| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: I0f03f432ada1064ffba9595be78ca7ab4d25ecd1
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3155042
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Owners-Override: Jora Jacobi <jora@google.com>
Tested-by: Jack Rosenthal <jrosenth@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When doing RMA reset and the auth code is rejected, gsctool only reports
the error code, which is not clear for the user. This CL adds the
failure reason to make the message clearer.
BUG=b:128801501
TEST=make gsctool; manually test on DUT
BRANCH=none
[Before fix]
localhost $ gsctool -a -r "A"
rma unlock failed, code 1
Processing response...
localhost $ gsctool -a -r "ABCDEFGH"
rma unlock failed, code 6
Processing response...
[After fix]
localhost $ gsctool -a -r "A"
Processing response...
rma unlock failed, code 1 (wrong authcode size)
localhost $ gsctool -a -r "ABCDEFGH"
Processing response...
rma unlock failed, code 6 (authcode mismatch)
Change-Id: I5db4d8f7cffe5b582f48fdc3b7fb27493b3715ff
Signed-off-by: Cheng-Han Yang <chenghan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1527905
Commit-Ready: Cheng-Han Yang <chenghan@chromium.org>
Tested-by: Cheng-Han Yang <chenghan@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1539439
Reviewed-by: Cheng-Han Yang <chenghan@chromium.org>
Commit-Queue: Cheng-Han Yang <chenghan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1545792
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1545796
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now gsctool can print out GSC board ID in a machine-friendly way. This
allows other programs (e.g., debugd) to parse the output.
This is the final CL that adds machine output support to gsctool during
verify_ro migration.
BRANCH=none
BUG=None
TEST=manually run gsctool -M -i and gsctool -O verify_ro.db -M on a soraka
device connected with a naultilus and check the board ID part in the
outputs. Sample output (the board ID part is identical in the outputs
of both commands):
BID_TYPE=5a534b4d
BID_TYPE_INV=a5acb4b2
BID_FLAGS=00007f80
Signed-off-by: Wei-Cheng Xiao <garryxiao@chromium.org>
Change-Id: Ia275806672c08841c5b5fcc7758d8e0c777b3fc9
Reviewed-on: https://chromium-review.googlesource.com/1286312
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Wei-Cheng Xiao <garryxiao@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1539438
Reviewed-by: Cheng-Han Yang <chenghan@chromium.org>
Commit-Queue: Cheng-Han Yang <chenghan@chromium.org>
Tested-by: Cheng-Han Yang <chenghan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1545791
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1545795
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now can print out FW versions and board ID in the image in a
machine-friendly way. This allows other programs (e.g., debugd) to parse
the output.
Add equality check to the firmware versions and board IDs in slot A and B.
Now gsctool prints out an error message to stdout if the contents do not
match; otherwise, it prints out only one copy of the contents instead of
two.
Sample runs:
$ gsctool -b cr50.bin.prod
RO_A:0.0.10 RW_A:0.3.10[ABCD:00000000:00000000]
$ gsctool -b cr50.bin.prod -M
IMAGE_RO_FW_VER=0.0.10
IMAGE_RW_FW_VER=0.3.10
IMAGE_BID_STRING=ABCD
IMAGE_BID_MASK=00000000
IMAGE_BID_FLAGS=00000000
BRANCH=none
BUG=None
TEST=manually run gsctool -M -b cr50.bin.prod and gsctool -b cr50.bin.prod
on a soraka device connected with a naultilus. Outputs are as the
examples above.
Signed-off-by: Wei-Cheng Xiao <garryxiao@chromium.org>
Change-Id: I1c4c5110fe236debb93b3db118abb4c922b98bdf
Reviewed-on: https://chromium-review.googlesource.com/1278414
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Wei-Cheng Xiao <garryxiao@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1539437
Reviewed-by: Cheng-Han Yang <chenghan@chromium.org>
Commit-Queue: Cheng-Han Yang <chenghan@chromium.org>
Tested-by: Cheng-Han Yang <chenghan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1545790
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1545794
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the option's support to remote firmware version output (-f).
This allows other programs (e.g., debugd) to parse gsctool outputs without
worrying about any future updates on current human-readable outputs.
BRANCH=none
BUG=None
TEST=manually run gsctool -f -M on a soraka device connected with a
nautilus. Sample output:
RO_FW_VER=0.0.10
RW_FW_VER=0.3.10
Signed-off-by: Wei-Cheng Xiao <garryxiao@chromium.org>
Change-Id: Ic6514a191b379d05acf2656e5e395d82086d93cd
Reviewed-on: https://chromium-review.googlesource.com/1278073
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1539436
Reviewed-by: Cheng-Han Yang <chenghan@chromium.org>
Commit-Queue: Cheng-Han Yang <chenghan@chromium.org>
Tested-by: Cheng-Han Yang <chenghan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1545789
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1545793
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Coral branch needs to cherry-pick a lot of CLs to support new gsctool
features but might break cr50 build. Since cr50 firmware is not came
from this factory branch, disable cr50 build is a simple way to reduce
more dependency of CLs.
