rma: when processing 'RMA open' do not reboot the device

Once RMA open is processed and CCD state is updated, the AP still
might require to perform some operations, even if TPM is not available
any more.

With this patch enable_ccd_factory_mode() does not trigger device
reset, if invoked by the RMA open handler.

Another modification is that WP is disabled immediately when factory
mode is enabled, there is no need to reset the H1 for WP status to
change.

BRANCH=cr50, cr50-mp
BUG=b:115495431
TEST=verified that running 'gsctool -a -r <authcode>' sets to 'Y' all
     CCD properties, disables write protection, but does not reboot
     the device.

Change-Id: I834a9e4b5ebbe4aaaf1caafad9c82424087d01f7
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1250037
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>

5 files changed, 56 insertions, 19 deletions

diff --git a/board/cr50/factory_mode.c b/board/cr50/factory_mode.c
index 232f757a1a..6e07fe00f5 100644
--- a/board/cr50/factory_mode.c
+++ b/board/cr50/factory_mode.c
@@ -112,7 +112,7 @@ static enum vendor_cmd_rc vc_factory_reset(enum vendor_cmd_cc code,
 		return VENDOR_RC_NOT_ALLOWED;
 
 	CPRINTF("factory reset\n");
-	enable_ccd_factory_mode();
+	enable_ccd_factory_mode(1);
 
 	return VENDOR_RC_SUCCESS;
 }
diff --git a/common/ccd_config.c b/common/ccd_config.c
index 28262562e7..98bcae48d2 100644
--- a/common/ccd_config.c
+++ b/common/ccd_config.c
@@ -454,6 +454,7 @@ int ccd_reset_config(unsigned int flags)
 		/* Force WP disabled at boot */
 		raw_set_flag(CCD_FLAG_OVERRIDE_WP_AT_BOOT, 1);
 		raw_set_flag(CCD_FLAG_OVERRIDE_WP_STATE_ENABLED, 0);
+		set_wp_follow_ccd_config();
 	}
 
 	/* Restore test lab flag unless explicitly resetting it */
diff --git a/common/factory_mode.c b/common/factory_mode.c
index b33a0619e5..c497a212fe 100644
--- a/common/factory_mode.c
+++ b/common/factory_mode.c
@@ -16,12 +16,18 @@
 #define CPRINTS(format, args...) cprints(CC_CCD, format, ## args)
 
 static uint8_t ccd_hook_active;
+static uint8_t reset_required_;
 
 static void ccd_config_changed(void)
 {
 	if (!ccd_hook_active)
 		return;
 
+	ccd_hook_active = 0;
+
+	if (!reset_required_)
+		return;
+
 	CPRINTS("%s: saved, rebooting\n", __func__);
 	cflush();
 	system_reset(SYSTEM_RESET_HARD);
@@ -32,7 +38,11 @@ static void factory_enable_failed(void)
 {
 	ccd_hook_active = 0;
 	CPRINTS("factory enable failed");
-	deassert_ec_rst();
+
+	if (reset_required_) {
+		reset_required_ = 0;
+		deassert_ec_rst();
+	}
 }
 DECLARE_DEFERRED(factory_enable_failed);
 
@@ -56,39 +66,57 @@ static void factory_enable_deferred(void)
 	int rv;
 
 	CPRINTS("%s: reset TPM\n", __func__);
-
-	/*
-	 * Let's make sure the rest of the system is out of the way while TPM
-	 * is being wiped out.
-	 */
-	assert_ec_rst();
+	if (reset_required_)
+		assert_ec_rst();
 
 	if (tpm_reset_request(1, 1) != EC_SUCCESS) {
 		CPRINTS("%s: TPM reset failed\n", __func__);
+		/*
+		 * Attempt to reset TPM failed, let's reboot the device just
+		 * in case.
+		 */
+		if (!reset_required_)
+			assert_ec_rst();
 		deassert_ec_rst();
 		return;
 	}
 
+	/*
+	 * TPM was wiped out successfully, let's prevent further
+	 * communications from the AP until next reboot.
+	 */
+	if (!reset_required_)
+		tpm_stop();
+
+	/*
+	 * Need this to make sure that CCD state changes are saved in the
+	 * NVMEM before reboot.
+	 */
 	tpm_reinstate_nvmem_commits();
 
-	CPRINTS("%s: TPM reset done, enabling factory mode\n", __func__);
+	CPRINTS("%s: TPM reset done, enabling factory mode", __func__);
 
 	ccd_hook_active = 1;
 	rv = ccd_reset_config(CCD_RESET_FACTORY);
 	if (rv != EC_SUCCESS)
 		factory_enable_failed();
 
-	/*
-	 * Make sure we never end up with the EC held in reset, no matter what
-	 * prevents the proper factory reset flow from succeeding.
-	 */
-	hook_call_deferred(&factory_enable_failed_data, TPM_RESET_TIME);
+	if (reset_required_) {
+		/*
+		 * Make sure we never end up with the EC held in reset, no
+		 * matter what prevents the proper factory reset flow from
+		 * succeeding.
+		 */
+		hook_call_deferred(&factory_enable_failed_data, TPM_RESET_TIME);
+	}
 }
 DECLARE_DEFERRED(factory_enable_deferred);
 
-void enable_ccd_factory_mode(void)
+void enable_ccd_factory_mode(int reset_required)
 {
 	delay_sleep_by(DISABLE_SLEEP_TIME);
+
+	reset_required_ = !!reset_required;
 	hook_call_deferred(&factory_enable_deferred_data,
 		TPM_PROCESSING_TIME);
 }
diff --git a/common/rma_auth.c b/common/rma_auth.c
index e3d5470aad..60089bef6a 100644
--- a/common/rma_auth.c
+++ b/common/rma_auth.c
@@ -346,7 +346,7 @@ static enum vendor_cmd_rc process_response(uint8_t *buf,
 	if (rv == EC_SUCCESS) {
 		CPRINTF("%s: success!\n", __func__);
 		*response_size = 0;
-		enable_ccd_factory_mode();
+		enable_ccd_factory_mode(0);
 		return VENDOR_RC_SUCCESS;
 	}
 
diff --git a/include/ccd_config.h b/include/ccd_config.h
index fdcb1e20ff..7c377f394f 100644
--- a/include/ccd_config.h
+++ b/include/ccd_config.h
@@ -301,8 +301,16 @@ void ccd_tpm_reset_callback(void);
 int ccd_has_password(void);
 
 /**
- * Enter CCD factory mode. This will clear the TPM and do a hard reboot after
- * updating the ccd config.
+ * Enter CCD factory mode. This will clear the TPM, update the ccd config, and
+ * then do a hard reboot if 'reset_required' is True.
  */
-void enable_ccd_factory_mode(void);
+void enable_ccd_factory_mode(int reset_required);
+
+/*
+ * Enable factory mode but not necessarily rebooting the device. This will
+ * clear the TPM and disable flash write protection. Will trigger system reset
+ * only if 'reset_required' is True.
+ */
+void factory_enable(int reset_required);
+
 #endif /* __CROS_EC_CCD_CONFIG_H */