| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pinweaver needs a timer that counts through deep sleep. This change
keeps track of the time since cold boot in PWRDN_SCRATCH23. Before the
low speed timer is cleared during init add the value to PWRDN_SCRATCH23.
BUG=b:262036852,b:279759625
TEST=manual
After hard reset the cold reset time and system time should be
the same.
> sysinfo
Reset flags: 0x00000800 (hard)
Reset count: 0
> get
Time: 0x0000000006628dd7 = 107.122135 s
since cold_reset: 107 s
Verify the cold reset timer keeps counting during deep sleep.
dut-control cold_reset:on
[138.415843 AP off]
[Reset cause: hibernate wake-pin]
[Image: RW, ...
[0.003864 Inits done]
[0.009647 init_jittery_clock_locking_o...
[0.039134 init took 22838]
> get
Time: 0x0000000000bf3e3a = 12.533306 s
since cold_reset: 150 s
> sysi
Reset flags: 0x00000140 (hibernate wake-pin)
Verify cold reset and system time are the same after H1_RST_L
is pulsed
dut-control gsc_reset:on gsc_reset:off
> get
Time: 0x00000000001cdea9 = 1.892009 s
since cold_reset: 1 s
> sysi
Reset flags: 0x00000008 (power-on)
Reset count: 1
Change-Id: Ie57324880c8b8068ddff62760848e161b2df903d
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4093120
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a 64 bit write once factory config space to info1. If the factory
has something they want to configure, they can use part of the space to
store that configration.
Right now nothing in cr50 uses the factory config space. If we need to
modify cr50 behavior based on the space value, we can add functionality
later. The factory just needs to set the bit in the factory config.
BUG=b:214065944
TEST=manual
Clear the Board ID
set the config to 0. Verify it does nothing
gsctool -a --factory_config 0
gsctool -a --factory_config
0
Set the flags
gsctool -ai 0xffffffff:0x10
Set the config to something
gsctool -a --factory_config 0x12345678cafecafe
gsctool -a --factory_config
12345678CAFECAFE
# Set it to the same thing. Verify cr50 returns EC_SUCCESS.
gsctool -a --factory_config 0x12345678cafecafe
gsctool -a --factory_config
12345678CAFECAFE
[40.114944 write_factory_config: ok.]
Try to set it to something else. Verify it's rejected because
the space is set.
gsctool -a --factory_config 0xcafe
[43.331302 write_factory_config: factory cfg already programmed]
gsctool -a --factory_config
12345678CAFECAFE
Set the Board ID Type
gsctool -ai ZZCR:0x10
Try to set the config again. Verify it's rejected because the
board id type is set.
gsctool -a --factory_config 0x12345678cafecafe
Factory config failed. (7)
gsctool -a --factory_config
12345678CAFECAFE
Change-Id: Ie816ebffcf6c24ad94bbcd2dc2f0c3936caafb11
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4424873
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=wp vendor command is enabled in DBG images over usb. It's still
disabled in non-DBG images.
Change-Id: I2649edc71bf9a1c9c03ff3744ccb7beb60ab1ff9
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4367527
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before this fix, update_pcr was inserting an extra byte at the start
of the updated value.
BUG=b:273331256
TEST=see BUG
Change-Id: Idb648ff7f999c48f93bd7dfe9a207ecd48fa53d5
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4351200
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the definition for UINT64_MAX which is used in v2 PinWeaver code,
and toggle the BIOMETRICS_DEV flag to increase PinWeaver version to 2.
BUG=b:262040869
TEST=make buildall -j
TEST=tast run $DUT hwsec.PINWeaver*
Cq-Depend: chromium:4337476
Change-Id: I54642a098bbe697e461d636a416ed5512c8ae528
Signed-off-by: Howard Yang <hcyang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4337180
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add CONFIG_PLATFORM_PINWEAVER build flag, and support for building
platform/pinweaver.
BUG=b:262040869
TEST=make board=cr50 -j
Change-Id: I993051af60ab4163c37726eac87bd98a8b60fc69
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311234
Tested-by: Howard Yang <hcyang@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Howard Yang <hcyang@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename the headers so they will not collide with platform/pinweaver
headers with the same names.
BUG=b:262040869
TEST=make -j BOARD=cr50
Cq-Depend: chromium:4337377
Change-Id: Iee9f44c4fcb6ab0a01faec5886f07b84c271d1fc
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311233
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Howard Yang <hcyang@google.com>
Commit-Queue: Howard Yang <hcyang@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a board can't read ap flash reliably, then it won't be able to find
the fmap. Print a message, so it's easier to tell what's happening.
