| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes cr50 related files from platform/ec.
BUG=b:149350081
BRANCH=none
TEST=$ make buildall -j
$ cros_workon --host list
chromeos-base/chromeos-cr50-dev
chromeos-base/chromeos-ec
chromeos-base/chromeos-ec-headers
chromeos-base/ec-devutils
chromeos-base/ec-utils
chromeos-base/ec-utils-test
dev-util/hdctools
$ sudo emerge chromeos-cr50-dev -j
$ sudo emerge chromeos-ec -j
$ sudo emerge chromeos-ec-headers -j
$ sudo emerge ec-devutils -j
$ sudo emerge ec-utils -j
$ sudo emerge ec-utils-test -j
$ sudo emerge hdctools -j
$ cros_workon-octopus list
chromeos-base/chromeos-ec
chromeos-base/chromeos-ec-headers
chromeos-base/ec-devutils
chromeos-base/ec-utils
chromeos-base/ec-utils-test
dev-util/hdctools
$ sudo emerge-octopus chromeos-ec -j
$ sudo emerge-octopus chromeos-ec-headers -j
$ sudo emerge-octopus ec-devutils -j
$ sudo emerge-octopus ec-utils -j
$ sudo emerge-octopus ec-utils-test -j
$ sudo emerge-octopus hdctools -j
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Change-Id: Ifa3a037fff17177204ce1a9b88474490fb9be3ed
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2083659
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Denis Brockus <dbrockus@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added definition of FWMP_DEV_FIPS_MODE matching same definition in vboot.
Support function board_fwmp_fips_mode_enabled() introduced to read
it's status. It's not currently used, but will be consumed by
FIPS code.
BUG=b:138577491
BRANCH=cr50
TEST=make BOARD=cr50
Change-Id: Iebf672cfebfeb18ae62892097fbf1fa30a770338
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1950813
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new RW dev key does not follow the existing convention of bit 0x4
set in prod Key ID and unset in dev key ID.
The suggested approach is to check values of some key manager
registers to determine if the device is running in fully configured
prod mode or not.
BRANCH=cr50, cr50-mp
BUG=b:144455990
TEST=tried running this patch on a node locked image:
> sysinfo
...
RO keyid: 0xaa66150f
RW keyid: 0x334f70df
...
Key Ladder: dev
Change-Id: I73088ce44a8b8bf8e11a0d240d07152b49a3225b
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1915504
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No code depending on this define is relevant for Cr50, it was added to
this board file by mistake.
BRANCH=cr50, cr50-mp
BUG=none
TEST=size of the generated Cr50 image remains the same before and
after this patch.
Change-Id: I31d5bffdc9b5109f1d4bb929dea66834a3bfa660
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1925681
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Counter implementation has been moved to the AP, no need to keep space
for it in the flash.
BUG=b:65253310
BRANCH=cr50, cr50-mp
TEST=generated image uses 2048 bytes less than before this patch.
Change-Id: I8225e9923932ce06ca0a4333c06508cf7d7c70d8
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1753677
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces CONFIG_USB_CONSOLE_STREAM, which implements
usb-console with usb-stream configuration, intending to remove
code redundancy between the previous implementation (usb_console.c)
and usb_stream.c.
Flash usage decreases by 224 bytes, and RAM usage by 40 bytes.
BUG=b:138447451
BRANCH=cr50
TEST=Checked cr50 USB console and cr50 UART console respectively.
Key-in response and output are working well:
./util/uart_stress_tester.py /dev/ttyUSB0 -t 300 --debug
Change-Id: I305038e1db83dc49bb12a8afdbfcc2a8135d50f5
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1741302
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is not always possible to rely on PMU for resetting the I2CS
controller. Most of the AP firmware versions deploy the 'I2C unwedge'
cycle when coming out of reset, but not all of them, this is why Cr50
needs to be able to recover on its own in case there was a crash and
the I2C bus was left mid transaction with the H1 holding down the SDA
line.
A GPIO is dedicated to monitor the I2CS_SDA line during reset. If the
line is kept low, it could be a sign of a 'wedged' controller. The g
I2CS FSM will reset any time the I2C 'stop' condition is detected.
The create the 'stop' condition the I2C_SCL input is disconnected from
the bus and connected to an internal GPIO, then I2C_SCL level is set
to 'high' and register inverting the I2C_SDA value is toggled, which
looks like a transition from zero to one to the controller. thus
creating the 'stop' condition.
BRANCH=cr50, cr50-mp
BUG=b:135772657
TEST=the test was ran on a Pyro device, which uses I2C for
communication with H1 and which AP firmware does not deploy the
'I2C unwedge' cycle.
