Google Git
Sign in
chromium / chromiumos / platform / ec / a04a310913100b6c04eb25746b49f5cd56aa9e31
commita04a310913100b6c04eb25746b49f5cd56aa9e31[log] [tgz]
authorNicolas Boichat <drinkcat@google.com>Mon Apr 17 07:14:30 2017
committerchrome-bot <chrome-bot@chromium.org>Wed Apr 26 11:28:08 2017
tree5a36cf47246658f9b3e71fc83c8b9a1a496369fa
parent758fc8f45b6cc9e305a214be423877dcdf47848d [diff]
rwsig/update_fw: Prevent race in rollback protection

There is a window where the rollback information in RW could
potentially be updated during RW signature verification. We make
sure this cannot happen by:
 - Preventing update over USB while RWSIG is running
 - When system is locked, only update rollback information if
   RW region is locked: this guarantees that RW cannot be modified
   from boot until RW is validated, and then until rollback
   information is updated.

Also, remove rollback_lock() in rwsig_check_signature:
rwsig_jump_now() protects all flash, which also protects rollback.
This reduces the number of required reboots on rollback update.

BRANCH=none
BUG=b:35586219
BUG=b:35587171
TEST=Add long delay in rwsig_check_signature, make sure EC cannot
     be updated while verification is in progress.

Change-Id: I7a51fad8a64b7e258b3a7e15d75b3dab64ce1c94
Reviewed-on: https://chromium-review.googlesource.com/479176
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
3 files changed
tree: 5a36cf47246658f9b3e71fc83c8b9a1a496369fa
  1. board/
  2. builtin/
  3. chip/
  4. common/
  5. core/
  6. cts/
  7. docs/
  8. driver/
  9. extra/
  10. include/
  11. power/
  12. test/
  13. util/
  14. .checkpatch.conf
  15. .gitignore
  16. COMMIT-QUEUE.ini
  17. LICENSE
  18. Makefile
  19. Makefile.rules
  20. Makefile.toolchain
  21. OWNERS
  22. PRESUBMIT.cfg
  23. README
  24. README.fmap
  25. setup.py