| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add invocation of power-up known-answer tests (KATs) on power-on
and after failures, while avoiding power-up tests on wake from sleep.
Added console & vendor commands to report FIPS status, run tests,
simulate errors.
BUG=b:138577539
TEST=manual; check console
fips on, fips test, fips sha, fips trng
will add tpmtest for vendor command
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I58790d0637fda683c4b6187ba091edf08757f8ee
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2262055
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many source files over time started to respect 'bool' and 'size_t'
types for better code readability. However, these types are defined
in stdbool.h and stddef.h headers, so each time they were used
there was a need to include them. util.h included both, and one option
was to use it, but it conflicts with TPM2 library on definition MAX/MIN
BUG=none
TEST=make buildall -j
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ia0aca578e901c60aeafee5278471c228194d36bf
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2258540
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement board-local configuraration of FIPS 140-2/3 policy as
complementary to FWMP policy. This is intended mostly for lab
testing and dogfooding, when FWMP policy is not feasible.
board_fips_enforced() returns status of FIPS from FWMP and NVRAM
and caches state to avoid expensive operations later.
BUG=b:138577491
TEST=manual, make buildall -j
Actual test command to be added in upcoming CLs
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I8fa651e56e6e76a87bbc4dd911e7a8c0546e7e0f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2247112
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch closes the AP RO verification loop on the Cr50 side.
If the check is triggered, the valid AP hash is found, and the RO
contents is found to not match the hash, the Cr50 will
- assert the EC reset;
- set a flag to prevent the code from deasserting EC reset;
- start a periodic hook to reassert EC reset in case the user hits
power+refresh.
This will prevent the Chrome OS device from booting.
A new CLI command is being added to display the verification state. In
developer images the new command would allow to clear the failure
state, when running prod images the only way out of the failure state
would be the powercycle.
BUG=b:153764696
TEST=verified that erasing or programming AP RO hash when board ID is
set is impossible.
Verified proper shutdown in case AP RO has is present and the AP
RO space is corrupted and recovery using the new cli command when
running a dev image.
Verified that 'ecrst off' properly reports the override.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I1029114126a9a79f80385af7bc8d5467738e04ca
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2218676
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SQA images won't be built anymore. This change removes the SQA support.
It deletes all SQA ifdefs and replaces CR50_RELAXED with CR50_DEV.
BUG=b:158011401
TEST=manual
build regular image and check eraselfashinfo and rollback aren't
included.
build image with CR50_SQA=1 and check it's no different than the
regular image.
build DBG image and make sure it still starts open, it has the
eraseflashinfo and rollback commands, and it can flash old cr50
images.
Change-Id: I5e94c88b1903cfcf0eee0081fc871e55fc8586c7
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2227149
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch assigns the bit offset 0 in TPM_BOARD_CFG register to
indicate the status of INT_AP_L extension. The bit 1 means INT_AP_L
pulse extension is activated, and 0 means it is not.
BUG=b:148691139
TEST=tested on atlas and on careena.
1. Checked the default TPM_BOARD_CFG (PWRDN_SCRATCH21) value was zero
and the INT_AP_L assertion duration was 4~10 microseconds.
> md 0x400000f4 1 // memory dump on GC_PMU_PWRDN_SCRATCH21
400000F4: 0x00000000
2. Attempted to change the board configuration (with a hacked UART
command.). The register value was unchanged.
> brdcfg 0x01
TPM_BOARD_CFG = 0x00000000
> md 0x400000f4 1
400000F4: 0x00000000
3. Forced to write the board configuration with a hacked UART command.
The register value was changed.
> brdcfg 0x01 force
TPM_BOARD_CFG = 0x80000001
> md 0x400000f4 1
400000F4: 0x80000001
4. Checked the INT_AP_L assertion duration extended to 110
microseconds or longer.
5. After cr50 deep sleep, checked the pulse duration was still
extended.
- turned AP off.
- disconnected Suzy-Qable.
- waited three seconds
- connected Suzy-Qable, and checked the reset cause was 'hibernate
rbox'.
> md 0x400000f4 1
400000F4: 0x8000001
6. With 100 usec long INT_AP pulse, checked trunks_cliend
regression_test, stress_test and ext_command_test runs good.
