| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 0e5fa530e2f1eba6e16188be65ac39974a151a17.
After commit 97e22d467 it is no longer needed to reload
watchdog during hash calculation.
BUG=b:182499153
BRANCH=none
TEST=Flash EC and verify that hash calculation is correctly
done without rebooting by watchdog. Reading watchdog value
shows that there is enough remaining time.
Change-Id: Ia7bb6452a6ac42cda88d8b5e1203876cd0465b31
Signed-off-by: Michał Barnaś <mb@semihalf.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2897239
Reviewed-by: Keith Short <keithshort@chromium.org>
Commit-Queue: Keith Short <keithshort@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When not defining CONFIG_WATCHDOG or in Zephyr builds setting
CONFIG_WATCHDOG=n the build would fail here because
CONFIG_WATCHDOG_PERIOD_MS was not defined. This is avoided by
using #ifdef instead of IS_ENABLED
BRANCH=none
BUG=none
TEST=built lazor with and without zephyr
Signed-off-by: Yuval Peress <peress@chromium.org>
Change-Id: I9f390bf32840fc98d38612cc1fcf00d779f902ee
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2859466
Reviewed-by: Denis Brockus <dbrockus@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When neither CONFIG_SHA256_HW_ACCELERATE nor CONFIG_SHA256_UNROLLED
are enabled, calculating the hash can trip the watchdog.
Add watchdog reloads at a rate of 1/2 the watchdog period when both
these options are disabled.
BUG=b:182208446
BRANCH=none
TEST=zmake testall
TEST=Boot zephyr-ec on Volteer, powerdown AP and observe watchdog
timeouts are fixed
Signed-off-by: Keith Short <keithshort@chromium.org>
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Change-Id: I6170b457c91f3247adf9ad47cd7e93b128a1d13b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2744356
Reviewed-by: Yuval Peress <peress@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove unused defines
BRANCH=none
BUG=none
TEST=make buildall
Signed-off-by: Yuval Peress <peress@chromium.org>
Change-Id: I980beb399224b4c2a783085b0d4098514ab49db6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2721464
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No boards or baseboards enable this config option. Removing this
simplifies verifying efs2/vboot on the zephyr project.
BRANCH=none
BUG=b:164421798
TEST=make buildall
Signed-off-by: Yuval Peress <peress@chromium.org>
Change-Id: I10e81f9d3b3829dd8a07992ee805f37d88d9ea84
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2705178
Commit-Queue: Keith Short <keithshort@chromium.org>
Reviewed-by: Keith Short <keithshort@chromium.org>
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Zephyr CONFIG_FLASH_SIZE is a Kconfig value that is used
throughout. The issue is that the units don't match. In
Zephyr the value is in KiB instead of bytes. This refactor
simply renames CONFIG_FLASH_SIZE in platform/ec to include
the unit (via _BYTES).
BRANCH=none
BUG=b:174873770
TEST=make buildall
be generated by the build instead of per board
Signed-off-by: Yuval Peress <peress@chromium.org>
Change-Id: I44bf3c7a20fcf62aaa9ae15715be78db4210f384
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2627638
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Hughes <tomhughes@chromium.org>
Commit-Queue: Jack Rosenthal <jrosenth@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is the hardware accelerator for SHA computation inside npcx9. This
CL wraps the Nuvoton SHA library APIs (which are in the ROM) to Chromium
EC's SHA256_* APIs to speed up the SHA256 computation.
With the help of the hardware accelerator, the hash computation runs
several times faster than the software method (see b:155771688 for more
detailed evaluation data.) Also, we can gain ~840 bytes of code size.
BRANCH=none
BUG=b:165777478
BUG=b:155771688
TEST=pass "make buildall"
TEST=flash the same RW image; #define/#undef CONFIG_SHA256_HW_ACCELERATE
; verify the RW hash value is the same in the console message.
TEST=with the following test CL, move test patterns in test/sha256.c
to board/npcx9_evb/test_sha256.c; pass all test patterns.
Signed-off-by: CHLin <CHLin56@nuvoton.com>
Change-Id: I45ca609889bd73573d67d15f3e561614201e60f6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2455021
Tested-by: CH Lin <chlin56@nuvoton.com>
Auto-Submit: CH Lin <chlin56@nuvoton.com>
Reviewed-by: caveh jalali <caveh@chromium.org>
Commit-Queue: caveh jalali <caveh@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Google is working to change its source code to use more inclusive
language. To that end, replace the terms "sane", "sanity check", and
similar with inclusive/non-stigmatizing alternatives.
