| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a reland of 3cac98670745fc5ca82a058fab512567f8444759
The structure of u2f command related types are updated before the
original CL lands. Update the fuzzer to correctly fuzz the new code, and
ignore the profdata generated by fuzzers in .gitignore.
Original change's description:
> cr50_fuzz: Add fuzzer for u2f commands
>
> Currently there's only one fuzzer for Pinweaver and one for host
> commands in cr50. Add a fuzzer for the u2f commands (generate, sign,
> attest) used in the WebAuthn flow to ensure its security. Most regions
> of the concerning functions are covered except for pure error code
> returns and unreachable regions (currently auth secret is not used in
> sign and attest command yet).
>
> Rename old cr50_fuzz namings to pinweaver_fuzz, since they only cover
> Pinweaver commands.
>
> BUG=b:172367435
> TEST=make buildall -j
> TEST=make host-u2f_fuzz && \
> ./build/host/u2f_fuzz/u2f_fuzz.exe -timeout=10 \
> -ignore_ooms=false -ignore_timeouts=false -fork=71; \
> llvm-profdata merge -sparse default.profraw -o default.profdata; \
> llvm-cov show ./build/host/u2f_fuzz/u2f_fuzz.exe \
> -object ./build/host/u2f_fuzz/RO/board/cr50/dcrypto/u2f.o \
> --instr-profile default.profdata \
> board/cr50/dcrypto/u2f.c common/u2f.c > report
>
> Cq-Depend: chromium:3162473
> Change-Id: I02b820cf03f7b46ccad7c3bc7b82e73ff45217c6
> Signed-off-by: Howard Yang <hcyang@google.com>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3162469
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
> Reviewed-by: Leo Lai <cylai@google.com>
Bug: b:172367435
Change-Id: I279e20b21a11e0ec957b6a5c3e95bc9a3b9df196
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3217474
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Howard Yang <hcyang@google.com>
Commit-Queue: Howard Yang <hcyang@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 3cac98670745fc5ca82a058fab512567f8444759.
Reason for revert:
This patch breaks building of 'make buildall' and seems to be leaving some generated files in the root directory.
Original change's description:
> cr50_fuzz: Add fuzzer for u2f commands
>
> Currently there's only one fuzzer for Pinweaver and one for host
> commands in cr50. Add a fuzzer for the u2f commands (generate, sign,
> attest) used in the WebAuthn flow to ensure its security. Most regions
> of the concerning functions are covered except for pure error code
> returns and unreachable regions (currently auth secret is not used in
> sign and attest command yet).
>
> Rename old cr50_fuzz namings to pinweaver_fuzz, since they only cover
> Pinweaver commands.
>
> BUG=b:172367435
> TEST=make buildall -j
> TEST=make host-u2f_fuzz && \
> ./build/host/u2f_fuzz/u2f_fuzz.exe -timeout=10 \
> -ignore_ooms=false -ignore_timeouts=false -fork=71; \
> llvm-profdata merge -sparse default.profraw -o default.profdata; \
> llvm-cov show ./build/host/u2f_fuzz/u2f_fuzz.exe \
> -object ./build/host/u2f_fuzz/RO/board/cr50/dcrypto/u2f.o \
> --instr-profile default.profdata \
> board/cr50/dcrypto/u2f.c common/u2f.c > report
>
> Cq-Depend: chromium:3162473
> Change-Id: I02b820cf03f7b46ccad7c3bc7b82e73ff45217c6
> Signed-off-by: Howard Yang <hcyang@google.com>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3162469
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
> Reviewed-by: Leo Lai <cylai@google.com>
Bug: b:172367435
Change-Id: Ie844e44e0cd6254553694c23a535f18329cef77d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3212497
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently there's only one fuzzer for Pinweaver and one for host
commands in cr50. Add a fuzzer for the u2f commands (generate, sign,
attest) used in the WebAuthn flow to ensure its security. Most regions
of the concerning functions are covered except for pure error code
returns and unreachable regions (currently auth secret is not used in
sign and attest command yet).
Rename old cr50_fuzz namings to pinweaver_fuzz, since they only cover
Pinweaver commands.
