| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The flag is being deleted, see b/234557583 and crrev.com/c/3697556.
BUG=b:234557583
TEST=none
Change-Id: Iad05e425db5b7301d83ec83af8eed9f006a02ab1
Signed-off-by: Nikolai Artemiev <nartemiev@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3697266
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the Cr50 tree there is no really output devices other than console
where base64 encoding output could be sent, and there is no use for
decoding function yet.
Add the encoding function implementation, make it possible to send
output to console by default and optionally to a passed in function.
Add test to verify proper encoding.
BUG=b:234745585
TEST='make run-base64' succeeds.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Ibc10681632bc649320d602e319e4f634b4b3a1d1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3701141
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:235079109
TEST=none
Change-Id: Ia0892309b9586737b518d9b037b083e0b3231b34
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3691319
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a format for u2fd-corp attestation to u2f_attest, and corresponding
test case in u2f_test.py
BUG=b:233147441
TEST=make buildall -j
TEST=u2f_test.py
Change-Id: I4d12345fd0531a4be091c05670215444fe38e706
Signed-off-by: Howard Yang <hcyang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3670107
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Build CR50_DEV, CRYPTO_TEST, and CRYPTO_TEST red board images in make
buildall, so make buildall will find failures in all cr50 images we use.
BUG=none
TEST=make buildall ; ls build/cr50* shows all of the new cr50
directories. The ec images in those directories have 'DBG' and 'CT'
strings in their versions.
Change-Id: I19cee37a6c9fe255d44700e3bb8d616f8b8fc875
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3628193
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Scribe code is not compiled often, it has bitrot a bit due to tool
upgrades. This patch restores the scribe build correctness.
BUG=none
TEST=scribe build does not fail any more.
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Change-Id: I335c7903258b14ff731e7c345a36194395baf5d6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3668651
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need to ensure that versions before 0.0.15 upgrade to 0.0.15 before
going to 0.0.16 or later. Otherwise, the first page of the new RW is
erased when upgrading RO and we need to rescue.
BUG=none
TEST=locally changed must have version to 0.22.0 and played around
with different versions on my brya. Worked as expected around
version 0.22.0
Change-Id: I79b41fb86c22aa37163264815faef9558370d702
Signed-off-by: Jett Rink <jettrink@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3658243
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Jett Rink <jettrink@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Jett Rink <jettrink@chromium.org>
Auto-Submit: Jett Rink <jettrink@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:232066387
TEST=none
Change-Id: Ia6e25a01c40e89d439926c0fbafe896b603691fd
Signed-off-by: Jett Rink <jettrink@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3656370
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the dump_fmap flashrom output to calculate the offset and size. All
of the information is included on one line.
BUG=none
TEST=ap_ro_hash.py -v GBB True
Change-Id: I160173caaaf540c20786e892d244ee8a941833b6
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3654254
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a range is too big, break it up into smaller blocks that GSC can
handle.
BUG=none
TEST=run `ap_ro_hash.py COREBOOT` on volteer.
Change-Id: I094c2eb725af07e21b3e249336cb7b556761b50c
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3644691
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use mp, prepvt, and tot as the bcmp input. Convert those to the correct
tpm2 and cr50 branch names.
BUG=none
TEST=./util/bcmp.sh mp ; ./util/bcmp.sh tot ; ./util/bcmp.sh prepvt ;
verify the tpm2 and cr50 branch names are correct.
Change-Id: I0d1c237fd4322a102b939a7c16f10f991bf408fb
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3615476
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:229877169
TEST=none
Change-Id: I9b1e04f5487662816401129adb593b7f1c0e259b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3628135
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On some devices the board id flags are set to lock in the phase and the
board id type isn't set until the board is finalized. RO may be changed
until the board id type is written. Change the check from
board_id_is_erased to board_id_type_is_blank, so the factory can update
the AP RO hash until the board is finalized.
This is the same check we do in sn_bits. Try to read the board id and
then check the type. In the future, we may want to consolidate.
