| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Build dcrypto and u2f separately as a part of the fips_module object.
This doesn't change how cryptoc is built. That'll be done in a followup
CL.
BUG=none
TEST=none
Change-Id: I411ee297ae8e88f0c38b6798c7b58c0e657750b1
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3002451
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cr50 doesn't use AES-CMAC and P256-ECIES functions. Currently these
functions are not linked in as they are not used. Since we will change
a build process to build crypto library separately to implement FIPS
certification requirements, better to remove it from library as
otherwise they will increase image size. Files are still there in case
if will be needed in the future.
BUG=b:134594373
TEST=make BOARD=cr50
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I0922a5f35a85b1a2d85e6b325716ac3838c2c9cb
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2988186
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:191799047
TEST=make buildall -j ; run tpmtest
Change-Id: I8b743c16c4e4b8b0779eb40ba1eb0a78613930f9
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2980812
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch was inspired by crrev.com/c/2593881, it is extended to
cover both cryptoc and tpm2 libraries. Cherry-picking across the
branches is pointless as the branches have drifted apart and the patch
applied to completely different files.
The below was copied from the original patch description and edited
and augmented to match the Cr50 case.
Currently, the cryptoc and tpm2 targets are marked as
.PHONY. That means that any project that depends on cryptoc or tpm2
will always rebuild ec.bin on make invocations.
For example, running make for cr50 will show the following build steps
on each make invocation, even though nothing in cryptoc or tpm2
changed:
make obj=/mnt/host/source/src/platform/cr50/build/cr50/cryptoc \
SUPPORT_UNALIGNED=1 \
CONFIG_UPTO_SHA512=y -C /mnt/host/source/src/third_party/cryptoc
make obj=/mnt/host/source/src/platform/cr50/build/cr50/tpm2 \
EMBEDDED_MODE=1 \
-C /mnt/host/source/src/third_party/tpm2 copied_objs
make[1]: Entering directory '/mnt/host/source/src/third_party/cryptoc'
make[1]: '/mnt/host/.../build/cr50/cryptoc/libcryptoc.a' is up to date.
make[1]: Leaving directory '/mnt/host/source/src/third_party/cryptoc'
make[1]: Entering directory '/mnt/host/source/src/third_party/tpm2'
make[1]: Nothing to be done for 'copied_objs'.
make[1]: Leaving directory '/mnt/host/source/src/third_party/tpm2'
LD RO/ec.RO.elf
LD RW/ec.RW.elf
.
.
.
This fix brings the dirty/clean state of cryptoc and tpm2 into the
main Cr50 make process, so that it can assess if libcryptoc.a or tpm
objects (and later ec.bin) actually need to be remade.
We do something similar for the ec version header file that is generated
by the build system itself (see crrev.com/c/227211)
Instead of relying on shell globbing, the tpm2 Makefile is now used to
determine the exact set of the tpm object files to be linked in.
This change was only possible with the fix to cryptoc's Makefile
crrev.com/c/2091999 and to the tpm2 Makefile in crrev.com/c/2606746.
With this change, building Cr50 does not force an unnecessary
recompilation, so the above make example looks like the following
after the initial build:
$ make BOARD=cr50 -j
*** 8044 bytes in flash...
*** 14116 bytes in flash...
BUG=none
TEST=verified that cryptolib and tpm2 libraries are rebuilt when some
.c or .h file in the respective directories it touched, but not
unnecessarily, like before this patch.
Change-Id: Ic7c55e6f779559e082afdd18c7368e5115afabdf
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2606810
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Craig Hesling <hesling@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add invocation of power-up known-answer tests (KATs) on power-on
and after failures, while avoiding power-up tests on wake from sleep.
Added console & vendor commands to report FIPS status, run tests,
simulate errors.
BUG=b:138577539
TEST=manual; check console
fips on, fips test, fips sha, fips trng
will add tpmtest for vendor command
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I58790d0637fda683c4b6187ba091edf08757f8ee
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2262055
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add proper TRNG health tests and CR50-wide DRBG with reseeding
BUG=b:138578157
TEST=tpmtest.py -t1 fails after cr50 reboot.
rand_perf in console (kick-off FIPS TRNG test) and then
tpmtest.py -t1 and tpmtest.py -t2 should succeed.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I94c2dbd7a00dedcf1a0f318539a3c73c0c8076ef
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2251381
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SQA images won't be built anymore. This change removes the SQA support.
It deletes all SQA ifdefs and replaces CR50_RELAXED with CR50_DEV.
