diff options
author | Randall Spangler <rspangler@chromium.org> | 2017-07-11 16:30:27 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2017-07-20 15:00:40 -0700 |
commit | 4809c70bbea8743cc7c1d382d7510ed937dce914 (patch) | |
tree | d4e36de78e911f9a6bbbef6ad6abf31c8717b0f9 /include | |
parent | 2ef78186c980120560123b149d7092a51edbeb98 (diff) | |
download | chrome-ec-4809c70bbea8743cc7c1d382d7510ed937dce914.tar.gz |
cr50: Add case closed debugging V1 configuration
This adds the CCD configuration module, and the console commands to
control it. It is not wired up to any of the CCD capabilities; that's
coming in the next CL.
Briefly:
* CCD configuration is persistently stored in nvmem_vars. Use ccdinfo to
print it.
* CCD can be Locked, Unlocked (some capabilities), or Opened
(all capabilities), using the ccdlock / ccdunlock / ccdopen commands.
* CCD config can be restricted by setting a password via ccdpass.
* Individual config capabilities can be set via ccdset. Some of those will
be used to gate access to things like write protect and UARTs. Others
affect the requirements for ccdunlock / ccdopen (for example, is physical
presenc required).
* The entire config can be reset via ccdreset. If only unlocked, config
that is restricted to Opened is not reset.
* If CR50_DEV=1, ccdoops will force-reset and open the config.
See go/cr50-ccd-wp for more information.
BUG=b:62537474
BRANCH=none
TEST=manual with CR50_DEV=1 build
gpioget # make sure GPIO_BATT_PRES_L=0
ccdlock # lock, because CR50_DEV=1 builds start unlocked
ccdinfo # locked, flags=0, all capabilities default
ccdpass # access denied (we're locked)
ccdreset # access denied
ccdset flashap always # access denied
ccdunlock
ccdinfo # unlocked
ccdpass foo
ccdinfo # flags=2 (password set when unlocked)
ccdset flashap always # access denied
ccdset uartectx unlesslocked
ccdinfo # yes, uartectx permission changed
ccdlock
ccdunlock # fails without password
ccdunlock bar # wrong password
ccdunlock foo # busy
(wait 3 sec)
ccdunlock foo
ccdreset
ccdinfo # no password, flags 0, capabilities all default
ccdopen # requires physical presence; tap power or use 'pp'
ccdset uartectx unlesslocked
ccdset batterybypasspp ifopened
ccdpass baz
ccdinfo # password set, flag 0, ccdset changes worked
ccdunlock
ccdreset
ccdinfo # uartectx back to ifopened, password still set
ccdopen baz # still requires physical presence
ccdset opennolongpp always
ccdlock
ccdopen baz # no pp required
ccdset unlocknoshortpp unlesslocked
ccdlock
ccdopen baz # short pp sequence required (3 taps)
ccdlock
ccdunlock baz # short pp sequence required
ccdopen baz # pp not required
ccdset unlocknoshortpp always
ccdlock
testlab open # access denied
testlab enable # access denied
ccdunlock baz
testlab open # access denied
testlab enable # access denied
ccdopen baz
testlab enable # requires short pp
ccdinfo # flags 1
ccdreset
ccdinfo # no password, flags=1, caps all default
ccdlock
testlab open
ccdinfo # opened
testlab disable # requires short pp; let it time out
ccdinfo # still opened, flags=1
ccdlock
ccdoops # backdoor in CR50_DEV images to force-reset CCD
ccdinfo # opened, flags=0, all defaults (yes, oops wipes out testlab)
ccdreset rma
ccdinfo # flags = 0x400000, everything but Cr50FullConsole always
ccdreset # back to flags=0, all default
Change-Id: I24e8d8f361874671e6e94f27492ae00db919bea9
Reviewed-on: https://chromium-review.googlesource.com/569439
Commit-Ready: Randall Spangler <rspangler@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/case_closed_debug.h | 114 | ||||
-rw-r--r-- | include/config.h | 4 | ||||
-rw-r--r-- | include/hooks.h | 9 | ||||
-rw-r--r-- | include/link_defs.h | 4 |
4 files changed, 131 insertions, 0 deletions
diff --git a/include/case_closed_debug.h b/include/case_closed_debug.h index c1f43dd4d3..0b2ec8b468 100644 --- a/include/case_closed_debug.h +++ b/include/case_closed_debug.h @@ -42,4 +42,118 @@ void ccd_phy_init(int enable_ccd); * Get current CCD mode. */ enum ccd_mode ccd_get_mode(void); + +/******************************************************************************/ +/* New CCD "V1" configuration. Eventually this will supersede the above code */ + +/* Flags */ +enum ccd_flag { + /* Flags that can only be set internally; fill from bottom up */ + + /* + * Test lab mode is enabled. This MUST be in the first byte so that + * it's in a constant position