BUG=b:230430292
TEST=manual
Clear the board id
Set the hash
python ap_ro_hash.py GBB
gsctool -aA prints the digest
Set the BID flags
gsctool -ai 0xffffffff:0x1234
Clear the hash
gsctool -aH
gsctool -aA
get hash rc: 10 AP RO hash unprogrammed
Set the hash
python ap_ro_hash.py GBB
gsctool -aA prints the digest
Clear the hash
gsctool -aH
gsctool -aA
get hash rc: 10 AP RO hash unprogrammed
Set the BID type
gsctool -ai $(cros_config / brand-code):0x1234
Verify cr50 rejects setting the hash
python ap_ro_hash.py GBB
ERROR: Cr50 returned 7 (BID programmed)
Change-Id: I440ee84b3c86e16f027a8b9dcd51ea3031171ea1
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3627808
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Print the calculated digest, so we can use it for debugging.
BUG=none
TEST=./ap_ro_hash.py -v True GBB prints a digest that matches the
digest from the trunks_send command and the one saved in cr50.
Change-Id: I686dac5248782ea68d7bab98c2554940cc0b74b3
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3624499
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:219038720
TEST=gsctool -aL
Change-Id: I1c0b417e61dcb6460345c2fcf8d43952ebbf65d3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3573469
Commit-Queue: Brian Granaghan <granaghan@google.com>
Tested-by: Brian Granaghan <granaghan@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:229877169
TEST=none
Change-Id: I492616346f21b824915fba33c66ad296507bcaf7
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3611617
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the power button input to determine if the power button is pressed.
CHECK_OUTPUT_PWRB_OUT follows CHECK_INPUT_PWRB_IN, so they should be the
same. This switches to using the RBOX input since that is what cr50
should be using.
BUG=b:175320127
TEST=press the power button. Verify powerbtn output looks good.
Change-Id: Ie7f224489505366029450c98e341f3790192d49a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3611615
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GPIO_EC_FLASH_SELECT is only used in usb_spi.c and EC_TX_CR50_RX_OUT
isn't used anywhere by cr50. These are both debug signals mainly used by
servo or ccd for flashing the EC. Disable sleep when they're asserted.
Add GPIO_SLEEP_DIS_HIGH to EC_FLASH_SELECT, so sleep is disabled when
it's set to 1.
Add GPIO_SLEEP_DIS_LOW to EC_TX_CR50_RX_OUT, so sleep is disabled when
it's set to 0.
BUG=none
TEST=gpioset EC_TX_CR50_RX_OUT and gpiset EC_FLASH_SELECT change the
gpiocfg sleepmask.
Change-Id: Ice4c0d85349eeb547644b134904f95e4a4fe375b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3605882
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add GPIO_SLEEP_DIS_LOW and GPIO_SLEEP_DIS_HIGH to disable sleep when a
gpio with one of those flags is asserted.
GPIO_SLEEP_DIS_LOW disables sleep when the signal is set to 0.
GPIO_SLEEP_DIS_HIGH disables sleep when the signal is set to 1.
This will disable all forms of sleep. The flags can be used for ccd
signals to ensure cr50 doesn't enter sleep while c2d2 or servo micro are
relying on a ccd signal to flash the device.
These flags should not be add to signals used during normal cr50
operation. They disable regular sleep regular sleep so using them will
significantly increase cr50 power consumption.
This change adds GPIO_SLEEP_DIS_HIGH to AP_FLASH_SELECT. I'll add more
signals in followup CLs.
This change also replaces SLEEP_MASK_CHARGING with SLEEP_MASK_GPIO.
Nothing was using SLEEP_MASK_CHARGING.
BUG=b:229974371
TEST=Toggle AP_FLASH_SELECT while the AP is off. Verify cr50 doesn't
enter deep sleep and the gpiocfg and sleepmask output looks ok.
