| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a reland of commit ed10ce4730d37a4ae7eab60ad70257720399f289
Original change's description:
> cr50: Use platform/pinweaver
>
> Toggle the CONFIG_PLATFORM_PINWEAVER build flag, to build pinweaver with
> the platform/pinweaver implementation instead of the cr50
> implementation.
>
> BUG=b:262040869
> TEST=make board=cr50 -j
> TEST=(DUT) Use cryptohome CLI to create a user with a PIN.
> TEST=(DUT) Make 2 fail attempts on that PIN.
> TEST=(DUT) Update cr50 to the image including this CL.
> TEST=(DUT) Test leaf properties are correct: 3 more fail attempts locks
> the PIN, password auth resets the PIN, then PIN authentication succeeds.
> TEST=tast run $DUT hwsec.PINWeaver*
>
> Cq-Depend: chromium:4307211
> Change-Id: I6e52566ca8ee68bb0ee71d30538fb6b8cbc4f67d
> Signed-off-by: Mary Ruthven <mruthven@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311235
> Tested-by: Howard Yang <hcyang@google.com>
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Commit-Queue: Howard Yang <hcyang@google.com>
Bug: b:262040869
Cq-Depend: chromium:4354785
Change-Id: Ibb7ad2c1f752f7ed8678465f5b3901536314d466
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4349272
Tested-by: Howard Yang <hcyang@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Howard Yang <hcyang@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Until ti50 repo becomes public, we want to at least make the release
notes public. Copy all release notes from private repo to public one.
BUG=b:274094827
TEST=rendered correctly
Change-Id: I2f1291449defd4dc6d336853a16a7187d3d68325
Signed-off-by: Jett Rink <jettrink@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4356016
Tested-by: Jett Rink <jettrink@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Auto-Submit: Jett Rink <jettrink@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before this fix, update_pcr was inserting an extra byte at the start
of the updated value.
BUG=b:273331256
TEST=see BUG
Change-Id: Idb648ff7f999c48f93bd7dfe9a207ecd48fa53d5
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4351200
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit ed10ce4730d37a4ae7eab60ad70257720399f289.
Reason for revert: Causes building chromeos-cr50-dev to fail
Original change's description:
> cr50: Use platform/pinweaver
>
> Toggle the CONFIG_PLATFORM_PINWEAVER build flag, to build pinweaver with
> the platform/pinweaver implementation instead of the cr50
> implementation.
>
> BUG=b:262040869
> TEST=make board=cr50 -j
> TEST=(DUT) Use cryptohome CLI to create a user with a PIN.
> TEST=(DUT) Make 2 fail attempts on that PIN.
> TEST=(DUT) Update cr50 to the image including this CL.
> TEST=(DUT) Test leaf properties are correct: 3 more fail attempts locks
> the PIN, password auth resets the PIN, then PIN authentication succeeds.
> TEST=tast run $DUT hwsec.PINWeaver*
>
> Cq-Depend: chromium:4307211
> Change-Id: I6e52566ca8ee68bb0ee71d30538fb6b8cbc4f67d
> Signed-off-by: Mary Ruthven <mruthven@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311235
> Tested-by: Howard Yang <hcyang@google.com>
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Commit-Queue: Howard Yang <hcyang@google.com>
Bug: b:262040869
Change-Id: Ib60f090c50b1e34635ce2e1f3537f7eb0c95490e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4348103
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Matt Vertescher <mvertescher@google.com>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
Auto-Submit: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the definition for UINT64_MAX which is used in v2 PinWeaver code,
and toggle the BIOMETRICS_DEV flag to increase PinWeaver version to 2.
BUG=b:262040869
TEST=make buildall -j
TEST=tast run $DUT hwsec.PINWeaver*
Cq-Depend: chromium:4337476
Change-Id: I54642a098bbe697e461d636a416ed5512c8ae528
Signed-off-by: Howard Yang <hcyang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4337180
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Toggle the CONFIG_PLATFORM_PINWEAVER build flag, to build pinweaver with
the platform/pinweaver implementation instead of the cr50
implementation.
BUG=b:262040869
TEST=make board=cr50 -j
TEST=(DUT) Use cryptohome CLI to create a user with a PIN.
TEST=(DUT) Make 2 fail attempts on that PIN.
TEST=(DUT) Update cr50 to the image including this CL.
