From fb10dcf474f65c92d64ccbc391a1b8991f42d1c6 Mon Sep 17 00:00:00 2001
From: Vadim Sukhomlinov <sukhomlinov@google.com>
Date: Wed, 4 Dec 2019 09:23:44 -0800
Subject: cr50: add support for FIPS mode flag in FWMP

Added definition of FWMP_DEV_FIPS_MODE matching same definition in vboot.
Support function board_fwmp_fips_mode_enabled() introduced to read
it's status. It's not currently used, but will be consumed by
FIPS code.

BUG=b:138577491
BRANCH=cr50
TEST=make BOARD=cr50

Change-Id: Iebf672cfebfeb18ae62892097fbf1fa30a770338
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1950813
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
(cherry picked from commit bf8241699ba35984887e3f1a71d29ea1e92b21fe)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1954340
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
---
 board/cr50/board.h |  1 +
 board/cr50/wp.c    | 18 ++++++++++++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/board/cr50/board.h b/board/cr50/board.h
index 3dd8b100cf..f85d938b29 100644
--- a/board/cr50/board.h
+++ b/board/cr50/board.h
@@ -342,6 +342,7 @@ void board_reboot_ec(void);
 void board_closed_loop_reset(void);
 int board_wipe_tpm(int reset_required);
 int board_is_first_factory_boot(void);
+int board_fwmp_fips_mode_enabled(void);
 
 int usb_i2c_board_enable(void);
 void usb_i2c_board_disable(void);
diff --git a/board/cr50/wp.c b/board/cr50/wp.c
index f14608faa3..8e9be0edeb 100644
--- a/board/cr50/wp.c
+++ b/board/cr50/wp.c
@@ -370,11 +370,12 @@ int board_wipe_tpm(int reset_required)
 
 /*
  * These definitions and the structure layout were manually copied from
- * src/platform/vboot_reference/firmware/lib/include/rollback_index.h. at
- * git sha c7282f6.
+ * src/platform/vboot_reference/firmware/2lib/include/2secdata.h. at
+ * git sha 38d7d1c.
  */
 #define FWMP_HASH_SIZE		    32
 #define FWMP_DEV_DISABLE_CCD_UNLOCK BIT(6)
+#define FWMP_DEV_FIPS_MODE	    BIT(7)
 #define FIRMWARE_FLAG_DEV_MODE      0x02
 
 struct RollbackSpaceFirmware {
@@ -460,6 +461,19 @@ int board_fwmp_allows_unlock(void)
 #endif
 }
 
+int board_fwmp_fips_mode_enabled(void)
+{
+	struct RollbackSpaceFirmware fw;
+
+	if (tpm_read_success ==
+	    read_tpm_nvmem(FIRMWARE_NV_INDEX, sizeof(fw), &fw)) {
+		return !!(fw.flags & FWMP_DEV_FIPS_MODE);
+	}
+
+	/* If not found or other error, assume fips mode is disabled */
+	return 0;
+}
+
 int board_vboot_dev_mode_enabled(void)
 {
 	struct RollbackSpaceFirmware fw;
-- 
cgit v1.2.1