fwu: do not allow capsule processing on exceeding Trial Counter threshold
When in Trial State, the platform keeps a count of the number of times
it has booted in the Trial State. Once the threshold of the maximum
allowed count exceeds, the platform reverts to boot from a different
bank on subsequent boot, thus coming out of the Trial State. It is
expected that all the updated images would be accepted or rejected
while the platform is in Trial State. Put in checks so that it is not
possible to apply an empty capsule once the max Trial Count exceeds.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
diff --git a/lib/fwu_updates/fwu.c b/lib/fwu_updates/fwu.c
index a94a769..7f085a0 100644
--- a/lib/fwu_updates/fwu.c
+++ b/lib/fwu_updates/fwu.c
@@ -113,6 +113,8 @@
ret = fwu_revert_boot_index();
if (ret)
log_err("Unable to revert active_index\n");
+
+ trial_counter_update(NULL);
ret = 1;
} else {
log_info("Trial State count: attempt %d out of %d\n",
@@ -762,8 +764,8 @@
return 0;
in_trial = in_trial_state();
- if (!in_trial || (ret = fwu_trial_count_update()) > 0)
- ret = trial_counter_update(NULL);
+
+ ret = in_trial ? fwu_trial_count_update() : trial_counter_update(NULL);
if (!ret)
boottime_check = 1;