BUG=none
TEST=none
Change-Id: I6bdc1a4a927090e427b9c84b63b87aff4e8e4e1c
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4068960
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If usb_spi_sha256_update returns something other than EC_SUCCESS, fail
verification.
BUG=b:260878795
TEST=add a delay to make spi_hash timeout. Verify cr50 fails
verification.
Change-Id: I4ba750748eb131046828f642b9736ed62a781789
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4066233
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
AP RO verification fails pretty quickly if the v1 check data or gbb data
is corrupted. Prevent releasing EC_RST_L for 60 seconds after AP RO
verification fails. This way the user won't accidentally clear the AP RO
status while triggering AP RO verification.
BUG=b:236844541
TEST=save invalid gbbd data. Verify cr50 rejects releasing EC_RST_L for
one minute.
[14.246295 RO Validation triggered]
[14.248630 do_ap_ro_check: found v1 data]
[14.250152 enable_spi_pinmux: AP]
[14.253627 spi_hash_pp_done: AP]
[14.254688 do_ap_ro_check: bad gbbd]
[14.256019 spi_hash_disable]
[14.257102 AP RO FAILED! evt(13)]
[14.733604 AP off]
[15.782028 ap_ro_clear_ec_rst_override: too soon]
[15.782978 Recovery Requested]
[16.953887 ap_ro_clear_ec_rst_override: too soon]
[16.954856 Recovery Requested]
[76.268520 power button pressed]
[76.524902 ap_ro_clear_ec_rst_override: done]
[76.525802 Recovery Requested]
[76.593330 Refresh press registered]
[76.757183 AP UART on]
[76.897575 Power button released, RO Check Detection stopped]
[77.147407 deferred_tpm_rst_isr]
Change-Id: Ifcdf37df228fe21e6ff0810393e49d6adb2b076a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3949624
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It shouldn't be possible to have an unsupported ap_ro_check type and
the data shouldn't get corrupted. Fail verification, so the user can
tell that something is wrong. If the space is empty or the board id is
blocked, still treat verification as unsupported and allow the device to
boot.
Move the AP RO failed processing into a function, so cr50 can fail
immediately.
BUG=none
TEST=manual
use a DBG image to write ap_ro_check data with the wrong type.
Verify verification fails immediately
[65.918056 RO Validation triggered]
[65.920169 ap_ro_check_unsupported: unable to read ap ro space]
[65.922733 do_ap_ro_check: bad v1 data]
[65.924049 enable_spi_pinmux: AP]
[65.927314 spi_hash_pp_done: AP]
[65.928829 spi_hash_disable]
[65.929904 AP RO FAILED!]
Erase V1 data. Check verification is skipped because it's
unsupported.
[3.724384 RO Validation triggered]
[3.726524 ap_ro_check_unsupported: RO verification not programmed]
[3.728363 do_ap_ro_check: unsupported]
[3.906272 AP UART on]
[4.296054 deferred_tpm_rst_isr]
[4.297027 AP on]
[4.297588 tpm_reset_request(0, 0)]
[4.298374 tpm_reset_now(0)]
[4.299095 Committing NVMEM changes.]
Write V1 data normally. Check verification runs normally.
[35.977050 RO Validation triggered]
[35.978744 do_ap_ro_check: found v1 data]
[35.979732 enable_spi_pinmux: AP]
[35.982574 spi_hash_pp_done: AP]
[35.983276 get_saved_gbbd: not programmed]
[36.145401 validate_gbb_flags: ok]
[36.146457 Using 0 for GBB flags.]
[36.147239 usb_spi_sha256_update: c00000:500c]
[36.190986 usb_spi_sha256_update: c05010:3faff0]
[43.365467 matched gbb 0]
[43.367374 do_ap_ro_check: saved gbbd]
[43.368988 spi_hash_disable]
[43.370231 AP RO PASS!]
Change-Id: I9be2a900dc69009b40c32e12dec250e54977a08a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4004357
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
AP RO V2 is disabled in cr50. Comment out the GSCVD type since it's
unused. Keep it in the code, so it won't get used in the future.
BUG=none
TEST=make buildall -j
Change-Id: Ib850356d7d076555f5630e88785a32542686e208
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4004765
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Save the GBBD in AP RO flash after verification passes. It takes a while
to cycle through all of the factory flags. If Cr50 successfully matches
the saved AP RO hash with injected factory flags, save the flags to save
for future runs.
