| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Due to large share of devices with slow TRNG increase timeout cycles
from 0x7ff to 0xfff.
2. Increase total reset attempts from 16 to 32.
2. Log number of resets.
BUG=b:211648605
TEST=make CRYPTO_TEST=1
Change-Id: Ib0f9472d6f84c39cd7576f374ab482e522a39809
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4380143
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Increase timeout from 700ms to 1000ms as we saw some timeouts of
unknown origin.
2. INT_STATE wasn't collected for timeouts, change when we get it.
3. Add address of function to log so we can identify source of failure.
BUG=b:273935442
TEST=make CRYPTO_TEST=1; tpm_test
Change-Id: Ifbb1ea5d52662a71d944baa9a7a189224529d85e
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4380209
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:274512057
TEST=none
Change-Id: Ia619b34d6ca5fec997f62b4d96d14b2d9bc5b020
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4409342
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This also renames the file to have the correct spelling.
go/ti50-fw-releases should be updated to match once this lands.
BUG=b:273367615
TEST=None
Change-Id: Ic330e83ef54494cf5b2e35ed23fcdd6e6497c0cc
Signed-off-by: Alyssa Haroldsen <kupiakos@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4404429
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The pairing secret (Pk) used for biometrics PinWeaver protocol needs to
be cleared during TPM clear.
BUG=b:262040869
TEST=(with depended CL) pinweaver_client biometrics_selftest
Cq-Depend: chromium:4337481
Change-Id: Ie07869f75aea64a7950d04693722b74c11a913ca
Signed-off-by: Howard Yang <hcyang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4344442
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit f4b79570b7b423cce8431ebdd2deae102db7a91b.
Reason for revert: This breaks the CQ b/277089899
Original change's description:
> gsctool: Add command to get or set factory config.
>
> Add '--factory_config' command to get the factory config if not optarg
> is provided and set it if one is provided.
>
> BUG=b:275356839
> TEST=localhost ~ # gsctool -a --factory_config
> EEDDCCBBAA998877
> Failed because already set:
> localhost ~ # gsctool -a --factory_config 001122334455667788
> Factory config failed. (7)
>
> Successful set:
> localhost ~ # gsctool -a --factory_config
> 0
> localhost ~ # gsctool -a --factory_config 001122334455667788
> localhost ~ # gsctool -a --factory_config
> 1122334455667788
>
> Change-Id: I69c3c6a9c5540d39d2a9fc02fc3702174229a77d
> Signed-off-by: Brian Granaghan <granaghan@google.com>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4400915
> Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Bug: b:275356839
Change-Id: I9217cffe68808c2191d796f16864a9289b928f21
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4400343
Reviewed-by: Aaron Massey <aaronmassey@google.com>
Tested-by: Aaron Massey <aaronmassey@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add '--factory_config' command to get the factory config if not optarg
is provided and set it if one is provided.
BUG=b:275356839
TEST=localhost ~ # gsctool -a --factory_config
EEDDCCBBAA998877
Failed because already set:
localhost ~ # gsctool -a --factory_config 001122334455667788
Factory config failed. (7)
Successful set:
localhost ~ # gsctool -a --factory_config
0
localhost ~ # gsctool -a --factory_config 001122334455667788
localhost ~ # gsctool -a --factory_config
1122334455667788
Change-Id: I69c3c6a9c5540d39d2a9fc02fc3702174229a77d
Signed-off-by: Brian Granaghan <granaghan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4400915
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add '-l' command to fetch GSC console logs and print them to stdsout.
BUG=b:268396021
TEST=localhost ~ # gsctool -aDl
Valid CCD config found
CCD_MODE: deasserted
AP RO verification result: setting unprovisioned
PLT_RST_L DEASSERTED
WARNING: with `AllowUnverifiedRo` disabled EC will be kept in reset in
future Ti50 versions
Unverified AP RO allowed
ERROR: failed to retrieve key ladder state, setting to dev
libtpm initialized
Deferring NV write.
Deferring NV write.
