Disallow erasing locked device
Bug: 324433625
Test: fastboot erase not allowed on locked CF
Change-Id: If360c4e7402031cb5b000d1ace994476be6c0d0e
Signed-off-by: Dmitrii Merkurev <dimorinny@google.com>
diff --git a/drivers/fastboot/fb_command.c b/drivers/fastboot/fb_command.c
index 854106b..b1e1630 100644
--- a/drivers/fastboot/fb_command.c
+++ b/drivers/fastboot/fb_command.c
@@ -189,6 +189,25 @@
fastboot_getvar(cmd_parameter, response);
}
+static bool ensure_device_is_unlocked(const char *error_message, char *response)
+{
+ if (IS_ENABLED(CONFIG_ANDROID_BOOTLOADER_OEMLOCK_CONSOLE)) {
+ int locked = oemlock_is_locked();
+ if (locked < 0) {
+ fastboot_fail("Couldn't check the locking state fo the "
+ "device due to TEE error", response);
+ return false;
+ }
+
+ if (locked) {
+ fastboot_fail(error_message, response);
+ return false;
+ }
+ }
+
+ return true;
+}
+
/**
* fastboot_download() - Start a download transfer from the client
*
@@ -332,6 +351,9 @@
*/
static void __maybe_unused erase(char *cmd_parameter, char *response)
{
+ if (!ensure_device_is_unlocked("Erasing is not allowed on locked devices", response))
+ return;
+
if (IS_ENABLED(CONFIG_FASTBOOT_FLASH_BLOCK))
fastboot_block_erase(cmd_parameter, response);
if (IS_ENABLED(CONFIG_FASTBOOT_FLASH_MMC))