diff options
| author | Vadim Bendebury <vbendeb@chromium.org> | 2020-06-26 16:01:59 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-07-07 01:02:33 +0000 |
| commit | b1da01d568865aedf1d113cf81c678f605b3dc73 (patch) | |
| tree | fdddca9d2fb4dd911a01bcdf1260cfd2a9ea2749 | |
| parent | 8855605441c69ace829d4acbe584df4f8bf140a5 (diff) | |
| download | chrome-ec-b1da01d568865aedf1d113cf81c678f605b3dc73.tar.gz | |
system: make sure CR50_DEV images will not update info map
Despite all make tricks, sometimes switching between make invocations
with CR50_DEV defined and not defined, the code which updates the
IFNO1 RW rollback space runs even when CR50_DEV was defined at compile
time and the image header rollback space is set to all zeros.
This causes complete clearing of the INFO1 RW rollback space, which in
turn prevents from running images built without CR50_DEV=1.
Let's add a check to see if the currently running image has the entire
rollback space in the header erased, and not proceed with the INFO1
space update in this case.
BUG=b:160013710
TEST=verified that images built both with CR50_DEV defined and not
defined run properly.
- removed '#ifndef CR50_DEV' block around lines 610..719 and built
and ran the image, observed the "Skipped updating INFO1 RW" map
message.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I63a54ba2a82cd250d1e4018768b7a55c406b69c0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2271016
Reviewed-by: Andrey Pronin <apronin@chromium.org>
| -rw-r--r-- | chip/g/system.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/chip/g/system.c b/chip/g/system.c index d68da094f2..2e464391db 100644 --- a/chip/g/system.c +++ b/chip/g/system.c @@ -610,6 +610,8 @@ static void update_rollback_mask(uint32_t addr_a, uint32_t addr_b, #ifndef CR50_DEV const struct SignedHeader *header_a; const struct SignedHeader *header_b; + const struct SignedHeader *header_this; + int updated_words_count = 0; int i; int write_enabled = 0; @@ -630,6 +632,29 @@ static void update_rollback_mask(uint32_t addr_a, uint32_t addr_b, * (where those bits in the header are not zeroed) will fail, thus * ensuring rollback protection. */ + /* + * Due to build system quirks this code could creep in even into + * images which have all rollback bits in the header set to zero + * (usually such images are built with CR50_DEV=1). Let's explicitly + * check that the current running image does not have the rollback + * space completely zeroed. + * + * Note that this function is invoked to update both RO and RW INFO1 + * rollback masks, but here we care only about the RW case, since we + * never build RO images with fully erased rollback map. + */ + header_this = (const struct SignedHeader *) + get_program_memory_addr(system_get_image_copy()); + if ((header_this == header_a) || (header_this == header_b)) { + for (i = 0; i < ARRAY_SIZE(header_this->infomap); i++) { + if (header_this->infomap[i]) + break; + } + if (i == ARRAY_SIZE(header_this->infomap)) { + CPRINTS("Skipped updating INFO1 RW map"); + return; + } + } /* For each bit in the header infomap field of the running image. */ for (i = 0; i < INFO_MAX; i++) { uint32_t bit; |