The gbb descriptor data is saved 512 bytes after the start of the AP RO
check data. The max v1 size is currently 296 bytes, so there's extra
room if we need to increase the AP RO check data size. The entire AP RO
data space is 2048, so there's a lot of extra space after the gbb
descriptor if we need to add more stuff.
BUG=b:236844541
TEST=manual
# erase hash
> ap_ro_info erase
# set the GBB flags to 0x239
/usr/share/vboot/bin/set_gbb_flags.sh 0x239
# add test key to RO_VPD
vpd -i RO_VPD -s "apro_test=original"
# save hash
ap_ro_hash.py WP_RO
# trigger verification. Make sure it fails because the flags
# are 0x239
[200.425891 RO Validation triggered]
...
[200.481670 AP RO FAILED!]
# set the GBB flags to 0
/usr/share/vboot/bin/set_gbb_flags.sh 0
# change test RO_VPD key. make sure verification fails.
vpd -i RO_VPD -s "apro_test=wrong"
[3.822818 RO Validation triggered]
...
[61.407680 spi_hash_disable]
[61.407955 AP RO FAILED!]
[61.418949 AP off]
# restore test RO_VPD key.
vpd -i RO_VPD -s "apro_test=original"
# trigger verification. Make sure it passes and saves the gbbd.
[3.822818 RO Validation triggered]
[3.825035 enable_spi_pinmux: AP]
...
[25.695068 spi_hash_disable]
[25.696224 AP RO PASS!]
# check saved gbbd shows 0x239
> ap
result : 6
gbb : saved (0x239)
supported : yes
...
# Trigger verification. Verify Cr50 just uses 0x239
[356.968860 RO Validation triggered]
[356.969795 enable_spi_pinmux: AP]
...
[364.289047 AP RO PASS!]
# change test RO_VPD key make sure verification fails.
vpd -i RO_VPD -s "apro_test=wrong"
[213.868492 RO Validation triggered]
...
[221.192661 AP RO FAILED!]
# erase the AP RO data. Verify gbbd gets cleared
> ap_ro_info erase
result : 6
[400.206562 ap_ro_check_unsupported: RO verification not programmed]
supported : no
> ap
result : 6
[403.772743 ap_ro_check_unsupported: RO verification not programmed]
supported : no
>
Change-Id: Iad8cfd4a448c2e5798a94aa8b4e3a735281eb849
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3915000
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A followup CL is going to add gbb data after the ap ro check payload.
Define ap_ro_check_payload with the maximum number of AP RO ranges, so
there is enough space between the AP RO check v1 data and the gbb
descriptor.
BUG=b:236844541
TEST=cr50 can validate existing AP RO data and save new data. Check one
range and 32 ranges.
Change-Id: I1faff319644b5c6aa531e500d3d60b4ce9c170ee
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3949615
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We'll need to reuse this code. Move it to its own function.
BUG=b:236844541
TEST=erase the hash, write it, and trigger verification. Make sure
ap_ro_info looks ok after reboot.
Change-Id: If49fff3ad7e56d8685e08b480301e439fa715241
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3914999
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The AP RO flags may have been non-zero when the factory generated the
hash. The stored hash will not match finalized firmware since it was
generated with non-zero gbb flags and the gbb flags are set to 0 during
finalization.
Cr50 can try to match the saved hash by using factory flags to calculate
the AP RO hash. As long as the GBB flags are actually set to 0 it should
be ok to try calculating the hash with a limited set of possible factory
flags. Try to match the saved hash using GBB flags 0 to calculate the
hash. If that doesn't match, cycle through the rest of the possible
factory flags to see if any of them generate the saved hash. If none of
the factory flags work, fail verification.
This change adds 8 possible factory flag values: 0, 0x39, 0x239, 0x1039,
0x50b9, 0x40b9, 0x52b9, and 0x42b9
BUG=b:236844541,b:230071229
TEST=manual
# add 0x42b9 possible_factory_flags
# Set GBB flags to 0x42b9
/usr/share/vboot/bin/set_gbb_flags.sh 0x42b9
# save the hash with GBB 0x42b9
ap_ro_hash.py FMAP GBB
# Verify AP RO verification fails because flags are 0x42b9
[349.029624 enable_spi_pinmux: AP]
[349.030178 tpm_rst_asserted]
[349.032382 spi_hash_pp_done: AP]
[349.137962 validate_gbb: invalid flags 42b9]
# reboot cr50 to release ec reset
> reboot
# Set GBB flags to 0
/usr/share/vboot/bin/set_gbb_flags.sh 0
# Verify ap ro verification passes.
Change-Id: I17d191abada342263ea246911ce47ac24dbb940c
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3840653
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A future cl will call usb_spi_sha256_update in more places. Move the
range print statement into usb_spi_sha256_update, so we don't need to
print the range in multiple places later.
