sh/enable_fpmcu_write_protection.sh - chromiumos/platform/factory - Git at Google

 #!/usr/bin/env bash
 # Copyright 2019 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.


 set -x
 set -e


 check_pattern() {
   local pattern="${1}"
   local tmpfname="$(mktemp)"
   tee "${tmpfname}"
   grep -q -e "${pattern}" "${tmpfname}"
 }


 fpcmd() {
   ectool --name=cros_fp "${@}"
 }


 main() {
   # Reset the FPMCU state.
   fpcmd reboot_ec || true
   sleep 2

   # Check if SWWP is diabled but HWWP is enabled.
   fpcmd flashprotect | check_pattern \
       '^Flash protect flags:\s*0x00000008 wp_gpio_asserted$'
   rm -rf /tmp/fp.raw || true
   fpcmd fpframe raw >/tmp/fp.raw

   # Enable SWWP.
   fpcmd flashprotect enable || true
   sleep 2
   fpcmd flashprotect | check_pattern \
       '^Flash protect flags: 0x00000009 wp_gpio_asserted ro_at_boot$'
   fpcmd reboot_ec || true
   sleep 2

   # Make sure the flag is correct.
   fpcmd flashprotect | check_pattern  \
       '^Flash protect flags:\s*0x0000000b wp_gpio_asserted ro_at_boot ro_now$'

   # Make sure the RW image is active.
   fpcmd version | check_pattern '^Firmware copy:\s*RW$'

   # Verify that the system is locked.
   rm -rf /tmp/fp.raw || true
   rm -rf /tmp/error_msg.txt || true
   ! fpcmd fpframe raw >/tmp/fp.raw 2>/tmp/error_msg.txt
   cat /tmp/error_msg.txt | check_pattern 'ACCESS_DENIED'
 }


 main "${@}"
	#!/usr/bin/env bash
	# Copyright 2019 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.


	set -x
	set -e


	check_pattern() {
	local pattern="${1}"
	local tmpfname="$(mktemp)"
	tee "${tmpfname}"
	grep -q -e "${pattern}" "${tmpfname}"
	}


	fpcmd() {
	ectool --name=cros_fp "${@}"
	}


	main() {
	# Reset the FPMCU state.
	fpcmd reboot_ec \|\| true
	sleep 2

	# Check if SWWP is diabled but HWWP is enabled.
	fpcmd flashprotect \| check_pattern \
	'^Flash protect flags:\s*0x00000008 wp_gpio_asserted$'
	rm -rf /tmp/fp.raw \|\| true
	fpcmd fpframe raw >/tmp/fp.raw

	# Enable SWWP.
	fpcmd flashprotect enable \|\| true
	sleep 2
	fpcmd flashprotect \| check_pattern \
	'^Flash protect flags: 0x00000009 wp_gpio_asserted ro_at_boot$'
	fpcmd reboot_ec \|\| true
	sleep 2

	# Make sure the flag is correct.
	fpcmd flashprotect \| check_pattern \
	'^Flash protect flags:\s*0x0000000b wp_gpio_asserted ro_at_boot ro_now$'

	# Make sure the RW image is active.
	fpcmd version \| check_pattern '^Firmware copy:\s*RW$'

	# Verify that the system is locked.
	rm -rf /tmp/fp.raw \|\| true
	rm -rf /tmp/error_msg.txt \|\| true
	! fpcmd fpframe raw >/tmp/fp.raw 2>/tmp/error_msg.txt
	cat /tmp/error_msg.txt \| check_pattern 'ACCESS_DENIED'
	}


	main "${@}"