| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to make printf more standard, use %ph. Pass a pointer to
a struct describing the buffer, including its size. Add a convenience
macro so that conversion between the old style and new style is purely
mechanical. The old style of %h cannot be converted directly to %ph as-is
because the C standard doesn't allow flags, precision, or field width on
%p.
Ultimately the goal is to enable compile-time printf format checking.
This gets us one step closer to that.
BUG=chromium:984041
TEST=make -j buildall
BRANCH=None
Cq-Depend:chrome-internal:1559798,chrome-internal:1560598
Change-Id: I9c0ca124a048314c9b62d64bd55b36be55034e0e
Signed-off-by: Evan Green <evgreen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1730605
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to avoid landmines later with future extensions to %p,
disallow %p by itself. The danger is that we'll have something
like: printf("%pFOO", myptr), and then later will add a %pF
extension, but miss this printf (maybe the string is split, maybe
it's just missed).
Missing a conversion during extension is worse than just seeing a
print like <ptr_val>OO, since %pF likely reaches through the
pointer and interprets its contents according to whatever F means.
Convert existing uses of %p to %pP, so they're explicitly printing
a pointer value, giving us flexibility to extend in the future.
BUG=chromium:984041
TEST=make -j buildall
BRANCH=None
Cq-Depend:chrome-internal:1560879
Change-Id: I36a4bee8d41cb9a6139171f8de0d8f2f19468132
Signed-off-by: Evan Green <evgreen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1730604
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It looks like the flash controller requires the user to explicitly
clear the command field if the command fails. Not clearing the command
field prevents error status from clearing on read.
BRANCH=cr50, cr50-mp
BUG=b:141203977
TEST=with the latest RO locking out INFO1 erases, it is possible to
keep accessing flash after failing 'eraseflashinfo' invocation:
> eraseflashinfo
do_flash_op:274 errors 1000 fsh_pe_control 40720004
do_flash_op:265
Failed to erase info space!
Unknown error
Usage: eraseflashinfo
> bid
Board ID: 0001e240, flags 00000000
>
Change-Id: I4dd14e1e5f974bb30e2ca5beb9e43e2974ace179
Signed-off-by: Marius Schilder <mschilder@chromium.org>
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1812175
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces CONFIG_USB_CONSOLE_STREAM, which implements
usb-console with usb-stream configuration, intending to remove
code redundancy between the previous implementation (usb_console.c)
and usb_stream.c.
Flash usage decreases by 224 bytes, and RAM usage by 40 bytes.
BUG=b:138447451
BRANCH=cr50
TEST=Checked cr50 USB console and cr50 UART console respectively.
Key-in response and output are working well:
./util/uart_stress_tester.py /dev/ttyUSB0 -t 300 --debug
Change-Id: I305038e1db83dc49bb12a8afdbfcc2a8135d50f5
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1741302
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: mschilder@google.com
BRANCH=none
BUG=none
TEST=buildall -j
Change-Id: I4a70828bc6e9af2acc91de501ffa853e23395353
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1809108
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Marius Schilder <mschilder@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Marius Schilder <mschilder@chromium.org>
Auto-Submit: Marius Schilder <mschilder@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is not always possible to rely on PMU for resetting the I2CS
controller. Most of the AP firmware versions deploy the 'I2C unwedge'
cycle when coming out of reset, but not all of them, this is why Cr50
needs to be able to recover on its own in case there was a crash and
the I2C bus was left mid transaction with the H1 holding down the SDA
line.
A GPIO is dedicated to monitor the I2CS_SDA line during reset. If the
line is kept low, it could be a sign of a 'wedged' controller. The g
I2CS FSM will reset any time the I2C 'stop' condition is detected.
The create the 'stop' condition the I2C_SCL input is disconnected from
the bus and connected to an internal GPIO, then I2C_SCL level is set
to 'high' and register inverting the I2C_SDA value is toggled, which
looks like a transition from zero to one to the controller. thus
creating the 'stop' condition.