Checked dmesg and found no TPM errors through all tests.
(ap) $ trunks_client --regression_test
(ap) $ trunks_client --stress_test
(ap) $ trunks_client --ext_command_test
7.checked no character loss during uart_stress_tester.
(chroot) $ uart_stress_tester.py -c -t 600 /dev/ttyUSB2 /dev/ttyUSB1
8. the shortest duration of INT_AP_L assertion and deassertion
observed in logic analyzer were 110 usec and 152 usec.
9. measured the depthcharge exit timestamp and cr50 flash time with
or without INT_AP pulse extended to 100 usec, on atlas and helios:
-----------------+-------------------+------------------
| atlas | helios
-----------------+-------------------+------------------
boot (sec) | 1.398 -> 1.402 | 1.004 -> 1.011
cr50 flash (sec) | 10.800 -> 14.609 | 16.024 -> 16.466
-----------------+-------------------+------------------
Signed-off-by: Namyoon Woo <namyoon@google.com>
Change-Id: I2b9f9defb63cf05f9d91b741ccb4b49c4c6bc8e2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2202839
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the TPM vendor-defined register, TPM_BOARD_CFG,
which indicates the board configuration status. This register is
attributed as one-time-programmable and the value is maintained
across deep sleeps. Cr50 allows a write on this register right after
a cr50 reset until it receives a TPM2_PCR_Extend command.
BUG=b:148691139
TEST=none
Signed-off-by: Namyoon Woo <namyoon@google.com>
Change-Id: I89ae5a53c15990ef78812aec5da81a59f04d7d98
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2202838
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a feature to extend each level of GPIO_INT_AP_L at
least for 100 microseconds. The assertion (low GPIO_INT_AP_L)
duration might be shorter only if AP asserts a SPS CS before
INT_AP_L deassertion, because it means means AP recognized
GPIO_INT_AP_L assertion already.
This patch increases the flash usage by 280 bytes.
BUG=b:148691139
TEST=None
Signed-off-by: Namyoon Woo <namyoon@google.com>
Change-Id: Ie74b236bc5352e9fc21fe600c12946e50955160a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2114430
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch flips on the switch for the AP RO verification
implementation.
BUG=b:153764696
TEST=generated AP integrity verification data using the ap_ro_hash.py
script and then ran the verification procedure, observing the
'hash match' message on the Cr50 console.
Also verified that the Open Box RMA procedure still succeeds.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I15f19aefcb11a055e66994e33976b98ce6fdf099
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2220829
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch moves ec_comm.c and ec_efs.c from board/cr50 to common/,
so that they can be shared with other board configuration (like host).
This is to build unittest for those files.
BUG=none
BRANCH=cr50
TEST=make buildall -j
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Change-Id: I67ac313054ebe4604848a176f0a42e3483957e74
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2094076
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- add ec_efs, which tracks the system boot mode.
- add ec_comm.h header file for EC-EFS related functions.
- revised vboot.h header file.
BUG=b:141143112
BRANCH=cr50
TEST=none
Change-Id: Iec1bf466b832bac5ad6be8a52304c1d699a38fb2
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2055363
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the board supports EC-CR50 communication, Cr50 enables both
rising/falling-edge triggered interrupt on DIOB3 pin and makes
it wakable as well.Cr50 connects GPIO_AP_FLASH_SELECT to DIOB4.
If the board does not support EC-CR50 communication, Cr50 connects
GPIO_AP_FLASH_SELECT to DIOB3.
If EC puts high on DIOB3 to activate EC-CR50 communication, CR50
enables UART_EC RX and TX.
BUG=chromium:1035706
BRANCH=cr50
TEST=none
Change-Id: I1221a1a19219274622ab710568ce7c66ab2f1da7
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1989581
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL add a board property indicating EC-CR50 communication
support. The target boards are Volteer,Dedede,Puff, and Zork.
It shall be detected if the H1 strap configuration value is
either 0x0E or 0xE0.
BUG=b:146567516, chromium:1027660
BRANCH=cr50
TEST=Flashed AP firmware through CCD on Grunt, Octopus, Scarlet
and Atlas.
