summaryrefslogtreecommitdiff
path: root/chip
Commit message (Collapse)AuthorAgeFilesLines
* alerts: ignore RTC_DEAD alertsstabilize-15208.B-cr50_stabstabilize-15207.B-cr50_stabfirmware-nissa-15217.B-cr50_stabfirmware-nissa-15217.45.B-cr50_stabfirmware-nissa-15217.126.B-cr50_stabfactory-trogdor-15210.B-cr50_stabfactory-corsola-15197.B-cr50_stabfactory-corsola-15196.B-cr50_stabMary Ruthven2022-10-171-1/+9
| | | | | | | | | | | BUG=b:244476137 TEST=none Change-Id: I07b6cf0e65b578aa28a61185ff1e0a7b12a63380 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3935022 Reviewed-by: Andrey Pronin <apronin@chromium.org> Commit-Queue: Andrey Pronin <apronin@chromium.org>
* rdd: fix rddkeepalive disableMary Ruthven2022-09-141-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After `rddkeepalive disable` ccd doesn't disconnect even if suzyq is disconnected. It stays connected and the rdd_connect deferred call constantly wakes cr50. This change fixes rddkeepalive. It cancels any pending rdd_connect call and calls rdd_interrupt, so cr50 will start using the actual rdd state. BUG=b:186242173 TEST=manual # Verify rddkeepalive works when suzyq is disconnected. After # keepalive is disabled, cr50 enters sleep normally. # Disconnect suzyq. > rddkeepalive enable Forcing Rdd detect keepalive > [39.850055 Rdd connect] [40.163909 CCD EXT enable] [40.164722 USB PHY B] [40.165802 CCD state: UARTAP UARTEC USBEC+TX] > > ccdstate ... Rdd: connected KeepAlive: enabled ... > rddkeepalive disable Using actual Rdd state > [45.590282 Rdd disconnect] [46.165451 CCD EXT disable] [46.166255 CCD state:] > > ccdstate ... Rdd: disconnected KeepAlive: disabled ... > 10- <==== Cycles twice a second. # Verify rddkeepalive works when suzyq is connected. After # keepalive is disabled, USB stays connected. There are no # usb messages. # Connect suzyq. [211.541210 usb_reset, status 1028] [211.601188 AC: R-] [211.629741 SETAD 0x1a (26)] > > ccdstate ... Rdd: connected KeepAlive: disabled ... > rddkeepalive ena Forcing Rdd detect keepalive > rddkeepalive dis Using actual Rdd state > > ccdstate ... Servo: connected Rdd: connected ... > Change-Id: I5b55a84928aaef49c57f1512fcc886411b3fc118 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3894392 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* fix ChromiumOS authors and whitespace warningsMary Ruthven2022-09-13128-130/+128
| | | | | | | | | | | BUG=none TEST=none Change-Id: I61b0b0106a43f723ec3bc805eb190aef00bbd05b Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3894391 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* scribe: fix build failuresVadim Bendebury2022-05-271-1/+6
| | | | | | | | | | | | | | | Scribe code is not compiled often, it has bitrot a bit due to tool upgrades. This patch restores the scribe build correctness. BUG=none TEST=scribe build does not fail any more. Signed-off-by: Vadim Bendebury <vbendeb@google.com> Change-Id: I335c7903258b14ff731e7c345a36194395baf5d6 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3668651 Tested-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* rbox: use PWRB_IN to check power button stateMary Ruthven2022-04-271-1/+1
| | | | | | | | | | | | | | | | Use the power button input to determine if the power button is pressed. CHECK_OUTPUT_PWRB_OUT follows CHECK_INPUT_PWRB_IN, so they should be the same. This switches to using the RBOX input since that is what cr50 should be using. BUG=b:175320127 TEST=press the power button. Verify powerbtn output looks good. Change-Id: Ie7f224489505366029450c98e341f3790192d49a Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3611615 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* gpio: add gpio flags to disable sleepMary Ruthven2022-04-271-0/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add GPIO_SLEEP_DIS_LOW and GPIO_SLEEP_DIS_HIGH to disable sleep when a gpio with one of those flags is asserted. GPIO_SLEEP_DIS_LOW disables sleep when the signal is set to 0. GPIO_SLEEP_DIS_HIGH disables sleep when the signal is set to 1. This will disable all forms of sleep. The flags can be used for ccd signals to ensure cr50 doesn't enter sleep while c2d2 or servo micro are relying on a ccd signal to flash the device. These flags should not be add to signals used during normal cr50 operation. They disable regular sleep regular sleep so using them will significantly increase cr50 power consumption. This change adds GPIO_SLEEP_DIS_HIGH to AP_FLASH_SELECT. I'll add more signals in followup CLs. This change also replaces SLEEP_MASK_CHARGING with SLEEP_MASK_GPIO. Nothing was using SLEEP_MASK_CHARGING. BUG=b:229974371 TEST=Toggle AP_FLASH_SELECT while the AP is off. Verify cr50 doesn't enter deep sleep and the gpiocfg and sleepmask output looks ok. > gpioset AP_FLASH_SELECT 1 > gpiocfg GPIO0_GPIO1: read 0 drive 0 GPIO0_GPIO2: read 1 drive 1 GPIO1_GPIO0: read 0 INT_RISING GPIO1_GPIO1: read 0 INT_HIGH GPIO1_GPIO4: read 0 INT_FALLING GPIO1_GPIO5: read 0 drive 1 GPIO1_GPIO7: read 0 INT_RISING GPIO1_GPIO8: read 0 INT_FALLING gpio sleepmask: 00001000 > sleepmask sleep mask: 00000008 > gpioset AP_FLASH_SELECT 0 > gpiocfg GPIO0_GPIO1: read 0 drive 0 GPIO0_GPIO2: read 0 drive 0 GPIO1_GPIO0: read 0 INT_RISING GPIO1_GPIO1: read 0 INT_HIGH GPIO1_GPIO4: read 0 INT_FALLING GPIO1_GPIO5: read 0 drive 1 GPIO1_GPIO7: read 0 INT_RISING GPIO1_GPIO8: read 0 INT_FALLING gpio sleepmask: 00000000 > sleepmask sleep mask: 00000000 > Change-Id: I1de35455c5a6702635fb714b14d6791f8e5eb2ed Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3605881 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* ap_state: add device state infoMary Ruthven2022-04-252-0/+8