Servo: debouncing -> disconnected
Starting erase
Change-Id: I59db7ebba0517d89900f31451b0d919712d2c564
Signed-off-by: Brian Granaghan <granaghan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4266190
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a reland of commit ed10ce4730d37a4ae7eab60ad70257720399f289
Original change's description:
> cr50: Use platform/pinweaver
>
> Toggle the CONFIG_PLATFORM_PINWEAVER build flag, to build pinweaver with
> the platform/pinweaver implementation instead of the cr50
> implementation.
>
> BUG=b:262040869
> TEST=make board=cr50 -j
> TEST=(DUT) Use cryptohome CLI to create a user with a PIN.
> TEST=(DUT) Make 2 fail attempts on that PIN.
> TEST=(DUT) Update cr50 to the image including this CL.
> TEST=(DUT) Test leaf properties are correct: 3 more fail attempts locks
> the PIN, password auth resets the PIN, then PIN authentication succeeds.
> TEST=tast run $DUT hwsec.PINWeaver*
>
> Cq-Depend: chromium:4307211
> Change-Id: I6e52566ca8ee68bb0ee71d30538fb6b8cbc4f67d
> Signed-off-by: Mary Ruthven <mruthven@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311235
> Tested-by: Howard Yang <hcyang@google.com>
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Commit-Queue: Howard Yang <hcyang@google.com>
Bug: b:262040869
Cq-Depend: chromium:4354785
Change-Id: Ibb7ad2c1f752f7ed8678465f5b3901536314d466
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4349272
Tested-by: Howard Yang <hcyang@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Howard Yang <hcyang@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Until ti50 repo becomes public, we want to at least make the release
notes public. Copy all release notes from private repo to public one.
BUG=b:274094827
TEST=rendered correctly
Change-Id: I2f1291449defd4dc6d336853a16a7187d3d68325
Signed-off-by: Jett Rink <jettrink@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4356016
Tested-by: Jett Rink <jettrink@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Auto-Submit: Jett Rink <jettrink@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before this fix, update_pcr was inserting an extra byte at the start
of the updated value.
BUG=b:273331256
TEST=see BUG
Change-Id: Idb648ff7f999c48f93bd7dfe9a207ecd48fa53d5
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4351200
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit ed10ce4730d37a4ae7eab60ad70257720399f289.
Reason for revert: Causes building chromeos-cr50-dev to fail
Original change's description:
> cr50: Use platform/pinweaver
>
> Toggle the CONFIG_PLATFORM_PINWEAVER build flag, to build pinweaver with
> the platform/pinweaver implementation instead of the cr50
> implementation.
>
> BUG=b:262040869
> TEST=make board=cr50 -j
> TEST=(DUT) Use cryptohome CLI to create a user with a PIN.
> TEST=(DUT) Make 2 fail attempts on that PIN.
> TEST=(DUT) Update cr50 to the image including this CL.
> TEST=(DUT) Test leaf properties are correct: 3 more fail attempts locks
> the PIN, password auth resets the PIN, then PIN authentication succeeds.
> TEST=tast run $DUT hwsec.PINWeaver*
>
> Cq-Depend: chromium:4307211
> Change-Id: I6e52566ca8ee68bb0ee71d30538fb6b8cbc4f67d
> Signed-off-by: Mary Ruthven <mruthven@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311235
> Tested-by: Howard Yang <hcyang@google.com>
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Commit-Queue: Howard Yang <hcyang@google.com>
Bug: b:262040869
Change-Id: Ib60f090c50b1e34635ce2e1f3537f7eb0c95490e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4348103
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Matt Vertescher <mvertescher@google.com>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
Auto-Submit: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the definition for UINT64_MAX which is used in v2 PinWeaver code,
and toggle the BIOMETRICS_DEV flag to increase PinWeaver version to 2.
BUG=b:262040869
TEST=make buildall -j
TEST=tast run $DUT hwsec.PINWeaver*
Cq-Depend: chromium:4337476
Change-Id: I54642a098bbe697e461d636a416ed5512c8ae528
Signed-off-by: Howard Yang <hcyang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4337180
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Toggle the CONFIG_PLATFORM_PINWEAVER build flag, to build pinweaver with
the platform/pinweaver implementation instead of the cr50
implementation.
