| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I4b562b52817493afc123346280c845913be7694b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613141
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The extra driver code uses coil terms we're removing, but we don't use
it in platform/cr50. Remove the code instead of replacing the terms.
Cr50 boards only use inaxx code. The host uses thermister code. Remove
everythinge else.
We can cleanup the tests that run the thermsiter code later.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I368a6c6ac3b543913225416fbc003c3f52863c22
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613137
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I909e21693d839cb3769e680c58d9d34017802aa1
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613136
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: Ia64e1ff4df941d2fe19e95e84dee8b743616aa88
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613135
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We're deleting unused code to reduce coil terms in platform/cr50. Remove
unused tests to make this easier.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I593caf5edfabda6ef24cc9eede2a8bb829c01b83
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613134
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Based on the input image, we determine if this is a CR50 image or a
Dauntless image. The magic lets us determine which type of image it is.
For D2 images, we scan for the RW header instead of using hard coded
offsets as this will allow us to change where the RW is located (if RO
contracts or expands).
BUG=b:172465629
TEST=sent image to D2 from gsctool via CCD
TEST=flash new H1 image to volteer using to slot B
Signed-off-by: Jett Rink <jettrink@chromium.org>
Change-Id: I7554c978a9ba83b423fbaf43c62f9f0d6711d071
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2585926
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't use the usbpd stack in platform/cr50. Remove the fuzzers, so we
can remove the code.
BUG=none
TEST=make buildall -j
Change-Id: Id1d344d5525ba7bdd1dc4f7951e574d74c1758bd
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2610933
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The UMA get flog script expects a raw timestamp without spaces around
the colon. Output the UMA format when the machine arg is given.
gsctool -aL still prints the incorrect year in the timestamp. That will
get fixed in a followup CL.
BUG=b:176816528
TEST=gsctool -aML outputs the old format. gsctool -aL still prints the
output with timestamps.
Change-Id: Ie11204260958f48485c28917c31d62d78c5b722c
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2610932
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch was inspired by crrev.com/c/2593881, it is extended to
cover both cryptoc and tpm2 libraries. Cherry-picking across the
branches is pointless as the branches have drifted apart and the patch
applied to completely different files.
The below was copied from the original patch description and edited
and augmented to match the Cr50 case.
Currently, the cryptoc and tpm2 targets are marked as
.PHONY. That means that any project that depends on cryptoc or tpm2
will always rebuild ec.bin on make invocations.
For example, running make for cr50 will show the following build steps
on each make invocation, even though nothing in cryptoc or tpm2
changed:
make obj=/mnt/host/source/src/platform/cr50/build/cr50/cryptoc \
SUPPORT_UNALIGNED=1 \
CONFIG_UPTO_SHA512=y -C /mnt/host/source/src/third_party/cryptoc
make obj=/mnt/host/source/src/platform/cr50/build/cr50/tpm2 \
EMBEDDED_MODE=1 \
-C /mnt/host/source/src/third_party/tpm2 copied_objs
make[1]: Entering directory '/mnt/host/source/src/third_party/cryptoc'
make[1]: '/mnt/host/.../build/cr50/cryptoc/libcryptoc.a' is up to date.
make[1]: Leaving directory '/mnt/host/source/src/third_party/cryptoc'
make[1]: Entering directory '/mnt/host/source/src/third_party/tpm2'
make[1]: Nothing to be done for 'copied_objs'.
make[1]: Leaving directory '/mnt/host/source/src/third_party/tpm2'
LD RO/ec.RO.elf
LD RW/ec.RW.elf
.
.
.
This fix brings the dirty/clean state of cryptoc and tpm2 into the
main Cr50 make process, so that it can assess if libcryptoc.a or tpm
objects (and later ec.bin) actually need to be remade.
We do something similar for the ec version header file that is generated
by the build system itself (see crrev.com/c/227211)
Instead of relying on shell globbing, the tpm2 Makefile is now used to
determine the exact set of the tpm object files to be linked in.
This change was only possible with the fix to cryptoc's Makefile
crrev.com/c/2091999 and to the tpm2 Makefile in crrev.com/c/2606746.