This is the captured console log:
--- UART initialized after reboot ---
...
strap pin readings: a1:2 a9:2 a6:0 a12:0
[0.005886 Valid strap: 0xa properties: 0x41]
> brdprop
properties = 0x1141
> brdprop
properties = 0x201141
> pinmux
...
400600b0: DIOB2 2 IN GPIO0_GPIO1
400600b8: DIOB3 3 IN GPIO0_GPIO2
400600c0: DIOB4 0 IN PD
...
40060100: GPIO0_GPIO2 7 DIOB3
...
40060120: GPIO0_GPIO10 6 DIOB4
Flashed AP firmware on a reworked board with 1M ohm on DIOA1 and
5k ohm on DIOA9.
This is the captured console log:
--- UART initialized after reboot ---
...
strap pin readings: a1:2 a9:3 a6:0 a12:0
[0.005886 Valid strap: 0xe properties: 0x200041]
> brdprop
properties = 0x201141
> pinmux
...
400600b0: DIOB2 2 IN GPIO0_GPIO1
400600c0: DIOB4 3 IN PD GPIO0_GPIO2
...
40060100: GPIO0_GPIO2 6 DIOB4
...
40060120: GPIO0_GPIO10 6 DIOB4
Change-Id: If60765190a385a0e728177911b1ec738c6a00d99
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1979612
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is no need to keep the code supporting chip factory mode in
Chrome OS production branches, this code is never used outside of the
chip factory environment.
BRANCH=cr50, cr50-mp
BUG=none
TEST=built an image, verified that an Atlas device boots up into the
previously created Chrome OS account.
Change-Id: If72635b014d15ef6e97fbc4fd5b54b61ec23299a
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1994369
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It takes 14.5 ms to decrypt two 12K flash spaces into SRAM, then
calculate their hash to see if either one is is a valid NVMEM
space.
There is no need for this check when the 'other' Cr50 image is newer
than {3,4}.18.
BRANCH=Cr50, Cr50-mp
BUG=b:132665283
TEST=with added instrumentation verified that in case the other slot
is occupied by 0.0.22 image, the check takes 14.5 ms, when the
other slot is occupied by 0.4.23 image the check takes 8 us.
Change-Id: I0414ca3d7e90d343589a21e91319f35479632eff
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1967543
Reviewed-by: Keith Short <keithshort@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added definition of FWMP_DEV_FIPS_MODE matching same definition in vboot.
Support function board_fwmp_fips_mode_enabled() introduced to read
it's status. It's not currently used, but will be consumed by
FIPS code.
BUG=b:138577491
BRANCH=cr50
TEST=make BOARD=cr50
Change-Id: Iebf672cfebfeb18ae62892097fbf1fa30a770338
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1950813
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
(cherry picked from commit bf8241699ba35984887e3f1a71d29ea1e92b21fe)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1954340
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new RW dev key does not follow the existing convention of bit 0x4
set in prod Key ID and unset in dev key ID.
The suggested approach is to check values of some key manager
registers to determine if the device is running in fully configured
prod mode or not.
BRANCH=cr50, cr50-mp
BUG=b:144455990
TEST=tried running this patch on a node locked image:
> sysinfo
...
RO keyid: 0xaa66150f
RW keyid: 0x334f70df
...
Key Ladder: dev
Change-Id: I73088ce44a8b8bf8e11a0d240d07152b49a3225b
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1915504
Reviewed-by: Andrey Pronin <apronin@chromium.org>
(cherry picked from commit 74237689eb277bf1fe0e682cb256825508fa511f)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1954338
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No code depending on this define is relevant for Cr50, it was added to
this board file by mistake.
BRANCH=cr50, cr50-mp
BUG=none
TEST=size of the generated Cr50 image remains the same before and
after this patch.
Change-Id: I31d5bffdc9b5109f1d4bb929dea66834a3bfa660
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1925681
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Counter implementation has been moved to the AP, no need to keep space
for it in the flash.
BUG=b:65253310
BRANCH=cr50, cr50-mp
TEST=generated image uses 2048 bytes less than before this patch.
