diff options
| author | Vadim Bendebury <vbendeb@chromium.org> | 2017-10-19 18:53:41 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-10-24 12:57:45 -0700 |
| commit | aeb0c8e4b90e6f5b9a2aaba776e4ed3db675e073 (patch) | |
| tree | a42c6e90faf8b725aee81ed40fc280fd96f64785 /common/ccd_config.c | |
| parent | 708f6f1f21d4cee970c6bf7dadefee3936af228d (diff) | |
| download | chrome-ec-aeb0c8e4b90e6f5b9a2aaba776e4ed3db675e073.tar.gz | |
rma: process proper auth code
When RMA process has been initialized and the user entered the
expected authentication code value, the Cr50 needs to wipe out TPM
memory, open and unlock CCD and reboot the device.
This patch adds a function to accomplish that. User response is
validated on the TPM task context, and TPM reset request also requires
TPM task processing. To decouple response processing from the
following reset, the response processing is handled by a hook task
callback, delayed for 1s to make sure that user receives the response.
After TPM has successfully reset the CCD is reinitialized with RMA
'opened' and the device is rebooted.
Just in case something goes wrong with the unlock and the hook is not
invoked, add a 10s deferred function to take the EC out of reset so
that the device still can reboot.
BRANCH=none
BUG=b:67007905
TEST=on a Bob device:
- on the Cr50 console enter 'ccd lock', verify that ccd is locked
(by examining output of the 'ccd' command)
- at the bash prompt enter gsctool -r -s -t, copy the
authentication code from the Cr50 console and pass it to gsctool.
- observe the device reset TPM wiping out its memory, enable CCD
and reboot.
Change-Id: I6fafb5e642cb2b6f2040507a7f1989607fd31316
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/729983
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Diffstat (limited to 'common/ccd_config.c')
| -rw-r--r-- | common/ccd_config.c | 23 |
1 files changed, 1 insertions, 22 deletions
diff --git a/common/ccd_config.c b/common/ccd_config.c index ee3e6adb9e..8b60a1e84b 100644 --- a/common/ccd_config.c +++ b/common/ccd_config.c @@ -93,21 +93,6 @@ struct ccd_capability_info { enum ccd_capability_state default_state; }; -/* Flags for ccd_reset_config() */ -enum ccd_reset_config_flags { - /* Also reset test lab flag */ - CCD_RESET_TEST_LAB = (1 << 0), - - /* Only reset Always/UnlessLocked settings */ - CCD_RESET_UNLOCKED_ONLY = (1 << 1), - - /* Use RMA/factory defaults */ - CCD_RESET_RMA = (1 << 2) -}; - -/* Forward declarations of static functions */ -static int ccd_reset_config(unsigned flags); - /* Nvmem variable name for CCD config */ static const uint8_t k_ccd_config = NVMEM_VAR_CCD_CONFIG; @@ -454,13 +439,7 @@ static int ccd_set_cap(enum ccd_capability cap, enum ccd_capability_state state) return ccd_save_config(); } -/** - * Reset CCD config to defaults. - * - * @param flags Reset flags (see enum ccd_reset_config_flags) - * @return EC_SUCCESS, or non-zero if error. - */ -static int ccd_reset_config(unsigned flags) +int ccd_reset_config(unsigned int flags) { int old_lab = ccd_get_flag(CCD_FLAG_TEST_LAB); |