With this change, building Cr50 does not force an unnecessary
recompilation, so the above make example looks like the following
after the initial build:
$ make BOARD=cr50 -j
*** 8044 bytes in flash...
*** 14116 bytes in flash...
BUG=none
TEST=verified that cryptolib and tpm2 libraries are rebuilt when some
.c or .h file in the respective directories it touched, but not
unnecessarily, like before this patch.
Change-Id: Ic7c55e6f779559e082afdd18c7368e5115afabdf
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2606810
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Craig Hesling <hesling@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
core/nds uses words we're removing for coil. Remove it, because cr50
doesn't use it.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I9621ed67347241b2c847d4005e714a0051ab0274
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2600300
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace "whitelist" with "allowlist".
BUG=b:175244613
TEST=make buildall -j
Change-Id: Ie0a23cb33722fe27b76d97c2ebdd548c2ecc2aa6
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2600299
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some of the btle files use words we are removing from coil. They're not
used by cr50, so this change removes the files
BUG=b:175244613
TEST=make buildall -j ; grep -ri btle ; find -name btle*
Change-Id: If746eaa34e4fa8fefeb2230a6114ee248d38d542
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2600298
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Print "AC: wait" when cr50 starts waiting to see if AC present stays
disconnected for 5 seconds.
BUG=b:175287237
TEST=none
Change-Id: Iaaf1349e1486c4df135139f31774466d1a58e962
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2585264
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the AP polls TPM_STS, tpm_register_get(0x000018 messages overwhelm
the console. This change modifies tpm_register_get to only print the
initial TPM_STS information and a message whenever the tpm status
changes.
BUG=none
TEST=chan 0xffffffff ; sysrst pulse
Change-Id: I3091ab6341f58bbeade0c2a9ef6aa2113105016c
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2582982
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DIOB3 (EC_PACKET_MODE) is used to indicate the start or the end of
EC PACKET mode, but not as a UART TX.
This patch corrects the incorrect comment regarding that.
BUG=none
TEST=none
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Change-Id: Ic13d34910005c8bc79a3f00e8d32113f267d6752
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2575291
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: I8ea288c7192e6316e2264389010d80039d2dada2
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2547002
Reviewed-by: Wai-Hong Tam <waihong@google.com>
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: I3094dd852c5be4815a9afac3e302b73c758103ec
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2547001
Reviewed-by: Wai-Hong Tam <waihong@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the gsctool support for the GET_AP_RO_HASH vendor command
BUG=b:168634745
TEST=gsctool -aA
Change-Id: I9c14446fbea22e428ca920341a8c1618b82722a3
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2547198
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a vendor command to get the saved AP RO hash, so the factory can
compare the saved hash to the hash they're trying to set.
BUG=b:168634745
TEST=none
Change-Id: Icf644d66f978709e777372f2fe1d80094f60b3e0
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2547197
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's unlikely any factory process will try to use more than 32 ranges.
This change adds a hard limit to ensure they don't.
BUG=none
TEST=none
Change-Id: I411777c15e52c0af7a59e717bdacbae092dad3ab
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2547196
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add cflush to ap_ro_info, so it can print all ranges.
BUG=none
TEST=save 64 ranges. Verify ap_ro_info prints them all.
Change-Id: I9bbc287878b617e59bcc24067200f9c0e84ec0b6
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2547195
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add USB_SELECT_PHY to the red board and dbg images, so it's easier to
update cr50 over usb with the new red board.
BUG=none
TEST=flash on red board, select phy, and turn on usb with command_usb.
Change-Id: I3bb5296197d8be910eaed47acd677291d5b30223
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2546999
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Python may use different rsa versions inside and outside of the chroot.
miller_rabin_primality_testing may or may not exist. For tpmtest
randomized_primality_testing and miller_rabin_primality_testing are
interchangeable. Use whatever primality test rma.prime has.
