cr50: Add case closed debugging V1 configuration

This adds the CCD configuration module, and the console commands to
control it.  It is not wired up to any of the CCD capabilities; that's
coming in the next CL.

Briefly:
* CCD configuration is persistently stored in nvmem_vars.  Use ccdinfo to
  print it.
* CCD can be Locked, Unlocked (some capabilities), or Opened
  (all capabilities), using the ccdlock / ccdunlock / ccdopen commands.
* CCD config can be restricted by setting a password via ccdpass.
* Individual config capabilities can be set via ccdset.  Some of those will
  be used to gate access to things like write protect and UARTs.  Others
  affect the requirements for ccdunlock / ccdopen (for example, is physical
  presenc required).
* The entire config can be reset via ccdreset.  If only unlocked, config
  that is restricted to Opened is not reset.
* If CR50_DEV=1, ccdoops will force-reset and open the config.

See go/cr50-ccd-wp for more information.

BUG=b:62537474
BRANCH=none
TEST=manual with CR50_DEV=1 build
	gpioget # make sure GPIO_BATT_PRES_L=0

	ccdlock # lock, because CR50_DEV=1 builds start unlocked

	ccdinfo # locked, flags=0, all capabilities default
	ccdpass # access denied (we're locked)
	ccdreset # access denied
	ccdset flashap always # access denied

	ccdunlock
	ccdinfo # unlocked
	ccdpass foo
	ccdinfo # flags=2 (password set when unlocked)
	ccdset flashap always # access denied
	ccdset uartectx unlesslocked
	ccdinfo # yes, uartectx permission changed
	ccdlock

	ccdunlock # fails without password
	ccdunlock bar # wrong password
	ccdunlock foo # busy
	(wait 3 sec)
	ccdunlock foo
	ccdreset
	ccdinfo # no password, flags 0, capabilities all default

	ccdopen # requires physical presence; tap power or use 'pp'
	ccdset uartectx unlesslocked
	ccdset batterybypasspp ifopened
	ccdpass baz
	ccdinfo # password set, flag 0, ccdset changes worked

	ccdunlock
	ccdreset
	ccdinfo # uartectx back to ifopened, password still set

	ccdopen baz # still requires physical presence
	ccdset opennolongpp always
	ccdlock
	ccdopen baz # no pp required
	ccdset unlocknoshortpp unlesslocked
	ccdlock
	ccdopen baz # short pp sequence required (3 taps)
	ccdlock
	ccdunlock baz # short pp sequence required
	ccdopen baz # pp not required
	ccdset unlocknoshortpp always
	ccdlock

	testlab open # access denied
	testlab enable # access denied
	ccdunlock baz
	testlab open # access denied
	testlab enable # access denied
	ccdopen baz
	testlab enable # requires short pp
	ccdinfo # flags 1

	ccdreset
	ccdinfo # no password, flags=1, caps all default
	ccdlock
	testlab open
	ccdinfo # opened
	testlab disable # requires short pp; let it time out
	ccdinfo # still opened, flags=1

	ccdlock
	ccdoops # backdoor in CR50_DEV images to force-reset CCD
	ccdinfo # opened, flags=0, all defaults (yes, oops wipes out testlab)

	ccdreset rma
	ccdinfo # flags = 0x400000, everything but Cr50FullConsole always
	ccdreset # back to flags=0, all default

Change-Id: I24e8d8f361874671e6e94f27492ae00db919bea9
Reviewed-on: https://chromium-review.googlesource.com/569439
Commit-Ready: Randall Spangler <rspangler@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>

