| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since FIPS-compliant U2F code is not yet ready, make sure that new
devices won't switch to FIPS-approved by default when there are no
U2F keys. This CL puts the logic that checks if the U2F seed exists
and turns FIPS mode on when it doesn't under compile-time switch,
and for now turns this switch off. As a result, FIPS mode is always
off.
BUG=b:138577491
TEST=make BOARD=cr50, then check FIPS mode in CCD
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I33b559c3f348f34115263fd3fedc8b7a2fbeab31
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2328113
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit d2627d12bb21308f49a72cadaf47a0a86730a960.
Reason for revert: Causing crbug.com/1111182
Original change's description:
> u2f: Append hmac of auth time secret to versioned KH
>
> When generating versioned KHs, u2fd should send a public derivative
> (sha256) of the user's auth time secret to cr50. Cr50 derives an
> hmac of it and appends this authorization_hmac to the KH.
>
> When signing versioned KHs, u2fd may supply the unhashed auth time
> secret. Cr50 will check the authorization_hmac if no power button press.
> If the reconstructed hmac matches authorization_hmac, power button press
> is waived.
>
> Currently for v1, we will just prepare the authorization_hmac but not
> enforce it. This is because fingerprint and PIN are unable to unlock
> the same secret.
>
> While we waive power button press for v1, we can enforce
> authorization_hmac whenever auth-time secrets is ready.
>
> BUG=b:144861739
> TEST=- Use a known 32-byte "auth-time secret"
> - Compute the sha256 of the auth-time secret (this is public)
> - u2f_generate with the computed "authTimeSecretHash"
> - Add code to u2f_sign command handler such that cr50 computes
> the sha256 of the supplied auth-time secret at u2f_sign time
> and require power button press if the hmac doesn't match.
> - u2f_sign with the true auth-time secret -> observe in logging
> that hmac matches, and no power button press required.
> - u2f_sign with a wrong auth-time secret -> observe in logging
> that hmac doesn't match, and power button press is required
> for signing.
>
> Cq-Depend: chromium:2321731
> Change-Id: Ib9ae913667f8178ac7a4790f861d7dada972c4a0
> Signed-off-by: Yicheng Li <yichengli@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2317047
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Bug: b:144861739
Cq-Depend: chromium:2327779
Exempt-From-Owner-Approval: Causing crbug.com/1111182
Change-Id: I8c8a594d148b92556b20a2753aa1007cf2c1676b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2327358
Tested-by: Archie Pusaka <apusaka@chromium.org>
Reviewed-by: Yicheng Li <yichengli@chromium.org>
Reviewed-by: Archie Pusaka <apusaka@chromium.org>
Commit-Queue: Archie Pusaka <apusaka@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When generating versioned KHs, u2fd should send a public derivative
(sha256) of the user's auth time secret to cr50. Cr50 derives an
hmac of it and appends this authorization_hmac to the KH.
When signing versioned KHs, u2fd may supply the unhashed auth time
secret. Cr50 will check the authorization_hmac if no power button press.
If the reconstructed hmac matches authorization_hmac, power button press
is waived.
Currently for v1, we will just prepare the authorization_hmac but not
enforce it. This is because fingerprint and PIN are unable to unlock
the same secret.
While we waive power button press for v1, we can enforce
authorization_hmac whenever auth-time secrets is ready.
BUG=b:144861739
TEST=- Use a known 32-byte "auth-time secret"
- Compute the sha256 of the auth-time secret (this is public)
- u2f_generate with the computed "authTimeSecretHash"
- Add code to u2f_sign command handler such that cr50 computes
the sha256 of the supplied auth-time secret at u2f_sign time
and require power button press if the hmac doesn't match.
- u2f_sign with the true auth-time secret -> observe in logging
that hmac matches, and no power button press required.
- u2f_sign with a wrong auth-time secret -> observe in logging
that hmac doesn't match, and power button press is required
for signing.
Cq-Depend: chromium:2321731
Change-Id: Ib9ae913667f8178ac7a4790f861d7dada972c4a0
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2317047
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prevent access to FIPS CCD commands which can inject errors
due to unclear security impact. Instead, made them available
only in CR50_DEV builts. Same with vendor commands - moved them
from CRYPTO_TEST to under CR50_DEV.