BUG=None
TEST=make buildall
BRANCH=factory-coral-10122.B
Change-Id: Icf57726844e46b5f01f4cebd82c6a47c0808db79
Signed-off-by: Marco Chen <marcochen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1337029
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In preparation to conveying the PP state to gsctool let's split the
'PP_DETECT_IN_PROGRESS' physical presence FSM state in two:
- PP_DETECT_AWAITING_PRESS, a state when user physical presence
indication is expected
- PP_DETECT_BETWEEN_PRESSES, a state when the previous indication was
accepted, but the next one is not yet required.
The code is modified to accept the disjunction of the twp new states
as the old PP_DETECT_IN_PROGRESS state.
BRANCH=cr50
BUG=b:62537474
TEST=successfully took Eve through 'ccd open'
Change-Id: I0d229f2f8beeec01ea2a9106b0cbc3f9801ff479
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/860997
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit 25b59e26caa0fc1a8593d98ea5fc0af2a7650d09)
Reviewed-on: https://chromium-review.googlesource.com/c/1335667
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds an API which exports current physical presence state
machine state to allow the caller to see if the state machine is in
one of the three distinct states:
- no PP process in progress
- user PP input is expected
- PP process in progress, user input is not currently expected
BRANCH=cr50
BUG=b:62537474
TEST=with the rest of the patches applied verified that PP state is
properly communicated through this API.
Change-Id: Ia10cd20c490dadef595f30e0b7257e51b6abf8fa
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/860998
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit 0207f0c53ba644a3fc2a4df8ce6f316faf6b7033)
Reviewed-on: https://chromium-review.googlesource.com/c/1335228
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The factory reset command can be used to enable ccd factory mode. The
command can open ccd if write protect is removed and ccd hasn't been
restricted. Right now we check FWMP and the ccd password before allowing
factory reset. Factory reset cannot be used to get around anything that
disables ccd.
This adds 72 bytes.
BUG=b:77543904
BRANCH=cr50
TEST=Try enabling factory mode using factory reset. Verify setting write
protect, setting the FWMP disable ccd bit, or setting a ccd password
prevents factory reset from enabling factory mode.
Change-Id: I6e203bf6068250f009881aa95c13bc56cb2aa9e7
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1069369
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1333293
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This connects the pinweaver code to the tpm vendor
specific command code.
CQ-DEPEND=CL:895395
BRANCH=none
BUG=chromium:809741
TEST=TBD
Change-Id: I2a6c4bf52ad77b7bf0395095404e925e1dd48dbc
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/929430
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1333292
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds some of the ground work for hardware backed brute force
resistance on Cr50. The feature is called Pinweaver. It will
initially be used to enable PIN authentication on CrOS devices
without reducing the security of the platform. A Merkle tree is
used to validate encrypted metadata used to track login attempts.
The metadata tracks counts of failed attempts, a timestamp of the
last failed attempt, the secrets, and any associated parameters.
Instead of storing the metadata on Cr50 an AES-CTR is used with an
HMAC to encrypt the data so it can be stored off-chip and loaded
when needed.
The Merkle tree is used to track the current state of all the
metadata to prevent replay attacks of previously exported copies.
It is a tree of hashes whose root hash is stored on Cr50, and whose
leaves are the HMACs of the encrypted metadata.
BRANCH=none
BUG=chromium:809730, chromium:809741, chromium:809743, chromium:809747
TEST=cd ~/src/platform/ec && V=1 make run-pinweaver -j
Change-Id: Id10bb49d8ebc5a487dd90c6093bc0f51dadbd124
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/895395
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1333291
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We added a cr50 vendor command to control factory mode. This change adds
gsctool support for using the command.
gsctool -F [enable|disable] can be used to set factory mode. You can't
use it to get the factory mode setting, because factory mode is
indistinguishable from other forms of ccd. The regular ccd info can be
used instead gsctool -I.
BUG=b:77543904
BRANCH=cr50
TEST=none
Change-Id: I715e296c323be20bab0b54a2f94a380b61f74cd2
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1069370
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1333290
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We're doing a bit of refactoring to break out factory mode into its own
file. Now factory reset and rma reset will be two methods of entering
factory mode. Factory mode can be disabled with the disable_factory
vendor command.
Factory mode means all ccd capabilities are set to Always and WP is
permanently disabled. When factory mode is disabled, all capabilities
are reset to Default and WP is reset to follow battery presence.
This adds 56 bytes.
BUG=none
BRANCH=cr50
TEST=verify rma reset will enable factory mode.
Change-Id: I21c6f7b4341e3a18e213e438bbd17c67739b85fa
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1069789
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1333289
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set GscFullConsole to Always in RMA open. We need this to be accessible
after rma open, so that we can use RMA open as a ccd open testlab
replacement.
Commands like rddkeepalive and bitbang are needed for testlab use, so
they should be accessible after open.
BUG=b:74019846
BRANCH=cr50, cr50-mp
TEST=build, do rma open, verify commands are not locked out, and do rma
disable
Change-Id: Iaeb89cea94d478dc0eb25c92bb09d488d14cad41
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/942309
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1333288
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new command line option is not used yet, it allows to set a flag
which would allow control verbose debug output in the future.
BRANCH=none
BUG=none
TEST=verified that -V command line option shows up in --help output
and is accepted.
Change-Id: Ie7becdb9c6964f7bb75e9917a02594d50c3c2693
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1036742
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1333287
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the same script the rest of the EC codebase uses to generate the
version string.