Test instrumentation involved setting a Chrome OS startup file
such that once booted, the AP starts continuously polling TPM for
value of an NVMEM index, creating I2C traffic. The host
workstation sends the 'apreset cold' command to the EC within a
few seconds of Chrome OS coming up.
First run a special Cr50 image which is not resetting I2CS using
PMU on TPM restarts, is was not trying to unwedge the stuck I2C
bus. On five experiments, it takes on average 32 reboots for
until I2C bus is locked up and the DUT falls into recovery.
Then loaded the Cr50 image with this patch and ran the test
again, it survived for 150 cycles without a problem.
Change-Id: Iffec33f97557e3acfd1cd5fb76ba158f8c23b608
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1730143
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This counter was only used by the legacy U2F
implementation, which is no longer required.
This change deletes the code for the counter,
but does not update the flash config to make use
of the pages previously occupied by the counter.
Since this code is already unused, and therefore
already dropped from built firmware images, this
change does not have any impact on image size.
A follow up change can alter the flash config
to reclaim and repurpose the 2KB per partition
previously used by the counter.
BRANCH=none
BUG=b:138459918
TEST=make buildall -j
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Change-Id: I18892e1eb0224b96caa531293403b0b02f28a32b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1748848
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ran the following command:
git grep -l 'Copyright (c)' | \
xargs sed -i 's/Copyright (c)/Copyright/g'
BRANCH=none
BUG=none
TEST=make buildall -j
Change-Id: I6cc4a0f7e8b30d5b5f97d53c031c299f3e164ca7
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1663262
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TPM disable function requires support from the AP firmware side,
only certain Chrome OS devices provide this support.
This patch adds a board property for this capability and enables it
for the Wilco family of boards.
BRANCH=cr50, cr50-mp
BUG=b:133189891
TEST=verified that Wilco still could be taken through diagnostics mode
back to normal while maintaining the user account.
Change-Id: I18174820937500c9b72335f2031c346815b95079
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1636675
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:132310780
TEST=flash to soraka, check new seed is generated, repeated when:
- no flash space left to write an additional var
- previous seed does not exist
revert to old build and check old seed is gone
BRANCH=none
Change-Id: I7ada1a00becae41bda8ef56b0d4dcc5f9b59fd71
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1610389
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cr50 may enter deep sleep while wiping the TPM. This change adds a sleep
delay before opening ccd.
BUG=b:130646257
BRANCH=cr50
TEST=manual
dut-control cold_reset:on
run ccd open
make sure ccd is open even after entering deep sleep
Change-Id: Id44b608702b664621bd2441f62a03ba6428135cf
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1585606
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We were clearing the tpm in two different ways. There was one
implementation in factory_mode.c and one in wp.c. This change merges the
two, so there's only one board_wipe_tpm.
While modifying the wipe tpm code from factory_mode.c I noticed the
factory_enable_failed stuff is maybe a bit more complicated than
necessary. I opened a bug for cleaning that up(b/129956462). It wont be
addressed in this change.
BUG=none
BRANCH=none
TEST=Run the processes that wipe the tpm
open ccd.
enable factory mode from vendor command.
run rma open process
Change-Id: Ia76df19f7d9e4f308f3f1a7175f130f1ef7249a2
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1535156
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch eliminates unnecessary legacy nvmem.c and nvmem_vars.c code
and brings the code base to the state where the new NVMEM layout is
fully functional.
BRANCH=cr50, cr50-mp
BUG=b:69907320, b:129710256
CQ-DEPEND=CL:1450278
TEST=the following tests pass:
- test cases in ./test/nvmem.c
- TCG suite (passes on par with the existing Cr50 code with the
reduced code footprint TPM2 library)
- Chrome OS device migrates from legacy to new implementation with
user account maintained.
- Chrome OS user account is maintained over AP and H1 reboots and
deep sleep cycles.
Change-Id: If4bc2dd125873a79dbe0e268eb32100a8b8b352d
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1496607
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=b:112778363
BRANCH=cr50
TEST=ran test_that suite:faft_cr50_prepvt on coral.
Change-Id: I1b3c573ee5fcb40290541f231c78bf31650c13c4
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1410482
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
BRANCH=cr50
TEST=make buildall -j
Change-Id: Ic95e75cbfaa15103d83c78dcb9efd5b985f2f190
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1542799
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The existing SYS_RST_L implementation enables the output on SYS_RST_L
before setting the level to 0, which results in cr50 briefly driving
SYS_RST_L high when SYS_RST_L is asserted. This patch switches SYS_RST_L
to a pseudo open drain mode, which eliminates the pulse.
