cr50: refactor rma mode into factory mode

We're doing a bit of refactoring to break out factory mode into its own
file. Now factory reset and rma reset will be two methods of entering
factory mode. Factory mode can be disabled with the disable_factory
vendor command.

Factory mode means all ccd capabilities are set to Always and WP is
permanently disabled. When factory mode is disabled, all capabilities
are reset to Default and WP is reset to follow battery presence.

This adds 56 bytes.

BUG=b/123000167
BRANCH=cr50
TEST=verify rma reset will enable factory mode.

Change-Id: I21c6f7b4341e3a18e213e438bbd17c67739b85fa
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1069789
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1422660
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
Tested-by: Daisuke Nojiri <dnojiri@chromium.org>

9 files changed, 133 insertions, 96 deletions

diff --git a/board/cr50/board.h b/board/cr50/board.h
index e0c38c6b2e..0b1de91abc 100644
--- a/board/cr50/board.h
+++ b/board/cr50/board.h
@@ -351,6 +351,7 @@ enum nvmem_users {
 #define CONFIG_BASE32
 #define CONFIG_CURVE25519
 #define CONFIG_RMA_AUTH
+#define CONFIG_FACTORY_MODE
 #define CONFIG_RNG
 
 #define CONFIG_ENABLE_H1_ALERTS
diff --git a/common/build.mk b/common/build.mk
index d1d6f88ee4..7ef35fbbd8 100644
--- a/common/build.mk
+++ b/common/build.mk
@@ -53,6 +53,7 @@ common-$(CONFIG_HOSTCMD_ESPI)+=espi.o
 common-$(CONFIG_EXTENSION_COMMAND)+=extension.o
 common-$(CONFIG_EXTPOWER_GPIO)+=extpower_gpio.o
 common-$(CONFIG_FANS)+=fan.o pwm.o
+common-$(CONFIG_FACTORY_MODE)+=factory_mode.o
 common-$(CONFIG_FLASH)+=flash.o
 common-$(CONFIG_FLASH_NVCOUNTER)+=nvcounter.o
 common-$(CONFIG_FLASH_NVMEM)+=nvmem.o
diff --git a/common/ccd_config.c b/common/ccd_config.c
index 5866da0b8f..c356d0a04e 100644
--- a/common/ccd_config.c
+++ b/common/ccd_config.c
@@ -338,9 +338,9 @@ static void ccd_load_config(void)
 	/* Use defaults if config data is not present */
 	if (!t) {
 		if (board_is_first_factory_boot()) {
-			/* Give factory RMA access */
+			/* Give factory/RMA access */
 			CPRINTS("CCD using factory config");
-			ccd_reset_config(CCD_RESET_RMA);
+			ccd_reset_config(CCD_RESET_FACTORY);
 		} else {
 			/* Somehow we lost our config; normal defaults */
 			CPRINTS("CCD using default config");
@@ -443,8 +443,8 @@ int ccd_reset_config(unsigned int flags)
 		config.version = CCD_CONFIG_VERSION;
 	}
 
-	if (flags & CCD_RESET_RMA) {
-		/* Force RMA settings */
+	if (flags & CCD_RESET_FACTORY) {
+		/* Force factory mode settings */
 		int i;
 
 		/* Allow all capabilities all the time */
@@ -690,16 +690,16 @@ static int command_ccd_reset(int argc, char **argv)
 	int flags = 0;
 
 	if (argc > 1) {
-		if (!strcasecmp(argv[1], "rma"))
-			flags = CCD_RESET_RMA;
+		if (!strcasecmp(argv[1], "factory"))
+			flags = CCD_RESET_FACTORY;
 		else
 			return EC_ERROR_PARAM1;
 	}
 
 	switch (ccd_state) {
 	case CCD_STATE_OPENED:
-		ccprintf("%sResetting all settings.\n",
-			 flags & CCD_RESET_RMA ? "RMA " : "");
+		ccprintf("%s settings.\n",  flags & CCD_RESET_FACTORY ?
+			"Opening factory " : "Resetting all");
 		/* Note that this does not reset the testlab flag */
 		return ccd_reset_config(flags);
 
