diff options
| author | Vadim Bendebury <vbendeb@chromium.org> | 2021-11-23 22:05:55 -0800 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-11-29 17:51:41 +0000 |
| commit | 6ba72e7fd312bf9b32bb42ee0afb93082fd91885 (patch) | |
| tree | 58086970387974147f3c0f69415bc994b79cf3fc | |
| parent | 0a7e3292803be9d61bafb8fa235eb57d5e01b1c9 (diff) | |
| download | chrome-ec-6ba72e7fd312bf9b32bb42ee0afb93082fd91885.tar.gz | |
ap_ro_check: fix error processing logic
In a situation where there is a failing V1 check and no V2 information
in the AP flash, the results of V2 check were overriding the results
of V2 check, replacing 'failed' with 'not found'.
This patch prevents the override and simplifies the verification logic
- always check for V2 if V1 check fails.
BUG=b:207545621
TEST=the DUT properly stops booting when a corrupted V1 structure is
detected and V2 structure is not present.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I0abe19780bf34ed4455f1a1a61b9cf23ff83173f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3299280
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
| -rw-r--r-- | common/ap_ro_integrity_check.c | 28 |
1 files changed, 13 insertions, 15 deletions
diff --git a/common/ap_ro_integrity_check.c b/common/ap_ro_integrity_check.c index 13e136f297..6889ae9361 100644 --- a/common/ap_ro_integrity_check.c +++ b/common/ap_ro_integrity_check.c @@ -1327,7 +1327,7 @@ static enum ap_ro_check_result validate_and_cache_ap_ro_v2_from_flash(void) if (read_ap_spi(fmh.fmap_signature, offset, sizeof(fmh.fmap_signature), __LINE__)) - return -1; + return ROV_FAILED; if (memcmp(fmh.fmap_signature, FMAP_SIGNATURE, sizeof(fmh.fmap_signature))) @@ -1338,7 +1338,7 @@ static enum ap_ro_check_result validate_and_cache_ap_ro_v2_from_flash(void) sizeof(fmh.fmap_signature), sizeof(fmh) - sizeof(fmh.fmap_signature), __LINE__)) - return -1; + return ROV_FAILED; /* Verify fmap validity. */ if ((fmh.fmap_ver_major != FMAP_MAJOR_VERSION) || @@ -1361,7 +1361,6 @@ static enum ap_ro_check_result validate_and_cache_ap_ro_v2_from_flash(void) if (ro_gscvd_found) return ROV_FAILED; - return ROV_NOT_FOUND; } @@ -1390,26 +1389,25 @@ static uint8_t do_ap_ro_check(void) rv = ROV_NOT_FOUND; } - - /* - * If a V2 entry is found, or V1 check failed, which could be because - * there is a new RO with a V2 structure. - */ - if ((support_status == ARCVE_NOT_PROGRAMMED) || - (p_chk->header.type == AP_RO_HASH_TYPE_GSCVD) || - (v1_record_found && (rv != ROV_SUCCEEDED))) { + /* If V1 check has not succeeded, try checking for V2. */ + if (rv != ROV_SUCCEEDED) { const struct gvd_descriptor *descriptor; + enum ap_ro_check_result rv2; descriptor = find_v2_entry(); if (descriptor) - rv = validate_cached_ap_ro_v2(descriptor); + rv2 = validate_cached_ap_ro_v2(descriptor); - if ((rv != ROV_SUCCEEDED) || !descriptor) + if ((rv2 != ROV_SUCCEEDED) || !descriptor) /* There could have been a legitimate RO change. */ - rv = validate_and_cache_ap_ro_v2_from_flash(); + rv2 = validate_and_cache_ap_ro_v2_from_flash(); + /* + * Unless V2 entry is not found, override the V1 result. + */ + if (rv2 != ROV_NOT_FOUND) + rv = rv2; } - disable_ap_spi_hash_shortcut(); if (rv != ROV_SUCCEEDED) { |