cr50: limit ability to disable TPM to certain boards

The TPM disable function requires support from the AP firmware side,
only certain Chrome OS devices provide this support.

This patch adds a board property for this capability and enables it
for the Wilco family of boards.

BRANCH=cr50, cr50-mp
BUG=b:133189891
TEST=verified that Wilco still could be taken through diagnostics mode
     back to normal while maintaining the user account.

Change-Id: I18174820937500c9b72335f2031c346815b95079
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1636675
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
(cherry picked from commit 873a0cc2978da4879431e84c7a3425b984b83cd1)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1657310
(cherry picked from commit ab1ebc4d1b5a3cf307fd5a854fc68cc654b01bfd)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1705725
(cherry picked from commit 0dcd73c2700cc4410003aa45050a46b15e0e664b)

4 files changed, 19 insertions, 2 deletions

diff --git a/board/cr50/board.c b/board/cr50/board.c
index c9a806efe5..3e30b1986e 100644
--- a/board/cr50/board.c
+++ b/board/cr50/board.c
@@ -175,6 +175,11 @@ int board_has_ina_support(void)
 	return !(board_properties & BOARD_NO_INA_SUPPORT);
 }
 
+int board_tpm_mode_change_allowed(void)
+{
+	return !!(board_properties & BOARD_ALLOW_CHANGE_TPM_MODE);
+}
+
 /* Get header address of the backup RW copy. */
 const struct SignedHeader *get_other_rw_addr(void)
 {
@@ -285,7 +290,8 @@ static struct board_cfg board_cfg_table[] = {
 		.strap_cfg = 0x70,
 		.board_properties = BOARD_SLAVE_CONFIG_I2C |
 			BOARD_USE_PLT_RESET | BOARD_WP_DISABLE_DELAY |
-			BOARD_CLOSED_SOURCE_SET1 | BOARD_NO_INA_SUPPORT,
+			BOARD_CLOSED_SOURCE_SET1 | BOARD_NO_INA_SUPPORT |
+			BOARD_ALLOW_CHANGE_TPM_MODE,
 	},
 
 };
diff --git a/board/cr50/board.h b/board/cr50/board.h
index 2ce18fbc19..bc494af443 100644
--- a/board/cr50/board.h
+++ b/board/cr50/board.h
@@ -318,6 +318,8 @@ int board_uses_closed_loop_reset(void);
  * @return 0 if option is not set, !=0 if option set.
  */
 int board_has_ina_support(void);
+/* The board allows vendor commands to enable/disable tpm. */
+int board_tpm_mode_change_allowed(void);
 int board_id_is_mismatched(void);
 /* Allow for deep sleep to be enabled on AP shutdown */
 int board_deep_sleep_allowed(void);
diff --git a/board/cr50/scratch_reg1.h b/board/cr50/scratch_reg1.h
index 6fdfe12181..79eb4b4382 100644
--- a/board/cr50/scratch_reg1.h
+++ b/board/cr50/scratch_reg1.h
@@ -81,10 +81,16 @@
 #define BOARD_NO_INA_SUPPORT             BIT(19)
 
 /*
+ * The board allows commands to stop TPM (Wilco, Campfire, etc.)
+ */
+#define BOARD_ALLOW_CHANGE_TPM_MODE       BIT(20)
+
+/*
  * Macro to capture all properties related to board strapping pins. This must be
  * updated if additional strap related properties are added.
  */
 #define BOARD_ALL_PROPERTIES ( \
+	BOARD_ALLOW_CHANGE_TPM_MODE | \
 	BOARD_CLOSED_LOOP_RESET | \
 	BOARD_CLOSED_SOURCE_SET1 | \
 	BOARD_DEEP_SLEEP_DISABLED | \
diff --git a/board/cr50/tpm2/tpm_mode.c b/board/cr50/tpm2/tpm_mode.c
index 9978f7f724..8282236caa 100644
--- a/board/cr50/tpm2/tpm_mode.c
+++ b/board/cr50/tpm2/tpm_mode.c
@@ -51,8 +51,11 @@ static enum vendor_cmd_rc process_tpm_mode(struct vendor_cmd_params *p)
 
 	buffer = (uint8_t *)p->buffer;
 	if (p->in_size == sizeof(uint8_t)) {
-		if (s_tpm_mode != TPM_MODE_ENABLED_TENTATIVE)
+
+		if (!board_tpm_mode_change_allowed() ||
+		    (s_tpm_mode != TPM_MODE_ENABLED_TENTATIVE))
 			return VENDOR_RC_NOT_ALLOWED;
+
 		mode_val = buffer[0];
 
 		switch (mode_val) {