BRANCH=cr50, cr50-mp
BUG=b:135772657
TEST=the test was ran on a Pyro device, which uses I2C for
communication with H1 and which AP firmware does not deploy the
'I2C unwedge' cycle.
Test instrumentation involved setting a Chrome OS startup file
such that once booted, the AP starts continuously polling TPM for
value of an NVMEM index, creating I2C traffic. The host
workstation sends the 'apreset cold' command to the EC within a
few seconds of Chrome OS coming up.
First run a special Cr50 image which is not resetting I2CS using
PMU on TPM restarts, is was not trying to unwedge the stuck I2C
bus. On five experiments, it takes on average 32 reboots for
until I2C bus is locked up and the DUT falls into recovery.
Then loaded the Cr50 image with this patch and ran the test
again, it survived for 150 cycles without a problem.
Change-Id: Iffec33f97557e3acfd1cd5fb76ba158f8c23b608
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1730143
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TX is done when both TX_IDLE and TX_EMPTY conditions are true.
Fixing the check makes unnecessary the code which waited for another
character time before proceeding when flushing the UART TX FIFO.
BRANCH=cr50, cr50-mp
BUG=b:140305442
TEST=added code to print a really long string before reset in the
'reboot' command, observed that the entire string is reliably
printed before the reset.
Change-Id: I0882d96ba9ca5412deb704ccdbc43e8cebeeeab5
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1779587
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clarified standards compliance status for cryptographic functions.
BRANCH=cr50
BUG=b:138574542
TEST=code compiles, unit tests pass
Change-Id: I75ce155b53d1ce049e5063d2aaa1464b75f7d678
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1769420
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RESET_FLAGS_* are used when setting/reading the field ec_reset_flags of
struct ec_response_uptime_info, which is defined in ec_commands.h. So it
might be better to put those macros there.
To be consistent with the other macros in the file, add "EC_" prefixes
to them.
BUG=b:109900671,b:118654976
BRANCH=none
TEST=make buildall -j
Cq-Depend: chrome-internal:1054910, chrome-internal:1054911, chrome-internal:1045539
Change-Id: If72ec25f1b34d8d46b74479fb4cd09252102aafa
Signed-off-by: You-Cheng Syu <youcheng@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1520574
Tested-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Ready: Yu-Ping Wu <yupingso@chromium.org>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Yilun Lin <yllin@chromium.org>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Long division algorithm computes incorrect answer in rare cases causing
valid RSA signatures to be rejected.
BRANCH=cr50
BUG=b:137973895
TEST=tpm_test passes
Change-Id: Ie8f39eed21443978734adbbf60b72d7701154c18
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1766088
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We've had some eraseflashinfo issues that cause the endorsement key seed
to get lost. Add a vendor command, so we can set the endorsement key
seed if it's erased.
BUG=b:138943966
BRANCH=none
TEST=get/set endorsement key seed.
Change-Id: Iee7d78e22f44786efd86b3ec68780a53e567705d
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1740075
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The INFO1 flash space is used for various purposes (endorsement key
seed, Board ID and flags, serial number, etc.).
Accessing these spaces in INFO1 is accompanied by managing the flash
region registers, each time opening a window of the appropriate size,
with appropriate permissions, etc,
In fact none of these spaces contain a secret, to simplify things and
preventing situations when concurrent accesses change the flash range
window settings lets dedicate previously unused Region 7 register file
to providing always open read access to INFO1.
Write access will be enabled/disabled as required. In prod images
write accesses will always happen from the vendor command context. In
DBG images CLI commands will also have write access to INFO1.
INFO1 window is accessed by other H1 based devices as well, this is
why it is necessary to enable the window in the common chip code.
BRANCH=cr50, cr50-mp
BUG=b:138256149
TEST=the firmware_Cr50SetBoardId test now passes on Mistral.
