• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/bash
2
3# Copyright 2019 The Chromium OS Authors. All rights reserved.
4# Use of this source code is governed by a BSD-style license that can be
5# found in the LICENSE file.
6
7set -e
8
9readonly _FLASHPROTECT_OUTPUT_HW_AND_SW_WRITE_PROTECT_ENABLED="$(cat <<SETVAR
10Flash protect flags: 0x0000000b wp_gpio_asserted ro_at_boot ro_now
11Valid flags:         0x0000003f wp_gpio_asserted ro_at_boot ro_now all_now STUCK INCONSISTENT
12Writable flags:      0x00000004 all_now
13SETVAR
14)"
15
16readonly _FW_NAMES="rb0 rb1 rb9 dev"
17readonly _FW_TYPES="ro rw"
18
19flash_rw_firmware() {
20  local fw_file="${1}"
21  check_file_exists "${fw_file}"
22  flashrom --fast-verify -V -p ec:type=fp -i EC_RW -w "${fw_file}"
23}
24
25get_ectool_output_val() {
26  local key="${1}"
27  local ectool_output="${2}"
28  echo "${ectool_output}" | grep "${key}" | sed "s#${key}:[[:space:]]*\.*##"
29}
30
31run_ectool_cmd() {
32  local ectool_output
33  ectool_output="$(ectool --name=cros_fp "${@}")"
34  if [[ $? -ne 0 ]]; then
35    echo "Failed to run ectool cmd: ${@}"
36    exit 1
37  fi
38  echo "${ectool_output}"
39}
40
41run_ectool_cmd_ignoring_error() {
42  ectool --name=cros_fp "${@}" || true
43}
44
45add_entropy() {
46  run_ectool_cmd "addentropy" "${@}"
47}
48
49reboot_ec() {
50  # TODO(b/116396469): The reboot_ec command returns an error even on success.
51  run_ectool_cmd_ignoring_error "reboot_ec"
52  sleep 2
53}
54
55reboot_ec_to_ro() {
56  # TODO(b/116396469): The reboot_ec command returns an error even on success.
57  run_ectool_cmd_ignoring_error "reboot_ec"
58  sleep 0.5
59  run_ectool_cmd "rwsigaction" "abort"
60  sleep 2
61}
62
63read_from_flash() {
64  local output_file="${1}"
65  run_ectool_cmd "flashread" "0xe0000" "0x1000" "${output_file}"
66}
67
68get_running_firmware_copy() {
69  local ectool_output
70  ectool_output="$(run_ectool_cmd "version")"
71  get_ectool_output_val "Firmware copy" "${ectool_output}"
72}
73
74_get_firmware_version() {
75  local fw_type="${1}"
76  local ectool_output
77  ectool_output="$(run_ectool_cmd "version")"
78  get_ectool_output_val "${fw_type} version" "${ectool_output}"
79}
80
81get_rw_firmware_version() {
82  _get_firmware_version "RW"
83}
84
85get_ro_firmware_version() {
86  _get_firmware_version "RO"
87}
88
89_get_rollback_info() {
90  # TODO(crbug.com/924283): rollbackinfo command always returns exit code 1.