The internal pull up on SYS_RST_L is not being removed, so the H1 will
still pull this line up when SYS_RST_L output is set to 1. Removing the
pull up will require careful analysis of existing designs, and if safe
will be done in a different patch.
BUG=b:117676461
BRANCH=cr50
TEST=assert/deassert sys_rst_l and check that 'sysrst' shows the correct
state. Verify this works on cheza which only pulls SYS_RST_L up to 1.8V
even though VDDIOM is 3.3V.
Change-Id: I50c9569e70c97cec434df3095f1b109f3248076b
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1282020
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Early proto boards may not have the servo detection setup correctly.
This change adds a method to work around this issue, so people can use
the consoles even if cr50 thinks servo is connected.
BUG=b:119690767
BRANCH=cr50
TEST=Use 'ccdblock ignore_servo enable' on cheza EVT verify ec uart
becomes read write. Make sure uart becomes read only after 'ccdblock
ignore_servo disable'.
Change-Id: I9cf04b742bec166b1cf6f0b90d5fe41346769ea7
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1341162
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With upcoming Cr50 changes which might trigger occasional reboots, it
is better to keep the Cr50 log in the newly introduced flash log space
as opposed to the circular log in SRAM.
There is no need to log TPM resent events, as this is not something
worth tracking in a flash log.
Enabling flash log facility adds 624 bytes to the prod Cr50 image and
1420 bytes to the DBG Cr50 image.
BRANCH=cr50, cr50-mp
BUG=b:63760920
TEST=with modified code observed saving of FE_TPM_I2C_ERROR event.
Change-Id: Id6779de887dac20ce6c1091c8b1571ae900623fd
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1525145
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Devices in the lab need to be switched from prepvt to pvt flags. This
change adds a build flag for CR50_SQA. Images built with CR50_SQA have
more capabilities than normal cr50 images, but less than CR50_DEV
images.
SQA images can access the rollback command, updates including
downgrading to images with lower version numbers and mismatched board id
will not be rejected, and the 'bid force_pvt' console command can be
used to set the bid flags to 0. bid force_pvt does not erase flashinfo.
After the board id has been set, we can still change 1 bits to 0, so we
don't need to eraseflashinfo to change the board id flags to 0. This
makes the command a bit safer, because the board id RLZ can't be changed
just the flags. Changing the flags to 0 works for the test team, because
it prevents cr50 from updating to prepvt.
This change also marks rollback as a safe command. CR50_SQA images
aren't automatically open, so if rollback isn't safe, they will have to
go through the open process to change to pvt. Rollback is only included
in DEV and SQA images, so it's ok if it's marked safe. It's understood
these images aren't supposed to be used on regular devices. They're just
for special development and test environments.
NEW PROCESS FOR SQA:
- update to sqa image
- run 'bid force_pvt'
- flash pvt image
- run rollback
BRANCH=cr50
BUG=b:126618143
TEST=run sqa process
Change-Id: Ia713274830c9e19cdb3ccafa87849c160d667683
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1529834
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Keith Short <keithshort@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mistral also uses the ina pins as gpios. Add a board property for no ina
support. Use that instead of the closed source set board property for
the usb_i2c_enable code.
BUG=b:124949444
BRANCH=cr50
TEST=flash on mistral. Make sure EN_PP3300_INA_L isn't asserted when ccd
is enabled.
Change-Id: If06a65bc4a1ef7b374a44fc53d65ea5daed336df
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1480711
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Keith Short <keithshort@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a function that asserts EC_RST_L until TPM_RST_L gets asserted.
Disable sleep using SLEEP_MASK_AP_RUN while waiting for the AP reset.
Disable tpm communications using tpm_stop until the AP is reset.
BUG=b:123544145
BRANCH=cr50
TEST=run 'ecrst cl' on mistral, scarlet, and soraka. Make sure the
sleepmask is cleared correctly and the TPM works after the reset is
complete.
Change-Id: I5971b45b7a69fd24887a7c22ee7984972b7828ae
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1444411
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Keith Short <keithshort@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ap_state machine as is is pretty hard to modify as it's implemented
now. The state machine has to have certain states set at certain points
to handle AP detection properly and it is very slow to detect AP off. It
takes a second and it will only detect AP off if TPM_RST_L stays
asserted for 1 second. This change modifies ap_state.c to use interrupts
instead of polling, so it can detect when the AP is off immediately and
wont miss any resets. This is required for the new closed loop reset
feature. Cr50 has to be able to detect all AP resets and it can't take 1
second for cr50 to determine the AP is off.