TEST=(DUT) Test leaf properties are correct: 3 more fail attempts locks
the PIN, password auth resets the PIN, then PIN authentication succeeds.
TEST=tast run $DUT hwsec.PINWeaver*
Cq-Depend: chromium:4307211
Change-Id: I6e52566ca8ee68bb0ee71d30538fb6b8cbc4f67d
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311235
Tested-by: Howard Yang <hcyang@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Howard Yang <hcyang@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add CONFIG_PLATFORM_PINWEAVER build flag, and support for building
platform/pinweaver.
BUG=b:262040869
TEST=make board=cr50 -j
Change-Id: I993051af60ab4163c37726eac87bd98a8b60fc69
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311234
Tested-by: Howard Yang <hcyang@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Howard Yang <hcyang@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename the headers so they will not collide with platform/pinweaver
headers with the same names.
BUG=b:262040869
TEST=make -j BOARD=cr50
Cq-Depend: chromium:4337377
Change-Id: Iee9f44c4fcb6ab0a01faec5886f07b84c271d1fc
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311233
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Howard Yang <hcyang@google.com>
Commit-Queue: Howard Yang <hcyang@google.com>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:273510573
TEST=gsctool -b dbg.bin
Change-Id: I3de2687491add2d63532e028d3d62a318ce6d13a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4342809
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:273334049
TEST=none
Change-Id: Id04168d7f24e81dfe7618b3ee916927991077166
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4336837
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:272827066
TEST=none
Change-Id: If98811f65df739a54f62419b7f245918dd5d7259
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4330878
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is impractical to use GSC images smaller than one flash page size,
let's not accept them for downloading.
BUG=b:272058012
TEST=get the following error trying to transfer a corrupted image:
Image at offset 0x4000 too short (1024 bytes)
Change-Id: Ia80e8ceaf6a5848e194000acf51824189f157ba1
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4317923
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add -x <num> or --clog <num> command to fetch the crash log associated
with num and dump the raw output stdout.
BUG=b:265310865
TEST=gsctool -a -x 2
00000000000000000df0ad0b000000000000000000000000000000000200...
58a609000000000000000000000000000df0ad0b00000000440000000000...
000000000000000024440c00000000000000000001000000480000006801...
65720000000000009400000001000000010000008800000072763569a271...
00000018b8e20100000000000100000002000000000000000d0000000000...
.
.
.
Change-Id: I10fa3c19c31c18f1007bcc161e7ff8d2ac9e6e6c
Signed-off-by: Brian Granaghan <granaghan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4257728
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Headers smaller than flash page are not valid, let's not accept them
durinf firmware updates.
BUG=b:272058500
TEST=using dd corrupted an existing image header size field to be set
to 0x400, and tried to download the image using gsctool and
observed the expected error message on the Cr50 console:
fw_upgrade_command_handler:505 image at 4000 too small
and in the host terminal:
Error: status 0xb
Change-Id: I27b0bbd6a1204b20bd2d0ac1ce88082ed911d339
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4316741
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DBG images are running low on space. This change removes some of the
more rarely used console commands. It saves 2352 bytes.
This disables sleepmask, timerinfo, i2cxfer, history, and i2cscan in
DBG images. If someone needs to reenable them for a build, they can
comment out the undefs.
BUG=none
TEST=make buildall -j
Change-Id: I40115d6e2769fae4e489eb926778c38c94b66cd3
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4307437
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:269537147
TEST=none
Change-Id: I64defabc471a0107ebb3c06082a23855dbd14121
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4292311
Auto-Submit: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL allows kernel & firmware antirollback spaces update only in certain
board states by adding the appropriate checks to _plat__NvUpdateAllowed().
BUG=b:270243270
TEST=set specific PCR0 values using https://crrev.com/c/2494503,
verify that can update antirollback for normal/dev/recovery values,
cannot update for recovery+dev value only when block_devmode is set.
Change-Id: I979e3e07a877bf5604e99184c9b60eaaa1abf6b4
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4290246
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Auto-Submit: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If gsctool is compiled more strictly, these uninitialized variables
cause errors. Set the pointers to empty string like other char*
variables.
