From fb374add5b7b570bc3058e7802c6e19a47331526 Mon Sep 17 00:00:00 2001 From: Randall Spangler Date: Tue, 25 Jul 2017 15:11:42 -0700 Subject: [PATCH] cr50: protect EC/AP reset commands using CCD V1 The sysrst and ecrst commands are now protected by the RebootECAP capability. They can print the state of the reset lines when the capability is not allowed, but can only change the state or pulse the reset lines when the capability is allowed. See go/cr50-ccd-wp for more information. BUG=b:62537474 BRANCH=cr50 TEST=manual with CR50_DEV=1 build: ccdoops --> reset CCD config and go to Opened state ecrst pulse --> works sysrst pulse --> works ccdunlock ecrst pulse --> access denied sysrst pulse --> access denied ecrst --> prints state sysrst --> prints state ccdoops ccdset rebootecap unlesslocked ccdunlock ecrst pulse --> works sysrst pulse --> works Change-Id: Ia9ebe67bdc1e85129051caf94f20fb2fb84b76da Signed-off-by: Randall Spangler Reviewed-on: https://chromium-review.googlesource.com/590071 Reviewed-by: Aseda Aboagye Reviewed-by: Mary Ruthven --- board/cr50/rdd.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/board/cr50/rdd.c b/board/cr50/rdd.c index 106c559103..e645d610c1 100644 --- a/board/cr50/rdd.c +++ b/board/cr50/rdd.c @@ -301,6 +301,9 @@ static int command_sys_rst(int argc, char **argv) int ms = 20; if (argc > 1) { + if (!ccd_is_cap_enabled(CCD_CAP_REBOOT_EC_AP)) + return EC_ERROR_ACCESS_DENIED; + if (!strcasecmp("pulse", argv[1])) { if (argc == 3) { ms = strtoi(argv[2], &e, 0); @@ -335,6 +338,9 @@ static int command_ec_rst(int argc, char **argv) int val; if (argc > 1) { + if (!ccd_is_cap_enabled(CCD_CAP_REBOOT_EC_AP)) + return EC_ERROR_ACCESS_DENIED; + if (!strcasecmp("pulse", argv[1])) { ccprintf("Pulsing EC reset\n"); assert_ec_rst();