cr50: add support for building CR50_SQA images

Devices in the lab need to be switched from prepvt to pvt flags. This change adds a build flag for CR50_SQA. Images built with CR50_SQA have more capabilities than normal cr50 images, but less than CR50_DEV images. SQA images can access the rollback command, updates including downgrading to images with lower version numbers and mismatched board id will not be rejected, and the 'bid force_pvt' console command can be used to set the bid flags to 0. bid force_pvt does not erase flashinfo. After the board id has been set, we can still change 1 bits to 0, so we don't need to eraseflashinfo to change the board id flags to 0. This makes the command a bit safer, because the board id RLZ can't be changed just the flags. Changing the flags to 0 works for the test team, because it prevents cr50 from updating to prepvt. This change also marks rollback as a safe command. CR50_SQA images aren't automatically open, so if rollback isn't safe, they will have to go through the open process to change to pvt. Rollback is only included in DEV and SQA images, so it's ok if it's marked safe. It's understood these images aren't supposed to be used on regular devices. They're just for special development and test environments. NEW PROCESS FOR SQA: - update to sqa image - run 'bid force_pvt' - flash pvt image - run rollback BRANCH=cr50 BUG=b:126618143 TEST=run sqa process Change-Id: Ia713274830c9e19cdb3ccafa87849c160d667683 Signed-off-by: Mary Ruthven <mruthven@google.com> Reviewed-on: https://chromium-review.googlesource.com/1529834 Commit-Ready: Mary Ruthven <mruthven@chromium.org> Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Keith Short <keithshort@chromium.org>
author: Mary Ruthven <mruthven@google.com> 2019-03-18 17:35:23 -0700
committer: chrome-bot <chrome-bot@chromium.org> 2019-03-20 19:51:16 -0700
commit: 06933b4cb6dbb2a36b2d4d6139325575a558836d (patch)
tree: d50c6b637af9db786d5fd14f7eaf9af0ea4d2572
parent: ca3f517b0b27e2be1e3d21cecd9958e2e5263512 (diff)
download: chrome-ec-06933b4cb6dbb2a36b2d4d6139325575a558836d.tar.gz
6 files changed, 55 insertions, 14 deletions
diff --git a/board/cr50/board.c b/board/cr50/board.c
index da2e4ad529..86b7e8563d 100644
--- a/board/cr50/board.c
+++ b/board/cr50/board.c
@@ -1662,7 +1662,7 @@ int chip_factory_mode(void)
 	return mode_set & 1;
 }
 
-#ifdef CR50_DEV
+#ifdef CR50_RELAXED
 static int command_rollback(int argc, char **argv)
 {
 	system_ensure_rollback();
@@ -1672,7 +1672,7 @@ static int command_rollback(int argc, char **argv)
 
 	return EC_SUCCESS;
 }
-DECLARE_CONSOLE_COMMAND(rollback, command_rollback,
+DECLARE_SAFE_CONSOLE_COMMAND(rollback, command_rollback,
 	"", "Force rollback to escape DEV image.");
 #endif
 
diff --git a/board/cr50/board.h b/board/cr50/board.h
index 33135a0a1d..1b0b167c3c 100644
--- a/board/cr50/board.h
+++ b/board/cr50/board.h
@@ -110,6 +110,9 @@
 #define CONFIG_CASE_CLOSED_DEBUG_V1_UNSAFE
 #define CONFIG_PHYSICAL_PRESENCE_DEBUG_UNSAFE
 #endif
+#if defined(CR50_DEV) || defined(CR50_SQA)
+#define CR50_RELAXED
+#endif
 
 #define CONFIG_USB_PID 0x5014
 #define CONFIG_USB_SELF_POWERED
diff --git a/chip/g/board_id.c b/chip/g/board_id.c
index 18b7be1ffb..b871f8b6ca 100644
--- a/chip/g/board_id.c
+++ b/chip/g/board_id.c
@@ -129,7 +129,7 @@ uint32_t board_id_mismatch(const struct SignedHeader *sh)
  * @return EC_SUCCESS or an error code in cases of various failures to read or
  *              if the space has been already initialized.
  */
-static int write_board_id(const struct board_id *id)
+static int write_board_id(const struct board_id *id, int clear_flags)
 {
 	struct board_id id_test;
 	uint32_t rv;
@@ -151,7 +151,7 @@ static int write_board_id(const struct board_id *id)
 		return rv;
 	}
 
-	if (!board_id_is_blank(&id_test)) {
+	if (!clear_flags && !board_id_is_blank(&id_test)) {
 		CPRINTS("%s: Board ID already programmed", __func__);
 		return EC_ERROR_ACCESS_DENIED;
 	}
@@ -201,7 +201,7 @@ static enum vendor_cmd_rc vc_set_board_id(enum vendor_cmd_cc code,
 	id.flags = be32toh(id.flags);
 
