delta/coreboot/chrome-ec.git - review.coreboot.org: chrome-ec.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Clear OWNERS for factory/firmware branchfirmware-cr50-mp-r86-9311.70.B	Brian Norris	2021-09-11	2	-10/+1
\| \| \| \| \| \| \| \| \| \| \| \|	BUG=none TEST=none Change-Id: I0f03f432ada1064ffba9595be78ca7ab4d25ecd1 Signed-off-by: Brian Norris <briannorris@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3155151 Reviewed-by: Jack Rosenthal <jrosenth@chromium.org> Owners-Override: Jora Jacobi <jora@google.com> Tested-by: Jack Rosenthal <jrosenth@chromium.org>
*	flash: enable OP_ERASE_BLOCK in standard images	Mary Ruthven	2021-05-21	1	-7/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This branch is being used to build eraseflashinfo images. Let RW try to erase info1 even if it's not a DBG image. RO will block the erase if the image isn't signed correctly. BUG=b:187438971 TEST=none Change-Id: I61a31cf7c4252396ce267fb6b4e54de37479335f Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2911497 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
*	cr50: uprev eraseflashinfo version to 0.5.12	Mary Ruthven	2021-05-10	2	-2/+2
\| \| \| \| \| \| \| \| \|	BUG=b:187438971 TEST=none Change-Id: Iadd988fdb2a03dcb85cc726cbd91be857930d8d6 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2883086
*	g: update eraseflashinfo to match new policies	Vadim Bendebury	2021-05-10	2	-20/+31
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	With moving to the new Cr50 RO only images which have a certain bit in their header set and are signed by the prod key will be allowed to erase the INFO1 space. This patch modifies the eraseflashinfo console command to report failure in case the bit in the header is not present. To maintain backwards compatibility with RO 0.0.10 while it is available. this check is not compiled in into images with CR50_DEV=1. This will allow dev images built from ToT to erase INFO1 space until transition to the new RO is completed. BRANCH=cr50-mp BUG=b:74100307,b:187438971 TEST=make BOARD=cr50 Change-Id: I44d0e78c7257be153f7994ef20fc03893e8b8109 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1856819 Reviewed-by: Andrey Pronin <apronin@chromium.org> (cherry picked from commit 10346db1a08568f1e4bbfde67d05d014bbf42110) Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2878871
*	Revert "g: remove eraseflashinfo"	Mary Ruthven	2021-05-10	1	-0/+61
\| \| \| \| \| \| \| \| \| \| \|	This reverts commit 585534b0b7c94c0281eb7bf6e19eb47293f502f0. BUG=b:187438971 TEST=make buildall -j Change-Id: I7412a0188238da5b037da4220d206e1851bfed70 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2878870
*	signer: advance version and erase new bit in rollback map	Mary Ruthven	2021-05-09	2	-4/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	BUG=b:187081660,b:187081660 TEST=flashing the image erases the third rollback mask bit [0.049072 update_rollback_mask: bailing out at bit 0] [0.051795 update_rollback_mask: bailing out at bit 3] [0.052886 updated 1 info map words] > sysinfo ... Rollback: 0/0/1 3/3/3 ... Change-Id: Id802e3e4b010fbc7274e34360beaa47adcd0816f Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2869128 Reviewed-by: Andrey Pronin <apronin@chromium.org> (cherry picked from commit 7189f6992f5ca7ffd22775e8f73bb1e1cde24bbf) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2880142 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
*	i2cp: fix read chunk processing	Mary Ruthven	2021-05-09	1	-1/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	BUG=b:184965542 TEST=see BUG Change-Id: I340af997123ad0b5329a81311663ed90ffaab4b3 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2836190 Reviewed-by: Andrey Pronin <apronin@chromium.org> (cherry picked from commit d4cb504dc0e329d2f9714a47f295c7ed8b76b527) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2837406 (cherry picked from commit acdca9c81756cece9502505d64c856750d467e19) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2851344 (cherry picked from commit 5ae080dabe58606f9bd7bc36502a33feceeb7edd) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2880141 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
*	trng: change TRNG_EMPTY_COUNT to 0x7ffv1.9311_70_mp	Mary Ruthven	2021-05-09	1	-4/+5
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Increase TRNG_EMPTY_COUNT, so boards with slow TRNG have enough time to generate a sample. BUG=b:172542178,b:178116958 TEST=generate RSA keys 50 times on the hatch with slow TRNG. Verify the average time is around 6 seconds. Change-Id: I1b821286e1e4b5da8baa59caeda907ab3fe49f81 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2641744 Reviewed-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> (cherry picked from commit 88b7c50e717211fbced47709e78a9e95c91ce533) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2669410 (cherry picked from commit 1d41ad204955874b96248ace0d288535d86b2495) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2713839 (cherry picked from commit 2ec3f05cb79ee3ec00ec2a3e3a70cbecd5f1382b) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2880140 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
*	cr50: prepare to release 0.{5,6}.6	Mary Ruthven	2020-08-11	2	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	BUG=b:161755898 TEST=none Change-Id: Ic1e719addea733a3b8d198a771e0f038f9adf854 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2310592 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> (cherry picked from commit a414783d0c97878809bcbe4dad4881fb52d7b57b) Change-Id: I73dc2eefbb6f2a218a5611b80ae917db39ff9472 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2314581 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 3eb43ffd5dfb3acdb90e2b98916da4704e9e64db) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350298
*	usb_spi: add support for custom SYS_RST and EC_RST setup	Mary Ruthven	2020-08-11	2	-23/+63