Change-Id: I8225e9923932ce06ca0a4333c06508cf7d7c70d8
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1753677
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces CONFIG_USB_CONSOLE_STREAM, which implements
usb-console with usb-stream configuration, intending to remove
code redundancy between the previous implementation (usb_console.c)
and usb_stream.c.
Flash usage decreases by 224 bytes, and RAM usage by 40 bytes.
BUG=b:138447451
BRANCH=cr50
TEST=Checked cr50 USB console and cr50 UART console respectively.
Key-in response and output are working well:
./util/uart_stress_tester.py /dev/ttyUSB0 -t 300 --debug
Change-Id: I305038e1db83dc49bb12a8afdbfcc2a8135d50f5
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1741302
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is not always possible to rely on PMU for resetting the I2CS
controller. Most of the AP firmware versions deploy the 'I2C unwedge'
cycle when coming out of reset, but not all of them, this is why Cr50
needs to be able to recover on its own in case there was a crash and
the I2C bus was left mid transaction with the H1 holding down the SDA
line.
A GPIO is dedicated to monitor the I2CS_SDA line during reset. If the
line is kept low, it could be a sign of a 'wedged' controller. The g
I2CS FSM will reset any time the I2C 'stop' condition is detected.
The create the 'stop' condition the I2C_SCL input is disconnected from
the bus and connected to an internal GPIO, then I2C_SCL level is set
to 'high' and register inverting the I2C_SDA value is toggled, which
looks like a transition from zero to one to the controller. thus
creating the 'stop' condition.
BRANCH=cr50, cr50-mp
BUG=b:135772657
TEST=the test was ran on a Pyro device, which uses I2C for
communication with H1 and which AP firmware does not deploy the
'I2C unwedge' cycle.
Test instrumentation involved setting a Chrome OS startup file
such that once booted, the AP starts continuously polling TPM for
value of an NVMEM index, creating I2C traffic. The host
workstation sends the 'apreset cold' command to the EC within a
few seconds of Chrome OS coming up.
First run a special Cr50 image which is not resetting I2CS using
PMU on TPM restarts, is was not trying to unwedge the stuck I2C
bus. On five experiments, it takes on average 32 reboots for
until I2C bus is locked up and the DUT falls into recovery.
Then loaded the Cr50 image with this patch and ran the test
again, it survived for 150 cycles without a problem.
Change-Id: Iffec33f97557e3acfd1cd5fb76ba158f8c23b608
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1730143
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This counter was only used by the legacy U2F
implementation, which is no longer required.
This change deletes the code for the counter,
but does not update the flash config to make use
of the pages previously occupied by the counter.
Since this code is already unused, and therefore
already dropped from built firmware images, this
change does not have any impact on image size.
A follow up change can alter the flash config
to reclaim and repurpose the 2KB per partition
previously used by the counter.
BRANCH=none
BUG=b:138459918
TEST=make buildall -j
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Change-Id: I18892e1eb0224b96caa531293403b0b02f28a32b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1748848
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ran the following command:
git grep -l 'Copyright (c)' | \
xargs sed -i 's/Copyright (c)/Copyright/g'
BRANCH=none
BUG=none
TEST=make buildall -j
Change-Id: I6cc4a0f7e8b30d5b5f97d53c031c299f3e164ca7
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1663262
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TPM disable function requires support from the AP firmware side,
only certain Chrome OS devices provide this support.
This patch adds a board property for this capability and enables it
for the Wilco family of boards.
BRANCH=cr50, cr50-mp
BUG=b:133189891
TEST=verified that Wilco still could be taken through diagnostics mode
back to normal while maintaining the user account.
Change-Id: I18174820937500c9b72335f2031c346815b95079
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1636675
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:132310780
TEST=flash to soraka, check new seed is generated, repeated when:
- no flash space left to write an additional var
- previous seed does not exist
revert to old build and check old seed is gone
BRANCH=none
Change-Id: I7ada1a00becae41bda8ef56b0d4dcc5f9b59fd71
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1610389
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cr50 may enter deep sleep while wiping the TPM. This change adds a sleep
delay before opening ccd.
