diff options
| -rw-r--r-- | common/extension.c | 9 | ||||
| -rw-r--r-- | common/tpm_registers.c | 2 | ||||
| -rw-r--r-- | include/extension.h | 9 |
3 files changed, 13 insertions, 7 deletions
diff --git a/common/extension.c b/common/extension.c index e65cf18880..c91ca987e4 100644 --- a/common/extension.c +++ b/common/extension.c @@ -24,7 +24,7 @@ uint32_t extension_route_command(struct vendor_cmd_params *p) #endif /* Filter commands from USB */ - if (p->flags & VENDOR_CMD_FROM_USB) { + if (p->flags & (VENDOR_CMD_FROM_USB | VENDOR_CMD_FROM_ALT_IF)) { switch (p->code) { #ifdef CR50_DEV case VENDOR_CC_IMMEDIATE_RESET: @@ -45,8 +45,13 @@ uint32_t extension_route_command(struct vendor_cmd_params *p) case VENDOR_CC_RMA_CHALLENGE_RESPONSE: case VENDOR_CC_SPI_HASH: /* Requires physical presence. */ case VENDOR_CC_TURN_UPDATE_ON: - case VENDOR_CC_AP_RO_VALIDATE: break; + case VENDOR_CC_AP_RO_VALIDATE: + /* This command is allowed if triggered locally. */ + if (p->flags & VENDOR_CMD_FROM_ALT_IF) + break; + + /* Fall through to the default case. */ default: /* Otherwise, we don't allow this command. */ why_ignore = "usb"; diff --git a/common/tpm_registers.c b/common/tpm_registers.c index 6ef281b313..d0ae42e904 100644 --- a/common/tpm_registers.c +++ b/common/tpm_registers.c @@ -1026,7 +1026,7 @@ void tpm_task(void *u) response_size = buffer_size; call_extension_command(tpmh, &response_size, alt_if_command ? - VENDOR_CMD_FROM_USB : 0); + VENDOR_CMD_FROM_ALT_IF : 0); } else #endif { diff --git a/include/extension.h b/include/extension.h index 5ce0410f57..451ad62672 100644 --- a/include/extension.h +++ b/include/extension.h @@ -14,12 +14,13 @@ /* Flags for vendor or extension commands */ enum vendor_cmd_flags { + /* Command is coming from the USB interface. */ + VENDOR_CMD_FROM_USB = BIT(0), /* - * Command is coming from the USB interface (either via the vendor - * command endpoint or the console). If this flag is not present, - * the command is coming from the AP. + * Command is coming through TPM task, but was not originated in the + * AP. */ - VENDOR_CMD_FROM_USB = BIT(0), + VENDOR_CMD_FROM_ALT_IF = BIT(1), }; /* Parameters for vendor commands */ |