BUG=b:172367435
TEST=make buildall -j
TEST=make host-u2f_fuzz && \
./build/host/u2f_fuzz/u2f_fuzz.exe -timeout=10 \
-ignore_ooms=false -ignore_timeouts=false -fork=71; \
llvm-profdata merge -sparse default.profraw -o default.profdata; \
llvm-cov show ./build/host/u2f_fuzz/u2f_fuzz.exe \
-object ./build/host/u2f_fuzz/RO/board/cr50/dcrypto/u2f.o \
--instr-profile default.profdata \
board/cr50/dcrypto/u2f.c common/u2f.c > report
Cq-Depend: chromium:3162473
Change-Id: I02b820cf03f7b46ccad7c3bc7b82e73ff45217c6
Signed-off-by: Howard Yang <hcyang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3162469
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Leo Lai <cylai@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adjust Makefile toolchain setting so that fuzzers can generate coverage
mapping correctly and generate debug symbols for source-based coverage
report. Also, update gitignore to ignore local vscode settings.
BUG=none
TEST=make buildall -j
Change-Id: I6d5c720895cbb9119c9266df998aa5cc308c1e61
Signed-off-by: Howard Yang <hcyang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3162473
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To implement FIPS mode for Cr50 we should be able to block access to
crypto functions if errors are detected. Historically all HASH/HMAC
functions were declared as void with no return type.
1) Split existing functions into public part (data structs, update and
final parts) and internal part - unchecked init functions.
2) Introduced new functions to start SHA / HMAC operation which returns
status code and block access to crypto in case of FIPS errors.
3) Dcrypto hash algorithms codes updated to match TPM_ALG_ID to simplify
adaptation layer and move checks inside Dcrypto module.
4) Updated all uses of API outside FIPS module to check return code and
act accordingly.
5) As a side effect RSA can now support SHA384 & SHA512 for signing,
board/host mock ups simplified.
BUG=b:197893750
TEST=make buildall -j; make BOARD=cr50 CRYPTO_TEST=1;
test/tpm_test/tpm_test.py
TCG tests
------------------------------ Test Result Summary ---------------------
Test executed on: Tue Sep 28 15:23:35 2021
Performed Tests: 248
Passed Tests: 248
Failed Tests: 0
Errors: 0
Warnings: 0
========================================================================
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ibbc38703496f417cba693c37d39a82a662c3f7ee
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3192137
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To implement FIPS module we need to bring many crypto functions in the
module boundary. Unfortunately, cryptoc is a third-party library used
by dcrypto code in cr50. Cryptoc is also not well-maintained and shared
with other projects. While just making local copy of cryptoc would
solve an issue, it's suboptimal as prevents from many optimizations and
improvements.
Provided SHA & HMAC implementations from Ti50 project. This provides
better performance (500us vs. 670us earlier for HMAC DRBG) and reduce
code size. This implementation also enables stack use savings when
only specific digest is needed. Earlier SHA512 context was allocated
when only SHA256 is needed greatly increasing stack consumption for
code using HMAC_DRBG and others.
However, it introduce subtle API changes which require handling.
As for tests, since core implementation is hardware-independent, make
it available for BOARD=host too.
Before change (with cryptoc):
*** 12368 bytes in flash and 5784 bytes in RAM
After:
*** 13136 bytes in flash and 5796 bytes in RAM
BUG=b:138578318
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I2ff5362aee9078ce83dc1f8081943a5101d5f666
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3064201
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I909e21693d839cb3769e680c58d9d34017802aa1
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613136
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't use the usbpd stack in platform/cr50. Remove the fuzzers, so we
can remove the code.
BUG=none
TEST=make buildall -j
Change-Id: Id1d344d5525ba7bdd1dc4f7951e574d74c1758bd
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2610933
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch optimizes read_tpm_nvmem() by replacing NvGetIndexData()
and NvGetIndexInfo() with NvReadIndexDta() and NvReadIndexInfo()
respectively.
This will reduce NvFindHandle() calls from three to one.
BUG=b:148489182
BRANCH=cr50, cr50-mp
TEST=The function execution time reduces from 1.2 msec to 550 usec.
Cq-Depend:chromium:2038108
Change-Id: I6659480d8b60578f3d0b9dc3f62a677ae8489a57
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2037920
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the port is in a state where it is looking for a connection,
to save power, we should put the TCPC in its low power mode and
enable auto toggling. Low power mode can happen when DRP auto
toggling, acting as a SNK only, or acting as a SRC only.
