cr50: protect EC/AP reset commands using CCD V1

The sysrst and ecrst commands are now protected by the RebootECAP capability. They can print the state of the reset lines when the capability is not allowed, but can only change the state or pulse the reset lines when the capability is allowed. See go/cr50-ccd-wp for more information. BUG=b:62537474 BRANCH=cr50 TEST=manual with CR50_DEV=1 build: ccdoops --> reset CCD config and go to Opened state ecrst pulse --> works sysrst pulse --> works ccdunlock ecrst pulse --> access denied sysrst pulse --> access denied ecrst --> prints state sysrst --> prints state ccdoops ccdset rebootecap unlesslocked ccdunlock ecrst pulse --> works sysrst pulse --> works Change-Id: Ia9ebe67bdc1e85129051caf94f20fb2fb84b76da Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/590071 Reviewed-by: Aseda Aboagye <aaboagye@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org>
2026-01-08 08:31:52 +00:00 · 2017-07-25 15:11:42 -07:00
parent 89184dbc8d
commit fb374add5b
1 changed files with 6 additions and 0 deletions
--- a/board/cr50/rdd.c
+++ b/board/cr50/rdd.c
@@ -301,6 +301,9 @@ static int command_sys_rst(int argc, char **argv)
 	int ms = 20;

 	if (argc > 1) {
+		if (!ccd_is_cap_enabled(CCD_CAP_REBOOT_EC_AP))
+			return EC_ERROR_ACCESS_DENIED;
+
 		if (!strcasecmp("pulse", argv[1])) {
 			if (argc == 3) {
 				ms = strtoi(argv[2], &e, 0);
@@ -335,6 +338,9 @@ static int command_ec_rst(int argc, char **argv)
 	int val;

 	if (argc > 1) {
+		if (!ccd_is_cap_enabled(CCD_CAP_REBOOT_EC_AP))
+			return EC_ERROR_ACCESS_DENIED;
+
 		if (!strcasecmp("pulse", argv[1])) {
 			ccprintf("Pulsing EC reset\n");
 			assert_ec_rst();