Cq-Depend: chrome-internal:1577866, chrome-internal:1581327
Change-Id: Id27348f3b04191f1b3b60fd838d06009f756baa2
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1730147
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change refactors access to DMEM during ECC
operations to make all writes explicitly word
writes. This is effectively a no-op, but should
prevent against any future regressions.
BUG=b:131807777
TEST=build and flash on soraka locally,
ensure signature of known blob matches signature
generated prior to this CL
BRANCH=none
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Change-Id: Ie24712c3f4a5dc15c8ad08cd50b9e8b9cdab2822
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1595928
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This refactoring improves optional parameter alignment, includes
virtual pads in the output and shaves 44 bytes from the image size.
BRANCH=cr50, cr50-mp
BUG=none
TEST=saved pinmux command output in files pm.before and pm.after, then
verified that the following command produced no output
$ diff -w <(sort pm.before) <(sort pm.after)
Change-Id: I81c2fad8c9e87e05dd39c588340a82f83e3ab488
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1731138
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to keep an eye on the dcrypto failures (which are never
supposed to happen of course). Let's add logging a flash event so that
the failures are visible through UMA.
BRANCH=cr50, cr50-mp
BUG=b:135772657
TEST=using additional code simulated a single failure, observed new
flash log entry by running 'gsctool -a -L' on the DUT.
Change-Id: Ib675bb1928166cadc069bf4be3b053a9cf837077
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1723097
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I had a hard time reading this section, so figured I may as well
rewrite it to use IS_ENABLED while I was here.
Gave CONFIG_{RO,RW}_HEAD_ROOM a default value of zero here, which
makes the math work out for boards without it anyway.
BUG=none
BRANCH=none
TEST=buildall
Change-Id: I87dc2d73838c350088916b57aa51d5f368c5592f
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1727570
Reviewed-by: Denis Brockus <dbrockus@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Functions that take p256_int* parameters may
use byte writes when writing to those parameters.
When writing to DMEM_ecc, we must use word writes;
this change ensures that happens.
BUG=b:131807777
TEST=build and flash to soraka locally,
ensure k is populated successfully
BRANCH=none
Change-Id: I49462b10aa1203fe875417e9526f06b2efc068fb
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1592990
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In case of a timeout, we need to clean up state and make sure engine
is ready for a subsequent call.
Added dcrypto_test console command to test the various scenarios:
stack overflow, infinite loop and cfi failure recovery.
Signed-off-by: mschilder@google.com
BUG=b:135772657
BRANCH=none
TEST=run console command dcrypto_test; build and run cr53
Change-Id: I531a59de6f2cf6941c797aeeeabb10eb10f02c9b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1677229
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Marius Schilder <mschilder@chromium.org>
Commit-Queue: Marius Schilder <mschilder@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The extentions were added to make the compiler perform most
of the verification that the conversion was being done correctly
to remove 8bit addressing as the standard I2C/SPI address type.
Now that the compiler has verified the code, the extra
extentions are being removed
BUG=chromium:971296
BRANCH=none
TEST=make buildall -j
TEST=verify sensor functionality on arcada_ish
Change-Id: I36894f8bb9daefb5b31b5e91577708f6f9af2a4f
Signed-off-by: Denis Brockus <dbrockus@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1704792
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Opt for 7bit slave addresses in EC code. If 8bit is
expected by a driver, make it local and show this in
the naming.
Use __7b, __7bf and __8b as name extensions for i2c/spi
addresses used in the EC codebase. __7b indicates a
7bit address by itself. __7bf indicates a 7bit address
with optional flags attached. __8b indicates a 8bit
address by itself.
Allow space for 10bit addresses, even though this is
not currently being used by any of our attached
devices.
These extensions are for verification purposes only and
will be removed in the last pass of this ticket. I want
to make sure the variable names reflect the type to help
eliminate future 7/8/7-flags confusion.