BUG=b:161832469
BRANCH=None
TEST=`make buildall -j` succeeds. `grep -Eir "sane|sanity" .` shows
results only in third-party code or documentation.
Signed-off-by: Paul Fagerburg <pfagerburg@chromium.org>
Change-Id: I29e78ab27f84f17b1ded75cfa10868fa4e5ae88c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2311169
Reviewed-by: Jett Rink <jettrink@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"enum ec_current_image" is exposed in ec_commands.h (and used by non-EC
code, such as biod).
We also have an "enum system_image_copy_t" that is the exact same thing
(though has a few more definitions).
A followup CL (I714b6bd8c0d7192386404c25a831e38438fa5238) adds the
"sysinfo" host command, so we want to be able to expose all the
potential image variants. Rather than maintain two enums that can
potentially get out of sync, unify the code to use a single enum. We
choose to keep the "enum ec_current_image", since external code depends
on it.
To verify that this change results in no changes to the generated
binaries:
./util/compare_build.sh --board all
BRANCH=none
BUG=b:146447208
TEST=./util/compare_build.sh --board=all
Change-Id: I13776bc3fd6e6ad635980476a35571c52b1767ac
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2036599
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
EFS v1 allowed Chromeboxes to verify RW without AP. EFS v2 will bring
the benefts to Chromebooks, which are:
- Reduce RO dependency and presence. Allow more code to be updated
in the fields.
- Remove jumptag and workarounds needed for late sysjump.
Major imporvements over v1 are:
- No A/B slot required.
- No signature in RW or public key in RO.
- Rollback-attack protection.
- Verifies only RW being used instead of whole RW section.
For battery-equipped devices, additional benefts are:
- Immediate boot on drained battery.
- Support recovery mode regardless of battery condition.
- Faster charge in S5/G3.
EC-Cr50 communication is based on the shared UART (go/ec-cr50-comm).
EFS2 is documented in go/ec-efs2.
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
BUG=chromium:1045217,chromium:141143112
BRANCH=none
TEST=Boot Helios in NORMAL/NO_BOOT/NO_BOOT_RECOVERY/RECOVERY mode.
TEST=Wake up EC from hibernate.
TEST=Make EC assert PACKET_MODE to wake up Cr50 from deepsleep.
Change-Id: I98a4fe1ecc59d106810a75daec3c424f953ff880
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2015357
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
Tested-by: Daisuke Nojiri <dnojiri@chromium.org>
Auto-Submit: Daisuke Nojiri <dnojiri@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to make printf more standard, use %ph. Pass a pointer to
a struct describing the buffer, including its size. Add a convenience
macro so that conversion between the old style and new style is purely
mechanical. The old style of %h cannot be converted directly to %ph as-is
because the C standard doesn't allow flags, precision, or field width on
%p.
Ultimately the goal is to enable compile-time printf format checking.
This gets us one step closer to that.
BUG=chromium:984041
TEST=make -j buildall
BRANCH=None
Cq-Depend:chrome-internal:1559798,chrome-internal:1560598
Change-Id: I9c0ca124a048314c9b62d64bd55b36be55034e0e
Signed-off-by: Evan Green <evgreen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1730605
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the host command handler callback function returns an int, it's easy
to accidentally mix up the enum ec_error_list and enum ec_status types.
The host commands always expect an enum ec_status type, so we change the
return value to be of that explicit type. Compilation will then fail if
you accidentally try to return an enum ec_error_list value.
Ran the following commands and then manually fixed up a few remaining
instances that were not caught:
git grep --name-only 'static int .*(struct host_cmd_handler_args \*args)' |\
xargs sed -i 's#static int \(.*\)(struct host_cmd_handler_args \*args)#\
static enum ec_status \1(struct host_cmd_handler_args \*args)##'
git grep --name-only 'int .*(struct host_cmd_handler_args \*args)' |\
xargs sed -i 's#int \(.*\)(struct host_cmd_handler_args \*args)#\
enum ec_status \1(struct host_cmd_handler_args \*args)##'
BRANCH=none
BUG=chromium:1004831
TEST=make buildall -j
Cq-Depend: chrome-internal:1872675
Change-Id: Id93df9387ac53d016a1594dba86c6642babbfd1e
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1816865
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ran the following command:
git grep -l 'Copyright (c)' | \
xargs sed -i 's/Copyright (c)/Copyright/g'
BRANCH=none
BUG=none
TEST=make buildall -j
Change-Id: I6cc4a0f7e8b30d5b5f97d53c031c299f3e164ca7
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1663262
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was observed that the security verification is the bottleneck for the
EC boot time. In this CL, we reduce this bottleneck by accelerating the
CPU clock during the computation and set it back to normal after.
