cr50: use board_wipe_tpm to clear the tpm

We were clearing the tpm in two different ways. There was one
implementation in factory_mode.c and one in wp.c. This change merges the
two, so there's only one board_wipe_tpm.

While modifying the wipe tpm code from factory_mode.c I noticed the
factory_enable_failed stuff is maybe a bit more complicated than
necessary. I opened a bug for cleaning that up(b/129956462). It wont be
addressed in this change.

BUG=none
BRANCH=none
TEST=Run the processes that wipe the tpm
	open ccd.

	enable factory mode from vendor command.

	run rma open process

Change-Id: Ia76df19f7d9e4f308f3f1a7175f130f1ef7249a2
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1535156
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>

3 files changed, 32 insertions, 18 deletions

diff --git a/board/cr50/board.c b/board/cr50/board.c
index e7482a9577..5de77ddf35 100644
--- a/board/cr50/board.c
+++ b/board/cr50/board.c
@@ -957,7 +957,7 @@ void board_reboot_ap(void)
 /**
  * Reboot the EC
  */
-static void board_reboot_ec(void)
+void board_reboot_ec(void)
 {
 	if (board_uses_closed_loop_reset()) {
 		board_closed_loop_reset();
diff --git a/board/cr50/board.h b/board/cr50/board.h
index f6f2f5c9de..016cbc4607 100644
--- a/board/cr50/board.h
+++ b/board/cr50/board.h
@@ -341,8 +341,9 @@ int board_battery_is_present(void);
 int board_fwmp_allows_unlock(void);
 int board_vboot_dev_mode_enabled(void);
 void board_reboot_ap(void);
+void board_reboot_ec(void);
 void board_closed_loop_reset(void);
-int board_wipe_tpm(void);
+int board_wipe_tpm(int reset_required);
 int board_is_first_factory_boot(void);
 
 int usb_i2c_board_enable(void);
diff --git a/board/cr50/wp.c b/board/cr50/wp.c
index b3d50e4dad..0e2a4020af 100644
--- a/board/cr50/wp.c
+++ b/board/cr50/wp.c
@@ -7,6 +7,7 @@
 #include "console.h"
 #include "crc8.h"
 #include "extension.h"
+#include "flash_log.h"
 #include "gpio.h"
 #include "hooks.h"
 #include "registers.h"
@@ -303,23 +304,18 @@ void init_wp_state(void)
 /**
  * Wipe the TPM
  *
+ * @param reset_required: reset the system after wiping the TPM.
+ *
  * @return EC_SUCCESS, or non-zero if error.
  */
-int board_wipe_tpm(void)
+int board_wipe_tpm(int reset_required)
 {
 	int rc;
 
-	/*
-	 * Blindly zapping the TPM space while the AP is awake and poking at
-	 * it will bork the TPM task and the AP itself, so force the whole
-	 * system off by holding the EC in reset.
-	 */
-	CPRINTS("%s: force EC off", __func__);
-	assert_ec_rst();
-
 	/* Wipe the TPM's memory and reset the TPM task. */
 	rc = tpm_reset_request(1, 1);
 	if (rc != EC_SUCCESS) {
+		flash_log_add_event(FE_LOG_TPM_WIPE_ERROR, 0, NULL);
 		/*
 		 * If anything goes wrong (which is unlikely), we REALLY don't
 		 * want to unlock the console. It's possible to fail without
@@ -332,22 +328,39 @@ int board_wipe_tpm(void)
 			     SYSTEM_RESET_HARD);
 
 		/*
-		 * That should never return, but if it did, release EC reset
-		 * and pass through the error we got.
+		 * That should never return, but if it did, reset the EC and
+		 * through the error we got.
 		 */
-		deassert_ec_rst();
+		board_reboot_ec();
 		return rc;
 	}
 
+	/*
+	 * TPM was wiped out successfully, let's prevent further communications
+	 * from the AP until next reboot. The reboot will be triggered below if
+	 * a reset is requested. If we aren't resetting the system now, the TPM
+	 * will stay disabled until the user resets the system.
+	 * This should be done as soon as possible after tpm_reset_request
+	 * completes.
+	 */
+	tpm_stop();
+
 	CPRINTS("TPM is erased");
 
 	/* Tell the TPM task to re-enable NvMem commits. */
 	tpm_reinstate_nvmem_commits();
 
-	/* Let the rest of the system boot. */
-	CPRINTS("%s: release EC reset", __func__);
-	deassert_ec_rst();
-
+	/*
+	 * Use board_reboot_ec to ensure the system resets instead of
+	 * deassert_ec_reset. Some boards don't reset immediately when EC_RST_L
+	 * is asserted. board_reboot_ec will ensure the system has actually
+	 * reset before releasing it. If the system has a normal reset scheme,
+	 * EC reset will be released immediately.
+	 */
+	if (reset_required) {
+		CPRINTS("%s: reset EC", __func__);
+		board_reboot_ec();
+	}
 	return EC_SUCCESS;
 }