| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To implement FIPS module we need to bring many crypto functions in the
module boundary. Unfortunately, cryptoc is a third-party library used
by dcrypto code in cr50. Cryptoc is also not well-maintained and shared
with other projects.
BUG=b:138578318
TEST=make BOARD=cr50 CRYPTO_TEST=1
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I40090f5d32df088c88d7313dd693fc8a0dd4b308
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3083187
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linker script used by FIPS module broke several extension commands
used for testing due to section name used (no wildcards support).
FIPS self-integrity tests broke access to crypto commands as until
there is no correct digest it fails and prevents access to crypto.
This is temporary fix until digest computation is done.
TPM tests requires GCM for testing - adding this module when built with
CRYPTO_TEST=1.
U2F test status made a bit clearer (printing success) and hex dumps of
key handles, signatures only printed in debug mode now.
BUG=none
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I7c974abf8ac71de2949b35a4411f77a03d9048a0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3082325
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces an alternative USB SPI protocol implementation
to be used by Cr50: Raiden V2. The SPI USB endpoint descriptor is
modified to advertise the new version in the bInterfaceProtocol, which
allows the flashrom utility to use the new protocol version.
Protocol version 2 implements segmentation and reassembly where longer
flash read and write PDUs can be transferred split into shorter fixed
size USB packets. The comment section in usb_spi_v2.c describes the
protocol in detail.
Each time a USB packet is received from the host, the packet header is
examined to determine the command. The command could be a DUT
configuration query OR a request to read and or write some data
from/to the SPI flash chip, OR a request to retransmit the last PDU
from the beginning.
This patch implementation does not process the retransmittion request
command yet, in case a packet is dropped flashrom would need to be
re-run. This is a pretty rare condition, but if deemed necessary
support can be added later.
H1 SPI controller supports multibuffer transactions where the CS
signal is kept asserted while the controller clocks the bus when the
next portion of data to write becomes available or there is more room
to read data to send back to the host. This allows to support
arbitrary length read and write transactions. There is no need to
support write transactions longer than 256 bytes of data, as this is a
typical SPI flash chip page size. For read direction the size of 2040
was chosen, which is close to 2K and takes full payload of 34 USB
packets on top of 2 byte headers.
The protocol state machine on the device sideOB can be in one of
two states, IDLE or WRITING. Many of host requests do not require the
device to change state: configuration requests, or writes of short
blocks of data (fitting into one USB packet) can be executed
immediately. Requests to read long blocks of data can still be
executed without leaving the IDLE state, the device starts the SPI
transaction and then iterates reading one packet worth of data at a
time and sends it back to the host. Once the entire PDU is read, the
CS is deasserted.
In case the host requests to write a block of data which does not fit
into a USB packet the device asserts the CS, sends the first received
block to the SPI flash chip and then enters the WRITING state,
expecting the controller to send the rest of the PDU in following
packets.
Once the entire PDU is transferred the CS is deasserted and state is
changed back to IDLE.
BUG=b:79492818
TEST=performed numerous flash read/write operations with 16M SPI flash
chip on the Atlas device. Timing results comparison of various
operations:
Raiden V1 Raiden V2
Reading entire chip: 3m 16s 0m 52s
Vanilla writing of new image: 16m 22s 5m 48s
Writing of AP firmware into an
erased flash chip (no read
before or after writing) 4m 12s 1m 38s
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I374f3caab7146fc84b62274e9e713430d7d31de0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2977965
Reviewed-by: Brian Nemec <bnemec@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add basic test to U2F generate, sign and attest commands to make sure
commands are processed correctly.
When build with CRYPTO_TEST=1 pretend that power button for U2F is
always pressed when requested to simulate user presence.
BUG=None
TEST=make BOARD=cr50 CRYPTO_TEST=1
tests/tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I8fda8037ea7322eb5fa46421ded6da3d1bba9c66
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3048103
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added computation of FIPS module SHA256 digest and comparison with
precomputed value.
BUG=b:138578318
TEST=make BOARD=cr50, check console output
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I3aaac07ff460b5021f2b7dab4f6df2710325c60b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3045839
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added linker script to sort by name all symbols from FIPS module and
place them together in text.fips, rodata.fips and bss.fips sections
which are later placed at fixed locations by chip's linker script.
