diff options
author | Randall Spangler <rspangler@chromium.org> | 2018-02-08 11:09:54 -0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-02-15 13:51:00 -0800 |
commit | f49e1c3b42026eeaf57df0fd86b43660ddb1c184 (patch) | |
tree | fa7d9e04de272bac1521ae419e7bb6c03a0db9fe /include | |
parent | 927b64a0ba8f6362daf2e9a6c7eabf23815ae95a (diff) | |
download | chrome-ec-f49e1c3b42026eeaf57df0fd86b43660ddb1c184.tar.gz |
cr50: Convert spihash to TPM vendor command
The console command now calls the vendor command to do the work.
Otherwise, the same as before.
BUG=chromium:804507
BRANCH=cr50 release (after testing)
TEST=manual:
# Sample sequence
spihash ap -> requires physical presence; tap power button
spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin
spihash dump 0 128 -> dumps first 128 bytes; compare with image.bin
spihash 128 128 -> offset works
spihash 0 0x100000 -> gives a hash; doesn't watchdog reset
spihdev ec
spihash 0 1024 -> compare with ec.bin
spihash disable
# Test timeout
spihash ap
# Wait 30 seconds
spihash 0 1024 -> still works
# Wait 60 seconds; goes back disabled automatically
spihash 0 1024 -> fails because spihash is disabled
# Presence not required when CCD opened
ccd open
spihash ap -> no PP required
spihash 0 1024 -> works
spihash disable
# Possible for owner to disable via CCD config
ccd -> HashFlash is "Always"
ccd set HashFlash IfOpened
ccd lock
spihash ap -> access denied
# Cleanup
ccd open
ccd reset
ccd lock
Change-Id: Ife9335a1e402a7596d99bf515ec89ff94e8a0044
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/910083
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/tpm_vendor_cmds.h | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/include/tpm_vendor_cmds.h b/include/tpm_vendor_cmds.h index 09d578493f..927a39817b 100644 --- a/include/tpm_vendor_cmds.h +++ b/include/tpm_vendor_cmds.h @@ -51,6 +51,7 @@ enum vendor_cmd_cc { VENDOR_CC_MANAGE_CCD_PWD = 33, VENDOR_CC_CCD = 34, VENDOR_CC_GET_ALERTS_DATA = 35, + VENDOR_CC_SPI_HASH = 36, LAST_VENDOR_COMMAND = 65535, }; @@ -108,5 +109,36 @@ enum vendor_cmd_rc { */ #define VENDOR_RC_ERR 0x00000500 +/*** Structures and constants for VENDOR_CC_SPI_HASH ***/ + +enum vendor_cc_spi_hash_request_subcmd { + /* Relinquish the bus */ + SPI_HASH_SUBCMD_DISABLE = 0, + /* Acquire the bus for AP SPI */ + SPI_HASH_SUBCMD_AP = 1, + /* Acquire the bus for EC SPI */ + SPI_HASH_SUBCMD_EC = 2, + /* Hash SPI data */ + SPI_HASH_SUBCMD_SHA256 = 4, + /* Read SPI data */ + SPI_HASH_SUBCMD_DUMP = 5, +}; + +enum vendor_cc_spi_hash_request_flags { + /* EC uses gang programmer mode */ + SPI_HASH_FLAG_EC_GANG = (1 << 0), +}; + +/* Structure for VENDOR_CC_SPI_HASH request which follows tpm_header */ +struct vendor_cc_spi_hash_request { + uint8_t subcmd; /* See vendor_cc_spi_hash_request_subcmd */ + uint8_t flags; /* See vendor_cc_spi_hash_request_flags */ + /* Offset and size used by SHA256 and DUMP; ignored by other subcmds */ + uint32_t offset; /* Offset in flash to hash/read */ + uint32_t size; /* Size in bytes to hash/read */ +} __packed; + +/* Maximum size of a response = SHA-256 hash or 1-32 bytes of data */ +#define SPI_HASH_MAX_RESPONSE_BYTES 32 #endif /* __INCLUDE_TPM_VENDOR_CMDS_H */ |