From 04cf17251c05bdb02091938c23cf0319ed829979 Mon Sep 17 00:00:00 2001 From: Aseda Aboagye Date: Wed, 1 Feb 2017 17:43:00 -0800 Subject: cr50: usb_spi: Block SPI when console locked. The commit changes the behaviour to block accesses over the USB-SPI bridge while the console is restricted. BUG=chrome-os-partner:62340 BRANCH=None TEST=Build and flash cr50 on snappy; lock console; try to flash EC bin using CCD. Verify that it fails with flashrom not able to find a flash chip. TEST=Disable console lock; Try to flash EC bin; verify it succeeds. TEST=Repeat above tests but trying to read AP flash instead. TEST=make -j buildall Change-Id: Ib69af1a7372d841783acee2262efbf995d031234 Signed-off-by: Aseda Aboagye Reviewed-on: https://chromium-review.googlesource.com/435437 Commit-Ready: Aseda Aboagye Tested-by: Aseda Aboagye Reviewed-by: Vadim Bendebury --- board/cr50/usb_spi.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'board/cr50/usb_spi.c') diff --git a/board/cr50/usb_spi.c b/board/cr50/usb_spi.c index ea9c2258ed..ff4055ff98 100644 --- a/board/cr50/usb_spi.c +++ b/board/cr50/usb_spi.c @@ -70,9 +70,16 @@ static void update_finished(void) } DECLARE_DEFERRED(update_finished); -void usb_spi_board_enable(struct usb_spi_config const *config) +int usb_spi_board_enable(struct usb_spi_config const *config) { hook_call_deferred(&update_finished_data, -1); + + /* Prevent SPI access if the console is currently locked. */ + if (console_is_restricted()) { + CPRINTS("usb_spi access denied (console is restricted."); + return EC_ERROR_ACCESS_DENIED; + } + update_in_progress = 1; disable_ec_ap_spi(); @@ -83,7 +90,7 @@ void usb_spi_board_enable(struct usb_spi_config const *config) enable_ap_spi(); else { CPRINTS("DEVICE NOT SUPPORTED"); - return; + return EC_ERROR_INVAL; } /* Connect DIO A4, A8, and A14 to the SPI peripheral */ @@ -97,6 +104,8 @@ void usb_spi_board_enable(struct usb_spi_config const *config) gpio_get_level(GPIO_AP_FLASH_SELECT) ? "AP" : "EC"); spi_enable(CONFIG_SPI_FLASH_PORT, 1); + + return EC_SUCCESS; } void usb_spi_board_disable(struct usb_spi_config const *config) -- cgit v1.2.1