> gpioset AP_FLASH_SELECT 1
> gpiocfg
GPIO0_GPIO1: read 0 drive 0
GPIO0_GPIO2: read 1 drive 1
GPIO1_GPIO0: read 0 INT_RISING
GPIO1_GPIO1: read 0 INT_HIGH
GPIO1_GPIO4: read 0 INT_FALLING
GPIO1_GPIO5: read 0 drive 1
GPIO1_GPIO7: read 0 INT_RISING
GPIO1_GPIO8: read 0 INT_FALLING
gpio sleepmask: 00001000
> sleepmask
sleep mask: 00000008
> gpioset AP_FLASH_SELECT 0
> gpiocfg
GPIO0_GPIO1: read 0 drive 0
GPIO0_GPIO2: read 0 drive 0
GPIO1_GPIO0: read 0 INT_RISING
GPIO1_GPIO1: read 0 INT_HIGH
GPIO1_GPIO4: read 0 INT_FALLING
GPIO1_GPIO5: read 0 drive 1
GPIO1_GPIO7: read 0 INT_RISING
GPIO1_GPIO8: read 0 INT_FALLING
gpio sleepmask: 00000000
> sleepmask
sleep mask: 00000000
>
Change-Id: I1de35455c5a6702635fb714b14d6791f8e5eb2ed
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3605881
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:229974371
TEST=Assert AP_FLASH_SELECT then enter and exit deep sleep on EC-EFS
board.
Change-Id: I00437076ef4881dd60dd67e511100410dd155555
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3607064
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Delay sleep to give AP_FLASH_SELECT enough time to discharge. Future CLs
will do more to ensure AP_FLASH_SELECT isn't asserted entering deep
sleep. This CL does the bare minimum to fix AP RO verification.
BUG=b:229974371
TEST=Trigger AP RO verification on Hoglin
Change-Id: Iec10c51dfe8e7df2b1bb2210c4705d90c3c89c54
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3606093
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New boards generate very short pulses on TPM_RST_L. They deassert
TPM_RST_L and then quickly reassert it. Most processing is not done in
the assert/deassert interrupts. The interrupts schedule deferred
functions to reset the TPM and set the AP state.
tpm_rst_asserted sets the AP state to debouncing and schedules
deferred_set_ap_off_data for a second later.
tpm_rst_deasserted schedules a deferred_tpm_rst_isr call ASAP.
deferred_tpm_rst_isr sets the AP state to on and cancels any pending
deferred_set_ap_off calls. If there's a short period where the AP is
off, cr50 won't enable deep sleep or disable the TPM, it'll be in the
debouncing state until the rising edge, and then the AP will be set back
to on.
The issue with short pulses is cr50 doesn't fully process
deferred_tpm_rst_isr before the tpm_rst_asserted interrupt is
triggered.
tpm_rst_deasserted is triggered which schedules deferred_tpm_rst_isr
tpm_rst_asserted is triggered which schedules deferred_set_ap_off
deferred_tpm_rst_isr is processed which sets the AP state to on and
cancels deferred_set_ap_off.
Even though tpm_rst_asserted happened after tpm_rst_deasserted cr50
process set_ap_on which cancels the pending set_ap_off call. Cr50 gets
left with the AP state on even though tpm_rst_asserted was the last
interrupt. This change adds polling to catch this state after a second,
so cr50 can enable deep sleep.
BUG=b:226680127
TEST=manual
reset the AP on hoglin. check for appoll messages
run firmware_Cr50DeviceState on hatch
comment out enabling the TPM_RST_L interrupt handlers.
verify cr50 eventually gets to the correct ap state.
Change-Id: Ib100d4019a1e65cc4c5ce699d268f65884b4f009
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3597031
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add "K" or "F" to the AP state to give more information about the device
state. K for kernel. F for Firmware.
This uses 48 bytes
BUG=b:148492097
TEST=check ccdstate output at different times during boot. Run
firmware_Cr50DeviceState
Change-Id: If2a26c39047b9ae1818eb8d6afbaafa3d1765ca5
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3597035
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Resetting the AP interferes with factory processes. Wipe the tpm,
disable AP communications, and then enable factory mode without
resetting the AP, so factory scripts can continue running and don't need
to handle a device reset.
