| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: I70b2374985aeefb3550e529dcdc53a9ab2fffecb
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613453
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: I59278215bfc40886b213442918c07fcdbe9bbfe7
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613452
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: Ib7db3b37a507a7f8bf43a34d10931f7583784246
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613451
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I2470f37fefb8b109efa1fb6126c9fa3a00bfcd3e
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613450
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I505a9f4da600c1bccf3913d7726f84881df56c6e
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613449
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I30d83e72f76c3699b37bb1750344c38266ce269f
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613448
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I693aedf027738bc178dfffda0f005735eec12f4c
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613447
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: Ia5c02c4ba1f81f68a6ab03b9b380143ad8e85330
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613446
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: Ic2bd31ba28527d6b68016ceae89a93c80827cd27
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613445
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: Ic2ffb06851b199dcbf33b27fc9b8316b21c9ae7c
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613444
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I9f154866d8f57f918188f8ad4f4fabcb051c5c46
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613143
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: Ie04f2aedadaed49af78f2f9d424333c283b12eca
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613142
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I15ffb2617d2dd4bedb809eeff858dcf0f6c8cf25
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613140
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I6b6004255f951497c5fc3d61e40b67433498a9d6
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613139
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I07b33023e96c68480354d89c2d8c5ec824e94b32
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613138
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I4b562b52817493afc123346280c845913be7694b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613141
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The extra driver code uses coil terms we're removing, but we don't use
it in platform/cr50. Remove the code instead of replacing the terms.
Cr50 boards only use inaxx code. The host uses thermister code. Remove
everythinge else.
We can cleanup the tests that run the thermsiter code later.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I368a6c6ac3b543913225416fbc003c3f52863c22
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613137
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I909e21693d839cb3769e680c58d9d34017802aa1
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613136
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: Ia64e1ff4df941d2fe19e95e84dee8b743616aa88
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613135
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We're deleting unused code to reduce coil terms in platform/cr50. Remove
unused tests to make this easier.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I593caf5edfabda6ef24cc9eede2a8bb829c01b83
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613134
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Based on the input image, we determine if this is a CR50 image or a
Dauntless image. The magic lets us determine which type of image it is.
For D2 images, we scan for the RW header instead of using hard coded
offsets as this will allow us to change where the RW is located (if RO
contracts or expands).
BUG=b:172465629
TEST=sent image to D2 from gsctool via CCD
TEST=flash new H1 image to volteer using to slot B
Signed-off-by: Jett Rink <jettrink@chromium.org>
Change-Id: I7554c978a9ba83b423fbaf43c62f9f0d6711d071
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2585926
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't use the usbpd stack in platform/cr50. Remove the fuzzers, so we
can remove the code.
BUG=none
TEST=make buildall -j
Change-Id: Id1d344d5525ba7bdd1dc4f7951e574d74c1758bd
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2610933
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The UMA get flog script expects a raw timestamp without spaces around
the colon. Output the UMA format when the machine arg is given.
gsctool -aL still prints the incorrect year in the timestamp. That will
get fixed in a followup CL.
BUG=b:176816528
TEST=gsctool -aML outputs the old format. gsctool -aL still prints the
output with timestamps.
Change-Id: Ie11204260958f48485c28917c31d62d78c5b722c
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2610932
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch was inspired by crrev.com/c/2593881, it is extended to
cover both cryptoc and tpm2 libraries. Cherry-picking across the
branches is pointless as the branches have drifted apart and the patch
applied to completely different files.
The below was copied from the original patch description and edited
and augmented to match the Cr50 case.
Currently, the cryptoc and tpm2 targets are marked as
.PHONY. That means that any project that depends on cryptoc or tpm2
will always rebuild ec.bin on make invocations.
For example, running make for cr50 will show the following build steps
on each make invocation, even though nothing in cryptoc or tpm2
changed:
make obj=/mnt/host/source/src/platform/cr50/build/cr50/cryptoc \
SUPPORT_UNALIGNED=1 \
CONFIG_UPTO_SHA512=y -C /mnt/host/source/src/third_party/cryptoc
make obj=/mnt/host/source/src/platform/cr50/build/cr50/tpm2 \
EMBEDDED_MODE=1 \
-C /mnt/host/source/src/third_party/tpm2 copied_objs
make[1]: Entering directory '/mnt/host/source/src/third_party/cryptoc'
make[1]: '/mnt/host/.../build/cr50/cryptoc/libcryptoc.a' is up to date.
make[1]: Leaving directory '/mnt/host/source/src/third_party/cryptoc'
make[1]: Entering directory '/mnt/host/source/src/third_party/tpm2'
make[1]: Nothing to be done for 'copied_objs'.
make[1]: Leaving directory '/mnt/host/source/src/third_party/tpm2'
LD RO/ec.RO.elf
LD RW/ec.RW.elf
.