| | | | | | | | | | | | | | | | Add "K" or "F" to the AP state to give more information about the device state. K for kernel. F for Firmware. This uses 48 bytes BUG=b:148492097 TEST=check ccdstate output at different times during boot. Run firmware_Cr50DeviceState Change-Id: If2a26c39047b9ae1818eb8d6afbaafa3d1765ca5 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3597035 Reviewed-by: Andrey Pronin <apronin@chromium.org>
* H1_RED_BOARD: add `idle d` commandMary Ruthven2022-01-071-0/+8
| | | | | | | | | | | | | | | Add a deep sleep option to the idle command on red boards, so it's easier to test deep sleep. BUG=none TEST=run `idle d` with a red board image Change-Id: I913b1fbd46c34530dbdf2ee8ef0ca5dc05584efd Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3373463 Reviewed-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* coil: replace non-inclusive terms with "placeholder"Mary Ruthven2021-11-196-8/+10
| | | | | | | | | | BUG=b:173227629 TEST=make buildall -j Change-Id: I2b203dfe45416aa3b632f6f788d14264b08f44e0 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3293252 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* coil: replace non-inclusive terms with "validity"Mary Ruthven2021-11-192-3/+3
| | | | | | | | | | BUG=b:173227629 TEST=make buildall -j Change-Id: Iaf8028984cc58cc4108907fdba4ea4b38c43cf70 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3293250 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* g/build.mk: replace coil termsMary Ruthven2021-11-191-2/+2
| | | | | | | | | | | BUG=b:173227629 TEST=make buildall -j Change-Id: I34c9f7a3b79438518bb20ce8d6d819040d562432 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3293255 Commit-Queue: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* Revert "gpio: extend flags size to accommodate GPIO_ flags"Mary Ruthven2021-11-182-2/+2
| | | | | | | | | | | | This reverts commit 7d36fb8991e7a249ae56db508078480c27914f2e. BUG=b:200823466 TEST=make buildall -j Change-Id: Ifbef35feaf42fca1faa3fc78ceff5cb9bced19f8 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3285750 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* Revert "Add OTP support"Mary Ruthven2021-11-181-1/+1
| | | | | | | | | | | | This reverts commit 1b25735b732e7766aceb3f060e4ca205aba6d358. BUG=b:200823466 TEST=make buildall -j Change-Id: I2e29902d7026c63f23871af0141a3ee7d319852d Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3273456 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* Revert "common/system: refactor some confusing ifdefs"Mary Ruthven2021-11-181-3/+0
| | | | | | | | | | | | This reverts commit 3e1c72ea23fe3c37f5a4e4e8bceea38c0322ba31. BUG=b:200823466 TEST=make buildall -j Change-Id: I172b5fd55529754d913f4d18258beccac0bade58 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3273364 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* Revert "Cleanup: Correct GPIO alternate function parameter"Mary Ruthven2021-11-182-3/+2
| | | | | | | | | | | | This reverts commit 3b390264a415ce121a8c6f8db9fa9c42c647aaec. BUG=b:200823466 TEST=make buildall -j Change-Id: If339cc98bd345a8bb5994bf2b541ff3ee2420be6 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3273192 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* remove lm4Mary Ruthven2021-11-1022-6120/+0
| | | | | | | | | | BUG=b:200823466 TEST=make buildall -j ; make runtests Change-Id: Ie896b990e93e2e2befe94c9a75d4ca946b4e34d9 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3273184 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: usb_pdu_valid should check if crypto is allowed before checkVadim Sukhomlinov2021-11-101-7/+7
| | | | | | | | | | | | | | | | | | | | | In unusual case when FIPS test fails, fw_upgrade will fail too as usb_pdu_valid() didn't check for failure and incorrectly assumed that digest of data doesn't match. Making check conditional on success of hash computation. BUG=b:205836895 TEST=make BOARD=cr50 CRYPTO_TEST=1; fips sha fips test in CCD attempt to firmware upgrade using gsctool Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: Iea38f82a46fb00ad0ed543cd9b4b950a6b1c102e Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3272287 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* ap_ro_verification: do not fail if verification is not supportedstabilize-14312.B-cr50_stabVadim Bendebury2021-10-251-7/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The decision of when to refuse to boot the device needs to be refined. We should never allow booting a device which ever passed a V2 verification. To reliably keep track of successful V2 validations in the past let's allocate a word in the INFO space which is write only, once written to 0 it will never change, value of 0 will be the indication of previous V2 verification success. The below table describes when booting should be allowed or blocked. Cache GSCVD Verification | version present Info result | Block boot --------- --------- ------ --------------|------------------ none no 0 n/a | yes none no 1 n/a | no none yes n/a fail | yes none yes n/a pass | no, update cache, info v1 n/a n/a pass | no v1 n/a n/a fail | check v2 v2 n/a n/a fail | yes v2 yes n/a pass | no This patch implements the above table, fixing the case where Cr50 was refusing to boot if neither local cache nor AP flash structures were present. BUG=b:203212461, b:141191727 TEST=tried running AP RO verification on a device without local cache and RO_GSCVD not in AP flash. The device booted successfully. Verified that both V1 and V2 validation works as expected, and fallback from V1 to V2 happens if V1 fails and RO_GSCVD is found in AP flash. Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: I1f64123a3631932d142662a76deaf6ef6fee47fa Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3229981 Reviewed-by: Andrey Pronin <apronin@chromium.org>