BUG=b:236844541
TEST=make -j BOARD=cr50
Change-Id: I9475d14ea0d65be1ad68f606252d50d9af964253
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3840652
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change verifies the GBB flags are 0. Before running verification
find the GBB flags using FMAP. Read the flags and verify they're 0. If
they are continue with verification. If verification passes, set the
status to AP_RO_PASS instead of AP_RO_PASS_UNVERIFIED_GBB.
BUG=b:236844541
TEST=manual
# Set GBB flags to 0x42b9
/usr/share/vboot/bin/set_gbb_flags.sh 0x42b9
# save the hash with GBB 0x42b9
ap_ro_hash.py WP_RO
# Verify AP RO verification fails because flags are 0x42b9
[72.692916 RO Validation triggered]
[72.694034 enable_spi_pinmux: AP]
[72.696472 spi_hash_pp_done: AP]
[72.747348 validate_gbbd: invalid flags 42b9]
[72.748043 spi_hash_disable]
[72.748325 AP RO FAILED!]
# reboot cr50 to release ec reset
> reboot
# Set GBB flags to 0
/usr/share/vboot/bin/set_gbb_flags.sh 0
# Verify ap ro verification passes.
[11.887981 RO Validation triggered]
[11.890193 enable_spi_pinmux: AP]
[11.893215 spi_hash_pp_done: AP]
[11.944625 validate_gbbd: ok]
[11.945545 validate_ranges_sha: 0:400000]
[12.001037 AC: -F]
[19.201118 spi_hash_disable]
[19.202487 AP RO PASS!]
[19.212337 AP off]
[19.264606 CCD state: UARTEC+TX]
# Verify verification fails if the FMAP isn't in the hash.
# Set the hash
ap_ro_hash.py COREBOOT GBB
# Trigger verification. It should fail because the fmap isn't in
# the hash.
[87.274055 RO Validation triggered]
[87.275653 enable_spi_pinmux: AP]
[87.278614 spi_hash_pp_done: AP]
[87.329715 init_gbbd: FMAP(3c0000:47c) not in hash.]
[87.367118 combo0 efs rst]
[87.367698 Recovery Requested]
[87.388858 AC: -F]
[87.544731 init_gbbd: FMAP(13c0000:47c) not in hash.]
[87.707511 spi_hash_disable]
[87.708415 AP RO FAILED!]
Change-Id: I3f53272a9c1aa1e82df16461dd4ac6577e4060c8
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3840651
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove most of the v2 support. Keep finding the FMAP and put it behind
FIND_FMAP, so we can use it to find the gbb.
BUG=none
TEST=manual
# erase AP RO hash. Make sure AP RO verification is skipped and
# the device boots.
[128.981224 RO Validation triggered]
[128.982357 ap_ro_check_unsupported: RO verification not ...]
[129.109138 AC: R-]
# Set the hash. Make sure validation runs.
[56.397819 RO Validation triggered]
[56.399009 enable_spi_pinmux: AP]
[56.401519 spi_hash_pp_done: AP]
...
Change-Id: Id52180c352a57e0e1e3cdc18bc3ee0fcce4c222c
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3869309
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: I61b0b0106a43f723ec3bc805eb190aef00bbd05b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3894391
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a build assert to verify the header, hash, and maximum number of RO
ranges can fit in the AP RO space.
BUG=none
TEST=none
Change-Id: I4ecd12ba06e1af524d6ae38a16211ffddeabb8f9
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3840986
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are a couple of known issues saving the AP RO verification hash in
cr50, so it's possible AP RO verification will fail even if the AP RO is
ok. Add support for releasing the EC from reset with PWRB + refresh
after AP RO verification fails. This just makes it easier to recover the
device. If the device is released from reset, the status is set to
AP_RO_FAIL_CLEARED and a APROF_FAIL_CLEARED flog event is logged.
This only releases EC reset if the device failed AP RO verification. Any
other verification status won't get cleared by the key combo.
BUG=b:240530668
TEST=trigger verification on a device with a bad hash. Verify the EC is
held in reset until PWRB + refresh is pressed.
make -C extra/usb_updater gsctool
Change-Id: I03a02501e7c91a41374816d82f48a5289f289c39
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3805820
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems this field is only accessed by TPM2_ContextSave command, didn't
affect the format of data and only led to faster increase of object
context ids. It is unclear if it is related to TPM_RC_OBJECT_MEMORY
errors.