BUG=b:130646257
BRANCH=cr50
TEST=manual
dut-control cold_reset:on
run ccd open
make sure ccd is open even after entering deep sleep
Change-Id: Id44b608702b664621bd2441f62a03ba6428135cf
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1585606
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We were clearing the tpm in two different ways. There was one
implementation in factory_mode.c and one in wp.c. This change merges the
two, so there's only one board_wipe_tpm.
While modifying the wipe tpm code from factory_mode.c I noticed the
factory_enable_failed stuff is maybe a bit more complicated than
necessary. I opened a bug for cleaning that up(b/129956462). It wont be
addressed in this change.
BUG=none
BRANCH=none
TEST=Run the processes that wipe the tpm
open ccd.
enable factory mode from vendor command.
run rma open process
Change-Id: Ia76df19f7d9e4f308f3f1a7175f130f1ef7249a2
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1535156
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch eliminates unnecessary legacy nvmem.c and nvmem_vars.c code
and brings the code base to the state where the new NVMEM layout is
fully functional.
BRANCH=cr50, cr50-mp
BUG=b:69907320, b:129710256
CQ-DEPEND=CL:1450278
TEST=the following tests pass:
- test cases in ./test/nvmem.c
- TCG suite (passes on par with the existing Cr50 code with the
reduced code footprint TPM2 library)
- Chrome OS device migrates from legacy to new implementation with
user account maintained.
- Chrome OS user account is maintained over AP and H1 reboots and
deep sleep cycles.
Change-Id: If4bc2dd125873a79dbe0e268eb32100a8b8b352d
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1496607
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=b:112778363
BRANCH=cr50
TEST=ran test_that suite:faft_cr50_prepvt on coral.
Change-Id: I1b3c573ee5fcb40290541f231c78bf31650c13c4
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1410482
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
BRANCH=cr50
TEST=make buildall -j
Change-Id: Ic95e75cbfaa15103d83c78dcb9efd5b985f2f190
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1542799
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The existing SYS_RST_L implementation enables the output on SYS_RST_L
before setting the level to 0, which results in cr50 briefly driving
SYS_RST_L high when SYS_RST_L is asserted. This patch switches SYS_RST_L
to a pseudo open drain mode, which eliminates the pulse.
The internal pull up on SYS_RST_L is not being removed, so the H1 will
still pull this line up when SYS_RST_L output is set to 1. Removing the
pull up will require careful analysis of existing designs, and if safe
will be done in a different patch.
BUG=b:117676461
BRANCH=cr50
TEST=assert/deassert sys_rst_l and check that 'sysrst' shows the correct
state. Verify this works on cheza which only pulls SYS_RST_L up to 1.8V
even though VDDIOM is 3.3V.
Change-Id: I50c9569e70c97cec434df3095f1b109f3248076b
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1282020
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Early proto boards may not have the servo detection setup correctly.
This change adds a method to work around this issue, so people can use
the consoles even if cr50 thinks servo is connected.
BUG=b:119690767
BRANCH=cr50
TEST=Use 'ccdblock ignore_servo enable' on cheza EVT verify ec uart
becomes read write. Make sure uart becomes read only after 'ccdblock
ignore_servo disable'.
Change-Id: I9cf04b742bec166b1cf6f0b90d5fe41346769ea7
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1341162
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With upcoming Cr50 changes which might trigger occasional reboots, it
is better to keep the Cr50 log in the newly introduced flash log space
as opposed to the circular log in SRAM.
There is no need to log TPM resent events, as this is not something
worth tracking in a flash log.
Enabling flash log facility adds 624 bytes to the prod Cr50 image and
1420 bytes to the DBG Cr50 image.
BRANCH=cr50, cr50-mp
BUG=b:63760920
TEST=with modified code observed saving of FE_TPM_I2C_ERROR event.
Change-Id: Id6779de887dac20ce6c1091c8b1571ae900623fd
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1525145
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Devices in the lab need to be switched from prepvt to pvt flags. This
change adds a build flag for CR50_SQA. Images built with CR50_SQA have
more capabilities than normal cr50 images, but less than CR50_DEV
images.
SQA images can access the rollback command, updates including
downgrading to images with lower version numbers and mismatched board id
will not be rejected, and the 'bid force_pvt' console command can be
used to set the bid flags to 0. bid force_pvt does not erase flashinfo.