BUG=chromium:971296
BRANCH=none
TEST=make buildall -j
Change-Id: I2fc3d1b52ce76184492b2aaff3060f486ca45f45
Signed-off-by: Denis Brockus <dbrockus@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1699893
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Presently the CR50_DEV environment variable is overloaded, if its
value is a number exceeding 1, it enables inclusion in the image of
the dcrypto tests.
To make things cleaner let's use a separate environment variable to
add dcrypto tests to the image. Note that the tests still can not be
enabled, as they do not fit into the flash code space.
BRANCH=cr50, cr50-mp
BUG=b:137659935
TEST=verified that image building with CRYPTO_TEST=1 fails due to
exceeded code size.
Change-Id: I550c219c1eefe01fbe035b85a1d5aae88ea439de
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1704607
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
chip/g has a hardware KI with executing CERT_28 more than 512 times after reset.
Current use of CERT_28 makes little sense so we address the issue with deletion.
While at it, delete a bunch of other useless code in this function.
Ultimately we're left with just pulling bits from TRNG and mixing them with entropy
from the keyladder as mild hedge.
Signed-off-by: mschilder@google.com
BUG=b:127343845
BRANCH=none
TEST=b:127343845
Change-Id: I84218f644aa2508c45101464512019754647f229
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1646533
Tested-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Marius Schilder <mschilder@chromium.org>
Auto-Submit: Marius Schilder <mschilder@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
USB TX data rate is much higher than UART RX, this results in USB
driver streaming data received from UART in smaller than max size
chunks, which in turn means that per byte overhead of shipping USB
packets to the host is not as low as it could have been.
This patch detects attempt to ship less than full chunk over USB
stream and instead of processing data immediately posts a deferred
function, which is supposed to triggers another send attempt in a few
milliseconds. If there is a high traffic on the stream, the queue
would have much more data after deferred interval ends.
The problem with the posted deferred function is the fact that it is
not guaranteed to run soon enough in case there are other deferred
functions waiting. To address this issue an additional check is being
introduced to make sure that the USB buffer does not overflow: if the
deferred function is posted, and the buffer is half full or more,
let's cancel the deferred function and process the stream right away.
If the deferred function gets to execute - there is a chance that a
UART and or USB interrupt comes while the deferred function is
running, which is likely to mess up USB controller settings by
tx_stream_handler(). To avoid these issues, interrupts are disabled
before the kicker function calls the handler.
Note that this optimization applies only to AP and EC console streams.
BRANCH=cr50, cr50-mp
BUG=b:38448364
TEST=two full chargen streams on an octopus device run indefinitely
and don't seem to be interrupting even when some CLI command is
ran on the Cr50 console or when an update is uploaded over USB or
TPM
Change-Id: Id151c494967d1eb15d2af42acf8f2282966b5147
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1672209
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
USB TX used to be set up in a deferred function.
This patch makes USB endpoint interrupt handler to setup USB TX
to speed up sending data to host USB.
It reduces Flash usage by 100 bytes, and RAM usage by 40 bytes.
BUG=b:38448364
BRANCH=cr50, cr50-mp
TEST=(1) Flashed EC FW on fleex (uut), atlas (npcx_int_spi),
ampton (it83xx), bob (npcx_spi), coral (npcx_spi), and scarlet(stm32).
(2) Flashed AP FW on fleex.
(3) Ran firmware_Cr50DeviceState on Coral.
(4) Uart Stress Tester on fleex.
[ before applying this CL ]
$ uart_stress_tester.sh --pty="/dev/ttyUSB2 /dev/ttyUSB1"
--min_char 200000
...........................
ERROR : /dev/ttyUSB2: 1953 lost / 330330 : .5 %
ERROR : /dev/ttyUSB1: 451 lost / 200655 : .2 %
[ after applying this CL ]
$ uart_stress_tester.sh --pty="/dev/ttyUSB2 /dev/ttyUSB1"
--min_char 200000
...........................
