summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* cr50: remove unused DCRYPTO_ladder_random()stabilize-14217.B-cr50_stabVadim Sukhomlinov2021-09-102-23/+0
| | | | | | | | | | | | | | | After migration to DRBG use, remove DCRYPTO_ladder_random() function. BUG=none TEST=make buildall -j Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: Ifdb3fd79ec03ac94066a91ed38b61218dbceefde Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3155295 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: consolidate FIPS module sources under board/cr50/dcryptoVadim Sukhomlinov2021-09-109-5/+5
| | | | | | | | | | | | | | | | | To simplify identification of FIPS module boundary, move all sources into same place. BUG=b:134594373 TEST=make buildall -j Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I6acd12d12c00a3362041914bd515534f72a08ab2 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3150057 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* cr50: reduce default set of CCD test commands with CRYPTO_TEST=1Vadim Sukhomlinov2021-09-088-6/+73
| | | | | | | | | | | | | | | | | | | | | | During FIPS refactoring many additional test commands were added to CRYPTO_TEST=1 image for unit testing. However, this lead to very small space left in image. Adding local switches to several CCD commands to activate it only once working on related parts. This free around 6.5K. BUG=none TEST=make BOARD=cr50 CRYPTO_TEST=1 Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I8f11988d2994c6c4b25748d3c0c07096ba00c392 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3139977 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: fix u2f after cl:3125994Vadim Sukhomlinov2021-09-081-5/+3
| | | | | | | | | | | | | | | | | | | | | Since https://crrev.com/c/3125994 and https://crrev.com/c/3119223 were in review at the same time and landed one after another, check for result of DCRYPTO_equals() wasn't properly updated. This is a fix addressing that DCRYPTO_equals() now returns DCRYPTO_OK instead of 1 in case of matching values. BUG=none TEST=make BOARD=cr50 CRYPTO_TEST=1; ccd - u2f_test test/tpm_test/tpmtest.py Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I582906f9a6be57e1d645370377caa5e5ab3e2481 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3146593 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: fix make buildall buildsVadim Sukhomlinov2021-09-083-3/+16
| | | | | | | | | | | | | | | | | | | When both https://crrev.com/c/3125994 and https://crrev.com/c/3119223 landed it resulted in broken host build as function attribute optimize("") is not supported by clang. This is happened due as both CLs are relatively independent by nature, but the first one added one of the sources to host build. BUG=none TEST=make buildall -j Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: If1b8425cea418ae42179bef46f6f5998ded3dc1f Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3146223 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* add script to inject the fips fingerprintMary Ruthven2021-09-074-2/+87
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Inject the fips fingerprint into the cr50 image, so it can verify the fips module before starting to execute it. This change adds a script to calculate the checksum and inject it into a elf file before signing. If CONFIG_FIPS_CHECKSUM is defined, generate an elf file with the fips checksum and use that to create signed images and hex files. The build process doesn't change for RO artifacts. Nothing changes if CONFIG_FIPS_CHECKSUM isn't defined. The new chain for RW is ec.RW.elf -> ec.RW.elf.fips -> ec.RW.flat ec.RW.elf.fips is generated with util/inject_fips_fingerprint.sh. util/inject_fips_fingerprint.sh calculates the fips module fingerprint, copies ec.RW.elf to ec.RW.elf.fips, and then injects the fingerprint into ec.RW.elf.fips. util/signer/bs will be modified to use ec.RW.elf.fips if it exists in a followup CL. BUG=none TEST=manual # Verify cr50 is the only board that creates the fips artifacts make buildall -j objdump the text.fips_checksum section of ec.RW.elf and ec.RW_B.elf. Make sure they match ec.RW.fips.checksum and ec.RW_B.fips.checksum # Verify cr50 can update to image signed with devid and that # image shows Stored hash that matches the computed one. H1_DEVIDS="${DEVID}" make -j BOARD=cr50 CR50_DEV=1 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Change-Id: Iab857ec1b7e3ae0d23681a25467e26286bd68210 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3078053 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* cr50: move fips checksum into its own sectionMary Ruthven2021-09-071-6/+11
