Merge remote-tracking branch cros/main into firmware-brya-14505.B-mainfirmware-brya-14505.B-main

Generated by: util/update_release_branch.py --board brya firmware-brya-14505.B-main

Relevant changes:

git log --oneline 8641442366..b34dc2ae90 -- board/brya board/brya
util/getversion.sh

BRANCH=None

TEST=`make -j buildall`

Force-Relevant-Builds: all
Change-Id: I63149b4c1782b3ed57f2556755901c21f5f1e3e9
Signed-off-by: Ivan Chen <yulunchen@google.com>

6 files changed, 325 insertions, 86 deletions

diff --git a/chip/host/trng.c b/chip/host/trng.c
index d0def66277..f67dd6c4db 100644
--- a/chip/host/trng.c
+++ b/chip/host/trng.c
@@ -31,6 +31,11 @@ test_mockable void trng_exit(void)
 {
 }
 
+test_mockable uint32_t trng_rand(void)
+{
+	return (uint32_t)rand_r(&seed);
+}
+
 test_mockable void trng_rand_bytes(void *buffer, size_t len)
 {
 	uint8_t *b, *end;
diff --git a/chip/npcx/build.mk b/chip/npcx/build.mk
index 9e046be7ec..11155af9bb 100644
--- a/chip/npcx/build.mk
+++ b/chip/npcx/build.mk
@@ -40,6 +40,7 @@ chip-$(CONFIG_CEC)+=cec.o
 # pwm functions are implemented with the fan functions
 chip-$(CONFIG_PWM)+=pwm.o
 chip-$(CONFIG_SPI)+=spi.o
+chip-$(CONFIG_RNG)+=trng.o
 chip-$(CONFIG_WATCHDOG)+=watchdog.o
 ifndef CONFIG_KEYBOARD_DISCRETE
 chip-$(HAS_TASK_KEYSCAN)+=keyboard_raw.o
diff --git a/chip/npcx/gpio-npcx9.c b/chip/npcx/gpio-npcx9.c
index 5de8ea3b0a..3a7378083c 100644
--- a/chip/npcx/gpio-npcx9.c
+++ b/chip/npcx/gpio-npcx9.c
@@ -181,21 +181,22 @@ GPIO_IRQ_FUNC(__gpio_wk1e_interrupt, WUI_INT(MIWU_TABLE_1, MIWU_GROUP_5));
 GPIO_IRQ_FUNC(__gpio_wk1f_interrupt, WUI_INT(MIWU_TABLE_1, MIWU_GROUP_6));
 GPIO_IRQ_FUNC(__gpio_wk1g_interrupt, WUI_INT(MIWU_TABLE_1, MIWU_GROUP_7));
 