BRANCH=none
BUG=none
TEST=built the new image and tried:
$ ./extra/usb_updater/gsctool -v
Version: v1.1.8258+6097a64f0, built on 2018-05-01 17:04:14 by ...
Change-Id: I63d2411872bbd38188f66f51b7ca8508fc74fa8f
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1036741
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1333226
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When user is trying to execute 'ccd open' or 'ccd unlock' and password
is set, the return error code does not allow to tell the reason for
the command failure.
Let's add a distinct return code to indicate this condition so that
the user can supply password.
BRANCH=cr50
BUG=b:62537474
TEST=verified along with the accompanying gsctool modifications.
Change-Id: I286f87ab12114cd7dd7ebcdf0e321f7a24723367
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/861208
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1333225
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is important for the OS to be able to find out the state of CCD and
current capabilities settings of the device.
This patch defines a structure to use to report information about CCD
state from Cr50 to the host and adds a CCD vendor subcommand to allow
to retrieve the information from Cr50.
Some structure and variable definitions had to be moved into the .h
file to make it possible to share them between Cr50 and gsctool.
BRANCH=cr50, cr50-mp
BUG=b:72718383
TEST=with the following patch applied verified that CCD info is
properly reported. Also verified that other CCD subcommands still
work as advertised.
Change-Id: I4a783e6817ed364b9e64522ebbe968d4a657a84c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/999825
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1221380
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When implementing 'ccd open' and 'ccd unlock' through gsctool, we need
to be able to pass to the host the state of the physical presences
state machine regarding the expected user action (pressing the PP
button).
Two new VENDOR_CC_CCD subcommands are being added: CCDV_PP_POLL_OPEN
and CCDV_PP_UNLOCK. In response to these commands, the Cr50 always
returns VENDOR_RC_SUCCESS return code and a single byte payload
showing the CCD and PP state:
- CCDPP_CLOSED - PP process is not running, CCD closed. Maybe user
missed a button press deadline.
- CCDPP_AWAITING_PRESS (self explanatory)
- CCDPP_BETWEEN_PRESSES (self explanatory)
- CCDPP_PP_DONE - CCD is opened/unlocked (as per user request), PP
process succeeded.
BRANCH=cr50
BUG=b:62537474
TEST=with the upcoming change to gsctool verified that PP states are
properly conveyed to the user.
Change-Id: I97b1fef4440eea93c5c5ac01b7c60bfce9a4595c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/861001
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1221369
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When running the spihash command using gsctool (as opposed to the
running it from the Cr50 console), the operator needs to be prompted
when the PP button needs to be pressed.
This patch extends spihash command implementation by adding a new
subcommand for polling physical presence.
BRANCH=cr50, cr50-mp
BUG=b:73668125
TEST=with the appropriate gsctool changes the user is periodically
prompted to press the physical presence button, and eventually it
is possible to set up spi hash access to AP and EC.
Change-Id: I96aed1619d364c80a2f35ca8dc41241f1a444103
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/930568
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1221378
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Depending on device configuration and compile time options, CCD
commands 'open' and 'unlock' could either be executed immediately, or
require the user to take the device through physical presence state
machine.
As these commands execute through TPM vendor commands, there needs to
be a different return value indicating that the command action is not
finished and PP process is in progress.
Let's add another vendor command return value, and do not consider it
a failure if vendor command returns this value in response to 'ccd
open' or 'ccd unlock'.
BRANCH=cr50
BUG=b:62537474
TEST=took an Eve through 'ccd open' sequence
Change-Id: Ie62ccfb4319a13b6fb6c1c854a0ea26beb9f517c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/860999
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1333224
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to be able to tell between cases when a CCD command executed
on the TPM vendor command context was invoked through CLI or received
over /dev/tpm0.
Let's add a flag set for the duration of execution of the CLI command.
BRANCH=cr50
BUG=b:62537474
TEST=none, this is not used yet.
Change-Id: I309b4364285816a5f54522b00c93a4bf5025e2c4
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/860913
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1333223
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using and extending the existing framework, move ccd commands
'password, lock, open, and unlock to the same processing path.
The first three commands accept a single parameter, password. It is
required for the password command and optional for unlock and open.
The lock command does not require any parameters.
Wiping the TPM, if necessary, now happens on the same context where
CCD command is executed, i.e. the TPM task context. This is why the
same context TPM reset function needs to be exported and used here.
ccd_open() and ccd_unlock() could be further refactored, this would
require a bit more effort to find appropriate balance between
commonalities and differences.
BRANCH=cr50
BUG=b:62537474
TEST=verified that ccd commands to open, unlock, lock and set and
clear password all work.
Change-Id: I2b9f2b550347b590a55bfaef262a4f050d3f4c1c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/854709
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1333222
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently only 'ccd password' command is processed using TPM vendor
command. More CCD commands are going to be processed the same way.
This patch refactors the code to make it easier to add more
subcommands.
BRANCH=cr50
BUG=b:62537474
TEST=verified that 'ccd password' still works both from crosh and CLI.
Change-Id: Id55da51d6edc5652591ad30160a4102b3026a186
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/854708
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1333221
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The console command now calls the vendor command to do the work.
Otherwise, the same as before.