BUG=b:172081851
TEST=make tpmtest ; run inside and outside of the chroot
Change-Id: Iabd9755f0a264070ff321bde045a87f7397f7062
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2511432
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:172066114
TEST=none
Change-Id: I553a06c52da3468358357fa08596e01238ed86b3
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2510463
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 4805196e894a73a2a1285f1cd622d160ad248f77.
Reason for revert: We aren't planning on landing this in the branch.
Reduce the difference between TOT and the branch by reverting this.
BUG=b:164130916
TEST=run ccd open with TOT image
Original change's description:
> cr50: debounce successive TPM reset pulses
>
> Some platforms generate more than one pulse when resetting, many Intel
> SOCs generate two pulses, some other chips could go even higher.
>
> TPM reset on Cr50 is processed asynchronously, repetitive pulses
> result in multiple reset processing cycles.In case pulses are coming
> too soon one after another this could cause some race conditions.
>
> Let's ignore repetitive reset pulses unless there has been an attempt
> by the host to read a register (which is usually the very first action
> of the AP when booting up).
>
> BRANCH=cr50, cr50-mp
> BUG=none
> TEST=observed that only one reset is happening on an Octopus device,
> while there are two pulses present on the PLT_RST_L line.
>
> Verified proper reboot multiple times in a row.
>
> Change-Id: Ie1b124d41be0388bd8e12d0084827782de62cfa0
> Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1755059
> Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Bug: none
Change-Id: Ifbe8afea87c522c94cf9ab73cca8a1489ec3956b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2485927
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:171727921
TEST=make
Change-Id: I401c35eec2c4c7fe783a348cbc42f0687868acec
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2499922
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a fips_rand_bytes() call in u2f. Since 5.7/6.7 will be
released without FIPS support (and the plan is to move u2f to FIPS
later), change that call back to DCRYPTO_ladder_random.
This does not affect the canonical (non-versioned) u2f. This only
affects the generation of versioned KHs for WebAuthn purposes.
BUG=none
TEST=make -j BOARD=cr50
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Change-Id: I78142efd1b3a8339cce44adc4d3f8e26151b30ce
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2419178
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:168502792
TEST=none
Change-Id: I4151120813f37c2427747ade01fb8a43dae9518a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2416951
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The getversion.sh utility even when compiling the version string based
on the state of several git trees always uses the ec tree for
timestamps, be it the latest modified file if the tree is 'dirty' or
the last commit time if the tree is clean.
It should be using the latest time from all of the trees included in
the build.
BUG=none
TEST=verified operation for Cr50 with both main and secondary trees
clean and dirty
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I72dc1d49ec997c789697b15f7d79fa9f4a8f8adc
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2393101
Reviewed-by: Craig Hesling <hesling@chromium.org>
(cherry picked from commit 5ab4bd06261abf1204638c8ef877a9adb041d6e8)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2410700
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
U2f key handles generated before January 2019 do not mix in user
secrets. These legacy key handles should no longer be in use since
it's been > 10 releases.
Another change will remove this concept on u2fd side.
BUG=b:165018526
TEST=build cr50
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Change-Id: I57a6a77e512591f14ef8c818ec6027a6ae21189d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2358425
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a reland of d2627d12bb21308f49a72cadaf47a0a86730a960 with one
modification: The versioned key handle header (the old "key handle"
concept) is now used in the derivation of authorization_hmac. This is
to tie the key handle to the authorization secret.
Original change's description:
> u2f: Append hmac of auth time secret to versioned KH
>
> When generating versioned KHs, u2fd should send a public derivative
> (sha256) of the user's auth time secret to cr50. Cr50 derives an
> hmac of it and appends this authorization_hmac to the KH.
>
> When signing versioned KHs, u2fd may supply the unhashed auth time
> secret. Cr50 will check the authorization_hmac if no power button press.
> If the reconstructed hmac matches authorization_hmac, power button press
> is waived.
>
> Currently for v1, we will just prepare the authorization_hmac but not
> enforce it. This is because fingerprint and PIN are unable to unlock
> the same secret.
>
> While we waive power button press for v1, we can enforce
> authorization_hmac whenever auth-time secrets is ready.