We used polling because we had to use APTX_CR50RX to detect AP state for
a while. The UART level changes a lot. Processing all of the interrupts
really impacted CCD uart, so we couldn't use interrupts to detect the
state. We had to poll. AP UART isn't used to detect AP state anymore on
any platforms, so it's ok to switch to interrupts now.
APTX_CR50RX is still used for ap uart detection in ap_uart_state.c. This
change doesn't modify that at all.
BUG=b:123544145
BRANCH=cr50
TEST=Make sure suspend and reboot stress tests still work on a bob and a
soraka. Check that Cr50 detects the AP state correctly.
Change-Id: I80eb97aecffe460b7857e66e7204a55b72c9dd47
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1446999
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tpm2 library still can not be compiled with LTO enabled, as it results
in untraceable .bss segment, which in turn makes it impossible to
separate .bss segment of the Tpm2 library into a contiguous memory
section.
As presented, enabling LTO on Cr50 saves 4372 bytes of flash space.
BRANCH=cr50, cr50-mp
BUG=b:65253310
TEST=after the entire stack was applied Cr50 builds successfully with
CONFIG_LTO enabled, and passes TCG test suite.
Change-Id: I4ea02634898166be765bb0986186eb4ecdadd511
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1411543
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:123544145
BRANCH=cr50
TEST=none
Change-Id: If9b12685f7f70f0653d137bbfa15f6a6232343e0
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1443868
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drives OEM specific GPIOs to enable and disable factory mode to a closed
source EC.
BUG=b:118683718
BRANCH=none
TEST=make buildall. Verified GPIO states with scope in both factory mode
enable and disable conditions. Verified GPIO states are reapplied
correctly after reboot, deep sleep, and power cycle.
Change-Id: I9bc547504478fded5f95c515027e1da0f245d524
Signed-off-by: Keith Short <keithshort@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1358733
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch enables support of ITE EC programming by Cr50. ITE EC sync
sequence generator implementation is being added to the image, I2C RX
and TX queue sizes are increased to be able to accommodate messages
sent during programming session.
Board level callback function is provided to request ITE SYNC sequence
generation on the next boot, and to reset the H1 with a 10 ms delay,
necessary for CCD host USB communications to quiesce.
Board startup code is modified to when requested invoke function
generating ITE SYNC sequence early in the boot before jitter
configuration is locked.
BRANCH=cr50, cr50-mp
BUG=b:75976718
TEST=with the rest of the patches applied verified that it is possible
to disable and re-enable clock jitter at run time.
Change-Id: I88367b200ceb5b62613f96061d565faa56f4d75a
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1263898
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of tying together CONFIG_WP_ALWAYS and RDP protection,
separate the options.
BRANCH=nocturne
BUG=b:111330723
TEST=make buildall -j
Change-Id: I905b573a900ef4dd0431666c525c951582143e09
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1222093
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allocates 16 bytes of INFO1 space, in the 'board' section, and
after the current Board ID data, to store the serial number
data for use by zero-touch enrollment.
Adds a console command to read / set this data.
Adds TPM vendor commands to set initial sn data, and update it
during RMA.
CQ-DEPEND=CL:*657450
BUG=b:111195266
TEST=tested locally on soraka
BRANCH=none
Change-Id: I752aefad9654742b7719156202f29d635d2306df
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1127574
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It complements crrev.com/c/1137434 in the way EC Reset got released.
Instead of time-basis, it shall be released when the power button
is released.
The desired sequence of actions is:
0. (optional) Have a CR50 console and EC console connected to terminals.
1. Do a shutdown.
2. Press the power button and keep it pressed.
3. Plug a SuzyQ cable.
4. CR50 console shall be connected back, but not EC console.
5. Release the power button at any proper time, so that EC can restart.
To keep EC from resetting, do "ecrst true" in CR50 console right after
Step 4. It will invalidate Step 5.
BRANCH=cr50
BUG=b:37351386
TEST=manually on Duts, Bob (Chrombook) and Sion (chromebox).
(A) hard-reset
A-1. Binary Download + Hold power button => no delay in EC reset.
(B) Wake from hibernation
B-1. (EC console) hibernate
B-2. unplug all cables
B-3. hold "POWER BUTTON" + plug SuzyQ cable => no delay in EC reset.
(C) Power-on reset
C-1. "REFRESH" + "POWER BUTTON" + unplug power cable.
C-2. unplug SuzyQ cable
C-3. plug SuzyQ cable => no delay in EC reset.
(D) Power-on reset
D-1. "REFRESH" + "POWER BUTTON" + unplug power cable.
D-2. unplug SuzyQ cable
D-3. hold "POWER BUTTON" + plug SuzyQ cable. => EC reset gets held.