BUG=chromium:804507
BRANCH=cr50 release (after testing)
TEST=manual:
# Sample sequence
spihash ap -> requires physical presence; tap power button
spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin
spihash dump 0 128 -> dumps first 128 bytes; compare with image.bin
spihash 128 128 -> offset works
spihash 0 0x100000 -> gives a hash; doesn't watchdog reset
spihdev ec
spihash 0 1024 -> compare with ec.bin
spihash disable
# Test timeout
spihash ap
# Wait 30 seconds
spihash 0 1024 -> still works
# Wait 60 seconds; goes back disabled automatically
spihash 0 1024 -> fails because spihash is disabled
# Presence not required when CCD opened
ccd open
spihash ap -> no PP required
spihash 0 1024 -> works
spihash disable
# Possible for owner to disable via CCD config
ccd -> HashFlash is "Always"
ccd set HashFlash IfOpened
ccd lock
spihash ap -> access denied
# Cleanup
ccd open
ccd reset
ccd lock
Change-Id: Ife9335a1e402a7596d99bf515ec89ff94e8a0044
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/910083
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1221377
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows hashing or dumping SPI flash from the Cr50 console even on
a locked device, so you can verify the RO Firmware on a system via CCD.
See design doc: go/verify-ro-firmware
(more specifically, "Cr50 console commands for option 1")
BUG=chromium:804507
BRANCH=cr50 release (after testing)
TEST=manual:
# Sample sequence
spihash ap -> requires physical presence; tap power button
spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin
spihash 0 128 dump -> dumps first 128 bytes; compare with image.bin
spihash 128 128 -> offset works
spihash 0 0x100000 -> gives a hash; doesn't watchdog reset
spihdev ec
spihash 0 1024 -> compare with ec.bin
spihash disable
# Test timeout
spihash ap
# Wait 30 seconds
spihash 0 1024 -> still works
# Wait 60 seconds; goes back disabled automatically
spihash 0 1024 -> fails because spihash is disabled
# Presence not required when CCD opened
ccd open
spihash ap -> no PP required
spihash 0 1024 -> works
spihash disable
# Possible for owner to disable via CCD config
ccd -> HashFlash is "Always"
ccd set HashFlash IfOpened
ccd lock
spihash ap -> access denied
# Cleanup
ccd open
ccd reset
ccd lock
Change-Id: I27b5054730dea6b27fbad1b1c4aa0a650e3b4f99
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/889725
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1332783
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cr50 should not automatically touch the EC reset when enabling the
USB-EC SPI bridge. Otherwise, this could interefere with ECs that might
have internal SPI flash and need to have their resets deasserted in
order to access the internal SPI flash.
This commits simply removes the assertion of EC reset when enabling the
USB-EC SPI bridge. The user or external scripts should control the
resets as necessary using servo or the cr50 console.
BUG=b:71548795,b:71557464
BRANCH=None
TEST=Flash meowth cr50. Verify that I can flash the EC using a
servo_v4.
TEST=Repeat above test with a servo_micro.
TEST=Repeat above test with a SuzyQable.
Change-Id: I114c34df43cf1e8ba622e75c3e6ecf517afc40a4
Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Reviewed-on: https://chromium-review.googlesource.com/850865
Commit-Ready: Aseda Aboagye <aaboagye@chromium.org>
Tested-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1332782
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add a vendor command that provides alert counter. Userspace can use
it e.g. for user metric analysis.
- Add 'alerts' debug console command. It provides information about
chip alerts: supported alerts, fuse status, interrupt status, alert
counter.
- Add 'alerts fire [INT]' command to fire a software defined alert
(globalsec/fwN where N is 0,1,2,3).
Signed-off-by: Anatol Pomazau <anatol@google.com>
BUG=b:63523947
TEST=ran the FW at Pyro and checked alerts data sent to host
Change-Id: I7cec0c451ed71076b44dad14a151b147ff1337e8
Reviewed-on: https://chromium-review.googlesource.com/817639
Commit-Ready: Anatol Pomazau <anatol@google.com>
Tested-by: Anatol Pomazau <anatol@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1332781
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new option allows to retrieve CCD information from the device. It
is reported similar to the way it is reported on the Cr50 console with
a few deviations:
- current capability setting is spelled out (instead of stating that
it is at default);
- default capability setting is reported only if it is different from
the current value.
- a bitmap of enabled capabilities is added in the end for ease of
verifying CCD state during factory process.
BRANCH=cr50, cr50-mp
BUG=b:72718383
TEST=ran the command on a Coral device:
$ gsctool -a -I
State: Locked
Password: None
Flags: 000000
Capabilities, current and default:
UartGscRxAPTx Y Always
UartGscTxAPRx Y Always
UartGscRxECTx Y Always
UartGscTxECRx - IfOpened
FlashAP - IfOpened
FlashEC - IfOpened
OverrideWP - IfOpened
RebootECAP - IfOpened
GscFullConsole - IfOpened
UnlockNoReboot Y Always
UnlockNoShortPP Y Always
OpenNoTPMWipe - IfOpened
OpenNoLongPP - IfOpened
BatteryBypassPP Y Always
UpdateNoTPMWipe Y Always
I2C - IfOpened
FlashRead Y Always
CCD caps bitmap: 0x16607
- then took the device through 'ccd open' sequence and tried again,
observed that all capabilities were set to 'Y' and caps bitmap was
set to 0x1ffff.
