From 8bb1c3b852030dbecc58e6ec6c790ede621bc6e9 Mon Sep 17 00:00:00 2001 From: Aaron Durbin Date: Mon, 12 Dec 2016 14:15:12 -0600 Subject: [PATCH] crossystem: add phase_enforcement field Provide 'phase_enforcement' field that indicates if a system should have its full security features enabled while in the factory. The backend implementation currently is only for x86 using chromeos_acpi. On reef: $ grep ^ /sys/devices/platform/chromeos_acpi/GPIO.*/* /sys/devices/platform/chromeos_acpi/GPIO.2/GPIO.0:4 /sys/devices/platform/chromeos_acpi/GPIO.2/GPIO.1:1 /sys/devices/platform/chromeos_acpi/GPIO.2/GPIO.2:10 /sys/devices/platform/chromeos_acpi/GPIO.2/GPIO.3:INT3452:00 BUG=chrome-os-partner:59951 BRANCH=None TEST=Tested on reef with accompanying coreboot patches and flipping internal pulls to see the correct setting. Change-Id: Id5401d795cff8874a038f2456121549713a11237 Signed-off-by: Aaron Durbin Reviewed-on: https://chromium-review.googlesource.com/418899 Reviewed-by: Hung-Te Lin --- host/arch/x86/lib/crossystem_arch.c | 3 +++ utility/crossystem.c | 2 ++ 2 files changed, 5 insertions(+) diff --git a/host/arch/x86/lib/crossystem_arch.c b/host/arch/x86/lib/crossystem_arch.c index e17852bedd..72263dce43 100644 --- a/host/arch/x86/lib/crossystem_arch.c +++ b/host/arch/x86/lib/crossystem_arch.c @@ -67,6 +67,7 @@ #define GPIO_SIGNAL_TYPE_RECOVERY 1 #define GPIO_SIGNAL_TYPE_DEV 2 #define GPIO_SIGNAL_TYPE_WP 3 +#define GPIO_SIGNAL_TYPE_PHASE_ENFORCEMENT 4 /* Base name for ACPI files */ #define ACPI_BASE_PATH "/sys/devices/platform/chromeos_acpi" @@ -792,6 +793,8 @@ int VbGetArchPropertyInt(const char* name) value = 1 - value; /* Mario reports this backwards */ } else if (!strcasecmp(name,"recoverysw_ec_boot")) { value = ReadFileBit(ACPI_CHSW_PATH, CHSW_RECOVERY_EC_BOOT); + } else if (!strcasecmp(name,"phase_enforcement")) { + value = ReadGpio(GPIO_SIGNAL_TYPE_PHASE_ENFORCEMENT); } /* Fields for old systems which don't have VbSharedData */ diff --git a/utility/crossystem.c b/utility/crossystem.c index 6278e30f25..a0be1d8a42 100644 --- a/utility/crossystem.c +++ b/utility/crossystem.c @@ -77,6 +77,8 @@ const Param sys_param_list[] = { {"mainfw_type", IS_STRING, "Active main firmware type"}, {"nvram_cleared", CAN_WRITE, "Have NV settings been lost? Write 0 to clear"}, {"oprom_needed", CAN_WRITE, "Should we load the VGA Option ROM at boot?"}, + {"phase_enforcement", 0, + "Board should have full security settings applied"}, {"recovery_reason", 0, "Recovery mode reason for current boot"}, {"recovery_request", CAN_WRITE, "Recovery mode request (writable)"}, {"recovery_subcode", CAN_WRITE, "Recovery reason subcode (writable)"},