D-4. release "POWER BUTTON" ==> EC gets reset.
(E) Power-on reset + explicit "ec_rst true"
E-1. "REFRESH" + "POWER BUTTON" + unplug power cable.
E-2. unplug SuzyQ cable
E-3. hold "POWER BUTTON" + plug SuzyQ cable. => EC reset gets held.
E-4. (CR50 console) ecrst true
E-5. release "POWER BUTTON" ==> EC reset still gets held.
(F) Power-on reset + explicit "ec_rst false"
F-1. "REFRESH" + "POWER BUTTON" + unplug power cable.
F-2. unplug SuzyQ cable
F-3. hold "POWER BUTTON" + plug SuzyQ cable. => EC reset gets held.
F-4. (CR50 console) ecrst false => EC gets reset.
F-5. release "POWER BUTTON" ==> Nothing happens.
(common) Press "POWER BUTTON" again, and check CR50 doesn't have any
more "POWER BUTTON" release events.
Changes to be committed:
modified: board/cr50/board.c
modified: board/cr50/board.h
modified: board/cr50/power_button.c
modified: chip/g/rbox.c
Change-Id: Ic39c9ce7849fa3187e1d277320adf671f857d18d
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1192691
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enable running ccd open from the console. Do not require dev mode to run
the command.
PREPVT ONLY. DO NOT MERGE INTO MP.
BUG=b:112861587
BRANCH=cr50-prePVT
TEST='ccd open' can be run on the console, and it doesn't require dev
mode.
Change-Id: Ie666d3bdf56a525deb7764bbcd03676174745cd3
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1188928
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enable rbox wakeups before entering any form of sleep. Disable them
immediately on resume. Without rbox wakeups enabled during normal
operation, we don't need to worry about clearing them after every rbox
interrupt. In TOT we missed clearing the power button rbox wakeup. This
was causing cr50 to wake up immediately after entering regular sleep. It
caused a ton of pmu interrupts and prevented cr50 from staying asleep.
With this change cr50 enters enters sleep and deep sleep normally. It
only resumes when there's a real wakeup.
BUG=none
BRANCH=cr50
TEST=verify power button can still wake cr50 from sleep and deep sleep.
Run firmware_Cr50DeviceState with TOT
Change-Id: I56bf81c19a6e32750dc9d21be7f27188635dd662
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1180572
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Turn on CONFIG_DCRYPTO_RSA_SPEEDUP for cr50.
Speeds up RSA2048 keygen by ~40%.
Adds 2192 bytes to the code size.
BRANCH=cr50
BUG=b:68167013
TEST=boot, login, run "trunks_client --key_create --rsa=2048 --usage=sign
--key_blob=/tmp/1.key --print_time" to measure time.
Change-Id: I647b17a7e16c4a74b6e55717c75fb44f332b2a54
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1159164
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
P256 key provisioning is complete, let's move RMA unlock to p256, this
frees up 5328 bytes in the flash.
BRANCH=cr50, cr50-mp
BUG=b:73296606
TEST=verified that dev key is properly accepted by the server, prod
key will be tested when prod image is signed.
Change-Id: I7d86bb2b793c32181f47f5354ad9db603aa49881
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1095535
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We're doing a bit of refactoring to break out factory mode into its own
file. Now factory reset and rma reset will be two methods of entering
factory mode. Factory mode can be disabled with the disable_factory
vendor command.
Factory mode means all ccd capabilities are set to Always and WP is
permanently disabled. When factory mode is disabled, all capabilities
are reset to Default and WP is reset to follow battery presence.
This adds 56 bytes.
BUG=none
BRANCH=cr50
TEST=verify rma reset will enable factory mode.
Change-Id: I21c6f7b4341e3a18e213e438bbd17c67739b85fa
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1069789
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using the p256 curve is beneficial, because RMA feature is currently
the only user of the x25519 curve in Cr50, whereas p256 support is
required by other subsystems and its implementation is based on
dcrypto.
The p256 public key is 65 bytes in size, appropriate adjustments are
being made for the structure storing the server public key and the key
ID.
The compact representation of the p256 public key requires 33 bytes,
including the X coordinate and one extra byte used to communicate if
the omitted Y coordinate is odd or even.
The challenge structure communicated to the RMA server allows exactly
32 bytes for the public key. To comply, the generated ephemeral public
key is used in compressed form (only the X coordinate is used).
For the server to properly uncompress the public key one extra bit is
required, to indicate if the original key's Y coordinate is odd or
even. Since there is no room for the extra bit in the challenge
structure, a convention is used where the generated ephemeral public
key is guaranteed to have an odd Y coordinate.