* board_id: fix an incorrect offset calculationVadim Bendebury2021-10-211-2/+1
| | | | | | | | | | | | | | | | | The INFO_BOARD_ID_OFFSET value includes the offset of the board ID field, there is no need to add the field offset again. This incorrect calculation is not a problem, because the offset of the 'bid' field is zero, but the logic is wrong. BUG=none TEST=board ID value is still reported properly. Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: I3e7061a930d751d2cf13113b1e519e8f976195bc Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3236754 Reviewed-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org>
* usb_spi_v2: read full PDU into a bufferVadim Bendebury2021-10-193-35/+164
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Certain test configurations present a problem for the raiden protocol V2 implementation on the Cr50 side, which result in random SPI read failures. While the issue is still being investigated this patch offers a workaround, where SPI and USB transactions are not overlaid, the driver first reads the entire requested number of bytes into a buffer, and then sends them to the host in multiple USB packets. Since buffer memory can not be permanently dedicated to the driver, it uses dynamic allocation to acquire the buffer. The allocation could fail, for instance when the flashrom operation is requested soon after startup and heap memory is used for NVMEM compaction. If the allocation fails, the driver sends an error packet to the host, and the host requests to restart the response. To be able to restart the response the driver now stores the request. With some instrumentation, measurements taken on reading of 200 2040 byte blocks have shown that memory was held by this driver for 94% of the duration. To address the case when flashrom session is interrupted mid PDU transfer, do not wait for the transmit queue to become available for more than 500 ms. In case the queue gets stuck return without waiting any more, this will make sure the allocated buffer is freed. BUG=b:196820680 TEST=successfully ran hundreds of cycles of read, and read and write on the setup which exhibits the problem without this patch on pretty much every read attempt. The slow down caused by this change is pretty small: average of five attempts to read 16MB of SPI flash on guybrush device take 50.560s before this change and 51.267s after this change, which is a 1.7% slowdown. Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: I82c98f912a8763b7e242dad48997a8d2ffbaf29a Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3188568 Reviewed-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org>
* i2cp: reduce the number of i2c flog errorsMary Ruthven2021-10-151-0/+8
| | | | | | | | | | | | | | | | Cap the number of I2C flog errors at 2 per boot. The timestamps of the two events can indicate if the unwedge issues happen successively or if there is a large gap between events. Many events with a short gap are likely benign and due to i2c not being terminated correctly. Inidividual I2C errors are likely caused by some other issue. BUG=b:146067724 TEST=check the number of i2c log messages on coral in s0ix Change-Id: I3f04c85e6233bf0c790db0d40a85aab3c927b9b8 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3225996 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* i2cp: remove FE_TPM_I2C_ERROR logMary Ruthven2021-10-131-4/+0
| | | | | | | | | | | | | | FE_TPM_I2C_ERROR events don't mean much and it's not a big deal if cr50 needs to recover the I2C bus. Remove FE_TPM_I2C_ERROR logging from chip/i2cp. BUG=b:146067724 TEST=make buildall -j Change-Id: I2bdce35fc794559c8236b1c14d87fa4372ffafa4 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3219755 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* Reland "cr50_fuzz: Add fuzzer for u2f commands"Howard Yang2021-10-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a reland of 3cac98670745fc5ca82a058fab512567f8444759 The structure of u2f command related types are updated before the original CL lands. Update the fuzzer to correctly fuzz the new code, and ignore the profdata generated by fuzzers in .gitignore. Original change's description: > cr50_fuzz: Add fuzzer for u2f commands > > Currently there's only one fuzzer for Pinweaver and one for host > commands in cr50. Add a fuzzer for the u2f commands (generate, sign, > attest) used in the WebAuthn flow to ensure its security. Most regions > of the concerning functions are covered except for pure error code > returns and unreachable regions (currently auth secret is not used in > sign and attest command yet). > > Rename old cr50_fuzz namings to pinweaver_fuzz, since they only cover > Pinweaver commands. > > BUG=b:172367435 > TEST=make buildall -j > TEST=make host-u2f_fuzz && \ > ./build/host/u2f_fuzz/u2f_fuzz.exe -timeout=10 \ > -ignore_ooms=false -ignore_timeouts=false -fork=71; \ > llvm-profdata merge -sparse default.profraw -o default.profdata; \ > llvm-cov show ./build/host/u2f_fuzz/u2f_fuzz.exe \ > -object ./build/host/u2f_fuzz/RO/board/cr50/dcrypto/u2f.o \ > --instr-profile default.profdata \ > board/cr50/dcrypto/u2f.c common/u2f.c > report > > Cq-Depend: chromium:3162473 > Change-Id: I02b820cf03f7b46ccad7c3bc7b82e73ff45217c6 > Signed-off-by: Howard Yang <hcyang@google.com> > Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3162469 > Reviewed-by: Andrey Pronin <apronin@chromium.org> > Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> > Reviewed-by: Leo Lai <cylai@google.com> Bug: b:172367435 Change-Id: I279e20b21a11e0ec957b6a5c3e95bc9a3b9df196 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3217474 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Tested-by: Howard Yang <hcyang@google.com> Commit-Queue: Howard Yang <hcyang@google.com>