After the board id has been set, we can still change 1 bits to 0, so we
don't need to eraseflashinfo to change the board id flags to 0. This
makes the command a bit safer, because the board id RLZ can't be changed
just the flags. Changing the flags to 0 works for the test team, because
it prevents cr50 from updating to prepvt.
This change also marks rollback as a safe command. CR50_SQA images
aren't automatically open, so if rollback isn't safe, they will have to
go through the open process to change to pvt. Rollback is only included
in DEV and SQA images, so it's ok if it's marked safe. It's understood
these images aren't supposed to be used on regular devices. They're just
for special development and test environments.
NEW PROCESS FOR SQA:
- update to sqa image
- run 'bid force_pvt'
- flash pvt image
- run rollback
BRANCH=cr50
BUG=b:126618143
TEST=run sqa process
Change-Id: Ia713274830c9e19cdb3ccafa87849c160d667683
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1529834
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Keith Short <keithshort@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mistral also uses the ina pins as gpios. Add a board property for no ina
support. Use that instead of the closed source set board property for
the usb_i2c_enable code.
BUG=b:124949444
BRANCH=cr50
TEST=flash on mistral. Make sure EN_PP3300_INA_L isn't asserted when ccd
is enabled.
Change-Id: If06a65bc4a1ef7b374a44fc53d65ea5daed336df
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1480711
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Keith Short <keithshort@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a function that asserts EC_RST_L until TPM_RST_L gets asserted.
Disable sleep using SLEEP_MASK_AP_RUN while waiting for the AP reset.
Disable tpm communications using tpm_stop until the AP is reset.
BUG=b:123544145
BRANCH=cr50
TEST=run 'ecrst cl' on mistral, scarlet, and soraka. Make sure the
sleepmask is cleared correctly and the TPM works after the reset is
complete.
Change-Id: I5971b45b7a69fd24887a7c22ee7984972b7828ae
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1444411
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Keith Short <keithshort@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ap_state machine as is is pretty hard to modify as it's implemented
now. The state machine has to have certain states set at certain points
to handle AP detection properly and it is very slow to detect AP off. It
takes a second and it will only detect AP off if TPM_RST_L stays
asserted for 1 second. This change modifies ap_state.c to use interrupts
instead of polling, so it can detect when the AP is off immediately and
wont miss any resets. This is required for the new closed loop reset
feature. Cr50 has to be able to detect all AP resets and it can't take 1
second for cr50 to determine the AP is off.
We used polling because we had to use APTX_CR50RX to detect AP state for
a while. The UART level changes a lot. Processing all of the interrupts
really impacted CCD uart, so we couldn't use interrupts to detect the
state. We had to poll. AP UART isn't used to detect AP state anymore on
any platforms, so it's ok to switch to interrupts now.
APTX_CR50RX is still used for ap uart detection in ap_uart_state.c. This
change doesn't modify that at all.
BUG=b:123544145
BRANCH=cr50
TEST=Make sure suspend and reboot stress tests still work on a bob and a
soraka. Check that Cr50 detects the AP state correctly.
Change-Id: I80eb97aecffe460b7857e66e7204a55b72c9dd47
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1446999
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tpm2 library still can not be compiled with LTO enabled, as it results
in untraceable .bss segment, which in turn makes it impossible to
separate .bss segment of the Tpm2 library into a contiguous memory
section.
As presented, enabling LTO on Cr50 saves 4372 bytes of flash space.
BRANCH=cr50, cr50-mp
BUG=b:65253310
TEST=after the entire stack was applied Cr50 builds successfully with
CONFIG_LTO enabled, and passes TCG test suite.
Change-Id: I4ea02634898166be765bb0986186eb4ecdadd511
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1411543
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:123544145
BRANCH=cr50
TEST=none
Change-Id: If9b12685f7f70f0653d137bbfa15f6a6232343e0
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1443868
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drives OEM specific GPIOs to enable and disable factory mode to a closed
source EC.
BUG=b:118683718
BRANCH=none
TEST=make buildall. Verified GPIO states with scope in both factory mode
enable and disable conditions. Verified GPIO states are reapplied
correctly after reboot, deep sleep, and power cycle.