BUG=b:242870497
TEST=TCG test
------------------------------- Test Environment -----------------------
Test Suite Version: 2.1a
Operating System: Linux
TDDL Version: SocketTDDL
---------------------------------- Test Object -------------------------
TPM Vendor: CROS
TPM Firmware Version: 2de0a64 8
TPM Spec Version: 1.16
Vendor Specific Info: xCG , fTPM, ,
Tested Spec Version: 1.16
------------------------------ Test Result Summary ---------------------
Test executed on: Fri Aug 19 10:04:45 2022
Performed Tests: 248
Passed Tests: 248
Failed Tests: 0
Errors: 0
Warnings: 0
========================================================================
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I81c4e8ffbb79c709b046f4db57d86d6007d3574d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3842207
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add new ap_ro_integrity_check return codes. The existing AP_RO_PASS (1)
return code doesn't verify the GBB. Rename it to
AP_RO_PASS_UNVERIFIED_GBB. Shimless RMA should only treat
AP_RO_PASS (6) as a pass. Nothing returns this right now.
This CL also adds AP_RO_IN_PROGRESS(7). AP_RO_IN_PROGRESS is used if AP
RO verification is ongoing. AP_RO_FAIL_CLEARED will be used in a
followup CL.
old:
1 - AP_RO_PASS
new:
1 - AP_RO_PASS_UNVERIFIED_GBB
...
6 - AP_RO_PASS
7 - AP_RO_IN_PROGRESS
This saves 8 bytes since it also shortens a print message. The remaining
space changes from 5804 to 5812 bytes.
BUG=b:234497234
TEST=make buildall -j; make -C extra/usb_updater/ gsctool
Change-Id: I9f8b45f5564d453cbb4386b318b65d977d8b3f73
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3828596
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit c1f5a5481f1121e2f408055f04906205b779dc91.
Reason for revert: b:242249503
```
gsctool.c:2382:2: error: duplicate case value
2382 | case AP_RO_UNSUPPORTED_NOT_TRIGGERED:
| ^~~~
gsctool.c:2373:2: note: previously used here
2373 | case AP_RO_UNSUPPORTED_NOT_TRIGGERED:
| ^~~~
```
Original change's description:
> apro: add new return codes
>
> Add new ap_ro_integrity_check return codes. The existing AP_RO_PASS (2)
> return code doesn't verify the GBB. Rename it to
> AP_RO_PASS_UNVERIFIED_GBB. Shimless RMA should only treat
> AP_RO_PASS (7) as a pass. Nothing returns this right now.
> This CL also adds AP_RO_FAIL_CLEARED(8) and AP_RO_IN_PROGRESS(9).
> AP_RO_IN_PROGRESS is used if AP RO verification is ongoing.
> AP_RO_FAIL_CLEARED will be used in a followup CL.
>
> old:
> 2 - AP_RO_PASS
>
> new:
> 2 - AP_RO_PASS_UNVERIFIED_GBB
> ...
> 7 - AP_RO_PASS
> 8 - AP_RO_FAIL_CLEARED
> 9 - AP_RO_IN_PROGRESS
>
> This saves 8 bytes since it also shortens a print message. The remaining
> space changes from 5804 to 5812 bytes.
>
> BUG=b:234497234
> TEST=make buildall -j
>
> Change-Id: I8d19a411c2534236c9defa82291872420c19a15b
> Signed-off-by: Mary Ruthven <mruthven@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3805819
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Commit-Queue: Andrey Pronin <apronin@chromium.org>
Bug=b:234497234, b:242249503
Change-Id: I63ebc6a1343410e3b2a5ab0684a8a533553ec1ec
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3826713
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Auto-Submit: Judy Hsiao <judyhsiao@google.com>
Tested-by: Judy Hsiao <judyhsiao@google.com>
Owners-Override: Judy Hsiao <judyhsiao@google.com>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add new ap_ro_integrity_check return codes. The existing AP_RO_PASS (2)
return code doesn't verify the GBB. Rename it to
AP_RO_PASS_UNVERIFIED_GBB. Shimless RMA should only treat
AP_RO_PASS (7) as a pass. Nothing returns this right now.
This CL also adds AP_RO_FAIL_CLEARED(8) and AP_RO_IN_PROGRESS(9).
AP_RO_IN_PROGRESS is used if AP RO verification is ongoing.