BRANCH=none
BUG=b:77608104
TEST=pass "make buildall"
TEST =on npcx7_evb, with related CL, we got ~4x improvement of
security verification time.
Change-Id: I679ca10639aa2978b048e1f23285130f6653649b
Signed-off-by: CHLin <CHLIN56@nuvoton.com>
Reviewed-on: https://chromium-review.googlesource.com/1475098
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: CH Lin <chlin56@nuvoton.com>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We add a configuration option to set the minimum shared memory
size (CONFIG_SHAREDMEM_MINIMUM_SIZE), so that the link will fail
if there is not enough IRAM left.
Also, we add 2 macros around shared_mem_acquire, that check, at
build time, that the shared memory size is sufficient for the
allocation:
- SHARED_MEM_ACQUIRE_CHECK should be used instead of
shared_mem_acquire, when size is known in advance.
- SHARED_MEM_CHECK_SIZE should be used when only a maximum size
is known.
This does not account for "jump tags" that boards often add on
jump from RO to RW. Luckily, RW usually does not do verification,
and does not need as much shared memory.
BRANCH=none
BUG=chromium:739771
TEST=make buildall -j, no error
Change-Id: Ic4c72938affe65fe8f8bc17ee5111c1798fc536f
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1002713
Reviewed-by: Gwendal Grignou <gwendal@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hash command expects second parameter to be either
abort, RO, RW. If not then exit the function by
displaying error message instead of calculating hash.
BUG=NONE
BRANCH=NONE
TEST=On EC console 'hash help' should display error message
with usage info.
Change-Id: I4fcad97ce0da1cd48a458de1c659aa3c6b2a60b9
Signed-off-by: Jagadish Krishnamoorthy <jagadish.krishnamoorthy@intel.com>
Reviewed-on: https://chromium-review.googlesource.com/691436
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For the Host Command vboot hash EC_VBOOT_HASH_GET case,
if the input parameter offset and size is 0 then change
offset to data_offset to obtain the latest hash value.
Else retain the offset to get the hash value at offset.
BUG=b:66957716
BRANCH=NONE
TEST=On Soraka, ectool echash commands
(RO, RW) should result in hash information.
Change-Id: Ife17d35b0dfeecb5ec799c9ed722ae48dbec5b5b
Signed-off-by: Jagadish Krishnamoorthy <jagadish.krishnamoorthy@intel.com>
Reviewed-on: https://chromium-review.googlesource.com/685738
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When EFS finds the active slot is invalid, it tries the other slot.
This patch makes the other slot active so that the following boots
will try the other slot first.
This patch also replaces enum flash_rw_slot with system_image_copy_t.
The new APIs are therefore renamed from *_slot to *_copy. Basically,
this makes vboot see slots as a conceptual place instead of physical
spaces bound to flash storage.
BUG=b:65028930
BRANCH=none
TEST=On Fizz, verify:
1. RW_B is old and updated by soft sync. RW_B is activated and
executed after reboot. System continues to boot to OS.
2. RW_A is old and updated by soft sync. RW_A is activated and
executed after reboot. System continues to boot to OS.
Change-Id: Icf97da13e651e7a931b9d507052b9422566eb16c
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/648449
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Chromebox ECs performs EFS: verifying firmware before the AP boots.
This patch updates host commands which are required for the EFS.
The change includes:
* Update EC_CMD_FLASH_REGION_INFO to accept EC_FLASH_REGION_UPDATE
* Update EC_CMD_VBOOT_HASH to accept EC_VBOOT_HASH_OFFSET_UPDATE
When EC_FLASHS_REGION_UPDATE is specified, EC_CMD_FLASH_REGION_INFO
returns the slot which currently is not hosting a running RW copy.
When EC_VBOOT_HASH_OFFSET_UPDATE is specified, EC_CMD_VBOOT_HASH
computs the hash of the update slot. This hash covers the entire
region, including the signature at the end.