BUG=b:229355653
TEST=manual
# "Disconnect" the battery, so cr50 can enable factory mode.
bp disconnect atboot
# Enable factory mode
gsctool -aF enable
# Verify cr50 wipes the TPM
[52.115535 tpm_reset_request(1, 1)]
[52.116683 tpm_reset_now(1)]
[52.494602 Compaction done, went from 12304 to 60 bytes]
...
[52.587989 tpm_reset_now: done]
[52.588844 TPM is erased]
# Verify the AP stayed up and the TPM is disabled
gsctool -af
Problems reading from TPM, got 10 bytes
Failed to start transfer
Change-Id: If64df4e834c8ae65de36c0ebb7ea868d558089bd
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3597032
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This flag is removed from upstream llvm.
BUG=b:229641193
TEST=CQ
Signed-off-by: Manoj Gupta <manojgupta@google.com>
Change-Id: I43d3d7b5aa2a1a3213dcd514a804235a871ee181
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3590957
Auto-Submit: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Manoj Gupta <manojgupta@chromium.org>
Tested-by: Manoj Gupta <manojgupta@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gsctool is running out of short opts. This change replaces
get_apro_boot_status to make it more flexible. We can add future ap ro
vendor commands to this arg.
Replace --get_apro_boot_status with '--apro_boot' to get the AP RO
verification status. Add '--apro_boot start' to trigger AP RO verify.
BUG=b:195693537
TEST=run 'gsctool -aB start' to trigger verification on hatch. Use
'gsctool -aB' to check the status.
Change-Id: I7c8cb73dca8309a5cf61981f7e3154dc85e4590d
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3587153
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's allow wider major version range, expanding it from 0..2 to 0..4.
BUG=b:183016758
TEST=successfully generated hashes for cr50_v3... images.
Change-Id: I8f9e8119b4a31753932065234505cd5d22df91a4
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3582971
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adding the encrypted cryptolib header to the RO created another match
for the header magic pattern of 'fd ff ff ff'.
One of the distinct properties of the fake header is filling up the
signature field with 0x53 bytes, let's use this to filter out the fake
header when looking for the RW.
BUG=b:217564005,b:228839885
TEST=successfully processed Ti50 image with HW cryptolib included.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I83e4f7ad90ba1030ec4134db00485f10dc2fcdee
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3561025
Reviewed-by: Andrew Luo <aluo@chromium.org>
Reviewed-by: Edward Hill <ecgh@chromium.org>
Commit-Queue: Edward Hill <ecgh@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 6a90601b84302253f1f2572b948ca2dce69cc17c.
Reason for revert: Currently breaking CQ
Original change's description:
> gsctool: Support flog on H1D3C.
>
> BUG=b:219038720
> TEST=gsctool -D -L
>
> Change-Id: I606d1a5958de4a94be402f6520836504f5b8c6c3
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3561468
> Reviewed-by: Jett Rink <jettrink@chromium.org>
> Reviewed-by: Mary Ruthven <mruthven@chromium.org>
> Commit-Queue: Brian Granaghan <granaghan@google.com>
> Tested-by: Brian Granaghan <granaghan@google.com>
BUG=b:228247766
Change-Id: I03eba9b17190909e475938808892ca3747376811
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3572266
Reviewed-by: Brian Granaghan <granaghan@google.com>
Tested-by: Morg <morg@chromium.org>
Owners-Override: Morg <morg@chromium.org>
Auto-Submit: Morg <morg@chromium.org>
Commit-Queue: Brian Granaghan <granaghan@google.com>
Reviewed-by: Anton Romanov <romanton@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:219038720
TEST=gsctool -D -L
Change-Id: I606d1a5958de4a94be402f6520836504f5b8c6c3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3561468
Reviewed-by: Jett Rink <jettrink@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Brian Granaghan <granaghan@google.com>
Tested-by: Brian Granaghan <granaghan@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The command to change the `atboot` wp setting should have `atboot` as
the last argument, not the second.
BUG=none
TEST=none
Change-Id: I0fff0d7dc206068d1f51bb8e890f2ccaaafb18c8
Signed-off-by: pmoy@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3561026
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit d4b3156ccadb281842b22bb3bd2ad41ab1da5c9b.