-DECLARE_IRQ(NPCX_IRQ_CR_SIN2_WKINTA_0, __gpio_cr_sin2_interrupt, 3);
-DECLARE_IRQ(NPCX_IRQ_TWD_WKINTB_0, __gpio_wk0b_interrupt, 3);
-DECLARE_IRQ(NPCX_IRQ_WKINTC_0, __gpio_wk0c_interrupt, 3);
-DECLARE_IRQ(NPCX_IRQ_MTC_WKINTD_0, __gpio_rtc_interrupt, 3);
-DECLARE_IRQ(NPCX_IRQ_WKINTE_0, __gpio_host_interrupt, 3);
-DECLARE_IRQ(NPCX_IRQ_WKINTF_0, __gpio_wk0f_interrupt, 3);
-DECLARE_IRQ(NPCX_IRQ_WKINTG_0, __gpio_wk0g_interrupt, 3);
-DECLARE_IRQ(NPCX_IRQ_WKINTH_0, __gpio_wk0h_interrupt, 3);
-DECLARE_IRQ(NPCX_IRQ_WKINTA_1, __gpio_wk1a_interrupt, 3);
-DECLARE_IRQ(NPCX_IRQ_WKINTB_1, __gpio_wk1b_interrupt, 3);
+DECLARE_IRQ(NPCX_IRQ_CR_SIN2_WKINTA_0, __gpio_cr_sin2_interrupt,
+	    NPCX_MIWU0_GROUP_A);
+DECLARE_IRQ(NPCX_IRQ_TWD_WKINTB_0, __gpio_wk0b_interrupt, NPCX_MIWU0_GROUP_B);
+DECLARE_IRQ(NPCX_IRQ_WKINTC_0, __gpio_wk0c_interrupt, NPCX_MIWU0_GROUP_C);
+DECLARE_IRQ(NPCX_IRQ_MTC_WKINTD_0, __gpio_rtc_interrupt, NPCX_MIWU0_GROUP_D);
+DECLARE_IRQ(NPCX_IRQ_WKINTE_0, __gpio_host_interrupt, NPCX_MIWU0_GROUP_E);
+DECLARE_IRQ(NPCX_IRQ_WKINTF_0, __gpio_wk0f_interrupt, NPCX_MIWU0_GROUP_F);
+DECLARE_IRQ(NPCX_IRQ_WKINTG_0, __gpio_wk0g_interrupt, NPCX_MIWU0_GROUP_G);
+DECLARE_IRQ(NPCX_IRQ_WKINTH_0, __gpio_wk0h_interrupt, NPCX_MIWU0_GROUP_H);
+DECLARE_IRQ(NPCX_IRQ_WKINTA_1, __gpio_wk1a_interrupt, NPCX_MIWU1_GROUP_A);
+DECLARE_IRQ(NPCX_IRQ_WKINTB_1, __gpio_wk1b_interrupt, NPCX_MIWU1_GROUP_B);
 #ifdef NPCX_SELECT_KSI_TO_GPIO
-DECLARE_IRQ(NPCX_IRQ_KSI_WKINTC_1, __gpio_wk1c_interrupt, 3);
+DECLARE_IRQ(NPCX_IRQ_KSI_WKINTC_1, __gpio_wk1c_interrupt, NPCX_MIWU1_GROUP_C);
 #endif
-DECLARE_IRQ(NPCX_IRQ_WKINTD_1, __gpio_wk1d_interrupt, 3);
-DECLARE_IRQ(NPCX_IRQ_WKINTE_1, __gpio_wk1e_interrupt, 3);
+DECLARE_IRQ(NPCX_IRQ_WKINTD_1, __gpio_wk1d_interrupt, NPCX_MIWU1_GROUP_D);
+DECLARE_IRQ(NPCX_IRQ_WKINTE_1, __gpio_wk1e_interrupt, NPCX_MIWU1_GROUP_E);
 #ifdef CONFIG_HOST_INTERFACE_SHI
 /*
  * HACK: Make CS GPIO P2 to improve SHI reliability.
@@ -204,10 +205,10 @@ DECLARE_IRQ(NPCX_IRQ_WKINTE_1, __gpio_wk1e_interrupt, 3);
  */
 DECLARE_IRQ(NPCX_IRQ_WKINTF_1, __gpio_wk1f_interrupt, 2);
 #else
-DECLARE_IRQ(NPCX_IRQ_WKINTF_1, __gpio_wk1f_interrupt, 3);
+DECLARE_IRQ(NPCX_IRQ_WKINTF_1, __gpio_wk1f_interrupt, NPCX_MIWU1_GROUP_F);
 #endif
-DECLARE_IRQ(NPCX_IRQ_WKINTG_1, __gpio_wk1g_interrupt, 3);
-DECLARE_IRQ(NPCX_IRQ_WKINTH_1, __gpio_wk1h_interrupt, 3);
+DECLARE_IRQ(NPCX_IRQ_WKINTG_1, __gpio_wk1g_interrupt, NPCX_MIWU1_GROUP_G);
+DECLARE_IRQ(NPCX_IRQ_WKINTH_1, __gpio_wk1h_interrupt, NPCX_MIWU1_GROUP_H);
 DECLARE_IRQ(NPCX_IRQ_LCT_WKINTF_2, __gpio_lct_interrupt, 3);
 
 #undef GPIO_IRQ_FUNC
diff --git a/chip/npcx/registers.h b/chip/npcx/registers.h
index a583fb1c64..c99fb76bf3 100644
--- a/chip/npcx/registers.h
+++ b/chip/npcx/registers.h
@@ -275,6 +275,56 @@ enum {
 	MIWU_EDGE_ANYING,
 };
 
