-11-18 22:23:13 +0000 |
| commit | 6c1c62276e26d7043d7be7f1496d0041049e9f53 (patch) | |
| tree | b4e04813a0e3a18df417fb637228a41cc10686d6 | |
| parent | 26b886623c4e2184f142498b769c415b4e08ac38 (diff) | |
| download | chrome-ec-6c1c62276e26d7043d7be7f1496d0041049e9f53.tar.gz | |
add get apro hash vendor command
Add a vendor command to get the saved AP RO hash, so the factory can
compare the saved hash to the hash they're trying to set.
BUG=b:168634745
TEST=none
Change-Id: Icf644d66f978709e777372f2fe1d80094f60b3e0
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2547197
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
| -rw-r--r-- | common/ap_ro_integrity_check.c | 29 | ||||
| -rw-r--r-- | common/extension.c | 1 | ||||
| -rw-r--r-- | include/tpm_vendor_cmds.h | 3 |
3 files changed, 33 insertions, 0 deletions
diff --git a/common/ap_ro_integrity_check.c b/common/ap_ro_integrity_check.c index ec11e54fd2..3ec0296d9c 100644 --- a/common/ap_ro_integrity_check.c +++ b/common/ap_ro_integrity_check.c @@ -275,6 +275,35 @@ void ap_ro_add_flash_event(enum ap_ro_verification_ev event) flash_log_add_event(FE_LOG_AP_RO_VERIFICATION, sizeof(ev), &ev); } +static enum vendor_cmd_rc vc_get_ap_ro_hash(enum vendor_cmd_cc code, + void *buf, size_t input_size, + size_t *response_size) +{ + int rv; + uint8_t *response = buf; + + *response_size = 0; + if (input_size) + return VENDOR_RC_BOGUS_ARGS; + + if ((p_chk->header.num_ranges == (uint16_t)~0) && + (p_chk->header.checksum == ~0)) { + *response_size = 1; + *response = ARCVE_NOT_PROGRAMMED; + return VENDOR_RC_INTERNAL_ERROR; + } + + rv = verify_ap_ro_check_space(); + if (rv != EC_SUCCESS) + return VENDOR_RC_READ_FLASH_FAIL; + + *response_size = SHA256_DIGEST_SIZE; + memcpy(buf, p_chk->payload.digest, *response_size); + + return VENDOR_RC_SUCCESS; +} +DECLARE_VENDOR_COMMAND(VENDOR_CC_GET_AP_RO_HASH, vc_get_ap_ro_hash); + static int ap_ro_info_cmd(int argc, char **argv) { int rv; diff --git a/common/extension.c b/common/extension.c index 5a8daf6210..22c707b270 100644 --- a/common/extension.c +++ b/common/extension.c @@ -38,6 +38,7 @@ uint32_t extension_route_command(struct vendor_cmd_params *p) #endif /* defined(CR50_DEV) */ case EXTENSION_POST_RESET: /* Always need to reset. */ case VENDOR_CC_CCD: + case VENDOR_CC_GET_AP_RO_HASH: case VENDOR_CC_GET_BOARD_ID: case VENDOR_CC_GET_BOOT_MODE: case VENDOR_CC_RMA_CHALLENGE_RESPONSE: diff --git a/include/tpm_vendor_cmds.h b/include/tpm_vendor_cmds.h index 68f13876b6..006b227729 100644 --- a/include/tpm_vendor_cmds.h +++ b/include/tpm_vendor_cmds.h @@ -151,6 +151,8 @@ enum vendor_cmd_cc { VENDOR_CC_FIPS_CMD = 55, + VENDOR_CC_GET_AP_RO_HASH = 56, + LAST_VENDOR_COMMAND = 65535, }; @@ -257,6 +259,7 @@ enum ap_ro_check_vc_errors { ARCVE_BID_PROGRAMMED = 7, ARCVE_FLASH_ERASE_FAILED = 8, ARCVE_TOO_MANY_RANGES = 9, + ARCVE_NOT_PROGRAMMED = 10, }; /* Structure for VENDOR_CC_SPI_HASH request which follows tpm_header */ |