From d61ca497127ee518d65b26975cf3fadd62bc0a9a Mon Sep 17 00:00:00 2001
From: Vadim Sukhomlinov <sukhomlinov@google.com>
Date: Mon, 15 Jun 2020 17:01:59 -0700
Subject: cr50/board: add board-local FIPS setting

Implement board-local configuraration of FIPS 140-2/3 policy as
complementary to FWMP policy. This is intended mostly for lab
testing and dogfooding, when FWMP policy is not feasible.

board_fips_enforced() returns status of FIPS from FWMP and NVRAM
and caches state to avoid expensive operations later.

BUG=b:138577491
TEST=manual, make buildall -j
Actual test command to be added in upcoming CLs

Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I8fa651e56e6e76a87bbc4dd911e7a8c0546e7e0f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2247112
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
---
 board/cr50/board.c        | 59 +++++++++++++++++++++++++++++++++++++++++++++++
 board/cr50/board.h        | 17 ++++++++++++++
 board/cr50/scratch_reg1.h |  6 +++++
 3 files changed, 82 insertions(+)

diff --git a/board/cr50/board.c b/board/cr50/board.c
index defb033d52..5e22322aae 100644
--- a/board/cr50/board.c
+++ b/board/cr50/board.c
@@ -192,6 +192,26 @@ int board_get_ccd_rec_lid_pin(void)
 	return board_properties & BOARD_CCD_REC_LID_PIN_MASK;
 }
 
+bool board_fips_power_up_done(void)
+{
+	return !!(board_properties & BOARD_FIPS_POWERUP_DONE);
+}
+
+/* Set status of FIPS power-up tests. */
+void board_set_fips_policy_test(bool asserted)
+{
+	/* Enable writing to the long life register */
+	GWRITE_FIELD(PMU, LONG_LIFE_SCRATCH_WR_EN, REG1, 1);
+
+	if (asserted)
+		GREG32(PMU, LONG_LIFE_SCRATCH1) |= BOARD_FIPS_POWERUP_DONE;
+	else
+		GREG32(PMU, LONG_LIFE_SCRATCH1) &= ~BOARD_FIPS_POWERUP_DONE;
+
+	/* Disable writing to the long life register */
+	GWRITE_FIELD(PMU, LONG_LIFE_SCRATCH_WR_EN, REG1, 0);
+}
+
 /* Get header address of the backup RW copy. */
 const struct SignedHeader *get_other_rw_addr(void)
 {
@@ -1488,6 +1508,45 @@ static uint32_t get_properties(void)
 	return properties;
 }
 
+/**
+ * NVMEM variable name for FIPS config. This is complementary for FWMP policy
+ * and used primarily for lab testing where FWMP would be complicated.
+ */
+static const uint8_t k_fips_config = NVMEM_VAR_FIPS_CONFIG;
+void board_set_local_fips_policy(bool asserted)
+{
+	setvar(&k_fips_config, sizeof(k_fips_config), (uint8_t *)&asserted,
+	       sizeof(asserted));
+}
+
+static bool board_get_local_fips_policy(void)
+{
+	const struct tuple *t;
+	bool fips;
+
+	t = getvar(&k_fips_config, sizeof(k_fips_config));
+	fips = (t) ? tuple_val(t)[0] : false;
+	freevar(t);
+
+	return fips;
+}
+
+bool board_fips_enforced(void)
+{
+	/**
+	 * combined flag which caches fips state and the fact it was cached
+	 * bit 7 is set when bit 0 contains fips status
+	 */
+	static uint8_t fips_state;
+
+	if (!(fips_state & 128)) {
+		fips_state = board_fwmp_fips_mode_enabled() ||
+			     board_get_local_fips_policy();
+		fips_state |= 128;
+	}
+	return !!(fips_state & 1);
+}
+
 static void init_board_properties(void)
 {
 	uint32_t properties;
diff --git a/board/cr50/board.h b/board/cr50/board.h
index b9dc15e988..8df52981a8 100644
--- a/board/cr50/board.h
+++ b/board/cr50/board.h
@@ -5,6 +5,7 @@
 
 #ifndef __CROS_EC_BOARD_H
 #define __CROS_EC_BOARD_H
+#include <stdbool.h>
 
 #define CONFIG_LTO
 
@@ -243,6 +244,7 @@ enum nvmem_vars {
 	NVMEM_VAR_U2F_SALT,
 	NVMEM_VAR_CCD_CONFIG,
 	NVMEM_VAR_G2F_SALT,
+	NVMEM_VAR_FIPS_CONFIG,
 
 	NVMEM_VARS_COUNT
 };
@@ -322,6 +324,16 @@ int board_has_ec_cr50_comm_support(void);
 int board_id_is_mismatched(void);
 /* Allow for deep sleep to be enabled on AP shutdown */
 int board_deep_sleep_allowed(void);
+/* indicates completion of power-up tests earlier */
+bool board_fips_power_up_done(void);
+
+/**
+ * Set status of FIPS power-up tests on wake from sleep
+ *
+ * @param asserted: 0 power-up tests should run on resume, otherwise can be
+ * skipped
+ */
+void board_set_fips_policy_test(bool asserted);
 
 void power_button_record(void);
 
@@ -349,6 +361,11 @@ int board_wipe_tpm(int reset_required);
 int board_is_first_factory_boot(void);
 int board_fwmp_fips_mode_enabled(void);
 
+/* set FIPS policy for board in NVRAM (independent of FWMP) */
+void board_set_local_fips_policy(bool asserted);
+/* return non zero if FIPS mode enforced in FWMP or NVRAM */
+bool board_fips_enforced(void);
+
 int usb_i2c_board_enable(void);
 void usb_i2c_board_disable(void);
 
diff --git a/board/cr50/scratch_reg1.h b/board/cr50/scratch_reg1.h
index 2fedfc5fff..73b2fffb0c 100644
--- a/board/cr50/scratch_reg1.h
+++ b/board/cr50/scratch_reg1.h
@@ -90,6 +90,12 @@
  */
 #define BOARD_EC_CR50_COMM_SUPPORT        BIT(21)
 
+/*
+ * Indicates successful completion of FIPS power up
+ * tests earlier. Reduces wake up time after sleep.
+ */
+#define BOARD_FIPS_POWERUP_DONE       BIT(22)
+
 /*
  * Bits to store which pin is used for the ccd recovery switch/lid open signal.
  */
-- 
cgit v1.2.1