diff options
author | Vadim Bendebury <vbendeb@chromium.org> | 2022-11-07 17:48:04 -0800 |
---|---|---|
committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2022-11-14 21:44:15 +0000 |
commit | 5b46258340905c32aa5be7d0d5ad6ffad7bf71d9 (patch) | |
tree | 5d1c9b1df9cec4b59318514140c23ed5dd10f672 /include/tpm_vendor_cmds.h | |
parent | 42b8994d8cdfc87d2a30aba37032538b65aaf102 (diff) | |
download | chrome-ec-5b46258340905c32aa5be7d0d5ad6ffad7bf71d9.tar.gz |
gsctool: support setting CCD capabilitiesstabilize-15251.B-cr50_stabstabilize-15245.B-cr50_stab
It is necessary to allow the user to set certain capabilities using
gsctool. Which exactly capabilities can be set and to which values is
determined by the policies enforced by the chip, gsctool should
provide a generic way of setting any existing capability to any legal
value.
The 'AllowUnverifiedRo' capability stands out, because it might
require the operator's physical presence confirmation, similar to the
'ccd open' case.
A new vendor subcommand is being added to pass desired capability and
value to Ti50, as three byte payload the version, the capability and
the value. Version and value are mapped by Ti50 into the appropriate
enums.
All available capability names can be seen in the output of 'gsctool
-D -I', the accepted values are 'Default', 'IfOpened', and 'Always'.
The new functionality is achieved by allowing the 'I' command line
option to accept an optional argument, a string in the form of
'<capability name>:<desired value>', where both parts of the string
can be abbreviated and will be accepted case insensitive unless the
abbreviation is ambiguous.
Since this option is supported only by Ti50, gsctool will enforce the
default Ti50 USB device ID when running this command over USB and in
case of errors will remind the user that the setting capabilities is
not supported on Cr50.
BUG=b:257253538
TEST=tried running the command on Ti50 implementing support of the new
vendor subcommand.
# Attempt to set when CCD is locked
$ gsctool -D -I | grep State
State: Locked
$ gsctool -I UartGscRxAPTx:always
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Got error 7(NotAllowed)
# Attempt to set to the current value when CCD is open
$ gsctool -D -I | grep State
State: Opened
$ gsctool -I UartGscRxAPTx:always
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
# attempt to use ambiguous capability name
$ gsctool -I UartGscRx:always
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Ambiguous capability name
# Attempt to use incorrect value abbreviation
$ gsctool -I UartGscRxAPTx:x
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Unsupported capability value
# Various attempts to set AllowUnverifiedRo. Transitions from
# default -> ifOpened -> Always require PP, transitions in the
# opposite direction do not.
$ gsctool -I allow:d
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
$ gsctool -I allow:if
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Another press will be required!
Press PP button now!
Press PP button now!
Press PP button now!
Press PP button now!
Press PP button now!
Press PP button now!
Press PP button now!
PP Done!
$ gsctool -I allow:a
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Another press will be required!
Press PP button now!
Press PP button now!
Press PP button now!
Press PP button now!
Press PP button now!
Press PP button now!
PP Done!
$ gsctool -I allow:d
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
$
- also validated that misformatted capability/value combinations are
rejected as expected:
$ gsctool -I xyz:
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Misformatted capability parameter: xyz:
$ gsctool -I :xyz
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Misformatted capability parameter: :xyz
$ gsctool -I xyz
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Misformatted capability parameter: xyz
$ gsctool -I x:yz
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Unknown capability name
- tried setting capabilities when running on Brya, observed expected
error messages.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I803440501d0e3af3c2a645b52b42970b54695701
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4010705
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Diffstat (limited to 'include/tpm_vendor_cmds.h')
-rw-r--r-- | include/tpm_vendor_cmds.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/include/tpm_vendor_cmds.h b/include/tpm_vendor_cmds.h index 2be888c6a3..51f5143120 100644 --- a/include/tpm_vendor_cmds.h +++ b/include/tpm_vendor_cmds.h @@ -192,6 +192,9 @@ enum vendor_cmd_cc { VENDOR_CC_GET_AP_RO_VERIFY_SETTING = 62, VENDOR_CC_SET_AP_RO_VERIFY_SETTING = 63, + /* Ti50 only. */ + VENDOR_CC_SET_CAPABILITY = 64, + LAST_VENDOR_COMMAND = 65535, }; |