* Revert "cr50_fuzz: Add fuzzer for u2f commands"Vadim Bendebury2021-10-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 3cac98670745fc5ca82a058fab512567f8444759. Reason for revert: This patch breaks building of 'make buildall' and seems to be leaving some generated files in the root directory. Original change's description: > cr50_fuzz: Add fuzzer for u2f commands > > Currently there's only one fuzzer for Pinweaver and one for host > commands in cr50. Add a fuzzer for the u2f commands (generate, sign, > attest) used in the WebAuthn flow to ensure its security. Most regions > of the concerning functions are covered except for pure error code > returns and unreachable regions (currently auth secret is not used in > sign and attest command yet). > > Rename old cr50_fuzz namings to pinweaver_fuzz, since they only cover > Pinweaver commands. > > BUG=b:172367435 > TEST=make buildall -j > TEST=make host-u2f_fuzz && \ > ./build/host/u2f_fuzz/u2f_fuzz.exe -timeout=10 \ > -ignore_ooms=false -ignore_timeouts=false -fork=71; \ > llvm-profdata merge -sparse default.profraw -o default.profdata; \ > llvm-cov show ./build/host/u2f_fuzz/u2f_fuzz.exe \ > -object ./build/host/u2f_fuzz/RO/board/cr50/dcrypto/u2f.o \ > --instr-profile default.profdata \ > board/cr50/dcrypto/u2f.c common/u2f.c > report > > Cq-Depend: chromium:3162473 > Change-Id: I02b820cf03f7b46ccad7c3bc7b82e73ff45217c6 > Signed-off-by: Howard Yang <hcyang@google.com> > Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3162469 > Reviewed-by: Andrey Pronin <apronin@chromium.org> > Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> > Reviewed-by: Leo Lai <cylai@google.com> Bug: b:172367435 Change-Id: Ie844e44e0cd6254553694c23a535f18329cef77d Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3212497 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Tested-by: Vadim Bendebury <vbendeb@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
* cr50_fuzz: Add fuzzer for u2f commandsstabilize-ambassador-14268.43.B-cr50_stabstabilize-14268.67.B-cr50_stabstabilize-14268.52.B-cr50_stabstabilize-14268.51.B-cr50_stabrelease-R96-14268.B-cr50_stabHoward Yang2021-10-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently there's only one fuzzer for Pinweaver and one for host commands in cr50. Add a fuzzer for the u2f commands (generate, sign, attest) used in the WebAuthn flow to ensure its security. Most regions of the concerning functions are covered except for pure error code returns and unreachable regions (currently auth secret is not used in sign and attest command yet). Rename old cr50_fuzz namings to pinweaver_fuzz, since they only cover Pinweaver commands. BUG=b:172367435 TEST=make buildall -j TEST=make host-u2f_fuzz && \ ./build/host/u2f_fuzz/u2f_fuzz.exe -timeout=10 \ -ignore_ooms=false -ignore_timeouts=false -fork=71; \ llvm-profdata merge -sparse default.profraw -o default.profdata; \ llvm-cov show ./build/host/u2f_fuzz/u2f_fuzz.exe \ -object ./build/host/u2f_fuzz/RO/board/cr50/dcrypto/u2f.o \ --instr-profile default.profdata \ board/cr50/dcrypto/u2f.c common/u2f.c > report Cq-Depend: chromium:3162473 Change-Id: I02b820cf03f7b46ccad7c3bc7b82e73ff45217c6 Signed-off-by: Howard Yang <hcyang@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3162469 Reviewed-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Leo Lai <cylai@google.com>
* cr50: Update AES public APIsfactory-ambassador-14265.B-cr50_stabVadim Sukhomlinov2021-10-051-5/+6
| | | | | | | | | | | | | | | | | | | | To support FIPS mode we need to block access to crypto in case of errors. 1) Added check for FIPS errors into DCRYPTO_aes_init() 2) Return codes updated to enum dcrypto_result 3) Call sites updated to check for return codes BUG=b:197893750 TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: Id614cc346fe22537e9208196bf1322221a253b0c Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3194985 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: provide public crypto API for HMAC/HASH with error reporting.Vadim Sukhomlinov2021-10-023-2/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To implement FIPS mode for Cr50 we should be able to block access to crypto functions if errors are detected. Historically all HASH/HMAC functions were declared as void with no return type. 1) Split existing functions into public part (data structs, update and final parts) and internal part - unchecked init functions. 2) Introduced new functions to start SHA / HMAC operation which returns status code and block access to crypto in case of FIPS errors. 3) Dcrypto hash algorithms codes updated to match TPM_ALG_ID to simplify adaptation layer and move checks inside Dcrypto module. 4) Updated all uses of API outside FIPS module to check return code and act accordingly. 