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Don't touch the SYS_RST_L or EC_RST_L signals when flashing the AP if flashrom is run with custom_rst=True. BUG=b:154885210 TEST=manual on bob ecrst on flashrom -p raiden_debug_spi:target=EC -r ec.bin ecrst on flashrom -p raiden_debug_spi:target=AP,custom_rst=True -r ap.bin check ecrst is still on flashrom -p raiden_debug_spi:target=AP -r ap.bin Change-Id: Ia1ab8c853c25ced994e053c9e19a18d0d0f1cb45 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2301239 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> (cherry picked from commit f2711530bf8dfb764584cc1e35c35a428c90cbd0) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2311264 (cherry picked from commit f82d8ad180592195b9e7ae704186391b730c245d) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350297
*	usb_spi: add spi_hash_ to new_device and new_gang_mode	Mary Ruthven	2020-08-11	1	-10/+10
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	new_device and new_gang_mode are both only used for spi_hash SPI enable/disable. Rename them, so that's clear. BUG=none TEST=make buildall -j Change-Id: I67a4f7865e8a5ff21c79b4462a0f2c1d0f85f76d Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2300698 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> (cherry picked from commit ccacb7fc9378c4c00a39b2fbf913128c87e00b7f) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2311249 (cherry picked from commit 96e157cb7cdbe503b35b027ba2d7809537665ecf) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350296
*	u2f: Correct versioned key handle offset error	Yicheng Li	2020-08-11	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	To reuse u2f_origin_user_keypair(), u2f_sign extracts the key handle bytes from versioned and non-versioned requests according to the format. In the versioned path the code incorrectly uses the non-versioned struct to extract the key handle bytes, which would result in wrong private key and thus non-verifiable signature in WebAuthn on version 1 key handles. Both the bug and the fix do not affect the non-versioned path. BUG=b:144861739 TEST=Added debug statements to verify that u2f_generate and u2f_sign arrive at the same private key. With the previous buggy code they get different private key. Signed-off-by: Yicheng Li <yichengli@chromium.org> Change-Id: If79daeff98b01d050fcdc8dd69c809c184e6abb3 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2303278 Reviewed-by: Andrey Pronin <apronin@chromium.org> Commit-Queue: Andrey Pronin <apronin@chromium.org> (cherry picked from commit 2a50e993189539323b6d54a97482524f01cc7347) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2311248 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit c17a09b5897ad43cbf3a2525988cdde82154953b) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350295
*	tpm_nvmem_ops.c: fix read_tpm_nvmem_size() to work with hidden objects	Vadim Sukhomlinov	2020-08-11	1	-11/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	In https://crrev.com/c/2258534 fix read_tpm_nvmem_size() was introduced, however it failed to properly return size of hidden objects, and code worked because it was masked by prior check of size for nvmem variable with getvar(), and these variables were always set together. This fix relies on https://crrev.com/c/2280405 for tpm2 to add proper service function. BUG=None TEST=manual, tested in upcoming change in cr50/board/u2f.c Cq-Depend: chromium:2280405 Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I38cfbf97e5cc99907c05887345017db92c5abc72 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2285432 Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> (cherry picked from commit c870cf3dbe00e887ffc816c9345818b530192d09) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2311247 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 8e907c91f89cee8943fe5e59856788adea2427b1) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350294
*	cr50: Remove dummy U2F_ADPU vendor command.	Louis Collard	2020-08-11	1	-56/+0
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This was added to support u2fd on M77, and can be removed iff the version of cr50 this change is included in will not be expected to work with M77. BUG=b:158268336 TEST=build Signed-off-by: Louis Collard <louiscollard@chromium.org> Change-Id: I6bbbae44a86c1a70fef4c8e1da1c1116f9909aa8 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2275504 Reviewed-by: Yicheng Li <yichengli@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Yicheng Li <yichengli@chromium.org> Tested-by: Yicheng Li <yichengli@chromium.org> (cherry picked from commit 6863b3943c7eb72199374a2e0eb9fe5721ac2bd0) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2311246 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 2b4371ffe9a305447e0439ed6e08e9bdd35e90de) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350293
*	system: make sure CR50_DEV images will not update info map	Vadim Bendebury	2020-08-11	1	-0/+25
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Despite all make tricks, sometimes switching between make invocations with CR50_DEV defined and not defined, the code which updates the IFNO1 RW rollback space runs even when CR50_DEV was defined at compile time and the image header rollback space is set to all zeros. This causes complete clearing of the INFO1 RW rollback space, which in turn prevents from running images built without CR50_DEV=1. Let's add a check to see if the currently running image has the entire rollback space in the header erased, and not proceed with the INFO1 space update in this case. BUG=b:160013710 TEST=verified that images built both with CR50_DEV defined and not defined run properly. - removed '#ifndef CR50_DEV' block around lines 610..719 and built and ran the image, observed the "Skipped updating INFO1 RW" map message. Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: I63a54ba2a82cd250d1e4018768b7a55c406b69c0 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2271016 Reviewed-by: Andrey Pronin <apronin@chromium.org> (cherry picked from commit b1da01d568865aedf1d113cf81c678f605b3dc73) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2311245 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 496ab3b201bd96c82caab84df877ee369963dcdc) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350292
*	u2f: Add support for versioned key handles	Yicheng Li	2020-08-11	4	-69/+246