| | | | | | | | | | | | | | This change moves the fips checksum into its own section, so objcopy can be used to update the fips checksum in the elf files. BUG=none TEST=make buildall -j Change-Id: I8004c7efaf607eabd2932ecb9fdf377e0c68b6c0 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3120046 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* cr50: remove drbg_exit() from dcrypto_p256_ecdsa_sign()Vadim Sukhomlinov2021-09-043-5/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | P-256 sign requires a random nonce which is generated from provided DRBG. Implementation of dcrypto_p256_ecdsa_sign() cleaned out DRBG once nonce is successfully created. This works fine when DRBG is instantiated just for purposes of signing this particular message, but doesn't work if we want to use system-wide DRBG which is perfectly instantiated as reseeded as needed as we want for FIPS. Instantiation of DRBG using entropy from TRNG is relatively expensive operation which we can avoid this way. Moving DRBG management outside ECDSA Sign makes it clearer. Now the caller is responsible what to do with DRBG and allows further updates with automated reseeding if ECDSA Sign fails due to DRBG. In tpm2/ecc.c we can now replace DRBG instantiation with using FIPS DRBG created during initialization. Still more changes are needed to fully switch to DRBG use for key gen as we need to handle reseeds properly. BUG=b:138577416 TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I092b18cde5f6a8aede0a65e24a892dda9de7afa2 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3138384 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: adjust FIPS module build flags for reproducible buildVadim Sukhomlinov2021-09-041-1/+10
| | | | | | | | | | | | | | | | | | | Set FIPS module build flags to reduce changes in object file due to compiler's randomization during LTO. Adjusted several optimization options which resulted in smaller image. Freed 136 bytes for ToT. BUG=b:138578318 TEST=make BOARD=cr50, test that image works. Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I99d9bf459bda6f1fcbd8dafe6f23539dda110fd8 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3123967 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: add hardened crypto return codes, harden DCRYPTO_equalsVadim Sukhomlinov2021-09-0410-44/+216
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. Introduce enum dcrypto_result defining DCRYPTO_OK and DCRYPTO_FAIL constants such that they have large Hamming distance, thus becoming more fault-injection resistant. 2. Added value_barrier() and value_barrier_ptr() which prevents compiler from certain optimizations, removal of conditional execution. 3. Added hardened_select_if_zero() primitive which produce branch-less selection between values. 4. Added convenience function dcrypto_ok_if_zero() to convert zero into DCRYPTO_OK. 5. DCRYPTO_equals() implemented in a way that it also checks completion of all iterations in addition to comparing value. This makes it resistant to fault injection which would result in no comparisons made. 6. Updated uses of DCRYPTO_equals() to check for new return code. 7. Few memcmp() replaced with DCRYPTO_equals(). BUG=b:197893750 TEST=make BOARD=cr50 CRYPTO_TEST=1; tests/tpmtest.py in console check that FIPS KAT tests passes. Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I2a0373e8be97c2d61a2c4743c74614c2ff064a8a Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3125994 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* u2f: refactoring to split command processing and cryptoVadim Sukhomlinov2021-09-0214-744/+1315
| | | | | | | | | | | | | | | | | | | | | | | | | | | Split U2F crypto from U2F command processing by moving all crypto code into boards/cr50 (platform hooks). U2F state management is part of common code and passed to U2F crypto as a parameter. Previously reviewed as https://crrev.com/c/3034852, but reverted due to ChromeOS dependency on include/u2f.h. In this revision this is addressed by restoring include/u2f.h with previous content and new additions and adjusting dependencies in other headers. BUG=b:134594373 TEST=make BOARD=cr50 CRYPTO_TEST=1 console: u2f_test test/tpmtest.py FAFT U2F tests pass Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: Iff1973c8e475216b801d7adde23b1ef6c4a6f699 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3119223 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: update dcrypto p256 codeVadim Sukhomlinov2021-09-012-743/+1041
| | | | | | | | | | | | | | | | | | | | | Switch to hardened p256 code sequences for dcrypto which introduce blinding of secrets and control flow integrity checks. Dcrypto sequences are taken from cr52 board (/chip/g/fips). Code size increased by 1008 bytes, but expect savings from aligned p256_int. BUG=none TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I434a373fc602e01bf815099a3661a2cef93af22f Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3133625 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: fix initialization check for FIPS DRBGVadim Sukhomlinov2021-09-011-7/+3
| | | | | | | | | | | | | | | | | | | During unit testing discovered an issue with test order specific bug which resulted in incorrect system-level DRBG initialization. It was revealed after several independent CLs landed. This fix corrects this issue. BUG=b:138577416 TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I1222bc72d5560a4984a78abf53d5e3b2178d0977 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3133626 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: add pair-wise consistency test for ECDSA key generation.Vadim Sukhomlinov2021-08-313-8/+54