When generating the ephemeral key, the Y coordinate is checked, and if
it is even, generation attempt is repeated.
Some clean up is also included: even with debug enabled, generated
challenge is displayed only once as a long string, convenient for
copying and pasting.
The new feature is not yet enabled, p256 support on the RMA server
side is not yet available.
Enabling p256 curve for RMA authentication saves 5336 bytes of the
flash space.
BRANCH=cr50, cr50-mp
BUG=b:73296606
TEST=enabled CONFIG_RMA_AUTH_USE_P256 in board.h, generated challenge
and verified matching auth code generated by the rma_reset
utility.
Change-Id: I857543c89a7c33c6fc2dc00e142fe9fa6fc642cf
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1074743
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sleepmask is really useful for debugging sleep issues. Add a read only
version of sleepmask to non-DBG images. It will only be accessible once
the console is unlocked.
BUG=none
BRANCH=cr50
TEST=make sure sleepmask can be modified in DBG images and can only be
read in prod images.
Change-Id: I31ef966f6302d4a7602a014cb08c9b972d13f41e
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1062804
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will be used as part of the checks for when to allow CCD open.
Add check for firmware space dev mode bit, based on the similar code
which reads the FWMP. Print the state of both bits in 'ccd get'.
BUG=b:79983505
BRANCH=cr50
TEST=With dev mode off, 'ccd get' does not report TPM: dev_mode.
Turn on dev mode via the recovery screen, and it does.
Change-Id: I6af78bb104004323cd377ed996e1db94bc36fc62
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1066391
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit cfcac78e626ce08ccc1c45c91c61127b6088e80f.
Reason for revert: Removing all s3 termination support. It's not
necessary and it causes scarlet to boot into recovery.
Original change's description:
> cr50: add support for enabling terminations on ap suspend
>
> rk3399 systems need terminations on the SPI signals in S3 and all other
> low power states. Add support for enabling the pulldowns and pullups on
> the correct pins.
>
> With this change, if BOARD_NEEDS_S3_TERM is set in the board properties,
> cr50 will enable a pulldown on the AP TX Cr50 RX signal and a pulldown
> on all of the SPS signals. To keep the pulldowns from interfering with
> the sps peripheral, s3_term will also disable the input for those
> signals.
>
> BUG=b:62200096
> BRANCH=cr50
> TEST=Flash onto bob. Make sure cr50 enables and disables terminations
> when the AP suspends/resumes. Flash onto reef. Make sure it doesn't do
> anything.
>
> Change-Id: I4adaf6d66160bab1eb3cf3d343d4a79524ccf883
> Signed-off-by: Mary Ruthven <mruthven@google.com>
> Reviewed-on: https://chromium-review.googlesource.com/991338
> Commit-Ready: Mary Ruthven <mruthven@chromium.org>
> Tested-by: Mary Ruthven <mruthven@chromium.org>
> Reviewed-by: Randall Spangler <rspangler@chromium.org>
Bug: b:62200096
Change-Id: I00c5051a48d4578badf9ce6622dea1af9903f4fd
Reviewed-on: https://chromium-review.googlesource.com/1062687
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds some of the ground work for hardware backed brute force
resistance on Cr50. The feature is called Pinweaver. It will
initially be used to enable PIN authentication on CrOS devices
without reducing the security of the platform. A Merkle tree is
used to validate encrypted metadata used to track login attempts.
The metadata tracks counts of failed attempts, a timestamp of the
last failed attempt, the secrets, and any associated parameters.
Instead of storing the metadata on Cr50 an AES-CTR is used with an
HMAC to encrypt the data so it can be stored off-chip and loaded
when needed.
The Merkle tree is used to track the current state of all the
metadata to prevent replay attacks of previously exported copies.
It is a tree of hashes whose root hash is stored on Cr50, and whose
leaves are the HMACs of the encrypted metadata.
BRANCH=none
BUG=chromium:809730, chromium:809741, chromium:809743, chromium:809747
TEST=cd ~/src/platform/ec && V=1 make run-pinweaver -j
Change-Id: Id10bb49d8ebc5a487dd90c6093bc0f51dadbd124
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/895395
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rk3399 systems need terminations on the SPI signals in S3 and all other
low power states. Add support for enabling the pulldowns and pullups on
the correct pins.
With this change, if BOARD_NEEDS_S3_TERM is set in the board properties,
cr50 will enable a pulldown on the AP TX Cr50 RX signal and a pulldown
on all of the SPS signals. To keep the pulldowns from interfering with
the sps peripheral, s3_term will also disable the input for those
signals.