>
> BUG=b:144861739
> TEST=- Use a known 32-byte "auth-time secret"
> - Compute the sha256 of the auth-time secret (this is public)
> - u2f_generate with the computed "authTimeSecretHash"
> - Add code to u2f_sign command handler such that cr50 computes
> the sha256 of the supplied auth-time secret at u2f_sign time
> and require power button press if the hmac doesn't match.
> - u2f_sign with the true auth-time secret -> observe in logging
> that hmac matches, and no power button press required.
> - u2f_sign with a wrong auth-time secret -> observe in logging
> that hmac doesn't match, and power button press is required
> for signing.
>
> Cq-Depend: chromium:2321731
> Change-Id: Ib9ae913667f8178ac7a4790f861d7dada972c4a0
> Signed-off-by: Yicheng Li <yichengli@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2317047
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
BUG=b:144861739
TEST=See original CL's TEST above
Cq-Depend: chromium:2327865
Change-Id: Ia1b0b4a585ec604398cfa730354ae1a91e7bc00b
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2355177
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Status of completion of power-up tests was in long life register
which survives reboots and even firmware upgrades, which is not
an intended behavior. Moving status to PWRDN register makes it
reset on graceful reboots and firmware upgrades, but avoid
running tests on wake from deep sleep. This switch also enables
use of multiple bits to indicate status of tests, which makes it
more fault tolerant.
BUG=b:138577491
TEST=make BOARD=cr50, then deassert DIOM3 to trigger deep sleep
FIPS power-on tests shouldn't run on wake.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I098940e45afd5b5b9447b2780ff69372a922c03f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2330976
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since FIPS-compliant U2F code is not yet ready, make sure that new
devices won't switch to FIPS-approved by default when there are no
U2F keys. This CL puts the logic that checks if the U2F seed exists
and turns FIPS mode on when it doesn't under compile-time switch,
and for now turns this switch off. As a result, FIPS mode is always
off.
BUG=b:138577491
TEST=make BOARD=cr50, then check FIPS mode in CCD
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I33b559c3f348f34115263fd3fedc8b7a2fbeab31
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2328113
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit d2627d12bb21308f49a72cadaf47a0a86730a960.
Reason for revert: Causing crbug.com/1111182
Original change's description:
> u2f: Append hmac of auth time secret to versioned KH
>
> When generating versioned KHs, u2fd should send a public derivative
> (sha256) of the user's auth time secret to cr50. Cr50 derives an
> hmac of it and appends this authorization_hmac to the KH.
>
> When signing versioned KHs, u2fd may supply the unhashed auth time
> secret. Cr50 will check the authorization_hmac if no power button press.
> If the reconstructed hmac matches authorization_hmac, power button press
> is waived.
>
> Currently for v1, we will just prepare the authorization_hmac but not
> enforce it. This is because fingerprint and PIN are unable to unlock
> the same secret.
>
> While we waive power button press for v1, we can enforce
> authorization_hmac whenever auth-time secrets is ready.
>
> BUG=b:144861739
> TEST=- Use a known 32-byte "auth-time secret"
> - Compute the sha256 of the auth-time secret (this is public)
> - u2f_generate with the computed "authTimeSecretHash"
> - Add code to u2f_sign command handler such that cr50 computes
> the sha256 of the supplied auth-time secret at u2f_sign time
> and require power button press if the hmac doesn't match.
> - u2f_sign with the true auth-time secret -> observe in logging
> that hmac matches, and no power button press required.
> - u2f_sign with a wrong auth-time secret -> observe in logging
> that hmac doesn't match, and power button press is required
> for signing.
>
> Cq-Depend: chromium:2321731
> Change-Id: Ib9ae913667f8178ac7a4790f861d7dada972c4a0
> Signed-off-by: Yicheng Li <yichengli@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2317047
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Bug: b:144861739
Cq-Depend: chromium:2327779
Exempt-From-Owner-Approval: Causing crbug.com/1111182
Change-Id: I8c8a594d148b92556b20a2753aa1007cf2c1676b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2327358
Tested-by: Archie Pusaka <apusaka@chromium.org>
Reviewed-by: Yicheng Li <yichengli@chromium.org>
Reviewed-by: Archie Pusaka <apusaka@chromium.org>
Commit-Queue: Archie Pusaka <apusaka@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When generating versioned KHs, u2fd should send a public derivative
(sha256) of the user's auth time secret to cr50. Cr50 derives an
hmac of it and appends this authorization_hmac to the KH.
