diff options
| author | Daisuke Nojiri <dnojiri@chromium.org> | 2017-09-28 15:53:21 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-10-05 21:24:44 -0700 |
| commit | 95554e4e62dc2ae8333a6487f973f830753de071 (patch) | |
| tree | 37e80b101da6553108bb641e147b91bcf8e0a489 /tests/ec_sync_tests.c | |
| parent | e95ceff307f6c5c457f3e805991804ae2c7cb50c (diff) | |
| download | vboot-95554e4e62dc2ae8333a6487f973f830753de071.tar.gz | |
Check EC_IN_RW before proceeding to recovery mode
Depthcharge currently asks EC whether recovery was requested manually
or not without verifying EC is in RO or not. If EC-RW is compromised,
recovery switch state can be spoofed.
This patch makes Depthcharge check EC_IN_RW to determine whether EC
is in RO or not. Only if it's in RO and it says recovery button was
pressed at boot, we proceed to the recovery process.
All other recovery requests including manual recovery requested by a
(compromised) host will end up with 'broken' screen.
BUG=b:66516882
BRANCH=none
TEST=Boot Fizz. make runtests.
Change-Id: I01d2df05fe22e79bbc949f5cb83db605147667b3
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/693008
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'tests/ec_sync_tests.c')
| -rw-r--r-- | tests/ec_sync_tests.c | 31 |
1 files changed, 1 insertions, 30 deletions
diff --git a/tests/ec_sync_tests.c b/tests/ec_sync_tests.c index dc708c1f..56f3baae 100644 --- a/tests/ec_sync_tests.c +++ b/tests/ec_sync_tests.c @@ -32,9 +32,7 @@ static uint8_t shared_data[VB_SHARED_DATA_MIN_SIZE]; static VbSharedDataHeader *shared = (VbSharedDataHeader *)shared_data; static GoogleBinaryBlockHeader gbb; -static int trust_ec; static int mock_in_rw; -static VbError_t in_rw_retval; static int protect_retval; static int ec_ro_protected; static int ec_rw_protected; @@ -90,14 +88,12 @@ static void ResetMocks(void) VbSharedDataInit(shared, sizeof(shared_data)); shared->flags = VBSD_EC_SOFTWARE_SYNC; - trust_ec = 0; mock_in_rw = 0; ec_ro_protected = 0; ec_rw_protected = 0; ec_run_image = 0; /* 0 = RO, 1 = RW */ ec_ro_updated = 0; ec_rw_updated = 0; - in_rw_retval = VBERROR_SUCCESS; protect_retval = VBERROR_SUCCESS; update_retval = VBERROR_SUCCESS; run_retval = VBERROR_SUCCESS; @@ -143,13 +139,7 @@ uint32_t VbExIsShutdownRequested(void) int VbExTrustEC(int devidx) { - return trust_ec; -} - -VbError_t VbExEcRunningRW(int devidx, int *in_rw) -{ - *in_rw = mock_in_rw; - return in_rw_retval; + return !mock_in_rw; } VbError_t VbExEcProtect(int devidx, enum VbSelectFirmware_t select) @@ -169,7 +159,6 @@ VbError_t VbExEcDisableJump(int devidx) VbError_t VbExEcJumpToRW(int devidx) { ec_run_image = 1; - mock_in_rw = 1; return run_retval; } @@ -248,24 +237,6 @@ static void test_ssync(VbError_t retval, int recovery_reason, const char *desc) static void VbSoftwareSyncTest(void) { - /* Recovery cases */ - ResetMocks(); - sd->recovery_reason = 123; - test_ssync(0, 0, "In recovery, EC-RO"); - TEST_EQ(ec_rw_protected, 0, " ec rw protected"); - - ResetMocks(); - sd->recovery_reason = 123; - mock_in_rw = 1; - test_ssync(VBERROR_EC_REBOOT_TO_RO_REQUIRED, - 123, "Recovery needs EC-RO"); - - /* AP-RO cases */ - ResetMocks(); - in_rw_retval = VBERROR_SIMULATED; - test_ssync(VBERROR_EC_REBOOT_TO_RO_REQUIRED, - VBNV_RECOVERY_EC_UNKNOWN_IMAGE, "Unknown EC image"); - /* Calculate hashes */ ResetMocks(); mock_ec_rw_hash_size = 0; |