+#define NPCX_MIWU_DEFAULT_PRIORITY 3
+#ifndef NPCX_MIWU0_GROUP_A
+#define NPCX_MIWU0_GROUP_A NPCX_MIWU_DEFAULT_PRIORITY
+#endif
+#ifndef NPCX_MIWU0_GROUP_B
+#define NPCX_MIWU0_GROUP_B NPCX_MIWU_DEFAULT_PRIORITY
+#endif
+#ifndef NPCX_MIWU0_GROUP_C
+#define NPCX_MIWU0_GROUP_C NPCX_MIWU_DEFAULT_PRIORITY
+#endif
+#ifndef NPCX_MIWU0_GROUP_D
+#define NPCX_MIWU0_GROUP_D NPCX_MIWU_DEFAULT_PRIORITY
+#endif
+#ifndef NPCX_MIWU0_GROUP_E
+#define NPCX_MIWU0_GROUP_E NPCX_MIWU_DEFAULT_PRIORITY
+#endif
+#ifndef NPCX_MIWU0_GROUP_F
+#define NPCX_MIWU0_GROUP_F NPCX_MIWU_DEFAULT_PRIORITY
+#endif
+#ifndef NPCX_MIWU0_GROUP_G
+#define NPCX_MIWU0_GROUP_G NPCX_MIWU_DEFAULT_PRIORITY
+#endif
+#ifndef NPCX_MIWU0_GROUP_H
+#define NPCX_MIWU0_GROUP_H NPCX_MIWU_DEFAULT_PRIORITY
+#endif
+#ifndef NPCX_MIWU1_GROUP_A
+#define NPCX_MIWU1_GROUP_A NPCX_MIWU_DEFAULT_PRIORITY
+#endif
+#ifndef NPCX_MIWU1_GROUP_B
+#define NPCX_MIWU1_GROUP_B NPCX_MIWU_DEFAULT_PRIORITY
+#endif
+#ifndef NPCX_MIWU1_GROUP_C
+#define NPCX_MIWU1_GROUP_C NPCX_MIWU_DEFAULT_PRIORITY
+#endif
+#ifndef NPCX_MIWU1_GROUP_D
+#define NPCX_MIWU1_GROUP_D NPCX_MIWU_DEFAULT_PRIORITY
+#endif
+#ifndef NPCX_MIWU1_GROUP_E
+#define NPCX_MIWU1_GROUP_E NPCX_MIWU_DEFAULT_PRIORITY
+#endif
+#ifndef NPCX_MIWU1_GROUP_F
+#define NPCX_MIWU1_GROUP_F NPCX_MIWU_DEFAULT_PRIORITY
+#endif
+#ifndef NPCX_MIWU1_GROUP_G
+#define NPCX_MIWU1_GROUP_G NPCX_MIWU_DEFAULT_PRIORITY
+#endif
+#ifndef NPCX_MIWU1_GROUP_H
+#define NPCX_MIWU1_GROUP_H NPCX_MIWU_DEFAULT_PRIORITY
+#endif
+
 /* MIWU utilities */
 #define MIWU_TABLE_WKKEY MIWU_TABLE_1
 #define MIWU_GROUP_WKKEY MIWU_GROUP_3
diff --git a/chip/npcx/trng.c b/chip/npcx/trng.c
new file mode 100644
index 0000000000..a2d7920c14
--- /dev/null
+++ b/chip/npcx/trng.c
@@ -0,0 +1,251 @@
+/* Copyright 2023 The ChromiumOS Authors
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Hardware Random Number Generator */
+
+#include "common.h"
+#include "console.h"
+#include "host_command.h"
+#include "panic.h"
+#include "printf.h"
+#include "registers.h"
+#include "system.h"
+#include "task.h"
+#include "trng.h"
+#include "util.h"
+
+#define DRBG_CONTEXT_SIZE 240
+
+struct drbg_ctx {
+	union {
+		uint8_t buffer[DRBG_CONTEXT_SIZE];
+		uint32_t buffer32[DRBG_CONTEXT_SIZE / 4];
+		uint64_t buffer64[DRBG_CONTEXT_SIZE / 8];
+	};
+} __aligned(16);
+
+struct drbg_ctx ctx;
+struct drbg_ctx *ctx_p = &ctx;
+
+enum ncl_status {
+	NCL_STATUS_OK = 0xA5A5,
+	NCL_STATUS_FAIL = 0x5A5A,
+	NCL_STATUS_INVALID_PARAM = 0x02,
+	NCL_STATUS_PARAM_NOT_SUPPORTED,
+	NCL_STATUS_SYSTEM_BUSY,
+	NCL_STATUS_AUTHENTICATION_FAIL,
+	NCL_STATUS_NO_RESPONSE,
+	NCL_STATUS_HARDWARE_ERROR,
+};
+
+/*
+ * This enum defines the security strengths supported by this DRBG mechanism.
+ * The internally generated entropy and nonce sizes are derived from these
+ * values. The supported actual sizes:
+ *       Security strength (bits)    112 128 192 256 128_Test 256_Test
+ *
+ *       Entropy size (Bytes)        32  48  64  96  111      128
+ *       Nonce size (Bytes)          16  16  24  32  16       0
+ */
+enum ncl_drbg_security_strength {
+	NCL_DRBG_SECURITY_STRENGTH_112b = 0,
+	NCL_DRBG_SECURITY_STRENGTH_128b,
+	NCL_DRBG_SECURITY_STRENGTH_192b,
+	NCL_DRBG_SECURITY_STRENGTH_256b,
+	NCL_DRBG_SECURITY_STRENGTH_128b_TEST,