@@ -1115,7 +1115,7 @@ static int command_ccd_help(void)
 	       "\tSet capability to state\n\n"
 	       "password [<new password> | clear]\n"
 	       "\tSet or clear CCD password\n\n"
-	       "reset [rma]\n"
+	       "reset [factory]\n"
 	       "\tReset CCD config\n\n"
 	       "testlab [enable | disable | open]\n"
 	       "\tToggle testlab mode or force CCD open\n\n");
@@ -1409,10 +1409,10 @@ static enum vendor_cmd_rc ccd_vendor(struct vendor_cmd_params *p)
 }
 DECLARE_VENDOR_COMMAND_P(VENDOR_CC_CCD, ccd_vendor);
 
-static enum vendor_cmd_rc ccd_disable_rma(enum vendor_cmd_cc code,
-					  void *buf,
-					  size_t input_size,
-					  size_t *response_size)
+static enum vendor_cmd_rc ccd_disable_factory_mode(enum vendor_cmd_cc code,
+						   void *buf,
+						   size_t input_size,
+						   size_t *response_size)
 {
 	int rv = EC_SUCCESS;
 	int error_line;
@@ -1464,9 +1464,9 @@ static enum vendor_cmd_rc ccd_disable_rma(enum vendor_cmd_cc code,
 		ccd_lock(NULL);
 
 		/*
-		 * We do it here to make sure that the device comes out of RMA
-		 * with WP enabled, but in general CCD reset needs to enforce
-		 * WP state.
+		 * We do it here to make sure that the device comes out of
+		 * factory mode with WP enabled, but in general CCD reset needs
+		 * to enforce WP state.
 		 *
 		 * TODO(rspangler): sort out CCD state and WP correlation,
 		 * b/73075443.
@@ -1483,4 +1483,4 @@ static enum vendor_cmd_rc ccd_disable_rma(enum vendor_cmd_cc code,
 	*response_size = 1;
 	return VENDOR_RC_INTERNAL_ERROR;
 }
-DECLARE_VENDOR_COMMAND(VENDOR_CC_DISABLE_RMA, ccd_disable_rma);
+DECLARE_VENDOR_COMMAND(VENDOR_CC_DISABLE_FACTORY, ccd_disable_factory_mode);
diff --git a/common/factory_mode.c b/common/factory_mode.c
new file mode 100644
index 0000000000..b33a0619e5
--- /dev/null
+++ b/common/factory_mode.c
@@ -0,0 +1,94 @@
+/* Copyright 2018 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* CCD factory enable */
+
+#include "ccd_config.h"
+#include "console.h"
+#include "extension.h"
+#include "hooks.h"
+#include "system.h"
+#include "tpm_registers.h"
+#include "tpm_vendor_cmds.h"
+
+#define CPRINTS(format, args...) cprints(CC_CCD, format, ## args)
+
+static uint8_t ccd_hook_active;
+
+static void ccd_config_changed(void)
+{
+	if (!ccd_hook_active)
+		return;
+
+	CPRINTS("%s: saved, rebooting\n", __func__);
+	cflush();
+	system_reset(SYSTEM_RESET_HARD);
+}
+DECLARE_HOOK(HOOK_CCD_CHANGE, ccd_config_changed, HOOK_PRIO_LAST);
+
+static void factory_enable_failed(void)
+{
+	ccd_hook_active = 0;
+	CPRINTS("factory enable failed");
+	deassert_ec_rst();
+}
+DECLARE_DEFERRED(factory_enable_failed);
+
+/* The below time constants are way longer than should be required in practice:
+ *
+ * Time it takes to finish processing TPM command
+ */
+#define TPM_PROCESSING_TIME (1 * SECOND)
+
+/*
+ * Time it takse TPM reset function to wipe out the NVMEM and reboot the
+ * device.
+ */
+#define TPM_RESET_TIME (10 * SECOND)
+
+/* Total time deep sleep should not be allowed. */
+#define DISABLE_SLEEP_TIME (TPM_PROCESSING_TIME + TPM_RESET_TIME)
+
+static void factory_enable_deferred(void)
+{
+	int rv;
+
+	CPRINTS("%s: reset TPM\n", __func__);
+
+	/*
+	 * Let's make sure the rest of the system is out of the way while TPM
+	 * is being wiped out.
+	 */
+	assert_ec_rst();
+
+	if (tpm_reset_request(1, 1) != EC_SUCCESS) {
+		CPRINTS("%s: TPM reset failed\n", __func__);
+		deassert_ec_rst();
+		return;
+	}
+
+	tpm_reinstate_nvmem_commits();
+
+	CPRINTS("%s: TPM reset done, enabling factory mode\n", __func__);
+
+	ccd_hook_active = 1;
+	rv = ccd_reset_config(CCD_RESET_FACTORY);
+	if (rv != EC_SUCCESS)
+		factory_enable_failed();
+
+	/*
+	 * Make sure we never end up with the EC held in reset, no matter what
+	 * prevents the proper factory reset flow from succeeding.
+	 */
+	hook_call_deferred(&factory_enable_failed_data, TPM_RESET_TIME);
+}
+DECLARE_DEFERRED(factory_enable_deferred);
+
+void enable_ccd_factory_mode(void)
+{
+	delay_sleep_by(DISABLE_SLEEP_TIME);
+	hook_call_deferred(&factory_enable_deferred_data,
+		TPM_PROCESSING_TIME);
+}
diff --git a/common/rma_auth.c b/common/rma_auth.c
index 51516966b8..309554aa93 100644
--- a/common/rma_auth.c
+++ b/common/rma_auth.c
@@ -241,79 +241,6 @@ static enum vendor_cmd_rc get_challenge(uint8_t *buf, size_t *buf_size)
 