BUG=chromium:1022217
BRANCH=none
TEST=make -j buildall
manual tests:
1: (S0) Nothing plugged in, port is drp and low power mode
2: (S5/S3/S0ix) Port is SNK only, and low power with nothing plugged in
3: (S3/S0ix) If TypeC sink was previously plugged in, port remains powered
4: (S5/S3/S0ix) TypeC source is recognized
5: (S3->S0) TypeC sink plugged in, port is powered when S0 is reached
Low power exit test:
Using this command from the AP console:
ectool i2cread 8 2 0x16 0x0d
Transfer failed with status=0x1 # This means the TCPC was asleep.
On the EC console:
2019-11-21 09:50:24 [315.235538 TCPC p1 init ready]
2019-11-21 09:50:24 [315.236048 TCPC p1 Exit Low Power Mode]
2019-11-21 09:50:24 [315.242837 TCPC p1 init ready]
2019-11-21 09:50:24 [315.243229 C1: DRPAutoToggle]
2019-11-21 09:50:24 [315.246471 C1: Unattached.SNK]
2019-11-21 09:50:24 [315.252504 C1: DRPAutoToggle]
2019-11-21 09:50:24 [315.362878 C1: LowPowerMode]
2019-11-21 09:50:24 [315.363314 TCPC p1 Enter Low Power Mode]
Change-Id: I7e853d05e0ece1f6b3031f17a18fcbf0d9a15a51
Signed-off-by: Sam Hurst <shurst@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1904974
Reviewed-by: Edward Hill <ecgh@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Counter implementation has been moved to the AP, no need to keep space
for it in the flash.
BUG=b:65253310
BRANCH=cr50, cr50-mp
TEST=generated image uses 2048 bytes less than before this patch.
Change-Id: I8225e9923932ce06ca0a4333c06508cf7d7c70d8
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1753677
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Code on Tot assumes that port count was the port to
discharge instead of port parameter
BRANCH=none
BUG=none
TEST=verified with unit test (in this CL)
Change-Id: I17658a0c555f9cea56fa4ec1652e0faf62e3d6cc
Signed-off-by: Jett Rink <jettrink@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1896125
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Certain SKUs of certain boards have lesser number of USB PD ports than
defined by CONFIG_USB_PD_PORT_COUNT. Hence rename
CONFIG_USB_PD_PORT_COUNT as CONFIG_USB_PD_PORT_MAX_COUNT.
BUG=b:140816510, b:143196487
BRANCH=octopus
TEST=make -j buildall; Boot to ChromeOS
Change-Id: I7c33b27150730a1a3b5813b7b4a72fd24ab73c6a
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1879337
Tested-by: Karthikeyan Ramasubramanian <kramasub@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
Commit-Queue: Jett Rink <jettrink@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL enables the fpsensor task and adds the following
remaining fingerprint host commands to the fuzzer:
* EC_CMD_FP_PASSTHRU
* EC_CMD_FP_INFO
* EC_CMD_FP_FRAME
* EC_CMD_FP_STATS
* EC_CMD_FP_TEMPLATE
BRANCH=none
BUG=b:116065496
TEST=make buildall -j
TEST=make run-host_command_fuzz
TEST=# Pull in TEST_COVERAGE fix
git fetch "https://chromium.googlesource.com/chromiumos/platform/ec" \
refs/changes/86/1725186/1 && git cherry-pick FETCH_HEAD
make host-host_command_fuzz TEST_COVERAGE=1
timeout 5m ./build/host/host_command_fuzz/host_command_fuzz.exe
llvm-profdata merge -sparse default.profraw -o default.profdata
llvm-cov show build/host/host_command_fuzz/host_command_fuzz.exe \
--instr-profile=default.profdata --format=html --output-dir=cov
# Inspect cov/.../common/fpsensor/fpsensor_state.c.html to verify
Change-Id: Icad9493ba41cd4daa61a30246d01afd1dbe16c56
Signed-off-by: Craig Hesling <hesling@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1682945
Reviewed-by: Tom Hughes <tomhughes@chromium.org>
Commit-Queue: Sean Abraham <seanabraham@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=none
BUG=b:116065496
TEST=make buildall -j
Change-Id: Ia723d98354ca027f41f1b3c00d6a2dac500edbf8
Signed-off-by: Craig Hesling <hesling@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1715633
Reviewed-by: Tom Hughes <tomhughes@chromium.org>
Commit-Queue: Sean Abraham <seanabraham@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove the need for stubs of charge_manager_set_ceil() by adding a few
missing IS_ENABLED(CONFIG_CHARGE_MANAGER) checks.