AP_RO_FAIL_CLEARED will be used in a followup CL.
old:
2 - AP_RO_PASS
new:
2 - AP_RO_PASS_UNVERIFIED_GBB
...
7 - AP_RO_PASS
8 - AP_RO_FAIL_CLEARED
9 - AP_RO_IN_PROGRESS
This saves 8 bytes since it also shortens a print message. The remaining
space changes from 5804 to 5812 bytes.
BUG=b:234497234
TEST=make buildall -j
Change-Id: I8d19a411c2534236c9defa82291872420c19a15b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3805819
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The cr50 branch doesn't have uart_buffer_full. It has uart_buffer_room.
Update chargen to use uart_buffer_room instead of uart_buffer_full, so
it'll work with cr50.
BUG=b:240718978
TEST=none
Change-Id: I5f9a5d8a3cdc15db7a7ca66d54f7997dce165fd9
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3805823
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the Cr50 tree there is no really output devices other than console
where base64 encoding output could be sent, and there is no use for
decoding function yet.
Add the encoding function implementation, make it possible to send
output to console by default and optionally to a passed in function.
Add test to verify proper encoding.
BUG=b:234745585
TEST='make run-base64' succeeds.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Ibc10681632bc649320d602e319e4f634b4b3a1d1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3701141
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a format for u2fd-corp attestation to u2f_attest, and corresponding
test case in u2f_test.py
BUG=b:233147441
TEST=make buildall -j
TEST=u2f_test.py
Change-Id: I4d12345fd0531a4be091c05670215444fe38e706
Signed-off-by: Howard Yang <hcyang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3670107
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On some devices the board id flags are set to lock in the phase and the
board id type isn't set until the board is finalized. RO may be changed
until the board id type is written. Change the check from
board_id_is_erased to board_id_type_is_blank, so the factory can update
the AP RO hash until the board is finalized.
This is the same check we do in sn_bits. Try to read the board id and
then check the type. In the future, we may want to consolidate.
BUG=b:230430292
TEST=manual
Clear the board id
Set the hash
python ap_ro_hash.py GBB
gsctool -aA prints the digest
Set the BID flags
gsctool -ai 0xffffffff:0x1234
Clear the hash
gsctool -aH
gsctool -aA
get hash rc: 10 AP RO hash unprogrammed
Set the hash
python ap_ro_hash.py GBB
gsctool -aA prints the digest
Clear the hash
gsctool -aH
gsctool -aA
get hash rc: 10 AP RO hash unprogrammed
Set the BID type
gsctool -ai $(cros_config / brand-code):0x1234
Verify cr50 rejects setting the hash
python ap_ro_hash.py GBB
ERROR: Cr50 returned 7 (BID programmed)
Change-Id: I440ee84b3c86e16f027a8b9dcd51ea3031171ea1
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3627808
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Delay sleep to give AP_FLASH_SELECT enough time to discharge. Future CLs
will do more to ensure AP_FLASH_SELECT isn't asserted entering deep
sleep. This CL does the bare minimum to fix AP RO verification.
BUG=b:229974371
TEST=Trigger AP RO verification on Hoglin
Change-Id: Iec10c51dfe8e7df2b1bb2210c4705d90c3c89c54
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3606093
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
g2f_attestation_cert() is another function which is invoked on the TPM
command context, when virtual TPM NVMEM spaces are read.
One of the side effects of invoking of g2f_attestation_cert() is the
creation of the U2F state, if it did not exist before. In this case
the state should not be immediately committed to the NVMEM, the commit
will happen when the TPM command execution is completed.
BUG=b:199981251
TEST=running ./test/tpm_test/tpmtest.py does not trigger the 'attempt
to commit in unlocked state' message any more.
'make buildall' and 'make CRYTPO_TEST=1 BOARD=cr50' pass
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I708e8807ffd3207cc6ab84a0e380908e715f7a15
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3482487
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some boards don't use battery presence for ccd. They just have a
chassis_open signal. Update the why_denied message to add this option.
BUG=b:197974058
TEST=check ccd open denial message
Change-Id: I92254b35cc98492709ec14a26a71cecc7d273a6b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3498701
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default ccd open can be sent from the console in normal mode with
prepvt images. The open capabilities are set to Always which should
determine that open is allowed, but prepvt images completely ignore the
ccd settings. This change modifies the CCD_OPEN_PREPVT behavior to
honor the capabilities, so someone could restrict ccd open in prepvt
images with the ccd capability settings.