+	NCL_DRBG_SECURITY_STRENGTH_256b_TEST,
+	NCL_DRBG_MAX_SECURITY_STRENGTH
+};
+
+/* The actual base address is 13C but we only need the SHA power function */
+#define NCL_SHA_BASE_ADDR 0x0000015CUL
+struct ncl_sha {
+	/* Power on/off SHA module. */
+	enum ncl_status (*power)(void *ctx, uint8_t on);
+};
+#define NCL_SHA ((const struct ncl_sha *)NCL_SHA_BASE_ADDR)
+
+/*
+ * The base address of the table that holds the function pointer for each
+ * DRBG API in ROM.
+ */
+#define NCL_DRBG_BASE_ADDR 0x00000110UL
+struct ncl_drbg {
+	/* Get the DRBG context size required by DRBG APIs. */
+	uint32_t (*get_context_size)(void);
+	/* Initialize DRBG context. */
+	enum ncl_status (*init_context)(void *ctx);
+	/* Power on/off DRBG module. */
+	enum ncl_status (*power)(void *ctx, uint8_t on);
+	/* Finalize DRBG context. */
+	enum ncl_status (*finalize_context)(void *ctx);
+	/* Initialize the DRBG hardware module and enable interrupts. */
+	enum ncl_status (*init)(void *ctx, bool int_enable);
+	/*
+	 * Configure DRBG, pres_resistance enables/disables (1/0) prediction
+	 * resistance
+	 */
+	enum ncl_status (*config)(void *ctx, uint32_t reseed_interval,
+				  uint8_t pred_resistance);
+	/*
+	 * This routine creates a first instantiation of the DRBG mechanism
+	 * parameters. The routine pulls an initial seed from the HW RNG module
+	 * and resets the reseed counter. DRBG and SHA modules should be
+	 * activated prior to the this operation.
+	 */
+	enum ncl_status (*instantiate)(
+		void *ctx, enum ncl_drbg_security_strength sec_strength,
+		const uint8_t *pers_string, uint32_t pers_string_len);
+	/* Uninstantiate DRBG module */
+	enum ncl_status (*uninstantiate)(void *ctx);
+	/* Reseeds the internal state of the given instantce */
+	enum ncl_status (*reseed)(void *ctc, uint8_t *add_data,
+				  uint32_t add_data_len);
+	/* Generates a random number from the current internal state. */
+	enum ncl_status (*generate)(void *ctx, const uint8_t *add_data,
+				    uint32_t add_data_len, uint8_t *out_buff,
+				    uint32_t out_buff_len);
+	/* Clear all DRBG SSPs (Sensitive Security Parameters) in HW & driver */
+	enum ncl_status (*clear)(void *ctx);
+};
+#define NCL_DRBG ((const struct ncl_drbg *)NCL_DRBG_BASE_ADDR)
+
+struct npcx_trng_state {
+	enum ncl_status trng_init;
+};
+struct npcx_trng_state trng_state;
+struct npcx_trng_state *state_p = &trng_state;
+
+test_mockable void trng_init(void)
+{
+#ifndef CHIP_VARIANT_NPCX9M8S
+#error "Please add support for CONFIG_RNG on this chip family."
+#endif
+
+	uint32_t context_size = 0;
+
+	state_p->trng_init = NCL_STATUS_FAIL;
+
+	context_size = NCL_DRBG->get_context_size();
+	if (context_size != DRBG_CONTEXT_SIZE)
+		ccprintf("ERROR! Unexpected NCL DRBG context_size = %d\n",
+			 context_size);
+
+	state_p->trng_init = NCL_DRBG->power(ctx_p, true);
+	if (state_p->trng_init != NCL_STATUS_OK) {
+		ccprintf("ERROR! DRBG power returned %x\n", state_p->trng_init);
+		return;
+	}
+
+	state_p->trng_init = NCL_SHA->power(ctx_p, true);
+	if (state_p->trng_init != NCL_STATUS_OK) {
+		ccprintf("ERROR! SHA power returned %x\n", state_p->trng_init);
+		return;
+	}
+
+	state_p->trng_init = NCL_DRBG->init_context(ctx_p);
+	if (state_p->trng_init != NCL_STATUS_OK) {