| | | | | | | | | | | | | | | | | | | FIPS requires pair-wise consistency test for asymmetric key generation algorithms. For U2F we use only ECDSA P-256, so adding this step into key generation function. BUG=b:198219806 TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py This test covers U2F and TPM2 uses of ECDSA keygen. Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I520a233e700a68b19c863bad05271f97693b5ca9 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3131949 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: merge crypto_enabled() and fips_crypto_allowed()Vadim Sukhomlinov2021-08-318-19/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to block access to all crypto in case of FIPS errors. There are multiple steps to implement, this is one of few. There is common API crypto_enabled() which is used by nvmem and some other functions to check wherever access to crypto is possible. This is same intent as fips_crypto_allowed(), though the latter checks for FIPS KAT errors, while the former checks only key ladder status. Here we make all FIPS errors to revoke access from key ladder, and fips_crypto_allowed() to check key ladder status. This way we also ensure that in case of FIPS errors access to device secrets will be blocked. We moved crypto_api.c from chip/g to board/cr50 to move crypto_enabled() into fips.c and alias it to fips_crypto_enabled(). crypto_api.h is no longer included from dcrypto.h, and compile time assert for cipher salt size is moved to proper place. Since crypto is used by nvmem_init(), move FIPS power-up tests earlier to ensure nvmem_init() can access crypto. BUG=b:197893750 TEST=make CRYPTO_TEST=1; tpm_test; check nvmem is properly initialized on board_init(). Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: If70c2a21d61348bd97a47e26db5d8eec08bbf8ed Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3123836 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* add BOARD_CCD_REC_LID_PIN_DIOA12 to Zork brdpropstabilize-14189.B-cr50_stabMary Ruthven2021-08-271-1/+2
| | | | | | | | | | | | | | | | Make DIOA12 an output on Zork, so it can be used for the ccd recovery or lid switch signals. BUG=b:197916691 TEST=setting CCD_REC_LID_PIN toggles lid_open on tomato Change-Id: I755498fd9bb9b764b0e0aa2bf0394c45b087c767 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3124565 Reviewed-by: Ting Shen <phoenixshen@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Ting Shen <phoenixshen@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* Revert "u2f: refactoring to split command processing and crypto"stabilize-14179.B-cr50_stabstabilize-14178.B-cr50_stabDavid Stevens2021-08-2514-1308/+787
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 5ae1c684271a117539858cb12252959dfe46803c. Reason for revert: breaks chromeos-ec-headers BUG=b:197691499 Original change's description: > u2f: refactoring to split command processing and crypto > > Split U2F crypto from U2F command processing by moving all crypto > code into boards/cr50 (platform hooks). > > U2F state management is part of common code and passed to U2F crypto > as a parameter. > > BUG=b:134594373 > TEST=make BOARD=cr50 CRYPTO_TEST=1 > console: u2f_test > test/tpmtest.py > FAFT U2F tests pass > > Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> > Change-Id: I85442cddb2959bd3102f7f6e6047134ede90951b > Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3034852 > Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> > Reviewed-by: Andrey Pronin <apronin@chromium.org> > Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> > Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Bug: b:134594373 Change-Id: I61a965995fcd53b4e155084f5f351574cb84cd1e Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3115930 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Owners-Override: David Stevens <stevensd@chromium.org>
* u2f: refactoring to split command processing and cryptoVadim Sukhomlinov2021-08-2414-787/+1308
| | | | | | | | | | | | | | | | | | | | | | Split U2F crypto from U2F command processing by moving all crypto code into boards/cr50 (platform hooks). U2F state management is part of common code and passed to U2F crypto as a parameter. BUG=b:134594373 TEST=make BOARD=cr50 CRYPTO_TEST=1 console: u2f_test test/tpmtest.py FAFT U2F tests pass Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I85442cddb2959bd3102f7f6e6047134ede90951b Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3034852 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: prepare to release 0.{5,6}.51Mary Ruthven2021-08-242-2/+2
| | | | | | | | | | | BUG=b:194901448 TEST=none Change-Id: Ia16d194f042ab44a36e00668f699dfab4df8a536 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3114224 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* cr50: prod: use 6 as the major versionMary Ruthven2021-08-241-1/+1
| | | | | | | | | | | | | | | | Use 6 as the major version in util/signer/ec_RW-manifest-prod.json to reduce merge conflicts in the branches This has no real effect since we don't prod sign TOT images. BUG=none TEST=none Change-Id: I1300a4080ea4a5fee3115f1e32736985789d9c11 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3114223 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* cr50: replace direct calls to EC OS from FIPS module with callbacksVadim Sukhomlinov2021-08-239-44/+195
