commit 663763b1ec6f89feec23fed6a9322ed68bc0294a
author Cheng-Han Yang <chenghan@google.com> Tue Sep 15 20:46:23 2020 +0800
committer Commit Bot <commit-bot@chromium.org> Mon Sep 21 18:06:37 2020 +0000
tree 11db4f843eee9464f0fdb1d855ef85af17bf8552
parent 878d7f1e71141bc52987c9df32eb7fc3faf33a2e

gooftool: Do not set RO hash if write protection is not enabled

In early development phase, we don't enable software write protection,
and RO firmware is expected to change. Hence we don't need to set RO
hash in cr50.

BUG=b:141191727, b:168251602
TEST=manual test on DUT

Change-Id: I1426193f8f22136e4fa525a58853c4c9de6d2123
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/factory/+/2412059
Reviewed-by: Stimim Chen <stimim@chromium.org>
Commit-Queue: Cheng-Han Yang <chenghan@chromium.org>
Tested-by: Cheng-Han Yang <chenghan@chromium.org>

py/gooftool/commands.py

diff --git a/py/gooftool/commands.py b/py/gooftool/commands.py
index 3e7986c..c8b2dab 100755
--- a/py/gooftool/commands.py
+++ b/py/gooftool/commands.py
@@ -174,6 +174,10 @@
     help=('Specify the hwid utility to obtain the vpd data from the specified '
           'file.'))
 
+_no_write_protect_cmd_arg = CmdArg(
+    '--no_write_protect', action='store_true',
+    help='Do not enable firmware write protection.')
+
 _rma_mode_cmd_arg = CmdArg(
     '--rma_mode', action='store_true',
     help='Enable RMA mode, do not check for deprecated components.')
@@ -500,6 +504,22 @@
   return GetGooftool(options).Cr50DisableFactoryMode()
 
 
+@Command('cr50_finalize',
+         _no_write_protect_cmd_arg,
+         _rma_mode_cmd_arg,
+         _enable_zero_touch_cmd_arg)
+def Cr50Finalize(options):
+  """Finalize steps for cr50."""
+  if options.no_write_protect:
+    logging.warning('SWWP is not enabled. Skip setting RO hash.')
+  elif options.rma_mode:
+    logging.warning('RMA mode. Skip setting RO hash.')
+  else:
+    Cr50SetROHash(options)
+  Cr50WriteFlashInfo(options)
+  Cr50DisableFactoryMode(options)
+
+
 @Command('enable_release_partition',
          CmdArg('--release_rootfs',
                 help=('path to the release rootfs device. If not specified, '
@@ -555,8 +575,6 @@
 
 
 @Command('verify',
-         CmdArg('--no_write_protect', action='store_true',
-                help='Do not check write protection switch state.'),
          _hwid_status_list_cmd_arg,
          _hwdb_path_cmd_arg,
          _project_cmd_arg,
@@ -564,6 +582,7 @@
          _hwid_cmd_arg,
          _hwid_run_vpd_cmd_arg,
          _hwid_vpd_data_file_cmd_arg,
+         _no_write_protect_cmd_arg,
          _rma_mode_cmd_arg,
          _cros_core_cmd_arg,
          _has_ec_pubkey_cmd_arg,
@@ -792,8 +811,6 @@
 
 
 @Command('finalize',
-         CmdArg('--no_write_protect', action='store_true',
-                help='Do not enable firmware write protection.'),
          CmdArg('--fast', action='store_true',
                 help='use non-secure but faster wipe method.'),
          _no_ectool_cmd_arg,
@@ -809,6 +826,7 @@
          _hwid_cmd_arg,
          _hwid_run_vpd_cmd_arg,
          _hwid_vpd_data_file_cmd_arg,
+         _no_write_protect_cmd_arg,
          _rma_mode_cmd_arg,
          _cros_core_cmd_arg,
          _has_ec_pubkey_cmd_arg,
@@ -843,11 +861,9 @@
   if not options.rma_mode:
     # Write VPD values related to RLZ ping into VPD.
     GetGooftool(options).WriteVPDForRLZPing(options.embargo_offset)
-    GetGooftool(options).Cr50SetROHash()
     if options.generate_mfg_date:
       GetGooftool(options).WriteVPDForMFGDate()
-  Cr50WriteFlashInfo(options)
-  Cr50DisableFactoryMode(options)
+  Cr50Finalize(options)
   Verify(options)
   LogSourceHashes(options)
   UntarStatefulFiles(options)