91  run_ectool_cmd_ignoring_error "rollbackinfo"
92}
93
94get_rollback_block_id() {
95  get_ectool_output_val "Rollback block id" "$(_get_rollback_info)"
96}
97
98get_rollback_min_version() {
99  get_ectool_output_val "Rollback min version" "$(_get_rollback_info)"
100}
101
102get_rollback_rw_version() {
103  get_ectool_output_val "RW rollback version" "$(_get_rollback_info)"
104}
105
106_check_rollback_matches() {
107  local rb_type="${1}"
108  local expected="${2}"
109  local rb_info
110  rb_info="$(get_rollback_${rb_type})"
111  if [[ "${rb_info}" != "${expected}" ]]; then
112    echo "Rollback ${rb_type} does not match, expected: ${expected}, actual: ${rb_info}"
113    exit 1
114  fi
115}
116
117check_rollback_block_id_matches() {
118  _check_rollback_matches "block_id" "${1}"
119}
120
121check_rollback_min_version_matches() {
122  _check_rollback_matches "min_version" "${1}"
123}
124
125check_rollback_rw_version_matches() {
126  _check_rollback_matches "rw_version" "${1}"
127}
128
129check_is_rollback_set_to_initial_val() {
130  check_rollback_block_id_matches "1"
131  check_rollback_min_version_matches "0"
132  check_rollback_rw_version_matches "0"
133}
134
135check_file_exists() {
136  if [[ ! -f "${1}" ]]; then
137    echo "Cannot find file: ${1}"
138    exit 1
139  fi
140}
141
142check_running_rw_firmware() {
143  local fw_copy
144  fw_copy="$(get_running_firmware_copy)"
145  if [[ "${fw_copy}" != "RW" ]]; then
146    echo "Not running RW copy of firmware"
147    exit 1
148  fi
149}
150
151check_running_ro_firmware() {
152  local fw_copy
153  fw_copy="$(get_running_firmware_copy)"
154  if [[ "${fw_copy}" != "RO" ]]; then
155    echo "Not running RO copy of firmware"
156    exit 1
157  fi
158}
159
160_check_has_mp_firmware_type() {
161  local fw_type="${1}"
162  local fw_version
163  fw_version="$(get_${fw_type}_firmware_version)"
164
165  # The MP version string is not "special", so we compare against all the
166  # "special" version strings and only succeed if it doesn't match any of them.
167  for fw_name in ${_FW_NAMES}; do
168    if [[ "${fw_version}" == *.${fw_name} ]]; then
169      echo "Not running MP ${fw_type} firmware: ${fw_version}"
170      exit 1
171    fi
172  done
173}
174
175check_has_mp_ro_firmware() {
176  _check_has_mp_firmware_type "ro"
177}
178
179check_has_mp_rw_firmware() {
180  _check_has_mp_firmware_type "rw"
181}
182
183# generate check_has_dev_rw_firmware/check_has_dev_ro_firmware, etc
184for fw_name in ${_FW_NAMES}; do
185  for fw_type in ${_FW_TYPES}; do
186    eval "
187      check_has_${fw_name}_${fw_type}_firmware() {
188        local fw_version
189        fw_version=\"\$(get_${fw_type}_firmware_version)\"
190        if [[ \"\${fw_version}\" != *.${fw_name} ]]; then
191          echo \"Not running ${fw_name} ${fw_type} firmware: \${fw_version}\"
192          exit 1
193        fi
194      }
195    "
196  done
197done
198
199get_flashprotect_status() {
200  run_ectool_cmd "flashprotect"
201}
202
203enable_sw_write_protect() {
204  # TODO(b/116396469): The reboot_ec command returns an error even on success.
205  run_ectool_cmd_ignoring_error "flashprotect" "enable"
206
207  # TODO(b/116396469): "flashprotect enable" command is slow, so wait for
208  # it to complete before attempting to reboot.
209  sleep 2
210
211  reboot_ec
212}
213
214disable_sw_write_protect() {
215  run_ectool_cmd "flashprotect" "disable"
216}
217
218check_hw_and_sw_write_protect_enabled() {
219  local output
220  output="$(get_flashprotect_status)"
221
222  if [[ "${output}" != "${_FLASHPROTECT_OUTPUT_HW_AND_SW_WRITE_PROTECT_ENABLED}" ]]; then
223    echo "Incorrect flashprotect state: ${output}"
224    echo "Make sure HW write protect is enabled (wp_gpio_asserted)"
225    exit 1
226  fi
227}
228
229check_fingerprint_task_is_running() {
230  run_ectool_cmd "fpinfo"
231}
232
233check_fingerprint_task_is_not_running() {
234  if (check_fingerprint_task_is_running) ; then
235    echo "Fingerprint task should not be running"
236    exit 1
237  fi
238}