commit 24d42d9ae2629fc85b28de1066ff8b83ccacda87
author Cheng-Han Yang <chenghan@google.com> Sun Aug 09 04:53:53 2020 +0800
committer Commit Bot <commit-bot@chromium.org> Wed Aug 19 16:36:57 2020 +0000
tree 0ef59dfce80f92d17e69864ba63c2d763c50fc52
parent 8d2fd50c15920de53eece3aec03eca0bcc99ed2d

gooftool: Set cr50 AP-RO hash in finalize

Run ap_ro_hash.ap to set AP-RO hash in finalize to support RO
verification feature in cr50. The hashed range is RO_SECTION excluding
RO_VPD, HWID and HWID digest sections in GBB.

BUG=b:141191727
TEST=make test; manual test on DUT;
Change nothing: verification success
Change HWID or VPD: verification success
Change RO firmware: verification fail

Change-Id: I6730e08c2d7c161f6004d48b982470d7038a71d4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/factory/+/2345645
Reviewed-by: Yong Hong <yhong@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Cheng-Han Yang <chenghan@chromium.org>
Tested-by: Cheng-Han Yang <chenghan@chromium.org>

py/gooftool/commands.py

diff --git a/py/gooftool/commands.py b/py/gooftool/commands.py
index 43ed85f..8fee09e 100755
--- a/py/gooftool/commands.py
+++ b/py/gooftool/commands.py
@@ -459,6 +459,11 @@
   event_log.Log('generate_stable_device_secret')
 
 
+@Command('cr50_set_ro_hash')
+def Cr50SetROHash(options):
+  GetGooftool(options).Cr50SetROHash()
+  event_log.Log('cr50_set_ro_hash')
+
 @Command('cr50_set_sn_bits_and_board_id',
          _rma_mode_cmd_arg)
 def Cr50SetSnBitsAndBoardId(options):
@@ -830,6 +835,7 @@
   if not options.rma_mode:
     # Write VPD values related to RLZ ping into VPD.
     GetGooftool(options).WriteVPDForRLZPing(options.embargo_offset)
+    GetGooftool(options).Cr50SetROHash()
     if options.generate_mfg_date:
       GetGooftool(options).WriteVPDForMFGDate()
   Cr50WriteFlashInfo(options)