BUG=none
TEST=make all for gsctool compiles without errors in a more strict
setting
Change-Id: Id65d51bcc5b81451f4235650c2cf8042986d5197
Signed-off-by: Jett Rink <jettrink@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4290237
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Auto-Submit: Jett Rink <jettrink@chromium.org>
Tested-by: Jett Rink <jettrink@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Jett Rink <jettrink@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add nice strings for two new AP RO verification status codes.
Also make the unknown value match what is specified in ti50 (255)
BUG=none
TEST=make gsctool builds
Change-Id: I26399640dd2cc73d7f463f38e49e5234024c24fb
Signed-off-by: Jett Rink <jettrink@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4237256
Tested-by: Jett Rink <jettrink@chromium.org>
Commit-Queue: Jett Rink <jettrink@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Auto-Submit: Jett Rink <jettrink@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to incorrect flags for TPM2 objects U2F secrets were not fully
zeroized (however were overwritten with new owner). Doesn't affect G2F.
BUG=b:268382629
TEST=make CRYPTO_TEST=1 U2F_TEST=1
fips del
fips old
fips u2f # prints old keys
u2f_test # all tests passed
fips del
fips new
fips u2f # print new key size
u2f_test # all tests passed
fips del
fips u2f # prints 0 sizes for u2f secrets
Change-Id: I2549dd5fd20937170c9b8d87363d90b138fdc4dc
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4269450
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:269537147
TEST=none
Change-Id: Ic214e5f8b1424221d3b6d5aa8d08178cd722ab57
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4258271
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:260531154
BRANCH=none
TEST=none
Change-Id: I9e9cb4aadb7b59d7d1f64847d3e4852ca15f5b9e
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4160818
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Peter Marheine <pmarheine@chromium.org>
Code-Coverage: Zoss <zoss-cl-coverage@prod.google.com>
Commit-Queue: Peter Marheine <pmarheine@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Evan Benn <evanbenn@chromium.org>
(cherry picked from commit 611a9ab148c8a56dbdbc4e2844a74fcbe63b0457)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4253167
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL allows FWMP update only in certain board states by adding
the appropriate checks to _plat__NvUpdateAllowed().
BUG=b:267674073
TEST=set specific PCR0 values using https://crrev.com/c/2494503,
verify that can update FWMP for normal/dev/recovery values,
cannot update for recovery+dev value.
Change-Id: Ie8999cf762cb36ddb0a155e1f241da3103c6af37
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4241653
Tested-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL adds a trivial (always returns TRUE) callback to check
if platform allows TPM2 stack to update (modify or delete) a
specific nvmem index.
BUG=b:267674073
TEST=build
Change-Id: Iba51e15771de1350083a950041562070d813a1b5
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4241651
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL adds get_tpm_pcr_value() for reading current PCR values.
BUG=b:267674073
TEST=build
Cq-Depend: chromium:4242409
Change-Id: I632cb13a3f44130f29b72cc4c22ea97a692ffad8
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4241650
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adjust error codes to distinguish different places in key generation.
BUG=b:262324344
TEST=TCG tests
Change-Id: I33ef8b772821ad43cf8af1b33b6b49143eb24aef
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4199163
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mention that only certain reset types would trigger rescue attempts.
BUG=None
TEST=None
Change-Id: I6c8b7d331f5491cd8561e168e6a3e4531dcd15cf
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4194953
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This flag is set for logs that occur between a cold boot and AP
settings the base time. These logs will start with previous_timestamp+1
and have 1<<64 set to denote that the actual base time was unknown.
BUG=b:260779816
TEST=gsctool -a -L --dauntless with and without the unreliable timestamp
change in firmware
Change-Id: Iff87e7ca12c72b79a7b939967f266461a672ca66
Signed-off-by: Brian Granaghan <granaghan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4143817
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:264704727
TEST=./firmware_builder.py --metrics /dev/null build
dry tun CQ
Change-Id: I51f8a9a7dcb5385aa3e76dffdcf80e356dd8cc86
Signed-off-by: Brian Granaghan <granaghan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4143815
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 658729d9e338f6a970e46e69dc4c638d8ac7ccae.
Reason for revert: Breaks CQ builds. See http://b/264704727
Original change's description:
> gsctool: Add timestamp unreliable flag for dauntless.
>
> This flag is set for logs that occur between a cold boot and AP
> settings the base time. These logs will start with previous_timestamp+1
> and have 1<<64 set to denote that the actual base time was unknown.