BUG=b:138577491
TEST=help fips, fips sha/trng - ignored
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ic86db02f2c9c5abbea8f3f23ee56a5f5f570e177
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2321344
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't touch the SYS_RST_L or EC_RST_L signals when flashing the AP if
flashrom is run with custom_rst=True.
BUG=b:154885210
TEST=manual on bob
ecrst on
flashrom -p raiden_debug_spi:target=EC -r ec.bin
ecrst on
flashrom -p raiden_debug_spi:target=AP,custom_rst=True -r ap.bin
check ecrst is still on
flashrom -p raiden_debug_spi:target=AP -r ap.bin
Change-Id: Ia1ab8c853c25ced994e053c9e19a18d0d0f1cb45
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2301239
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
new_device and new_gang_mode are both only used for spi_hash SPI
enable/disable. Rename them, so that's clear.
BUG=none
TEST=make buildall -j
Change-Id: I67a4f7865e8a5ff21c79b4462a0f2c1d0f85f76d
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2300698
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In https://crrev.com/c/2258534 fix read_tpm_nvmem_size() was introduced,
however it failed to properly return size of hidden objects, and code
worked because it was masked by prior check of size for nvmem variable
with getvar(), and these variables were always set together.
This fix relies on https://crrev.com/c/2280405 for tpm2 to add proper
service function.
BUG=None
TEST=manual, tested in upcoming change in cr50/board/u2f.c
Cq-Depend: chromium:2280405
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I38cfbf97e5cc99907c05887345017db92c5abc72
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2285432
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was added to support u2fd on M77, and can
be removed iff the version of cr50 this change is
included in will not be expected to work with M77.
BUG=b:158268336
TEST=build
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Change-Id: I6bbbae44a86c1a70fef4c8e1da1c1116f9909aa8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2275504
Reviewed-by: Yicheng Li <yichengli@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Yicheng Li <yichengli@chromium.org>
Tested-by: Yicheng Li <yichengli@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Support generating and signing versioned key handles in addition
to non-versioned ones.
BUG=b:144861739
TEST=used webauthntool to verify that KH generated by old cr50 firmware
can be signed with this firmware
TEST=used webauthntool to verify that non-versioned KH generated by this
firmware can be signed by old cr50 firmware
(This and the first TEST proves that non-versioned path is the
same as old firmware.)
TEST=used webauthntool to verify that non-versioned KH generated by this
firmware can be signed by this firmware
TEST=used webauthntool to verify that versioned KH generated by this
firmware can be signed by this firmware
TEST=test_that --board=nami <IP> firmware_Cr50U2fCommands
Cq-Depend: chromium:2280394
Change-Id: Idf413a1a3e6c35a3e7e651faaa91fe2894b805db
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2202949
Reviewed-by: Louis Collard <louiscollard@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add invocation of power-up known-answer tests (KATs) on power-on
and after failures, while avoiding power-up tests on wake from sleep.
Added console & vendor commands to report FIPS status, run tests,
simulate errors.
BUG=b:138577539
TEST=manual; check console
fips on, fips test, fips sha, fips trng
will add tpmtest for vendor command
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I58790d0637fda683c4b6187ba091edf08757f8ee
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2262055
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added service function read_tpm_nvmem_size() to return size of hidden
nvmem object, which is needed in FIPS framework code, but can't be
implemented locally due to conflicting headers between TPM2 library
and Cryptoc library, and util.h
BUG=none
TEST=make BOARD=cr50; meaningul test will be added in upcoming CLs
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Iab9520170cfdcd754f1fe2e79143f75766284921
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2258534
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many source files over time started to respect 'bool' and 'size_t'
types for better code readability. However, these types are defined
in stdbool.h and stddef.h headers, so each time they were used
there was a need to include them. util.h included both, and one option
was to use it, but it conflicts with TPM2 library on definition MAX/MIN
BUG=none
TEST=make buildall -j
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ia0aca578e901c60aeafee5278471c228194d36bf
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2258540
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://crrev.com/c/2222386 added support for short EC keys to some
functions. Extending this support to sign and verify.
