mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2026-01-14 00:26:30 +00:00
f07e300fe4
Previously, calls to tpm_alt_extension() were treated as if they came from the AP via the TPM interface, even though they actually originated from the cr50 console, which is accessible via the USB interface. This affects the following console commands: spi_hash - was already allowed as both a safe console command and via the USB vendor command interface. No change. rma_auth - was allowed as a safe console command, but not via the USB vendor command interface. Now allowed from both. No change in security, since anyone could already do it via the console. Unfortunately, getting a challenge fails because commands issued via the USB vendor command interface have a maximum payload of 32 bytes and the challenge is bigger than that; that's tracked in b:80098603. ccd - was already allowed as a safe console command. This directly called ccd_command_wrapper() for lock, open, and password subcommands. It made an extra check for password set for the unlock subcommand. Moved the unlock check to the vendor command handler. Also changed the order of checks so that FWMP disabling unlock and open supersedes an existing password; this matches go/ccd-open-simple. (That has no effect on existing systems, because CCD is disabled at a higher level.) Reduces code size by 8 bytes. BUG=b:79983505 BRANCH=cr50 TEST=manual, on a CR50_DEV=1 build Compile with DEBUG_EXTENSION defined to print extra debug output 'ccd lock' now shows as coming from USB 'ccd unlock' fails because no password is set 'ccd unlock' and 'ccd open' fail if FWMP disallows unlock 'rma_auth' prints a challenge 'gsctool -t -r' prints a challenge from AP root shell 'gsctool -r 12345678' returns error 6 (incorrect challenge), rather than error 127 (no such command). 'gsctool -I' works from the host 'gsctool -t -I' still works from AP root shell Change-Id: I2cd1027f5135b9c336df97ee4b1b1a15354728b4 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1068102 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
For an overview of the Embedded Controller firmware, refer to http://www.chromium.org/chromium-os/2014-firmware-summit For instructions on building from source, refer to http://www.chromium.org/chromium-os/ec-development/getting-started-building-ec-images-quickly