BUG=b:158011401
TEST=manual
build regular image and check eraselfashinfo and rollback aren't
included.
build image with CR50_SQA=1 and check it's no different than the
regular image.
build DBG image and make sure it still starts open, it has the
eraseflashinfo and rollback commands, and it can flash old cr50
images.
Change-Id: I5e94c88b1903cfcf0eee0081fc871e55fc8586c7
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2227149
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a feature to extend each level of GPIO_INT_AP_L at
least for 100 microseconds. The assertion (low GPIO_INT_AP_L)
duration might be shorter only if AP asserts a SPS CS before
INT_AP_L deassertion, because it means means AP recognized
GPIO_INT_AP_L assertion already.
This patch increases the flash usage by 280 bytes.
BUG=b:148691139
TEST=None
Signed-off-by: Namyoon Woo <namyoon@google.com>
Change-Id: Ie74b236bc5352e9fc21fe600c12946e50955160a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2114430
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch moves ec_comm.c and ec_efs.c from board/cr50 to common/,
so that they can be shared with other board configuration (like host).
This is to build unittest for those files.
BUG=none
BRANCH=cr50
TEST=make buildall -j
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Change-Id: I67ac313054ebe4604848a176f0a42e3483957e74
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2094076
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- add ec_efs, which tracks the system boot mode.
- add ec_comm.h header file for EC-EFS related functions.
- revised vboot.h header file.
BUG=b:141143112
BRANCH=cr50
TEST=none
Change-Id: Iec1bf466b832bac5ad6be8a52304c1d699a38fb2
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2055363
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the board supports EC-CR50 communication, Cr50 enables both
rising/falling-edge triggered interrupt on DIOB3 pin and makes
it wakable as well.Cr50 connects GPIO_AP_FLASH_SELECT to DIOB4.
If the board does not support EC-CR50 communication, Cr50 connects
GPIO_AP_FLASH_SELECT to DIOB3.
If EC puts high on DIOB3 to activate EC-CR50 communication, CR50
enables UART_EC RX and TX.
BUG=chromium:1035706
BRANCH=cr50
TEST=none
Change-Id: I1221a1a19219274622ab710568ce7c66ab2f1da7
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1989581
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Presently the CR50_DEV environment variable is overloaded, if its
value is a number exceeding 1, it enables inclusion in the image of
the dcrypto tests.
To make things cleaner let's use a separate environment variable to
add dcrypto tests to the image. Note that the tests still can not be
enabled, as they do not fit into the flash code space.
BRANCH=cr50, cr50-mp
BUG=b:137659935
TEST=verified that image building with CRYPTO_TEST=1 fails due to
exceeded code size.
Change-Id: I550c219c1eefe01fbe035b85a1d5aae88ea439de
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1704607
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ran the following command:
git grep -l 'Copyright (c)' | \
xargs sed -i 's/Copyright (c)/Copyright/g'
BRANCH=none
BUG=none
TEST=make buildall -j
Change-Id: I6cc4a0f7e8b30d5b5f97d53c031c299f3e164ca7
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1663262
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IS_ENABLED works for an empty-string-defined macro.
However, -D options default to define the macro to 1. This CL forces
those macros, such as BOARD_* CHIP_*, CORE_*, CHIP_VARIANT_* and
CHIP_FAMILIY_*, to be defined as an empty string, so that it can
be supported by IS_ENABLED macro.
TEST=use if(IS_ENABLED(BOARD_KRANE)) and see compilation success.
TEST=compares build directory w/ and w/o this CL, and see the .smap
are the same:
ls build/*/*/ec.*.smap | sed -e 's|build/||' | \
xargs -I{} diff -u -a build/{} build.new/{}
BUG=none
BRANCH=None
Change-Id: I96e2aa1cb5f3369e5e445a674595a9234f26707a
Signed-off-by: Yilun Lin <yllin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1627840
Commit-Ready: Yilun Lin <yllin@chromium.org>
Tested-by: Yilun Lin <yllin@chromium.org>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When building Cr50 board image, some make variables get converted into
compilation flags, which affect image composition. Changes of these
variables go unnoticed as they do not directly affect make
dependencies.
Let's define the set of essential variables in ENV_VARS, and save the
state of these variables at build time in a generated .h file,
updating it only if any of the variables' values changed since the
previous make run.
The generated .h file is included in board.h, which guarantees that
files dependent on board.h are recompiled if the generated .h file
changes.
BRANCH=cr50
BUG=none
TEST=verified that changing of CR50_DEV and/or H1_RED_BOARD or
CR50_SQA values triggers full rebuild of the Cr50 image.