BUG=b:262040869
TEST=make board=cr50 -j
TEST=(DUT) Use cryptohome CLI to create a user with a PIN.
TEST=(DUT) Make 2 fail attempts on that PIN.
TEST=(DUT) Update cr50 to the image including this CL.
TEST=(DUT) Test leaf properties are correct: 3 more fail attempts locks
the PIN, password auth resets the PIN, then PIN authentication succeeds.
TEST=tast run $DUT hwsec.PINWeaver*
Cq-Depend: chromium:4307211
Change-Id: I6e52566ca8ee68bb0ee71d30538fb6b8cbc4f67d
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311235
Tested-by: Howard Yang <hcyang@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Howard Yang <hcyang@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add CONFIG_PLATFORM_PINWEAVER build flag, and support for building
platform/pinweaver.
BUG=b:262040869
TEST=make board=cr50 -j
Change-Id: I993051af60ab4163c37726eac87bd98a8b60fc69
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311234
Tested-by: Howard Yang <hcyang@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Howard Yang <hcyang@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename the headers so they will not collide with platform/pinweaver
headers with the same names.
BUG=b:262040869
TEST=make -j BOARD=cr50
Cq-Depend: chromium:4337377
Change-Id: Iee9f44c4fcb6ab0a01faec5886f07b84c271d1fc
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311233
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Howard Yang <hcyang@google.com>
Commit-Queue: Howard Yang <hcyang@google.com>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:273510573
TEST=gsctool -b dbg.bin
Change-Id: I3de2687491add2d63532e028d3d62a318ce6d13a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4342809
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:273334049
TEST=none
Change-Id: Id04168d7f24e81dfe7618b3ee916927991077166
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4336837
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:272827066
TEST=none
Change-Id: If98811f65df739a54f62419b7f245918dd5d7259
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4330878
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is impractical to use GSC images smaller than one flash page size,
let's not accept them for downloading.
BUG=b:272058012
TEST=get the following error trying to transfer a corrupted image:
Image at offset 0x4000 too short (1024 bytes)
Change-Id: Ia80e8ceaf6a5848e194000acf51824189f157ba1
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4317923
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add -x <num> or --clog <num> command to fetch the crash log associated
with num and dump the raw output stdout.
BUG=b:265310865
TEST=gsctool -a -x 2
00000000000000000df0ad0b000000000000000000000000000000000200...
58a609000000000000000000000000000df0ad0b00000000440000000000...
000000000000000024440c00000000000000000001000000480000006801...
65720000000000009400000001000000010000008800000072763569a271...
00000018b8e20100000000000100000002000000000000000d0000000000...
.
.
.
Change-Id: I10fa3c19c31c18f1007bcc161e7ff8d2ac9e6e6c
Signed-off-by: Brian Granaghan <granaghan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4257728
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Headers smaller than flash page are not valid, let's not accept them
durinf firmware updates.
BUG=b:272058500
TEST=using dd corrupted an existing image header size field to be set
to 0x400, and tried to download the image using gsctool and
observed the expected error message on the Cr50 console:
fw_upgrade_command_handler:505 image at 4000 too small
and in the host terminal:
Error: status 0xb
Change-Id: I27b0bbd6a1204b20bd2d0ac1ce88082ed911d339
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4316741
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DBG images are running low on space. This change removes some of the
more rarely used console commands. It saves 2352 bytes.
This disables sleepmask, timerinfo, i2cxfer, history, and i2cscan in
DBG images. If someone needs to reenable them for a build, they can
comment out the undefs.
BUG=none
TEST=make buildall -j
Change-Id: I40115d6e2769fae4e489eb926778c38c94b66cd3
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4307437
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:269537147
TEST=none
Change-Id: I64defabc471a0107ebb3c06082a23855dbd14121
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4292311
Auto-Submit: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL allows kernel & firmware antirollback spaces update only in certain
board states by adding the appropriate checks to _plat__NvUpdateAllowed().
BUG=b:270243270
TEST=set specific PCR0 values using https://crrev.com/c/2494503,
verify that can update antirollback for normal/dev/recovery values,
cannot update for recovery+dev value only when block_devmode is set.
