nvmem: do not run when crypto is disabled

There is no point in trying any nvmem operations when
encryption/decryption services are not available.

Test changes necessary to make sure test app compiles and runs
successfully.

BRANCH=cr50, cr50-mp
BUG=b:132800220
TEST=The device does not crash any more after tpm is disabled.

Change-Id: I97f9afc6e4d5377162500fc757084e4d5a57d37d
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1615424
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>

5 files changed, 42 insertions, 0 deletions

diff --git a/chip/g/crypto_api.c b/chip/g/crypto_api.c
index 267bb31eb6..9c0c7bb8f5 100644
--- a/chip/g/crypto_api.c
+++ b/chip/g/crypto_api.c
@@ -29,3 +29,8 @@ int app_cipher(const void *salt, void *out, const void *in, size_t size)
 {
 	return DCRYPTO_app_cipher(NVMEM, salt, out, in, size);
 }
+
+int crypto_enabled(void)
+{
+	return DCRYPTO_ladder_is_enabled();
+}
diff --git a/chip/host/dcrypto/app_cipher.c b/chip/host/dcrypto/app_cipher.c
index af6c2c4beb..69d54a41b1 100644
--- a/chip/host/dcrypto/app_cipher.c
+++ b/chip/host/dcrypto/app_cipher.c
@@ -31,3 +31,7 @@ int app_cipher(const void *salt_p, void *out_p, const void *in_p, size_t size)
 	return 1;
 }
 
+int crypto_enabled(void)
+{
+	return 1;
+}
diff --git a/common/new_nvmem.c b/common/new_nvmem.c
index de26e0cf90..4975d4fbe6 100644
--- a/common/new_nvmem.c
+++ b/common/new_nvmem.c
@@ -1462,6 +1462,9 @@ enum ec_error_list new_nvmem_migrate(unsigned int act_partition)
 	int j;
 	struct nn_container *ch;
 
+	if (!crypto_enabled())
+		return EC_ERROR_INVAL;
+
 	/*
 	 * This is the first time we save using the new scheme, let's prepare
 	 * the flash space. First determine which half is the backup now and
@@ -2225,6 +2228,9 @@ enum ec_error_list new_nvmem_init(void)
 	enum ec_error_list rv;
 	timestamp_t start, init;
 
+	if (!crypto_enabled())
+		return EC_ERROR_INVAL;
+
 	total_var_space = 0;
 
 	/* Initialize NVMEM indices. */
@@ -2649,6 +2655,9 @@ enum ec_error_list new_nvmem_save(void)
 {
 	enum ec_error_list rv;
 
+	if (!crypto_enabled())
+		return EC_ERROR_INVAL;
+
 	lock_mutex(__LINE__);
 	rv = new_nvmem_save_();
 	unlock_mutex(__LINE__);
@@ -2698,6 +2707,9 @@ const struct tuple *getvar(const uint8_t *key, uint8_t key_len)
 	const struct max_var_container *vc;
 	struct access_tracker at = {};
 
+	if (!crypto_enabled())
+		return NULL;
+
 	if (!key || !key_len)
 		return NULL;
 
@@ -2854,6 +2866,9 @@ int setvar(const uint8_t *key, uint8_t key_len, const uint8_t *val,
 {
 	int rv;
 
+	if (!crypto_enabled())
+		return EC_ERROR_INVAL;
+
 	lock_mutex(__LINE__);
 	rv = setvar_(key, key_len, val, val_len);
 	unlock_mutex(__LINE__);
@@ -2893,6 +2908,9 @@ int nvmem_erase_tpm_data(void)
 	uint8_t saved_list_index;
 	uint8_t key_len;
 
+	if (!crypto_enabled())
+		return EC_ERROR_INVAL;
+
 	ch = get_scratch_buffer(CONFIG_FLASH_BANK_SIZE);
 
 	lock_mutex(__LINE__);
@@ -2990,6 +3008,11 @@ test_export_static enum ec_error_list browse_flash_contents(int print)
 	struct nn_container *ch;
 	struct access_tracker at = {};
 
+	if (!crypto_enabled()) {
+		ccprintf("Crypto services not available\n");
+		return EC_ERROR_INVAL;
+	}
+
 	ch = get_scratch_buffer(CONFIG_FLASH_BANK_SIZE);
 	lock_mutex(__LINE__);
 
diff --git a/include/crypto_api.h b/include/crypto_api.h
index 07bda7f5be..8a8ccacf99 100644
--- a/include/crypto_api.h
+++ b/include/crypto_api.h
@@ -56,6 +56,11 @@ void app_compute_hash(uint8_t *p_buf, size_t num_bytes,
  */
 int app_cipher(const void *salt, void *out, const void *in, size_t size);
 
+/*
+ * Return a Boolean showing if crypto hardware is enabled.
+ */
+int crypto_enabled(void);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/test/nvmem.c b/test/nvmem.c
index 75bd9f2856..7bac2f9dd7 100644
--- a/test/nvmem.c
+++ b/test/nvmem.c
@@ -97,6 +97,11 @@ void app_compute_hash(uint8_t *p_buf, size_t num_bytes,
 	}
 }
 
+int crypto_enabled(void)
+{
+	return 1;
+}
+
 /* Used to allow/prevent Flash erase/write operations */
 int flash_pre_op(void)
 {