This patch undefines CONFIG_CMD_USBMUX and CONFIG_CMD_TYPEC
for gru to create space.
BUG=b:65028930
BRANCH=none
CQ-DEPEND=CL:648071
TEST=On Fizz, verify:
1. RW_B is old and updated by soft sync. RW_B is activated and
executed after reboot. System continues to boot to OS.
2. RW_A is old and updated by soft sync. RW_A is activated and
executed after reboot. System continues to boot to OS.
Change-Id: I9ece907b764d07ce94054ba27996e048c665a80a
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/648448
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we have requested the host to go to recovery mode, the host will
usually not need an RW hash because it won't do EC SW sync. Therefore,
do not auto-start calculation of our hash if we've requested recovery.
This may avoid past recovery-breaking bugs due to unexpected RW contents.
If the host does need the hash after all, it will manually request that
the computation start.
BUG=chromium:612966
BRANCH=None
TEST=Boot to recovery mode on kevin, verify that "hash start" print is
not seen on UART.
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: I66d2d74398357dfe30e39882feec8cfba4cc945c
Reviewed-on: https://chromium-review.googlesource.com/540695
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Shorten certain long prints and reduce the precision of timestamp prints
when CONFIG_CONSOLE_VERBOSE is undef'd.
BUG=chromium:688743
BRANCH=gru
TEST=On kevin, cold reset the EC, boot to OS, and verify cros_ec.log
contains all data since sysjump and is < 2K bytes (~1500 bytes).
Change-Id: Ia9390867788d0ab3087f827b0296107b4e9d4bca
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/438932
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Shawn N <shawnn@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mapped read access to external flash may conflict with direct access
through SPI commands, so call a chip-level function to lock access prior
to doing such reads.
BUG=chrome-os-partner:55781
BRANCH=Gru
TEST=Verify 'ver' still works fine on kevin, and vboot hashing completes
successfully.
Change-Id: I009d6d5ee61c83260fb49ad4ee137fa3f4cd625a
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/385165
Tested-by: Mulin Chao <mlchao@nuvoton.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Mulin Chao <mlchao@nuvoton.com>
(cherry picked from commit a7f3e3fa376731709f4823a0c1d464b4d1deae14)
Reviewed-on: https://chromium-review.googlesource.com/386446
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Shawn N <shawnn@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since pretty much always, we've declared console commands to take
a "longhelp" argument with detailed explanations of what the
command does. But since almost as long, we've never actually used
that argument for anything - we just silently throw it away in
the macro. There's only one command (usbchargemode) that even
thinks it defines that argument.
We're never going to use this, let's just get rid of it.
BUG=none
BRANCH=none
CQ-DEPEND=CL:*279060
CQ-DEPEND=CL:*279158
CQ-DEPEND=CL:*279037
TEST=make buildall; tested on Cr50 hardware
Everything builds. Since we never used this arg anyway, there had
better not be any difference in the result.
Change-Id: Id3f71a53d02e3dc625cfcc12aa71ecb50e35eb9f
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/374163
Reviewed-by: Myles Watson <mylesgw@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously calls to hook_call_deferred were passed the function to call,
which was then looked up in the .rodata.deferred section with a linear
search. This linear search can be replaced with a subtract by passing
the pointer to the deferred_data object created when DECLARE_DEFERRED
was invoked.
Signed-off-by: Anton Staaf <robotboy@chromium.org>
BRANCH=None
BUG=None
CQ-DEPEND=CL:*255812
TEST=make buildall -j
Change-Id: I951dd1541302875b102dd086154cf05591694440
Reviewed-on: https://chromium-review.googlesource.com/334315
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
EC boot / hash computing can be a bottleneck for system boot time.
Reduce this bottleneck by running our processor at 48 MHz through boot,
until vboot hashing of RW completes.
BUG=chrome-os-partner:49583
TEST=Boot chell, verify vboot hash completes within 1 sec of EC boot and
'cbmem' delta between 'vboot select&load kernel' and 'finished EC
verification' is reduced to ~250 ms (which includes sysjump time).
BRANCH=glados
Change-Id: I18d87e685b89decef761e51517bfcfc43dcf8ef0
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/326792
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we're asked to compute a hash of an image on a region of storage, we
may find that the region actually contains no image. In that case, we
need to compute a hash of zero bytes. Properly handle this case from
image size detection to hash computation to hash invalidation.