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to implement self-integrity test for FIPS module we need to make sure binary code of module in image doesn't change from build to build. To do that we already place FIPS module as constant address. However, any call to functions outside the module creates a relocation which is changing depending on location of that external function in the image. To prevent that we either need to bring these functions in the module like it was done with memcpy() and some others or replace their invocations with callbacks. Task & Memory management functions are hard to bring in the module, so replace few invocations with indirect calls using vtable. This way invocation code will remain the same. 1. Identify and minimize dependency on EC OS - remove few asserts and cprintfs. 2. Remove checking privilege level in TRNG init - we know that it is high by the order of initialization in board_init() and that our RO doesn't drop permissions. Correct initialization of TRNG is important for certification, so we can't just assume it may be initialized improperly. 3. Added vtable with EC OS functions, initialization of FIPS module vtable in board_init(). 4. Switched to using vtable instead of direct calls. Note, we continue to use EC OS with CRYPTO_TEST=1 to reduce vtable size and image size. BUG=b:138578318 TEST=make BOARD=cr50; tests Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: Ibd7bd2353fc4e7e5886f9bfef96b36dc64ff2359 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3107847 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Andrey Pronin <apronin@chromium.org>
* fips: fix printing fips hashMary Ruthven2021-08-201-3/+4
| | | | | | | | | | | | BUG=none TEST=make -j BOARD=cr50 CR50_DEV=1 Change-Id: I3f5281047ff3f349161e37633320e63b4a8fb318 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3108328 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* tpm_mode: move s_tpm_mode to .bss.Tpm2_commonMary Ruthven2021-08-191-6/+12
| | | | | | | | | | | | | | | | Move tpm_mode_s to .bss.Tpm2_common, so TPM_MODE_ENABLED is cleared during tpm reset events. Cr50 still clears TPM_MODE_DISABLED by doing a hard reset instead of triggering a tpm reset event. BUG=b:191180387,b:196820239 TEST=run firmawre_Cr50TpmMode Change-Id: I5f5cedb7b5b6a03bf504583c378fae87896cef2b Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3105485 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* cr50: refactor TRNG use, implement rand() using read_rand()Vadim Sukhomlinov2021-08-194-88/+90
| | | | | | | | | | | | | | | | | | | | | | | | | | In preparation to switching from TRNG to DRBG, refactor to remove duplicated code, reduce code size. 1. Isolate hardware-dependent code (trng.c) from platform-agnostic in fips_rand.c. This will enable better host emulation for tests. 2. Change how read_rand() returns status to take advantage of ARM ABI. Unfortunately any composite type on ARM is returned on stack. Use uint64_t with combined validity flag in high bits and random in low 32 bits. This alone reduce code size around 100 bytes. 3. Avoid code duplication by implementing rand() using read_rand(). 4. Drop use of common/trng.h to reduce dependency on code outside boundary. To be completed with migration to DRBG. BUG=b:138577416 TEST=make BOARD=cr50 CRYPTO_TEST=1; rand_perf and FIPS tests Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: Ifdc42e7210414a4abeac8c132a684e451fbbc19c Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3100489 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: final touches to remove cryptoc dependencystabilize-14163.B-cr50_stabVadim Sukhomlinov2021-08-1613-115/+262
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | To implement FIPS module we need to bring many crypto functions in the module boundary. Unfortunately, cryptoc is a third-party library used by dcrypto code in cr50. Cryptoc is also not well-maintained and shared with other projects. While just making local copy of cryptoc would solve an issue, it's suboptimal as prevents from many optimizations and improvements. 1. Clean-up of #include dependencies on cryptoc 2. Build configuration drops linking with cryptoc for cr50 3. Dcrypto SHA512 code updated to compile and partially tested. It is about 4x faster on large messages, and about 620 bytes larger. Added an config option to use Dcrypto version as software, but not enabled. More testing is needed to make sure it's safe and doesn't have unintended interactions with RSA and ECDSA Dcrypto code. BUG=b:138578318 TEST=make BOARD=cr50 CRYPTO_TEST=1; tpm_test Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I030b60b75daeec9c8ef079017a73345829bf7f0b Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3093093 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: update FIPS initialization logic to match security policyVadim Sukhomlinov2021-08-1310-374/+341
