diff options
-rw-r--r-- | firmware/2lib/2ec_sync.c | 8 | ||||
-rw-r--r-- | firmware/2lib/2stub.c | 6 | ||||
-rw-r--r-- | firmware/2lib/include/2api.h | 8 | ||||
-rw-r--r-- | tests/vb2_ec_sync_tests.c | 5 |
4 files changed, 23 insertions, 4 deletions
diff --git a/firmware/2lib/2ec_sync.c b/firmware/2lib/2ec_sync.c index e75313b4..20490e08 100644 --- a/firmware/2lib/2ec_sync.c +++ b/firmware/2lib/2ec_sync.c @@ -160,10 +160,10 @@ static vb2_error_t check_ec_active(struct vb2_context *ctx) struct vb2_shared_data *sd = vb2_get_sd(ctx); int in_rw = 0; /* - * We don't use VB2_CONTEXT_EC_TRUSTED, which checks if not EC_IN_RW. - * It is controlled by cr50 but on some platforms, cr50 can't know when - * a EC resets. So, we trust what EC-RW says. If it lies it's in RO, - * we'll flash RW while it's in RW. + * We don't use vb2ex_ec_trusted, which checks EC_IN_RW. It is + * controlled by cr50 but on some platforms, cr50 can't know when a EC + * resets. So, we trust what EC-RW says. If it lies it's in RO, we'll + * flash RW while it's in RW. */ /* If we couldn't determine where the EC was, reboot to recovery. */ VB2_TRY(vb2ex_ec_running_rw(&in_rw), diff --git a/firmware/2lib/2stub.c b/firmware/2lib/2stub.c index 85534dd6..956b4bb4 100644 --- a/firmware/2lib/2stub.c +++ b/firmware/2lib/2stub.c @@ -75,6 +75,12 @@ vb2_error_t vb2ex_tpm_set_mode(enum vb2_tpm_mode mode_val) /* auxfw and EC-related stubs */ __attribute__((weak)) +int vb2ex_ec_trusted(void) +{ + return 1; +} + +__attribute__((weak)) vb2_error_t vb2ex_ec_running_rw(int *in_rw) { *in_rw = 0; diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index 8cc9a923..1f9d70f9 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -1303,6 +1303,14 @@ enum vb2_firmware_selection { vb2_error_t vb2api_ec_sync(struct vb2_context *ctx); /** + * This is called only if the system implements a keyboard-based (virtual) + * developer switch. It must return true only if the system has an embedded + * controller which is provably running in its RO firmware at the time the + * function is called. + */ +int vb2ex_ec_trusted(void); + +/** * Check if the EC is currently running rewritable code. * * If the EC is in RO code, sets *in_rw=0. diff --git a/tests/vb2_ec_sync_tests.c b/tests/vb2_ec_sync_tests.c index e47f59d6..16496e44 100644 --- a/tests/vb2_ec_sync_tests.c +++ b/tests/vb2_ec_sync_tests.c @@ -121,6 +121,11 @@ uint32_t VbExIsShutdownRequested(void) return 0; } +int vb2ex_ec_trusted(void) +{ + return !ec_run_image; +} + vb2_error_t vb2ex_ec_running_rw(int *in_rw) { *in_rw = ec_run_image; |