From 60021c7225b3d247113b4c60e056d0cc01ad50ad Mon Sep 17 00:00:00 2001 From: Vadim Bendebury Date: Wed, 15 May 2019 18:44:05 -0700 Subject: nvmem: do not run when crypto is disabled There is no point in trying any nvmem operations when encryption/decryption services are not available. Test changes necessary to make sure test app compiles and runs successfully. BRANCH=cr50, cr50-mp BUG=b:132800220 TEST=The device does not crash any more after tpm is disabled. Change-Id: I97f9afc6e4d5377162500fc757084e4d5a57d37d Signed-off-by: Vadim Bendebury Reviewed-on: https://chromium-review.googlesource.com/1615424 Legacy-Commit-Queue: Commit Bot Reviewed-by: Andrey Pronin --- chip/g/crypto_api.c | 5 +++++ chip/host/dcrypto/app_cipher.c | 4 ++++ common/new_nvmem.c | 23 +++++++++++++++++++++++ include/crypto_api.h | 5 +++++ test/nvmem.c | 5 +++++ 5 files changed, 42 insertions(+) diff --git a/chip/g/crypto_api.c b/chip/g/crypto_api.c index 267bb31eb6..9c0c7bb8f5 100644 --- a/chip/g/crypto_api.c +++ b/chip/g/crypto_api.c @@ -29,3 +29,8 @@ int app_cipher(const void *salt, void *out, const void *in, size_t size) { return DCRYPTO_app_cipher(NVMEM, salt, out, in, size); } + +int crypto_enabled(void) +{ + return DCRYPTO_ladder_is_enabled(); +} diff --git a/chip/host/dcrypto/app_cipher.c b/chip/host/dcrypto/app_cipher.c index af6c2c4beb..69d54a41b1 100644 --- a/chip/host/dcrypto/app_cipher.c +++ b/chip/host/dcrypto/app_cipher.c @@ -31,3 +31,7 @@ int app_cipher(const void *salt_p, void *out_p, const void *in_p, size_t size) return 1; } +int crypto_enabled(void) +{ + return 1; +} diff --git a/common/new_nvmem.c b/common/new_nvmem.c index de26e0cf90..4975d4fbe6 100644 --- a/common/new_nvmem.c +++ b/common/new_nvmem.c @@ -1462,6 +1462,9 @@ enum ec_error_list new_nvmem_migrate(unsigned int act_partition) int j; struct nn_container *ch; + if (!crypto_enabled()) + return EC_ERROR_INVAL; + /* * This is the first time we save using the new scheme, let's prepare * the flash space. First determine which half is the backup now and @@ -2225,6 +2228,9 @@ enum ec_error_list new_nvmem_init(void) enum ec_error_list rv; timestamp_t start, init; + if (!crypto_enabled()) + return EC_ERROR_INVAL; + total_var_space = 0; /* Initialize NVMEM indices. */ @@ -2649,6 +2655,9 @@ enum ec_error_list new_nvmem_save(void) { enum ec_error_list rv; + if (!crypto_enabled()) + return EC_ERROR_INVAL; + lock_mutex(__LINE__); rv = new_nvmem_save_(); unlock_mutex(__LINE__); @@ -2698,6 +2707,9 @@ const struct tuple *getvar(const uint8_t *key, uint8_t key_len) const struct max_var_container *vc; struct access_tracker at = {}; + if (!crypto_enabled()) + return NULL; + if (!key || !key_len) return NULL; @@ -2854,6 +2866,9 @@ int setvar(const uint8_t *key, uint8_t key_len, const uint8_t *val, { int rv; + if (!crypto_enabled()) + return EC_ERROR_INVAL; + lock_mutex(__LINE__); rv = setvar_(key, key_len, val, val_len); unlock_mutex(__LINE__); @@ -2893,6 +2908,9 @@ int nvmem_erase_tpm_data(void) uint8_t saved_list_index; uint8_t key_len; + if (!crypto_enabled()) + return EC_ERROR_INVAL; + ch = get_scratch_buffer(CONFIG_FLASH_BANK_SIZE); lock_mutex(__LINE__); @@ -2990,6 +3008,11 @@ test_export_static enum ec_error_list browse_flash_contents(int print) struct nn_container *ch; struct access_tracker at = {}; + if (!crypto_enabled()) { + ccprintf("Crypto services not available\n"); + return EC_ERROR_INVAL; + } + ch = get_scratch_buffer(CONFIG_FLASH_BANK_SIZE); lock_mutex(__LINE__); diff --git a/include/crypto_api.h b/include/crypto_api.h index 07bda7f5be..8a8ccacf99 100644 --- a/include/crypto_api.h +++ b/include/crypto_api.h @@ -56,6 +56,11 @@ void app_compute_hash(uint8_t *p_buf, size_t num_bytes, */ int app_cipher(const void *salt, void *out, const void *in, size_t size); +/* + * Return a Boolean showing if crypto hardware is enabled. + */ +int crypto_enabled(void); + #ifdef __cplusplus } #endif diff --git a/test/nvmem.c b/test/nvmem.c index 75bd9f2856..7bac2f9dd7 100644 --- a/test/nvmem.c +++ b/test/nvmem.c @@ -97,6 +97,11 @@ void app_compute_hash(uint8_t *p_buf, size_t num_bytes, } } +int crypto_enabled(void) +{ + return 1; +} + /* Used to allow/prevent Flash erase/write operations */ int flash_pre_op(void) { -- cgit v1.2.1