.
.
This fix brings the dirty/clean state of cryptoc and tpm2 into the
main Cr50 make process, so that it can assess if libcryptoc.a or tpm
objects (and later ec.bin) actually need to be remade.
We do something similar for the ec version header file that is generated
by the build system itself (see crrev.com/c/227211)
Instead of relying on shell globbing, the tpm2 Makefile is now used to
determine the exact set of the tpm object files to be linked in.
This change was only possible with the fix to cryptoc's Makefile
crrev.com/c/2091999 and to the tpm2 Makefile in crrev.com/c/2606746.
With this change, building Cr50 does not force an unnecessary
recompilation, so the above make example looks like the following
after the initial build:
$ make BOARD=cr50 -j
*** 8044 bytes in flash...
*** 14116 bytes in flash...
BUG=none
TEST=verified that cryptolib and tpm2 libraries are rebuilt when some
.c or .h file in the respective directories it touched, but not
unnecessarily, like before this patch.
Change-Id: Ic7c55e6f779559e082afdd18c7368e5115afabdf
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2606810
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Craig Hesling <hesling@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
core/nds uses words we're removing for coil. Remove it, because cr50
doesn't use it.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I9621ed67347241b2c847d4005e714a0051ab0274
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2600300
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace "whitelist" with "allowlist".
BUG=b:175244613
TEST=make buildall -j
Change-Id: Ie0a23cb33722fe27b76d97c2ebdd548c2ecc2aa6
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2600299
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some of the btle files use words we are removing from coil. They're not
used by cr50, so this change removes the files
BUG=b:175244613
TEST=make buildall -j ; grep -ri btle ; find -name btle*
Change-Id: If746eaa34e4fa8fefeb2230a6114ee248d38d542
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2600298
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Print "AC: wait" when cr50 starts waiting to see if AC present stays
disconnected for 5 seconds.
BUG=b:175287237
TEST=none
Change-Id: Iaaf1349e1486c4df135139f31774466d1a58e962
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2585264
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the AP polls TPM_STS, tpm_register_get(0x000018 messages overwhelm
the console. This change modifies tpm_register_get to only print the
initial TPM_STS information and a message whenever the tpm status
changes.
BUG=none
TEST=chan 0xffffffff ; sysrst pulse
Change-Id: I3091ab6341f58bbeade0c2a9ef6aa2113105016c
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2582982
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DIOB3 (EC_PACKET_MODE) is used to indicate the start or the end of
EC PACKET mode, but not as a UART TX.
This patch corrects the incorrect comment regarding that.
BUG=none
TEST=none
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Change-Id: Ic13d34910005c8bc79a3f00e8d32113f267d6752
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2575291
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: I8ea288c7192e6316e2264389010d80039d2dada2
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2547002
Reviewed-by: Wai-Hong Tam <waihong@google.com>
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: I3094dd852c5be4815a9afac3e302b73c758103ec
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2547001
Reviewed-by: Wai-Hong Tam <waihong@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the gsctool support for the GET_AP_RO_HASH vendor command
BUG=b:168634745
TEST=gsctool -aA
Change-Id: I9c14446fbea22e428ca920341a8c1618b82722a3
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2547198
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a vendor command to get the saved AP RO hash, so the factory can
compare the saved hash to the hash they're trying to set.
BUG=b:168634745
TEST=none
Change-Id: Icf644d66f978709e777372f2fe1d80094f60b3e0
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2547197
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's unlikely any factory process will try to use more than 32 ranges.
This change adds a hard limit to ensure they don't.
BUG=none
TEST=none
Change-Id: I411777c15e52c0af7a59e717bdacbae092dad3ab
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2547196
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add cflush to ap_ro_info, so it can print all ranges.
BUG=none
TEST=save 64 ranges. Verify ap_ro_info prints them all.
Change-Id: I9bbc287878b617e59bcc24067200f9c0e84ec0b6
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2547195
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add USB_SELECT_PHY to the red board and dbg images, so it's easier to
update cr50 over usb with the new red board.
BUG=none
TEST=flash on red board, select phy, and turn on usb with command_usb.
Change-Id: I3bb5296197d8be910eaed47acd677291d5b30223
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2546999
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Python may use different rsa versions inside and outside of the chroot.
miller_rabin_primality_testing may or may not exist. For tpmtest
randomized_primality_testing and miller_rabin_primality_testing are
interchangeable. Use whatever primality test rma.prime has.
BUG=b:172081851
TEST=make tpmtest ; run inside and outside of the chroot
Change-Id: Iabd9755f0a264070ff321bde045a87f7397f7062
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2511432
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:172066114
TEST=none
Change-Id: I553a06c52da3468358357fa08596e01238ed86b3
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2510463
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 4805196e894a73a2a1285f1cd622d160ad248f77.