Verified that 'emerge-atlas ec-utils' also succeeds.
Change-Id: Id0589a3b6a66fe4da90a9aea894bc83eb6337c8c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/707915
Reviewed-by: Keith Short <keithshort@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In preparation to enabling link time optimizations for Cr50, modify
build system to link tpm2 tree's modules directly instead of linking
the archive.
Also, use the special tpm2 Makefile target, 'copied_objs', which will
rename .bss segment of all .o files into .bss.Tpm2_common. This will
make easier to ensure that all uninitialized data of the tpm2 library
is placed in the same memory block, which can be zeroed out when TPM
restarts.
CQ-DEPEND=CL:1457398
BRANCH=cr50, cr50-mp
BUG=b:65253310
TEST=tried the following
- make buildall -j succeeds
- TCG tests succeed.
- the size of __bss_libtpm2 section did not change.
Change-Id: I5374391feb13564305519e93d60c3347aa5e4b93
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1457601
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When running on the test board (aka Red Board) the resistor strappings
need to be ignored, and SPI mode and PLT_RESET properties should be
enabled unconditionally.
The new make variable allows to compile the code as required.
BRANCH=cr50, cr50-mp
BUG=none
TEST=verified that 'make H1_RED_BOARD=1 ...' produces an image which
allows connecting to the FTDI SPI interface when running on the
red board.
Change-Id: I4763fd8678d44ecf7565049c50f82425aca46f1f
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1452937
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drives OEM specific GPIOs to enable and disable factory mode to a closed
source EC.
BUG=b:118683718
BRANCH=none
TEST=make buildall. Verified GPIO states with scope in both factory mode
enable and disable conditions. Verified GPIO states are reapplied
correctly after reboot, deep sleep, and power cycle.
Change-Id: I9bc547504478fded5f95c515027e1da0f245d524
Signed-off-by: Keith Short <keithshort@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1358733
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Each time TPM is disabled for booting Alt OS, NVMEM cache needs to be
wiped out, only a few NV indices need to be preserved.
We also are making sure that wipeout is possible only if key ladder is
disabled.
CQ-DEPEND=CL:1362161
BRANCH=cr50, cr50-mp
BUG=b:119221935
TEST=on a dual boot machine observed that when booting ALT OS on
reboots, key ladder is disabled, but RW AP firmware rollback
indices at address 0x1007 are still read properly. Alt OS resume
happens pretty quickly.
Change-Id: I5326937d0a36b67ac848629faeee42aadcb9e64d
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1362203
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A future CL will add non-read operations.
TEST=build
BRANCH=none
BUG=b:112604850
Change-Id: Ie024e30b81dff888dcb42adcd4e3b2daded2f4f7
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1312517
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=none
CQ-DEPEND=CL:*664115
BUG=chromium:876582
TEST=make -j buildall && make -j buildfuzztests
Change-Id: Iade5e5138f495e6b3b99ec16f1a467861ade5537
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1180179
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is to allow reading of board ID and serial number
through NV indexes.
CQ-DEPEND=CL:1114675
BRANCH=none
BUG=b:110971075, chromium:846114
TEST=NV_Read of virtual indices using trunks_send --raw, b:110971075 #3
Change-Id: Iaf7256ea50e36021b61c92f8606d1a62af37df2d
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1114674
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces a new firmware status, TPM mode along with
a new TPM vendor command VENDOR_CC_TPM_MODE. TPM mode indicates whether
TPM is enabled or disabled. Initially, this value shall be
TPM_MODE_ENABLED_TENTATIVE, which means TPM is enabled but can be
changed. VENDOR_CC_TPM_MODE changes this value either as
TPM_MODE_ENABLED or TPM_MODE_DISABLED. This is for one time use only until
next TPM reset event.
Once TPM is disabled, any subsequent TPM commands shall fail.
TPM_MODE_TPM_MODE command may be issued with input size as zero, which
would not change TPM mode value. Either with the valid input value or
without any input value, it returns the current TPM mode value in uint8_t
type.
This adds 160 bytes in binary.
BUG=b:77543596
BRANCH=cr50
TEST=manually
(chroot) ./extra/usb_updater/gsctool -h
Usage: gsctool [options] [<binary image>]
Options:
-m,--tpm_mode [enable|disable]
Query or control tpm mode
(dut) gsctool -a -i
Board ID space: XXXXXXXX:XXXXXXXX:XXXXXXXX
(chroot) ./extra/usb_updater/gsctool -m enable
(dut) gsctool -a -i
Board ID space: XXXXXXXX:XXXXXXXX:XXXXXXXX
(chroot) gsctool -m enable
Error 7 in enabling TPM.