INFO : /dev/ttyUSB2: 0 lost / 334425 : 0 %
INFO : /dev/ttyUSB1: 0 lost / 200655 : 0 %
Change-Id: Ic966486f034a199b601ca002f6ed76a73b2b9dd8
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1574661
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The EC queue library wrappers are very heavy, let's bypass them and
use direct queue access where performance matters the most, in the
UART RX driver used by USB streams.
BUG=b:38448364
BRANCH=cr50, cr50-mp
TEST=with the rest of the patches in place observed a much more
reliable streaming of two consoles (ec and ap), both pumping
chargen streams into their respective UARTs on an Octopus
device.
Change-Id: I45dc8f1c0841b43e17ef67e96820669053fba831
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1672208
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch cases slow-down in CR50 uart when RDD is not connected.
BUG=None
BRANCH=None
TEST=manually ran on bob
This reverts commit 2d62dee3a8f32499bab8f4b95b84a9eaeea919dc.
Change-Id: I92c4b8e7d065a01dc2c398778351db207ab28ca5
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1666318
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ran the following command:
git grep -l 'Copyright (c)' | \
xargs sed -i 's/Copyright (c)/Copyright/g'
BRANCH=none
BUG=none
TEST=make buildall -j
Change-Id: I6cc4a0f7e8b30d5b5f97d53c031c299f3e164ca7
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1663262
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 79e88d81f3e090d959669b4de6215cef96c2a3ed.
Reason for revert: It slows down CR50 UART console response.
The original plan was to consolidate CR50 console USB configuration
into USB stream configuration, then optimize USB stream
implementation. However, I am changing the plan: will commit this
patch after USB stream is optimized.
BUG=None
BRANCH=None
TEST=Downloaded the cr50 bin, and checked the cr50 console responding
stable.
Change-Id: I21ae8c4e043e10c4325bbf91123f2ee185faa413
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1662849
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the system prints to CC_SYSTEM, so we can disable them when we just
want to print console output.
BUG=none
BRANCH=cr50
TEST=chan 0 disables these prints and they're still printed normally
Change-Id: Id728729c8472a033d6a9702991c32c3b809588b1
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1656519
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When __tx_char attempts to push a character into tx_queue,
it doesn't return an error if it fails. Eventually usb_puts()
doesn't recognize tx queue getting full if it happens, and processes
all characters, and always return EC_SUCCESS.
BUG=None
BRANCH=None
TEST=ran uart_usb_tester on bob.
uart_stress_tester.sh --pty="/dev/ttyUSB0 /dev/ttyUSB2 /dev/ttyUSB1"
--min_char 400000
INFO : ChromeOS UART stress test starts.
INFO : UART devices: /dev/ttyUSB0 /dev/ttyUSB2 /dev/ttyUSB1
......................................................
INFO : /dev/ttyUSB0: 0 lost / 483415 : 0 %
ERROR : /dev/ttyUSB2: 277497 lost / 415835 : 66.7 %
ERROR : /dev/ttyUSB1: 244459 lost / 400575 : 61.0 %
INFO : Test files are in /tmp/uart_stress_tester.sh_latest
INFO : and also in /tmp/tmp.X7jwZfxNe2.uart_stress_tester.sh.
ERROR : FAIL
CR50 console (/dev/ttyUSB0) error rate got improved from 4~7% to
0 %.
Change-Id: I5ae0b7bd494fbc29978ce3e87531e246a9be51f8
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1650622
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
usb-console.c and usb_stream.c include some amount of
copied/pasted code. This patch converts USB console
implementation to USB stream to reduce the redundancy.
Flash usage decreases by 260 bytes.
BUG=None
BRANCH=None
TEST=Ran uart_stress_tester.sh (http://crrev.com/c/1586581/23) on bob.
This CL slightly increases CR50 console char loss rate: 5.5% -> 6.5% in
average.
Change-Id: Ibdc16867618d67ae33574e802c1949aa6b5cf1a6
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1648921
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Flash log space access needs to be explicitly enabled. The previously
chosen for this purpose global security region 7 is also used by the
TPM endorsement procedure, and this may cause race condition resulting
in flash log space not accessible.
