diff options
| author | Aaron Durbin <adurbin@chromium.org> | 2016-12-12 14:15:12 -0600 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2016-12-13 11:51:17 -0800 |
| commit | 8bb1c3b852030dbecc58e6ec6c790ede621bc6e9 (patch) | |
| tree | 31900e2c186c5635aabb4f9e400cae8115d73fd8 | |
| parent | 1e9245dfff914107ec06aac84f3b70c2df1f4a41 (diff) | |
| download | vboot-8bb1c3b852030dbecc58e6ec6c790ede621bc6e9.tar.gz | |
crossystem: add phase_enforcement field
Provide 'phase_enforcement' field that indicates if a
system should have its full security features enabled while
in the factory. The backend implementation currently is only
for x86 using chromeos_acpi.
On reef:
$ grep ^ /sys/devices/platform/chromeos_acpi/GPIO.*/*
/sys/devices/platform/chromeos_acpi/GPIO.2/GPIO.0:4
/sys/devices/platform/chromeos_acpi/GPIO.2/GPIO.1:1
/sys/devices/platform/chromeos_acpi/GPIO.2/GPIO.2:10
/sys/devices/platform/chromeos_acpi/GPIO.2/GPIO.3:INT3452:00
BUG=chrome-os-partner:59951
BRANCH=None
TEST=Tested on reef with accompanying coreboot patches and flipping
internal pulls to see the correct setting.
Change-Id: Id5401d795cff8874a038f2456121549713a11237
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/418899
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
| -rw-r--r-- | host/arch/x86/lib/crossystem_arch.c | 3 | ||||
| -rw-r--r-- | utility/crossystem.c | 2 |
2 files changed, 5 insertions, 0 deletions
diff --git a/host/arch/x86/lib/crossystem_arch.c b/host/arch/x86/lib/crossystem_arch.c index e17852be..72263dce 100644 --- a/host/arch/x86/lib/crossystem_arch.c +++ b/host/arch/x86/lib/crossystem_arch.c @@ -67,6 +67,7 @@ #define GPIO_SIGNAL_TYPE_RECOVERY 1 #define GPIO_SIGNAL_TYPE_DEV 2 #define GPIO_SIGNAL_TYPE_WP 3 +#define GPIO_SIGNAL_TYPE_PHASE_ENFORCEMENT 4 /* Base name for ACPI files */ #define ACPI_BASE_PATH "/sys/devices/platform/chromeos_acpi" @@ -792,6 +793,8 @@ int VbGetArchPropertyInt(const char* name) value = 1 - value; /* Mario reports this backwards */ } else if (!strcasecmp(name,"recoverysw_ec_boot")) { value = ReadFileBit(ACPI_CHSW_PATH, CHSW_RECOVERY_EC_BOOT); + } else if (!strcasecmp(name,"phase_enforcement")) { + value = ReadGpio(GPIO_SIGNAL_TYPE_PHASE_ENFORCEMENT); } /* Fields for old systems which don't have VbSharedData */ diff --git a/utility/crossystem.c b/utility/crossystem.c index 6278e30f..a0be1d8a 100644 --- a/utility/crossystem.c +++ b/utility/crossystem.c @@ -77,6 +77,8 @@ const Param sys_param_list[] = { {"mainfw_type", IS_STRING, "Active main firmware type"}, {"nvram_cleared", CAN_WRITE, "Have NV settings been lost? Write 0 to clear"}, {"oprom_needed", CAN_WRITE, "Should we load the VGA Option ROM at boot?"}, + {"phase_enforcement", 0, + "Board should have full security settings applied"}, {"recovery_reason", 0, "Recovery mode reason for current boot"}, {"recovery_request", CAN_WRITE, "Recovery mode request (writable)"}, {"recovery_subcode", CAN_WRITE, "Recovery reason subcode (writable)"}, |