BUG=b:62200096
BRANCH=cr50
TEST=Flash onto bob. Make sure cr50 enables and disables terminations
when the AP suspends/resumes. Flash onto reef. Make sure it doesn't do
anything.
Change-Id: I4adaf6d66160bab1eb3cf3d343d4a79524ccf883
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/991338
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use RMA public key definition generated based on the binary blob
containing the key and key ID.
Key generation is controlled by the make file in common/, but actual
key blob comes from the board directory.
The structure holding the key and key ID is being modified to allow
initialization using a flat array.
No more need in defining CONFIG_RMA_AUTH_SERVER_PUBLIC_KEY and
CONFIG_RMA_AUTH_SERVER_KEY_ID.
BRANCH=cr50, cr50-mp
BUG=b:73296144, b:74100307
TEST='make buildall' still succeeds.
test RMA server generated authentication codes are accepted when
unlocking RMA.
Change-Id: I8ade94de6eb69b3e49bc5b948dbac20e59962acf
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/990783
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new key ID is set to zero.
BRANCH=cr50, cr50-eve
BUG=b:70891959
TEST=verified that prod server properly responds to the challenge
generated by a CR50 running on Robo device.
Change-Id: I1e0da4a2cebca7f985c5f2a6da509c850924a874
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/915503
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Michael Tang <ntang@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change creates a state machine to handle ap uart detection. It
removes all of the ap_uart stuff from ap_state.c and moves it to
ap_uart_state.c. All boards will now use ap_uart to enable/disable ap
uart and tpm_rst_l to detect the ap state.
Separate ap uart detection from ap detection, so we can disable the ap
uart without enabling deep sleep. If the ap is in S3 on ARM devices,
Cr50 wont be in deep sleep, but the AP UART RX signal wont be pulled up.
In this case we need cr50 ap rx to be disabled and deep sleep to be
disabled.
BUG=b:35647982
BRANCH=cr50
TEST=run firmware_Cr50DeviceState on scalet and electro
Change-Id: I81336a9e232df8d44b325eef59327a1c06a80cba
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/884307
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add a vendor command that provides alert counter. Userspace can use
it e.g. for user metric analysis.
- Add 'alerts' debug console command. It provides information about
chip alerts: supported alerts, fuse status, interrupt status, alert
counter.
- Add 'alerts fire [INT]' command to fire a software defined alert
(globalsec/fwN where N is 0,1,2,3).
Signed-off-by: Anatol Pomazau <anatol@google.com>
BUG=b:63523947
TEST=ran the FW at Pyro and checked alerts data sent to host
Change-Id: I7cec0c451ed71076b44dad14a151b147ff1337e8
Reviewed-on: https://chromium-review.googlesource.com/817639
Commit-Ready: Anatol Pomazau <anatol@google.com>
Tested-by: Anatol Pomazau <anatol@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These functions are not used by usb_i2c.c on chip/stm32, let's
move them to board/cr50 which is the only place where they are
used.
BRANCH=none
BUG=None
TEST=make buildall -j
Change-Id: I8c1b292838b8dbee9a9001add9332e0add80c342
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/778749
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A couple of bugs have crept in with the latest series of patches:
- the board ID value endianness does not have to be changed
- the test RMA server public key value is wrong
BRANCH=cr50
BUG=b:67007905
TEST=the generated challenge is now accepted by the server, and the
generated auth code matches between the server and the Cr50.
Change-Id: I18f413ab0bcc14d9cc50b115ac3784fdfcd5851c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/700798
Reviewed-by: Michael Tang <ntang@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enable necessary flags for the Cr50 to start supporting RMA
authentication. This also requires that the RMA server public key
definition is split between the actual and test. Even though they are
the same at this time, the actual public key would be defined in the
new future and it would be different from the test key.
BRANCH=cr50
BUG=b:65253310
TEST=make buildall -j passes. More tests were conducted on the full
patchset.
Change-Id: I5a3f9d8c71374d78192e3f0a2752391b842da962
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/691554
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the Cr50 state machines (EC, AP, RDD, bitbang, etc.) manage
their own enabling and disabling of the ports (UART, SPI, etc.) This
is tricky because the rules for when ports should be enabled are
non-trivial and must be applied in the correct order. In additionl
the changes all need to be serialized, so that the hardware ends up in
the correct state even if multiple state machines are changing
simultaneously.
Consolidate all of that into chip/g/rdd.c. The debug command for it
is now 'ccdstate', which just prints the state machines. This will
allow subsequent renaming of the 'ccdopen', etc. commands to 'ccd
open', etc.