Note, this has impact on image size as LTO intentionally won't work
across FIPS module boundary and probably don't discard some unused
functions. Currently size increase is 1544 bytes.
List of functions added:
fips_p256_ecdsa_sign
fips_drbg_clear
DCRYPTO_asn1_sigp
board_set_fips_policy_test
u2f_gen_kek
DCRYPTO_asn1_pubp
fips_drbg_init
fips_throw_err
board_fips_enforced
fips_trng_bytes
dcrypto_p256_pick
DCRYPTO_hkdf
dcrypto_p256_rnd
fips_mode
adaptive_proportion_test
fips_rand_bytes
fips_set_policy
board_fips_power_up_done
fips_crypto_allowed
Note, some of these functions can be removed, and some will be used
once switch to FIPS key gen.
BUG=b:138578318
TEST=make BOARD=cr50
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I0ab3cf1fc7fd6de2025b69d46c71625d96d7873b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3041098
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=make buildall -j
find -name util.o
board/cr50/dcrypto/util.o is only a part of the cr50 build
./build/cr50/RO/common/util.o
./build/cr50/RO/board/cr50/dcrypto/util.o
./build/cr50/RW/common/util.o
./build/cr50/RW/board/cr50/dcrypto/util.o
./build/cr50/cryptoc/util.o
Change-Id: Ib1e82922548f9ec483338baaad94c6b2cb10f371
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3043359
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recent changes with FIPS module - removal of ECIES from dcrypto build,
broke CRYPTO_TEST=1 build where tpm2/ecies.c used those functions.
So, removing it from build for consistency.
Also, some CRYPTO_TEST commands needs more stack, like newly added
u2f_test command. These commands are usually executed in the context
of TPM task which has larger stack, and to be executed in console task
it's size should be a bit larger.
BUG=none
TEST=make BOARD=cr50 CRYPTO_TEST=1
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I7b663eb0b0f64871682c907d66e855e75c091548
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3042142
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FIPS module should be self contained. Adding __aeabi_uldivmod is
challenging as it comes from compiler builtin and used by other parts.
In this CL we implement udiv32() which divides 64-bit number by 32-bit
number. Since it doesn't compute reminder and don't have to support
real 64-bit by 64-bit division it's faster. Also, we can use ARM
instruction to count leading zeros instead of doing it manually.
This code is reused from Ti50 cryptolib code as is.
Exhaustive bn_div() test is provided by test/tpm_test/bn_test.c which
is now can be built with board/cr50/dcrypto version.
BUG=b:138578318
TEST=make BOARD=cr50
test/tpm_test/make CR50=1
build/tpm_test/bn_test
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I19cebc5c11d3a80bc50732350b7c598bfa374348
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3042138
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Build dcrypto and u2f separately as a part of the fips_module object.
This doesn't change how cryptoc is built. That'll be done in a followup
CL.
BUG=none
TEST=none
Change-Id: I411ee297ae8e88f0c38b6798c7b58c0e657750b1
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3002451
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: I24314865ef591ae791e20559534ca4e40af7d46d
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3010921
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=make -j BOARD=cr50 CRYPTO_TEST=1
Change-Id: Iad1c87d6ca3dfd798a6b63a0cffc087e1dd716a2
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3002450
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes the restriction of TPM_MODE vendor command,
allowing any board's AP to disable TPM mode if required.
In addition, TPM reset processing flow is being modified to always
reboot the H1 in case TPM reset happens when TPM is disabled.
BUG=b:191180387, b:191180208
TEST=on an Atlas device:
localhost ~ # gsctool -a -f
start
target running protocol version 6
keyids: RO 0xaa66150f, RW 0x334f70df
offsets: backup RO at 0, backup RW at 0x4000
Current versions:
RO 0.0.11
RW 0.6.30
$ localhost ~ # gsctool -a -m disable
TPM Mode: disabled (2)
localhost ~ # gsctool -a -f
start
[WARNING:bus.cc(638)] Bus::SendWithReplyAndBlock took 1516ms to...