 	return VENDOR_RC_SUCCESS;
 }
-
-static uint8_t ccd_hook_active;
-
-static void ccd_config_changed(void)
-{
-	if (!ccd_hook_active)
-		return;
-
-	CPRINTF("%s: CCD change saved, rebooting\n", __func__);
-	cflush();
-	system_reset(SYSTEM_RESET_HARD);
-}
-DECLARE_HOOK(HOOK_CCD_CHANGE, ccd_config_changed, HOOK_PRIO_LAST);
-
-static void rma_reset_failed(void)
-{
-	ccd_hook_active = 0;
-	CPRINTF("%s: CCD RMA reset failed\n");
-	deassert_ec_rst();
-}
-DECLARE_DEFERRED(rma_reset_failed);
-
-/* The below time constants are way longer than should be required in practice:
- *
- * Time it takes to finish processing TPM command which provided valid RMA
- * authentication code.
- */
-#define TPM_PROCESSING_TIME (1 * SECOND)
-
-/*
- * Time it takse TPM reset function to wipe out the NVMEM and reboot the
- * device.
- */
-#define TPM_RESET_TIME (10 * SECOND)
-
-/* Total time deep sleep should not be allowed. */
-#define DISABLE_SLEEP_TIME (TPM_PROCESSING_TIME + TPM_RESET_TIME)
-
-static void enter_rma_mode(void)
-{
-	int rv;
-
-	CPRINTF("%s: resetting TPM\n", __func__);
-
-	/*
-	 * Let's make sure the rest of the system is out of the way while TPM
-	 * is being wiped out.
-	 */
-	assert_ec_rst();
-
-	if (tpm_reset_request(1, 1) != EC_SUCCESS) {
-		CPRINTF("%s: TPM reset attempt failed\n", __func__);
-		deassert_ec_rst();
-		return;
-	}
-
-	tpm_reinstate_nvmem_commits();
-
-	CPRINTF("%s: TPM reset succeeded, RMA resetting CCD\n", __func__);
-
-	ccd_hook_active = 1;
-	rv = ccd_reset_config(CCD_RESET_RMA);
-	if (rv != EC_SUCCESS)
-		rma_reset_failed();
-
-	/*
-	 * Make sure we never end up with the EC held in reset, no matter what
-	 * prevents the proper RMA flow from succeeding.
-	 */
-	hook_call_deferred(&rma_reset_failed_data, TPM_RESET_TIME);
-}
-DECLARE_DEFERRED(enter_rma_mode);
-
 /*
  * Compare response sent by the operator with the pre-compiled auth code.
  * Return error code or success depending on the comparison results.
@@ -338,8 +265,7 @@ static enum vendor_cmd_rc process_response(uint8_t *buf,
 	if (rv == EC_SUCCESS) {
 		CPRINTF("%s: success!\n", __func__);
 		*response_size = 0;
-		delay_sleep_by(DISABLE_SLEEP_TIME);
-		hook_call_deferred(&enter_rma_mode_data, TPM_PROCESSING_TIME);
+		enable_ccd_factory_mode();
 		return VENDOR_RC_SUCCESS;
 	}
 
