diff options
| author | Mary Ruthven <mruthven@chromium.org> | 2022-10-12 14:15:55 -0500 |
|---|---|---|
| committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2022-11-07 18:25:39 +0000 |
| commit | 6fb42d210a39ed93bf8596cd94103f497fdcd869 (patch) | |
| tree | 894a0b19ec1c63adc9a64ff85d30b27676c7a24c | |
| parent | d478eab2eb082728040be64fe1394527a83b117d (diff) | |
| download | chrome-ec-6fb42d210a39ed93bf8596cd94103f497fdcd869.tar.gz | |
apro: prevent key_combo0 from releasing reset for 60 seconds
AP RO verification fails pretty quickly if the v1 check data or gbb data
is corrupted. Prevent releasing EC_RST_L for 60 seconds after AP RO
verification fails. This way the user won't accidentally clear the AP RO
status while triggering AP RO verification.
BUG=b:236844541
TEST=save invalid gbbd data. Verify cr50 rejects releasing EC_RST_L for
one minute.
[14.246295 RO Validation triggered]
[14.248630 do_ap_ro_check: found v1 data]
[14.250152 enable_spi_pinmux: AP]
[14.253627 spi_hash_pp_done: AP]
[14.254688 do_ap_ro_check: bad gbbd]
[14.256019 spi_hash_disable]
[14.257102 AP RO FAILED! evt(13)]
[14.733604 AP off]
[15.782028 ap_ro_clear_ec_rst_override: too soon]
[15.782978 Recovery Requested]
[16.953887 ap_ro_clear_ec_rst_override: too soon]
[16.954856 Recovery Requested]
[76.268520 power button pressed]
[76.524902 ap_ro_clear_ec_rst_override: done]
[76.525802 Recovery Requested]
[76.593330 Refresh press registered]
[76.757183 AP UART on]
[76.897575 Power button released, RO Check Detection stopped]
[77.147407 deferred_tpm_rst_isr]
Change-Id: Ifcdf37df228fe21e6ff0810393e49d6adb2b076a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3949624
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
| -rw-r--r-- | common/ap_ro_integrity_check.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/common/ap_ro_integrity_check.c b/common/ap_ro_integrity_check.c index 0db205b118..0c8f16ad18 100644 --- a/common/ap_ro_integrity_check.c +++ b/common/ap_ro_integrity_check.c @@ -27,6 +27,8 @@ #define CPRINTS(format, args...) cprints(CC_SYSTEM, format, ##args) #define CPRINTF(format, args...) cprintf(CC_SYSTEM, format, ##args) +/* Prevent releasing EC_RST_L for 60 seconds after AP RO verification fails */ +#define DELAY_EC_RST_RELEASE (60 * SECOND) /* FMAP must be aligned at 4K or larger power of 2 boundary. */ #define LOWEST_FMAP_ALIGNMENT (4 * 1024) #define FMAP_SIGNATURE "__FMAP__" @@ -1078,11 +1080,18 @@ static void release_ec_reset_override(void) enable_sleep(SLEEP_MASK_AP_RO_VERIFICATION); } +/* The time in the future at which sleeping will be allowed. */ +static uint32_t ap_ro_failed_time; + /* Only call this through a key combo. */ void ap_ro_clear_ec_rst_override(void) { if (!ec_rst_override()) return; + if ((get_time().le.lo - ap_ro_failed_time) < DELAY_EC_RST_RELEASE) { + CPRINTS("%s: too soon", __func__); + return; + } apro_fail_status_cleared = 1; release_ec_reset_override(); ap_ro_add_flash_event(APROF_FAIL_CLEARED); @@ -1105,6 +1114,7 @@ static uint8_t ap_ro_failed_verification(enum ap_ro_verification_ev event) apro_result = AP_RO_FAIL; ap_ro_add_flash_event(event); keep_ec_in_reset(); + ap_ro_failed_time = get_time().le.lo; /* * Map failures into EC_ERROR_CRC, this will make sure that in case this * was invoked by the operator keypress, the device will not continue |