Problems reading from TPM, got 10 bytes
Failed to start transfer
localhost ~ # reboot
-- GSC reboots during device rebnoot
localhost ~ # gsctool -a -f
start
target running protocol version 6
keyids: RO 0xaa66150f, RW 0x334f70df
offsets: backup RO at 0, backup RW at 0x4000
Current versions:
RO 0.0.11
RW 0.6.30
localhost ~ # reboot
-- GSC does NOT reboot during device rebnoot
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I492bd2f201f3c5c7d1cd9b228ec6ab1cdcf8fa53
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2987913
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NVMEM commits are disabled for a few seconds after every TPM reset.
Setting TPM mode to 'disabled' requires the commits to be enabled
first, so that the NVMEM updates would be saved immediately.
Re-enabling the commits must be done by the same task which disables
them, i.e. the TPM task. This patch moves the invocation of
'nvmem_enable_commits()' to the main processing thread of the TPM mode
vendor command handler. When invoked through TPM it will be able to
properly reenable NVMEM commits. When invoked through USB it will fail
if TPM reset happened less than 3 seconds ago.
BUG=b:187831914
TEST=verified that when the TPM disable command is sent immediately
after TPM reset over USB it is rejected with error code 11, no
lockup/watchdog reset is observed.
Testing the AP sending the command will be done when debugging
NBR.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I035cd5db2c55fe5c9dd3679153bf9a2ec49210b6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2998302
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cr50 doesn't use AES-CMAC and P256-ECIES functions. Currently these
functions are not linked in as they are not used. Since we will change
a build process to build crypto library separately to implement FIPS
certification requirements, better to remove it from library as
otherwise they will increase image size. Files are still there in case
if will be needed in the future.
BUG=b:134594373
TEST=make BOARD=cr50
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I0922a5f35a85b1a2d85e6b325716ac3838c2c9cb
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2988186
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:191799047
TEST=make buildall -j ; run tpmtest
Change-Id: I8b743c16c4e4b8b0779eb40ba1eb0a78613930f9
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2980812
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To be able to send and receive multiple SPI buffer quantities in a
single SPI transaction it is necessary to control the SPI CS signal
directly, as opposed to connecting it to the SPI controller.
Direct mode allows to keep CS asserted as long as necessary to
transfer the full data blob, size of which might exceed the the size
of the SPI controller buffer.
BUG=b:79492818
TEST=flashrom access still works fine:
$ flashrom -p raiden_debug_spi:target=ap --flash-name
flashrom f10dff7b-dirty on Linux 5.4.0-71-generic (x86_64)
flashrom is free software, get the source code at https://flashrom.org
Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Raiden target: 2
Found GigaDevice flash chip "GD25Q127C/GD25Q128C" (16384 kB, SPI) on...
vendor="GigaDevice" name="GD25Q127C/GD25Q128C"
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Idecf019d3fd19675d7f78e4dc1140106a2112c6b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2973580
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
AP RO verification has four outcomes. Shimless RMA needs to be able to
check the status. This change adds a vendor command to check the AP RO
verification status
NOT_TRIGGERED: The last AP reboot was not triggered by RO verification
key combination.
PASS: The last AP reboot was triggered by RO verification key
combination, and the verification passes
FAIL: The last AP reboot was triggered by RO verification key
combination, and it fails. In reality, the device should brick and
the system will not see this response.
UNSUPPORTED: The last AP reboot was triggered by RO verification key
combination, but there is no data to perform it or the
board doesn't support it.
BUG=b:182594555
TEST=manual
# Erase board id
# Erase AP RO hash
cr50 > ap_ro_info erase
# Check status
AP RO status = 3: unsupported
# Set gbb flags
/usr/share/vboot/bin/set_gbb_flags.sh 0x140
# Set AP RO hash
./util/ap_ro_hash.py -v True GBB
# Check status
AP RO status = 0: not run
# Trigger verification
# Check status
AP RO status = 1: pass
# Change gbb flags
/usr/share/vboot/bin/set_gbb_flags.sh 0xa39
# Trigger verification
# Check status
AP RO status = 2: FAIL
# Set board id to DUKI:0x10
# Check status
AP RO status = 3: unsupported
Change-Id: I354ccd6317cd36008a66ffd93afb3ee95f3c3561
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2950314
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some factories programmed hashes into devices that don't support reading
from AP flash while EC_RST_L is asserted. Skip AP RO verification on
these devices if the RLZ is blocked.
