From 770e5cecfdc2ddd761b5b1cdb78e29c936e6cb92 Mon Sep 17 00:00:00 2001
From: Vadim Sukhomlinov <sukhomlinov@google.com>
Date: Mon, 15 Jun 2020 15:31:09 -0700
Subject: console: add service functions to enable/disable console output

FIPS 140-2 certification requires that security related output from
module should be disabled until completion of known-answer tests.
However, it's tricky to justify what output is security related, as
most of output data can be used to track current execution stage which
may be helpful for attacker. So, its safer to disable any output for
a short time once internal testing is done.

Provide console_disable_output() and console_enable_output()
functions which are supposed to be used by board initialization code
driving FIPS mode initialization.

BUG=b:138577539
TEST=manual; make buildall -j

Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I42902acef7a5e99142ce2b6517ae511f63206e93
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2247103
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
---
 common/console_output.c | 11 +++++++++++
 include/console.h       | 10 ++++++++++
 2 files changed, 21 insertions(+)

diff --git a/common/console_output.c b/common/console_output.c
index 6d883f7030..4b0c4ef71e 100644
--- a/common/console_output.c
+++ b/common/console_output.c
@@ -18,6 +18,17 @@
 uint32_t channel_mask = CC_DEFAULT;
 static uint32_t channel_mask_saved = CC_DEFAULT;
 
+void console_disable_output(void)
+{
+	channel_mask_saved = channel_mask;
+	channel_mask = 0;
+}
+
+void console_enable_output(void)
+{
+	channel_mask = channel_mask_saved;
+}
+
 /*
  * List of channel names;
  *
diff --git a/include/console.h b/include/console.h
index f0367f7ffe..1bc46c1fd0 100644
--- a/include/console.h
+++ b/include/console.h
@@ -150,6 +150,16 @@ void cflush(void);
  */
 void console_has_input(void);
 
+/**
+ * Disable console output by disabling all channels
+ */
+void console_disable_output(void);
+
+/**
+ * Enable console output to default channels
+ */
+void console_enable_output(void);
+
 /**
  * Register a console command handler.
  *
-- 
cgit v1.2.1