(dut) gsctool -a -i
Board ID space: XXXXXXXX:XXXXXXXX:XXXXXXXX
(dut) reboot
(chroot) ./extra/usb_updater/gsctool -m disable
(dut) gsctool -a -i
Problems reading from TPM, got 10 bytes
Error: Failed to send vendor command 25
(dut) tpm_version
[ERROR:... TRUNKS_RC_WRITE_ERROR
(dut) tpm-manager
[INFO:tpm_manager_v2.cc(51)] Initializing TPM.
[tpm_manager.TakeOwnershipReply] {
status:STATUS_NOT_AVAILABLE
}
(dut) reboot
(chroot) ./extra/usb_updater/gsctool -m
TPM Mode: enabled (0)
(dut) gsctool -a -i
Board ID space: XXXXXXXX:XXXXXXXX:XXXXXXXX
(dut) tpm_version
TPM2.0 Version Info:
...
(dut) tpm-manager
[INFO:tpm_manager_v2.cc(51)] Initializing TPM.
[INFO:tpm_manager_v2.cc(66)] TPM initialization successful (21 ms).
Change-Id: I1453d1a8d03f13cc7fc203863cbc50bf84c9dd8c
Signed-off-by: Namyoon Woo <namyoon@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1105614
Commit-Ready: Namyoon Woo <namyoon@chromium.org>
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have determined the checks to run for board_is_first_factory_boot.
This change updates cr50 to check for those conditions and enable ccd
when the system determines that it is first boot in the factory. This
will check that the board id is erased and the inactive image is a GUC
image.
The factory updates Cr50 from the GUC image, because those GUC images
don't have support for everything they need to do in the factory. To
determine that cr50 just recovered from that factory update, it will
check that the GUC image is still in the inactive region and no board id
is set.
There are 2 images installed in GUC 0.0.13 and 0.0.22, so cr50 will
check these versions. Future GUC images will have a field in the header
declaring that they are a GUC image. I still need to create the GUC
field in the header and check that in inactive_image_is_guc_image.
Factory mode can't be enabled on deep sleep resume. It is only enabled
after power-on reset or hard reset.
This change also moves factory stuff into a factory_mode file instead of
keeping it in board.c
This adds 200 bytes.
BUG=b:77543904
BRANCH=cr50
TEST=Verify factory mode is only enabled when cr50 recovered from
reboot not deep sleep resume, 0.0.13 or 0.0.22 are in the inactive
region, and the board id is erased.
Change-Id: Ibece878049658493e8ad159121ada63d7a6f6b79
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1059864
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit cfcac78e626ce08ccc1c45c91c61127b6088e80f.
Reason for revert: Removing all s3 termination support. It's not
necessary and it causes scarlet to boot into recovery.
Original change's description:
> cr50: add support for enabling terminations on ap suspend
>
> rk3399 systems need terminations on the SPI signals in S3 and all other
> low power states. Add support for enabling the pulldowns and pullups on
> the correct pins.
>
> With this change, if BOARD_NEEDS_S3_TERM is set in the board properties,
> cr50 will enable a pulldown on the AP TX Cr50 RX signal and a pulldown
> on all of the SPS signals. To keep the pulldowns from interfering with
> the sps peripheral, s3_term will also disable the input for those
> signals.
>
> BUG=b:62200096
> BRANCH=cr50
> TEST=Flash onto bob. Make sure cr50 enables and disables terminations
> when the AP suspends/resumes. Flash onto reef. Make sure it doesn't do
> anything.
>
> Change-Id: I4adaf6d66160bab1eb3cf3d343d4a79524ccf883
> Signed-off-by: Mary Ruthven <mruthven@google.com>
> Reviewed-on: https://chromium-review.googlesource.com/991338
> Commit-Ready: Mary Ruthven <mruthven@chromium.org>
> Tested-by: Mary Ruthven <mruthven@chromium.org>
> Reviewed-by: Randall Spangler <rspangler@chromium.org>
Bug: b:62200096
Change-Id: I00c5051a48d4578badf9ce6622dea1af9903f4fd
Reviewed-on: https://chromium-review.googlesource.com/1062687
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds some of the ground work for hardware backed brute force
resistance on Cr50. The feature is called Pinweaver. It will
initially be used to enable PIN authentication on CrOS devices
without reducing the security of the platform. A Merkle tree is
used to validate encrypted metadata used to track login attempts.