BUG=b:185783841
TEST=manual
Set board id to YVRQ:0x10
Verify AP RO verification can be triggered
Set board id to VYRC:0x10
Verify AP RO verification is skipped even if the hash is stored.
Change-Id: I7ef5ceafd55ae5e90b4a754d1e92317a9a745ef9
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2950313
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:186446598
TEST=none
Change-Id: I0192cd85904fe162c38bbedd5321187bc24be8d9
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2970991
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
| |
Signed-off-by: Josip Sokcevic <sokcevic@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the codes that support EC-EFS 2.1.
However, it is not enabled. EC-EFS 2.0 is still enabled as default.
BUG=b:187953899
TEST=built cr50 image, and ran it on hatch with CONFIG_EC_EFS2_VERSION
defined as 0 and 1 respectively. For both cases, CrOS booted good.
Also checked CrOS recovery was done good with corrupted TPM secdata, and
booted good at the end.
> ec_comm corrupt
> ecrst pulse
Ran the unittest for both version as well.
$ make run-ec_comm
$ make run-ec_comm21
Signed-off-by: Namyoon Woo <namyoon@google.com>
Change-Id: I7623fa56dd44a01002628685826105afe76e034f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2891925
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The index is added to cr50 repository while the usage is only for
generic TPM2.0 case. In the future we don't want GSC to re-use the index
number.
BUG=b:187821960
BUG=b:191163997
TEST=make buildall -j
Signed-off-by: cylai@chromium.org
Change-Id: I6cfb12cf4558dd0bf2c99e045ef6e0b89698bbc7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2892151
Tested-by: Leo Lai <cylai@google.com>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CRYPTO_TEST images don't need to have restricted CCD. Open CCD for
crypto test images like we do for DBG images.
BUG=none
TEST=ccd is automatically open in crypto test images
Change-Id: I674ef9055e1a87caf9f8b2b28f9893e79ed9e7e5
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2916576
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enable dev features in CRYPTO_TEST builds, so it's easier to update and
rollback to MP images.
Add the rollback command and disable update checks.
BUG=b:186663661
TEST=make clobber ; make -j BOARD=cr50
make clobber ; make -j BOARD=cr50 CRYPTO_TEST=1
Change-Id: Id8929f67f206d3222c551532c91921bd646d2a50
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2875480
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove AP RO verification and spi hash support to save space.
This saves 3952 bytes in the CRYPTO_TEST image.
BUG=b:186663661
TEST=make clobber ; make -j BOARD=cr50 ;
make clobber ; make -j BOARD=cr50 CRYPTO_TEST=1
Change-Id: I77eb3de547fad1e4a894b0e6eff62adaa8cbf65d
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2875478
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove these commands.
CONFIG_CMD_ECRST
CONFIG_CMD_SYSRST
CONFIG_CMD_WP
CONFIG_CMD_DUMP_NVMEM
CONFIG_CMD_PINMUX
CONFIG_CMD_GPIOCFG
CONFIG_CMD_SLEEPMASK
CONFIG_CMD_TIMERINFO
CONFIG_CONSOLE_HISTORY
CONFIG_I2C_XFER
CONFIG_I2C_SCAN
CONFIG_CONSOLE_CMDHELP
This saves 6068 bytes of space.
BUG=b:186663661
TEST=make -j BOARD=cr50
Change-Id: I3f559fe853ab51b9618edb3e2a5bd215c2155325
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2875477
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add CONFIG_CMD_ROLLBACK for building the rollback command.
BUG=b:186663661
TEST=flash usage doesn't change with make -j BOARD=cr50
Change-Id: Iea22485368fbb57eed114653c6f78758cc5c8111
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2875476
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add CONFIG_SPI_HASH to control building spi hash support.
