ap_ro_integrity_check: Add vendor command to check status

AP RO verification has four outcomes. Shimless RMA needs to be able to check the status. This change adds a vendor command to check the AP RO verification status NOT_TRIGGERED: The last AP reboot was not triggered by RO verification key combination. PASS: The last AP reboot was triggered by RO verification key combination, and the verification passes FAIL: The last AP reboot was triggered by RO verification key combination, and it fails. In reality, the device should brick and the system will not see this response. UNSUPPORTED: The last AP reboot was triggered by RO verification key combination, but there is no data to perform it or the board doesn't support it. BUG=b:182594555 TEST=manual # Erase board id # Erase AP RO hash cr50 > ap_ro_info erase # Check status AP RO status = 3: unsupported # Set gbb flags /usr/share/vboot/bin/set_gbb_flags.sh 0x140 # Set AP RO hash ./util/ap_ro_hash.py -v True GBB # Check status AP RO status = 0: not run # Trigger verification # Check status AP RO status = 1: pass # Change gbb flags /usr/share/vboot/bin/set_gbb_flags.sh 0xa39 # Trigger verification # Check status AP RO status = 2: FAIL # Set board id to DUKI:0x10 # Check status AP RO status = 3: unsupported Change-Id: I354ccd6317cd36008a66ffd93afb3ee95f3c3561 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2950314 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
author: Mary Ruthven <mruthven@chromium.org> 2021-06-09 17:39:28 -0500
committer: Commit Bot <commit-bot@chromium.org> 2021-06-18 18:45:12 +0000
commit: 49a02d634caaa5db07653f1669ff9ae35268116d (patch)
tree: 8921725986da8d33eee54e87913f7cd7da2d846c /common
parent: b231b059c0947522e4a0c9815eab1a5c2601718f (diff)
download: chrome-ec-49a02d634caaa5db07653f1669ff9ae35268116d.tar.gz
3 files changed, 47 insertions, 0 deletions
diff --git a/common/ap_ro_integrity_check.c b/common/ap_ro_integrity_check.c
index f2339ddb86..584c9ca36d 100644
--- a/common/ap_ro_integrity_check.c
+++ b/common/ap_ro_integrity_check.c
@@ -80,6 +80,19 @@ struct ap_ro_check {
 static const struct ap_ro_check *p_chk =
 	(const struct ap_ro_check *)AP_RO_DATA_SPACE_ADDR;
 
+/*
+ * Track if the AP RO hash was validated this boot. Must be cleared every AP
+ * reset.
+ */
+static uint8_t validated_ap_ro_boot;
+
+void ap_ro_device_reset(void)
+{
+	if (validated_ap_ro_boot)
+		CPRINTS("%s: clear validated state", __func__);
+	validated_ap_ro_boot = 0;
+}
+
 static int ap_ro_erase_hash(void)
 {
 	int rv;
@@ -289,6 +302,7 @@ int validate_ap_ro(void)
 	} else {
 		ap_ro_add_flash_event(APROF_CHECK_SUCCEEDED);
 		rv = EC_SUCCESS;
+		validated_ap_ro_boot = 1;
 		CPRINTS("AP RO verification SUCCEEDED!");
 	}
 	disable_ap_spi_hash_shortcut();
@@ -356,6 +370,7 @@ static int ap_ro_info_cmd(int argc, char **argv)
 	if (rv)
 		return EC_SUCCESS;
 
+	ccprintf("boot validated: %s\n", validated_ap_ro_boot ? "yes" : "no");
 	ccprintf("sha256 hash %ph\n",
 		 HEX_BUF(p_chk->payload.digest, sizeof(p_chk->payload.digest)));
 	ccprintf("Covered ranges:\n");
@@ -375,3 +390,29 @@ DECLARE_SAFE_CONSOLE_COMMAND(ap_ro_info, ap_ro_info_cmd,
 			     "", "Display AP RO check space"
 #endif
 );
+
+static enum vendor_cmd_rc vc_get_ap_ro_status(enum vendor_cmd_cc code,
+					      void *buf, size_t input_size,
+					      size_t *response_size)
+{
+	uint8_t rv = AP_RO_NOT_RUN;
+	uint8_t *response = buf;
+
+	CPRINTS("Check AP RO status");
+
+	*response_size = 0;
+	if (input_size)
+		return VENDOR_RC_BOGUS_ARGS;
+
+	if (ap_ro_check_unsupported(false))
+		rv = AP_RO_UNSUPPORTED;
+	else if (ec_rst_override())
+		rv = AP_RO_FAIL;
+	else if (validated_ap_ro_boot)
+		rv = AP_RO_PASS;
+
+	*response_size = 1;
+	response[0] = rv;
+	return VENDOR_RC_SUCCESS;
+}
+DECLARE_VENDOR_COMMAND(VENDOR_CC_GET_AP_RO_STATUS, vc_get_ap_ro_status);
diff --git a/common/extension.c b/common/extension.c
index 22c707b270..fb08c0bc3f 100644
--- a/common/extension.c
+++ b/common/extension.c
@@ -39,6 +39,7 @@ uint32_t extension_route_command(struct vendor_cmd_params *p)
 		case EXTENSION_POST_RESET: /* Always need to reset. */
 		case VENDOR_CC_CCD:
 		case VENDOR_CC_GET_AP_RO_HASH:
+		case VENDOR_CC_GET_AP_RO_STATUS:
 		case VENDOR_CC_GET_BOARD_ID:
 		case VENDOR_CC_GET_BOOT_MODE:
 		case VENDOR_CC_RMA_CHALLENGE_RESPONSE:
diff --git a/common/tpm_registers.c b/common/tpm_registers.c
index db974f05b9..6ef281b313 100644
--- a/common/tpm_registers.c
+++ b/common/tpm_registers.c
@@ -779,6 +779,11 @@ static __preserved int wipe_result;
  */
 static int wipe_requested __attribute__((section(".bss.Tpm2_common")));
 
+int tpm_reset_in_progress(void)
+{
+	return reset_in_progress;
+}
+
 int tpm_reset_request(int wait_until_done, int wipe_nvmem_first)
 {
 	uint32_t evt;
author	Mary Ruthven <mruthven@chromium.org>	2021-06-09 17:39:28 -0500
committer	Commit Bot <commit-bot@chromium.org>	2021-06-18 18:45:12 +0000
commit	49a02d634caaa5db07653f1669ff9ae35268116d (patch)
tree	8921725986da8d33eee54e87913f7cd7da2d846c /common
parent	b231b059c0947522e4a0c9815eab1a5c2601718f (diff)
download	chrome-ec-49a02d634caaa5db07653f1669ff9ae35268116d.tar.gz