BUG=chrome-os-partner:49529
TEST=Manual on chell. `dd conv=notrunc if=/dev/zero of=ec.bin bs=131072
count=1`, then write ec.bin and verify SW sync occurs, RW hash is
computed correctly, and the system boots into dev mode.
BRANCH=glados, strago
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: Ie5a023d13d2521f9c224615666950aea8fbc22bb
Reviewed-on: https://chromium-review.googlesource.com/322750
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the RO region being added to software sync, up to two hashes will
be requested during boot. Currently if vboot_hash has a valid hash when
the EC gets an EC_VBOOT_HASH_GET host command then it will return that
hash. When the EC gets a request for the RO hash after it has calculated
the RW hash it returns the RW hash in the response.
This change will add a check that the EC not only has a valid hash, but
that it is for the correct region.
BRANCH=none
BUG=none
TEST=Try to get the RO and RW hashes from depthcharge and make sure they
match the values gotten using ectool
Change-Id: I2449c8d79b4a74f4865dd1234fb253bcdac66a31
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/318861
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Don't assume that images are present in program memory, just because
storage is mapped (npcx case).
2. Use CONFIG_MAPPED_STORAGE_BASE correctly, rather than
PROGRAM_MEMORY_BASE.
BUG=chrome-os-partner:23796
TEST=make buildall -j
BRANCH=none
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: I99c2b382def2a211241d401bbdc39a88ceedca5b
Reviewed-on: https://chromium-review.googlesource.com/300254
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Mulin Chao <mlchao@nuvoton.com>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to support architectures with non-contiguous writable and
protected regions, change storage offsets to be relative to writable and
protected regions, rather than relative to "the start of the region of
storage belonging to the EC".
Spec doc available at https://goo.gl/fnzTvr.
BRANCH=None
BUG=chrome-os-partner:23796
TEST=With entire patch series, on both Samus and Glados:
- Verify 'version' EC console command is correct
- Verify 'flashrom -p ec -r read.bin' reads back EC image
- Verify software sync correctly flashes both EC and PD RW images
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: I796f8e7305a6336495bd256a78774595cb16a2e4
Reviewed-on: https://chromium-review.googlesource.com/297823
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename and add geometry constants to match spec doc -
https://goo.gl/fnzTvr.
CONFIG_FLASH_BASE becomes CONFIG_PROGRAM_MEMORY_BASE
CONFIG_FLASH_MAPPED becomes CONFIG_MAPPED_STORAGE
Add CONFIG_INTERNAL_STORAGE, CONFIG_EXTERNAL_STORAGE and
CONFIG_MAPPED_STORAGE_BASE where appropriate.
This CL leaves chip/npcx in a broken state -- it's fixed in a follow-up
CL.
BRANCH=None
BUG=chrome-os-partner:23796
TEST=With entire patch series, on both Samus and Glados:
- Verify 'version' EC console command is correct
- Verify 'flashrom -p ec -r read.bin' reads back EC image
- Verify software sync correctly flashes both EC and PD RW images
Change-Id: Idb3c4ed9f7f6edd0a6d49ad11753eba713e67a80
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/297484
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If flash is being written, any pending hash calculation is likely to
be invalid.
BRANCH=None
BUG=chrome-os-partner:38103
TEST=on Cyan, run hundreds of flashrom cycles to make sure there are no
read, erase or write errors
Change-Id: I915f8db7998c56fc12e7d85173232882fb7ed80d
Signed-off-by: Divya Jyothi <divya.jyothi@intel.com>
Reviewed-on: https://chromium-review.googlesource.com/282211
Reviewed-by: Shawn N <shawnn@chromium.org>
Commit-Queue: Bernie Thompson <bhthompson@chromium.org>
Tested-by: Bernie Thompson <bhthompson@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:41063
TEST=Enable Software Sync in Coreboot and Depthcharge.
Enable hash computation in EC. Compile EC followed by
Coreboot and program Coreboot followed by EC on a Cyan
system. System should boot to Chrome Login Screen.
BRANCH=none
Change-Id: I4b53e9e55e4da279366eb1283a11a010c52b865f
Signed-off-by: Shamile Khan <shamile.khan@intel.com>
Reviewed-on: https://chromium-review.googlesource.com/276305
Reviewed-by: Shawn N <shawnn@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename image geometry configs with a uniform naming scheme to make their
purposes more clear.