When signing versioned KHs, u2fd may supply the unhashed auth time
secret. Cr50 will check the authorization_hmac if no power button press.
If the reconstructed hmac matches authorization_hmac, power button press
is waived.
Currently for v1, we will just prepare the authorization_hmac but not
enforce it. This is because fingerprint and PIN are unable to unlock
the same secret.
While we waive power button press for v1, we can enforce
authorization_hmac whenever auth-time secrets is ready.
BUG=b:144861739
TEST=- Use a known 32-byte "auth-time secret"
- Compute the sha256 of the auth-time secret (this is public)
- u2f_generate with the computed "authTimeSecretHash"
- Add code to u2f_sign command handler such that cr50 computes
the sha256 of the supplied auth-time secret at u2f_sign time
and require power button press if the hmac doesn't match.
- u2f_sign with the true auth-time secret -> observe in logging
that hmac matches, and no power button press required.
- u2f_sign with a wrong auth-time secret -> observe in logging
that hmac doesn't match, and power button press is required
for signing.
Cq-Depend: chromium:2321731
Change-Id: Ib9ae913667f8178ac7a4790f861d7dada972c4a0
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2317047
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prevent access to FIPS CCD commands which can inject errors
due to unclear security impact. Instead, made them available
only in CR50_DEV builts. Same with vendor commands - moved them
from CRYPTO_TEST to under CR50_DEV.
BUG=b:138577491
TEST=help fips, fips sha/trng - ignored
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ic86db02f2c9c5abbea8f3f23ee56a5f5f570e177
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2321344
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The recent modification of chip/g/build.mk introduced a bug where an
awk script error is reported if the board name does not contain an
underscore.
It went unnoticed because it does not prevent make from reporting
success and most boards do not care about the results of running of
this awk script.
This patch fixes the problem.
BUG=none
TEST=ran make for cr50 and hslt_d2c, observed proper modification of
the manifest, verified that no script errors are reported any
more.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I0981411ec7bc17e4473d4b33125f76b75983d974
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2317059
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Personalization infrastructure expects the image header tag filed to
be set to the board name in ASCII.
This patch modifies the chip g makefile to paste the board name into
the manifest, the signer copies the value into the image header.
BUG=b:161498484
TEST=verified that the manifest is updated as expected:
$ diff util/signer/ec_RW-manifest-dev.json /tmp/h1.signer.F2Pu6d
33c33
< "tag": "00000000000000000000000000000000000000000000000000000000",
---
> "tag": "68736c74206432630000000000000000000000000000000000000000",
and observed the personalizer test harness to retrieve the expected
board name from the running image.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I9ecf009e21c2ab77b03c9de1ebb176197923e6e1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2310850
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Version strings of the boards built from the private directories
should include git status information from all git trees used to build
the images.
BUG=none
TEST=tried running 'BOARD=xyz ./util/getversion.sh' and verified that
the expected git trees are added to the version string.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I5414a1de07171d37277ba508551a79ba84776ac6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2310777
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:161755898
TEST=none
Change-Id: Ic1e719addea733a3b8d198a771e0f038f9adf854
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2310592
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't touch the SYS_RST_L or EC_RST_L signals when flashing the AP if
flashrom is run with custom_rst=True.
BUG=b:154885210
TEST=manual on bob
ecrst on
flashrom -p raiden_debug_spi:target=EC -r ec.bin
ecrst on
flashrom -p raiden_debug_spi:target=AP,custom_rst=True -r ap.bin
check ecrst is still on
flashrom -p raiden_debug_spi:target=AP -r ap.bin
Change-Id: Ia1ab8c853c25ced994e053c9e19a18d0d0f1cb45
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2301239
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
new_device and new_gang_mode are both only used for spi_hash SPI
enable/disable. Rename them, so that's clear.