5) As a side effect RSA can now support SHA384 & SHA512 for signing, board/host mock ups simplified. BUG=b:197893750 TEST=make buildall -j; make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpm_test.py TCG tests ------------------------------ Test Result Summary --------------------- Test executed on: Tue Sep 28 15:23:35 2021 Performed Tests: 248 Passed Tests: 248 Failed Tests: 0 Errors: 0 Warnings: 0 ======================================================================== Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: Ibbc38703496f417cba693c37d39a82a662c3f7ee Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3192137 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: detangle RO and RW build settingsVadim Sukhomlinov2021-10-012-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | Cr50 so far builds RO and RW images as part of build process. With adding FIPS module and moving to board-specific crypto library with different interfaces it become hard to maintain build process as RO sources use crypto, but with different APIs, and changing that crypto is challenging as it is also used by other boards with different crypto APIs. In this CL we enable RW and RO to have independent selection of crypto library and include paths, and don't contaminate include paths with unused things like third_party/cryptoc for RW. BUG=none TEST=make buildall -j make BOARD=cr50 make BOARD=cr50 CRYPTO_TEST=1 Built cr50 images can be flashed and are workable. Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I1b666fbb8193b79f71c885a761436443fd3fca7b Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3200069 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* chip/g: fix gcc 11.2 build issuesVadim Sukhomlinov2021-10-011-0/+3
| | | | | | | | | | | | | | | | | | | | | For some reason didn't spot earlier another unnecessary complains of gcc 11.2 in private-cr5x builds with make buildall -j. Made it so BOARD can override settings done by CHIP even though CHIP is loaded later. These settings should apply to both CFLAGS and LDFLAGS due to LTO build. BUG=none TEST=make buildall -j Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I8880c518b23778cccf969909e330e9e2d62b5fae Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3194984 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: refactor HMAC_DRBG to simplify reseeding and initialization logicstabilize-14249.B-cr50_stabVadim Sukhomlinov2021-09-281-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) Move DRBG initialization flag inside DRBG context to prevent use of DRBG which is not properly initialized. 2) Add configurable reseed threshold to cover both deterministic key gen and non-deterministic randoms. Simplify reseeding logic, remove similar code snippets. Also, can support NDRBG with reseed threshold equal to 0, which will result in reseeding each time. 3) Adjust parameter names to match NIST SP 800-90A specification. 4) Enforce checking result of hmac_drbg_generate(), update call sites to check for errors. 5) Reseeding in generate function consumes additional data as per NIST SP 800-90Ar1 9.3.1 BUG=b:138577416 TEST=make BOARD=cr50 CRYPTO_TEST=1 DRBG_TEST=1; test/tpm_test/tpm_test.py in ccd: hmac_drbg rand_perf Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I0e780b5c237d7fbc64e8b0e74d12559a1f40f84c Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3183397 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: remove unused and empty struct APPKEY_CTX from APIsVadim Sukhomlinov2021-09-171-3/+2
| | | | | | | | | | | | | | | | struct APPKEY_CTX is an empty struct passed with few APIs and not used for any purpose. Remove it. BUG=none TEST=make BOARD=cr50 CRYPTO_TEST=1; Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I4bcb8f196b70cefc58a81e8592d83aa70464fcf8 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3169374 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: switch to using DRBG for key generation purposes.Vadim Sukhomlinov2021-09-171-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | An "Approved" RNG listed in FIPS 140-2 Annex C must be used for the generation of random data or cryptographic keys used by an approved security function. Detailed information and guidance on Key Generation can be found in NIST SP 800-133 and FIPS 140-2 IG 7.8 and D.12. Many of function use raw entropy from TRNG without any health tests or even checking returned status, as old API didn't provide any indication of failure. With this patch we remove old API: rand() and rand_bytes() and expose new API: fips_rand_bytes() - generation of random bits from properly instantiated and reseeded as needed DRBG. fips_trng_bytes() - generation of entropy from TRNG with statistical testing and checking for TRNG failures. fips_trng_rand32() - generation of 32 bits from TRNG with health check and indication of status. ccd, rsa, ecc, pinweaver, rma_auth are updated to use new APIs. These functions are moved into dcrypto.h which will become "Public API" for the module. trng_test vendor command moved to dcrypto/trng.c where it belongs. BUG=b:138577416 TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpmtest.py TCG tests. -------------------------- Test Result Summary ------------------------- Test executed on: Thu Sep 16 10:16:59 2021 Performed Tests: 248 Passed Tests: 248 Failed Tests: 0 Errors: 0 Warnings: 0 ====================================================================== Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I80d103ead1962ee388df5cabfabe0498d8d06d38 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3165870 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: consolidate FIPS module sources under board/cr50/dcryptoVadim Sukhomlinov2021-09-101-1/+1
