From 4986283df5e1c595f308a9d4a7704af9de2ba38f Mon Sep 17 00:00:00 2001
From: Mary Ruthven <mruthven@chromium.org>
Date: Wed, 4 May 2022 08:12:23 -0700
Subject: ap_ro_integrity_check: update hash until the bid type is saved

On some devices the board id flags are set to lock in the phase and the
board id type isn't set until the board is finalized. RO may be changed
until the board id type is written. Change the check from
board_id_is_erased to board_id_type_is_blank, so the factory can update
the AP RO hash until the board is finalized.

This is the same check we do in sn_bits. Try to read the board id and
then check the type. In the future, we may want to consolidate.

BUG=b:230430292
TEST=manual
	Clear the board id
	Set the hash
	python ap_ro_hash.py GBB
	gsctool -aA prints the digest

	Set the BID flags
	gsctool -ai 0xffffffff:0x1234

	Clear the hash
	gsctool -aH
	gsctool -aA
	get hash rc: 10 AP RO hash unprogrammed

	Set the hash
	python ap_ro_hash.py GBB
	gsctool -aA prints the digest

	Clear the hash
	gsctool -aH
	gsctool -aA
	get hash rc: 10 AP RO hash unprogrammed

	Set the BID type
	gsctool -ai $(cros_config / brand-code):0x1234

	Verify cr50 rejects setting the hash
	python ap_ro_hash.py GBB
	ERROR: Cr50 returned 7 (BID programmed)

Change-Id: I440ee84b3c86e16f027a8b9dcd51ea3031171ea1
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3627808
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
---
 common/ap_ro_integrity_check.c | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/common/ap_ro_integrity_check.c b/common/ap_ro_integrity_check.c
index 7724ae2585..8c12e851a4 100644
--- a/common/ap_ro_integrity_check.c
+++ b/common/ap_ro_integrity_check.c
@@ -537,11 +537,23 @@ static enum vendor_cmd_rc vc_seed_ap_ro_check(enum vendor_cmd_cc code,
 
 	*response_size = 1; /* Just in case there is an error. */
 
-	/* Neither write nor erase are allowed once Board ID is programmed. */
+	/*
+	 * Neither write nor erase are allowed once Board ID type is programmed.
+	 *
+	 * Check the board id type insead of board_id_is_erased, because the
+	 * board id flags may be written before finalization. Board id type is
+	 * a better indicator for when RO is finalized and when to lock out
+	 * setting the hash.
+	 */
 #ifndef CR50_DEV
-	if (!board_id_is_erased()) {
-		*response = ARCVE_BID_PROGRAMMED;
-		return VENDOR_RC_NOT_ALLOWED;
+	{
+		struct board_id bid;
+
+		if (read_board_id(&bid) != EC_SUCCESS ||
+		    !board_id_type_is_blank(&bid)) {
+			*response = ARCVE_BID_PROGRAMMED;
+			return VENDOR_RC_NOT_ALLOWED;
+		}
 	}
 #endif
 
-- 
cgit v1.2.1