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Support generating and signing versioned key handles in addition to non-versioned ones. BUG=b:144861739 TEST=used webauthntool to verify that KH generated by old cr50 firmware can be signed with this firmware TEST=used webauthntool to verify that non-versioned KH generated by this firmware can be signed by old cr50 firmware (This and the first TEST proves that non-versioned path is the same as old firmware.) TEST=used webauthntool to verify that non-versioned KH generated by this firmware can be signed by this firmware TEST=used webauthntool to verify that versioned KH generated by this firmware can be signed by this firmware TEST=test_that --board=nami <IP> firmware_Cr50U2fCommands Cq-Depend: chromium:2280394 Change-Id: Idf413a1a3e6c35a3e7e651faaa91fe2894b805db Signed-off-by: Yicheng Li <yichengli@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2202949 Reviewed-by: Louis Collard <louiscollard@chromium.org> (cherry picked from commit 8855605441c69ace829d4acbe584df4f8bf140a5) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2311244 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit cf3ba739d1a434299bff3024deb73ea6ee09fdaf) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350291
*	tpm_nvmem_ops.c: add function to get size of nvmem hidden object	Vadim Sukhomlinov	2020-08-11	2	-0/+23
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Added service function read_tpm_nvmem_size() to return size of hidden nvmem object, which is needed in FIPS framework code, but can't be implemented locally due to conflicting headers between TPM2 library and Cryptoc library, and util.h BUG=none TEST=make BOARD=cr50; meaningul test will be added in upcoming CLs Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: Iab9520170cfdcd754f1fe2e79143f75766284921 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2258534 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> (cherry picked from commit a12d9f33ec06e33e25337e24979722baf2f3956f) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2311242 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 7ecc28fbeaa4c764d5cc96d16b9f9601706d4a74) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350290
*	common.h: consolidate stdbool.h and stddef.h	Vadim Sukhomlinov	2020-08-11	5	-5/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Many source files over time started to respect 'bool' and 'size_t' types for better code readability. However, these types are defined in stdbool.h and stddef.h headers, so each time they were used there was a need to include them. util.h included both, and one option was to use it, but it conflicts with TPM2 library on definition MAX/MIN BUG=none TEST=make buildall -j Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: Ia0aca578e901c60aeafee5278471c228194d36bf Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2258540 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> (cherry picked from commit 3f0b2cb3b3b21b324f899e1912d8402c94ccb07e) Change-Id: Id2643b6162a26c2e031677f614944913e3218849 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2314579 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit dc919240e80218122cd51e22e93cf46166bd1f60) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350289
*	ecc: fix padding for ECDSA sign and verify, add more test vectors	Vadim Sukhomlinov	2020-08-11	2	-36/+101
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	https://crrev.com/c/2222386 added support for short EC keys to some functions. Extending this support to sign and verify. Added test vectors for regression testing in tpmtest.py BUG=b:157528390 TEST=tpmtest.py Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I3db2c9eee9da995d45d534a2732130948548ead8 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2265605 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> (cherry picked from commit c8e570f49157412f058bd272c0e3cdf5324a634d) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2314578 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit cb154f1c53cb44be9c3f007912b53ed7c7a87657) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350288
*	NVMEM: selective erase of TPM objects	Vadim Bendebury	2020-08-11	2	-8/+44
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This patch adds another NVMEM API, which allows to erase stored TPM objects selectively. The list of indices of the objects to be erases is supplied in a zero terminated array. The existing nvmem_erase_tpm_data() has been modified to erase only selected objects, if the list of objects is supplied by the caller. BUG=b:138578447 TEST=Using tpm_manager_client created a bogus NVMEM object, modified Cr50 code to provide a CLI command which would invoke the new NVMEM API function to delete the new object. Invoked 'dump_nvmem' command before and after deleting the bogus object. Observed the NVMEM contents compacted and the bogus object deleted. Rebooted the device, observed proper Chrome OS start up maintaining the existing user account. Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: I3e299c8004141fa01ff20c290131b6526575c42e Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2253324 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Commit-Queue: Andrey Pronin <apronin@chromium.org> (cherry picked from commit a33e33844859f5e3b2949cd085fce50acad29f86) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2311239 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit d646c32f4ebd7a6fb17e54f942e50694ba840d94) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350287
*	fips_rand: FIPS-compliant way to generate randoms	Vadim Sukhomlinov	2020-08-11	6	-3/+583
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Add proper TRNG health tests and CR50-wide DRBG with reseeding BUG=b:138578157 TEST=tpmtest.py -t1 fails after cr50 reboot. rand_perf in console (kick-off FIPS TRNG test) and then tpmtest.py -t1 and tpmtest.py -t2 should succeed. Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I94c2dbd7a00dedcf1a0f318539a3c73c0c8076ef Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2251381 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> (cherry picked from commit 2d7cdfffa2fec56805406c50e8c3b58b6d0b617c) Change-Id: I694515004ea4d6965b99fde047802fb5d505f7b4 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2314577 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 63785cc1fffd11ee0c6e737de84c64da6e721f15) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350286
