diff options
author | Vadim Bendebury <vbendeb@chromium.org> | 2019-07-31 11:06:13 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2019-08-10 16:55:19 -0700 |
commit | fb0eb4d1b932ba469f7385e42cf43f5a11f09c85 (patch) | |
tree | 73a4fb7328b0871cfd7cc81f732cd34e5c9009e3 /board/cr50 | |
parent | 023fb69d7ff6cb35bbe05708205f357133d9365b (diff) | |
download | chrome-ec-fb0eb4d1b932ba469f7385e42cf43f5a11f09c85.tar.gz |
cr50: use dedicated region for info1 accesses
The INFO1 flash space is used for various purposes (endorsement key
seed, Board ID and flags, serial number, etc.).
Accessing these spaces in INFO1 is accompanied by managing the flash
region registers, each time opening a window of the appropriate size,
with appropriate permissions, etc,
In fact none of these spaces contain a secret, to simplify things and
preventing situations when concurrent accesses change the flash range
window settings lets dedicate previously unused Region 7 register file
to providing always open read access to INFO1.
Write access will be enabled/disabled as required. In prod images
write accesses will always happen from the vendor command context. In
DBG images CLI commands will also have write access to INFO1.
INFO1 window is accessed by other H1 based devices as well, this is
why it is necessary to enable the window in the common chip code.
BRANCH=cr50, cr50-mp
BUG=b:138256149
TEST=the firmware_Cr50SetBoardId test now passes on Mistral.
Cq-Depend: chrome-internal:1577866, chrome-internal:1581327
Change-Id: Id27348f3b04191f1b3b60fd838d06009f756baa2
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1730147
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Diffstat (limited to 'board/cr50')
-rw-r--r-- | board/cr50/tpm2/endorsement.c | 12 |
1 files changed, 0 insertions, 12 deletions
diff --git a/board/cr50/tpm2/endorsement.c b/board/cr50/tpm2/endorsement.c index a9751d43fb..4167fe0745 100644 --- a/board/cr50/tpm2/endorsement.c +++ b/board/cr50/tpm2/endorsement.c @@ -443,11 +443,6 @@ static int store_cert(enum cros_perso_component_type component_type, return 0; } -static void flash_info_read_disable(void) -{ - GREG32(GLOBALSEC, FLASH_REGION7_CTRL) = 0; -} - static void flash_cert_region_enable(void) { /* Enable R access to CERT block. */ @@ -472,10 +467,6 @@ static int get_decrypted_eps(uint8_t eps[PRIMARY_SEED_SIZE]) if (!DCRYPTO_ladder_compute_frk2(K_CROS_FW_MAJOR_VERSION, frk2)) return 0; - /* Setup flash region mapping. */ - flash_info_read_enable(FLASH_INFO_MANUFACTURE_STATE_OFFSET, - FLASH_INFO_MANUFACTURE_STATE_SIZE); - for (i = 0; i < INFO1_EPS_SIZE; i += sizeof(uint32_t)) { uint32_t word; @@ -487,9 +478,6 @@ static int get_decrypted_eps(uint8_t eps[PRIMARY_SEED_SIZE]) memcpy(eps + i, &word, sizeof(word)); } - /* Remove flash region mapping. */ - flash_info_read_disable(); - /* One-time-pad decrypt EPS. */ for (i = 0; i < PRIMARY_SEED_SIZE; i++) eps[i] ^= frk2[i]; |