diff options
author | Vadim Bendebury <vbendeb@chromium.org> | 2019-05-15 18:44:05 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2019-05-24 15:09:47 -0700 |
commit | 60021c7225b3d247113b4c60e056d0cc01ad50ad (patch) | |
tree | 42906cfdc7b2dff7ff36c679e49eccaf348c927c | |
parent | 8610d1cd4c101e7aaa77721a5e68e2f16ea0dd78 (diff) | |
download | chrome-ec-60021c7225b3d247113b4c60e056d0cc01ad50ad.tar.gz |
nvmem: do not run when crypto is disabled
There is no point in trying any nvmem operations when
encryption/decryption services are not available.
Test changes necessary to make sure test app compiles and runs
successfully.
BRANCH=cr50, cr50-mp
BUG=b:132800220
TEST=The device does not crash any more after tpm is disabled.
Change-Id: I97f9afc6e4d5377162500fc757084e4d5a57d37d
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1615424
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
-rw-r--r-- | chip/g/crypto_api.c | 5 | ||||
-rw-r--r-- | chip/host/dcrypto/app_cipher.c | 4 | ||||
-rw-r--r-- | common/new_nvmem.c | 23 | ||||
-rw-r--r-- | include/crypto_api.h | 5 | ||||
-rw-r--r-- | test/nvmem.c | 5 |
5 files changed, 42 insertions, 0 deletions
diff --git a/chip/g/crypto_api.c b/chip/g/crypto_api.c index 267bb31eb6..9c0c7bb8f5 100644 --- a/chip/g/crypto_api.c +++ b/chip/g/crypto_api.c @@ -29,3 +29,8 @@ int app_cipher(const void *salt, void *out, const void *in, size_t size) { return DCRYPTO_app_cipher(NVMEM, salt, out, in, size); } + +int crypto_enabled(void) +{ + return DCRYPTO_ladder_is_enabled(); +} diff --git a/chip/host/dcrypto/app_cipher.c b/chip/host/dcrypto/app_cipher.c index af6c2c4beb..69d54a41b1 100644 --- a/chip/host/dcrypto/app_cipher.c +++ b/chip/host/dcrypto/app_cipher.c @@ -31,3 +31,7 @@ int app_cipher(const void *salt_p, void *out_p, const void *in_p, size_t size) return 1; } +int crypto_enabled(void) +{ + return 1; +} diff --git a/common/new_nvmem.c b/common/new_nvmem.c index de26e0cf90..4975d4fbe6 100644 --- a/common/new_nvmem.c +++ b/common/new_nvmem.c @@ -1462,6 +1462,9 @@ enum ec_error_list new_nvmem_migrate(unsigned int act_partition) int j; struct nn_container *ch; + if (!crypto_enabled()) + return EC_ERROR_INVAL; + /* * This is the first time we save using the new scheme, let's prepare * the flash space. First determine which half is the backup now and @@ -2225,6 +2228,9 @@ enum ec_error_list new_nvmem_init(void) enum ec_error_list rv; timestamp_t start, init; + if (!crypto_enabled()) + return EC_ERROR_INVAL; + total_var_space = 0; /* Initialize NVMEM indices. */ @@ -2649,6 +2655,9 @@ enum ec_error_list new_nvmem_save(void) { enum ec_error_list rv; + if (!crypto_enabled()) + return EC_ERROR_INVAL; + lock_mutex(__LINE__); rv = new_nvmem_save_(); unlock_mutex(__LINE__); @@ -2698,6 +2707,9 @@ const struct tuple *getvar(const uint8_t *key, uint8_t key_len) const struct max_var_container *vc; struct access_tracker at = {}; + if (!crypto_enabled()) + return NULL; + if (!key || !key_len) return NULL; @@ -2854,6 +2866,9 @@ int setvar(const uint8_t *key, uint8_t key_len, const uint8_t *val, { int rv; + if (!crypto_enabled()) + return EC_ERROR_INVAL; + lock_mutex(__LINE__); rv = setvar_(key, key_len, val, val_len); unlock_mutex(__LINE__); @@ -2893,6 +2908,9 @@ int nvmem_erase_tpm_data(void) uint8_t saved_list_index; uint8_t key_len; + if (!crypto_enabled()) + return EC_ERROR_INVAL; + ch = get_scratch_buffer(CONFIG_FLASH_BANK_SIZE); lock_mutex(__LINE__); @@ -2990,6 +3008,11 @@ test_export_static enum ec_error_list browse_flash_contents(int print) struct nn_container *ch; struct access_tracker at = {}; + if (!crypto_enabled()) { + ccprintf("Crypto services not available\n"); + return EC_ERROR_INVAL; + } + ch = get_scratch_buffer(CONFIG_FLASH_BANK_SIZE); lock_mutex(__LINE__); diff --git a/include/crypto_api.h b/include/crypto_api.h index 07bda7f5be..8a8ccacf99 100644 --- a/include/crypto_api.h +++ b/include/crypto_api.h @@ -56,6 +56,11 @@ void app_compute_hash(uint8_t *p_buf, size_t num_bytes, */ int app_cipher(const void *salt, void *out, const void *in, size_t size); +/* + * Return a Boolean showing if crypto hardware is enabled. + */ +int crypto_enabled(void); + #ifdef __cplusplus } #endif diff --git a/test/nvmem.c b/test/nvmem.c index 75bd9f2856..7bac2f9dd7 100644 --- a/test/nvmem.c +++ b/test/nvmem.c @@ -97,6 +97,11 @@ void app_compute_hash(uint8_t *p_buf, size_t num_bytes, } } +int crypto_enabled(void) +{ + return 1; +} + /* Used to allow/prevent Flash erase/write operations */ int flash_pre_op(void) { |