cr50: Add case closed debugging V1 configuration

This adds the CCD configuration module, and the console commands to control it. It is not wired up to any of the CCD capabilities; that's coming in the next CL. Briefly: * CCD configuration is persistently stored in nvmem_vars. Use ccdinfo to print it. * CCD can be Locked, Unlocked (some capabilities), or Opened (all capabilities), using the ccdlock / ccdunlock / ccdopen commands. * CCD config can be restricted by setting a password via ccdpass. * Individual config capabilities can be set via ccdset. Some of those will be used to gate access to things like write protect and UARTs. Others affect the requirements for ccdunlock / ccdopen (for example, is physical presenc required). * The entire config can be reset via ccdreset. If only unlocked, config that is restricted to Opened is not reset. * If CR50_DEV=1, ccdoops will force-reset and open the config. See go/cr50-ccd-wp for more information. BUG=b:62537474 BRANCH=none TEST=manual with CR50_DEV=1 build gpioget # make sure GPIO_BATT_PRES_L=0 ccdlock # lock, because CR50_DEV=1 builds start unlocked ccdinfo # locked, flags=0, all capabilities default ccdpass # access denied (we're locked) ccdreset # access denied ccdset flashap always # access denied ccdunlock ccdinfo # unlocked ccdpass foo ccdinfo # flags=2 (password set when unlocked) ccdset flashap always # access denied ccdset uartectx unlesslocked ccdinfo # yes, uartectx permission changed ccdlock ccdunlock # fails without password ccdunlock bar # wrong password ccdunlock foo # busy (wait 3 sec) ccdunlock foo ccdreset ccdinfo # no password, flags 0, capabilities all default ccdopen # requires physical presence; tap power or use 'pp' ccdset uartectx unlesslocked ccdset batterybypasspp ifopened ccdpass baz ccdinfo # password set, flag 0, ccdset changes worked ccdunlock ccdreset ccdinfo # uartectx back to ifopened, password still set ccdopen baz # still requires physical presence ccdset opennolongpp always ccdlock ccdopen baz # no pp required ccdset unlocknoshortpp unlesslocked ccdlock ccdopen baz # short pp sequence required (3 taps) ccdlock ccdunlock baz # short pp sequence required ccdopen baz # pp not required ccdset unlocknoshortpp always ccdlock testlab open # access denied testlab enable # access denied ccdunlock baz testlab open # access denied testlab enable # access denied ccdopen baz testlab enable # requires short pp ccdinfo # flags 1 ccdreset ccdinfo # no password, flags=1, caps all default ccdlock testlab open ccdinfo # opened testlab disable # requires short pp; let it time out ccdinfo # still opened, flags=1 ccdlock ccdoops # backdoor in CR50_DEV images to force-reset CCD ccdinfo # opened, flags=0, all defaults (yes, oops wipes out testlab) ccdreset rma ccdinfo # flags = 0x400000, everything but Cr50FullConsole always ccdreset # back to flags=0, all default Change-Id: I24e8d8f361874671e6e94f27492ae00db919bea9 Reviewed-on: https://chromium-review.googlesource.com/569439 Commit-Ready: Randall Spangler <rspangler@chromium.org> Tested-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
author: Randall Spangler <rspangler@chromium.org> 2017-07-11 16:30:27 -0700
committer: chrome-bot <chrome-bot@chromium.org> 2017-07-20 15:00:40 -0700
commit: 4809c70bbea8743cc7c1d382d7510ed937dce914 (patch)
tree: d4e36de78e911f9a6bbbef6ad6abf31c8717b0f9 /board/cr50/board.c
parent: 2ef78186c980120560123b149d7092a51edbeb98 (diff)
download: chrome-ec-4809c70bbea8743cc7c1d382d7510ed937dce914.tar.gz
1 files changed, 34 insertions, 1 deletions
diff --git a/board/cr50/board.c b/board/cr50/board.c
index 5e989ac875..f3e3f59dcf 100644
--- a/board/cr50/board.c
+++ b/board/cr50/board.c
@@ -3,6 +3,7 @@
  * found in the LICENSE file.
  */
 #include "board_id.h"
+#include "case_closed_debug.h"
 #include "clock.h"
 #include "common.h"
 #include "console.h"
@@ -633,6 +634,8 @@ static void board_init(void)
 	nvmem_init();
 	/* Initialize the persistent storage. */
 	initvars();
+	/* Load case-closed debugging config */
+	ccd_config_init();
 
 	system_update_rollback_mask_with_both_imgs();
 
@@ -640,7 +643,7 @@ static void board_init(void)
 	GREG32(PMU, PWRDN_SCRATCH16) = 0xCAFECAFE;
 
 	/*
-	 * Call the function twice to make it hardde to glitch execution into
+	 * Call the function twice to make it harder to glitch execution into
 	 * passing the check when not supposed to.
 	 */
 	check_board_id_mismatch();
@@ -802,6 +805,16 @@ int is_sys_rst_asserted(void)
 		&& (gpio_get_level(GPIO_SYS_RST_L_OUT) == 0);
 }
 
+/**
+ * Reboot the AP
+ */
+void board_reboot_ap(void)
+{
+	assert_sys_rst();
+	msleep(20);
+	deassert_sys_rst();
+}
+
 void assert_ec_rst(void)
 {
 	GWRITE(RBOX, ASSERT_EC_RST, 1);
@@ -1395,6 +1408,26 @@ void i2cs_set_pinmux(void)
 	GWRITE_FIELD(PINMUX, EXITEN0, DIOA1, 1);   /* enable powerdown exit */
 }
 
+/**
+ * Return non-zero if this is the first boot of a board in the factory.
+ *
+ * This is used to determine whether the default CCD configuration will be RMA
+ * (things are unlocked for factory) or normal (things locked down because not
+ * in factory).
+ *
+ * Suggested checks:
+ * - If the board ID exists, this is not the first boot
+ * - If the TPM is not blank, this is not the first boot
+ */
+int board_is_first_factory_boot(void)
+{
+	/*
+	 * TODO(rspangler): Add checks for factory boot.  For now, always
+	 * return 0 so we're safely locked by default.
+	 */
+	return 0;
+}
+
 /* Determine key type based on the key ID. */
 static const char *key_type(uint32_t key_id)
 {
author	Randall Spangler <rspangler@chromium.org>	2017-07-11 16:30:27 -0700
committer	chrome-bot <chrome-bot@chromium.org>	2017-07-20 15:00:40 -0700
commit	4809c70bbea8743cc7c1d382d7510ed937dce914 (patch)
tree	d4e36de78e911f9a6bbbef6ad6abf31c8717b0f9 /board/cr50/board.c
parent	2ef78186c980120560123b149d7092a51edbeb98 (diff)
download	chrome-ec-4809c70bbea8743cc7c1d382d7510ed937dce914.tar.gz