BUG=b:186663661
TEST=flash usage doesn't change with make -j BOARD=cr50
Change-Id: If2f731897bcddec226cd0f388e94e82f7eeaeb8f
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2875475
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Isolate CONFIG_AP_RO_VERIFICATION
BUG=b:186663661
TEST=flash usage doesn't change with make -j BOARD=cr50
#undef CONFIG_AP_RO_VERIFICATION doesn't have build errors.
Change-Id: I9bf7e897a44302062551ecb553236a08dc96432e
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2875474
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add CONFIG_CMD_WP to control building the wp commands.
This adds the wp console command, the bpforce console command, and the
wp vendor command.
BUG=b:186663661
TEST=flash usage doesn't change with make -j BOARD=cr50
Change-Id: I707ace6d35b691a49d983b714ad519ae85c7e01f
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2875470
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add CONFIG_CMD_SYSRST to control building the sysrst command.
BUG=b:186663661
TEST=flash usage doesn't change with make -j BOARD=cr50
Change-Id: I4922b5b55d895bc2f4b43614fe2af210c5fbe134
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2875469
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add CONFIG_CMD_ECRST to control building the ecrst command.
BUG=b:186663661
TEST=flash usage doesn't change with make -j BOARD=cr50
Change-Id: Ia3b7a0284c594d03257fa669bff0ab8bec155125
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2875468
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:186048264
TEST=ran it on Octopus.
> ccdstate
AP: on
AP UART: on
EC: on
Servo: undetectable
Rdd: connected
KeepAlive: disabled
CCD_MODE: asserted
State flags: UARTAP+TX UARTEC+TX I2C SPI USBEC+TX
CCD ports blocked: (none)
Signed-off-by: Namyoon Woo <namyoon@google.com>
Change-Id: If854d5f56c812ab04a3271b07f1ebdd5ad1e6e86
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2845279
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:186004390
TEST=checked 'ccdstate' output in Octopus:
> ccdstate
AP: on
AP UART: on
EC: on
Servo: undetectable
Rdd: connected
KeepAlive: disabled
CCD EXT: enabled
State flags: UARTAP+TX UARTEC+TX I2C SPI USBEC+TX
CCD ports blocked: (none)
>
>
> rddkeepalive true
Forcing Rdd detect keepalive
>
>
> ccdstate
AP: off
AP UART: off
EC: on
Servo: undetectable
Rdd: connected
KeepAlive: enabled
CCD EXT: enabled
State flags: UARTEC+TX I2C SPI USBEC+TX
CCD ports blocked: (none)
>
> rddkeepalive
Rdd: connected
KeepAlive: enabled
>
> rddkeepalive false
Using actual Rdd state
>
> rddkeepalive
Rdd: connected
KeepAlive: disabled
Signed-off-by: Namyoon Woo <namyoon@google.com>
Change-Id: Ib0517a62ddd97f334cc62530abdb8fe612ac998c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2844339
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add 'atboot' arg to rddkeepalive that can be used to store rddkeepalive
across cr50 resets.
The atboot flag gets cleared with rddkeepalive disable.
BUG=b:144724216
TEST=manual
# Verify 'rddkeepalive disable' is unchanged
rddkeepalive disable
Using actual Rdd state
rddkeepalive
Rdd: connected
# Verify 'rddkeepalive enable' is unchanged
rddkeepalive enable
Forcing Rdd detect keepalive
rddkeepalive
Rdd: keepalive
# Verify 'rddkeepalive disable' disables keepalive
rddkeepalive disable
Using actual Rdd state
rddkeepalive
Rdd: connected
ccd
...
Flags: 0x000000
# Verify 'rddkeepalive enable atboot' enables keepalive and sets
# the atboot flag.
rddkeepalive enable atboot
Forcing Rdd detect keepalive atboot.
rddkeepalive
Rdd: keepalive (atboot)
# check the ccd rddkeepalive atboot flag (0x80000)
ccd
...
Flags: 0x080000
reboot
...
rddkeepalive
Rdd: keepalive (atboot)
ccd
...
