[openfirmware] [commit] r2265 - cpu/x86/pc/olpc
repository service
svn at openfirmware.info
Sun Jun 12 10:58:37 CEST 2011
Author: wmb
Date: Sun Jun 12 10:58:36 2011
New Revision: 2265
URL: http://tracker.coreboot.org/trac/openfirmware/changeset/2265
Log:
OLPC XO-1.75 trac #10951 - added code for secure reflash of EC code. Compiles cleanly but as yet untested. The code closely parallels the existing code for secure firmware reflashing.
Modified:
cpu/x86/pc/olpc/security.fth
Modified: cpu/x86/pc/olpc/security.fth
==============================================================================
--- cpu/x86/pc/olpc/security.fth Sun Jun 12 10:52:58 2011 (r2264)
+++ cpu/x86/pc/olpc/security.fth Sun Jun 12 10:58:36 2011 (r2265)
@@ -877,7 +877,7 @@
ofw-version$ drop 1+ ((fw-version))
;
-: firmware-up-to-date? ( img$ -- )
+: firmware-up-to-date? ( img$ -- flag )
/flash <> if show-x " Invalid Firmware image" .security-failure then ( adr )
h# f.ffc7 + ((fw-version)) ( file-version# )
ofw-version-int ( file-version# rom-version# )
@@ -892,13 +892,76 @@
drop
;
+[ifdef] reflash-ec
+: ec-up-to-date? ( img$ -- flag )
+ /ec-flash <> if show-x " Invalid EC Firmware image" .security-failure then ( adr )
+ /ec-flash + h# 100 - cscount ( version&date$ )
+ \ If the new image has an invalid signature, the old one is considered up to date
+ dup d# 25 < if 2drop true exit then ( version&date$ )
+ over " XO-EC 4 " comp if 2drop true exit then ( version&date$ )
+ bl right-split-string 2drop ( date$ )
+ d# 16 <> if 2drop true exit then ( date-adr )
+ ec-date$ comp 0<= ( flag )
+;
+
+defer ec-reflash-off? ' false to ec-reflash-off?
+: do-ec-update ( img$ -- )
+
+\ Keep .error from printing an input stream position report
+\ which makes a buffer@<address> show up in the error message
+ ['] noop to show-error
+
+ visible
+
+ tuck load-base swap move ( len )
+ load-base swap ( adr len )
+
+ ['] ?ec-image-valid catch ?dup if ( x x )
+ 2drop
+ visible
+ red-letters
+ ." Bad EC firmware image file - " .error
+ ." Continuing with old EC firmware" cr
+ black-letters
+ exit
+ then
+
+ d# 12,000 wait-until \ Wait for EC to notice the battery
+
+ ['] ?enough-power catch ?dup if
+ visible
+ red-letters
+ ." Unsafe to update EC firmware now - " .error
+ ." Continuing with old EC firmware" cr
+ black-letters
+ exit
+ then
+
+ " Updating EC firmware" ?lease-debug-cr
+
+ ec-indexed-io-off? if
+ visible
+ ." Restarting to enable EC FLASH writing." cr
+ d# 3000 ms
+ ec-ixio-reboot
+ security-failure
+ then
+
+ \ Latch alternate? flag for next startup
+ alternate? if [char] A h# 82 cmos! then
+
+ reflash-ec \ Should power-off and reboot
+ show-x
+ " EC reflash returned, unexpectedly" .security-failure
+;
+[then]
: do-firmware-update ( img$ -- )
-\ Keep .error from printing an input sream position report
+\ Keep .error from printing an input stream position report
\ which makes a buffer@<address> show up in the error message
- ['] noop to show-error
+ ['] noop to show-error
- visible
+ visible
tuck flash-buf swap move ( len )
@@ -1053,9 +1116,29 @@
r> close-file drop false ( false )
;
-: load-from-device ( devname$ -- done? )
+[ifdef] reflash-ec
+: ?ec-update ( -- )
+ null$ cn-buf place
+ " ecfw" bundle-present? if
+ " EC FW found - " ?lease-debug
- show-dot
+ img$ ec-up-to-date? if
+ show-plus
+ " current EC FW is up-to-date" ?lease-debug-cr
+ else
+ show-minus
+ " new - " ?lease-debug
+ fwkey$ to pubkey$
+ img$ sig$ fw-valid? if
+ img$ do-ec-update
+ then
+ show-lock
+ then
+ then
+;
+[then]
+
+: ?fw-update ( -- )
null$ cn-buf place
" bootfw" bundle-present? if
" FW found - " ?lease-debug
@@ -1073,7 +1156,11 @@
show-lock
then
then
-
+;
+: load-from-device ( -- done? )
+ show-dot
+ ?ec-update ( devnam)
+ ?fw-update ( )
?rtc-update
show-dot
More information about the openfirmware
mailing list