+		ccprintf("ERROR! DRBG init_context returned %x\r",
+			 state_p->trng_init);
+		return;
+	}
+
+	state_p->trng_init = NCL_DRBG->init(ctx_p, 0);
+	if (state_p->trng_init != NCL_STATUS_OK) {
+		ccprintf("ERROR! DRBG init returned %x\r", state_p->trng_init);
+		return;
+	}
+
+	state_p->trng_init = NCL_DRBG->config(ctx_p, 100, false);
+	if (state_p->trng_init != NCL_STATUS_OK) {
+		ccprintf("ERROR! DRBG config returned %x\r",
+			 state_p->trng_init);
+		return;
+	}
+
+	state_p->trng_init = NCL_DRBG->instantiate(
+		ctx_p, NCL_DRBG_SECURITY_STRENGTH_128b, NULL, 0);
+	if (state_p->trng_init != NCL_STATUS_OK) {
+		ccprintf("ERROR! DRBG instantiate returned %x\r",
+			 state_p->trng_init);
+		return;
+	}
+
+	state_p->trng_init = NCL_DRBG->power(ctx_p, false);
+	if (state_p->trng_init != NCL_STATUS_OK) {
+		ccprintf("ERROR! DRBG power returned %x\n", state_p->trng_init);
+		return;
+	}
+
+	state_p->trng_init = NCL_SHA->power(ctx_p, false);
+	if (state_p->trng_init != NCL_STATUS_OK) {
+		ccprintf("ERROR! SHA power returned %x\n", state_p->trng_init);
+		return;
+	}
+}
+
+uint32_t trng_rand(void)
+{
+	uint32_t return_value;
+	enum ncl_status status = NCL_STATUS_FAIL;
+
+	/* Don't attempt generate and panic if initialization failed */
+	if (state_p->trng_init != NCL_STATUS_OK)
+		software_panic(PANIC_SW_BAD_RNG, task_get_current());
+
+	status = NCL_DRBG->power(ctx_p, true);
+	if (status != NCL_STATUS_OK) {
+		ccprintf("ERROR! DRBG power returned %x\n", status);
+		software_panic(PANIC_SW_BAD_RNG, task_get_current());
+	}
+
+	status = NCL_SHA->power(ctx_p, true);
+	if (status != NCL_STATUS_OK) {
+		ccprintf("ERROR! SHA power returned %x\n", status);
+		software_panic(PANIC_SW_BAD_RNG, task_get_current());
+	}
+
+	status = NCL_DRBG->generate(NULL, NULL, 0, (uint8_t *)&return_value, 4);
+	if (status != NCL_STATUS_OK) {
+		ccprintf("ERROR! DRBG generate returned %x\r", status);
+		software_panic(PANIC_SW_BAD_RNG, task_get_current());
+	}
+
+	/*
+	 * Failing to turn off the blocks has power implications but wouldn't
+	 * result in feeding the caller a bad result, hence no panics enabled
+	 * for failing to turn off the hardware
+	 */
+	status = NCL_DRBG->power(ctx_p, false);
+	if (status != NCL_STATUS_OK)
+		ccprintf("ERROR! DRBG power returned %x\n", status);
+
+	status = NCL_SHA->power(ctx_p, false);
+	if (status != NCL_STATUS_OK)
+		ccprintf("ERROR! SHA power returned %x\n", status);
+
+	return return_value;
+}
+
+test_mockable void trng_exit(void)
+{
+	enum ncl_status status = NCL_STATUS_FAIL;
+
+	status = NCL_DRBG->clear(ctx_p);
+	if (status != NCL_STATUS_OK)
+		ccprintf("ERROR! DRBG clear returned %x\r", status);
+
+	status = NCL_DRBG->uninstantiate(ctx_p);
+	if (status != NCL_STATUS_OK)
+		ccprintf("ERROR! DRBG uninstantiate returned %x\r", status);
+
+	status = NCL_DRBG->power(ctx_p, false);
+	if (status != NCL_STATUS_OK)
+		ccprintf("ERROR! DRBG power returned %x\n", status);
+
+	status = NCL_SHA->power(ctx_p, false);
+	if (status != NCL_STATUS_OK)
+		ccprintf("ERROR! SHA power returned %x\n", status);
+}
diff --git a/chip/stm32/trng.c b/chip/stm32/trng.c
index 67d3700cf1..63641741d3 100644
--- a/chip/stm32/trng.c
+++ b/chip/stm32/trng.c
@@ -16,7 +16,7 @@
 #include "trng.h"
 #include "util.h"
 