| | | | | | | | | | | | | | | | | To simplify identification of FIPS module boundary, move all sources into same place. BUG=b:134594373 TEST=make buildall -j Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I6acd12d12c00a3362041914bd515534f72a08ab2 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3150057 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* u2f: refactoring to split command processing and cryptoVadim Sukhomlinov2021-09-021-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | Split U2F crypto from U2F command processing by moving all crypto code into boards/cr50 (platform hooks). U2F state management is part of common code and passed to U2F crypto as a parameter. Previously reviewed as https://crrev.com/c/3034852, but reverted due to ChromeOS dependency on include/u2f.h. In this revision this is addressed by restoring include/u2f.h with previous content and new additions and adjusting dependencies in other headers. BUG=b:134594373 TEST=make BOARD=cr50 CRYPTO_TEST=1 console: u2f_test test/tpmtest.py FAFT U2F tests pass Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: Iff1973c8e475216b801d7adde23b1ef6c4a6f699 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3119223 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: merge crypto_enabled() and fips_crypto_allowed()Vadim Sukhomlinov2021-08-311-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to block access to all crypto in case of FIPS errors. There are multiple steps to implement, this is one of few. There is common API crypto_enabled() which is used by nvmem and some other functions to check wherever access to crypto is possible. This is same intent as fips_crypto_allowed(), though the latter checks for FIPS KAT errors, while the former checks only key ladder status. Here we make all FIPS errors to revoke access from key ladder, and fips_crypto_allowed() to check key ladder status. This way we also ensure that in case of FIPS errors access to device secrets will be blocked. We moved crypto_api.c from chip/g to board/cr50 to move crypto_enabled() into fips.c and alias it to fips_crypto_enabled(). crypto_api.h is no longer included from dcrypto.h, and compile time assert for cipher salt size is moved to proper place. Since crypto is used by nvmem_init(), move FIPS power-up tests earlier to ensure nvmem_init() can access crypto. BUG=b:197893750 TEST=make CRYPTO_TEST=1; tpm_test; check nvmem is properly initialized on board_init(). Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: If70c2a21d61348bd97a47e26db5d8eec08bbf8ed Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3123836 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* Revert "u2f: refactoring to split command processing and crypto"stabilize-14179.B-cr50_stabstabilize-14178.B-cr50_stabDavid Stevens2021-08-251-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 5ae1c684271a117539858cb12252959dfe46803c. Reason for revert: breaks chromeos-ec-headers BUG=b:197691499 Original change's description: > u2f: refactoring to split command processing and crypto > > Split U2F crypto from U2F command processing by moving all crypto > code into boards/cr50 (platform hooks). > > U2F state management is part of common code and passed to U2F crypto > as a parameter. > > BUG=b:134594373 > TEST=make BOARD=cr50 CRYPTO_TEST=1 > console: u2f_test > test/tpmtest.py > FAFT U2F tests pass > > Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> > Change-Id: I85442cddb2959bd3102f7f6e6047134ede90951b > Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3034852 > Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> > Reviewed-by: Andrey Pronin <apronin@chromium.org> > Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> > Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Bug: b:134594373 Change-Id: I61a965995fcd53b4e155084f5f351574cb84cd1e Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3115930 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Owners-Override: David Stevens <stevensd@chromium.org>
* u2f: refactoring to split command processing and cryptoVadim Sukhomlinov2021-08-241-0/+3
| | | | | | | | | | | | | | | | | | | | | | Split U2F crypto from U2F command processing by moving all crypto code into boards/cr50 (platform hooks). U2F state management is part of common code and passed to U2F crypto as a parameter. BUG=b:134594373 TEST=make BOARD=cr50 CRYPTO_TEST=1 console: u2f_test test/tpmtest.py FAFT U2F tests pass Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I85442cddb2959bd3102f7f6e6047134ede90951b Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3034852 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: final touches to remove cryptoc dependencystabilize-14163.B-cr50_stabVadim Sukhomlinov2021-08-163-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | To implement FIPS module we need to bring many crypto functions in the module boundary. Unfortunately, cryptoc is a third-party library used by dcrypto code in cr50. Cryptoc is also not well-maintained and shared with other projects. While just making local copy of cryptoc would solve an issue, it's suboptimal as prevents from many optimizations and improvements. 1. Clean-up of #include dependencies on cryptoc 2. Build configuration drops linking with cryptoc for cr50 3. Dcrypto SHA512 code updated to compile and partially tested. It is about 4x faster on large messages, and about 620 bytes larger. Added an config option to use Dcrypto version as software, but not enabled. More testing is needed to make sure it's safe and doesn't have unintended interactions with RSA and ECDSA Dcrypto code. BUG=b:138578318 TEST=make BOARD=cr50 CRYPTO_TEST=1; tpm_test Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I030b60b75daeec9c8ef079017a73345829bf7f0b Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3093093 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: drop cryptoc for SHA1/SHA2 supportstabilize-14150.882.B-cr50_stabstabilize-14150.881.B-cr50_stabstabilize-14150.74.B-cr50_stabstabilize-14150.734.B-cr50_stabstabilize-14150.64.B-cr50_stabstabilize-14150.43.B-cr50_stabstabilize-14150.376.B-cr50_stabrelease-R94-14150.B-cr50_stabrelease-R94-14150.49.B-cr50_stabVadim