diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2020-06-15 17:01:59 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-06-16 20:56:22 +0000 |
| commit | d61ca497127ee518d65b26975cf3fadd62bc0a9a (patch) | |
| tree | b1564523d41017fe1756169275641fe9a25e9822 /board/cr50/board.h | |
| parent | 770e5cecfdc2ddd761b5b1cdb78e29c936e6cb92 (diff) | |
| download | chrome-ec-d61ca497127ee518d65b26975cf3fadd62bc0a9a.tar.gz | |
cr50/board: add board-local FIPS setting
Implement board-local configuraration of FIPS 140-2/3 policy as
complementary to FWMP policy. This is intended mostly for lab
testing and dogfooding, when FWMP policy is not feasible.
board_fips_enforced() returns status of FIPS from FWMP and NVRAM
and caches state to avoid expensive operations later.
BUG=b:138577491
TEST=manual, make buildall -j
Actual test command to be added in upcoming CLs
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I8fa651e56e6e76a87bbc4dd911e7a8c0546e7e0f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2247112
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'board/cr50/board.h')
| -rw-r--r-- | board/cr50/board.h | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/board/cr50/board.h b/board/cr50/board.h index b9dc15e988..8df52981a8 100644 --- a/board/cr50/board.h +++ b/board/cr50/board.h @@ -5,6 +5,7 @@ #ifndef __CROS_EC_BOARD_H #define __CROS_EC_BOARD_H +#include <stdbool.h> #define CONFIG_LTO @@ -243,6 +244,7 @@ enum nvmem_vars { NVMEM_VAR_U2F_SALT, NVMEM_VAR_CCD_CONFIG, NVMEM_VAR_G2F_SALT, + NVMEM_VAR_FIPS_CONFIG, NVMEM_VARS_COUNT }; @@ -322,6 +324,16 @@ int board_has_ec_cr50_comm_support(void); int board_id_is_mismatched(void); /* Allow for deep sleep to be enabled on AP shutdown */ int board_deep_sleep_allowed(void); +/* indicates completion of power-up tests earlier */ +bool board_fips_power_up_done(void); + +/** + * Set status of FIPS power-up tests on wake from sleep + * + * @param asserted: 0 power-up tests should run on resume, otherwise can be + * skipped + */ +void board_set_fips_policy_test(bool asserted); void power_button_record(void); @@ -349,6 +361,11 @@ int board_wipe_tpm(int reset_required); int board_is_first_factory_boot(void); int board_fwmp_fips_mode_enabled(void); +/* set FIPS policy for board in NVRAM (independent of FWMP) */ +void board_set_local_fips_policy(bool asserted); +/* return non zero if FIPS mode enforced in FWMP or NVRAM */ +bool board_fips_enforced(void); + int usb_i2c_board_enable(void); void usb_i2c_board_disable(void); |