cr50: Disable CCD on board ID mismatch

If there is a board ID mismatch and rollback is not possible Cr50
firmware will enter a limited mode which only support Cr50 firmware
upgrade.  All other features must be disabled, because it is not
possible to know which features should be allowed on the mismatched
board.

See go/cr50-ccd-wp for more information.

BUG=b:62537474
BRANCH=cr50
TEST=manual with CR50_DEV=1 build, define CONFIG_CMD_CCDDISABLE
     ccdinfo --> state=opened
     ccddisable --> state=locked(disabled), all capabilities disabled
     ccdunlock --> access denied
     ccdopen --> access denied
     ccdreset --> access denied
     ccdpassword --> access denied
     ccdset --> access denied
     ccdoops
     ccdinfo --> state=opened, back to defaults

Change-Id: Idb66fb1f3d5106aa0c2cb6addf2404ea9942b0d6
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/590070
Reviewed-by: Mary Ruthven <mruthven@chromium.org>

1 files changed, 9 insertions, 0 deletions

diff --git a/include/case_closed_debug.h b/include/case_closed_debug.h
index 77ad0f496f..2283d6474d 100644
--- a/include/case_closed_debug.h
+++ b/include/case_closed_debug.h
@@ -183,4 +183,13 @@ int ccd_is_cap_enabled(enum ccd_capability cap);
  */
 enum ccd_state ccd_get_state(void);
 
+/**
+ * Force CCD disabled.
+ *
+ * This should be called if security checks fail and for some reason the board
+ * can't immediately reboot.  It locks CCD and disables all CCD capabilities
+ * until reboot.
+ */
+void ccd_disable(void);
+
 #endif /* __CROS_EC_CASE_CLOSED_DEBUG_H */