Sukhomlinov2021-08-124-16/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To implement FIPS module we need to bring many crypto functions in the module boundary. Unfortunately, cryptoc is a third-party library used by dcrypto code in cr50. Cryptoc is also not well-maintained and shared with other projects. While just making local copy of cryptoc would solve an issue, it's suboptimal as prevents from many optimizations and improvements. Provided SHA & HMAC implementations from Ti50 project. This provides better performance (500us vs. 670us earlier for HMAC DRBG) and reduce code size. This implementation also enables stack use savings when only specific digest is needed. Earlier SHA512 context was allocated when only SHA256 is needed greatly increasing stack consumption for code using HMAC_DRBG and others. However, it introduce subtle API changes which require handling. As for tests, since core implementation is hardware-independent, make it available for BOARD=host too. Before change (with cryptoc): *** 12368 bytes in flash and 5784 bytes in RAM After: *** 13136 bytes in flash and 5796 bytes in RAM BUG=b:138578318 TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I2ff5362aee9078ce83dc1f8081943a5101d5f666 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3064201 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* usb_spi: move to Raiden V2 implementationVadim Bendebury2021-08-024-6/+730
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch introduces an alternative USB SPI protocol implementation to be used by Cr50: Raiden V2. The SPI USB endpoint descriptor is modified to advertise the new version in the bInterfaceProtocol, which allows the flashrom utility to use the new protocol version. Protocol version 2 implements segmentation and reassembly where longer flash read and write PDUs can be transferred split into shorter fixed size USB packets. The comment section in usb_spi_v2.c describes the protocol in detail. Each time a USB packet is received from the host, the packet header is examined to determine the command. The command could be a DUT configuration query OR a request to read and or write some data from/to the SPI flash chip, OR a request to retransmit the last PDU from the beginning. This patch implementation does not process the retransmittion request command yet, in case a packet is dropped flashrom would need to be re-run. This is a pretty rare condition, but if deemed necessary support can be added later. H1 SPI controller supports multibuffer transactions where the CS signal is kept asserted while the controller clocks the bus when the next portion of data to write becomes available or there is more room to read data to send back to the host. This allows to support arbitrary length read and write transactions. There is no need to support write transactions longer than 256 bytes of data, as this is a typical SPI flash chip page size. For read direction the size of 2040 was chosen, which is close to 2K and takes full payload of 34 USB packets on top of 2 byte headers. The protocol state machine on the device sideOB can be in one of two states, IDLE or WRITING. Many of host requests do not require the device to change state: configuration requests, or writes of short blocks of data (fitting into one USB packet) can be executed immediately. Requests to read long blocks of data can still be executed without leaving the IDLE state, the device starts the SPI transaction and then iterates reading one packet worth of data at a time and sends it back to the host. Once the entire PDU is read, the CS is deasserted. In case the host requests to write a block of data which does not fit into a USB packet the device asserts the CS, sends the first received block to the SPI flash chip and then enters the WRITING state, expecting the controller to send the rest of the PDU in following packets. Once the entire PDU is transferred the CS is deasserted and state is changed back to IDLE. BUG=b:79492818 TEST=performed numerous flash read/write operations with 16M SPI flash chip on the Atlas device. Timing results comparison of various operations: Raiden V1 Raiden V2 Reading entire chip: 3m 16s 0m 52s Vanilla writing of new image: 16m 22s 5m 48s Writing of AP firmware into an erased flash chip (no read before or after writing) 4m 12s 1m 38s Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: I374f3caab7146fc84b62274e9e713430d7d31de0 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2977965 Reviewed-by: Brian Nemec <bnemec@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org>
* g: spi_controller: add the subtransaction capabilityVadim Bendebury2021-06-291-13/+29
| | | | | | | | | | | | | | | | | | | | | | It is necessary to be able to send SPI transactions with sizes exceeding the SPI controller buffer size. This can be achieved by asserting CS before sending the first batch (data block) in a transaction and deasserting CS after the last batch. Let's add a SPI controller spi_sub_transaction() API, with an additional parameter indicating when the last batch is submitted for processing. The existing spi_transaction() API becomes a wrapper which always calls spi_sub_transaction() to send a full single batch transaction. BUG=b:79492818 TEST='flashrom --flash-name' still succeeds. Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: Ia0c5114edd5caf6c6d0e22cab3bfa3c4d86ac79a Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2977964 Reviewed-by: Mary Ruthven <mruthven@chromium.org>
* cr50: use board/cr50/dcryptoMary Ruthven2021-06-281-0/+1
