From ba105838f582793716d02eebee09a6f283ef73b3 Mon Sep 17 00:00:00 2001 From: Wei-Ning Huang Date: Sat, 22 Apr 2017 01:42:56 +0800 Subject: [PATCH] rwsig: do not jump if reset source is hard pin reset According to the new MCU secure update model, EC should wait for host if reset source is reset-pin. BRANCH=none BUG=b:37584134 TEST=on rose, toggle reset pin from host. EC should stay in RO, showing [0.426089 Hard pin-reset detected, disable RW jump] in console. Change-Id: Ie1908cb0744773e2e3ca8b3d8c627b8a9ef4567f Reviewed-on: https://chromium-review.googlesource.com/485199 Commit-Ready: Wei-Ning Huang Tested-by: Wei-Ning Huang Reviewed-by: Nicolas Boichat --- common/main.c | 18 +++++++++++++++--- include/config.h | 6 ++++++ 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/common/main.c b/common/main.c index d517636f0e..c1f4bbdce6 100644 --- a/common/main.c +++ b/common/main.c @@ -168,9 +168,21 @@ test_mockable __keep int main(void) * * Only the Read-Only firmware needs to do the signature check. */ - if (system_get_image_copy() == SYSTEM_IMAGE_RO && - rwsig_check_signature()) - rwsig_jump_now(); + if (system_get_image_copy() == SYSTEM_IMAGE_RO) { +#if defined(CONFIG_RWSIG_DONT_CHECK_ON_PIN_RESET) + /* + * If system was reset by reset-pin, do not jump and wait for + * command from host + */ + if (system_get_reset_flags() == RESET_FLAG_RESET_PIN) { + CPRINTS("Hard pin-reset detected, disable RW jump"); + } else +#endif + { + if (rwsig_check_signature()) + rwsig_jump_now(); + } + } #endif /* diff --git a/include/config.h b/include/config.h index 3a989294ee..00e1f50e4b 100644 --- a/include/config.h +++ b/include/config.h @@ -1818,6 +1818,12 @@ */ #undef CONFIG_RWSIG +/* + * Disable rwsig jump when the reset source is hard pin-reset. This only work + * for the case where rwsig task is not used. + */ +#undef CONFIG_RWSIG_DONT_CHECK_ON_PIN_RESET + /* * When RWSIG verification is performed as a task, time to wait from signature * verification to an automatic jump to RW (if AP does not request the wait to