BUG=none
TEST=make buildall -j
Change-Id: I67a4f7865e8a5ff21c79b4462a0f2c1d0f85f76d
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2300698
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To reuse u2f_origin_user_keypair(), u2f_sign extracts the
key handle bytes from versioned and non-versioned requests
according to the format. In the versioned path the code
incorrectly uses the non-versioned struct to extract the
key handle bytes, which would result in wrong private key and thus
non-verifiable signature in WebAuthn on version 1 key handles.
Both the bug and the fix do not affect the non-versioned path.
BUG=b:144861739
TEST=Added debug statements to verify that u2f_generate and u2f_sign
arrive at the same private key. With the previous buggy code
they get different private key.
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Change-Id: If79daeff98b01d050fcdc8dd69c809c184e6abb3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2303278
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In https://crrev.com/c/2258534 fix read_tpm_nvmem_size() was introduced,
however it failed to properly return size of hidden objects, and code
worked because it was masked by prior check of size for nvmem variable
with getvar(), and these variables were always set together.
This fix relies on https://crrev.com/c/2280405 for tpm2 to add proper
service function.
BUG=None
TEST=manual, tested in upcoming change in cr50/board/u2f.c
Cq-Depend: chromium:2280405
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I38cfbf97e5cc99907c05887345017db92c5abc72
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2285432
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This test's main goal is to be used against future changes in the
dcrypto engine. All it does is comparing signature received from the
ecdsa sign function to the golden results.
Signed-off-by: mschilder@google.com
BUG=b:137659935
TEST=something of a test itself and is run by calling the command
through the console connection via host.
The test sequence is following:
- call the dcrypto_ecdsa_sign function on the known input.
- call the dcrypto_ecdsa_verisign on the same input (this function is
added in the following CLs in the chain).
- compare both results to the golden value.
Test passes if both results match to the golden value.
To run the test compile the CR50:
make -j BOARD=cr50 CRYPTO_TEST=1
in the console run:
dcrypto_ecdsa
Change-Id: I07437f6a69ba79bdcce8c92976a374733b17d339
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2269337
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was added to support u2fd on M77, and can
be removed iff the version of cr50 this change is
included in will not be expected to work with M77.
BUG=b:158268336
TEST=build
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Change-Id: I6bbbae44a86c1a70fef4c8e1da1c1116f9909aa8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2275504
Reviewed-by: Yicheng Li <yichengli@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Yicheng Li <yichengli@chromium.org>
Tested-by: Yicheng Li <yichengli@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a test_that command to show how we run tests locally.
BUG=none
TEST=none
Change-Id: I04d1a5d96c03b1cdceff6677e64893498837ea88
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2092202
Reviewed-by: Shelley Chen <shchen@chromium.org>
(cherry picked from commit 4bdb7d9889371ca8ae74599cead640a254ed7b0d)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2278525
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Tom Hughes <tomhughes@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: Ibe22f9131dc34ce4185379d8db166de42a3d1e24
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1873853
Reviewed-by: Patrick Georgi <pgeorgi@chromium.org>
(cherry picked from commit e4967bcc38227275d6788f1504e7a679c865357d)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2278524
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Tom Hughes <tomhughes@chromium.org>
Reviewed-by: Tom Hughes <tomhughes@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refactor the CCD documentation so it's easier for non-experts to
understand.
BUG=none
TEST=view in gitiles
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Change-Id: I89ba8fd5906119c4acfe1a555db5b7872dd949a9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2137929
(cherry picked from commit 2ba6907508ecfc223c047db686fe459c9596f026)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2278523
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the standard used across the documentation for specifying different
shell prompts:
(chroot) $
(dut) $
cr50 >
This makes it clear where the command should be run.
BUG=none
TEST=view in gitiles
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Change-Id: I0383e00825b5d9b500464ac1979555ca5afd8296
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2136870
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit 8f13313b8b0b8787e01f5604cc6b812155c2a6ac)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2278522
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
|