*	cr50: do not trigger unnecessary legacy NVMEM partition checks	Vadim Bendebury	2020-08-11	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The logic of deciding if the alternative RW image is newer than a certain version needs to be updated to accommodate moving to higher prod and prepvt major version numbers. BUG=none TEST=the 'nvmem_find_partition: No Legacy Partitions found.' message is not printed during startup any more when updating from 6.3 to 6.4. Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: I59e18712b3365446c29f569bf0b50f95ab67df95 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2250658 Reviewed-by: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 66bf0868e8bd55ba9e0d04671d164cfa1072173b) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2311237 Tested-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 40c028b97f42c31b0f1b560387954fe3ecce6143) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350285
*	trng: adjust TRNG timeout to reduce TRNG resets	Vadim Sukhomlinov	2020-08-11	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Time it takes for TRNG to come-up with 32-bit of randomness varies, and once TRNG started to use 1-bit alphabet, it's average increased. We handle this timeout by resetting TRNG and writing record in the flash log. With current setting of EMPTY_COUNT set to 400 it's almost never happens under normal use, and is harmless, but adds unnecessary records in the log under heavy use like TRNG health tests. Adjusting EMPTY_COUNT to higher value reduce probability of TRNG reset when value is just delayed, but TRNG is not stalled yet. BUG=b:138578157 TEST=tpmtest -t0 Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: Ic0152da05934a70dd16b3e4178361bfcefbdda26 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2252481 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: William Wesson <wesson@google.com> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> (cherry picked from commit 0c649ba01ab555e84ab030b7f1a38c48b294bbe2) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2311236 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 581f4c663dfeb2e67993346ecf55d6357f5ebd55) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350284
*	ec.tasklist: increase stack for console task for development mode	Vadim Sukhomlinov	2020-08-11	1	-1/+9
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Due to changes in internal structures, stack consumption for SHA2, HMAC, HMAC_DRBG grew up, and when combined with stack growth due to changes in cprintf cause crash for some development console commands. This patch increase console stack for CR50_DEV and CRYPTO_TEST modes. BUG=none TEST=manual, build with CR50_DEV or CRYPTO_TEST, run taskinfo Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I7170c65e4b8092d165c478f505a435f834744ed9 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2251382 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> (cherry picked from commit 08b1e22d83bd1d6c07619065fded9d0496f90e58) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2311235 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 48b402f628608856950b4cd6b843351645a08586) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350283
*	cr50: use NIST-compliant configuration of TRNG	Vadim Sukhomlinov	2020-08-11	5	-113/+324
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	According to NIST SP 800-90B only vetted conditioning mechanism should be used for post-processing raw entropy. See SP 800-90B, 3.1.5.1 Using Vetted Conditioning Components. Use of non-vetted algorithms is governed in 3.1.5.2, but assumes conservative coefficient 0.85 for entropy estimate, which increase number of requests to TRNG to get desirable entropy. More details on entropy estimate tests are in associated bug. Entropy measurements using NIST assessment tool didn't report noticeable change in entropy estimate. However, more changes are needed to use DRBG instead of raw TRNG for all purposes. TRNG changes reviewed also at https://crrev.com/c/1926384 BUG=b:138577834 TEST=test/tpm_test/nist_entropy.sh Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I5a578b90b8b7a77fae6a218eec48e87e7644ab44 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2240519 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> (cherry picked from commit 32730b21cfd504438d6a711834b445c68ec19ae5) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2314576 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 7727323aefbc11690fe181ba7ad90ee7ea6c2077) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350282
*	cr50/board: add board-local FIPS setting	Vadim Sukhomlinov	2020-08-11	3	-0/+82
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Implement board-local configuraration of FIPS 140-2/3 policy as complementary to FWMP policy. This is intended mostly for lab testing and dogfooding, when FWMP policy is not feasible. board_fips_enforced() returns status of FIPS from FWMP and NVRAM and caches state to avoid expensive operations later. BUG=b:138577491 TEST=manual, make buildall -j Actual test command to be added in upcoming CLs Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I8fa651e56e6e76a87bbc4dd911e7a8c0546e7e0f Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2247112 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> (cherry picked from commit d61ca497127ee518d65b26975cf3fadd62bc0a9a) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2311233 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 9d82124693fc5d264582a4bac713e5d7ede4ebd3) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350281
*	console: add service functions to enable/disable console output	Vadim Sukhomlinov	2020-08-11	2	-0/+21
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	FIPS 140-2 certification requires that security related output from module should be disabled until completion of known-answer tests. However, it's tricky to justify what output is security related, as most of output data can be used to track current execution stage which may be helpful for attacker. So, its safer to disable any output for a short time once internal testing is done. Provide console_disable_output() and console_enable_output() functions which are supposed to be used by board initialization code driving FIPS mode initialization. BUG=b:138577539 TEST=manual; make buildall -j Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I42902acef7a5e99142ce2b6517ae511f63206e93 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2247103 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> (cherry picked from commit 770e5cecfdc2ddd761b5b1cdb78e29c936e6cb92) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2311232 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 710f3b490e85c0b1dcf3cfc1f09429259f2fdbd9) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350280