Also include UART bit-banging into that state which must be
consistent. Previously, it was possible for bit-banging to leave UART
TX connected, instead of returning it to the previous state.
Use better names for CCD config fields for UART. I'd had them backwards.
BUG=b:62537474
BRANCH=cr50
TEST=manual, with a CR50_DEV=1 image
1) No servo or CCD
Pull SERVO_DETECT low (disconnected)
Pull CCD_MODE_L high (disabled)
Pull EC_DETECT and AP_DETECT high (on)
Reboot. RX is enabled even if cables are disconnected so we buffer.
ccdstate -> UARTAP UARTEC
Pull EC_DETECT low.
ccdstate -> UARTAP
Pull EC_DETECT high and AP_DETECT low.
ccdstate -> UARTEC
Pull AP_DETECT high.
ccdstate -> UARTAP UARTEC
2) Servo only still allows UART RX
Pull SERVO_DETECT high (connected).
ccdstate -> UARTAP UARTEC
3) Both servo and CCD prioritizes servo.
Pull CCD_MODE_L low (enabled).
ccdstate -> UARTAP UARTEC
Reboot, to make sure servo wins at boot time.
ccdstate -> UARTAP UARTEC
Bit-banging doesn't work when servo is connected.
bitbang 2 9600 even -> superseded by servo
bitbang -> disabled
ccdstate -> UARTAP UARTEC
4) CCD only allows more ports and remembers we wanted to bit-bang
Pull SERVO_DETECT low.
ccdstate --> UARTAP+TX UARTEC+BB I2C SPI
bitbang 2 disable
ccdstate --> UARTAP+TX UARTEC+TX I2C SPI
Reboot and see we don't take over servo ports until we're
sure servo isn't present.
ccdstate --> UARTAP UARTEC (for first second)
ccdstate --> UARTAP+TX UARTEC+TX I2C SPI (after that)
5) Bit-banging takes over ECTX
bitbang 2 9600 even
bitbang -> baud rate 9600, parity even
ccdstate -> UARTAP+TX UARTEC+BB I2C SPI
bitbang 2 disable
ccdstate -> UARTAP+TX UARTEC+TX I2C SPI
6) Permissions work. Allow easy access to full console and ccdopen:
ccdset OpenNoTPMWipe always
ccdset OpenNoLongPP always
ccdset GscFullConsole always
Default when locked is full AP UART EC RO, no I2C or SPI
ccdlock
ccdstate -> UARTAP+TX UARTEC
No EC transmit permission means no bit-banging
bitbang 2 9600 even
bitbang -> disabled
ccdstate -> UARTAP+TX UARTEC
But it remembers that we wanted to
ccdopen
ccdstate -> UARTAP+TX UARTEC+BB I2C SPI
bitbang 2 disable
ccdstate -> UARTAP+TX UARTEC+TX I2C SPI
Try turning on/off permissions
ccdset UartGscTxECRx always
ccdlock
ccdstate -> UARTAP+TX UARTEC+TX
No read means no write either
ccdset UartGscRxECTx ifopened
ccdlock
ccdstate -> UARTAP+TX
ccdopen
ccdset UartGscRXAPTx ifopened
ccdlock
ccdstate -> (nothing)
Check AP transmit permissions too
ccdopen
ccdset UartGscRxAPTx always
ccdset UartGscTxAPRx ifopened
ccdlock
ccdstate -> UARTAP
Check I2C
ccdopen
ccdset I2C always
ccdlock
ccdstate -> UARTAP I2C
SPI port is enabled if either EC or AP flash is allowed
ccdopen
ccdset flashap always
ccdlock
ccdstate -> UARTAP I2C SPI
ccdopen
ccdset flashec always
ccdset flashap ifopened
ccdlock
ccdstate -> UARTAP I2C SPI
Back to defaults
ccdoops
Change-Id: I641f7ab2354570812e3fb37b470de32e5bd10db7
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/615928
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The state machine in common/case_closed_debug.c only handles a subset
of what we need to do for Cr50 external case closed debugging, and
also supports a 'partial' CCD state that doesn't exist for Cr50. Move
the few lines of code from that we actually need into our file.
BUG=none
BRANCH=cr50
TEST=manual
Assert CCD_MODE_L
See 'CCD EXT enable'
Confirm Cr50 console appears as a RW /dev/ttyUSBn endpoint
Confirm firmware update over USB works
Deassert CCD_MODE_L
See 'CCD EXT disable'
Confirm Cr50 console appears as a RW /dev/ttyUSBn endpoint
Confirm firmware update over USB does not work (can't find device)
Change-Id: Id96f2770632839a9690740ece54bc2eb71d39a38
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/647909
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
