cr50: add U2F support

Implement U2F (universal second factor authentication) feature
over TPM vendor commands.
The raw U2F APDU as defined by the FIDO Alliance 'U2F Raw Message Formats'
specification can be sent using the VENDOR_CC_U2F_APDU command.
So the vendor command is taking a ISO7816-4:2005 APDU format frame as input
as defined by the spec and returns another APDU using ISO7816-4 status
code.

The APDU is processed by the common U2F code using u2f_apdu_rcv(),
this hardware specific code provides:
- the user physical presence detection (done by the power button press)
  returned by the pop_check_presence() callback.
- the connection to the cryptographic hardware to generate/derive the
  keys used by the U2F and individual attestation functions.

This feature/vendor command has 3 modes:
- disabled
- U2F (only the commands/flags defined by the U2F specification)
- G2F (the U2F commands plus some extensions for individual attestation)

Signed-off-by: Vincent Palatin <vpalatin@chromium.org>

BRANCH=cr50
BUG=b:35545754
TEST=pass U2FTest and HIDTest.

Change-Id: Ic2591f369763fb4ba67926e2b4a0c2cd35330a18
Reviewed-on: https://chromium-review.googlesource.com/518139
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>

1 files changed, 1 insertions, 0 deletions

diff --git a/board/cr50/build.mk b/board/cr50/build.mk
index ed2f475827..1e882e9876 100644
--- a/board/cr50/build.mk
+++ b/board/cr50/build.mk
@@ -49,6 +49,7 @@ board-y += tpm2/tpm_state.o
 board-y += tpm2/trng.o
 board-y += tpm_nvmem_read.o
 board-y += wp.o
+board-$(CONFIG_U2F) += u2f.o
 
 # Build and link with an external library
 EXTLIB := $(realpath ../../third_party/tpm2)