*	flash_log: add error code for FIPS known-answer and continuous tests	Vadim Sukhomlinov	2020-08-11	1	-4/+7
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Add FE_LOG_FIPS_FAILURE event type BUG=b:138577539 TEST=manual Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I11be32598ddbbb327175a656c21abcb8388246d0 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2247106 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> (cherry picked from commit b239403fed9873dd5a1b297d061ecded0c7a0804) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2311231 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 38bb773756eb4fab36685358c3c0160b62e52402) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350279
*	hmac_drbg: define error codes, add parameter check	Vadim Sukhomlinov	2020-08-11	2	-14/+21
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Added check for output len as defined by NIST for HMAC_DRBG and define error codes instead of constants. Propagate status for hmac_drbg_generate_p256 BUG=b:138578157 TEST=make buildall ; make BOARD=cr50 ; tpmtest.py Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I16a1eac51ca11a6419a86922cfe59c13d9c703a0 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2243762 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> (cherry picked from commit a80fb0e310e1b5e9436707d0a928212a47aa21b9) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2311230 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 06fa9e38473c26f4867770d09c9aa4d1bc44aada) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350278
*	test/tpm_test/hash_test.py: add testing of long HMAC keys	Vadim Sukhomlinov	2020-08-11	1	-0/+7
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	To prevent issues with long HMAC keys (longer than block size, which is 64 for SHA-256 and 128 bytes for SHA-384/512) BUG=b:158094716 TEST=make BOARD=cr50 CRYPTO_TEST=1 ; test/tpm_test/tpmtest.py Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: If4c3e6cd0c753f39a7ea39515ae0596cfab6a6b8 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2239481 Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> (cherry picked from commit 6a4736fa6f91ceead5359808f6cd63db145a98a8) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2314115 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit f2062b333aae05390d2508e73bf7c438eab29ec0) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350277
*	test/tpm_test: update for Python3	Vadim Sukhomlinov	2020-08-11	12	-290/+228
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Due to Python3 switch tpm_test.py stop working. Updates to make it work with Python3. cros lint complains it can't import Crypto and rsa BUG=None TEST=tpmtest.py tpmtest.py -t To test exception handling change line 167 in crypto_test.py from if real_out_text != out_text: to if real_out_text == out_text: and run tpmtest.py again. Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I927b25ab3288274993949c53564bed73faa346e9 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2231974 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> (cherry picked from commit 043326f2bb542cc3e9fa74364364f933141b294d) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2314114 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 0baab77dff91a6361b818b822ee376fd95983bbd) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350276
*	test/tpm_test: fix cros lint complains	Vadim Sukhomlinov	2020-08-11	13	-1040/+1062
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	BUG=b:158533918 TEST=tpmtest.py Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: Ia6b59c49afc7ed19507fab254cab44b2a5c1953b Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2236588 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> (cherry picked from commit e1b8aaed2a60b88dd047bc6e341327636d0f0212) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2314113 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 69e127fb8e0235596d82e18df4a0a9d89997279e) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350275
*	tpmtest/ftdi: improved stability and support for ISERIAL	Vadim Sukhomlinov	2020-08-11	2	-4/+11
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	FTDI module used by tpmtest has stability issues, causing unstable connection, which seemed to be dependent on setup delay. increased delay to make it more stable. Also, FTDI don't work correctly with multiple Ultradebug interfaces. Make it use ISERIAL env variable if configured to guide interface choice. BUG=None TEST=make Change-Id: Ifa27aac7ef42a8eb990963fa0cf1923a7405f0c7 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2226139 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> (cherry picked from commit 4fd5c9a385b1a2388d6e7ab282ed5bb570e43288) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2314112 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit b61589b2bb6cc379df6cf79578a951c4a223be90) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350274
*	tpm_test: update to swig 4.0 for Python3 support	Vadim Sukhomlinov	2020-08-11	2	-3/+5
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	You may need to do 'sudo emerge swig' to get latest swig installed. Python3 differentiates between string and bytes, so need proper handling. BUG=None TEST=cd test/tpm_test && make Change-Id: I6e09258a1f6a3fb2923760f446a2ff911e871b40 Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2222978 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> (cherry picked from commit 80f707188fad40701201bc1bb13b4f7558f42528) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2314111 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 5c695b0b1a181a1b7d5df01b1aa01228df2c94f4) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350273