>
> BUG=b:260779816
> TEST=gsctool -a -L --dauntless with and without the unreliable timestamp
> change in firmware
>
> Signed-off-by: Brian Granaghan <granaghan@google.com>
> Change-Id: Iac279a948c7f34ede711c3c334ec1410b34f040c
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4112943
> Reviewed-by: Edward Hill <ecgh@chromium.org>
> Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Bug: b:260779816
Change-Id: I9a497cc9e0f996182f7f18f93646b963d9cf5e31
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4144680
Tested-by: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Brian Granaghan <granaghan@google.com>
Owners-Override: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Edward Hill <ecgh@chromium.org>
Commit-Queue: Brian Granaghan <granaghan@google.com>
Auto-Submit: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Edward Hill <ecgh@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This flag is set for logs that occur between a cold boot and AP
settings the base time. These logs will start with previous_timestamp+1
and have 1<<64 set to denote that the actual base time was unknown.
BUG=b:260779816
TEST=gsctool -a -L --dauntless with and without the unreliable timestamp
change in firmware
Signed-off-by: Brian Granaghan <granaghan@google.com>
Change-Id: Iac279a948c7f34ede711c3c334ec1410b34f040c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4112943
Reviewed-by: Edward Hill <ecgh@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To help with AP RO verification testing, it would be convenient to
expose a `gsctool` command rather than point users at a cryptic
`trunks_send --raw` command. This patch adds a new `--reboot` flag
with an optional reset timeout parameter in milliseconds that sends the
TPMV reset immediate message to the GSC.
BUG=b:261857287
TEST=Ran the new command against the latest Ti50
```
$ gsctool -D --reboot
...
$ gsctool -D --reboot 1000
...
$ gsctool -D --reboot 1001
Error 1 sending immediate reset command
```
Signed-off-by: Matt Vertescher <mvertescher@google.com>
Change-Id: I5c101f37579e37b5ee7dc9241b6fbff07cff6947
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4114560
Reviewed-by: Jett Rink <jettrink@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:257997543
TEST=none
Change-Id: I117f12872c91135ab7902b9e63ce5af5f79e7f15
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4103620
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: I55e7afbd9e5121f5e274723b55251fa24cd1e80a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4083154
Reviewed-by: Andrew Luo <aluo@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Labstation images don't have cros_build_lib, so flash_cr50 can't run on
them. Replace cros_build_lib, so flash_cr50 can run on labstations.
BUG=none
TEST=run on labstation
Change-Id: I6cab324952ef1b2f4a87b22ebd55f5a9cbaf7798
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4083152
Reviewed-by: Andrew Luo <aluo@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for using brescue to update gsc over uart. Ti50 images have
a different format, so the rw_hex support flash_cr50.py support doesn't
work. brescue already has support for ti50 images. Use that instead of
replicating the brescue logic.
BUG=b:260764993
TEST=./util/flash_cr50.py -r pch_disable -p 9999 -i
/opt/google/cr50/firmware/cr50.bin.prod -c brescue
Change-Id: Iec4ada15bb5a7913ab0e476a6ffe4f4334ed4d9f
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4083151
Reviewed-by: Andrew Luo <aluo@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some change in ChromeOS chroot caused different defaults, so cc-name
switched from `gcc` to `clang` in compiler autodetection for host
target, but never was set to `gcc` by board/chip/core.
Adding setting `cc-name:=gcc` for core/cortex-m/build.mk to use specific
toolchain.
BUG=b:260904818
TEST=make buildall -j
Change-Id: Ic0b8ffade9fa4d82bd265add8b7906be7d98f7c1
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4071387
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:257997543
TEST=none
Change-Id: I9b76a48f6b67ed2b5b6a95d24bfe2f742b799344
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4066235
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a board can't read ap flash reliably, then it won't be able to find
the fmap. Print a message, so it's easier to tell what's happening.
BUG=none
TEST=none
Change-Id: I6bdc1a4a927090e427b9c84b63b87aff4e8e4e1c
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4068960
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If usb_spi_sha256_update returns something other than EC_SUCCESS, fail
verification.
BUG=b:260878795
TEST=add a delay to make spi_hash timeout. Verify cr50 fails
verification.