| | | | | | | | | | | | | | | | | | | | | | | | | | FIPS security policy was updated to move U2F key management out of scope as it doesn't add anything from certification standpoint on L1, but greatly complicates design and requires flash operations to be in the FIPS module boundary. This change aligns FIPS initialization flow with security policy: 1) Checking of U2F key type is removed and would be handled during U2F command processing to choose approved / not-approved key gen. 2) FIPS module is always in approved mode when self-integrity tests, known-answer tests and TRNG power-up tests succeeds. 3) Implementation of console command and TPM2 command moved out of FIPS boundary. BUG=b:134594373 TEST=make BOARD=cr50 [CRYPTO_TEST=1]; console commands Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I03fc8fa450927e4d37e691770e872e7ffa5b628d Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3093088 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: drop cryptoc for p256 implementationstabilize-14151.B-cr50_stabVadim Sukhomlinov2021-08-1213-133/+309
| | | | | | | | | | | | | | | | | | | | | | | | | | | | To implement FIPS module we need to bring many crypto functions in the module boundary. Unfortunately, cryptoc is a third-party library used by dcrypto code in cr50. Cryptoc is also not well-maintained and shared with other projects. While just making local copy of cryptoc would solve an issue, it's suboptimal as prevents from many optimizations and improvements. Removed redundant functions (dcrypto_p256_pick and dcrypto_p256_rand). Another improvement is separation of platform independent code in p256.c to support better host-side unit tests. For this purpose added fast random number generator using LFSR to replace use of TRNG for blinding and wiping secrets where security strength is not required. BUG=b:138578318 TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py in console: dcrypto_ecdsa Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I9bfd13b8006ddca55508635962be4502a56532b5 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3087833 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: drop cryptoc for SHA1/SHA2 supportstabilize-14150.882.B-cr50_stabstabilize-14150.881.B-cr50_stabstabilize-14150.74.B-cr50_stabstabilize-14150.734.B-cr50_stabstabilize-14150.64.B-cr50_stabstabilize-14150.43.B-cr50_stabstabilize-14150.376.B-cr50_stabrelease-R94-14150.B-cr50_stabrelease-R94-14150.49.B-cr50_stabVadim Sukhomlinov2021-08-1243-730/+1799
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To implement FIPS module we need to bring many crypto functions in the module boundary. Unfortunately, cryptoc is a third-party library used by dcrypto code in cr50. Cryptoc is also not well-maintained and shared with other projects. While just making local copy of cryptoc would solve an issue, it's suboptimal as prevents from many optimizations and improvements. Provided SHA & HMAC implementations from Ti50 project. This provides better performance (500us vs. 670us earlier for HMAC DRBG) and reduce code size. This implementation also enables stack use savings when only specific digest is needed. Earlier SHA512 context was allocated when only SHA256 is needed greatly increasing stack consumption for code using HMAC_DRBG and others. However, it introduce subtle API changes which require handling. As for tests, since core implementation is hardware-independent, make it available for BOARD=host too. Before change (with cryptoc): *** 12368 bytes in flash and 5784 bytes in RAM After: *** 13136 bytes in flash and 5796 bytes in RAM BUG=b:138578318 TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I2ff5362aee9078ce83dc1f8081943a5101d5f666 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3064201 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: drop cryptoc for always_memset()stabilize-14149.B-cr50_stabVadim Sukhomlinov2021-08-1015-15/+18
| | | | | | | | | | | | | | | | | | | To implement FIPS module we need to bring many crypto functions in the module boundary. Unfortunately, cryptoc is a third-party library used by dcrypto code in cr50. Cryptoc is also not well-maintained and shared with other projects. BUG=b:138578318 TEST=make BOARD=cr50 CRYPTO_TEST=1 Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I40090f5d32df088c88d7313dd693fc8a0dd4b308 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3083187 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* cr50: fix CRYPTO_TEST=1 broken due to FIPS codeVadim Sukhomlinov2021-08-094-11/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | Linker script used by FIPS module broke several extension commands used for testing due to section name used (no wildcards support). FIPS self-integrity tests broke access to crypto commands as until there is no correct digest it fails and prevents access to crypto. This is temporary fix until digest computation is done. TPM tests requires GCM for testing - adding this module when built with CRYPTO_TEST=1. U2F test status made a bit clearer (printing success) and hex dumps of key handles, signatures only printed in debug mode now. BUG=none TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I7c974abf8ac71de2949b35a4411f77a03d9048a0 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3082325 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: prepare to release 0.{5,6}.50Mary Ruthven2021-08-052-2/+2
| | | | | | | | | | BUG=b:194901448 TEST=none Change-Id: I9d4d5133d26ac528b2ecf5e1b0f4be20a47badb8 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3072819 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* usb_spi: Remove stm32spi.py since no one uses itYilin Yang2021-08-041-140/+0