CONFIG_RO_MEM_OFF (was CONFIG_FW_RO_OFF) - RO image offset in program memory
CONFIG_RO_STORAGE_OFF (was CONFIG_RO_SPI_OFF) - RO image offset on storage
CONFIG_RO_SIZE (was CONFIG_FW_RO_SIZE) - Size of RO image
CONFIG_RW_MEM_OFF (was CONFIG_FW_RW_OFF) - RW image offset in program memory
CONFIG_RW_STORAGE_OFF (was CONFIG_RW_SPI_OFF) - RW image offset on storage
CONFIG_RW_SIZE (was CONFIG_FW_RW_SIZE) - Size of RW image
CONFIG_WP_OFF (was CONFIG_FW_WP_RO_OFF) - Offset of WP region on storage
CONFIG_WP_SIZE (was CONFIG_FW_WP_RO_SIZE) - Size of WP region on storage
BUG=chrome-os-partner:39741,chrome-os-partner:23796
TEST=Set date / version strings to constants then `make buildall -j`.
Verify that each ec.bin image is identical pre- and post-change.
BRANCH=None
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: I6ea0a4e456dae71c266fa917a309b9f6fa4b50cd
Reviewed-on: https://chromium-review.googlesource.com/270189
Reviewed-by: Anton Staaf <robotboy@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some EC chips (mec1322) use external SPI flash which is not mapped
into the EC CPU's address space. These must explicitly read data from
flash when calculating the vboot hash or reading the version string of
the image which isn't currently loaded into code RAM.
To test this bug, I used a board with known working mapped flash, and
temporarily patched it to act like it didn't have mapped flash.
Also add a flashread console command, useful for manually testing.
BUG=chrome-os-partner:35308
BRANCH=glower,strago
TEST=manual
1. Apply this patch to samus
2. Check result for 'vboot hash RW'
3. Check result for 'version'
4a. In board/samus/board.h, #undef CONFIG_FLASH_MAPPED and
#define CONFIG_CMD_FLASH
4b. In chip/lm4/flash.c, add the following:
int flash_physical_read(int offset, int size, char *data)
{
const char *src;
if (offset > CONFIG_FLASH_SIZE ||
offset + size > CONFIG_FLASH_SIZE)
return EC_ERROR_INVAL;
src = (const char *)((uintptr_t)CONFIG_FLASH_BASE + offset);
memcpy(data, src, size);
return EC_SUCCESS;
}
Steps 4a,4b will make the LM4 chip act like it doesn't have
memory-mapped flash.
5. From the dev system, util/flash_ec --board=samus --ro
6. Check result for 'vboot hash RW'. Should be same as 2.
7. Check result for 'version' for RW version. Should be same as in 3.
8. From the dev system, util/flash_ec --board=samus
9. sysjump rw
10. Check result for 'version' for RO version. Should be same as in 3.
11. Compare 'flashread 0x100 0x100' with 'md 0x100 0x40'. The results
should be the same (but endian-swapped, since flashread is byte
ordered and md is 32-bit ordered).
12. Revert changes from steps 4a-4b.
Change-Id: I951d6f5603a84e326740936e4e84dfe6296a0f59
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/246200
Reviewed-by: Shawn N <shawnn@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create optional config to remove 'hash' console command and undef it
for a few space-constrained boards (ryu*, samus_pd).
Signed-off-by: Todd Broch <tbroch@chromium.org>
BRANCH=samus
BUG=chrome-os-partner:34489
TEST=manual,
- compile for ryu, samus_pd and save ~400bytes
- 'hash' command no longer appears as a console command
Change-Id: I054fd4473911dd362c2c1d171ee7aaad859d893a
Reviewed-on: https://chromium-review.googlesource.com/238433
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Alec Berg <alecaberg@chromium.org>
Commit-Queue: Todd Broch <tbroch@chromium.org>
Tested-by: Todd Broch <tbroch@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our code base contains a lot of debug messages in this pattern:
CPRINTF("[%T xxx]\n") or ccprintf("[%T xxx]\n")
The strings are taking up spaces in the EC binaries, so let's refactor
this by adding cprints() and ccprints().
cprints() is just like cprintf(), except that it adds the brackets
and the timestamp. ccprints() is equivalent to cprints(CC_CONSOLE, ...)