Change-Id: I4ba750748eb131046828f642b9736ed62a781789
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4066233
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Boards with large RO regions may take more than a minute to go through
every AP RO verification factory flag. Increase the timeout to 10
minutes. No boards should take that long to run verification.
BUG=b:236844541,b:260878795
TEST=run firmware_GSCAPROV1Trigger on zork
Change-Id: I94110b33acee746bb319c4829e627d7b511306e6
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4066234
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is necessary to allow the user to set certain capabilities using
gsctool. Which exactly capabilities can be set and to which values is
determined by the policies enforced by the chip, gsctool should
provide a generic way of setting any existing capability to any legal
value.
The 'AllowUnverifiedRo' capability stands out, because it might
require the operator's physical presence confirmation, similar to the
'ccd open' case.
A new vendor subcommand is being added to pass desired capability and
value to Ti50, as three byte payload the version, the capability and
the value. Version and value are mapped by Ti50 into the appropriate
enums.
All available capability names can be seen in the output of 'gsctool
-D -I', the accepted values are 'Default', 'IfOpened', and 'Always'.
The new functionality is achieved by allowing the 'I' command line
option to accept an optional argument, a string in the form of
'<capability name>:<desired value>', where both parts of the string
can be abbreviated and will be accepted case insensitive unless the
abbreviation is ambiguous.
Since this option is supported only by Ti50, gsctool will enforce the
default Ti50 USB device ID when running this command over USB and in
case of errors will remind the user that the setting capabilities is
not supported on Cr50.
BUG=b:257253538
TEST=tried running the command on Ti50 implementing support of the new
vendor subcommand.
# Attempt to set when CCD is locked
$ gsctool -D -I | grep State
State: Locked
$ gsctool -I UartGscRxAPTx:always
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Got error 7(NotAllowed)
# Attempt to set to the current value when CCD is open
$ gsctool -D -I | grep State
State: Opened
$ gsctool -I UartGscRxAPTx:always
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
# attempt to use ambiguous capability name
$ gsctool -I UartGscRx:always
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Ambiguous capability name
# Attempt to use incorrect value abbreviation
$ gsctool -I UartGscRxAPTx:x
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Unsupported capability value
# Various attempts to set AllowUnverifiedRo. Transitions from
# default -> ifOpened -> Always require PP, transitions in the
# opposite direction do not.
$ gsctool -I allow:d
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
$ gsctool -I allow:if
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Another press will be required!
Press PP button now!
Press PP button now!
Press PP button now!
Press PP button now!
Press PP button now!
Press PP button now!
Press PP button now!
PP Done!
$ gsctool -I allow:a
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Another press will be required!
Press PP button now!
Press PP button now!
Press PP button now!
Press PP button now!
Press PP button now!
Press PP button now!
PP Done!
$ gsctool -I allow:d
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
$
- also validated that misformatted capability/value combinations are
rejected as expected:
$ gsctool -I xyz:
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Misformatted capability parameter: xyz:
$ gsctool -I :xyz
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Misformatted capability parameter: :xyz
$ gsctool -I xyz
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Misformatted capability parameter: xyz
$ gsctool -I x:yz
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Unknown capability name
- tried setting capabilities when running on Brya, observed expected
error messages.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I803440501d0e3af3c2a645b52b42970b54695701
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4010705
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The watchdog ccd name changed from ccd to ccd_cr50. Modify flash_cr50 to
support both.
BUG=none
TEST=update hdctools and use flash_cr50
Change-Id: Ieafeac1275c582ec86a94a05cc7a31c216e3420b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4024801
Reviewed-by: Ziting Shen <zitingshen@google.com>
Commit-Queue: Ziting Shen <zitingshen@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the ability to get and set the AP RO verification
write protect descriptors registers from `gsctool` by adding a new `-E`
command flag with an optional argument.
BUG=b:250972056
TEST=Running gsctool locally to set and get the write protect
descriptors to verify communication and handlers are working
properly:
$ gsctool -D -E
...
not provisioned
$ gsctool -D -E "0xff 0xf"
...
expected values: 1: ff & 0f
$ gsctool -D -E "ff 0f f"
...
Invalid the write protect descriptors hex string length
$ gsctool -D -E "ff f 0x00 ff"
...
$ gsctool -D -E
...
expected values: 1: ff & 0f, 2: 00 & ff
$ gsctool -D -E "0xff 0xf 0x00 0xff 0xf0 f0"
...