- then on the Cr50 console modified UnlockNoShortPP capability to be
set 'UnlessLocked', ran the command again, observed the default
value (Always) reported.
- locked the CCD on Cr50 console, ran the command one more time:
$ gsctool -a -I
State: Locked
Password: None
Flags: 000000
Capabilities, current and default:
UartGscRxAPTx Y Always
UartGscTxAPRx Y Always
UartGscRxECTx Y Always
UartGscTxECRx - IfOpened
FlashAP - IfOpened
FlashEC - IfOpened
OverrideWP - IfOpened
RebootECAP - IfOpened
GscFullConsole - IfOpened
UnlockNoReboot Y Always
UnlockNoShortPP - UnlessLocked (Always)
OpenNoTPMWipe - IfOpened
OpenNoLongPP - IfOpened
BatteryBypassPP Y Always
UpdateNoTPMWipe Y Always
I2C - IfOpened
FlashRead Y Always
CCD caps bitmap: 0x16207
Change-Id: I0fd5e6bd9402ae518e3f2a3ed82589f8696dfd44
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/999826
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit b676f5e0ac2ad53d6299022cc277d2450a0f1eea)
Reviewed-on: https://chromium-review.googlesource.com/1082152
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
(cherry picked from commit 3b04bb5a6dcec2cb0e4f9a02f10672123fb4f5c4)
Reviewed-on: https://chromium-review.googlesource.com/1141531
Reviewed-by: Nick Sanders <nsanders@chromium.org>
Commit-Queue: Nick Sanders <nsanders@chromium.org>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1221381
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch enhances the gsctool utility to allow to verify RO sections
of the target AP and EC flash memory.
The only command line parameter required for the new option ('O') is
the file name of the target descriptors database, containing memory
description sections for one or more Chrome OS devices.
Memory description sections are of two types (both types could be
referring AP or EC memory):
- hash descriptor, this section includes the address range of the
memory and one or more hash values for the contents of that address
range. Multiple hashes are needed in case when the same device has
mnore than one RO firmware releases in circulation.
- dump descriptor, this is a request for this utility to display on
the console the contents of the certain area of flash memory on the
target.
When this utility starts the process, the target might request that
the operator confirms physical presence, in this case the utility
keeps prompting the operator to press the physical presence button
until DUT is satisfied,
BRANCH=none
BUG=b:73668125
TEST=created a descriptor database for a Robo device feeding it with
values retrieved on the device by locally running spihash command
on the device.
Then ran this utility to verify successful hash and dump
retrievals, comparing dump values with values obtained through
Cr50 console directly.
Created additional dummy hash variants and verified that the
utility succeeds only if all matches happen at the same variant
index in different hash sections.
Change-Id: Ib43cf4eb642d141b7cd7f129ef412e14bd59f30b
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/933545
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit d57e5eb3128774732e3b3fe40c0f939d9aaeff1a)
Reviewed-on: https://chromium-review.googlesource.com/1141530
Reviewed-by: Nick Sanders <nsanders@chromium.org>
Commit-Queue: Nick Sanders <nsanders@chromium.org>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1221379
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds code which would parse the RO hash/dump descriptor
file including a database listing expected values of hashes for
various ranges of target SPI flash devices, or areas which need to be
printed out (hex dumped) for operator inspection.
Lines starting with '#' are completely ignored. The rest of the
logical lines could actually split into multiple text lines in the
file, so to separate one logical line from another at least one empty
line is required.
Hash descriptor database file consists of sections for various Chrome
OS boards. Each board description section starts with a logical line
of 4 characters which is the board ID (the same as the board's RLZ
code).
Each board description section includes variable number of range
descriptor entries, each entry being a logical line, potentially split
into multiple text lines.
Each entry consists of semicolon separated fields:
{a|e|g}:{h|d}:base_addr:size[:value[:value[:value...]]]]
Where
- the first sindgle character field defines the way the range is
accessed:
a - AP flash
e - EC flash
g - EC flash requiring gang programming mode
- the second single character field defines the range type
h - Cr50 returns the hash of the range
d - Cr50 returns actual contents of the range (hex dump)
- the third and and forth fields are base address and size of the range
- ranges of type 'h' include one or more values for the hash of the
range, each hash is a 64 byte hex string. Ranges of type 'd' do
not include any data.
All values are expressed in hex.
The parser API provides functions to open the passed in hash
descriptor file and find there the section for a particular board, a
function to advance to the next entry in the board's section, and a
function to close the file when board entries scanning is completed.
When scanning the entries, the parser verifies their sanity, i.e.
conformance with the above described format, that all hashes are of
the right size, that there are no hashes attached to 'dump' entries
and there is at least one hash attached to the 'hash' entries, and
that there are no invalid characters in the hashes and address range
definitions.
The parser is not yet used by the gsctool, but when the new module is
compiled stand alone with -DTEST_PARSER passed to the compiler, it
becomes an executable which can be given the test hash database (the
new file, sample_descriptor) to interpret and report success or
failure.