Let's use previously unused region 5 instead. This is how the regions
are configured after this patch on a system where RO_A and RW_B are
active (bit 0 enables region in general, bit 1 enables reads, bit 2
enables writes):
Reg Base Size Enable bits
0 00040000 000027ff 3 # RO_A
1 00084000 00037fff 3 # RW_B
2 00044000 000387ff 7 # RW_A
3 0007c800 000037ff 7 # NVMEM
4 000bc800 000037ff 7 # NVMEM
5 00083800 000007ff 3 # Flash log
6 00028400 0000000f 3 # Info 1 board ID
7 00028000 000007ff 3 # Info 1 endorsement seed
BRANCH=cr50. cr50-mp
BUG=b:132287488
TEST=verified that there is no flash log lockups when the device boots
with an unendorsed TPM.
Change-Id: I4fc65989b3930d91ed8e076310ecb58bac5f085e
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1656158
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream data path from uart to usb for cr50/ec/ap console is
as below:
UART RX FIFO -> (usart) rx buffer -> usb config consumer queue ->
usb tx buffer -> USB HOST
This CL reduces a memory copy from consumer queue to usb tx buffer
by giving the memory address of head in consumer queue in USB endpoint
descriptor. This CL can set up to two endpoint descriptors since the
queue is implemented as linear queue, and target data could be separated
in two continuous area.
This reduces RAM usage by 312 bytes, but increases Flash usage
by 208 bytes.
BUG=b:38448364
BRANCH=cr50
TEST=ran uart_stress_tester.sh on bob, and checked the character loss
improves from 41% to 33%.
Also checked flash_ec on coral, scarlet, bob, and ampton.
Change-Id: I42dc07e0f4bf327f3e8bfed825f8fdc4063572b4
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1570148
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a post update reset happens and the host sends the vendor command
to enable the update, in case both RO and RW have been updated, the
Cr50 should enable the RW section first, and then the RO. This would
cover the case when the new RO has the new key and would not be able
to start the old RW, so the matching RW must be available first.
Enabling RW without enabling RO is not a problem, worst thing which
could happen is that the old RO would not start the new RW and the
update process will have to be repeated.
BRANCH=cr50, cr50-mp
BUG=b:74100307
TEST=none yet. Will verify when a new RO is available.
Change-Id: I00175a5a957166d4423fb270bbe9f92d4e408d5c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1644479
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The variable rx_handled tracks how many of the bytes in the HW FIFO
was moved into the incoming queue. It used to be defined as local
static variable for multiple USB_STREAM_CONFIGs, and could cause a
problem if multiple USB downstream traffic get heavier. It should
be defined for each USB_STREAM_CONFIG.
This patch add rx_handled into USB_STREAM_CONFIG, which tracks
how many of the bytes in the HW FIFO was moved into the incoming
queue.
BUG=None
BRANCH=None
TEST=manually ran uart_stress_tester.sh and flash_ec on Bob.
Change-Id: I561a54b0594a71b557693007a181bde48155d403
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1644958
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cr50 image update handler guarantees that malicious attempts to write
into the same block will be prevented. In fact writes into the same
address or below the most recently written block not accepted sooner
than in 60s.
This scheme causes rejection of the RO image if it is located below
the RW, as the RW image needs to be updated first.
To address the problem this patch adds code to keep track of the
previously written block offsets in RO and RW images separately.
BRANCH=cr50, cr50-mp
BUG=b:74100307
TEST=tried updates from all four permutations of running images
(ro[ab], rw[ab]), verified that all updates succeed.
Change-Id: Iebc016d85fc0c9343feb18998d5c2e4e60d38b14
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1626317
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to be able to track TRNG stalls happening in the field. This
patch adds a log message to report detected TRNG stalls. The code
detecting the stall is being modified to monitor a different status
bit as per chip designer recommendation.