| | | | | | | | | | | | | | | | | BUG=chromium:1031705 BRANCH=master TEST=None Signed-off-by: kerker <kerker@chromium.org> Change-Id: Idf4f5342da6b3f3307e1948c165d44b83031543a Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2425983 Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@chromium.org> (cherry picked from commit 24f03775900d085130f4d411da3bfdfe29afc7ef) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3067596 Reviewed-by: Craig Hesling <hesling@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org> Tested-by: Mary Ruthven <mruthven@chromium.org>
* usb_spi: move to Raiden V2 implementationVadim Bendebury2021-08-028-10/+740
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch introduces an alternative USB SPI protocol implementation to be used by Cr50: Raiden V2. The SPI USB endpoint descriptor is modified to advertise the new version in the bInterfaceProtocol, which allows the flashrom utility to use the new protocol version. Protocol version 2 implements segmentation and reassembly where longer flash read and write PDUs can be transferred split into shorter fixed size USB packets. The comment section in usb_spi_v2.c describes the protocol in detail. Each time a USB packet is received from the host, the packet header is examined to determine the command. The command could be a DUT configuration query OR a request to read and or write some data from/to the SPI flash chip, OR a request to retransmit the last PDU from the beginning. This patch implementation does not process the retransmittion request command yet, in case a packet is dropped flashrom would need to be re-run. This is a pretty rare condition, but if deemed necessary support can be added later. H1 SPI controller supports multibuffer transactions where the CS signal is kept asserted while the controller clocks the bus when the next portion of data to write becomes available or there is more room to read data to send back to the host. This allows to support arbitrary length read and write transactions. There is no need to support write transactions longer than 256 bytes of data, as this is a typical SPI flash chip page size. For read direction the size of 2040 was chosen, which is close to 2K and takes full payload of 34 USB packets on top of 2 byte headers. The protocol state machine on the device sideOB can be in one of two states, IDLE or WRITING. Many of host requests do not require the device to change state: configuration requests, or writes of short blocks of data (fitting into one USB packet) can be executed immediately. Requests to read long blocks of data can still be executed without leaving the IDLE state, the device starts the SPI transaction and then iterates reading one packet worth of data at a time and sends it back to the host. Once the entire PDU is read, the CS is deasserted. In case the host requests to write a block of data which does not fit into a USB packet the device asserts the CS, sends the first received block to the SPI flash chip and then enters the WRITING state, expecting the controller to send the rest of the PDU in following packets. Once the entire PDU is transferred the CS is deasserted and state is changed back to IDLE. BUG=b:79492818 TEST=performed numerous flash read/write operations with 16M SPI flash chip on the Atlas device. Timing results comparison of various operations: Raiden V1 Raiden V2 Reading entire chip: 3m 16s 0m 52s Vanilla writing of new image: 16m 22s 5m 48s Writing of AP firmware into an erased flash chip (no read before or after writing) 4m 12s 1m 38s Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: I374f3caab7146fc84b62274e9e713430d7d31de0 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2977965 Reviewed-by: Brian Nemec <bnemec@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org>
* cr50: add basic U2F test to tpmtest, disable eciesVadim Sukhomlinov2021-07-284-10/+132
| | | | | | | | | | | | | | | | | | | | | Add basic test to U2F generate, sign and attest commands to make sure commands are processed correctly. When build with CRYPTO_TEST=1 pretend that power button for U2F is always pressed when requested to simulate user presence. BUG=None TEST=make BOARD=cr50 CRYPTO_TEST=1 tests/tpmtest.py Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I8fda8037ea7322eb5fa46421ded6da3d1bba9c66 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3048103 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: add FIPS module self-integrity checkVadim Sukhomlinov2021-07-282-0/+33
| | | | | | | | | | | | | | | | | Added computation of FIPS module SHA256 digest and comparison with precomputed value. BUG=b:138578318 TEST=make BOARD=cr50, check console output Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I3aaac07ff460b5021f2b7dab4f6df2710325c60b Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3045839 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: add linker script to consolidate FIPS module sectionsVadim Sukhomlinov2021-07-232-4/+88