This saves us hundreds of bytes in EC binaries.
BUG=chromium:374575
TEST=Build and check flash size
BRANCH=None
Change-Id: Ifafe8dc1b80e698b28ed42b70518c7917b49ee51
Signed-off-by: Vic Yang <victoryang@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/200490
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Vboot hash calculation takes ~350 ms during EC boot. Since the hash
task is higher priority than the hook task, this starves all the hooks
during boot.
We could, in theory, fix that simply by swapping the priority of the
hook and hash tasks. But then watchdog detection (in the hook task)
wouldn't detect hangs in the hash task.
A better fix (implemented here) is to convert the hashing operation to
a series of deferred function calls. This gets rid of the hash task
entirely, and allows all pending hooks and other deferred function
calls to take place between each chunk of hashing.
On STM32-based boards, we need to bump up the hook task stack size,
since hashing is called from several layers deep in the hook task
instead of at the top of its own task, but this is still a net win of
several hundred bytes of SRAM.
BUG=chrome-os-partner:24892
BRANCH=rambi
TEST=Boot EC; look for "hash start" and "hash done" debug output.
'taskinfo' shows at least 32 bytes of unused stack for HOOKS task.
'hash ro' runs properly from EC console.
Change-Id: I9e580dc10fc0bc8e44896d84451218ef67578bbe
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/181954
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On HASH_START command, we should also fill in hash status in response so
that the caller sees BUSY status in response.
BUG=chrome-os-partner:23067
TEST=Along with u-boot change, corrupting EC RW followed by a warm reset
doesn't result in shutdown.
BRANCH=All
Change-Id: Ie0c1b35d71bc0420b011f0413f92feb88138db4d
Signed-off-by: Vic Yang <victoryang@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/172380
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This prevents the EC from returning a stale hash.
BUG=chrome-os-partner:16668
BRANCH=link,snow
TEST=manual, with WP disabled
From EC console
- Boot system and wait a second
- hash --> prints valid hash
- flasherase 0x20000 0x1000
- hash --> invalid
- hash rw
- hash --> prints valid hash
- flashwrite 0x20000 0x1000
- hash --> invalid
- hash rw
- flasherase 0x38000 0x1000
- flashwrite 0x38000 0x1000
- hash --> still valid (since 0x38000 is outside the rw section)
From root shell
- ectool hash --> prints valid hash
- ectool flasherase 0x20000 0x1000
- ectool hash --> invalid
- ectool hash recalc RW
- ectool hash --> prints valid hash
- echo 'Making a hash of this' > /tmp/hashofthis
- ectool flashwrite 0x20000 /tmp/hashofthis
- ectool hash --> invalid
- ectool hash recalc RW
- ectool flasherase 0x38000 0x1000
- ectool flashwrite 0x38000 /tmp/hashofthis
- ectool hash --> still valid (since 0x38000 is outside the rw section)
Change-Id: Id915a504a7bc70b8b8c339b5ce55dc5bad5838fe
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/39484
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This copies the parts of sha256.c that we need from vboot_reference,
and removes the explicit dependency on vboot_reference. That
dependency was a good idea when we were doing full verified boot in
the EC, but is now overkill and makes it harder for others to reuse
the EC code. This also lets us call EC functions directly instead of
needing vboot_stub.cc; that reduces code size by ~100 bytes.
BUG=chrome-os-partner:15579
BRANCH=none
TEST=vboot_hash ro, then compare with result of sha256sum build/link/ec.RO.flat
Change-Id: I0f236174291df3e7f3c75e960fe9ab32af305a61
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/36589
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This solves the problem where the AP updates EC-RW as part of software
sync, then tells the EC to jump to EC-RW. On the next boot the EC
still returned the saved old RW hash, causing a needless cold boot.
This change is backwards/forwards compatible; existing RO code will
simply save a hash new RW code won't look at, and existing RW code
already knows to recompute the hash if the RO code didn't save it.
Hash computation is done in the background and takes ~350ms, so this
should have no noticeable effect on performance.
BUG=chrome-os-partner:13511
BRANCH=all (not needed for FSI, since RW code with this change will do
the right thing with existing RO code)
TEST=at the EC console, "sysjump RW" and look at the EC debug log for
"hash done".