The metadata tracks counts of failed attempts, a timestamp of the
last failed attempt, the secrets, and any associated parameters.
Instead of storing the metadata on Cr50 an AES-CTR is used with an
HMAC to encrypt the data so it can be stored off-chip and loaded
when needed.
The Merkle tree is used to track the current state of all the
metadata to prevent replay attacks of previously exported copies.
It is a tree of hashes whose root hash is stored on Cr50, and whose
leaves are the HMACs of the encrypted metadata.
BRANCH=none
BUG=chromium:809730, chromium:809741, chromium:809743, chromium:809747
TEST=cd ~/src/platform/ec && V=1 make run-pinweaver -j
Change-Id: Id10bb49d8ebc5a487dd90c6093bc0f51dadbd124
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/895395
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rk3399 systems need terminations on the SPI signals in S3 and all other
low power states. Add support for enabling the pulldowns and pullups on
the correct pins.
With this change, if BOARD_NEEDS_S3_TERM is set in the board properties,
cr50 will enable a pulldown on the AP TX Cr50 RX signal and a pulldown
on all of the SPS signals. To keep the pulldowns from interfering with
the sps peripheral, s3_term will also disable the input for those
signals.
BUG=b:62200096
BRANCH=cr50
TEST=Flash onto bob. Make sure cr50 enables and disables terminations
when the AP suspends/resumes. Flash onto reef. Make sure it doesn't do
anything.
Change-Id: I4adaf6d66160bab1eb3cf3d343d4a79524ccf883
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/991338
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change creates a state machine to handle ap uart detection. It
removes all of the ap_uart stuff from ap_state.c and moves it to
ap_uart_state.c. All boards will now use ap_uart to enable/disable ap
uart and tpm_rst_l to detect the ap state.
Separate ap uart detection from ap detection, so we can disable the ap
uart without enabling deep sleep. If the ap is in S3 on ARM devices,
Cr50 wont be in deep sleep, but the AP UART RX signal wont be pulled up.
In this case we need cr50 ap rx to be disabled and deep sleep to be
disabled.
BUG=b:35647982
BRANCH=cr50
TEST=run firmware_Cr50DeviceState on scalet and electro
Change-Id: I81336a9e232df8d44b325eef59327a1c06a80cba
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/884307
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For historical reasons, CCD, reset, and power button control were
scattered around several files. Consolidate the code in more sensible
(in retrospect) places.
No functional changes, just moving code.
BUG=none
BRANCH=cr50
TEST=make buildall; boot cr50
Change-Id: Ic381a5a5d0627753cc771189aa377e88b81b155e
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/653766
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the last state machine which used common/device_state.c. But
servo is more complex than that, because it needs to differentiate
state-isn't-known (debouncing) from state-isn't-knowable (Cr50 driving
EC TX), so it's cleaner to split it out the way we did AP and EC state
machines in previous CLs.
BUG=b:35587387
BRANCH=cr50
TEST=manual with CR50_DEV=1 build
// Test detect at boot, even with CCD connected
Pull CCD_MODE_L low
Pull DETECT_SERVO high
Pull DETECT_EC high
reboot -> 'Servo connect'
// CCD is not driving EC UART TX
ccd -> EC on, Servo connected, CCD enabled, EC UART RX
// When servo disconnects CCD can drive EC TX
Pull DETECT_SERVO low --> 'Servo disconnect'
ccd -> EC on, Servo undetectable, CCD enabled, EC UART RX+TX
// Can't detect servo reconnecting if we're driving EC TX
Pull DETECT_SERVO high --> (no change)
ccd -> EC on, Servo undetectable, CCD enabled, EC UART RX+TX
// When we stop driving EC TX, can redetect servo
Pull EC_DETECT low --> See 'EC off', 'Servo connected'
ccd -> EC off, Servo connected, CCD enabled, EC UART disabled
// Test debouncing at boot
Pull DETECT_EC high
Pull DETECT_SERVO low
Pull CCD_MODE_L high
reboot
Within 1 sec, pull DETECT_SERVO high --> 'Servo connected'
// Test debouncing after boot
Pull DETECT_SERVO low then high < 1 sec --> (no message)
Change-Id: I964bd36c35f52c8ef7b3ea3793b6e0764e93587c
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/636047
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The device state machines aren't quite similar enough to use common
code. Split the AP state machine out, the way we split out the EC
state machine in the previous CL.
BUG=b:35587387
BRANCH=cr50
TEST=manual, with Cr50 strapped (or hard-coded) not to use platform reset
and not to use TPM reset to detect the AP:
Pull CCD_MODE_L low, so Cr50 detects/enables CCD
Pull AP_DETECT high.