*	tpmtest: added more corner case, make it work again with OpenSSL 1.1	Vadim Sukhomlinov	2020-08-11	2	-34/+315
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The TPM test directory has bitrotted and does not compile any more, leave alone pass tests. This patch updates the tests to match changed EC codebase: test/tpm_test/Makefile - look for include files in more directories test/tpm_test/bn_test.c - 1. add support for OpenSSL 1.1 where BIGNUM structure became opaque and require special functions to access it. 2. added backward compatibility layer for OpenSSL 1.0.2 3. fixed issues with OpenSSL memory allocations 4. added support to print details of failure 5. added more cases for modulo inverse testing 6. added testing for bn_div to increase branch coverage BRANCH=cr50 BUG=none TEST=./test/tpm_test (../../build/tpm_test/bn_test) now passes Change-Id: Ida5fb07277909977f78ad1199e7a0f3677aabdc3 Signed-off-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1764711 Reviewed-by: Andrey Pronin <apronin@chromium.org> Commit-Queue: Andrey Pronin <apronin@chromium.org> (cherry picked from commit fb1d26a58e5511d70f747e8b943096c22dead07c) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2223147 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> (cherry picked from commit 1da8e0dd19cd7e7c16712fbf0deb00c9f4ad5889) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2314110 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 257cadc0e13e4573c4f51d41f64183a32837e9ab) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350272
*	tpmtest.py: update Makefile to correct build of ftdi_spi_tpm	Vadim Sukhomlinov	2020-08-11	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	make of ftdi_spi_tpm fails: ../../include/config.h:4878:25: fatal error: fuzz_config.h: No such file or directory #include "fuzz_config.h" It seems issue happened after moving fuzzing tests into a fuzz subfolder in https://chromium-review.googlesource.com/1180179 Added include search path to correct issue. BRANCH=none BUG=none TEST=in test/tpm_test/ make successfully builds ftdi_spi_tpm Change-Id: I0c212ba7f84babd5db0c02d553345769de301d00 Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1913325 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Bendebury <vbendeb@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> (cherry picked from commit 977c1267c00389de296cc7bdcf946badef4601aa) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2314109 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit d40db1ef180589c4a05902c9afba86581512c261) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350271
*	Unify #! use in python scripts	Stefan Reinauer	2020-08-11	24	-25/+26
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Right now we have several different versions of #! in our python scripts. Unify them all and specify that we are using python2. Signed-off-by: Stefan Reinauer <reinauer@chromium.org> BUG=none BRANCH=none TEST=make buildall Change-Id: Iab33a3f5d4b827451a55542bcee8837b00da7867 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1817948 Commit-Queue: Stefan Reinauer <reinauer@chromium.org> Tested-by: Stefan Reinauer <reinauer@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> (cherry picked from commit 68c9a2870ead8a3306a2601c4f5689656d49c6a8) Change-Id: I55272c289eaeb24bbaa7024ece7beb4cb14ea9ec Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2314108 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit a72597d3bfaed8a602e9db138da23d5fdb7f5e56) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350270
*	tpmtest: Make it work with current cr50	Gurleen Grewal	2020-08-11	2	-6/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	A couple of changes are needed to make tpmtests run with the latest cr50: 1. The CRYPTO_TESTS flag turns off the TPM in cr50 build, so no need to initalize TPM. 2. FW_UPGRADE protocol now uses offset into flash instead of absolute memory addresses to perform upgrade. BUG=None TEST=test/tpm_test/tpmtest.py runs and all tests pass Change-Id: I2402ba956e4588a7452128e75fbc82c44f8cf04f Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1804068 Tested-by: Gurleen Grewal <gurleengrewal@google.com> Commit-Queue: Gurleen Grewal <gurleengrewal@chromium.org> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> (cherry picked from commit ad20ea449951e49ecd991ade3a8f3f5a3fd7a227) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2314107 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit d350696c949360a5297a589644d2a6d05e2dc6c4) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350269
*	tpmtest: make the test work again	Vadim Bendebury	2020-08-11	4	-3/+18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The TPM test directory has bitrotted and does not compile any more, leave alone pass tests. This patch updates the tests to match changed EC codebase: test/tpm_test/Makefile - look for include files in more directories test/tpm_test/bn_test.c - add implementation of always_memset() which for the EC tree now comes from a different tree and provide a plug for watchdog_reload() which is no used by dcrypto code (which in fact is not a good idea, but an issue for another day). test/tpm_test/hash_test.py - update to match new format of return messages test/tpm_test/upgrade_test.py - update to match the new format of return messages and limit the test to installing just 2K worth of data BRANCH=cr50 BUG=none TEST=./test/tpmtest/tpmtest.py now passes Change-Id: Ibcd7fcfba06cd83023e35a2ac4f37ec896492ad4 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/665322 Reviewed-by: Nagendra Modadugu <ngm@google.com> Reviewed-by: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 0309b5581713ca4f9bd59dbca5c58bbda4acf676) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2314106 Tested-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 7183fc62d98ebdfb2128862c2c640846f3017c95) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2350268
*	cr50: prepare to release 0.{5,6}.5	Mary Ruthven	2020-06-24	2	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	BUG=b:158774719 TEST=none Change-Id: I4558a8d4cb9219c8d78db9982f9c5d80d8a30d84 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2242770 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> (cherry picked from commit ceb955abb5628cb11003e094ec9431b3ed6bf240) Change-Id: I6df4be0f4f1725b9fdc06452f67291d6c8c70429 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2243325 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 3dad445418378d1ecf2b6af7f90bc52442f9b9cc) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2261503
