diff options
author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2020-07-30 17:10:39 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2020-08-06 00:45:28 +0000 |
commit | 4e9e48219c254654027040a09a181f377784b281 (patch) | |
tree | b6e4dca528bf6786fd130173d1ab598b41f371e0 | |
parent | ca9f95fecec76373fbb26adcc5090dfcce114918 (diff) | |
download | chrome-ec-4e9e48219c254654027040a09a181f377784b281.tar.gz |
fips: move FIPS power-up test completion to PMU_PWRDN_SCRATCH22
Status of completion of power-up tests was in long life register
which survives reboots and even firmware upgrades, which is not
an intended behavior. Moving status to PWRDN register makes it
reset on graceful reboots and firmware upgrades, but avoid
running tests on wake from deep sleep. This switch also enables
use of multiple bits to indicate status of tests, which makes it
more fault tolerant.
BUG=b:138577491
TEST=make BOARD=cr50, then deassert DIOM3 to trigger deep sleep
FIPS power-on tests shouldn't run on wake.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I098940e45afd5b5b9447b2780ff69372a922c03f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2330976
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
-rw-r--r-- | board/cr50/board.c | 11 | ||||
-rw-r--r-- | board/cr50/scratch_reg1.h | 4 | ||||
-rw-r--r-- | chip/g/init_chip.h | 1 |
3 files changed, 7 insertions, 9 deletions
diff --git a/board/cr50/board.c b/board/cr50/board.c index 180d33af9d..a28c901b72 100644 --- a/board/cr50/board.c +++ b/board/cr50/board.c @@ -194,22 +194,17 @@ int board_get_ccd_rec_lid_pin(void) bool board_fips_power_up_done(void) { - return !!(board_properties & BOARD_FIPS_POWERUP_DONE); + return !!(GREG32(PMU, PWRDN_SCRATCH22) == BOARD_FIPS_POWERUP_DONE); } /* Set status of FIPS power-up tests. */ void board_set_fips_policy_test(bool asserted) { /* Enable writing to the long life register */ - GWRITE_FIELD(PMU, LONG_LIFE_SCRATCH_WR_EN, REG1, 1); - if (asserted) - GREG32(PMU, LONG_LIFE_SCRATCH1) |= BOARD_FIPS_POWERUP_DONE; + GREG32(PMU, PWRDN_SCRATCH22) = BOARD_FIPS_POWERUP_DONE; else - GREG32(PMU, LONG_LIFE_SCRATCH1) &= ~BOARD_FIPS_POWERUP_DONE; - - /* Disable writing to the long life register */ - GWRITE_FIELD(PMU, LONG_LIFE_SCRATCH_WR_EN, REG1, 0); + GREG32(PMU, PWRDN_SCRATCH22) = 0; } /* Get header address of the backup RW copy. */ diff --git a/board/cr50/scratch_reg1.h b/board/cr50/scratch_reg1.h index 0a7f973f2d..298450aa46 100644 --- a/board/cr50/scratch_reg1.h +++ b/board/cr50/scratch_reg1.h @@ -102,8 +102,10 @@ /* * Indicates successful completion of FIPS power up * tests earlier. Reduces wake up time after sleep. + * Stored in PWRDN_SCRATCH22 and use multiple bits to harden against + * fault injection. */ -#define BOARD_FIPS_POWERUP_DONE BIT(24) +#define BOARD_FIPS_POWERUP_DONE 0xAA556633 /* * Macro to capture all properties related to board strapping pins. This must be diff --git a/chip/g/init_chip.h b/chip/g/init_chip.h index 488bb3cc4c..f3a6b03ace 100644 --- a/chip/g/init_chip.h +++ b/chip/g/init_chip.h @@ -25,6 +25,7 @@ * SCRATCH19 - Preserving USB data sequencing PID through deep sleep * SCRATCH20 - Preserving EC-EFS context * SCRATCH21 - Preserving TPM_BOARD_CFG register + * SCRATCH22 - Preserve FIPS power-up test status on Cr50 * * PWRDN_SCRATCH 28 - 31 - Reserved for boot rom */ |