g: optionally check board_id match at upgrade time

CONFIG_IGNORE_G_UPDATE_CHECKS currently drops all upgrade checks.
Now with CONFIG_BOARD_ID_SUPPORT only check for board_id match.

CR50_DEV still retains full no check behavior.

TEST=buildall -j8
BRANCH=none
BUG=none

Change-Id: I0d085a26c814cd0f35450f0a0db06fe8525ab896
Reviewed-on: https://chromium-review.googlesource.com/933589
Commit-Ready: Marius Schilder <mschilder@chromium.org>
Tested-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>

1 files changed, 17 insertions, 0 deletions

diff --git a/chip/g/upgrade_fw.c b/chip/g/upgrade_fw.c
index caa5b88818..d350753fa1 100644
--- a/chip/g/upgrade_fw.c
+++ b/chip/g/upgrade_fw.c
@@ -318,6 +318,23 @@ static int contents_allowed(uint32_t block_offset,
 			    size_t body_size, void *upgrade_data,
 			    uint8_t *error_code)
 {
+#ifndef CR50_DEV
+#ifdef CONFIG_BOARD_ID_SUPPORT
+	if (block_offset == valid_sections.rw_base_offset) {
+		/* This block is a rw header of the new image. */
+		if (body_size < sizeof(struct SignedHeader)) {
+			CPRINTF("%s: block too short\n", __func__);
+			*error_code = UPGRADE_TRUNCATED_HEADER_ERROR;
+			return 0;
+		}
+		if (board_id_mismatch(upgrade_data)) {
+			CPRINTF("%s: rejecting Board ID mismatch.\n", __func__);
+			*error_code = UPGRADE_BOARD_ID_ERROR;
+			return 0;
+		}
+	}
+#endif
+#endif
 	return 1;
 }
 #endif