From 70c8678a5fefa487da913e4ebadb51d8a37b5b1c Mon Sep 17 00:00:00 2001 From: Tim Crawford Date: Fri, 22 Mar 2024 14:48:56 -0600 Subject: [PATCH] tool: Add error for write locked Add a new error for the case of trying to flash when security is enabled and it is still locked and update the related docs. Signed-off-by: Tim Crawford --- docs/flashing.md | 20 ++++++++++++++++---- docs/keyboard-layout-customization.md | 4 ---- scripts/ectool.sh | 2 +- src/board/system76/common/security.c | 2 +- tool/src/error.rs | 2 ++ tool/src/main.rs | 8 ++++++-- 6 files changed, 26 insertions(+), 12 deletions(-) diff --git a/docs/flashing.md b/docs/flashing.md index 048f9a21a..01fd8b0e0 100644 --- a/docs/flashing.md +++ b/docs/flashing.md @@ -1,15 +1,27 @@ # Flashing firmware +## UEFI application + +The `flash.sh` script from the top-level firmware-open project will use +firmware-update, the UEFI application which is used for normal system updates. + +This will flash both the SBIOS and the EC after building the firmware. To +flash just the EC, delete the built `firmware.rom` before running `flash.sh`. + ## Internal programmer Use this method for flashing a system already running System76 EC. This method will only work if the running firmware is not locked. Firmware is -write locked if it was built with `CONFIG_SECURITY=y`. firmware-update must be -used to flash from UEFI in this state (see `flash.sh` in firmware-open). +write locked if it was built with `CONFIG_SECURITY=y`. The firmware can be +unlocked using ectool for a single boot: + +``` +./scripts/ectool.sh security unlock +``` -This will trigger a watchdog reset causing the system to **immediately power -off**. OS data may be lost or corrupted as a result. Save and close all +This method will trigger a watchdog reset causing the system to **immediately +power off**. OS data may be lost or corrupted as a result. Save and close all applications before flashing. ``` diff --git a/docs/keyboard-layout-customization.md b/docs/keyboard-layout-customization.md index f909677db..8c4d307c8 100644 --- a/docs/keyboard-layout-customization.md +++ b/docs/keyboard-layout-customization.md @@ -104,10 +104,6 @@ make See [flashing firmware](./flashing.md) for details. -```sh -make flash_internal -``` - Do not use the keyboard or touchpad while it is flashing. The system will power off as part of the flash process. Turn it back on after diff --git a/scripts/ectool.sh b/scripts/ectool.sh index 270fb6414..7a12488a0 100755 --- a/scripts/ectool.sh +++ b/scripts/ectool.sh @@ -2,5 +2,5 @@ # SPDX-License-Identifier: GPL-3.0-only set -e -cargo build --release --manifest-path tool/Cargo.toml +cargo build --release --quiet --manifest-path tool/Cargo.toml sudo tool/target/release/system76_ectool "$@" diff --git a/src/board/system76/common/security.c b/src/board/system76/common/security.c index d585c5678..f81198c90 100644 --- a/src/board/system76/common/security.c +++ b/src/board/system76/common/security.c @@ -11,7 +11,7 @@ enum SecurityState security_get(void) { bool security_set(enum SecurityState state) { switch (state) { - // Allow perpare states to be set + // Allow prepare states to be set case SECURITY_STATE_PREPARE_LOCK: case SECURITY_STATE_PREPARE_UNLOCK: security_state = state; diff --git a/tool/src/error.rs b/tool/src/error.rs index 1a638367c..a48636419 100644 --- a/tool/src/error.rs +++ b/tool/src/error.rs @@ -29,6 +29,8 @@ pub enum Error { /// Encountered a hidapi::Error #[cfg(feature = "hidapi")] Hid(hidapi::HidError), + /// Writing to flash is disabled + WriteLocked, } #[cfg(feature = "std")] diff --git a/tool/src/main.rs b/tool/src/main.rs index 336eb1a5d..a31da3fe9 100644 --- a/tool/src/main.rs +++ b/tool/src/main.rs @@ -170,6 +170,12 @@ unsafe fn flash(ec: &mut Ec>, path: &str, target: SpiTarget) -> println!("ec version: {:?}", str::from_utf8(ec_version)); } + if let Ok(security) = ec.security_get() { + if security != SecurityState::Unlock { + return Err(Error::WriteLocked); + } + } + if scratch { // Wait for any key releases eprintln!("Waiting 5 seconds for all keys to be released"); @@ -378,8 +384,6 @@ struct Args { } fn main() { - //.subcommand(Command::new("security").arg(Arg::new("state").value_parser(["lock", "unlock"]))) - let args = Args::parse(); let get_ec = || -> Result<_, Error> {