Reason for revert: new warnings/errors cause build failures b/224575372
Original change's description:
> gsctool: add support for USER_PRES vc
>
> Add support for sending and interpreting the user_pres vendor command.
>
> BUG=b:208504127
> TEST=none
>
> Change-Id: I7e20f448011ffb2a15ae352a4c1e49b72afa015d
> Signed-off-by: Mary Ruthven <mruthven@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3495864
> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Bug: b:208504127, b:224575372
Change-Id: I4a6c8813da5c4ed31ac6adcb410d6869ca7ec9ec
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3523383
Owners-Override: Brian Norris <briannorris@chromium.org>
Auto-Submit: Brian Norris <briannorris@chromium.org>
Commit-Queue: Brian Norris <briannorris@chromium.org>
Tested-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Abhishek Pandit-Subedi <abhishekpandit@google.com>
Commit-Queue: Abhishek Pandit-Subedi <abhishekpandit@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for sending and interpreting the user_pres vendor command.
BUG=b:208504127
TEST=none
Change-Id: I7e20f448011ffb2a15ae352a4c1e49b72afa015d
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3495864
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We relaxed the RW header alignment search in RO to be on the 2KB
boundary instead of 16KB. This gives us more room if RO grows. ti50
already supports this.
Also 2KB is the lowest is would every go since that is a hardware page
boundary.
BUG=b:217564005
TEST=see that gsctool can upgrade with an image that isn't align on 16KB
boundary but it aligned on 2KB boundary.
Change-Id: I0b05de6191d566a01b629d09d95f3d214282e454
Signed-off-by: Jett Rink <jettrink@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3508830
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
g2f_attestation_cert() is another function which is invoked on the TPM
command context, when virtual TPM NVMEM spaces are read.
One of the side effects of invoking of g2f_attestation_cert() is the
creation of the U2F state, if it did not exist before. In this case
the state should not be immediately committed to the NVMEM, the commit
will happen when the TPM command execution is completed.
BUG=b:199981251
TEST=running ./test/tpm_test/tpmtest.py does not trigger the 'attempt
to commit in unlocked state' message any more.
'make buildall' and 'make CRYTPO_TEST=1 BOARD=cr50' pass
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I708e8807ffd3207cc6ab84a0e380908e715f7a15
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3482487
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:222132584
TEST=none
Change-Id: I2a231373f992fdb21ae6eeb440e2e7243adbe481
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3498710
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The disable deep sleep variable is supposed to be temporary and only
apply to the next TPM_RST_L pulse. If TPM_RST_L doesn't get asserted
within 10 seconds of the disable deep sleep vendor command, it probably
means something went wrong with suspend and it was aborted. Clear
disable deep sleep after 10 seconds, so it doesn't get applied to some
other suspend.
BUG=b:222124677
TEST=manual
# Send command to disable deep sleep
trunks_send --raw 80010000000c20000000003b
> [50.252944 dis DS]
ccdstate
DS Dis: on
# Wait 10 seconds and make sure cr50 clears it
> [60.252941 DDS: clear]
# Send command to disable deep sleep
trunks_send --raw 80010000000c20000000003b
# Shutdown the device immediately.
shudown -P now
# Verify cr50 disables deep sleep
1 [24.650581 dis DS]
1/[27.364002 tpm_rst_asserted]
[28.364776 AP off]
[28.365516 Block DS]
# Wait 20 seconds. Check that cr50 doesn't clear it
> ccdstate
DS Dis: on
AP: off
..
> idle
idle action: sleep
# boot the device
10| 1 inicom2.8Minicom2.8[85.437511 deferred_tpm_rst_isr]
[85.438472 AP on]
[85.439010 set TPM wake]
[85.439594 tpm_reset_request(0, 0)]
[85.440494 tpm_reset_now(0)]
[85.443954 tpm_init]
tpm_manufactured: manufactured
[85.446109 tpm_reset_now: done]
[85.446891 DDS: clear]
# shutdown the device
# check cr50 enters deep sleep
Change-Id: I2140dbb01e8d9b21c5f5309e43efc21b636361e5
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3498704
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some boards don't use battery presence for ccd. They just have a
chassis_open signal. Update the why_denied message to add this option.