A console command allowing to test TRNG is being added, compiled in
only if TEST_TRNG is defined.
BRANCH=cr50, cr50-mp
BUG=b:27646393
TEST=compiled the test command in, ran the command
rand 10000000
several times, observed reasonable stats and no stall reports.
Change-Id: Idcf83ff2c41e23f601b8da8c46fa4d4d1cde0270
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1601470
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is no point in trying any nvmem operations when
encryption/decryption services are not available.
Test changes necessary to make sure test app compiles and runs
successfully.
BRANCH=cr50, cr50-mp
BUG=b:132800220
TEST=The device does not crash any more after tpm is disabled.
Change-Id: I97f9afc6e4d5377162500fc757084e4d5a57d37d
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1615424
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:132310780
TEST=flash to soraka, retrieve G2F cert, check CN
retrieve anonymous U2F cert, check CN unchanged
BRANCH=none
Change-Id: Id409ac5d534f2ee9e16376d690f58b184f5ac1a6
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1614581
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Commit-Queue: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When modifying flasherase behavior last time around, it was mistakenly
presumed that the manufacture_space field was set during Chrome OS
device manufacturing. In fact it is set during chip manufacture and
should be preserved.
BRANCH=none
BUG=b:132720245
TEST=using a device with H1 with cert seeds present:
- install CR50_DEV=1 image containing this patch
- install a recent prod image (it is not yet running, as its
version is lower than the ToT)
- on Cr50 console run
. flasherase
. rollback
- observe the released image start and successfully complete TPM
manufacture process.
Change-Id: Id028ffc51bb69810a0564c915b1be944ff5f1d89
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1615422
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CR50 should check whether USB RX queue has enough space
for host data. If not, it schedules to retry it in another
deferred call.
BUG=b:130908211
BRANCH=cr50
TEST=manually ran "echo 'help' > /dev/ttyUSB0" more than 30 times.
Without this CL, it used to break cr50 console input, and it worked as
if it is 'read-only'.
After applying this CL, cr50 console input works normal even after
excessive input stream.
Change-Id: Ieace84b51c31800b52d2c4a9334e6ffe7888e592
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1576326
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We should ensure that all custom task definition are non-zero and fit
with the globally defined events. Add compile time check and change
semantics to specify bit number (instead of making all callers use the
BIT macro).
This also fixes an error with TASK_EVENT_PHY_TX_DONE for ITE being 0.
The bug that made that happen hasn't landed on any firmware branches
that use it though.
BRANCH=none
BUG=none
TEST=builds
Cq-Depend:chrome-internal:1178968,chrome-internal:1178952
Change-Id: I5e1d1312382d200280c548e9128e53f4eddd3e61
Signed-off-by: Jett Rink <jettrink@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1570607
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cr50 can only set a board id if the board id is blank.
0xffffffff:0xffffffff:0xffffffff is a blank board id. As SQA images are
now if you run eraseflashinfo while the board id isn't set,
eraseflashinfo will set the flags to 0 without changing the RLZ
information. The BID will be 0xffffffff:0xffffffff:0. This board id
isn't considered blank, so you won't be able to set the RLZ in the
future. Also the second field is not the inverse of the first, so it
will be considered invalid. This is a very bad state to get the board id
into because you can't change it, but it's also invalid.
This change checks that the board id is set before modifying the flags.
Cr50 wont modify the flags of an erased board id. It will only change
the flags if the board id is set.
BUG=none
BRANCH=none
TEST=erase the board id. make sure flags aren't set to 0 after running
eraseflashinfo. Set the board id. Make sure flags are set to 0 after
running eraseflashinfo.
Change-Id: Idc184e58c0dc398bc93c1119d822a13889c59963
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1565452
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CL:1529834 mistakenly changed an ifndef to a ifdef.
If CR50_RELAXED is defined, contents_allowed should always return True.