Reason for revert: We aren't planning on landing this in the branch.
Reduce the difference between TOT and the branch by reverting this.
BUG=b:164130916
TEST=run ccd open with TOT image
Original change's description:
> cr50: debounce successive TPM reset pulses
>
> Some platforms generate more than one pulse when resetting, many Intel
> SOCs generate two pulses, some other chips could go even higher.
>
> TPM reset on Cr50 is processed asynchronously, repetitive pulses
> result in multiple reset processing cycles.In case pulses are coming
> too soon one after another this could cause some race conditions.
>
> Let's ignore repetitive reset pulses unless there has been an attempt
> by the host to read a register (which is usually the very first action
> of the AP when booting up).
>
> BRANCH=cr50, cr50-mp
> BUG=none
> TEST=observed that only one reset is happening on an Octopus device,
> while there are two pulses present on the PLT_RST_L line.
>
> Verified proper reboot multiple times in a row.
>
> Change-Id: Ie1b124d41be0388bd8e12d0084827782de62cfa0
> Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1755059
> Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Bug: none
Change-Id: Ifbe8afea87c522c94cf9ab73cca8a1489ec3956b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2485927
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:171727921
TEST=make
Change-Id: I401c35eec2c4c7fe783a348cbc42f0687868acec
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2499922
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a fips_rand_bytes() call in u2f. Since 5.7/6.7 will be
released without FIPS support (and the plan is to move u2f to FIPS
later), change that call back to DCRYPTO_ladder_random.
This does not affect the canonical (non-versioned) u2f. This only
affects the generation of versioned KHs for WebAuthn purposes.
BUG=none
TEST=make -j BOARD=cr50
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Change-Id: I78142efd1b3a8339cce44adc4d3f8e26151b30ce
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2419178
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:168502792
TEST=none
Change-Id: I4151120813f37c2427747ade01fb8a43dae9518a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2416951
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The getversion.sh utility even when compiling the version string based
on the state of several git trees always uses the ec tree for
timestamps, be it the latest modified file if the tree is 'dirty' or
the last commit time if the tree is clean.
It should be using the latest time from all of the trees included in
the build.
BUG=none
TEST=verified operation for Cr50 with both main and secondary trees
clean and dirty
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I72dc1d49ec997c789697b15f7d79fa9f4a8f8adc
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2393101
Reviewed-by: Craig Hesling <hesling@chromium.org>
(cherry picked from commit 5ab4bd06261abf1204638c8ef877a9adb041d6e8)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2410700
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
U2f key handles generated before January 2019 do not mix in user
secrets. These legacy key handles should no longer be in use since
it's been > 10 releases.
Another change will remove this concept on u2fd side.
BUG=b:165018526
TEST=build cr50
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Change-Id: I57a6a77e512591f14ef8c818ec6027a6ae21189d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2358425
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a reland of d2627d12bb21308f49a72cadaf47a0a86730a960 with one
modification: The versioned key handle header (the old "key handle"
concept) is now used in the derivation of authorization_hmac. This is
to tie the key handle to the authorization secret.
Original change's description:
> u2f: Append hmac of auth time secret to versioned KH
>
> When generating versioned KHs, u2fd should send a public derivative
> (sha256) of the user's auth time secret to cr50. Cr50 derives an
> hmac of it and appends this authorization_hmac to the KH.
>
> When signing versioned KHs, u2fd may supply the unhashed auth time
> secret. Cr50 will check the authorization_hmac if no power button press.
> If the reconstructed hmac matches authorization_hmac, power button press
> is waived.
>
> Currently for v1, we will just prepare the authorization_hmac but not
> enforce it. This is because fingerprint and PIN are unable to unlock
> the same secret.
>
> While we waive power button press for v1, we can enforce
> authorization_hmac whenever auth-time secrets is ready.
>
> BUG=b:144861739
> TEST=- Use a known 32-byte "auth-time secret"
> - Compute the sha256 of the auth-time secret (this is public)
> - u2f_generate with the computed "authTimeSecretHash"
> - Add code to u2f_sign command handler such that cr50 computes
> the sha256 of the supplied auth-time secret at u2f_sign time
> and require power button press if the hmac doesn't match.
> - u2f_sign with the true auth-time secret -> observe in logging
> that hmac matches, and no power button press required.
> - u2f_sign with a wrong auth-time secret -> observe in logging
> that hmac doesn't match, and power button press is required
> for signing.
