From 4e3bdedf3268839fc3553d35ccda61294ff74dd3 Mon Sep 17 00:00:00 2001 From: Bill Richardson Date: Fri, 23 Sep 2016 17:00:53 -0700 Subject: [PATCH] Cr50: Lock console by default, with long timeout This locks the Cr50 console by default, and makes the unlock process take the full 5 minutes unless the battery is removed. BUG=chrome-os-partner:57408 BRANCH=none TEST=make buildall; test on Gru & Reef Build the image with make buildall or make BOARD=cr50 Put it on Gru & Reef, and confirm that the console is locked, by running "lock" or "help". Try to unlock it with "lock off" and observe that you have to poke the power button for five minutes before it unlocks. Remove the battery and confirm that "lock off" now only requires a single power button press to take effect. Build the image with CR50_DEV=1 make BOARD=cr50 and now the behavior is back to the way it was before this CL. Change-Id: I9f2cc67a1dd63f260221a8711a8591070018be3b Signed-off-by: Bill Richardson Reviewed-on: https://chromium-review.googlesource.com/389238 Reviewed-by: Randall Spangler --- board/cr50/wp.c | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/board/cr50/wp.c b/board/cr50/wp.c index 61873ce7d7..823abdf145 100644 --- a/board/cr50/wp.c +++ b/board/cr50/wp.c @@ -42,8 +42,12 @@ DECLARE_CONSOLE_COMMAND(wp, command_wp, /* When the system is locked down, provide a means to unlock it */ #ifdef CONFIG_RESTRICTED_CONSOLE_COMMANDS -/* TODO(crosbug.com/p/55510): It should be locked by default */ +/* Hand-built images may be initially unlocked; Buildbot images are not. */ +#ifdef CR50_DEV static int console_restricted_state; +#else +static int console_restricted_state = 1; +#endif int console_is_restricted(void) { @@ -53,6 +57,17 @@ int console_is_restricted(void) /****************************************************************************/ /* Stuff for the unlock sequence */ +/* + * The normal unlock sequence should take 5 minutes (unless the case is + * opened). Hand-built images only need to be long enough to demonstrate that + * they work. + */ +#ifdef CR50_DEV +#define UNLOCK_SEQUENCE_DURATION (10 * SECOND) +#else +#define UNLOCK_SEQUENCE_DURATION (300 * SECOND) +#endif + /* Max time that can elapse between power button pokes */ static int unlock_beat; @@ -183,7 +198,8 @@ static int command_lock(int argc, char **argv) * We'll be satisified with the first press (so the * unlock_deadine is now + 0us), but we're willing to * wait for up to 10 seconds for that first press to - * happen. If we don't get one, the unlock will fail. + * happen. If we don't get one by then, the unlock will + * fail. */ start_unlock_process(0, 10 * SECOND); @@ -202,13 +218,13 @@ static int command_lock(int argc, char **argv) ccprintf("go!\n"); /* - * We won't be happy until we've poked the button for a - * good long while, but we'll only wait a short time - * between each press before deciding that the user has - * given up. + * We won't be happy until we've been poking the button + * for a good long while, but we'll only wait a couple + * of seconds between each press before deciding that + * the user has given up. */ - /* TODO(crbug.com/p/57408): Poke 5 mins, not 10 secs */ - start_unlock_process(10 * SECOND, 2 * SECOND); + start_unlock_process(UNLOCK_SEQUENCE_DURATION, + 2 * SECOND); ccprintf("Unlock sequence starting." " Continue until %.6ld\n", unlock_deadline);