Change-Id: I979e3e07a877bf5604e99184c9b60eaaa1abf6b4
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4290246
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Auto-Submit: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If gsctool is compiled more strictly, these uninitialized variables
cause errors. Set the pointers to empty string like other char*
variables.
BUG=none
TEST=make all for gsctool compiles without errors in a more strict
setting
Change-Id: Id65d51bcc5b81451f4235650c2cf8042986d5197
Signed-off-by: Jett Rink <jettrink@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4290237
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Auto-Submit: Jett Rink <jettrink@chromium.org>
Tested-by: Jett Rink <jettrink@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Jett Rink <jettrink@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add nice strings for two new AP RO verification status codes.
Also make the unknown value match what is specified in ti50 (255)
BUG=none
TEST=make gsctool builds
Change-Id: I26399640dd2cc73d7f463f38e49e5234024c24fb
Signed-off-by: Jett Rink <jettrink@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4237256
Tested-by: Jett Rink <jettrink@chromium.org>
Commit-Queue: Jett Rink <jettrink@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Auto-Submit: Jett Rink <jettrink@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to incorrect flags for TPM2 objects U2F secrets were not fully
zeroized (however were overwritten with new owner). Doesn't affect G2F.
BUG=b:268382629
TEST=make CRYPTO_TEST=1 U2F_TEST=1
fips del
fips old
fips u2f # prints old keys
u2f_test # all tests passed
fips del
fips new
fips u2f # print new key size
u2f_test # all tests passed
fips del
fips u2f # prints 0 sizes for u2f secrets
Change-Id: I2549dd5fd20937170c9b8d87363d90b138fdc4dc
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4269450
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:269537147
TEST=none
Change-Id: Ic214e5f8b1424221d3b6d5aa8d08178cd722ab57
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4258271
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:260531154
BRANCH=none
TEST=none
Change-Id: I9e9cb4aadb7b59d7d1f64847d3e4852ca15f5b9e
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4160818
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Peter Marheine <pmarheine@chromium.org>
Code-Coverage: Zoss <zoss-cl-coverage@prod.google.com>
Commit-Queue: Peter Marheine <pmarheine@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Evan Benn <evanbenn@chromium.org>
(cherry picked from commit 611a9ab148c8a56dbdbc4e2844a74fcbe63b0457)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4253167
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL allows FWMP update only in certain board states by adding
the appropriate checks to _plat__NvUpdateAllowed().
BUG=b:267674073
TEST=set specific PCR0 values using https://crrev.com/c/2494503,
verify that can update FWMP for normal/dev/recovery values,
cannot update for recovery+dev value.
Change-Id: Ie8999cf762cb36ddb0a155e1f241da3103c6af37
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4241653
Tested-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL adds a trivial (always returns TRUE) callback to check
if platform allows TPM2 stack to update (modify or delete) a
specific nvmem index.
BUG=b:267674073
TEST=build
Change-Id: Iba51e15771de1350083a950041562070d813a1b5
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4241651
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL adds get_tpm_pcr_value() for reading current PCR values.
BUG=b:267674073
TEST=build
Cq-Depend: chromium:4242409
Change-Id: I632cb13a3f44130f29b72cc4c22ea97a692ffad8
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4241650
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adjust error codes to distinguish different places in key generation.
BUG=b:262324344
TEST=TCG tests
Change-Id: I33ef8b772821ad43cf8af1b33b6b49143eb24aef
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4199163
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mention that only certain reset types would trigger rescue attempts.
BUG=None
TEST=None
Change-Id: I6c8b7d331f5491cd8561e168e6a3e4531dcd15cf
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4194953
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This flag is set for logs that occur between a cold boot and AP
settings the base time. These logs will start with previous_timestamp+1
and have 1<<64 set to denote that the actual base time was unknown.