>
> Cq-Depend: chromium:2321731
> Change-Id: Ib9ae913667f8178ac7a4790f861d7dada972c4a0
> Signed-off-by: Yicheng Li <yichengli@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2317047
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
BUG=b:144861739
TEST=See original CL's TEST above
Cq-Depend: chromium:2327865
Change-Id: Ia1b0b4a585ec604398cfa730354ae1a91e7bc00b
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2355177
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Status of completion of power-up tests was in long life register
which survives reboots and even firmware upgrades, which is not
an intended behavior. Moving status to PWRDN register makes it
reset on graceful reboots and firmware upgrades, but avoid
running tests on wake from deep sleep. This switch also enables
use of multiple bits to indicate status of tests, which makes it
more fault tolerant.
BUG=b:138577491
TEST=make BOARD=cr50, then deassert DIOM3 to trigger deep sleep
FIPS power-on tests shouldn't run on wake.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I098940e45afd5b5b9447b2780ff69372a922c03f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2330976
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since FIPS-compliant U2F code is not yet ready, make sure that new
devices won't switch to FIPS-approved by default when there are no
U2F keys. This CL puts the logic that checks if the U2F seed exists
and turns FIPS mode on when it doesn't under compile-time switch,
and for now turns this switch off. As a result, FIPS mode is always
off.
BUG=b:138577491
TEST=make BOARD=cr50, then check FIPS mode in CCD
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I33b559c3f348f34115263fd3fedc8b7a2fbeab31
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2328113
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit d2627d12bb21308f49a72cadaf47a0a86730a960.
Reason for revert: Causing crbug.com/1111182
Original change's description:
> u2f: Append hmac of auth time secret to versioned KH
>
> When generating versioned KHs, u2fd should send a public derivative
> (sha256) of the user's auth time secret to cr50. Cr50 derives an
> hmac of it and appends this authorization_hmac to the KH.
>
> When signing versioned KHs, u2fd may supply the unhashed auth time
> secret. Cr50 will check the authorization_hmac if no power button press.
> If the reconstructed hmac matches authorization_hmac, power button press
> is waived.
>
> Currently for v1, we will just prepare the authorization_hmac but not
> enforce it. This is because fingerprint and PIN are unable to unlock
> the same secret.
>
> While we waive power button press for v1, we can enforce
> authorization_hmac whenever auth-time secrets is ready.
>
> BUG=b:144861739
> TEST=- Use a known 32-byte "auth-time secret"
> - Compute the sha256 of the auth-time secret (this is public)
> - u2f_generate with the computed "authTimeSecretHash"
> - Add code to u2f_sign command handler such that cr50 computes
> the sha256 of the supplied auth-time secret at u2f_sign time
> and require power button press if the hmac doesn't match.
> - u2f_sign with the true auth-time secret -> observe in logging
> that hmac matches, and no power button press required.
> - u2f_sign with a wrong auth-time secret -> observe in logging
> that hmac doesn't match, and power button press is required
> for signing.
>
> Cq-Depend: chromium:2321731
> Change-Id: Ib9ae913667f8178ac7a4790f861d7dada972c4a0
> Signed-off-by: Yicheng Li <yichengli@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2317047
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Bug: b:144861739
Cq-Depend: chromium:2327779
Exempt-From-Owner-Approval: Causing crbug.com/1111182
Change-Id: I8c8a594d148b92556b20a2753aa1007cf2c1676b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2327358
Tested-by: Archie Pusaka <apusaka@chromium.org>
Reviewed-by: Yicheng Li <yichengli@chromium.org>
Reviewed-by: Archie Pusaka <apusaka@chromium.org>
Commit-Queue: Archie Pusaka <apusaka@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When generating versioned KHs, u2fd should send a public derivative
(sha256) of the user's auth time secret to cr50. Cr50 derives an
hmac of it and appends this authorization_hmac to the KH.
When signing versioned KHs, u2fd may supply the unhashed auth time
secret. Cr50 will check the authorization_hmac if no power button press.
If the reconstructed hmac matches authorization_hmac, power button press
is waived.
Currently for v1, we will just prepare the authorization_hmac but not
enforce it. This is because fingerprint and PIN are unable to unlock
the same secret.
While we waive power button press for v1, we can enforce
authorization_hmac whenever auth-time secrets is ready.
BUG=b:144861739
TEST=- Use a known 32-byte "auth-time secret"
- Compute the sha256 of the auth-time secret (this is public)
- u2f_generate with the computed "authTimeSecretHash"
- Add code to u2f_sign command handler such that cr50 computes
the sha256 of the supplied auth-time secret at u2f_sign time
and require power button press if the hmac doesn't match.
- u2f_sign with the true auth-time secret -> observe in logging
that hmac matches, and no power button press required.
- u2f_sign with a wrong auth-time secret -> observe in logging
that hmac doesn't match, and power button press is required
for signing.
Cq-Depend: chromium:2321731
Change-Id: Ib9ae913667f8178ac7a4790f861d7dada972c4a0
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2317047
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|