BUG=b:221260041
TEST=manual see bug
Change-Id: I1c3fc4f5be27a08ea9071966cc01c4b9ff20dbe5
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3498700
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a vendor command that returns the time since user_pres_l was
asserted. This is only used for testing.
Tracking user_pres_l needs to be enabled with a vendor command since
DIOM4 may not be pulled up and may be pulled down on old boards.
Enabling the vendor command survives deep sleep reset. It gets cleared
after cr50 reset.
Cr50 clears the user_pres_l status if tracking is disabled.
BUG=b:219981194,b:208504127
TEST=manual
# Verify it survives deep sleep
sudo gsctool -y enable
sudo gsctool -y
...
user pres enabled
# enter deep sleep
sudo gsctool -y
...
user pres enabled
# Verify it doesn't survive cr50 reboot
sudo gsctool -y enable
sudo gsctool -y
...
user pres enabled
cr50 > reboot
sudo gsctool -y
...
user pres disabled
# Check gsctool output after triggering DIOM4 pulse
sudo gsctool -y enable
# Trigger pulse and wait 5 seconds
sudo gsctool -y
...
user pres enabled
last press: 5064331
Change-Id: Ib37980a5cd8d3378bf718e8e32a7d4152435a816
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3495863
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL in case of unorderly TPM reset that doesn't also reset GSC
preserves RAM-backed values of orderly nv indices.
BUG=b:201101365
TEST=1) create an orderly counter
2) increment it
3) trigger EC reset
4) verify that the counter value was preserved
Cq-Depend: chromium:3417937
Change-Id: I799183ad06584055d025c2acf5f83ff2ded32d39
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3418122
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a logical error, so cr50 will save the ccd config after setting the
password.
BUG=b:219075883
TEST=see comment#4 from the bug
Change-Id: I2e389c90c9ffe49dc340846258569835ca867ffb
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3457942
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reject VENDOR_CMD_FROM_ALT_IF commands everywhere VENDOR_CMD_FROM_USB
commands are rejected. ccd_config generates ALT_IF tpm commands from the
'ccd' console command. Treat these the same as VENDOR_CMD_FROM_USB
commands. Reject setting the ccd password and ccd open from the console
unless usb commands are allowed.
BUG=b:219075883
TEST=run firmware_Cr50Open.ccd_open_restricted and firmware_Cr50Password
grep for VENDOR_CMD_FROM_USB in platform/cr50 to make sure all flags
checks have been updated.
Change-Id: I69590a55d14745fd14d813b0adfa555ec40f0229
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3456708
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a vendor command to disable deep sleep the next time TPM_RST_L is
asserted. Normally cr50 enters deep sleep whenever TPM_RST_L is
asserted. New boards want to disable deep sleep during certain power
states. This vendor command allows the AP to disable deep sleep for the
next suspend cycle.
When deep sleep is disabled, cr50 modifies TPM_RST_L to be WAKE_HIGH and
sets it back to WAKE_LOW after TPM_RST_L is deasserted, so TPM_RST_L
doesn't constantly wake cr50 from regular sleep.
This uses 248 bytes
BUG=b:214479456
TEST=manual
# Check G3 resume works ok.
# Disable Deep Sleep from the AP. The vendor command is 59
# (0x3b)
trunks_send --raw 80010000000c20000000003b
ccdstate
DS Dis: on
AP > shutdown -P now
...
[454.992733 Block DS]
ccdstate
DS Dis: on
pinmux
40060018: DIOM3 0 IN WAKE_HIGH
idle
idle action: sleep
# Verify cr50 starts cycling through sleep spinner at two ticks
# a second.
EC > powerbtn
# check the cr50 console
...
Aï¿œUART on]
10/ 1 [102.484012 Missed edge]
[102.484352 deferred_tpm_rst_isr]
[102.484580 AP on]
[102.484779 set TPM wake]
[102.484981 tpm_reset_request(0, 0)]
[102.485279 tpm_reset_now(0)]
[547.928375 AP on]
[547.928615 set TPM wake]
pinmux
40060018: DIOM3 0 IN WAKE_LOW
# Disable Deep Sleep from the AP. The vendor command is 59
# (0x3b)
trunks_send --raw 80010000000c20000000003b
ccdstate
DS Dis: on
ecrst pulse
...