BUG=b:260779816
TEST=gsctool -a -L --dauntless with and without the unreliable timestamp
change in firmware
Change-Id: Iff87e7ca12c72b79a7b939967f266461a672ca66
Signed-off-by: Brian Granaghan <granaghan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4143817
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:264704727
TEST=./firmware_builder.py --metrics /dev/null build
dry tun CQ
Change-Id: I51f8a9a7dcb5385aa3e76dffdcf80e356dd8cc86
Signed-off-by: Brian Granaghan <granaghan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4143815
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 658729d9e338f6a970e46e69dc4c638d8ac7ccae.
Reason for revert: Breaks CQ builds. See http://b/264704727
Original change's description:
> gsctool: Add timestamp unreliable flag for dauntless.
>
> This flag is set for logs that occur between a cold boot and AP
> settings the base time. These logs will start with previous_timestamp+1
> and have 1<<64 set to denote that the actual base time was unknown.
>
> BUG=b:260779816
> TEST=gsctool -a -L --dauntless with and without the unreliable timestamp
> change in firmware
>
> Signed-off-by: Brian Granaghan <granaghan@google.com>
> Change-Id: Iac279a948c7f34ede711c3c334ec1410b34f040c
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4112943
> Reviewed-by: Edward Hill <ecgh@chromium.org>
> Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Bug: b:260779816
Change-Id: I9a497cc9e0f996182f7f18f93646b963d9cf5e31
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4144680
Tested-by: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Brian Granaghan <granaghan@google.com>
Owners-Override: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Edward Hill <ecgh@chromium.org>
Commit-Queue: Brian Granaghan <granaghan@google.com>
Auto-Submit: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Edward Hill <ecgh@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This flag is set for logs that occur between a cold boot and AP
settings the base time. These logs will start with previous_timestamp+1
and have 1<<64 set to denote that the actual base time was unknown.
BUG=b:260779816
TEST=gsctool -a -L --dauntless with and without the unreliable timestamp
change in firmware
Signed-off-by: Brian Granaghan <granaghan@google.com>
Change-Id: Iac279a948c7f34ede711c3c334ec1410b34f040c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4112943
Reviewed-by: Edward Hill <ecgh@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To help with AP RO verification testing, it would be convenient to
expose a `gsctool` command rather than point users at a cryptic
`trunks_send --raw` command. This patch adds a new `--reboot` flag
with an optional reset timeout parameter in milliseconds that sends the
TPMV reset immediate message to the GSC.
BUG=b:261857287
TEST=Ran the new command against the latest Ti50
```
$ gsctool -D --reboot
...
$ gsctool -D --reboot 1000
...
$ gsctool -D --reboot 1001
Error 1 sending immediate reset command
```
Signed-off-by: Matt Vertescher <mvertescher@google.com>
Change-Id: I5c101f37579e37b5ee7dc9241b6fbff07cff6947
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4114560
Reviewed-by: Jett Rink <jettrink@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:257997543
TEST=none
Change-Id: I117f12872c91135ab7902b9e63ce5af5f79e7f15
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4103620
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: I55e7afbd9e5121f5e274723b55251fa24cd1e80a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4083154
Reviewed-by: Andrew Luo <aluo@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Labstation images don't have cros_build_lib, so flash_cr50 can't run on
them. Replace cros_build_lib, so flash_cr50 can run on labstations.
BUG=none
TEST=run on labstation
Change-Id: I6cab324952ef1b2f4a87b22ebd55f5a9cbaf7798
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4083152
Reviewed-by: Andrew Luo <aluo@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for using brescue to update gsc over uart. Ti50 images have
a different format, so the rw_hex support flash_cr50.py support doesn't
work. brescue already has support for ti50 images. Use that instead of
replicating the brescue logic.
BUG=b:260764993
TEST=./util/flash_cr50.py -r pch_disable -p 9999 -i
/opt/google/cr50/firmware/cr50.bin.prod -c brescue
Change-Id: Iec4ada15bb5a7913ab0e476a6ffe4f4334ed4d9f
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4083151
Reviewed-by: Andrew Luo <aluo@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some change in ChromeOS chroot caused different defaults, so cc-name
switched from `gcc` to `clang` in compiler autodetection for host
target, but never was set to `gcc` by board/chip/core.
Adding setting `cc-name:=gcc` for core/cortex-m/build.mk to use specific
toolchain.