across all versions of CCD config. + * + * Note: This is used internally by CCD config. Do NOT test this + * to control other things; use capabilities for those. + */ + CCD_FLAG_TEST_LAB = (1 << 0), + + /* + * What state were we in when the password was set? + * (0=opened, 1=unlocked) + */ + CCD_FLAG_PASSWORD_SET_WHEN_UNLOCKED = (1 << 1), + + /* (flags in the middle are unused) */ + + /* Flags that can be set via ccd_set_flags(); fill from top down */ + + /* Override write protect at boot */ + CCD_FLAG_OVERRIDE_WP_AT_BOOT = (1 << 22), + + /* + * If overriding WP at boot, set it to what value + * (0=disabled, 1=enabled) + */ + CCD_FLAG_OVERRIDE_WP_STATE_ENABLED = (1 << 23), +}; + +/* Capabilities */ +enum ccd_capability { + /* AP and EC UART output and input */ + CCD_CAP_AP_UART_OUTPUT = 0, + CCD_CAP_AP_UART_INPUT = 1, + CCD_CAP_EC_UART_OUTPUT = 2, + CCD_CAP_EC_UART_INPUT = 3, + + /* Access to AP SPI flash */ + CCD_CAP_AP_FLASH = 4, + + /* Access to EC flash (SPI or internal) */ + CCD_CAP_EC_FLASH = 5, + + /* Override WP temporarily or at boot */ + CCD_CAP_OVERRIDE_WP = 6, + + /* Reboot EC or AP */ + CCD_CAP_REBOOT_EC_AP = 7, + + /* Cr50 restricted console commands */ + CCD_CAP_CR50_RESTRICTED_CONSOLE = 8, + + /* Allow ccd-unlock or ccd-open without AP reboot */ + CCD_CAP_UNLOCK_WITHOUT_AP_REBOOT = 9, + + /* Allow ccd-unlock or ccd-open without short physical presence */ + CCD_CAP_UNLOCK_WITHOUT_SHORT_PP = 10, + + /* Allow ccd-open without wiping TPM data */ + CCD_CAP_OPEN_WITHOUT_TPM_WIPE = 11, + + /* Allow ccd-open without long physical presence */ + CCD_CAP_OPEN_WITHOUT_LONG_PP = 12, + + /* Allow removing the battery to bypass physical presence requirement */ + CCD_CAP_REMOVE_BATTERY_BYPASSES_PP = 13, + + /* Allow Cr50 firmware update without wiping TPM data */ + CCD_CAP_CR50_FW_UPDATE_WITHOUT_TPM_WIPE = 14, + + /* Number of currently defined capabilities */ + CCD_CAP_COUNT +}; + +/** + * Initialize CCD configuration at boot. + * + * This must be called before any command which gets/sets the configuration. + */ +void ccd_config_init(void); + +/** + * Get a single CCD flag. + * + * @param flag Flag to get + * @return 1 if flag is set, 0 if flag is clear + */ +int ccd_get_flag(enum ccd_flag flag); + +/** + * Set a single CCD flag. + * + * @param flag Flag to set + * @param value New value for flag (0=clear, non-zero=set) + * @return EC_SUCCESS or non-zero error code. + */ +int ccd_set_flag(enum ccd_flag flag, int value); + +/** + * Check if a CCD capability is enabled in the current CCD mode + * + * @param cap Capability to check + * @return 1 if capability is enabled, 0 if disabled + */ +int ccd_is_cap_enabled(enum ccd_capability cap); + #endif /* __CROS_EC_CASE_CLOSED_DEBUG_H */ diff --git a/include/config.h b/include/config.h index 521a588af2..7cfd089ade 100644 --- a/include/config.h +++ b/include/config.h @@ -385,6 +385,10 @@ #undef CONFIG_CASE_CLOSED_DEBUG /* The case close debug (CCD) feature is provided by an external chip. */ #undef CONFIG_CASE_CLOSED_DEBUG_EXTERNAL +/* Support V1 CCD configuration */ +#undef CONFIG_CASE_CLOSED_DEBUG_V1 +/* Allow unsafe debugging functionality in V1 configuration */ +#undef CONFIG_CASE_CLOSED_DEBUG_V1_UNSAFE /* * Capsense chip has buttons, too. diff --git a/include/hooks.h b/include/hooks.h index b976a8c927..296026fe3e 100644 --- a/include/hooks.h +++ b/include/hooks.h @@ -162,6 +162,15 @@ enum hook_type { */ HOOK_BATTERY_SOC_CHANGE, +#ifdef CONFIG_CASE_CLOSED_DEBUG + /* + * Case-closed debugging configuration changed. + * + * Hook routines are called from the TICK, console, or TPM task. + */ + HOOK_CCD_CHANGE, +#endif + /* * Periodic tick, every HOOK_TICK_INTERVAL. * diff --git a/include/link_defs.h b/include/link_defs.h index 1f16399cf7..262a149772 100644 --- a/include/link_defs.h +++ b/include/link_defs.h @@ -54,6 +54,10 @@ extern const struct hook_data __hooks_pwrbtn_change[]; extern const struct hook_data __hooks_pwrbtn_change_end[]; extern const struct hook_data __hooks_battery_soc_change[]; extern const struct hook_data __hooks_battery_soc_change_end[]; +#ifdef CONFIG_CASE_CLOSED_DEBUG +extern const struct hook_data __hooks_ccd_change[]; +extern const struct hook_data __hooks_ccd_change_end[]; +#endif extern const struct hook_data __hooks_tick[]; extern const struct hook_data __hooks_tick_end[]; extern const struct hook_data __hooks_second[]; |