diff options
| author | Randall Spangler <rspangler@chromium.org> | 2017-07-13 14:19:06 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-07-27 19:56:22 -0700 |
| commit | 89184dbc8dd43672683c8a14dc1733c9e324af77 (patch) | |
| tree | 872b752441c812b4e6713d5b12d843d6a04bc61c /board/cr50/wp.h | |
| parent | 424000159ea540beb6ac4a9274c16b96344ed04b (diff) | |
| download | chrome-ec-89184dbc8dd43672683c8a14dc1733c9e324af77.tar.gz | |
cr50: restrict console and control WP via CCD config
The WP command is now controlled by CCD configuration (ccdset
wpoverride). In addition to enabling/disabling/following battery for
the current boot (counting deep sleep resume), it is also possible to
set the WP override at boot. That's needed to support persistently
disabling WP for RMA without needing to persistently remove the
battery.
Restricted console commands are now controlled by CCD configuration
(ccdset cr50fullconsole).
The old 'lock' console command has been removed, now that
ccdopen/ccdunlock/ccdlock replace it.
The old TPM vendor commands for set_lock is gone; it will be replaced
by CCD configuration TPM vendor commands in a subsequent CL. The
get_lock command still exists, but only reports the console lock
state; it will be removed too.
See go/cr50-ccd-wp for more information.
BUG=b:62537474
BRANCH=cr50
TEST=manual with CR50_DEV=1 build
ccdinfo --> State = Opened, WPOverride = default(IfOpened)
plug in battery (or jumper DIOM2 to ground on a dev board)
gpioget --> make sure GPIO_BATT_PRES_L=0
wp --> enabled, at boot follow battery
remove battery (or jumper DIOM2 to JTAG pin3 on a dev board)
gpioget --> make sure GPIO_BATT_PRES_L=1
wp --> disabled, at boot follow battery
wp enable --> forced enabled, at boot follow battery
idle d
(wait for restart)
wp --> forced enabled, at boot follow battery
reboot
wp --> disabled, at boot follow battery
plug in battery (or jumper DIOM2 to ground on a dev board)
wp --> enabled, at boot follow battery
wp disable --> forced disabled, at boot follow battery
idle d
(wait for restart)
wp --> forced disabled, at boot follow battery
reboot
wp --> enabled, at boot follow battery
wp disable atboot --> forced disabled, at boot forced disabled
reboot
wp --> forced disabled, at boot forced disabled
wp enable --> forced enabled, at boot forced disabled
idle d
(wait for restart)
wp --> forced enabled, at boot forced disabled
wp follow_batt_pres --> enabled, at boot forced disabled
wp follow_batt_pres atboot --> enabled, at boot follow battery
ccdunlock
wp disable --> access denied
help --> commands like 'crash' are disabled
ccdoops
ccdset cr50fullconsole unlesslocked
ccdset wpoverride always
ccdunlock
help --> commands like 'crash' are still enabled
ccdlock
help --> commands like 'crash' are disabled
wp disable --> forced disabled
ccdoops
Change-Id: Ic441f490bdd7a19dd646fe8338e5d608b42ce72c
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/575997
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Diffstat (limited to 'board/cr50/wp.h')
| -rw-r--r-- | board/cr50/wp.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/board/cr50/wp.h b/board/cr50/wp.h index 10169b793a..ff0cb174b5 100644 --- a/board/cr50/wp.h +++ b/board/cr50/wp.h @@ -9,6 +9,13 @@ #include "common.h" /** + * Initialize write protect state. + * + * Must be called after case-closed debugging is initialized. + */ +void init_wp_state(void); + +/** * Set the current write protect state in RBOX and long life scratch register. * * @param asserted: 0 to disable write protect, otherwise enable write protect. |