| | | | | | | | | | | | BUG=b:191799047 TEST=make buildall -j ; run tpmtest Change-Id: I8b743c16c4e4b8b0779eb40ba1eb0a78613930f9 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2980812 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* usb_spi: prevent potential loss of upstream trafficVadim Bendebury2021-06-181-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Code placing data on the upstream usb_spi queue does not check if there is enough room on the queue, which could result in silent dropping of data when the upstream queue is busy. This is not a big deal with Raiden protocol V1 where USB packets to the host are sent one at a time, but becomes a problem if the DUT sends multiple USB packets without waiting for the host. Adding a sleep in the loop waiting for the room in the queue to free up seems an appropriate solution, since the AP is held in reset at this point and there is no much activity happening on Cr50. Experiments have shown that with 2KB PDU size the total wait time while reading a 16M flash does not exceed 30 ms when this fix is deployed. BUG=b:79492818 TEST=with the rest of the patches applied observed successful flashrom operations running Raiden protocol version V2. Without this patch there were periodic drops of data sent by DUT. Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: I73fdfdda09837891dc1db2453098ec1d219c4553 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2973573 Reviewed-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Namyoon Woo <namyoon@chromium.org>
* hmac_drbg: increase output sizeMary Ruthven2021-06-091-1/+1
| | | | | | | | | | | | | | Increase the size of the hmac output buffer to 512, so it's big enough to support the lab responses. BUG=b:189376694 TEST=drbg_test.py Change-Id: Id5ff4024079241d36a33f1c36f322a27c4b929d7 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2923240 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Namyoon Woo <namyoon@chromium.org>
* make: fix awk complaintstabilize-14023.B-cr50_stabVadim Bendebury2021-06-041-1/+1
| | | | | | | | | | | | | | | | | | | It has not always been like that but recently the following message started showing up on the console when building Cr50 image with CR50_DEV and H1_DEVID variables defined: awk: cmd. line:1: warning: regexp escape sequence "' is not a ... This patch fixes the problem. BUG=none TEST=running 'CR50_DEV=1 H1_DEVIDS="0 1" make BOARD=cr50 -j' succeeds and does not generate the above error message any more. Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: I3a34e1dc5dc3ca58928bfeac32df1ac7e1aa3c4c Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2931956 Reviewed-by: Namyoon Woo <namyoon@chromium.org>
* cr50: move trng.c under CONFIG_DCRYPTO control in chip/g/build.mkstabilize-14013.B-cr50_stabVadim Sukhomlinov2021-06-031-1/+1
| | | | | | | | | | | | | | | | | | | | | In preparation to dcrypto code refactoring as independent build unit for Cr50 U2F FIPS certifcation, need to enable disabling the use of crypto provided by chip/g/dcrypto and chip/g/trng.c. While use of chip/g/dcrypto is controlled by CONFIG_DCRYPTO, chip/g/trng.c is always linked in. Since all chip/g boards (cr50, cr52*, cr53*) enable CONFIG_DCRYPTO, and logically trng is cryptographic unit, move it under CONFIG_DCRYPTO control. BUG=b:134594373 TEST=make buildall -j Change-Id: I7be47abfe961c4a216a56e15c88254b60da10005 Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2937383 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* host: fixing make runtestsVadim Sukhomlinov2021-06-033-12/+11
| | | | | | | | | | | | | | | | | | | | Changes in compiler resulted in multiple warnings treated as errors, failing host test builds. Addresing warnings by checking return values. BUG=none TEST=make runtests Change-Id: Idb2686370bf041791099b3e332ff25173338e994 Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2936000 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* H1_RED_BOARD: force rddkeepaliveMary Ruthven2021-05-251-0/+4
| | | | | | | | | | | | | Enable rddkeepalive on red boards, so nothing needs to be done to enable ccd. BUG=none TEST=build red board image. Make sure ccd is automatically enabled. Change-Id: If629ead1307d8d12cd36678bae792f1109a0839c Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2916575 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* gsctool: add flags from ti50 repostabilize-13983.B-cr50_stabstabilize-13982.88.B-cr50_stabstabilize-13982.82.B-cr50_stabstabilize-13982.70.B-cr50_stabstabilize-13982.69.B-cr50_stabstabilize-13982.60.B-cr50_stabstabilize-13982.51.B-cr50_stabstabilize-13974.B-cr50_stabrelease-R92-13982.B-cr50_stabJett Rink2021-05-141-0/+2
| | | | | | | | | | | | | | | | | | Add the two new error flag values that were introduced in the ti50 report. See https://chrome-internal.googlesource.com/ti50/common/ti50/+/main/applications/fw_updater/src/structures.rs for ti50 definitions BUG=none TEST=none Cq-Depend: chrome-internal:3831829 Change-Id: I794a49d7c0814258350b479e90167d500081433a Signed-off-by: Jett Rink <jettrink@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2897129 Reviewed-by: Mary Ruthven <mruthven@chromium.org>
* CRYPTO_TEST_SETUP: enable dev featuresMary Ruthven2021-05-071-1/+1
| | | | | | | | | | | | | | | | | Enable dev features in CRYPTO_TEST builds, so it's easier to update and rollback to MP images. Add the rollback command and disable update checks. BUG=b:186663661 TEST=make clobber ; make -j BOARD=cr50 make clobber ; make -j BOARD=cr50 CRYPTO_TEST=1 Change-Id: Id8929f67f206d3222c551532c91921bd646d2a50 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2875480 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Namyoon Woo <namyoon@chromium.org>
View Lorry Controller Status