meowth_fp: Add rollback block

We add 2 128k regions for rollback protection (and storage of
local secret/key). The regions need to be that big as this is
the flash erase size on STM32H7. This leaves us with the
following flash layout:

RO:   768K @ 0x000000
RB1:  128K @ 0x0c0000
RB2:  128K @ 0x0e0000
RW:  1024K @ 0x100000

Unlike STM32F0, STM32H7 supports EC_FLASH_PROTECT_ALL_NOW, when
jumping to RW, so we do not really need separate
EC_FLASH_PROTECT_ROLLBACK_AT_BOOT/EC_FLASH_PROTECT_ROLLBACK_NOW
flags (nor RW_AT_BOOT/RW_NOW). Instead, we just lock all flash
erase/write access before jumping to RW.

BRANCH=none
BUG=b:111190988
TEST=> rollbackinfo
rollback minimum version: 0
RW rollback version: 0
rollback 0: 00000000 00000000 0b112233 [00..00] *
rollback 1: ffffffff ffffffff ffffffff [ff..ff]
> reboot
Quickly, in RO:
> rollbackupdate 2
> rollbackinfo
rollback minimum version: 2
RW rollback version: 0
rollback 0: 00000000 00000000 0b112233 [00..00]
rollback 1: 00000001 00000002 0b112233 [00..00] *

Change-Id: I34c543c3edd69085038bf09338071b5b3721eed3
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1127805
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Nicolas Norvez <norvez@chromium.org>

1 files changed, 62 insertions, 0 deletions

diff --git a/board/meowth_fp/board.h b/board/meowth_fp/board.h
index 77bf3fb0d3..30e35fc80b 100644
--- a/board/meowth_fp/board.h
+++ b/board/meowth_fp/board.h
@@ -14,6 +14,54 @@
  */
 #define CONFIG_SYSTEM_UNLOCKED
 
+/*
+ * Flash layout: we redefine the sections offsets and sizes as we want to
+ * include a rollback region, and will use RO/RW regions of different sizes.
+ */
+#undef _IMAGE_SIZE
+#undef CONFIG_ROLLBACK_OFF
+#undef CONFIG_ROLLBACK_SIZE
+#undef CONFIG_FLASH_PSTATE
+#undef CONFIG_FW_PSTATE_SIZE
+#undef CONFIG_FW_PSTATE_OFF
+#undef CONFIG_SHAREDLIB_SIZE
+#undef CONFIG_RO_MEM_OFF
+#undef CONFIG_RO_STORAGE_OFF
+#undef CONFIG_RO_SIZE
+#undef CONFIG_RW_MEM_OFF
+#undef CONFIG_RW_STORAGE_OFF
+#undef CONFIG_RW_SIZE
+#undef CONFIG_EC_PROTECTED_STORAGE_OFF
+#undef CONFIG_EC_PROTECTED_STORAGE_SIZE
+#undef CONFIG_EC_WRITABLE_STORAGE_OFF
+#undef CONFIG_EC_WRITABLE_STORAGE_SIZE
+#undef CONFIG_WP_STORAGE_OFF
+#undef CONFIG_WP_STORAGE_SIZE
+
+#define CONFIG_SHAREDLIB_SIZE   0
+
+#define CONFIG_RO_MEM_OFF       0
+#define CONFIG_RO_STORAGE_OFF   0
+#define CONFIG_RO_SIZE          (768*1024)
+
+/* EC rollback protection block */
+#define CONFIG_ROLLBACK_OFF (CONFIG_RO_MEM_OFF + CONFIG_RO_SIZE)
+#define CONFIG_ROLLBACK_SIZE (CONFIG_FLASH_BANK_SIZE * 2)
+
+#define CONFIG_RW_MEM_OFF	(CONFIG_ROLLBACK_OFF + CONFIG_ROLLBACK_SIZE)
+#define CONFIG_RW_STORAGE_OFF	0
+#define CONFIG_RW_SIZE		(CONFIG_FLASH_SIZE -			\
+				(CONFIG_RW_MEM_OFF - CONFIG_RO_MEM_OFF))
+
+#define CONFIG_EC_PROTECTED_STORAGE_OFF         CONFIG_RO_MEM_OFF
+#define CONFIG_EC_PROTECTED_STORAGE_SIZE        CONFIG_RO_SIZE
+#define CONFIG_EC_WRITABLE_STORAGE_OFF          CONFIG_RW_MEM_OFF
+#define CONFIG_EC_WRITABLE_STORAGE_SIZE         CONFIG_RW_SIZE
+
+#define CONFIG_WP_STORAGE_OFF           CONFIG_EC_PROTECTED_STORAGE_OFF
+#define CONFIG_WP_STORAGE_SIZE          CONFIG_EC_PROTECTED_STORAGE_SIZE
+
+
 /* the UART console is on USART1 */
 #undef CONFIG_UART_CONSOLE
 #define CONFIG_UART_CONSOLE 1
@@ -74,6 +122,20 @@
 #endif
 #define CONFIG_RWSIG_TYPE_RWSIG
 
+/*
+ * Add rollback protection
+ */
+#define CONFIG_ROLLBACK
+#define CONFIG_ROLLBACK_SECRET_SIZE 32
+/*
+ * We do not use any "locally" generated entropy: this is normally used
+ * to add local entropy when the main source of entropy is remote.
+ */
+#undef CONFIG_ROLLBACK_SECRET_LOCAL_ENTROPY_SIZE
+#ifdef SECTION_IS_RW
+#undef CONFIG_ROLLBACK_UPDATE
+#endif
+
 #define CONFIG_CMD_FLASH
 #define CONFIG_CMD_SPI_XFER