Added test vectors for regression testing in tpmtest.py
BUG=b:157528390
TEST=tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I3db2c9eee9da995d45d534a2732130948548ead8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2265605
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add proper TRNG health tests and CR50-wide DRBG with reseeding
BUG=b:138578157
TEST=tpmtest.py -t1 fails after cr50 reboot.
rand_perf in console (kick-off FIPS TRNG test) and then
tpmtest.py -t1 and tpmtest.py -t2 should succeed.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I94c2dbd7a00dedcf1a0f318539a3c73c0c8076ef
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2251381
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The logic of deciding if the alternative RW image is newer than a
certain version needs to be updated to accommodate moving to higher
prod and prepvt major version numbers.
BUG=none
TEST=the 'nvmem_find_partition: No Legacy Partitions found.' message
is not printed during startup any more when updating from 6.3 to
6.4.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I59e18712b3365446c29f569bf0b50f95ab67df95
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2250658
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to changes in internal structures, stack consumption for SHA2,
HMAC, HMAC_DRBG grew up, and when combined with stack growth due to
changes in cprintf cause crash for some development console commands.
This patch increase console stack for CR50_DEV and CRYPTO_TEST modes.
BUG=none
TEST=manual, build with CR50_DEV or CRYPTO_TEST, run taskinfo
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I7170c65e4b8092d165c478f505a435f834744ed9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2251382
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to NIST SP 800-90B only vetted conditioning mechanism should
be used for post-processing raw entropy. See SP 800-90B, 3.1.5.1 Using
Vetted Conditioning Components. Use of non-vetted algorithms is governed
in 3.1.5.2, but assumes conservative coefficient 0.85 for entropy estimate,
which increase number of requests to TRNG to get desirable entropy.
More details on entropy estimate tests are in associated bug.
Entropy measurements using NIST assessment tool didn't report noticeable
change in entropy estimate. However, more changes are needed to use
DRBG instead of raw TRNG for all purposes.
TRNG changes reviewed also at https://crrev.com/c/1926384
BUG=b:138577834
TEST=test/tpm_test/nist_entropy.sh
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I5a578b90b8b7a77fae6a218eec48e87e7644ab44
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2240519
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement board-local configuraration of FIPS 140-2/3 policy as
complementary to FWMP policy. This is intended mostly for lab
testing and dogfooding, when FWMP policy is not feasible.
board_fips_enforced() returns status of FIPS from FWMP and NVRAM
and caches state to avoid expensive operations later.
BUG=b:138577491
TEST=manual, make buildall -j
Actual test command to be added in upcoming CLs
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I8fa651e56e6e76a87bbc4dd911e7a8c0546e7e0f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2247112
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:158843230
TEST=run 'ver' on cr50
Change-Id: Ia22cbc74dc23156a11caceb587f8380aa68ce23b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2243312
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL enables cr50 to accept EC points of which X and/or Y component
has less than 32 bytes.
For testing, the following 4 data inputs can pass the test:
1. Creating salted session with a full-length ephemeral key.
2. Creating salted session with a short ephemeral key.
3. Walking through enrollment flow with a full-length ephemeral key.
4. Walking through enrollment flow with a short ephemeral key.
BUG=b:157528390
TEST=see the comment above.
Change-Id: I12c744ab00391a31d81d4ac6b6e644981ae46f48
Signed-off-by: Leo Lai <cylai@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2222386
Tested-by: Leo Lai <cylai@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NIST ACVP test expects access to test point is on curve and verification
of signature with arbitrary public key. Current implementation supported
only fixed public key. ACVP tests to be submitted separately.
Added two new test commands to support ACVP:
- TEST_POINT - test that given point is on selected curve
- TEST_VERIFY_ANY - same as TEST_VERIFY, but use provided Q
- TEST_SIGN_ANY - same as TEST_SIGN, but use provided d (private key)
BUG=b:138578319
TEST=make CRYPTO_TEST=1 BOARD=cr50 -j && test/tpm_test/tpmtest.py
Change-Id: Ibeabede935f5bbac918b3043072e05f8a6417aa4
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2227077
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch closes the AP RO verification loop on the Cr50 side.