Pull INT_AP_L low (with resistor).
Pull AP_DETECT low --> See 'AP off' message
gpioget --> INT_AP_L=0
ccd --> AP UART disabled
Pull AP_DETECT high --> See 'AP on' message
gpioget --> INT_AP_L=1
ccd --> AP UART RX+TX
Pull AP_DETECT low for <1 sec then back high
(don't see AP off/on message)
gpioget --> INT_AP_L=1
ccd --> AP UART RX+TX
Reboot with AP_DETECT still low -> AP off at 1 second
Reboot with AP_DETECT still low and then assert AP_DETECT
within a second -> AP on immediately
Repeat with Cr50 strapped/hard coded to use platform reset, but
using TPM_RST_L instead of AP_DETECT. Note that this will also
show TPM reset debugging output when TPM_RST_L is asserted.
Change-Id: Ief9e4e5f2585ff925de1595cc8fbd5306c94a806
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/634248
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to test certain devices in the test lab using cased closed
debugging (CCD), we need a mechanism to programmatically "press" the
recovery button. Even though this signal is being buffered through the
EC to the AP, and the EC could theoretically set it if needed, we cannot
trust the EC in its RO image since it may speak to the outside world
over USB PD.
Instead, this commit introduces a console command on cr50 that can be
used to force the recovery button state to be pressed. However, it is
gated behind the CCD capabilities defaulting to the IfOpened state.
Additionally, a new vendor command is added to query the trusted state
of the recovery button. The AP should use this command instead of
trusting the GPIO connected to it.
BUG=b:37751915, b:64146626
BRANCH=cr50
TEST=Flash cr50. Press KEY0, verify that reported rec btn follows the
state of the button.
TEST=`recbtnforce enable` causes the button to be reported as pressed.
Physical presses of the button do not alter the reported state.
TEST=`recbtnforce disable` causes the reported state to follow that of
the physical button.
TEST=The `recbtnforce` command is set to the IfOpened capability by
default.
TEST=CCD locking the DUT and attempting to force the recovery button
results in an error of access denied. The physical state is reported.
TEST=From the AP, issue the vendor command to retrieve the button state
and verify that it behaves as expected.
Change-Id: Ib8c2928e75e5f9a1a83c5361664efc3fa0ae2ddb
Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Reviewed-on: https://chromium-review.googlesource.com/635955
Commit-Ready: Aseda Aboagye <aaboagye@chromium.org>
Tested-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The device state machines aren't quite similar enough to use common
code. Split the EC state machine out, the way we split out BattPrsnt
and CCD_MODE.
BUG=b:35587387
BRANCH=cr50
TEST=manual
Pull CCD_MODE_L high, so Cr50 detects/enables CCD
Pull EC_DETECT high.
reboot -> 'EC RX only', then 'EC on' at 1 second
Pull EC_DETECT low --> See 'EC off' message
ccd --> EC UART disabled
Pull EC_DETECT high --> See 'EC on' message
ccd --> EC UART RX+TX
Pull EC_DETECT low for <1 sec then back high
(don't see EC off/on messages)
ccd --> EC UART RX+TX
Reboot with EC_DETECT still low -> EC off at 1 second
Reboot with EC_DETECT still low and then assert EC_DETECT
within a second -> EC RX only, then EC connect at 1 second.
Change-Id: I71687e651d625cadd656934f4cb2bbadc0b58816
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/619750
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement U2F (universal second factor authentication) feature
over TPM vendor commands.
The raw U2F APDU as defined by the FIDO Alliance 'U2F Raw Message Formats'
specification can be sent using the VENDOR_CC_U2F_APDU command.
So the vendor command is taking a ISO7816-4:2005 APDU format frame as input
as defined by the spec and returns another APDU using ISO7816-4 status
code.
The APDU is processed by the common U2F code using u2f_apdu_rcv(),
this hardware specific code provides:
- the user physical presence detection (done by the power button press)
returned by the pop_check_presence() callback.
- the connection to the cryptographic hardware to generate/derive the
keys used by the U2F and individual attestation functions.
This feature/vendor command has 3 modes:
- disabled
- U2F (only the commands/flags defined by the U2F specification)
- G2F (the U2F commands plus some extensions for individual attestation)
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=cr50
BUG=b:35545754
TEST=pass U2FTest and HIDTest.