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added linker script to sort by name all symbols from FIPS module and place them together in text.fips, rodata.fips and bss.fips sections which are later placed at fixed locations by chip's linker script. Note, this has impact on image size as LTO intentionally won't work across FIPS module boundary and probably don't discard some unused functions. Currently size increase is 1544 bytes. List of functions added: fips_p256_ecdsa_sign fips_drbg_clear DCRYPTO_asn1_sigp board_set_fips_policy_test u2f_gen_kek DCRYPTO_asn1_pubp fips_drbg_init fips_throw_err board_fips_enforced fips_trng_bytes dcrypto_p256_pick DCRYPTO_hkdf dcrypto_p256_rnd fips_mode adaptive_proportion_test fips_rand_bytes fips_set_policy board_fips_power_up_done fips_crypto_allowed Note, some of these functions can be removed, and some will be used once switch to FIPS key gen. BUG=b:138578318 TEST=make BOARD=cr50 Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I0ab3cf1fc7fd6de2025b69d46c71625d96d7873b Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3041098 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* Add necessary utilities to the FIPS boundarystabilize-14106.B-cr50_stabMary Ruthven2021-07-224-0/+210
| | | | | | | | | | | | | | | | | | | | BUG=none TEST=make buildall -j find -name util.o board/cr50/dcrypto/util.o is only a part of the cr50 build ./build/cr50/RO/common/util.o ./build/cr50/RO/board/cr50/dcrypto/util.o ./build/cr50/RW/common/util.o ./build/cr50/RW/board/cr50/dcrypto/util.o ./build/cr50/cryptoc/util.o Change-Id: Ib1e82922548f9ec483338baaad94c6b2cb10f371 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3043359 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* common/util: group the code needed in the fips moduleMary Ruthven2021-07-212-177/+195
| | | | | | | | | | | | | | | | | | | Group the code we are going to move into the fips module. memcmp memcpy memset memmove reverse strncmp BUG=none TEST=make buildall -j Change-Id: Idb1162dd47f00f676cb1c1ec3f77b85808ad9c30 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3043358 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* cr50: make CRYPTO_TEST=1 work againVadim Sukhomlinov2021-07-212-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | Recent changes with FIPS module - removal of ECIES from dcrypto build, broke CRYPTO_TEST=1 build where tpm2/ecies.c used those functions. So, removing it from build for consistency. Also, some CRYPTO_TEST commands needs more stack, like newly added u2f_test command. These commands are usually executed in the context of TPM task which has larger stack, and to be executed in console task it's size should be a bit larger. BUG=none TEST=make BOARD=cr50 CRYPTO_TEST=1 Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I7b663eb0b0f64871682c907d66e855e75c091548 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3042142 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: replace call to __aeabi_uldivmod with better implementationVadim Sukhomlinov2021-07-212-9/+128
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | FIPS module should be self contained. Adding __aeabi_uldivmod is challenging as it comes from compiler builtin and used by other parts. In this CL we implement udiv32() which divides 64-bit number by 32-bit number. Since it doesn't compute reminder and don't have to support real 64-bit by 64-bit division it's faster. Also, we can use ARM instruction to count leading zeros instead of doing it manually. This code is reused from Ti50 cryptolib code as is. Exhaustive bn_div() test is provided by test/tpm_test/bn_test.c which is now can be built with board/cr50/dcrypto version. BUG=b:138578318 TEST=make BOARD=cr50 test/tpm_test/make CR50=1 build/tpm_test/bn_test Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I19cebc5c11d3a80bc50732350b7c598bfa374348 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3042138 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* build dcrypto and u2f separatelystabilize-14094.B-cr50_stabstabilize-14093.B-cr50_stabstabilize-14092.66.B-cr50_stabstabilize-14092.57.B-cr50_stabrelease-R93-14092.B-cr50_stabMary Ruthven2021-07-141-24/+39
| | | | | | | | | | | | | | | | Build dcrypto and u2f separately as a part of the fips_module object. This doesn't change how cryptoc is built. That'll be done in a followup CL. BUG=none TEST=none Change-Id: I411ee297ae8e88f0c38b6798c7b58c0e657750b1 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3002451 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Namyoon Woo <namyoon@chromium.org>
* cr50: add CRYPTO_TEST_SETUP descriptionMary Ruthven2021-07-081-0/+6
| | | | | | | | | | | BUG=none TEST=none Change-Id: I24314865ef591ae791e20559534ca4e40af7d46d Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3010921 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org>
* CRYPTO_TEST: fix build ap_state build issueMary Ruthven2021-07-021-0/+2
| | | | | | | | | | | BUG=none TEST=make -j BOARD=cr50 CRYPTO_TEST=1 Change-Id: Iad1c87d6ca3dfd798a6b63a0cffc087e1dd716a2 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3002450 Reviewed-by: Andrey Pronin <apronin@chromium.org> Commit-Queue: Andrey Pronin <apronin@chromium.org>
* cr50: prepare to release 0.{5,6}.40Mary Ruthven2021-07-022-2/+2
| | | | | | | | | | | BUG=b:192269002 TEST=none Change-Id: Ied092d9dd0a909aae116f440fa545ee43ec4c6ed Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3002844 Reviewed-by: Andrey Pronin <apronin@chromium.org> Commit-Queue: Andrey Pronin <apronin@chromium.org>