BRANCH=none
BUG=chromium:812880
TEST=ran the following commands:
$ gcc -DTEST_PARSER desc_parser.c -o dp
$ ./dp sample_descriptor
Section 1, rv 0
Section 2, rv 0
Section 3, rv 0
Unexpected data in section 4
Section 4, rv -22
Invalid hash 1 size 0 in section 5
Section 5, rv -22
Invalid hash 1 size 0 in section 6
Section 6, rv -22
Invalid hash 1 size 63 in section 7
Section 7, rv -22
Invalid hash 1 size 65 in section 8
Section 8, rv -22
Invalid hash 1 value in section 9
Section 9, rv -22
Unexpected number of variants in section 10
Section 10, rv -22
Invalid hex value 10x in section 11
Section 11, rv -22
Section 12, rv -61
$
Change-Id: I14b2754a5f6ba26b3c56ddc26d45cb4574514b69
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/923419
Reviewed-by: Andrey Pronin <apronin@chromium.org>
(cherry picked from commit 9a6de75ebf220effe1e428f4e253178f36360ec1)
Reviewed-on: https://chromium-review.googlesource.com/1141529
Reviewed-by: Nick Sanders <nsanders@chromium.org>
Commit-Queue: Nick Sanders <nsanders@chromium.org>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1221376
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the upcoming extensions it would be beneficial to be able to keep
gsctool functionality spread among multiple source files. The current
Makefile is also not generating proper dependencies, which was fine
when gsctool utility was first introduced, but is not adequate any
more, and would be even more noticeable when more source files are
added.
In preparation let's just convert the build scheme into separately
compiling .c files, generating .d files while at it, and then linking
the .o files together in a separate link operation.
BRANCH=none
BUG=chromium:812880
TEST=verified that gsctool still builds fine and allows to update Cr50
image.
Change-Id: I537bbe6bf76ac71e8d30040b276b78513d390bbf
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/923418
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 77fe675d7566d9999a4de3485e20b52e4628e972)
Reviewed-on: https://chromium-review.googlesource.com/1141527
Reviewed-by: Nick Sanders <nsanders@chromium.org>
Commit-Queue: Nick Sanders <nsanders@chromium.org>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1221375
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a lateral move allowing to share some data structures and
functions previously limited to the gsctool.c scope.
This will allow adding new functionality in a separate .c file, and
further refactor gsctool.c which little by little became quite
unwieldy.
BRANCH=none
BUG=b:73668125
TEST=gsctool utility still works for uploading Cr50 images.
Change-Id: Ib56db3e0b983c53a228a658467a3059abcf2166e
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/933543
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 52b93ce19d00c9a6507c630501904b845a1b6486)
Reviewed-on: https://chromium-review.googlesource.com/1141528
Reviewed-by: Nick Sanders <nsanders@chromium.org>
Commit-Queue: Nick Sanders <nsanders@chromium.org>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1221374
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Various parts of Cr50 code and Cr50 related utilities duplicate
definition of __packed available in include/common.h. Let's use the
same definition everywhere.
BRANCH=cr50, cr50-mp
BUG=none
TEST=make buildall succeeds
verified that linker generated map files for Cr50 RW are the same
before and after this change.
built and used gsctoo and rma_reset
Change-Id: Ib91f9bbad1f6822b347f32b393630f592df80d60
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/931929
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 58759f5fbb21edaafab8fe212980a8cae692e686)
Reviewed-on: https://chromium-review.googlesource.com/1141526
Reviewed-by: Nick Sanders <nsanders@chromium.org>
Commit-Queue: Nick Sanders <nsanders@chromium.org>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1221372
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Both CCD and SPI_HASH commands need to enforce physical presence. This
patch separates PP polling into a function which can be used by both
commands.
BRANCH=none
BUG=b:73668125
TEST=verified that running 'gsctool -a -o' on a Robo device still
allows to unlock CCD with PP enforced.
Change-Id: I49abb0e56ad37664eaad7cc34de44e1ac06e2d1b
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/930567
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 1850d5908a348e31d61b2816f6f086fd4d3596de)
Reviewed-on: https://chromium-review.googlesource.com/1141525
Reviewed-by: Nick Sanders <nsanders@chromium.org>
Commit-Queue: Nick Sanders <nsanders@chromium.org>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1221373
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The function used to read or write Board ID value, when invoked for
reading, reports the value on the console, but does not save the read
value in the passed in structure.
Let's always save it in the structure so that the caller of this
function has access to the retrieved value.
BRANCH=none
BUG=chromium:812880
TEST=verified that 'gsctool -i' still operates as expected.
Change-Id: I9bc713386758ca6701e6b853e042652e2f392871
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/925692
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit cd76cde2173e7e18d54865d97beece25fa2cb14e)
Reviewed-on: https://chromium-review.googlesource.com/1141524
Reviewed-by: Nick Sanders <nsanders@chromium.org>
Commit-Queue: Nick Sanders <nsanders@chromium.org>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1221371
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The user needs to be able to unlock/open/lock CCD in addition to
setting the CCD password.
This patch adds command line options for these three CCD subcommands.
They all are communicated to the TPM using the same vendor command.
'open' and 'unlock' subcommands could require the user to enter the
password. This is indicated by the appropriate vendor command return
code.
If return code of 'open' or 'unlock' subcommand indicates the need for
physical presence, the utility starts polling the Cr50 prompting the
user to press the power button when the chip expects it.
Some input parameters sanity checks are added to make sure that the
user does not request mutually exclusive actions.