BUG=b:197974058
TEST=check ccd open denial message
Change-Id: I92254b35cc98492709ec14a26a71cecc7d273a6b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3498701
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default ccd open can be sent from the console in normal mode with
prepvt images. The open capabilities are set to Always which should
determine that open is allowed, but prepvt images completely ignore the
ccd settings. This change modifies the CCD_OPEN_PREPVT behavior to
honor the capabilities, so someone could restrict ccd open in prepvt
images with the ccd capability settings.
BUG=b:221260041
TEST=manual see bug
Change-Id: I1c3fc4f5be27a08ea9071966cc01c4b9ff20dbe5
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3498700
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The DIOA1 PINMUX definition uses a GPIO flag instead of a DIO flag. It
doesn't matter that much, because GPIO_INPUT maps to DIO_DIRECT_INPUT
which is a noop. i2cp_set_pinmux configures the DIOA1 input in existing
images. This change just modifies the flag for correctness.
BUG=b:221090807
TEST=check pinmux output on spi and i2c boards. Verify it doesn't
change.
Change-Id: I227156e5799d872da32a87a7bcab4ae638c18c08
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3495872
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a vendor command that returns the time since user_pres_l was
asserted. This is only used for testing.
Tracking user_pres_l needs to be enabled with a vendor command since
DIOM4 may not be pulled up and may be pulled down on old boards.
Enabling the vendor command survives deep sleep reset. It gets cleared
after cr50 reset.
Cr50 clears the user_pres_l status if tracking is disabled.
BUG=b:219981194,b:208504127
TEST=manual
# Verify it survives deep sleep
sudo gsctool -y enable
sudo gsctool -y
...
user pres enabled
# enter deep sleep
sudo gsctool -y
...
user pres enabled
# Verify it doesn't survive cr50 reboot
sudo gsctool -y enable
sudo gsctool -y
...
user pres enabled
cr50 > reboot
sudo gsctool -y
...
user pres disabled
# Check gsctool output after triggering DIOM4 pulse
sudo gsctool -y enable
# Trigger pulse and wait 5 seconds
sudo gsctool -y
...
user pres enabled
last press: 5064331
Change-Id: Ib37980a5cd8d3378bf718e8e32a7d4152435a816
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3495863
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Initialization with dec is supported only in C99 mode which
EC code is apparently not.
Fixes error with newer clang:
'mixing declarations and code is incompatible with standards before C99'
BUG=b:221860687
TEST=emerge chromeos-ec
Change-Id: I74c3e3aaf071ac86ad9e7b1276043efe32f1ff1b
Signed-off-by: Manoj Gupta <manojgupta@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3495869
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Manoj Gupta <manojgupta@chromium.org>
Tested-by: Manoj Gupta <manojgupta@chromium.org>
Auto-Submit: Manoj Gupta <manojgupta@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The problem is in the below chain invoked on processing TPM Clear command:
_plat__OwnerClearCallback()
u2f_gen_kek_seed()
u2f_get_state()
u2f_load_or_create_state()
write_tpm_nvmem_hidden()
NvCommit()
This chain is executed only if U2F data do not exist in the NVMEM.
The end result is write_tpm_nvmem_hidden() invoking nvmem_commit()
which removes the lock, which in turn causes the error when tmp command
processor tries to commit nvmem in the end of processing the command.
This is why the problem happens only once, after the first time U2F data
is present and the above chain is not traversed.
In the fix we avoid calling u2f_get_state() from u2f_gen_kek_seed() by
updating U2F state in memory if it is loaded and in nvmem directly.
Also discovered and fixing bug that resulted in platform owner
not being properly cleaned due incorrect error checking.
_plat__OwnerClearCallback() modified to print error status.
However, this fix doesn't address a case when tpm_test.py fails first
time on TPM2_Startup.