*	cr50: fix conflict in vendor_cmd_cc enum	Andrey Pronin	2020-06-24	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	After CL:1740075 and CL:1748846 we had a duplicate value for two different vendor commands in tpm_vendor_cmd.h: VENDOR_CC_ENDORSEMENT_SEED = 48 VENDOR_CC_U2F_MODE = 48 This CL fixes the issue. BRANCH=none BUG=b:139809333 TEST=none Change-Id: Ic593e138c9126eb2a7e97b2e12c2daa890787d8c Signed-off-by: Andrey Pronin <apronin@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1763303 Reviewed-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Louis Collard <louiscollard@chromium.org> (cherry picked from commit 4ad4225c1cfdf015ea82158aea7eb44937382460) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2243754 Tested-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 31bb714b1a7b48530f1b7fa4b520c304946a3585) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2261502
*	cr50: rename ver_state	Mary Ruthven	2020-06-24	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	BUG=b:158843230 TEST=run 'ver' on cr50 Change-Id: Ia22cbc74dc23156a11caceb587f8380aa68ce23b Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2243312 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> (cherry picked from commit af8c38689179bb4dfe15dfb98b7de429fe08cf52) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2243324 (cherry picked from commit 5b07b103265cffcc62579bf9e7190142d3b8017e) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2261501
*	cr50: append 0 to ec points if necessary.	Leo Lai	2020-06-24	1	-7/+35
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This CL enables cr50 to accept EC points of which X and/or Y component has less than 32 bytes. For testing, the following 4 data inputs can pass the test: 1. Creating salted session with a full-length ephemeral key. 2. Creating salted session with a short ephemeral key. 3. Walking through enrollment flow with a full-length ephemeral key. 4. Walking through enrollment flow with a short ephemeral key. BUG=b:157528390 TEST=see the comment above. Change-Id: I12c744ab00391a31d81d4ac6b6e644981ae46f48 Signed-off-by: Leo Lai <cylai@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2222386 Tested-by: Leo Lai <cylai@google.com> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org> (cherry picked from commit e74d8b264cab776631991e16a6a447da0ce73561) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2243311 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 87ea2a87633b3a003389db1f4f988feefd61eb18) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2261500
*	test/ecc_test.py: fix hash code constant	Vadim Sukhomlinov	2020-06-24	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	In https://crrev.com/c/2227077 ECC command handler was reimplemented, but associated test was uploaded with old version of constant. BUG=b:138578319 TEST=make CRYPTO_TEST=1 BOARD=cr50 -j && test/tpm_test/tpmtest.py Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I7c50ed108d193958e62f76c2f7315247df14a398 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2238649 Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> (cherry picked from commit 27156bdc54e6770dcd6ddf7d3ba7d3b4a8747ec2) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2242523 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 1499cf9aa7efa09ec507a73a6b0feb4e45980329) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2261499
*	Fix in the console output message of EC-CR50 comm initialization	Namyoon Woo	2020-06-24	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	BUG=none TEST=buildall Signed-off-by: Namyoon Woo <namyoon@google.com> Change-Id: Ie71e668e2966979a94035dcde750b1e31a7ba3f7 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2238540 Tested-by: Namyoon Woo <namyoon@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Namyoon Woo <namyoon@chromium.org> (cherry picked from commit e654c3313a8d7c4e42a90d829e0026af563bfb09) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2242522 Tested-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 27a8f176d00b0ba22172d3d14cb2d5176d9e630a) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2261498
*	cr50: add functionality for ACVP tests of elliptic curve implementation	Vadim Sukhomlinov	2020-06-24	2	-144/+368
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	NIST ACVP test expects access to test point is on curve and verification of signature with arbitrary public key. Current implementation supported only fixed public key. ACVP tests to be submitted separately. Added two new test commands to support ACVP: - TEST_POINT - test that given point is on selected curve - TEST_VERIFY_ANY - same as TEST_VERIFY, but use provided Q - TEST_SIGN_ANY - same as TEST_SIGN, but use provided d (private key) BUG=b:138578319 TEST=make CRYPTO_TEST=1 BOARD=cr50 -j && test/tpm_test/tpmtest.py Change-Id: Ibeabede935f5bbac918b3043072e05f8a6417aa4 Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2227077 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> (cherry picked from commit 65e147217ad968743b5f6e3d94db6b5dcefb11ad) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2242521 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit dff900763507d9885533d32da42489acb141cc98) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2261497
*	ap_ro: add handling of the corrupted hash	Vadim Bendebury	2020-06-24	4	-2/+87