BRANCH=none
BUG=b:62537474
TEST=verified that CCD can be unlocked and opend with and without
password, with and without PP required.
Change-Id: Iea229a220e9f3d2f5d07cebdaebcb9b297939310
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/861209
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit a41c59598de1d335af76e6bc4b1178720154d48c)
Reviewed-on: https://chromium-review.googlesource.com/964922
Reviewed-by: Youcheng Syu <youcheng@chromium.org>
Commit-Queue: Sam Hurst <shurst@google.com>
Tested-by: Sam Hurst <shurst@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/1221370
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the upcoming addition of ability to manage CCD using gsctool, it
is necessary to send user password in several CC_CCD subcommands. This
patch modifies the password handler to allow the user to specify the
subcommand code to use.
VENDOR_RC_IN_PROGRESS is added to the list of acceptable return codes,
as this is what could be returned in response to 'ccd unlock' or 'ccd
open'.
BRANCH=none
BUG=b:62537474
TEST=verified that password still could be set and cleared from the
CLI and gsctool
Change-Id: Ic58f344a728897fb535cd9b7bedd47d28b30f5f8
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/861207
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit d9831e6015ccce99dc77e734368622abde1947fa)
Reviewed-on: https://chromium-review.googlesource.com/964921
Reviewed-by: Youcheng Syu <youcheng@chromium.org>
Commit-Queue: Sam Hurst <shurst@google.com>
Tested-by: Sam Hurst <shurst@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/1221368
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want CCD commands lock, open, password, and unlock (at least to
start with) to be available over both CLI and through crosh (i.e.
coming over /dev/tpm0).
Let's allocate a TPM vendor command for handling all CCD subcommands,
and move to this new framework the 'ccd password' command, which
already is available over vendor command.
BRANCH=cr50
BUG=b:62537474
TEST=verified that 'ccd password' still works both over Suzy-Q CLI and
using gsctool on the target.
Change-Id: I2d06230b762f47af7e580b188a587bc5678ca169
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/853280
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 877e5909b403cd40b415757b2921594bb6d8a021)
Reviewed-on: https://chromium-review.googlesource.com/964900
Reviewed-by: Youcheng Syu <youcheng@chromium.org>
Commit-Queue: Sam Hurst <shurst@google.com>
Tested-by: Sam Hurst <shurst@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/1221367
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Setting password should be allowed only after the owner logged in for
the first time and before they log out or someone else logs in.
Once any other user but the owner logs in, it should become impossible
to set password until the device is reset.
As proposed here, this would apply to both attempts to set password
through crosh and Cr50 console.
Password handling on Cr50 passes the following states:
- password setting is not allowed after Cr50 reset until an upstart
(as opposed to resume) TPM startup happens, as signalled by the TPM
callback. After the proper TPM reset the state changes to
'POST_RESET_STATE' which means that the device was just
reset/rebooted (not resumed) and no user logged in yet.
- if the owner logs in in this state, the state changes to
'PASSWORD_ALLOWED_STATE'. The owner can open crosh session and set
the password.
- when the owner logs out or any user but the owner logs in, the state
changes to PASSWORD_NOT_ALLOWED_STATE and does not change until TPM
is reset. This makes sure that password can be set only by the owner
and only before anybody else logged in.
Separate changes to the TPM library code make sure that TPM reset is
reported through the platform layer, so that POST_RESET_STATE is
entered.
BRANCH=cr50
BUG=b:67007578
TEST=with the rest of the infrastructure in place verified that
password can be set only when the owner logged in for the first
time before anybody else logs in or the owner logs out.
Change-Id: Ieaa3dc8ff9d2e43ae11151eb31173220f5c75b58
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/804141
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1332612
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's not allow the user to clear or change CCD password without
specifying the old password.
To keep things simple, two changes are being made:
- do not allow setting password if password is already set
- when clearing the password require user to enter
'clear:<password>' instead of just 'clear'
BRANCH=cr50
BUG=b:70029808
TEST=verified that setting password is possible only if there is no
password set currently, and that invoking 'ccd password
clear:<old password>' indeed clears the password.
Change-Id: I3753c2701e224ef89b25ad68c1b47b54eef9cdb1
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/813098
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1332611
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The gsctool utility sometimes is used in environments where path to
trunks_send is not set. As a result 'gsctool -t' invocations fail.
Let's make sure PATH includes /usr/sbin before trunsk_send is invoked.
BRANCH=none
BUG=none
TEST=verified that gsctool invocations in crosh started in a tab and
in a linux shell ran under user 'chronos' do not fail.
Change-Id: Ib8af365dc5707cfec19acda9aa0228d33eb4573f
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/851266
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
(cherry picked from commit 0b9a0688946c76451d0770be9b1fe4de148a4691)
Reviewed-on: https://chromium-review.googlesource.com/964899
Commit-Queue: Sam Hurst <shurst@google.com>
Tested-by: Sam Hurst <shurst@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/1221366
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Passing empty auth code causes cr50 to generate challenge instead of
verifying the auth code. Change to return an error when the auth code is
empty.
BUG=b:112881027
TEST=make gsctool; manually test on DUT
BRANCH=none
[Before fix]
localhost $ gsctool -a -r
Challenge:
<80 characters challenge string>
(Wait for 10 seconds)
localhost $ gsctool -a -r ""
Processing response...RMA unlock succeeded.
