common/i2c_controller: Fix the port protection logic

Currently depthcharge sends EC_CMD_I2C_PASSTHRU_PROTECT_ENABLE_TCPCS to
protect all the I2C ports after performing auxiliary firmware updates
and before jumping to OS. But the port protect status is overridden by
the absence of passthru_allowed operation for an I2C port. Except for
one board (elm), passthru_allowed operation is not defined for any I2C
ports. This causes the I2C passthrough to remain supported even after
the ports are protected. Fix this by denying the I2C command
passthrough for I2C ports which are protected and have no
passthru_allowed operation defined.

BUG=b:192503665
BRANCH=All
TEST=Build and boot to OS in Drawlat. Ensure that all I2C ports are
protected before jumping to OS and any passthru access is denied after
that.
localhost ~ # ectool i2cread 8 4 0x0b 0x0
EC result 4 (ACCESS_DENIED)
localhost ~ # ectool i2cprotect 4 status
I2C port 4: Protected (1)
localhost ~ #

Change-Id: Ifdf0de9e8be1e245314ce357865ac76db4780bc8
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3004111
Tested-by: Karthikeyan Ramasubramanian <kramasub@chromium.org>
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Commit-Queue: Karthikeyan Ramasubramanian <kramasub@chromium.org>

1 files changed, 4 insertions, 1 deletions

diff --git a/common/i2c_controller.c b/common/i2c_controller.c
index 2e9e1b4b76..10ea4081cd 100644
--- a/common/i2c_controller.c
+++ b/common/i2c_controller.c
@@ -1212,7 +1212,10 @@ static enum ec_status i2c_command_passthru(struct host_cmd_handler_args *args)
 	if (ret)
 		return ret;
 
-	if (port_protected[params->port] && i2c_port->passthru_allowed) {
+	if (port_protected[params->port]) {
+		if (!i2c_port->passthru_allowed)
+			return EC_RES_ACCESS_DENIED;
+
 		for (i = 0; i < params->num_msgs; i++) {
 			if (!i2c_port->passthru_allowed(i2c_port,
 					params->msg[i].addr_flags))