cr50: ccd: add vendor command to disable RMA mode

The new vendor command takes the CCD state machine through necessary
transitions leaving it in the CCD locked state.

It succeeds only if user password is not set and CCD capabilities are
right, which is guaranteed to be the case after an RMA unlock.

BRANCH=cr50
BUG=b:68213540
TEST=tested using the modified gsctool utility.

Change-Id: Ic2cce34e74b1ff476841cfa1a99f50d6a947c315
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/784352
Reviewed-by: Randall Spangler <rspangler@chromium.org>

2 files changed, 70 insertions, 0 deletions

diff --git a/common/ccd_config.c b/common/ccd_config.c
index f850a36ff5..dd46b1b1db 100644
--- a/common/ccd_config.c
+++ b/common/ccd_config.c
@@ -1153,3 +1153,72 @@ static enum vendor_cmd_rc ccd_password(enum vendor_cmd_cc code,
 	return VENDOR_RC_SUCCESS;
 }
 DECLARE_VENDOR_COMMAND(VENDOR_CC_CCD_PASSWORD, ccd_password);
+
+
+static enum vendor_cmd_rc ccd_disable_rma(enum vendor_cmd_cc code,
+					  void *buf,
+					  size_t input_size,
+					  size_t *response_size)
+{
+	int rv;
+	int error_line;
+
+	do {
+		if (raw_has_password()) {
+			error_line = __LINE__;
+			break;
+		}
+
+		/* Check if physical presence is required to unlock. */
+		if (!ccd_is_cap_enabled(CCD_CAP_REMOVE_BATTERY_BYPASSES_PP) ||
+		    board_battery_is_present()) {
+			const uint8_t required_capabilities[] = {
+				CCD_CAP_OPEN_WITHOUT_TPM_WIPE,
+				CCD_CAP_UNLOCK_WITHOUT_AP_REBOOT,
+				CCD_CAP_OPEN_WITHOUT_LONG_PP,
+				CCD_CAP_UNLOCK_WITHOUT_SHORT_PP
+			};
+			unsigned int i;
+
+			for (i = 0;
+			     i < ARRAY_SIZE(required_capabilities);
+			     i++) {
+				if (!ccd_is_cap_enabled
+				    (required_capabilities[i]))
+					break;
+			}
+
+			if (i < ARRAY_SIZE(required_capabilities)) {
+				CPRINTF("Capability %d is not present\n",
+					required_capabilities[i]);
+				error_line = __LINE__;
+				break;
+			}
+		}
+
+		ccd_set_state(CCD_STATE_OPENED);
+
+		rv = command_ccd_reset(0, NULL);
+		if (rv != EC_SUCCESS) {
+			error_line = __LINE__;
+			break;
+		}
+
+
+		rv = command_ccd_lock();
+		if (rv != EC_SUCCESS) {
+			error_line = __LINE__;
+			break;
+		}
+
+		*response_size = 0;
+		return VENDOR_RC_SUCCESS;
+	} while (0);
+
+	CPRINTF("%s: error in line %d\n", __func__, error_line);
+
+	((uint8_t *)buf)[0] = (uint8_t)rv;
+	*response_size = 1;
+	return VENDOR_RC_INTERNAL_ERROR;
+}
+DECLARE_VENDOR_COMMAND(VENDOR_CC_DISABLE_RMA, ccd_disable_rma);
diff --git a/include/tpm_vendor_cmds.h b/include/tpm_vendor_cmds.h
index 93961e793d..1a9682be69 100644
--- a/include/tpm_vendor_cmds.h
+++ b/include/tpm_vendor_cmds.h
@@ -45,6 +45,7 @@ enum vendor_cmd_cc {
 	VENDOR_CC_GET_REC_BTN = 29,
 	VENDOR_CC_RMA_CHALLENGE_RESPONSE = 30,
 	VENDOR_CC_CCD_PASSWORD = 31,
+	VENDOR_CC_DISABLE_RMA = 32,
 
 	LAST_VENDOR_COMMAND = 65535,
 };