BUG=none
BRANCH=none
TEST=buildall
Change-Id: Ia70434b05107747eb773ae30ee1de5b4bd8cbcea
Signed-off-by: Edward Hill <ecgh@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1869401
Reviewed-by: Denis Brockus <dbrockus@chromium.org>
Commit-Queue: Denis Brockus <dbrockus@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add usb_tcpm_v2_fuzz, a TCPMv2 version of usb_pd_fuzz.
This gives some fuzz test coverage of:
common/usbc/usb_pe_drp_sm.c
common/usbc/usb_prl_sm.c
common/usbc/usb_sm.c
common/usbc/usb_tc_drp_acc_trysrc_sm.c
common/usbc/usbc_task.c
BRANCH=none
BUG=none
TEST=make run-usb_tcpm_v2_fuzz
Change-Id: Ic129d9ebbe9bb37c2ca2674106e2a6652d08ee2a
Signed-off-by: Edward Hill <ecgh@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1865017
Reviewed-by: Denis Brockus <dbrockus@chromium.org>
Commit-Queue: Denis Brockus <dbrockus@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to make printf more standard, use %ph. Pass a pointer to
a struct describing the buffer, including its size. Add a convenience
macro so that conversion between the old style and new style is purely
mechanical. The old style of %h cannot be converted directly to %ph as-is
because the C standard doesn't allow flags, precision, or field width on
%p.
Ultimately the goal is to enable compile-time printf format checking.
This gets us one step closer to that.
BUG=chromium:984041
TEST=make -j buildall
BRANCH=None
Cq-Depend:chrome-internal:1559798,chrome-internal:1560598
Change-Id: I9c0ca124a048314c9b62d64bd55b36be55034e0e
Signed-off-by: Evan Green <evgreen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1730605
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The opaque context contains sensor state that we can't nuke from
underneath the sensor library. Calling fp_sensor_deinit will release
this context and allow us to safely clear the context.
BRANCH=none
BUG=b:124773209
TEST="fpenroll" followed by "fpclear" in the FP console
TEST=On nocturne, in the UI, enroll finger, log out, and log in
=> then lock and unlock with finger
TEST=make buildall -j
Change-Id: I3e25bdf7eaaf99f3801547e11a6c524f924f4726
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1647294
Reviewed-by: Nicolas Norvez <norvez@chromium.org>
Commit-Queue: Yicheng Li <yichengli@chromium.org>
Tested-by: Yicheng Li <yichengli@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the host commands declared in fpsensor_state.c to the
fuzzing mix. They are the following:
EC_CMD_FP_SEED 0x0408
EC_CMD_FP_ENC_STATUS 0x0409
EC_CMD_FP_MODE 0x0402
EC_CMD_FP_CONTEXT 0x0406
This is not the complete fpsensor host command interface.
More host commands will be added in followup CLs.
BRANCH=none
BUG=b:116065496
TEST=# Pull in TEST_COVERAGE fix
git fetch "https://chromium.googlesource.com/chromiumos/platform/ec" \
refs/changes/86/1725186/1 && git cherry-pick FETCH_HEAD
make host-host_command_fuzz TEST_COVERAGE=1
timeout 5m ./build/host/host_command_fuzz/host_command_fuzz.exe
llvm-profdata merge -sparse default.profraw -o default.profdata
llvm-cov show build/host/host_command_fuzz/host_command_fuzz.exe \
--instr-profile=default.profdata --format=html --output-dir=cov
# Inspect cov/.../common/fpsensor/fpsensor_state.c.html to verify
TEST=make buildall -j
Change-Id: I69e9833463944a0dfba49e5671987b7fec565bf4
Signed-off-by: Craig Hesling <hesling@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1661122
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This counter was only used by the legacy U2F
implementation, which is no longer required.
This change deletes the code for the counter,
but does not update the flash config to make use
of the pages previously occupied by the counter.
Since this code is already unused, and therefore
already dropped from built firmware images, this
change does not have any impact on image size.
A follow up change can alter the flash config
to reclaim and repurpose the 2KB per partition
previously used by the counter.
BRANCH=none
BUG=b:138459918
TEST=make buildall -j
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Change-Id: I18892e1eb0224b96caa531293403b0b02f28a32b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1748848
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refactor code to use proper type for cc1 and cc2 lines.