 	/* We care about the LSB only. */
-	*pbuf = write_board_id(&id);
+	*pbuf = write_board_id(&id, 0);
 
 	return *pbuf;
 }
@@ -239,17 +239,42 @@ static int command_board_id(int argc, char **argv)
 		id.flags = strtoi(argv[2], &e, 0);
 		if (*e)
 			return EC_ERROR_PARAM2;
+		rv = write_board_id(&id, 0);
+	}
+#endif
+#ifdef CR50_RELAXED
+	else if (argc == 2) {
+		int clear_flags;
+
+		if (strcasecmp(argv[1], "force_pvt"))
+			return EC_ERROR_PARAM2;
+
+		clear_flags = 1;
+		rv = read_board_id(&id);
+		if (rv != EC_SUCCESS) {
+			CPRINTS("%s: error reading Board ID", __func__);
+			return rv;
+		}
+		if (board_id_is_blank(&id)) {
+			CPRINTS("%s: Board ID isn't set", __func__);
+			return EC_ERROR_INVAL;
+		}
+		id.flags = 0;
+		rv = write_board_id(&id, clear_flags);
 
-		rv = write_board_id(&id);
-	} else {
-		ccprintf("specify board type and flags\n");
-		rv = EC_ERROR_PARAM_COUNT;
 	}
 #endif
 	return rv;
 }
-DECLARE_SAFE_CONSOLE_COMMAND(bid,
-			     command_board_id, NULL, "Set/Get Board ID");
+DECLARE_SAFE_CONSOLE_COMMAND(bid, command_board_id,
+#ifdef CR50_DEV
+			     "[force_pvt | bid flags]",
+#elif defined(CR50_RELAXED)
+			     "[force_pvt]",
+#else
+			     NULL,
+#endif
+			     "Set/Get Board ID");
 
 static enum vendor_cmd_rc vc_get_board_id(enum vendor_cmd_cc code,
 					  void *buf,
diff --git a/chip/g/build.mk b/chip/g/build.mk
index d0ff756ac5..d4633748eb 100644
--- a/chip/g/build.mk
+++ b/chip/g/build.mk
@@ -126,8 +126,21 @@ ifneq ($(CONFIG_RW_B),)
 $(out)/$(PROJECT).obj: $(out)/RW/ec.RW_B.flat
 endif
 
+CR50_OPTS=
+
 ifneq ($(CR50_DEV),)
 CPPFLAGS += -DCR50_DEV=$(CR50_DEV)
+CR50_OPTS+=CR50_DEV
+endif
+
+ifneq ($(CR50_SQA),)
+CPPFLAGS += -DCR50_SQA=$(CR50_SQA)
+CR50_OPTS+=CR50_SQA
+endif
+
+# Test if more than one Cr50 build option is specified
+ifneq ($(wordlist 2,3,$(CR50_OPTS)),)
+$(error Incompatible CR50 build options specified: $(CR50_OPTS))
 endif
 
 MANIFEST := util/signer/ec_RW-manifest-dev.json
diff --git a/chip/g/upgrade_fw.c b/chip/g/upgrade_fw.c
index b796184a08..9138e6b498 100644
--- a/chip/g/upgrade_fw.c
+++ b/chip/g/upgrade_fw.c
@@ -162,7 +162,7 @@ int usb_pdu_valid(struct upgrade_command *cmd_body,  size_t cmd_size)
 	return 1;
 }
 
-#ifdef CR50_DEV
+#ifdef CR50_RELAXED
 #ifndef CONFIG_IGNORE_G_UPDATE_CHECKS
 #define CONFIG_IGNORE_G_UPDATE_CHECKS
 #endif
@@ -318,7 +318,7 @@ static int contents_allowed(uint32_t block_offset,
 			    size_t body_size, void *upgrade_data,
 			    uint8_t *error_code)
 {
-#ifndef CR50_DEV
+#ifdef CR50_RELAXED
 #ifdef CONFIG_BOARD_ID_SUPPORT
 	if (block_offset == valid_sections.rw_base_offset) {
 		/* This block is a rw header of the new image. */
diff --git a/util/getversion.sh b/util/getversion.sh
index 3fc74b7c39..552f2d9bf0 100755
--- a/util/getversion.sh
+++ b/util/getversion.sh
@@ -89,7 +89,7 @@ main() {
   local ver
 
   IFS="${dc}"
-  ver="${CR50_DEV:+DBG/}${BOARD}_"
+  ver="${CR50_SQA:+SQA/}${CR50_DEV:+DBG/}${BOARD}_"
   tool_ver=""
   global_dirty=    # set if any of the component repos is 'dirty'.
   dir_list=( . )   # list of component directories, always includes the EC tree
author	Mary Ruthven <mruthven@google.com>	2019-03-18 17:35:23 -0700
committer	chrome-bot <chrome-bot@chromium.org>	2019-03-20 19:51:16 -0700
commit	06933b4cb6dbb2a36b2d4d6139325575a558836d (patch)
tree	d50c6b637af9db786d5fd14f7eaf9af0ea4d2572
parent	ca3f517b0b27e2be1e3d21cecd9958e2e5263512 (diff)
download	chrome-ec-06933b4cb6dbb2a36b2d4d6139325575a558836d.tar.gz