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This patch closes the AP RO verification loop on the Cr50 side. If the check is triggered, the valid AP hash is found, and the RO contents is found to not match the hash, the Cr50 will - assert the EC reset; - set a flag to prevent the code from deasserting EC reset; - start a periodic hook to reassert EC reset in case the user hits power+refresh. This will prevent the Chrome OS device from booting. A new CLI command is being added to display the verification state. In developer images the new command would allow to clear the failure state, when running prod images the only way out of the failure state would be the powercycle. BUG=b:153764696 TEST=verified that erasing or programming AP RO hash when board ID is set is impossible. Verified proper shutdown in case AP RO has is present and the AP RO space is corrupted and recovery using the new cli command when running a dev image. Verified that 'ecrst off' properly reports the override. Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: I1029114126a9a79f80385af7bc8d5467738e04ca Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2218676 Reviewed-by: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit dd15f8676d55ef1c78f78016ce6c6175d3806174) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2242520 Tested-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 14e0bdc0ebb2908943083b0eb26dfb790b4996a3) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2261496
*	cr50: Add support for ACVP tests of HMAC implementations	Vadim Sukhomlinov	2020-06-24	2	-59/+184
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	In order to support NIST ACVP testing, new commands to provide access to HMAC implementations (software, and hardware accelerated HMAC SHA-256) with CRYPTO_TEST_SETUP added: - Software HMAC (_cpri_StartHMAC) TPM implementation - dcrypto HMAC (DCRYPTO_HMAC_SHA256_init) Updated hash_test.py to support different hash algorithms for hash and HMAC, added HMAC tests. BRANCH=cr50 TEST=make BOARD=cr50 CRYPTO_TEST=1 -j && test/tpm_test/tpmtest.py BUG=b:138578319 Change-Id: I57da2f27734fc7e5dbc896d75c5f8b2ed60e3b18 Signed-off-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1854885 Reviewed-by: Gurleen Grewal <gurleengrewal@google.com> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Gurleen Grewal <gurleengrewal@google.com> (cherry picked from commit 32c349afe72541570984a32bd85b8f1fcf2acb39) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2227074 Commit-Queue: Vadim Bendebury <vbendeb@chromium.org> (cherry picked from commit 253388ec3a701a65a0c1ce70bcadc2cfb4626fef) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2242519 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit a79a5e6c05359d59d1285702b1b8179b90279b8c) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2261495
*	Introduce BOARD_CFG_LONG_INT_AP_BIT in TPM_BOARD_CFG register	Namyoon Woo	2020-06-24	4	-14/+18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This patch assigns the bit offset 0 in TPM_BOARD_CFG register to indicate the status of INT_AP_L extension. The bit 1 means INT_AP_L pulse extension is activated, and 0 means it is not. BUG=b:148691139 TEST=tested on atlas and on careena. 1. Checked the default TPM_BOARD_CFG (PWRDN_SCRATCH21) value was zero and the INT_AP_L assertion duration was 4~10 microseconds. > md 0x400000f4 1 // memory dump on GC_PMU_PWRDN_SCRATCH21 400000F4: 0x00000000 2. Attempted to change the board configuration (with a hacked UART command.). The register value was unchanged. > brdcfg 0x01 TPM_BOARD_CFG = 0x00000000 > md 0x400000f4 1 400000F4: 0x00000000 3. Forced to write the board configuration with a hacked UART command. The register value was changed. > brdcfg 0x01 force TPM_BOARD_CFG = 0x80000001 > md 0x400000f4 1 400000F4: 0x80000001 4. Checked the INT_AP_L assertion duration extended to 110 microseconds or longer. 5. After cr50 deep sleep, checked the pulse duration was still extended. - turned AP off. - disconnected Suzy-Qable. - waited three seconds - connected Suzy-Qable, and checked the reset cause was 'hibernate rbox'. > md 0x400000f4 1 400000F4: 0x8000001 6. With 100 usec long INT_AP pulse, checked trunks_cliend regression_test, stress_test and ext_command_test runs good. Checked dmesg and found no TPM errors through all tests. (ap) $ trunks_client --regression_test (ap) $ trunks_client --stress_test (ap) $ trunks_client --ext_command_test 7.checked no character loss during uart_stress_tester. (chroot) $ uart_stress_tester.py -c -t 600 /dev/ttyUSB2 /dev/ttyUSB1 8. the shortest duration of INT_AP_L assertion and deassertion observed in logic analyzer were 110 usec and 152 usec. 9. measured the depthcharge exit timestamp and cr50 flash time with or without INT_AP pulse extended to 100 usec, on atlas and helios: Change-Id: I5d8f8a3ccf8b0a4f9f8f0059eddd7da71cc319f8 -----------------+-------------------+------------------ \| atlas \| helios -----------------+-------------------+------------------ boot (sec) \| 1.398 -> 1.402 \| 1.004 -> 1.011 cr50 flash (sec) \| 10.800 -> 14.609 \| 16.024 -> 16.466 -----------------+-------------------+------------------ Signed-off-by: Namyoon Woo <namyoon@google.com> Change-Id: I2b9f9defb63cf05f9d91b741ccb4b49c4c6bc8e2 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2202839 Tested-by: Namyoon Woo <namyoon@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Namyoon Woo <namyoon@chromium.org> (cherry picked from commit ea0fd78e5e218ef50ba947f4c921ae91a69b5442) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2242518 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit f13eea24af19ac208a08ea9c8eaafa04bb4e66a7) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2261494
*	Introduce TPM_BOARD_CFG register	Namyoon Woo	2020-06-24	7	-1/+83
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This patch adds the TPM vendor-defined register, TPM_BOARD_CFG, which indicates the board configuration status. This register is attributed as one-time-programmable and the value is maintained across deep sleeps. Cr50 allows a write on this register right after a cr50 reset until it receives a TPM2_PCR_Extend command. BUG=b:148691139 TEST=none Signed-off-by: Namyoon Woo <namyoon@google.com> Change-Id: I89ae5a53c15990ef78812aec5da81a59f04d7d98 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2202838 Tested-by: Namyoon Woo <namyoon@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Namyoon Woo <namyoon@chromium.org> (cherry picked from commit 77f11cd9e99bc1d6a63acee45a3d457b7f205523) Change-Id: Ia4c0b8f7194659074f0e67bb8464f6879980c03f Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2242517 Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Namyoon Woo <namyoon@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> (cherry picked from commit 123eabcabd127769bdfb0e52fc0936d3c4c27122) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2261493