-static uint32_t trng_rand(void)
+uint32_t trng_rand(void)
 {
 	int tries = 300;
 	/* Wait for a valid random number */
@@ -29,25 +29,6 @@ static uint32_t trng_rand(void)
 	return STM32_RNG_DR;
 }
 
-test_mockable void trng_rand_bytes(void *buffer, size_t len)
-{
-	while (len) {
-		uint32_t number = trng_rand();
-		size_t cnt = 4;
-		/* deal with the lack of alignment guarantee in the API */
-		uintptr_t align = (uintptr_t)buffer & 3;
-
-		if (len < 4 || align) {
-			cnt = MIN(4 - align, len);
-			memcpy(buffer, &number, cnt);
-		} else {
-			*(uint32_t *)buffer = number;
-		}
-		len -= cnt;
-		buffer += cnt;
-	}
-}
-
 test_mockable void trng_init(void)
 {
 #ifdef CHIP_FAMILY_STM32L4
@@ -97,53 +78,3 @@ test_mockable void trng_exit(void)
 	/* Nothing to do */
 #endif
 }
-
-#if defined(CONFIG_CMD_RAND)
-/*
- * We want to avoid accidentally exposing debug commands in RO since we can't
- * update RO once in production.
- */
-#if defined(SECTION_IS_RW)
-static int command_rand(int argc, const char **argv)
-{
-	uint8_t data[32];
-	char str_buf[hex_str_buf_size(sizeof(data))];
-
-	trng_init();
-	trng_rand_bytes(data, sizeof(data));
-	trng_exit();
-
-	snprintf_hex_buffer(str_buf, sizeof(str_buf),
-			    HEX_BUF(data, sizeof(data)));
-	ccprintf("rand %s\n", str_buf);
-
-	return EC_SUCCESS;
-}
-DECLARE_CONSOLE_COMMAND(rand, command_rand, NULL,
-			"Output random bytes to console.");
-
-static enum ec_status host_command_rand(struct host_cmd_handler_args *args)
-{
-	const struct ec_params_rand_num *p = args->params;
-	struct ec_response_rand_num *r = args->response;
-	uint16_t num_rand_bytes = p->num_rand_bytes;
-
-	if (system_is_locked())
-		return EC_RES_ACCESS_DENIED;
-
-	if (num_rand_bytes > args->response_max)
-		return EC_RES_OVERFLOW;
-
-	trng_init();
-	trng_rand_bytes(r->rand, num_rand_bytes);
-	trng_exit();
-
-	args->response_size = num_rand_bytes;
-
-	return EC_SUCCESS;
-}
-
-DECLARE_HOST_COMMAND(EC_CMD_RAND_NUM, host_command_rand,
-		     EC_VER_MASK(EC_VER_RAND_NUM));
-#endif /* SECTION_IS_RW */
-#endif /* CONFIG_CMD_RAND */