BRANCH=none
BUG=none
TEST=builds. No functional change.
Change-Id: Id292db8480920e2b191bac9d9ecc2685f61e4ea9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1744654
Tested-by: Jett Rink <jettrink@chromium.org>
Reviewed-by: Denis Brockus <dbrockus@chromium.org>
Commit-Queue: Jett Rink <jettrink@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Semantics of renew field in EC_CMD_USB_PD_CHIP_INFO is changing as
follows:
0 -> Return hard-coded info for Vendor ID/Product ID and cached info for
the Firmware Version
1 -> Return the live chip info for Vendor ID/Product ID/Firmware Version
Also rename the 'renew' field to 'live' to match the new semantics.
BUG=b:128820536,b:119046668
BRANCH=None
TEST=make -j buildall; Boot to ChromeOS.
Change-Id: Ie3dd022336b0be5c9728bb0ebabef32b7a6b5d57
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1617893
Tested-by: Karthikeyan Ramasubramanian <kramasub@chromium.org>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Diana Z <dzigterman@chromium.org>
Commit-Queue: Karthikeyan Ramasubramanian <kramasub@chromium.org>
Auto-Submit: Karthikeyan Ramasubramanian <kramasub@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes the remaining fuzz config that was
left in test_config.h. This section had already been duplicated
in fuzz_config.h, without being removed from test_config.h.
See the original migration CL crrev.com/c/1180179 for more info.
BRANCH=none
BUG=none
TEST=make runtests V=1 -j
Change-Id: Icd7158417ac184d7723828e62b968f7f0aa4bfbc
Signed-off-by: Craig Hesling <hesling@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1660126
Reviewed-by: Allen Webb <allenwebb@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Found with MSAN fuzzer: usb_pd_protocol.c may use payload data
that is not initialized.
Fix the test by copying over the whole payload, which is what
tcpci.c's version does.
Also, in tcpci.c, clear cached_messages head before using
get_message_raw to fill it up, to make sure that we do not
accidentally use older data in the queue.
BRANCH=none
BUG=chromium:963076
TEST=make TEST_MSAN=y host-usb_pd_fuzz -j
MSAN_OPTIONS=log_path=stderr:exitcode=0 \
build/host/usb_pd_fuzz/usb_pd_fuzz.exe \
clusterfuzz-testcase-minimized-ec_usb_pd_fuzzer-5716775969357824
Change-Id: I74c38538440cb5a01d1714657b9e2d63e5b80cea
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1610163
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We should ensure that all custom task definition are non-zero and fit
with the globally defined events. Add compile time check and change
semantics to specify bit number (instead of making all callers use the
BIT macro).
This also fixes an error with TASK_EVENT_PHY_TX_DONE for ITE being 0.
The bug that made that happen hasn't landed on any firmware branches
that use it though.
BRANCH=none
BUG=none
TEST=builds
Cq-Depend:chrome-internal:1178968,chrome-internal:1178952
Change-Id: I5e1d1312382d200280c548e9128e53f4eddd3e61
Signed-off-by: Jett Rink <jettrink@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1570607
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since nvmem_tpm2_mock is linked outside of libec.a it needs to use the
cstdlib version of memcpy so HIDE_EC_STDLIB needs to be defined prior to
including any of the EC headers.
BRANCH=none
BUG=chromium:950310
TEST=TEST_UBSAN=y make -j host-cr50_fuzz
Change-Id: I2d303ab1e8f493b4d4715c36f6e81592eeca246d
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1566654
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's simply a bad idea to describe a macro in multiple locations.
It'll make it hard to change. It'll be difficult to keep all
locations in sync.
This patch replaces the comment duplicated in all ec.tasklist with
a pointer to the CONFIG_TASK_LIST definition. The macro will be
described in a single place (just like all/most other macros).
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
BUG=none
BRANCH=none
TEST=buildall
Change-Id: Id658b9d68e742e4334c692b804d9c98c8de21313
Reviewed-on: https://chromium-review.googlesource.com/1551579
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch includes changes to support testing of the new nvmem
implementation.
Making fizz compatible required duplicating a lot of functionality
available in the test/ directory (fuzz/nvmem_tpm2_mock.c is very
similar to test/nvmem_tpm2_mock.c), but I could not find an easy way
to avoid it.