BUG=b:260904818
TEST=make buildall -j
Change-Id: Ic0b8ffade9fa4d82bd265add8b7906be7d98f7c1
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4071387
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:257997543
TEST=none
Change-Id: I9b76a48f6b67ed2b5b6a95d24bfe2f742b799344
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4066235
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a board can't read ap flash reliably, then it won't be able to find
the fmap. Print a message, so it's easier to tell what's happening.
BUG=none
TEST=none
Change-Id: I6bdc1a4a927090e427b9c84b63b87aff4e8e4e1c
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4068960
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If usb_spi_sha256_update returns something other than EC_SUCCESS, fail
verification.
BUG=b:260878795
TEST=add a delay to make spi_hash timeout. Verify cr50 fails
verification.
Change-Id: I4ba750748eb131046828f642b9736ed62a781789
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4066233
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Boards with large RO regions may take more than a minute to go through
every AP RO verification factory flag. Increase the timeout to 10
minutes. No boards should take that long to run verification.
BUG=b:236844541,b:260878795
TEST=run firmware_GSCAPROV1Trigger on zork
Change-Id: I94110b33acee746bb319c4829e627d7b511306e6
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4066234
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is necessary to allow the user to set certain capabilities using
gsctool. Which exactly capabilities can be set and to which values is
determined by the policies enforced by the chip, gsctool should
provide a generic way of setting any existing capability to any legal
value.
The 'AllowUnverifiedRo' capability stands out, because it might
require the operator's physical presence confirmation, similar to the
'ccd open' case.
A new vendor subcommand is being added to pass desired capability and
value to Ti50, as three byte payload the version, the capability and
the value. Version and value are mapped by Ti50 into the appropriate
enums.
All available capability names can be seen in the output of 'gsctool
-D -I', the accepted values are 'Default', 'IfOpened', and 'Always'.
The new functionality is achieved by allowing the 'I' command line
option to accept an optional argument, a string in the form of
'<capability name>:<desired value>', where both parts of the string
can be abbreviated and will be accepted case insensitive unless the
abbreviation is ambiguous.
Since this option is supported only by Ti50, gsctool will enforce the
default Ti50 USB device ID when running this command over USB and in
case of errors will remind the user that the setting capabilities is
not supported on Cr50.
BUG=b:257253538
TEST=tried running the command on Ti50 implementing support of the new
vendor subcommand.
# Attempt to set when CCD is locked
$ gsctool -D -I | grep State
State: Locked
$ gsctool -I UartGscRxAPTx:always
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Got error 7(NotAllowed)
# Attempt to set to the current value when CCD is open
$ gsctool -D -I | grep State
State: Opened
$ gsctool -I UartGscRxAPTx:always
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
# attempt to use ambiguous capability name
$ gsctool -I UartGscRx:always
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Ambiguous capability name
# Attempt to use incorrect value abbreviation
$ gsctool -I UartGscRxAPTx:x
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Unsupported capability value
# Various attempts to set AllowUnverifiedRo. Transitions from
# default -> ifOpened -> Always require PP, transitions in the
# opposite direction do not.
$ gsctool -I allow:d
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
$ gsctool -I allow:if
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Another press will be required!
Press PP button now!
Press PP button now!
Press PP button now!
Press PP button now!
Press PP button now!
Press PP button now!
Press PP button now!
PP Done!
$ gsctool -I allow:a
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Another press will be required!
Press PP button now!
Press PP button now!
Press PP button now!
Press PP button now!
Press PP button now!
Press PP button now!
PP Done!
$ gsctool -I allow:d
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
$
- also validated that misformatted capability/value combinations are
rejected as expected:
$ gsctool -I xyz:
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Misformatted capability parameter: xyz:
$ gsctool -I :xyz
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Misformatted capability parameter: :xyz
$ gsctool -I xyz
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Misformatted capability parameter: xyz
$ gsctool -I x:yz
finding_device 18d1:504a
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Unknown capability name
- tried setting capabilities when running on Brya, observed expected
error messages.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I803440501d0e3af3c2a645b52b42970b54695701
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4010705
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|