BUG=b:199981251
TEST=tcg tests now passes without errors from clean TPM state,
test/tpm_test/tpmtest.py passes U2F tests.
in CCD with CRYPTO_TEST=1
fips kek works after initial fw upload.
fips u2f
fips kek works with U2F state.
----------------------- Test Environment -------------------------------
Test Suite Version: 2.1a
Operating System: Linux
Processor Information: Intel(R) Core(TM) i9-10885H CPU @ 2.40GHz
TDDL Version: SocketTDDL
-------------------------- Test Object ---------------------------------
TPM Vendor: CROS
TPM Firmware Version: a77bf07 2
TPM Spec Version: 1.16
Vendor Specific Info: xCG , fTPM, ,
Tested Spec Version: 1.16
---------------------- Test Result Summary -----------------------------
Test executed on: Tue Feb 22 19:07:53 2022
Performed Tests: 248
Passed Tests: 248
Failed Tests: 0
Errors: 0
Warnings: 0
========================================================================
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I452129bd696c5207dbef22ef1489fdab924677eb
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3482484
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cr50 resets the EC when key_combo0 is pressed, so it can clear the ec
boot mode.
BUG=b:219102909
TEST=none
Change-Id: I3d024b5a16d5658cf259b5513513e7734aa62d31
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3457894
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL in case of unorderly TPM reset that doesn't also reset GSC
preserves RAM-backed values of orderly nv indices.
BUG=b:201101365
TEST=1) create an orderly counter
2) increment it
3) trigger EC reset
4) verify that the counter value was preserved
Cq-Depend: chromium:3417937
Change-Id: I799183ad06584055d025c2acf5f83ff2ded32d39
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3418122
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Boards like zork can reset cr50 with pch_disable, but don't have the
cr50_reset_odl overlay in their hdctools overlay. Add support for trying
to use that control to reset cr50. Allow people to use that signal if
they want. Worst case is it won't reset cr50.
BUG=none
TEST=./util/flash_cr50.py -i $IMG -p 9999 -c cr50-rescue -r pch_disable
Change-Id: I0843fc6d93bedaa32f491389badc7f1836e3402d
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3465528
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Commit-Queue: Aseda Aboagye <aaboagye@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: I329192d5b4d383d72b90bc90c46589b156f5391b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3456709
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a logical error, so cr50 will save the ccd config after setting the
password.
BUG=b:219075883
TEST=see comment#4 from the bug
Change-Id: I2e389c90c9ffe49dc340846258569835ca867ffb
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3457942
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reject VENDOR_CMD_FROM_ALT_IF commands everywhere VENDOR_CMD_FROM_USB
commands are rejected. ccd_config generates ALT_IF tpm commands from the
'ccd' console command. Treat these the same as VENDOR_CMD_FROM_USB
commands. Reject setting the ccd password and ccd open from the console
unless usb commands are allowed.
BUG=b:219075883
TEST=run firmware_Cr50Open.ccd_open_restricted and firmware_Cr50Password
grep for VENDOR_CMD_FROM_USB in platform/cr50 to make sure all flags
checks have been updated.
Change-Id: I69590a55d14745fd14d813b0adfa555ec40f0229
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3456708
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. ECDSA pair-wise consistency test failure wasn't updating FIPS status.
Added new failure bit FIPS_FATAL_ECDSA_PWCT.
2. ECDSA KAT was only simulating error in verify, but not in sign.
Split 'fips ecdsa' into 'fips ecver' and 'fips ecsign'.
3. Added a way to introduce self-integrity error by not updating FIPS
module digest with 'FIPS_BREAK=1' during build.
4. Added reporting of FIPS module digest.
BUG=b:134594373
TEST=make CRYPTO_TEST=1;
in ccd test:
fips pwct; tpm_test.py should fail; fips should print error.
-
fips ecver; fips test reports ECDSA error
fips ecsign; fips test reports ECDSA error
-
FIPS module digest is printed
-
FIPS_BREAK=1 make CRYPTO_TEST=1 produce build with zero digest
reporint FIPS self-integrity error.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ib0a92c118f07a76e4b52eaf9b011ff4f73a02c61
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3425998
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|