If the check is triggered, the valid AP hash is found, and the RO
contents is found to not match the hash, the Cr50 will
- assert the EC reset;
- set a flag to prevent the code from deasserting EC reset;
- start a periodic hook to reassert EC reset in case the user hits
power+refresh.
This will prevent the Chrome OS device from booting.
A new CLI command is being added to display the verification state. In
developer images the new command would allow to clear the failure
state, when running prod images the only way out of the failure state
would be the powercycle.
BUG=b:153764696
TEST=verified that erasing or programming AP RO hash when board ID is
set is impossible.
Verified proper shutdown in case AP RO has is present and the AP
RO space is corrupted and recovery using the new cli command when
running a dev image.
Verified that 'ecrst off' properly reports the override.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I1029114126a9a79f80385af7bc8d5467738e04ca
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2218676
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SQA images won't be built anymore. This change removes the SQA support.
It deletes all SQA ifdefs and replaces CR50_RELAXED with CR50_DEV.
BUG=b:158011401
TEST=manual
build regular image and check eraselfashinfo and rollback aren't
included.
build image with CR50_SQA=1 and check it's no different than the
regular image.
build DBG image and make sure it still starts open, it has the
eraseflashinfo and rollback commands, and it can flash old cr50
images.
Change-Id: I5e94c88b1903cfcf0eee0081fc871e55fc8586c7
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2227149
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Not sure why this board was kept in, probably because fizz was mixed
up with fuzz.
BUG=none
TEST='make buildall -j' succeeds
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I4b08333d12bdfe8001b7e1c2b7c5860aef947a22
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2227168
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to support NIST ACVP testing, new commands to provide access to
HMAC implementations (software, and hardware accelerated HMAC SHA-256)
with CRYPTO_TEST_SETUP added:
- Software HMAC (_cpri_StartHMAC) TPM implementation
- dcrypto HMAC (DCRYPTO_HMAC_SHA256_init)
Updated hash_test.py to support different hash algorithms for hash
and HMAC, added HMAC tests.
BRANCH=cr50
TEST=make BOARD=cr50 CRYPTO_TEST=1 -j && test/tpm_test/tpmtest.py
BUG=b:138578319
Change-Id: I57da2f27734fc7e5dbc896d75c5f8b2ed60e3b18
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1854885
Reviewed-by: Gurleen Grewal <gurleengrewal@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Gurleen Grewal <gurleengrewal@google.com>
(cherry picked from commit 32c349afe72541570984a32bd85b8f1fcf2acb39)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2227074
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch assigns the bit offset 0 in TPM_BOARD_CFG register to
indicate the status of INT_AP_L extension. The bit 1 means INT_AP_L
pulse extension is activated, and 0 means it is not.
BUG=b:148691139
TEST=tested on atlas and on careena.
1. Checked the default TPM_BOARD_CFG (PWRDN_SCRATCH21) value was zero
and the INT_AP_L assertion duration was 4~10 microseconds.
> md 0x400000f4 1 // memory dump on GC_PMU_PWRDN_SCRATCH21
400000F4: 0x00000000
2. Attempted to change the board configuration (with a hacked UART
command.). The register value was unchanged.
> brdcfg 0x01
TPM_BOARD_CFG = 0x00000000
> md 0x400000f4 1
400000F4: 0x00000000
3. Forced to write the board configuration with a hacked UART command.
The register value was changed.
> brdcfg 0x01 force
TPM_BOARD_CFG = 0x80000001
> md 0x400000f4 1
400000F4: 0x80000001
4. Checked the INT_AP_L assertion duration extended to 110
microseconds or longer.
5. After cr50 deep sleep, checked the pulse duration was still
extended.
- turned AP off.
- disconnected Suzy-Qable.
- waited three seconds
- connected Suzy-Qable, and checked the reset cause was 'hibernate
rbox'.
> md 0x400000f4 1
400000F4: 0x8000001
6. With 100 usec long INT_AP pulse, checked trunks_cliend
regression_test, stress_test and ext_command_test runs good.
Checked dmesg and found no TPM errors through all tests.