BRANCH=cr50, cr50-mp
BUG=b:69907320, b:129710256
CQ-DEPEND=CL:1496607
TEST=with the rest of the patches applied 'make buildall -j' succeeds,
which confirms both test and fuzz success.
Change-Id: Ife999b04d22f8ddbe9ea5d35f4c3e21f57592754
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1450278
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds owners files for the fuzz target so that bugs are correctly
assigned.
BRANCH=None
BUG=None
TEST=USE="ubsan asan fuzzer" ./build_packages \
--board=amd64-generic --skip_chroot_upgrade chromeos-ec
Change-Id: I53867fcb09bdf306a2a01e50a4c2faa647e2efe8
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1361980
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This cleanups some header includes to avoid conflicts between the ec
headers and the standard c headers.
BRANCH=None
BUG=None
TEST=make -j buildall && ./build_packages --board=veyron_minnie \
chromeos-ec && FEATURES=test emerge-veyron_minnie chromeos-ec
Change-Id: Icf9022d688fd9c749f7a5f8673755188741b40e1
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1378906
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new symbol was added to third_party/tpm2 that needed a mock
implementation in cr50_fuzz to fix compilation.
CQ-DEPEND=CL:1370404,CL:1377383
BRANCH=None
BUG=chromium:911310
TEST=USE="ubsan asan fuzzer" ./build_packages \
--board=amd64-generic --skip_chroot_upgrade chromeos-ec
Change-Id: I3e2546829646e89361bfa2a8b4084c95b346f78f
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1370747
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The declaration of nvmem_wipe_cache is now inside the extern "C"
section and a definition was added to cr50_fuzz.
BRANCH=None
BUG=None
TEST=make -j buildall
Change-Id: Ie7401d8880e7982c84fa6a5df5015cbd145fc6d1
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1370746
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This incorporates the fuzz targets into buildall and adds a quick
sanity check to each fuzz target to make sure it exits successfully for
an empty input.
This adds roughly 5.88 seconds to "make -j buildall" (This includes an
addtionally target that will be enabled in a later CL).
time make -j buildall # BEFORE
real 1m19.519s
user 23m9.220s
sys 5m1.690s
time make -j buildall # AFTER
real 1m25.399s
user 23m35.753s
sys 5m12.609s
BRANCH=None
BUG=None
TEST=make -j buildall
Change-Id: Ib77a57297ee896569c509d0c8c998552d2a3a76c
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1370934
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=None
BUG=chromium:911310
TEST=USE="ubsan asan fuzzer" ./build_packages \
--board=amd64-generic --skip_chroot_upgrade chromeos-ec
Change-Id: I15ac87b14a0f28a62e257bb155f1862753053eb4
Reviewed-on: https://chromium-review.googlesource.com/c/1368010
Tested-by: Allen Webb <allenwebb@google.com>
Trybot-Ready: Allen Webb <allenwebb@google.com>
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function is called from common/nvmem.c, it should be available
when compiling for tests, the stub could be filled up later when new
tests are added.
BRANCH=cr50, cr50-mp
BUG=b:119221935
TEST=make buildall -j still succeeds.
Change-Id: I082292818c7f2b10336c9a7c49e0a9195e25a12b
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1363816
Reviewed-by: Allen Webb <allenwebb@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Setup CC lines, then send up to 8 PD messages, in an attempt to
cause errors while parsing PDO and other messages.
BRANCH=none
BUG=chromium:854975
TEST=make -j buildfuzztests && \
./build/host/usb_pd_fuzz/usb_pd_fuzz.exe > /dev/null
Change-Id: Ibb575ea8d464945390d1663dd6fff279bd9d77ea
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1116626
Reviewed-by: Jonathan Metzman <metzman@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
'mem_hash_tree.h' was missing '#define HIDE_EC_STDLIB' before
'dcrypto.h'. This problem was only apparent when -O2 is set.
CQ-DEPEND=CL:1358746
BRANCH=None
BUG=chromium:911310
TEST=USE="ubsan asan fuzzer" ./build_packages \
--board=amd64-generic --skip_chroot_upgrade chromeos-ec
Change-Id: I19d00c165764f80cfa385fb3bed64efc67bfc3f9
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1361680
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a dependency problem that was introduced in CL:1184107.