[After fix]
localhost $ gsctool -a -r
Challenge:
<80 characters challenge string>
(Wait for 10 seconds)
localhost $ gsctool -a -r ""
Empty response.
Change-Id: Ifc2760176ff620dd45c5d62ced117c808ce1f111
Signed-off-by: Cheng-Han Yang <chenghan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1192822
Commit-Ready: Cheng-Han Yang <chenghan@chromium.org>
Tested-by: Cheng-Han Yang <chenghan@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit 61a3b8d663f54c3553f61a8b157f89b6bb17ed48)
Reviewed-on: https://chromium-review.googlesource.com/c/1318949
Reviewed-by: Cheng-Han Yang <chenghan@chromium.org>
Commit-Queue: Cheng-Han Yang <chenghan@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For partners and developers, it's usually better to have a single simple
instruction to invoke commands. Currently gsctool needs either -s (if
/dev/tpm is not locked) or -t (if trunksd is running) and partners have
to either try both commands (-s or -t) or read the error messages and
try to figure out which option to use.
For example, see the extra logic in CL:831787.
Instead of putting the check everywhere in scripting, it seems easier
and more convenient to have a simple switch - "--any (-a)" that
automatically selects between -s and -t.
BUG=b:70184153
TEST=gsctool -f -a; stop trunksd; gsctool -f -a
Change-Id: Ie1590b0b8fef882178465ceee64a7150eda6b0dd
Reviewed-on: https://chromium-review.googlesource.com/851612
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit 9de2d245cf0168131ddc8fda284e8ee169012fa3)
Reviewed-on: https://chromium-review.googlesource.com/1075368
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The gsctool utility is inconsistent in using stdio channels when
reporting errors. All error messages should go into stderr.
Also, to avoid confusion, this patch makes options -s and -t mutually
exclusive.
BRANCH=none
BUG=b:68213540
TEST=verified that passing both -t and -s command line options causes
an error.
Change-Id: Ieb50cf08314aa37594964ef4bbfa4a850741da2f
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/784353
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 88011d8ea5a059138ee62632564207d4711b3f21)
Reviewed-on: https://chromium-review.googlesource.com/1075367
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new vendor command takes the CCD state machine through necessary
transitions leaving it in the CCD locked state.
It succeeds only if user password is not set and CCD capabilities are
right, which is guaranteed to be the case after an RMA unlock.
BRANCH=cr50
BUG=b:68213540
TEST=tested using the modified gsctool utility.
Change-Id: Ic2cce34e74b1ff476841cfa1a99f50d6a947c315
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/784352
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit baff7ae621d88929c0ab808eee54c081e44b2710)
Reviewed-on: https://chromium-review.googlesource.com/848240
Commit-Queue: YH Lin <yueherngl@chromium.org>
Tested-by: YH Lin <yueherngl@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The error processing logic is reversed, which results in missing error
values when errors actually happen.
BRANCH=none
BUG=none
TEST=verified that errors values are now reported properly.
Change-Id: I282920d35e978a704e8c2728a8aa71a5f1da9a00
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/802994
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit 3bb08ed694d9c41538988668d8a6ef7874601116)
Reviewed-on: https://chromium-review.googlesource.com/845439
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The --rma_auth command line option is being extended to treat the
auth_code of value of 'disable' as a user request to cancel CCD RMA
mode on the device.
BRANCH=none
BUG=b:68213540
TEST=verified that passing '-f disable' to gsctool causes CCD state on
the Cr50 changed to 'Locked'
Change-Id: I8764e0207977a6290d3d10dc4678f98631be0360
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/784354
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 84b20f922533b5b1d282fcfc323400b0eec0db27)
Reviewed-on: https://chromium-review.googlesource.com/844194
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The reset line for the parade TCPC on port 1, has an external 1k pull
up resistor. However, the gpio.inc description for this line was set
to ODR_LOW which results in a short reset pulse. This can lead to an
external charger seeing an unattach event and dropping VBUS. On some
Coral systems with certain chargers this results in a continuous
reboot loop when no battery is connected.
Changing the default state of this line to ODR_HIGH prevents reset
from being pulled low until the EC is intializing the TCPC and fixes
the continous reboot loop issue when no battery is connected.
BUG=b:68226308
BRANCH=coral
TEST=Using Robo system tested with the Lenovo Type C charger and
verified that the system can boot up without a battery when connected
to port 1. Bitland also verified this change in their test setup and
found no failures.
Change-Id: Ia16fe8cf770dc91da479497d234a2b6f9679b878
Signed-off-by: Scott Collyer <scollyer@google.com>
Reviewed-on: https://chromium-review.googlesource.com/762066
Commit-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Scott Collyer <scollyer@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, 'ectool temps all|<n>' just prints "300". This may easily
be mistakenly read as tenth of degree C (30.0 C), as the value
appears to make sense (close to room temperature). However, the value
is actually 300 K (27 C).
CQ-DEPEND=CL:763578
BRANCH=none
BUG=chromium:783845
TEST=ectool temps all shows temperature unit (K)
Change-Id: I70f7f04d061cb1d4f741d59f8b48c7963dd8280f
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/763996
Reviewed-by: Shawn N <shawnn@chromium.org>
|