(ap) $ trunks_client --regression_test
(ap) $ trunks_client --stress_test
(ap) $ trunks_client --ext_command_test
7.checked no character loss during uart_stress_tester.
(chroot) $ uart_stress_tester.py -c -t 600 /dev/ttyUSB2 /dev/ttyUSB1
8. the shortest duration of INT_AP_L assertion and deassertion
observed in logic analyzer were 110 usec and 152 usec.
9. measured the depthcharge exit timestamp and cr50 flash time with
or without INT_AP pulse extended to 100 usec, on atlas and helios:
-----------------+-------------------+------------------
| atlas | helios
-----------------+-------------------+------------------
boot (sec) | 1.398 -> 1.402 | 1.004 -> 1.011
cr50 flash (sec) | 10.800 -> 14.609 | 16.024 -> 16.466
-----------------+-------------------+------------------
Signed-off-by: Namyoon Woo <namyoon@google.com>
Change-Id: I2b9f9defb63cf05f9d91b741ccb4b49c4c6bc8e2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2202839
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the TPM vendor-defined register, TPM_BOARD_CFG,
which indicates the board configuration status. This register is
attributed as one-time-programmable and the value is maintained
across deep sleeps. Cr50 allows a write on this register right after
a cr50 reset until it receives a TPM2_PCR_Extend command.
BUG=b:148691139
TEST=none
Signed-off-by: Namyoon Woo <namyoon@google.com>
Change-Id: I89ae5a53c15990ef78812aec5da81a59f04d7d98
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2202838
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch applies INT_AP_L extension on I2CS. It uses
GPIO_MONITOR_I2CS_SDA to detect a transaction start during INT_AP_L
assertion and to deassert INT_AP_L.
BUG=b:148691139
TEST=None
Signed-off-by: Namyoon Woo <namyoon@google.com>
Change-Id: Iedd59b488dfdfaaf71dd71eda6437f1a9402d3c4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2150517
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a feature to extend each level of GPIO_INT_AP_L at
least for 100 microseconds. The assertion (low GPIO_INT_AP_L)
duration might be shorter only if AP asserts a SPS CS before
INT_AP_L deassertion, because it means means AP recognized
GPIO_INT_AP_L assertion already.
This patch increases the flash usage by 280 bytes.
BUG=b:148691139
TEST=None
Signed-off-by: Namyoon Woo <namyoon@google.com>
Change-Id: Ie74b236bc5352e9fc21fe600c12946e50955160a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2114430
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When AP RO verification is attempted, a lot of thing could go wrong,
and the operator would usually have very little insight into what's
happening unless there is a terminal connected to the Cr50 console.
This patch adds a new log event for registering the AP RO verification
progress. The event payload is a single byte value, logging the
following events:
0 - refresh key press is detected
1 - power button has been released before AP RO check was triggered
2 - trigger sequence timeout (refresh button not pressed in time)
3 - AP RO check triggered
4 - could not run the check, hash space not programmed
5 - could not run the check, hash space corrupted
6 - AP RO verification failed
7 - AP RO verification succeeded
BUG=b:153764696
TEST=verified logging during various AP RO verification attempts:
$ gsctool -a -L
Log time zone is PST
Dec 31 69 16:00:01 : 00
May 06 20 21:20:49 : 09 01
May 06 20 21:21:53 : 09 00
May 06 20 21:21:54 : 09 00
May 06 20 21:21:55 : 09 03
May 06 20 21:21:56 : 09 07
May 06 20 21:23:03 : 09 00
May 06 20 21:23:04 : 09 00
May 06 20 21:23:05 : 09 02
May 07 20 11:21:52 : 09 00
May 07 20 11:21:53 : 09 00
May 07 20 11:21:54 : 09 01
May 08 20 11:57:21 : 09 00
May 08 20 11:57:22 : 09 00
May 08 20 11:57:23 : 09 03
May 08 20 11:57:24 : 09 04
May 08 20 12:07:15 : 09 00
May 08 20 12:07:16 : 09 00
May 08 20 12:07:17 : 09 03
May 08 20 12:07:19 : 09 07
May 08 20 12:09:20 : 09 00
May 08 20 12:09:21 : 09 00
May 08 20 12:09:22 : 09 03
May 08 20 12:09:23 : 09 06
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I739f9dbb2e7b8fc87601d61e1f87eb49d85bdf14
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2191283
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch flips on the switch for the AP RO verification
implementation.