Change-Id: I9bc547504478fded5f95c515027e1da0f245d524
Signed-off-by: Keith Short <keithshort@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1358733
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch enables support of ITE EC programming by Cr50. ITE EC sync
sequence generator implementation is being added to the image, I2C RX
and TX queue sizes are increased to be able to accommodate messages
sent during programming session.
Board level callback function is provided to request ITE SYNC sequence
generation on the next boot, and to reset the H1 with a 10 ms delay,
necessary for CCD host USB communications to quiesce.
Board startup code is modified to when requested invoke function
generating ITE SYNC sequence early in the boot before jitter
configuration is locked.
BRANCH=cr50, cr50-mp
BUG=b:75976718
TEST=with the rest of the patches applied verified that it is possible
to disable and re-enable clock jitter at run time.
Change-Id: I88367b200ceb5b62613f96061d565faa56f4d75a
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1263898
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of tying together CONFIG_WP_ALWAYS and RDP protection,
separate the options.
BRANCH=nocturne
BUG=b:111330723
TEST=make buildall -j
Change-Id: I905b573a900ef4dd0431666c525c951582143e09
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1222093
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allocates 16 bytes of INFO1 space, in the 'board' section, and
after the current Board ID data, to store the serial number
data for use by zero-touch enrollment.
Adds a console command to read / set this data.
Adds TPM vendor commands to set initial sn data, and update it
during RMA.
CQ-DEPEND=CL:*657450
BUG=b:111195266
TEST=tested locally on soraka
BRANCH=none
Change-Id: I752aefad9654742b7719156202f29d635d2306df
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1127574
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It complements crrev.com/c/1137434 in the way EC Reset got released.
Instead of time-basis, it shall be released when the power button
is released.
The desired sequence of actions is:
0. (optional) Have a CR50 console and EC console connected to terminals.
1. Do a shutdown.
2. Press the power button and keep it pressed.
3. Plug a SuzyQ cable.
4. CR50 console shall be connected back, but not EC console.
5. Release the power button at any proper time, so that EC can restart.
To keep EC from resetting, do "ecrst true" in CR50 console right after
Step 4. It will invalidate Step 5.
BRANCH=cr50
BUG=b:37351386
TEST=manually on Duts, Bob (Chrombook) and Sion (chromebox).
(A) hard-reset
A-1. Binary Download + Hold power button => no delay in EC reset.
(B) Wake from hibernation
B-1. (EC console) hibernate
B-2. unplug all cables
B-3. hold "POWER BUTTON" + plug SuzyQ cable => no delay in EC reset.
(C) Power-on reset
C-1. "REFRESH" + "POWER BUTTON" + unplug power cable.
C-2. unplug SuzyQ cable
C-3. plug SuzyQ cable => no delay in EC reset.
(D) Power-on reset
D-1. "REFRESH" + "POWER BUTTON" + unplug power cable.
D-2. unplug SuzyQ cable
D-3. hold "POWER BUTTON" + plug SuzyQ cable. => EC reset gets held.
D-4. release "POWER BUTTON" ==> EC gets reset.
(E) Power-on reset + explicit "ec_rst true"
E-1. "REFRESH" + "POWER BUTTON" + unplug power cable.
E-2. unplug SuzyQ cable
E-3. hold "POWER BUTTON" + plug SuzyQ cable. => EC reset gets held.
E-4. (CR50 console) ecrst true
E-5. release "POWER BUTTON" ==> EC reset still gets held.
(F) Power-on reset + explicit "ec_rst false"
F-1. "REFRESH" + "POWER BUTTON" + unplug power cable.
F-2. unplug SuzyQ cable
F-3. hold "POWER BUTTON" + plug SuzyQ cable. => EC reset gets held.
F-4. (CR50 console) ecrst false => EC gets reset.
F-5. release "POWER BUTTON" ==> Nothing happens.
(common) Press "POWER BUTTON" again, and check CR50 doesn't have any
more "POWER BUTTON" release events.
Changes to be committed:
modified: board/cr50/board.c
modified: board/cr50/board.h
modified: board/cr50/power_button.c
modified: chip/g/rbox.c
Change-Id: Ic39c9ce7849fa3187e1d277320adf671f857d18d
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1192691
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enable running ccd open from the console. Do not require dev mode to run
the command.