diff --git a/extra/usb_updater/gsctool.c b/extra/usb_updater/gsctool.c
index e17dbb7b8b..9e35bef881 100644
--- a/extra/usb_updater/gsctool.c
+++ b/extra/usb_updater/gsctool.c
@@ -1863,7 +1863,7 @@ static void process_rma(struct transfer_descriptor *td, const char *authcode)
 
 	if (!strcmp(authcode, "disable")) {
 		printf("Disabling RMA mode\n");
-		send_vendor_command(td, VENDOR_CC_DISABLE_RMA, NULL, 0,
+		send_vendor_command(td, VENDOR_CC_DISABLE_FACTORY, NULL, 0,
 				    rma_response, &response_size);
 		if (response_size) {
 			fprintf(stderr, "Failed disabling RMA, error %d\n",
diff --git a/include/ccd_config.h b/include/ccd_config.h
index a71db37bba..7153449883 100644
--- a/include/ccd_config.h
+++ b/include/ccd_config.h
@@ -254,8 +254,11 @@ enum ccd_reset_config_flags {
 	/* Only reset Always/UnlessLocked settings */
 	CCD_RESET_UNLOCKED_ONLY = (1 << 1),
 
-	/* Use RMA/factory defaults */
-	CCD_RESET_RMA = (1 << 2)
+	/*
+	 * Do a factory reset to enable factory mode. Factory mode sets all ccd
+	 * capabilities to always and disables write protect
+	 */
+	CCD_RESET_FACTORY = (1 << 2)
 };
 
 /**
@@ -272,4 +275,9 @@ int ccd_reset_config(unsigned int flags);
  */
 void ccd_tpm_reset_callback(void);
 
+/**
+ * Enter CCD factory mode. This will clear the TPM and do a hard reboot after
+ * updating the ccd config.
+ */
+void enable_ccd_factory_mode(void);
 #endif /* __CROS_EC_CCD_CONFIG_H */
diff --git a/include/config.h b/include/config.h
index 1e0097332a..efd8b29143 100644
--- a/include/config.h
+++ b/include/config.h
@@ -1182,6 +1182,9 @@
 /* Default debounce time for external power signal */
 #define CONFIG_EXTPOWER_DEBOUNCE_MS 30
 
+/* Add support for CCD factory mode */
+#undef CONFIG_FACTORY_MODE
+
 /*****************************************************************************/
 /* Number of cooling fans. Undef if none. */
 #undef CONFIG_FANS
diff --git a/include/tpm_vendor_cmds.h b/include/tpm_vendor_cmds.h
index 72dc670b7d..58bb669d4a 100644
--- a/include/tpm_vendor_cmds.h
+++ b/include/tpm_vendor_cmds.h
@@ -45,7 +45,11 @@ enum vendor_cmd_cc {
 	VENDOR_CC_GET_REC_BTN = 29,
 	VENDOR_CC_RMA_CHALLENGE_RESPONSE = 30,
 	/* DEPRECATED(31): CCD password command (now part of VENDOR_CC_CCD) */
-	VENDOR_CC_DISABLE_RMA = 32,
+	/*
+	 * Disable factory mode. Reset all ccd capabilities to default and reset
+	 * write protect to follow battery presence.
+	 */
+	VENDOR_CC_DISABLE_FACTORY = 32,
 	/* DEPRECATED(33): Manage CCD password phase */
 	VENDOR_CC_CCD = 34,
 	VENDOR_CC_GET_ALERTS_DATA = 35,