[602.638427 AP on]
[547.928615 set TPM wake]
[602.638668 tpm_reset_request(0, 0)]
...
ccdstate
DS Dis: off
# Check S3 resume works ok.
# Use AP commands to enter S3
AP > trunks_send --raw 80010000000c20000000003b
AP > echo deep > /sys/power/mem_sleep
AP > echo mem > /sys/power/state
10\ 1 [243.409412 dis DS]
1|[249.536811 tpm_rst_asserted]
[250.537197 AP off]
[250.537631 Block DS]
# Wake the AP with a power button press from the EC
EC > powerbtn
# verify cr50 prints "Missed edge", but the device resumes ok.
1/ 10- 1 [270.112655 Missed edge]
[270.113037 deferred_tpm_rst_isr]
[270.113315 AP on]
[270.113529 set TPM wake]
[270.113712 tpm_reset_request(0, 0)]
[270.114013 tpm_reset_now(0)]
[270.116996 tpm_init]
tpm_manufactured: manufactured
[270.118301 tpm_reset_now: done]
[270.156967 PinWeaver: Loading Tree!]
[270.189353 Skipping commit]
Change-Id: I96049a9d38b5c66acad9c73628f588f4cf6b2b3f
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3406587
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Log brdprop errors in flog, so the team can track brdprop errors from
the AP without grepping through cr50 logs.
BUG=b:214550629
TEST=flash on red board. Verify invalid strap events are logged.
enable closed-loop-reset on the red board. Verify "ambiguous" strap
logs are ignored.
Change-Id: Ibea73fb19119fa81ed3652c5d68e430cdbae9fa5
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3386405
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: Icc4198dc7e87c74cbbc5466b4a04d716ebab22a2
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3386404
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's have different log entries for the case when AP RO verification
is provisioned but failed, and when it is supported.
BUG=b:211762871
TEST=none
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: If99c89e6c6c0d10eec2d9e9c97d13e85bb3f1f23
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3360091
Tested-by: Vadim Bendebury <vbendeb@gmail.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The apro_result variable saves the state reported by an attempted AP
RO verification, setting this variable to AP_RO_FAIL prevents
releasing of the EC reset on the following reboots.
In case verification could not be run because control structures have
not been found, and there is no evidence of a previously succeeding
verification, apro_result has to be set to
AP_RO_UNSUPPORTED_TRIGGERED.
BUG=b:211762871
TEST=verified various states of AP RO verification, in particular
confirmed that running verification on a device where it is not
supported does not prevent future reboots.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I74ad47a6fd92c6d906e723df6e7d37520ff92b27
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3360089
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In crrev.com/c/3221264 we uncommented the code that starts checking
auth_hmac for v1 key handles, but u2fd is not ready to provide the auth
secret yet. Comment the code back and put NULL for authTimeSecret for v1
key handles before secret enforement is implemented in u2fd.
BUG=b:210366574, b:172971998
TEST=make buildall -j
Change-Id: I8cf008213c88b8c88ab91f0601c319aea7ebfde0
Signed-off-by: Howard Yang <hcyang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3337970
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the keep_ec_in_reset call into do_ap_ro_check, so AP RO
verification will hold the EC in reset when it's triggered from the AP.
This change removes the ap_ro_verification_failed_ variable, so all of
the AP RO verification is included in ap_ro_info. ap_ro_ver_state isn't
needed anymore, so this CL removes it.
BUG=b:207545621
TEST=make clobber ; make buildall -j
Change-Id: Id0b2e04b042d48f2b8a9dae021e762369ca5f3eb
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3300174
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In a situation where there is a failing V1 check and no V2 information
in the AP flash, the results of V2 check were overriding the results
of V2 check, replacing 'failed' with 'not found'.
This patch prevents the override and simplifies the verification logic
- always check for V2 if V1 check fails.
BUG=b:207545621
TEST=the DUT properly stops booting when a corrupted V1 structure is
detected and V2 structure is not present.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I0abe19780bf34ed4455f1a1a61b9cf23ff83173f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3299280
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit b5cebbaadb4966e9d1820b0dcabd690d3e5d762e.
BUG=b:207391162
TEST=The chan output is the same on ToT and mp images.
Change-Id: Ief9bc6f6c9b027284b423e46681c313fd3fd73aa
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3296743
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:173227629
TEST=make buildall -j
Change-Id: Ic1d704233bca5438a0832f5f3533d640464ce1a5
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3293253
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:173227629
TEST=make buildall -j
Change-Id: I2b203dfe45416aa3b632f6f788d14264b08f44e0
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3293252
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Nothing uses spi_nor and sfdp.h has non-inclusive terms in it. Remove
both to make the codebase more inclusive.
BUG=b:173227629
TEST=make buildall -j
Change-Id: I2b880fcae3ab9619ff9703ba49be2936a5a9bd73
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3293251
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|