Change-Id: Ic2591f369763fb4ba67926e2b4a0c2cd35330a18
Reviewed-on: https://chromium-review.googlesource.com/518139
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for update related vendor commands in mn50 by relocating
relevant code from board/cr50 to chip/g.
BUG=b:36910757
BRANCH=None
TEST=./extra/usb_updater/usb_updater -d 18d1:502a build/mn50/ec.bin
Change-Id: Iec0fe5585b5b6eb099f9254dfb0e5b02d5106abc
Reviewed-on: https://chromium-review.googlesource.com/537999
Commit-Ready: Nick Sanders <nsanders@chromium.org>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The contents of the board ID fields of the Cr50 image headers is an
important piece of information which determines if an image can run on
a particular H1 chip.
This patch adds this information to the output of the 'version'
command, printing both the contents of the fields of the RW images and
if the image would run with the current INFO1 board ID contents (Yes
or NO).
The board_id feature is in fact g chipset specific, this is why
board_id support files are being moved from the cr50 board scope to
the g chip scope.
BRANCH=cr50
BUG=b:35587387,b:35587053
TEST=observed expected output in the version command:
> bid
Board ID: 000000fa, flags 000000ff
> vers
Chip: g cr50 B2-C
Board: 0
RO_A: * 0.0.10/29d77172
RO_B: 0.0.10/c2a3f8f9
RW_A: * 0.0.20/DBG/cr50_v1.1.6542-856c3aff4
RW_B: 0.0.20/DBG/cr50_v1.1.6543-2c68a2630+
BID A: 00000000:00000000:00000000 Yes
BID B: 000000ea:0000fffc:000000ff No
Build: 0.0.20/DBG/cr50_v1.1.6542-856c3aff4
tpm2:v0.0.289-cb2de5a
cryptoc:v0.0.8-6283eee
2017-06-09 15:34:19 vbendeb@eskimo.mtv.corp.google.com
>
Change-Id: I5b283abf304a7408ca8f424407044fca238185e1
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/530033
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds vendor and console commands to read and write the
board ID space in the INFO1 block.
Current image's board ID settings are saved in the image header by the
latest codesigner.
Board ID write attempts are rejected if the board ID space is already
initialized, or if the currently running image will not be allowed to
run with the new board ID space settings.
Error codes are returned to the caller as a single byte value.
Successful read command returns 12 bytes of the board ID space
contents.
The console command always allows to read the board ID value, and
allows to write it if the image was built with debug enabled.
BUG=b:35586335
BRANCH=cr50
TEST=as follows:
- verified that board ID can be read by any image and set by debug
images.
- with the upcoming patches verified the ability to set and read
board ID values using vendor commands.
Change-Id: I35a3e2db92175a29de8011172b80091065b27414
Signed-off-by: Philip Chen <philipchen@google.com>
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/522234
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It needs to be possible to prevent unlocking of CCD on enterprise
enrolled devices, in particular to prevent users from moving into dev
mode.
A bit in the FWMP structure flags field was allocated for the purposes
of preventing console unlock in those cases.
This patch adds code to read the FWMP structure from the TPM NVMEM,
verify it and determine if it should be possible to unlock the
console. The restriction is not honored by Cr50 DBG images.
The FWMP value is read only once per TPM reset, this means each time
the admin console changes the relevant flag bit, the Chrome OS device
has to be rebooted to pick up the new flag value.
BRANCH=cr50
BUG=b:35587387,b:35587053
TEST=verified that FWMP is properly read and acted upon.
Change-Id: I17e15ea2b2293a0c096858fba3ccc389452caede
Reviewed-on: https://chromium-review.googlesource.com/457824
Commit-Ready: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This vendor command allows the host to retrieve the internal TPM
state. The first version of the command will return the failure
information collected during assert, if it ever happened, retry
counter value and the maximum retry counter value to be able to detect
if TPM is in lockout.
The structure is packed, it is serialized before being sent to the
host.
BRANCH=none
BUG=chrome-os-partner:60555
TEST=when running on a reef with a depthcharge image capable of
displaying TPM state on errors observed state information added
to the recovery screen text display.
Change-Id: I9d37f7a971013ce802f63218d43697fab68276c9
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/430952
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Turn SHA512 support into a config option so that
boards may individually enable SHA512 support.
BRANCH=none
BUG=chromium:673778
CQ-DEPEND=CL:419578
TEST=make buildall succeeds
Change-Id: Ib857a3e97f1c2ec7066ae23ac725c7bf3d194e01
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/419327
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds the plumbing for SHA-384 & 512.
The actual hash implementation is software only,
and a part of the third_party/cryptoc library.