Flags: 0x080000
# Verify this new string doesn't break dut-control
dut-control cr50.ccd_keepalive_en
ccd_keepalive_en:on
# 'rddkeepalive enable' doesn't touch the atboot flag
rddkeepalive enable
Forcing Rdd detect keepalive
rddkeepalive
Rdd: keepalive (atboot)
# 'rddkeepalive disable' clears it.
rddkeepalive disable
Using actual Rdd state
rddkeepalive
Rdd: connected
Change-Id: I10227e335a5de6ed73290ff5be2e65892913de35
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2799441
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enable EC_PACKET_MODE_EN wake on high in ec_comm_init_ instead of
board_configure_deep_sleep_wakepins, so cr50 will wake from regular
sleep and deep sleep when EC_PACKET_MODE_EN is asserted.
BUG=b:183611249
TEST=manual
# Verify EC-EFS after wake from deep sleep
# shutdown AP wait for cr50 to enter deep sleep
ec > reboot ap-off
# wait for cr50 to enter deep sleep.
# Verify cr50 wakes up from deep sleep and verifies EC hash.
ec > reboot ap-off
# Verify EC-EFS after wake from sleep
# keep AP off. Set the idle action to sleep
cr50 > idle s
# Disable TPM_RST_L wake to prevent that from constantly waking
# cr50.
cr50 > rw 0x40060284
read 0x40060284 = 0x00860008
cr50 > rw 0x40060284 0x00860000
# Verify cr50 wakes up from sleep and verifies EC hash.
ec > reboot ap-off
Change-Id: I7fc31154becaafaa536fc1ee6775a7723e49a469
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2799447
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since this is cr50's branch, there's no semantic difference whether
we put logic in board/cr50/u2f.c or common/u2f.c. EC's build system
doesn't quite allow unit-testing board-specific logic, so to unit-test
some of the crypto logic in board/cr50/u2f.c, things need to move
to common/u2f.c. There's no change in functionality.
There should also be no problem for merging/cherry-picking ToT changes
to cr50_stab, because any new u2f changes are made on cr50_stab only
and not on ToT.
BUG=b:172971998
TEST=make run-u2f
TEST=make CR50_DEV=1 BOARD=cr50
Change-Id: I3cb8d78fd6427620a6fe20cef12708899d2896b5
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2702496
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The u2f functionality had no unittests at all. This change is more
of a setup (in terms of build dependencies) so that u2f tests can
be easily added in the future. This change comes with a few simple
tests for u2f_generate.
The basic idea here is to use board/host/dcrypto.h to mock the
dcrypto functionalities. Since board/host/dcrypto.h includes an
alternative to cryptoc's sha256 definitions, we need to exclude
cryptoc/sha256.h in the test builds.
BUG=b:172971998
TEST=make -j run-u2f
TEST=make CR50_DEV=1 BOARD=cr50 -j
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Change-Id: Idae6f55f599a017aedcaf0fe4cdb6c0506e72712
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2610133
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: Icbd143b072fdd5df3b67d7e5a09ee6c01a77f6b9
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2622889
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: If1d3a3e11736bf6da85938a607038a93254e9cc0
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2615126
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: If7b5829294a3d4d8a68042f1a8d449e8e6ef158e
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2615124
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: I244ca864dad04f2b4f02bb1be2b482921da2fc88
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2615123
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: Ia34cccffdd6a82c25b479bb8d2e6370bbf00baf0
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2615121
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: I79a65f8475e2a764720a1f37a147c3723d34b046
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2615120
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove coil terms from i2c comments
BUG=b:175244613
TEST=make buildall -j
Change-Id: If056c099304e1fa676991e22ddaa9cb91ccfdeb3
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613509
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: Iea0b26d4aec99509bc2db0ccc3ad8da701d63e79
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613505
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: I5318e7845c7b87a21b1fa9f5e99629513b7fbb80
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613504
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We can't change the register names at this point. We can only change the
gpios. This changes the gpio names.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I0dadd84bbb3d19011e86428b79d0cb08321c35e3
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2611762
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename i2cs functionas and variables to i2cp. Change some basic
comments.
I will rework the i2cp comments to stop using controller when referring
to the i2cp, because it's kind of confusing now that master has been
renamed to controller.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I9574e77ab42427ca90d5b8a6421793f52e519f67
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2611761
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|