* cr50: add placeholder for FIPS module at fixed locationVadim Sukhomlinov2021-07-011-0/+23
| | | | | | | | | | | | | | | | | | | We compute sha256 for this block to check integrity, but don't use position independent code, so placing block closer to start of code with as much constant address as possible to prevent sudden relocations from breaking self-integrity check. BUG=b:138578318 TEST=make buildall -j Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I81289fec8ed7fc73b34e2334c45c360cdabbcd88 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2988196 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org>
* tpm_mode: make available to all boards and restore on resetsVadim Bendebury2021-06-304-41/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch removes the restriction of TPM_MODE vendor command, allowing any board's AP to disable TPM mode if required. In addition, TPM reset processing flow is being modified to always reboot the H1 in case TPM reset happens when TPM is disabled. BUG=b:191180387, b:191180208 TEST=on an Atlas device: localhost ~ # gsctool -a -f start target running protocol version 6 keyids: RO 0xaa66150f, RW 0x334f70df offsets: backup RO at 0, backup RW at 0x4000 Current versions: RO 0.0.11 RW 0.6.30 $ localhost ~ # gsctool -a -m disable TPM Mode: disabled (2) localhost ~ # gsctool -a -f start [WARNING:bus.cc(638)] Bus::SendWithReplyAndBlock took 1516ms to... Problems reading from TPM, got 10 bytes Failed to start transfer localhost ~ # reboot -- GSC reboots during device rebnoot localhost ~ # gsctool -a -f start target running protocol version 6 keyids: RO 0xaa66150f, RW 0x334f70df offsets: backup RO at 0, backup RW at 0x4000 Current versions: RO 0.0.11 RW 0.6.30 localhost ~ # reboot -- GSC does NOT reboot during device rebnoot Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: I492bd2f201f3c5c7d1cd9b228ec6ab1cdcf8fa53 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2987913 Reviewed-by: Mary Ruthven <mruthven@chromium.org>
* tpm_mode: do not proceed if nvmem commits can not be enabledVadim Bendebury2021-06-302-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | NVMEM commits are disabled for a few seconds after every TPM reset. Setting TPM mode to 'disabled' requires the commits to be enabled first, so that the NVMEM updates would be saved immediately. Re-enabling the commits must be done by the same task which disables them, i.e. the TPM task. This patch moves the invocation of 'nvmem_enable_commits()' to the main processing thread of the TPM mode vendor command handler. When invoked through TPM it will be able to properly reenable NVMEM commits. When invoked through USB it will fail if TPM reset happened less than 3 seconds ago. BUG=b:187831914 TEST=verified that when the TPM disable command is sent immediately after TPM reset over USB it is rejected with error code 11, no lockup/watchdog reset is observed. Testing the AP sending the command will be done when debugging NBR. Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: I035cd5db2c55fe5c9dd3679153bf9a2ec49210b6 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2998302 Reviewed-by: Mary Ruthven <mruthven@chromium.org>
* dcrypto: remove unused functionalityVadim Sukhomlinov2021-06-301-2/+0
| | | | | | | | | | | | | | | | | | | | | Cr50 doesn't use AES-CMAC and P256-ECIES functions. Currently these functions are not linked in as they are not used. Since we will change a build process to build crypto library separately to implement FIPS certification requirements, better to remove it from library as otherwise they will increase image size. Files are still there in case if will be needed in the future. BUG=b:134594373 TEST=make BOARD=cr50 Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I0922a5f35a85b1a2d85e6b325716ac3838c2c9cb Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2988186 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Mary Ruthven <mruthven@chromium.org>
* g: spi_controller: add the subtransaction capabilityVadim Bendebury2021-06-292-13/+52
| | | | | | | | | | | | | | | | | | | | | | It is necessary to be able to send SPI transactions with sizes exceeding the SPI controller buffer size. This can be achieved by asserting CS before sending the first batch (data block) in a transaction and deasserting CS after the last batch. Let's add a SPI controller spi_sub_transaction() API, with an additional parameter indicating when the last batch is submitted for processing. The existing spi_transaction() API becomes a wrapper which always calls spi_sub_transaction() to send a full single batch transaction. BUG=b:79492818 TEST='flashrom --flash-name' still succeeds. Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: Ia0c5114edd5caf6c6d0e22cab3bfa3c4d86ac79a Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2977964 Reviewed-by: Mary Ruthven <mruthven@chromium.org>
* cr50: use board/cr50/dcryptoMary Ruthven2021-06-285-5/+44
| | | | | | | | | | | | BUG=b:191799047 TEST=make buildall -j ; run tpmtest Change-Id: I8b743c16c4e4b8b0779eb40ba1eb0a78613930f9 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2980812 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
View Lorry Controller Status