BRANCH=none
BUG=none
CQ-DEPEND=CL:418263
TEST=TCG tests pass
Change-Id: Iba7e6d420fd7fa0bce4ad9061e00f9275ecf4d72
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/417888
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is based off of the protocol in the stm32 directory. We should
unify these implementations and the other ccd endpoints at some point.
Right now I though that I should keep the implementation the same as the
other g chips ccd drivers.
BUG=chrome-os-partner:57059
BRANCH=none
CQ-DEPEND=CL:390015
TEST=manual
download the servo patch and run 'sudo servod -c ccd_cr50.xml -c
reef_r1_inas.xml'
Test the usb i2c bridge by running 'dut-control | grep pp'
Attach servo and verify cr50 will not enable i2c
Change-Id: I0f72671505f5451a960d3baea4b2c34b6910d892
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/388896
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Nick Sanders <nsanders@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While USB updates have a mechanism to trigger the target reset, SPI
updates do not have it.
This patch adds an extension command to cause the device reset.
BRANCH=none
BUG=chrome-os-partner:58226
TEST=with the rest of the patches applied verified that the system
gets reset and the new image version kicks in on both gru (over
SPI) and reef (over USB).
Change-Id: I498538670e2c43d17b13510288eb9ae75eb7b761
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/395628
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than doing a full cr50 reset when the system reset SYS_RST_L is
asserted, just reset the state of the TPM task and library. Re-clear
.bss for those modules, then re-initialize.
BRANCH=none
BUG=chrome-os-partner:52366
CQ-DEPEND=CL:366792
TEST=make buildall; test on Gru
Trigger a SYS_RST_L by using the AP's reboot command, power
off/on, log in/out/in.
See that the Cr50 does not reboot and the firmware and userspace
are still happy about the TPM.
Change-Id: I32cd2bb72316f68c74db77a20a8d09112b402d4b
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/361680
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:54101
BRANCH=none
CQ-DEPEND=CL:*287736
TEST=make buildall; try on Cr50 hardware
All TCG tests passed before and after this CL.
Change-Id: I65e31792b2912d588868cc298a01b0142ac7dadc
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/386258
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:49959
BRANCH=none
TEST=manual
On the Cr50 console, use the "wp" command to get/set the desired
state. On the EC console, use "gpioget wp_l" to watch it change.
Change-Id: I5978e6116ad0a07a7a61a8356dc1daf79e2397d0
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/373618
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change implements logic for installing
endorsement certificates in the RW section.
The endorsement certificates are initially
provisioned in a fixed RO flash region and
are copied in the RW TPM data region (once
this region has been initialized).
Also add code for reading from the info bank,
which is where the endorsement seed is
initially stored.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
BUG=chrome-os-partner:50115
TEST=TCG tests running
Change-Id: Id8c16d399202eee4ac0c4e397bdd29641ff9d2f3
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/362402
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For now the presence of both RSA and EC certificates at fixed NVRAM
indices is considered evidence of TPM being through manufacturing.
BRANCH=none
BUG=chrome-os-partner:50645
TEST=with the rest of the patches applied TPM manufacturing status is
properly detected at startup.
Change-Id: Iff3861603272cdfb58ebc523458c114685b2429f
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/362351
Reviewed-by: Marius Schilder <mschilder@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit includes changes required for
supporting a hardware based montgomery
modexp (r = a ^ e mod N).
The function bn_is_bit_set() was previously
static, and now added to internal.h, as this
function is used by the hardware implementation.
Add function declarations for new functions
related to the hardware implementation to
chip/g/dcrypto/internal.h
BRANCH=none
CQ-DEPEND=CL:*260618,CL:*260895
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=all tests in test/tpm_test/tpmtest.py pass
Change-Id: I5fe4a6692678b64f27659f42a08d200b6fe6f0cc
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/347462
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While in CCD, cr50 can be used to flash the AP and EC through USB. This
change adds an endpoint that can be used to read, erase, and write to
the AP and EC spi rom.
Currently CCD is not enabled on cr50, so usb_spi access has to be
enabled manually through the cr50 console.
BUG=chrome-os-partner:50701
BRANCH=none
TEST=manual
On EC console run 'flash_tristate true'
On cr50 console run 'usb_spi enable'
Use 'flashrom -p raiden_debug_spi:target=EC' and
'flashrom -p raiden_debug_spi:target=AP' to interact with
the AP and EC flash
CQ-DEPEND=CL:342144
Change-Id: I9c31dab252a8bfbc498eaf64ac5c2f53ec9dde30
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/342511
|