$ gsctool -D -E
...
expected values: 1: ff & 0f, 2: 00 & ff, 3: f0 & f0
Signed-off-by: Matt Vertescher <mvertescher@google.com>
Change-Id: I0d7cc6a98d6cf442592a1b9b81ef1c86193dd068
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3983416
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Tested-by: Jett Rink <jettrink@chromium.org>
Commit-Queue: Jett Rink <jettrink@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The getopt_long() library function returns '?' (decimal 63) in case
there is a command line parameter with required value, but there is no
value in the command line.
gsctool is printing "could not find long opt table index for 63" in
this case, which is misleading. This patch changes error message to
make sense.
BUG=none
TEST=before this change running './gsctool -D -R' results in
"could not find long opt table index for 63"
after this change error message is
"Command line error, parameter argument missing"
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I5b1a8fda62a7edd673ea1181efb73108677b77d1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4010704
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:257997543
TEST=none
Change-Id: Ic853b1142a1d1255d26ef0795475020cdd3138ec
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4009998
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The size of auth_time_secret_hash should be SHA256_DIGEST_SIZE, not
U2F_AUTH_TIME_SECRET_SIZE, though they are the same now. This will make
the userland check more consistent with the actual constants used in the
header.
Also, the CORP_SALT_SIZE is defined incorrectly and never used, fix it
to the correct value and use it in the struct field size.
BUG=None
TEST=make buildall -j
Change-Id: I22dcf2cfd46819475ca916e0b0c3dcd5b3369b19
Signed-off-by: Howard Yang <hcyang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4007998
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the console is locked, return EC_ERROR_ACCESS_DENIED instead of
EC_ERROR_PARAM1, so the behavior is consistent with other commands.
BUG=b:251207798
TEST=run rddkeepalive enable when the console is locked.
Change-Id: I65e210052afc197899873f3e1079c7dc5b791c58
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4009999
Reviewed-by: Jett Rink <jettrink@chromium.org>
Commit-Queue: Jett Rink <jettrink@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the ability to get and set the AP RO verification
SPI read/write addressing mode configuration setting from `gsctool` by
adding a new `-C` command flag with an optional argument.
BUG=b:250972056
TEST=Running gsctool locally to set and get the SPI addressing mode to
verify communication and handlers are working properly:
$ gsctool -D -C 3byte
...
$ gsctool -D -C
...
3byte
$ gsctool -D -C 4byte
...
$ gsctool -D -C
...
4byte
Change-Id: I2ad4af65615310cf1477adfda7df1bfdf0e0a914
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3966474
Tested-by: Matt Vertescher <mvertescher@google.com>
Reviewed-by: Alyssa Haroldsen <kupiakos@google.com>
Auto-Submit: Matt Vertescher <mvertescher@google.com>
Commit-Queue: Matt Vertescher <mvertescher@google.com>
Reviewed-by: Jett Rink <jettrink@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
AP RO verification fails pretty quickly if the v1 check data or gbb data
is corrupted. Prevent releasing EC_RST_L for 60 seconds after AP RO
verification fails. This way the user won't accidentally clear the AP RO
status while triggering AP RO verification.
BUG=b:236844541
TEST=save invalid gbbd data. Verify cr50 rejects releasing EC_RST_L for
one minute.
[14.246295 RO Validation triggered]
[14.248630 do_ap_ro_check: found v1 data]
[14.250152 enable_spi_pinmux: AP]
[14.253627 spi_hash_pp_done: AP]
[14.254688 do_ap_ro_check: bad gbbd]
[14.256019 spi_hash_disable]
[14.257102 AP RO FAILED! evt(13)]
[14.733604 AP off]
[15.782028 ap_ro_clear_ec_rst_override: too soon]
[15.782978 Recovery Requested]
[16.953887 ap_ro_clear_ec_rst_override: too soon]
[16.954856 Recovery Requested]
[76.268520 power button pressed]
[76.524902 ap_ro_clear_ec_rst_override: done]
[76.525802 Recovery Requested]
[76.593330 Refresh press registered]
[76.757183 AP UART on]
[76.897575 Power button released, RO Check Detection stopped]
[77.147407 deferred_tpm_rst_isr]
Change-Id: Ifcdf37df228fe21e6ff0810393e49d6adb2b076a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3949624
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|