PREPVT ONLY. DO NOT MERGE INTO MP.
BUG=b:112861587
BRANCH=cr50-prePVT
TEST='ccd open' can be run on the console, and it doesn't require dev
mode.
Change-Id: Ie666d3bdf56a525deb7764bbcd03676174745cd3
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1188928
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enable rbox wakeups before entering any form of sleep. Disable them
immediately on resume. Without rbox wakeups enabled during normal
operation, we don't need to worry about clearing them after every rbox
interrupt. In TOT we missed clearing the power button rbox wakeup. This
was causing cr50 to wake up immediately after entering regular sleep. It
caused a ton of pmu interrupts and prevented cr50 from staying asleep.
With this change cr50 enters enters sleep and deep sleep normally. It
only resumes when there's a real wakeup.
BUG=none
BRANCH=cr50
TEST=verify power button can still wake cr50 from sleep and deep sleep.
Run firmware_Cr50DeviceState with TOT
Change-Id: I56bf81c19a6e32750dc9d21be7f27188635dd662
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1180572
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Turn on CONFIG_DCRYPTO_RSA_SPEEDUP for cr50.
Speeds up RSA2048 keygen by ~40%.
Adds 2192 bytes to the code size.
BRANCH=cr50
BUG=b:68167013
TEST=boot, login, run "trunks_client --key_create --rsa=2048 --usage=sign
--key_blob=/tmp/1.key --print_time" to measure time.
Change-Id: I647b17a7e16c4a74b6e55717c75fb44f332b2a54
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1159164
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
P256 key provisioning is complete, let's move RMA unlock to p256, this
frees up 5328 bytes in the flash.
BRANCH=cr50, cr50-mp
BUG=b:73296606
TEST=verified that dev key is properly accepted by the server, prod
key will be tested when prod image is signed.
Change-Id: I7d86bb2b793c32181f47f5354ad9db603aa49881
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1095535
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We're doing a bit of refactoring to break out factory mode into its own
file. Now factory reset and rma reset will be two methods of entering
factory mode. Factory mode can be disabled with the disable_factory
vendor command.
Factory mode means all ccd capabilities are set to Always and WP is
permanently disabled. When factory mode is disabled, all capabilities
are reset to Default and WP is reset to follow battery presence.
This adds 56 bytes.
BUG=none
BRANCH=cr50
TEST=verify rma reset will enable factory mode.
Change-Id: I21c6f7b4341e3a18e213e438bbd17c67739b85fa
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1069789
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using the p256 curve is beneficial, because RMA feature is currently
the only user of the x25519 curve in Cr50, whereas p256 support is
required by other subsystems and its implementation is based on
dcrypto.
The p256 public key is 65 bytes in size, appropriate adjustments are
being made for the structure storing the server public key and the key
ID.
The compact representation of the p256 public key requires 33 bytes,
including the X coordinate and one extra byte used to communicate if
the omitted Y coordinate is odd or even.
The challenge structure communicated to the RMA server allows exactly
32 bytes for the public key. To comply, the generated ephemeral public
key is used in compressed form (only the X coordinate is used).
For the server to properly uncompress the public key one extra bit is
required, to indicate if the original key's Y coordinate is odd or
even. Since there is no room for the extra bit in the challenge
structure, a convention is used where the generated ephemeral public
key is guaranteed to have an odd Y coordinate.
When generating the ephemeral key, the Y coordinate is checked, and if
it is even, generation attempt is repeated.
Some clean up is also included: even with debug enabled, generated
challenge is displayed only once as a long string, convenient for
copying and pasting.
The new feature is not yet enabled, p256 support on the RMA server
side is not yet available.
Enabling p256 curve for RMA authentication saves 5336 bytes of the
flash space.
BRANCH=cr50, cr50-mp
BUG=b:73296606
TEST=enabled CONFIG_RMA_AUTH_USE_P256 in board.h, generated challenge
and verified matching auth code generated by the rma_reset
utility.
Change-Id: I857543c89a7c33c6fc2dc00e142fe9fa6fc642cf
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1074743
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