In a normal image contents_allowed should check the board id before an
update. This change changes the ifdef back to ifndef which is what it
should be.
BUG=none
BRANCH=cr50
TEST=create dbg image and try to flash an image with a mismatched board
id. Make sure it runs ok. Build a non dbg image and make sure mismatched
board id images are rejected.
Change-Id: I1dcef5a6af4edbb431fe894ca37df5dc4e1b852e
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1561972
Reviewed-by: Abe Levkoy <alevkoy@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For some reasons functions dealing with the Cr50 console are using the
'uart_ec' prefx. This patch renames them to match the actual use.
BRANCH=cr50, cr50mp
BUG=none
TEST=make buildall -j still succeeds.
Change-Id: Ifc216fdfa1adf42e96e491b65250d1cfa73f8cd4
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1551690
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When building with CR50_SQA defined, the resulting image is supposed
to allow transitioning the H1 chip it is running on from pre-pvt to MP
track. This should include preserving the Board ID value, but setting
the board id flags to zero, and erasing the INFO1 RW map, because
older MP image could have a less restrictive mask.
The rest of the INFO1 space should be preserved.
Sometimes there is a need to set flags to a non-zero value and migrate
from MP to pre-pvt. This would be possible if image is compiled with
CR50_SQA set 2 or a larger numeric value.
This patch creates a structure describing the layout of the INFO1
space and modifies the 'eraseflashinfo' command to behave differently
depending on the build time configuration.
In addition to erasing the INFO1 RW map:
- when CR50_DEV is set - everything but INFO1 RO map is erased
- when CR50_SQA is set to 1, the board ID flags are set to zero, and
INFO1 RW map is erased.
- when CR50_SQA is set to 1, the board ID flags can be set to a value
which would not lock out the currently running image and INFO1 RW
map is erased.
With these modifications the 'eraseflashinfo' command can be used
instead of 'bid force_pvt', and previously erased INFO1 RO map is
preserved.
BRANCH=none
BUG=none
TEST=tried running 'eraseflashinfo' in three kinds of images
(CR50_DEV=1, CR50_SQA=1, and CR50_SQA=2) and with various board
ID flags set in the image header, and observed the desired
behavior.
Change-Id: Icf26dc3a4a4bb6fac2fcec630749c81aa46e16ae
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1549981
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:112778363
BRANCH=cr50
TEST=ran test_that suite:faft_cr50_prepvt on coral.
Change-Id: I1b3c573ee5fcb40290541f231c78bf31650c13c4
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1410482
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gpio.c has support for making pins open drain. This implementation will
prevent the signals from being driven high. Use the gpio.c support
instead of the hack we were using before.
BUG=none
BRANCH=cr50
TEST=the EC can assert CCD_MODE_L when cr50 has it deasserted. Verify
this on a ARM and x86 device in the lab.
Change-Id: I7f2a465782f2c60a850c25153fb65eb96fff0712
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1282019
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With upcoming Cr50 changes which might trigger occasional reboots, it
is better to keep the Cr50 log in the newly introduced flash log space
as opposed to the circular log in SRAM.
There is no need to log TPM resent events, as this is not something
worth tracking in a flash log.
Enabling flash log facility adds 624 bytes to the prod Cr50 image and
1420 bytes to the DBG Cr50 image.
BRANCH=cr50, cr50-mp
BUG=b:63760920
TEST=with modified code observed saving of FE_TPM_I2C_ERROR event.
Change-Id: Id6779de887dac20ce6c1091c8b1571ae900623fd
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1525145
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cr50 flash layout does not use space in the top of RO_B section, this
is a good location for the flash log, as it can not be easily used for
the code or RO data of the main Cr50 application.
BRANCH=cr50, cr50-mp
BUG=b:63760920
TEST=with the rest of the stack of patches applied was able to add and
retrieve flash log messages on Cr50.
Change-Id: I8639ad437c5b90eb2d182453bd8bbdda610bdb15
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1525144
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|