diff options
| author | Vadim Bendebury <vbendeb@chromium.org> | 2017-06-13 16:07:36 -0700 |
|---|---|---|
| committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2017-09-14 16:55:39 +0000 |
| commit | 616c9246d68ec472d839322c743e4f404861add1 (patch) | |
| tree | 96fb93497ccf65c302348f4733a80efc1a07e5a1 | |
| parent | 4535fedbbf9efeb4393638b9d390a907d782b5f5 (diff) | |
| download | chrome-ec-616c9246d68ec472d839322c743e4f404861add1.tar.gz | |
cr50: check for board ID match at startup
When starting up the Cr50 should check if this image is supposed to
run on a chip with the board ID value read from INFO1.
If it is not supposed to run on this chip, and there is no rollback
counter overflow, set the rollback counter to a value which will
trigger a rollback and reboot.
If rollback counter has already exceeded the threshold - set a flag
indicating that the image is running in the "mismatch" mode and
continue.
BRANCH=cr50
BUG=b:35586335
TEST=with the rest of the patches applied verified both falling back
to an older image and continuing running with the flag set if
rollback is not possible.
Change-Id: I58d97de61dc446aaf1dd06b6e2b6bb426c14a172
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/535977
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit c54375df264afc9b8bf8d53f4c04b8f78e06f317)
Reviewed-on: https://chromium-review.googlesource.com/556231
(cherry picked from commit aba975bca2a471758450d056b42476a29fff7a0e)
Reviewed-on: https://chromium-review.googlesource.com/666522
| -rw-r--r-- | board/cr50/board.c | 38 | ||||
| -rw-r--r-- | board/cr50/board.h | 1 |
2 files changed, 35 insertions, 4 deletions
diff --git a/board/cr50/board.c b/board/cr50/board.c index 5e2c746cf5..e0066c3829 100644 --- a/board/cr50/board.c +++ b/board/cr50/board.c @@ -2,15 +2,14 @@ * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ - -#include <endian.h> - +#include "board_id.h" #include "clock.h" #include "common.h" #include "console.h" #include "dcrypto/dcrypto.h" #include "device_state.h" #include "ec_version.h" +#include "endian.h" #include "extension.h" #include "flash.h" #include "flash_config.h" @@ -34,8 +33,8 @@ #include "uartn.h" #include "usb_descriptor.h" #include "usb_hid.h" -#include "usb_spi.h" #include "usb_i2c.h" +#include "usb_spi.h" #include "util.h" #include "wp.h" @@ -550,6 +549,35 @@ void decrement_retry_counter(void) } } +static uint8_t mismatched_board_id; + +int board_id_is_mismatched(void) +{ + return !!mismatched_board_id; +} + +static void check_board_id_mismatch(void) +{ + if (!board_id_mismatch()) + return; + + if (system_rollback_detected()) { + /* + * We are in a rollback, the other image must be no good. + * Let's keep going with the TPM disabled, only updates will + * be allowed. + */ + mismatched_board_id = 1; + ccprintf("Board ID mismatched, but can not reboot.\n"); + return; + } + + system_ensure_rollback(); + ccprintf("Rebooting due to board ID mismatch\n"); + cflush(); + system_reset(0); +} + /* Initialize board. */ static void board_init(void) { @@ -575,6 +603,8 @@ static void board_init(void) /* Indication that firmware is running, for debug purposes. */ GREG32(PMU, PWRDN_SCRATCH16) = 0xCAFECAFE; + check_board_id_mismatch(); + /* Enable battery cutoff software support on detachable devices. */ if (system_battery_cutoff_support_required()) set_up_battery_cutoff_monitor(); diff --git a/board/cr50/board.h b/board/cr50/board.h index e6f873cc80..0b0e303976 100644 --- a/board/cr50/board.h +++ b/board/cr50/board.h @@ -189,6 +189,7 @@ int board_use_plt_rst(void); int board_rst_pullup_needed(void); int board_tpm_uses_i2c(void); int board_tpm_uses_spi(void); +int board_id_is_mismatched(void); /* Returns True if chip is brought up in a factory test harness. */ int chip_factory_mode(void); |