BRANCH=None
BUG=chromium:911310
TEST=USE="ubsan asan fuzzer" ./build_packages \
--board=amd64-generic --skip_chroot_upgrade chromeos-ec
Change-Id: Ib4795d6a716fe3fcb7a88bf6a165f96ffe10640a
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1358746
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=None
BUG=chromium:911310
TEST=USE="ubsan asan fuzzer" ./build_packages \
--board=amd64-generic --skip_chroot_upgrade chromeos-ec
Change-Id: Ib2ffc7035d0f6912834709bb8a5f6b3c11a2c67a
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1359652
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds an initialization step that sanity checks the fuzz target to
make sure the model is working as intended.
BRANCH=None
BUG=chromium:876582
TEST=sudo emerge libprotobuf-mutator &&
make -j buildfuzztests && ./build/host/cr50_fuzz/cr50_fuzz.exe
Change-Id: I3961a7ff05b4876992af447a2104bcfa0a496562
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1347012
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This uses protocol buffers to model what actions can be taken with
pinweaver at a higher level of abstraction than the raw requests to
greatly increase the coverage that can be achieved by fuzzing, while
still allowing for invalid inputs to be checked.
BRANCH=none
BUG=chromium:876582
TEST=sudo emerge libprotobuf-mutator &&
make -j buildfuzztests && ./build/host/cr50_fuzz/cr50_fuzz.exe
Change-Id: Ie7ce569650ca06866f277f36eae61df2684de60c
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1184107
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CONFIG_FLASH_NVMEM_VARS_USER_NUM constant was incorrectly defined,
so nvmem_vars was failing with EC_OVERFLOW.
BRANCH=None
BUG=None
TEST=make -j buildfuzztests && ./build/host/cr50_fuzz/cr50_fuzz.exe
Change-Id: I52facfd44423bb69284b54e6831e5e777cf35a05
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1344800
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=None
BUG=None
TEST=make -j buildall
Change-Id: Icf2cfb6a2657064c10721c0e527d24fbb3be6ab3
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1330102
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds mock implementation of get_current_pcr_digest() for the fuzz
target.
BRANCH=None
BUG=chromium:903487
TEST=make -j buildfuzztests
Change-Id: I55b7da813d4f17ef7f60e045423a3917a052e41c
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/1327128
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A change in a parent commit broke the build for this commit. Adding
an include for cstring and #define HIDE_EC_STDLIB resolves the header conflict.
BUG=chromium:883080
TEST=make -j buildfuzztests
Change-Id: Icf584a6050519c7a3b8f7defb7685c9c64f7a145
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1220390
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a rule for building c++ object files to make it possible
to use libprotobuf-mutator in fuzzing targets.
BRANCH=none
BUG=chromium:876582
TEST=make -j buildfuzztargets &&
./build/host/cr50_fuzz/cr50_fuzz.exe
Change-Id: I1355c313e47a1a83a599eb0f0b9142fefdf6de8b
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1183535
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a minimal pinweaver fuzzer as a foundation for further work.
It will not be able to achieve good coverage because it doesn't have a
proper description of the protocol, however it demonstrates that the
prerequisites to build against dcrypto, nvmem_vars, and nvcounter are
satisfied for the host board.
CQ-DEPEND=CL:1183532
BRANCH=none
BUG=chromium:876582
TEST=make -j buildfuzztests &&
./build/host/cr50_fuzz/cr50_fuzz.exe
Change-Id: I520d71c224d583c51dc3292dc051ee8de4a4116a
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1183534
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This creates a build target called libec.a by setting the visibility
of functions that conflict with cstdlib to hidden. It then links
those symbols locally into one large object file that makes up libec.a
Fuzzing targets are linked against libec.a so that they can invoke ec
functionality while depending on outside libraries that need cstdlib.
When linking a particular object against cstdlib, to avoid conflicting
function declarations put the following before any includes from the
ec codebase:
#define __stdlib_compat(...)
The fuzzing targets are now linked using clang++, so that c++ libraries
and objects can be used as part of the fuzzers.
BRANCH=none
BUG=chromium:876582
TEST=make -j buildfuzztests &&
./build/host/host_command_fuzz/host_command_fuzz.exe
Change-Id: Ifdfdc6a51c6ef23b4e192b013ca993bf48a4411b
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1180401
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
BRANCH=none
CQ-DEPEND=CL:*664115
BUG=chromium:876582
TEST=make -j buildall && make -j buildfuzztests
Change-Id: Iade5e5138f495e6b3b99ec16f1a467861ade5537
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1180179
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
|