BUG=b:153764696
TEST=generated AP integrity verification data using the ap_ro_hash.py
script and then ran the verification procedure, observing the
'hash match' message on the Cr50 console.
Also verified that the Open Box RMA procedure still succeeds.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I15f19aefcb11a055e66994e33976b98ce6fdf099
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2220829
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds plumbing necessary to invoke the AP RO verification function
in response to the operator entering the 'magic sequence' of holding
the power button pressed and pressing/releasing the refresh button
three times within five seconds.
The code used during the 'Open box RMA' verification process is used,
with the physical presence confirmation phase bypassed.
This patch also makes sure that attempts to use CCD to program AP or
EC flash while AP RO verification is in progress would fail.
BUG=b:153764696, b:154966209
TEST=with the next patch applied, generated AP integrity verification
data using the ap_ro_hash.py script and then ran the verification
procedure, observing the 'hash match' message on the Cr50
console.
Also verified that the Open Box RMA procedure still succeeds.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Ic101fb892554ebb05f9ebe6d1546bfb439f74043
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2171399
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes it possible to check if the INFO1 Board ID space is
programmed or not.
BUG=b:153764696
TEST='make buildall -j'
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Ic771956a08e276c2e1a426729a8ecdae3f86a04f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2204974
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code which allows to read a section of AP or EC flash and
calculate the section's SHA256 sum does not allow calculating the sum
over multiple non-adjacent flash areas.
This patch changes the implementation to allow calculations over more
than one region. Initialization, calculation and reporting of the
result become three separate API entries.
The loop counting the number of the read flash chunks, is being
simplified, a watchdog kick added to the brief loop interruptions, as
it turns out that sleeping alone is not enough to prevent watchdog
expiration when calculating hash over large SPI flash ranges.
Also simplified prototypes for usb_spi_board_enable() and
usb_spi_board_disable().
BUG=b:153764696
TEST=created an RO descriptor for the Atlas DUT and verified that
'gsctool -O' succeeds.
Cq-Depend: chrome-internal:2939596
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Iec7b8634c7c80ebc7600c5b708879eb322bc7fec
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2163569
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes cr50 respond EC-EFS2 related TPM commands no matter
it has the board property, BOARD_EC_CR50_COMM_SUPPORT or not.
board_has_ec_cr50_comm_support() calls remain for configuring
GPIO_EC_PACKET_MODE_EN only.
BUG=b:155214584
TEST=checked gsctool running on Coral.
[before]
$ gsctool --getbootmode
finding_device 18d1:5014
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Error 8 in Getting boot mode
[after]
$ gsctool --getbootmode
finding_device 18d1:5014
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Boot mode = 0x00: NORMAL
Also checked 'ec_comm' uart command.
[before]
> ec_comm
No EC-CR50 comm support
Invalid argument
Usage: ec_comm [corrupt]
[after]
> ec_comm
uart : 0xff
packet mode : DISABLED
phase : 0
preamble_count : 0
bytes_received : 0
bytes_expected : 0
response : 0x0000
ec_hash : UNLOADED <-- It is marked as unloaded,
secdata_error_code : 0x00001203 <-- because of NVMEM error.
boot_mode : NORMAL <-- Still, boot_mode is normal.
Signed-off-by: Namyoon Woo <namyoon@google.com>
Change-Id: I08dc9abd8f194c83484b5be9b0a5e8844b2fd221
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2185872
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The gsctool utility allows to examine the device WP status, but does
not allow to set it. It would be useful to provide the user with a
means of enabling WP at any time.
This patch extends the existing vendor command VENDOR_CC_WP
implementation to allow an optional one byte parameter. If the
parameter is present, the Cr50 will unconditionally invoke
set_wp_state(1) when processing the command.