Change-Id: Ie5255727b9d896b7c4e4f537e91d831682afc7f6
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/33634
Reviewed-by: Tom Wai-Hong Tam <waihong@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise the host needs to tell the EC how big this image is (which
it knows, but it's inconvenient for it to provide).
BUG=chrome-os-partner:13511
BRANCH=all
TEST=manual
1. ectool echash recalc ro -> prints hash of RO code (offset 0)
2. ectool echash recalc rw -> prints hash of RW code (offset non-zero)
In each case, size should be an exact number and not the size of the
whole RO or RW section. So for link, output should be something similar to:
localhost ~ # ectool echash recalc ro
Hashing EC-RO...
status: done
type: SHA-256
offset: 0x00000000
size: 0x00012a64
hash: 03a66c076d6dd4b4aa9ed6386713f45291f5143f9af2093003e632485899daf1
localhost ~ # ectool echash recalc rw
Hashing EC-RW...
status: done
type: SHA-256
offset: 0x00014000
size: 0x000123d1
hash: 0d6225e70f0b1e0419e987370371e00783f945827ef25915a8fb8549159dd2a4
Signed-off-by: Randall Spangler <rspangler@chromium.org>
3. At ec console, 'hash ro' or 'hash rw' should regenerate the same
hash values printed above.
Change-Id: I3f6085d29927b8cdf9dabc6930f0fdc7222bd8b5
Reviewed-on: https://gerrit.chromium.org/gerrit/33123
Tested-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Commit-Ready: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows recomputing hash after EC boots.
BUG=chrome-os-partner:13988
BRANCH=all
TEST=manual
1. hash 2048 2048
2. hash 0 2048
3. hash -> hash value should be different than in step 1
Change-Id: Id66d0655a143b5190b5d8949b0fa9a18dbbc05f4
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/33118
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:13084
TEST=manual
flash_erase 0x14000 0x14000
reboot
hash
Offset: 0x00014000
Size: 0x00000000 (0)
Digest: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
BRANCH=link,snow
Change-Id: I3152c201edac5ef6ad8e28c4e55cd6245b61e786
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/31277
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CONFIG_FW_RW_OFF is already relative to the base address of the flash,
we don't need to substract it.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BUG=None
TEST=on Snow, run with CONFIG_VBOOT and CONFIG_VBOOT_HASH activated and
see the hash is correctly computed and display.
Change-Id: I1643b07a59459baa973bfd7ee80cbf98963a85d4
Reviewed-on: https://gerrit.chromium.org/gerrit/29276
Reviewed-by: Vic Yang <victoryang@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Add precision to limit string length.
ccprintf("%.4s", "foobar") prints "foob"
2. Handle '*' for length, precision fields.
ccprintf("%.*s", 3, "foobar") prints "foo"
3. Add hex-dump code "%h"
ccprintf("%.*s", 4, "foobar") prints 666f6f62
BUG=none
TEST=at ec console, 'hash' prints the current hash
Change-Id: I568310f2727495b021081bf58df2a0bbb3c74e73
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/28704
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes a bunch of unnecessary typecasts, since you can assign
to/from void * without them. This also uncovered a few cases where
const was being cast away for the input params; now fixed.
BUG=none
TEST=mkbp hash from u-boot console, and/or system boots ok
Change-Id: Ic314b9d2ca06226ea8a09703ef5c1a912eb7146d
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/28500
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No need to hash a bunch of 0xff's at the end. We explicitly set a
0xea byte after the end of the code in firmware_image.lds.S.
BUG=chrome-os-partner:11087
TEST=look for the hash start line in the EC debug output:
[0.011543 hash start 0x00014000 0x00011590]
The second number is the code size. It should be the same size as
ec.RW.bin, instead of 0x14000.
Change-Id: Ibc94851dc1a09eb46cad46bb97dc5762f9c521f0
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/28300
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=hash -> prints offset, size, (digest or in-progress)
Change-Id: Ic21319c522811b3b73ace3538adb5dda0e6324c2
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/28301
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All of our current EC configs have RO and a single RW image. Calling
that image 'A' is confusing, particularly when combined with EC
software sync (where the RW image is updated from either the A or B AP
RW firmware). So, rename it.
This changes all the build artifacts and constants. Internal EC
commands and host commands still refer to A/B; that will be fixed in
part 2.
BUG=none
TEST=build link, snow, bds
Change-Id: Icfed4914745f0799bb71befb6a6563cfd8bc90ab
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/27649
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
|