1 files changed, 114 insertions, 0 deletions

diff --git a/include/case_closed_debug.h b/include/case_closed_debug.h
index c1f43dd4d3..0b2ec8b468 100644
--- a/include/case_closed_debug.h
+++ b/include/case_closed_debug.h
@@ -42,4 +42,118 @@ void ccd_phy_init(int enable_ccd);
  * Get current CCD mode.
  */
 enum ccd_mode ccd_get_mode(void);
+
+/******************************************************************************/
+/* New CCD "V1" configuration.  Eventually this will supersede the above code */
+
+/* Flags */
+enum ccd_flag {
+	/* Flags that can only be set internally; fill from bottom up */
+
+	/*
+	 * Test lab mode is enabled.  This MUST be in the first byte so that
+	 * it's in a constant position across all versions of CCD config.
+	 *
+	 * Note: This is used internally by CCD config.  Do NOT test this
+	 * to control other things; use capabilities for those.
+	 */
+	CCD_FLAG_TEST_LAB = (1 << 0),
+
+	/*
+	 * What state were we in when the password was set?
+	 * (0=opened, 1=unlocked)
+	 */
+	CCD_FLAG_PASSWORD_SET_WHEN_UNLOCKED = (1 << 1),
+
+	/* (flags in the middle are unused) */
+
+	/* Flags that can be set via ccd_set_flags(); fill from top down */
+
+	/* Override write protect at boot */
+	CCD_FLAG_OVERRIDE_WP_AT_BOOT = (1 << 22),
+
+	/*
+	 * If overriding WP at boot, set it to what value
+	 * (0=disabled, 1=enabled)
+	 */
+	CCD_FLAG_OVERRIDE_WP_STATE_ENABLED = (1 << 23),
+};
+
+/* Capabilities */
+enum ccd_capability {
+	/* AP and EC UART output and input */
+	CCD_CAP_AP_UART_OUTPUT = 0,
+	CCD_CAP_AP_UART_INPUT = 1,
+	CCD_CAP_EC_UART_OUTPUT = 2,
+	CCD_CAP_EC_UART_INPUT = 3,
+
+	/* Access to AP SPI flash */
+	CCD_CAP_AP_FLASH = 4,
+
+	/* Access to EC flash (SPI or internal) */
+	CCD_CAP_EC_FLASH = 5,
+
+	/* Override WP temporarily or at boot */
+	CCD_CAP_OVERRIDE_WP = 6,
+
+	/* Reboot EC or AP */
+	CCD_CAP_REBOOT_EC_AP = 7,
+
+	/* Cr50 restricted console commands */
+	CCD_CAP_CR50_RESTRICTED_CONSOLE = 8,
+
+	/* Allow ccd-unlock or ccd-open without AP reboot */
+	CCD_CAP_UNLOCK_WITHOUT_AP_REBOOT = 9,
+
+	/* Allow ccd-unlock or ccd-open without short physical presence */
+	CCD_CAP_UNLOCK_WITHOUT_SHORT_PP = 10,
+
+	/* Allow ccd-open without wiping TPM data */
+	CCD_CAP_OPEN_WITHOUT_TPM_WIPE = 11,
+
+	/* Allow ccd-open without long physical presence */
+	CCD_CAP_OPEN_WITHOUT_LONG_PP = 12,
+
+	/* Allow removing the battery to bypass physical presence requirement */
+	CCD_CAP_REMOVE_BATTERY_BYPASSES_PP = 13,
+
+	/* Allow Cr50 firmware update without wiping TPM data */
+	CCD_CAP_CR50_FW_UPDATE_WITHOUT_TPM_WIPE = 14,
+
+	/* Number of currently defined capabilities */
+	CCD_CAP_COUNT
+};
+
+/**
+ * Initialize CCD configuration at boot.
+ *
+ * This must be called before any command which gets/sets the configuration.
+ */
+void ccd_config_init(void);
+
+/**
+ * Get a single CCD flag.
+ *
+ * @param flag		Flag to get
+ * @return 1 if flag is set, 0 if flag is clear
+ */
+int ccd_get_flag(enum ccd_flag flag);
+
+/**
+ * Set a single CCD flag.
+ *
+ * @param flag		Flag to set
+ * @param value		New value for flag (0=clear, non-zero=set)
+ * @return EC_SUCCESS or non-zero error code.
+ */
+int ccd_set_flag(enum ccd_flag flag, int value);
+
+/**
+ * Check if a CCD capability is enabled in the current CCD mode
+ *
+ * @param cap		Capability to check
+ * @return 1 if capability is enabled, 0 if disabled
+ */
+int ccd_is_cap_enabled(enum ccd_capability cap);
+
 #endif /* __CROS_EC_CASE_CLOSED_DEBUG_H */