BUG=b:153881773
TEST=with the corresponding gsctool.c changes coming up in the next
patch verified that attempts to enable WP when running the
unmodified Cr50 image fail with error message "Early Cr50
versions do not support setting WP", and that the updated Cr50
image allows to enable WP using 'gsctool -a -w enable'
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I75c200bbb9085e9f74c227ef80f782defdaaa29e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2149519
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When supported, the AP RO verification would be triggered by the
operator pressing and keeping pressed the power button and then
pressing and releasing a few times the refresh key.
As proposed in this patch, to trigger the verification the operator
must complete the sequence within 3 seconds by pressing the refresh
key three times.
The sequences is controlled by periodic polling. Enabling refresh key
press interrupts was investigated, the issue is that the key generates
plenty of interrupts due to dribbling, to the tune of a hundred each
time it is pressed. It is much cheaper to just poll every 20 ms.
The CONFIG_AP_RO_VERIFICATION config flag controls enabling of this
feature.
BUG=b:141191727
TEST=enabled the new feature and verified proper operation by both
detecting the trigger and abandoning the sequence due to released
power button or not enough times pressed refresh key.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I55376a87009d6f8020358ad11db1e47d0b8393ed
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2144944
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cr50 used to read GPIO_EN_PP3300_INA_L value to detect if USB_I2C is
enabled. However it requires an external pullup. Instead, this patch
adds a sw flag to indicate USB_I2C status, so that it can keep
USB_I2C status regardless external HW factors.
BUG=b:152946978
TEST=ran flash_ec on waddledee, ampton, and dragonegg.
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Change-Id: Ie1a3a8c790e9643a3b49b6c519167ee3bdecc650
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2140535
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out that the Cr50 not shutting off the AP UART quickly enough
causes violation of the JSL power sequence requirements due to the
leakage caused by the active UART lines.
Let's speed up AP state polling when CCD is active. When CCD is not
active the UART is shut of to start with.
BUG=b:152446186
TEST=running the new image verified that that timing constraints are
not violated any more. Also verified reliable UART=>USB bridging
operation.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Iffb7f8bc33c4516bb7cf5cbf58c5ced277cd1aec
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2139732
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drop the unused function and use ccprintf() instead of uart_printf().
Using ccprintf() will make it easier to use this code when packet mode
is enabled.
Used tabs in the changed lines s to pacify repo upload.
BUG=b:149964350
TEST=make buildall -j
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I97522e9278a4393ef75b9a6a90e6995ba2449f30
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2114237
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch reprioritizes ec_comm_init() and ec_efs_init() so that
they won't be executed prior to board_init(), which executes
nvmem_init().
BUG=b:151187315
BRANCH=cr50
TEST=let cr50 reboot a few times, and checked the console message
and the ec_comm command output that Kernel secdata was reloaded
without error. Swapped cr50 image from normal to dev, vice versa,
and repeated the rebooting.
[Reset cause: hard]
[0.003799 Inits done]
strap pin readings: a1:2 a9:3 a6:0 a12:0
[0.005893 Valid strap: 0xe properties: 0xa00041]
[0.007991 init_jittery_clock_locking_optional: run level high, ...
[0.045539 init took 29953]
[0.051185 tpm_rst_asserted]
[0.052074 EC-COMM: Initializtion]
Console is enabled; type HELP for help.
...
> ec_comm
...
response : 0xec00
ec_hash : LOADED
secdata_error_code : 0x00000000
>
Change-Id: Ia695896986374ac9d23ac111fe0086ec6a13923e
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2093102
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a test case for EC-EFS functions.
BUG=b:150650877
BRANCH=cr50
TEST=make run-ec_comm
make runhosttests
make buildall -j
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Change-Id: I90cdc3aa73cf8946da4cf094de5ca0adfaaa0a7c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2096338
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch moves ec_comm.c and ec_efs.c from board/cr50 to common/,
so that they can be shared with other board configuration (like host).
This is to build unittest for those files.
BUG=none
BRANCH=cr50
TEST=make buildall -j
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Change-Id: I67ac313054ebe4604848a176f0a42e3483957e74
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2094076
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch changes fixes the pre-condition to check before
it processes the command, SET_BOOT_MODE. It should check if the
current boot mode is NORMAL mode, but it used to check if the input
parameter value is NORMAL mode.
