diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2019-12-04 09:23:44 -0800 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2019-12-06 23:48:33 +0000 |
| commit | fb10dcf474f65c92d64ccbc391a1b8991f42d1c6 (patch) | |
| tree | 4f8eea154c1475eccf7e7c905efcfc7a54336c15 | |
| parent | 47fb09677c6b52618349773730db122f1089f97f (diff) | |
| download | chrome-ec-fb10dcf474f65c92d64ccbc391a1b8991f42d1c6.tar.gz | |
cr50: add support for FIPS mode flag in FWMP
Added definition of FWMP_DEV_FIPS_MODE matching same definition in vboot.
Support function board_fwmp_fips_mode_enabled() introduced to read
it's status. It's not currently used, but will be consumed by
FIPS code.
BUG=b:138577491
BRANCH=cr50
TEST=make BOARD=cr50
Change-Id: Iebf672cfebfeb18ae62892097fbf1fa30a770338
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1950813
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
(cherry picked from commit bf8241699ba35984887e3f1a71d29ea1e92b21fe)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1954340
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
| -rw-r--r-- | board/cr50/board.h | 1 | ||||
| -rw-r--r-- | board/cr50/wp.c | 18 |
2 files changed, 17 insertions, 2 deletions
diff --git a/board/cr50/board.h b/board/cr50/board.h index 3dd8b100cf..f85d938b29 100644 --- a/board/cr50/board.h +++ b/board/cr50/board.h @@ -342,6 +342,7 @@ void board_reboot_ec(void); void board_closed_loop_reset(void); int board_wipe_tpm(int reset_required); int board_is_first_factory_boot(void); +int board_fwmp_fips_mode_enabled(void); int usb_i2c_board_enable(void); void usb_i2c_board_disable(void); diff --git a/board/cr50/wp.c b/board/cr50/wp.c index f14608faa3..8e9be0edeb 100644 --- a/board/cr50/wp.c +++ b/board/cr50/wp.c @@ -370,11 +370,12 @@ int board_wipe_tpm(int reset_required) /* * These definitions and the structure layout were manually copied from - * src/platform/vboot_reference/firmware/lib/include/rollback_index.h. at - * git sha c7282f6. + * src/platform/vboot_reference/firmware/2lib/include/2secdata.h. at + * git sha 38d7d1c. */ #define FWMP_HASH_SIZE 32 #define FWMP_DEV_DISABLE_CCD_UNLOCK BIT(6) +#define FWMP_DEV_FIPS_MODE BIT(7) #define FIRMWARE_FLAG_DEV_MODE 0x02 struct RollbackSpaceFirmware { @@ -460,6 +461,19 @@ int board_fwmp_allows_unlock(void) #endif } +int board_fwmp_fips_mode_enabled(void) +{ + struct RollbackSpaceFirmware fw; + + if (tpm_read_success == + read_tpm_nvmem(FIRMWARE_NV_INDEX, sizeof(fw), &fw)) { + return !!(fw.flags & FWMP_DEV_FIPS_MODE); + } + + /* If not found or other error, assume fips mode is disabled */ + return 0; +} + int board_vboot_dev_mode_enabled(void) { struct RollbackSpaceFirmware fw; |