summaryrefslogtreecommitdiff
path: root/tests/vboot_api_kernel4_tests.c
diff options
context:
space:
mode:
authorDaisuke Nojiri <dnojiri@chromium.org>2017-09-28 15:53:21 -0700
committerchrome-bot <chrome-bot@chromium.org>2017-10-05 21:24:44 -0700
commit95554e4e62dc2ae8333a6487f973f830753de071 (patch)
tree37e80b101da6553108bb641e147b91bcf8e0a489 /tests/vboot_api_kernel4_tests.c
parente95ceff307f6c5c457f3e805991804ae2c7cb50c (diff)
downloadvboot-95554e4e62dc2ae8333a6487f973f830753de071.tar.gz
Check EC_IN_RW before proceeding to recovery mode
Depthcharge currently asks EC whether recovery was requested manually or not without verifying EC is in RO or not. If EC-RW is compromised, recovery switch state can be spoofed. This patch makes Depthcharge check EC_IN_RW to determine whether EC is in RO or not. Only if it's in RO and it says recovery button was pressed at boot, we proceed to the recovery process. All other recovery requests including manual recovery requested by a (compromised) host will end up with 'broken' screen. BUG=b:66516882 BRANCH=none TEST=Boot Fizz. make runtests. Change-Id: I01d2df05fe22e79bbc949f5cb83db605147667b3 Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/693008 Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'tests/vboot_api_kernel4_tests.c')
-rw-r--r--tests/vboot_api_kernel4_tests.c16
1 files changed, 0 insertions, 16 deletions
diff --git a/tests/vboot_api_kernel4_tests.c b/tests/vboot_api_kernel4_tests.c
index 41e58c8e..59650701 100644
--- a/tests/vboot_api_kernel4_tests.c
+++ b/tests/vboot_api_kernel4_tests.c
@@ -29,7 +29,6 @@ static uint8_t shared_data[VB_SHARED_DATA_MIN_SIZE];
static VbSharedDataHeader *shared = (VbSharedDataHeader *)shared_data;
static GoogleBinaryBlockHeader gbb;
-static int ecsync_retval;
static uint32_t rkr_version;
static uint32_t new_version;
static struct RollbackSpaceFwmp rfr_fwmp;
@@ -62,7 +61,6 @@ static void ResetMocks(void)
memset(&rfr_fwmp, 0, sizeof(rfr_fwmp));
rfr_retval = TPM_SUCCESS;
- ecsync_retval = VBERROR_SUCCESS;
rkr_version = new_version = 0x10002;
rkr_retval = rkw_retval = rkl_retval = VBERROR_SUCCESS;
vbboot_retval = VBERROR_SUCCESS;
@@ -82,11 +80,6 @@ VbError_t VbExNvStorageWrite(const uint8_t *buf)
return VBERROR_SUCCESS;
}
-VbError_t VbExEcRunningRW(int devidx, int *in_rw)
-{
- return ecsync_retval;
-}
-
uint32_t RollbackKernelRead(uint32_t *version)
{
*version = rkr_version;
@@ -158,26 +151,17 @@ static void VbSlkTest(void)
ResetMocks();
test_slk(0, 0, "Normal");
- /* Mock error early in software sync */
- ResetMocks();
- shared->flags |= VBSD_EC_SOFTWARE_SYNC;
- ecsync_retval = VBERROR_SIMULATED;
- test_slk(VBERROR_EC_REBOOT_TO_RO_REQUIRED,
- VBNV_RECOVERY_EC_UNKNOWN_IMAGE, "EC sync bad");
-
/*
* If shared->flags doesn't ask for software sync, we won't notice
* that error.
*/
ResetMocks();
- ecsync_retval = VBERROR_SIMULATED;
test_slk(0, 0, "EC sync not done");
/* Same if shared->flags asks for sync, but it's overridden by GBB */
ResetMocks();
shared->flags |= VBSD_EC_SOFTWARE_SYNC;
gbb.flags |= GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC;
- ecsync_retval = VBERROR_SIMULATED;
test_slk(0, 0, "EC sync disabled by GBB");
/* Rollback kernel version */
View Lorry Controller Status