BUG=none
BRANCH=cr50
TEST=make buildall -j
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Change-Id: I85e0a3a1ed27a276262a7b9d3889c826cca14d19
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2094075
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will allow using this pin a physical presence indicator on
certain platforms.
BRANCH=cr50,cr50-mp
BUG=b:144455668
TEST=tried the new image on the red board, observed DIOM4 level
changing when shorting it to ground.
Change-Id: I7c20b094d73d49321921c5afa67e0db9825ea82f
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2076499
Reviewed-by: Yicheng Li <yichengli@chromium.org>
Commit-Queue: Yicheng Li <yichengli@chromium.org>
Tested-by: Yicheng Li <yichengli@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes a coding style violation in enum name.
BUG=none
BRANCH=cr50
TEST=none
Change-Id: I53eb8aa0905ecfc841a4fe7a738df74d571e321b
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2065493
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch supports EC-CR50 communication.
EC activates EC-CR50 communication by setting high DIOB3, and send
a command packet to CR50 through UART_EC_TX_CR50_RX. Cr50 processes
the packet, and sends a response packet back to EC. EC deactivates
EC-CR50 communication by putting low DIOB3.
This patch supports two kinds of EC-CR50 commands:
- CR50_COMM_CMD_SET_BOOT_MODE
- CR50_COMM_CMD_VERIFY_HASH
Cr50 stores some of EC-EFS context in a powerdown register before
deep sleep and restores it after wakeup.
This patch increases flash usage by 1456 bytes.
BUG=b:119329144
BRANCH=cr50
TEST=Checked "ec_comm" console command on Octopus and
reworked Helios.
Checked uart_stress_tester.py running without character loss.
Change-Id: I23e90b9f3e860a3d198dcee718d7d11080d06e40
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1961145
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Based on the design in go/ec-efs2, this patch adds two TPM
vendor-specific commands:
- VENDOR_CC_GET_BOOT_MODE
- VENDOR_CC_RESET_EC
BUG=b:141578322
BRANCH=cr50
TEST=tested with EC-EFS supporting EC/AP firmware.
With CR50 dev image, tested with gsctool on Octopus and Helios
by sending each of new vendor commands.
Checked flash_ec working on Scarlet in bitbang mode.
Change-Id: Ia8f38a7b9cc45b172a1a1ef7e216034e520b79c7
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1956409
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cr50 reads EC Firmware hash from kernel secdata. This data shall be
used for EC-EFS (Early Firmware Selection) procedure.
BUG=chromium:1020578, b:148489182
BRANCH=cr50
TEST=none
Change-Id: Id8942b5b49dd5b0412d198a12ee0bf87fd59d47f
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1956159
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces 'EC_CR50_COMM' a new option for ccdblock
console command.
It can be useful for system rescue purpose like you want to
force cr50 to yield EC_UART (especially TX) port to servo.
BUG=chromium:1047287
BRANCH=cr50, cr50-mp
TEST=ran manually ccdblock.
> ccdstate
AP: off
AP UART: off
EC: on
Rdd: connected
Servo: undetectable
CCD EXT: enabled
State flags: UARTEC+TX I2C SPI
CCD ports blocked: (none)
>
>
> ccdblock EC_CR50_COMM enable
CCD ports blocked: EC_CR50_COMM
> [73.386550 CCD state: UARTEC I2C SPI]
>
> ccdstate
AP: off
AP UART: off
EC: on
Rdd: connected
Servo: disconnected
CCD EXT: enabled
State flags: UARTEC I2C SPI
CCD ports blocked: EC_CR50_COMM
>
>
> ccdblock EC_CR50_COMM disable
CCD ports blocked: (none)
> [104.781623 CCD state: UARTEC+TX I2C SPI]
ccdstate
AP: off
AP UART: off
EC: on
Rdd: connected
Servo: undetectable
CCD EXT: enabled
State flags: UARTEC+TX I2C SPI
CCD ports blocked: (none)
Change-Id: I7816c201054f1793906bd19d4b58755593d2fbac
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2042118
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|