diff options
author | Craig Hesling <hesling@chromium.org> | 2020-01-08 15:41:16 -0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2020-02-06 06:57:39 +0000 |
commit | 127975b6c3efe77b6e92af6b153504c2607d5a07 (patch) | |
tree | eefaa0d3c947c27ff926c9021eb5edb0b955da08 /board/nocturne_fp/gpio.inc | |
parent | 50d7dd999f709669fe965cda68b753c3ee4602e2 (diff) | |
download | chrome-ec-127975b6c3efe77b6e92af6b153504c2607d5a07.tar.gz |
nocturne_fp: Add fix for legacy reset loop
This patch mitigates an infinite reset loop caused by an RO bug.
The reset occurs in RO when hardware write protect (wp_gpio_asserted)
is disabled, but software write protect (ro_now) is still enabled.
This can be seen by disabling hardware write protect and issuing
a soft reset.
There is one case where RO will forgo issuing this system reset.
That is when it detects a power on reset. Furthermore, it retrieves
its reset flags from the main system_get_reset_flags function, which
combines hardware reset registers AND a special RTC backup register
designed to preserve reset flags.
We exploit this reset backup register mechanism to inject a fake power-on
flag before resetting. As an added bonus, we also inject an ap-off flag
so that we can determine on startup if the power-on flag is real
or forged by this mechanism. If we detect that the power-on flag was
forged, we print a warning and fix the current reset flags.
In order to ensure that a power-on will be forged when
a spurious reset happens (exception or pin reset), we keep
the backup register loaded with the power-on and ap-off reset flags,
when the hardware write protect is disabled.
In order to keep the typical code path (HW+SW WP enabled)
clear of complexity and false power-on reports, we only forge
the power-on flag when hardware write protect is disabled.
Thus, we conditionally setup the forge on startup and setup an
interrupt handler to catch changes to the hardware write protect status.
It is safe to use ap-off flag for our nefarious purposes, since
the fingerprint controller has no functionality to control an AP
and has no included code that uses this reset flag.
Review:
* Normal power on reset --> The ap-off flag should be cleared
* Forged power on reset --> We set the ap-off flag
Scenarios covered:
* True power on --> No reset loop and ap-off would not be set
* HW reset pulse --> We preloaded ap-off and power-on flags in
the reset backup register
* Exception/Watchdog --> Same as above
* System reboot --> We modified the system_reset function to
add ap-off and power-on to reset backup
register
BRANCH=nocturne,hatch
BUG=b:146428434
TEST=make buildall -j
TEST=Checked all of the scenarios mentioned above
in the [SW-WP off + HW-WP off], [SW-WP on + HW-WP on],
and [SW-WP on + HW-WP off] situations using the nucleo-h743zi
board (https://crrev.com/c/1994624).
TEST=Checked all of the previous using nocturne_fp board on nucleo-h743zi
TEST=Checked stable RO+fixed-RW on Kohaku
Change-Id: I89361fa95be8eafe78c80c30f5b3195d7a724f81
Signed-off-by: Craig Hesling <hesling@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1992740
Reviewed-by: Tom Hughes <tomhughes@chromium.org>
Diffstat (limited to 'board/nocturne_fp/gpio.inc')
-rw-r--r-- | board/nocturne_fp/gpio.inc | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/board/nocturne_fp/gpio.inc b/board/nocturne_fp/gpio.inc index 7e0faa1b36..a76f82cf94 100644 --- a/board/nocturne_fp/gpio.inc +++ b/board/nocturne_fp/gpio.inc @@ -10,10 +10,16 @@ GPIO_INT(SPI1_NSS, PIN(A, 4), GPIO_INPUT, spi_event) GPIO_INT(PCH_SLP_S0_L, PIN(D,13), GPIO_INT_BOTH, slp_event) GPIO_INT(PCH_SLP_S3_L, PIN(A,11), GPIO_INT_BOTH, slp_event) + +#if defined(APPLY_RESET_LOOP_FIX) && defined(SECTION_IS_RW) +GPIO_INT(WP, PIN(B, 7), GPIO_INT_BOTH, wp_event) +#endif + GPIO(PCH_SLP_S4_L, PIN(D, 8), GPIO_INPUT) GPIO(PCH_SLP_SUS_L, PIN(D, 3), GPIO_INPUT) - +#if !(defined(APPLY_RESET_LOOP_FIX) && defined(SECTION_IS_RW)) GPIO(WP, PIN(B, 7), GPIO_INPUT) +#endif /* Outputs */ GPIO(EC_INT_L, PIN(A, 1), GPIO_OUT_HIGH) |