cr50: Add SPI hashing command

This allows hashing or dumping SPI flash from the Cr50 console even on
a locked device, so you can verify the RO Firmware on a system via CCD.

See design doc: go/verify-ro-firmware
(more specifically, "Cr50 console commands for option 1")

BUG=chromium:804507
BRANCH=cr50 release (after testing)
TEST=manual:
   # Sample sequence
   spihash ap -> requires physical presence; tap power button
   spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin
   spihash 0 128 dump -> dumps first 128 bytes; compare with image.bin
   spihash 128 128 -> offset works
   spihash 0 0x100000 -> gives a hash; doesn't watchdog reset
   spihdev ec
   spihash 0 1024 -> compare with ec.bin
   spihash disable
   # Test timeout
   spihash ap
   # Wait 30 seconds
   spihash 0 1024 -> still works
   # Wait 60 seconds; goes back disabled automatically
   spihash 0 1024 -> fails because spihash is disabled
   # Presence not required when CCD opened
   ccd open
   spihash ap -> no PP required
   spihash 0 1024 -> works
   spihash disable
   # Possible for owner to disable via CCD config
   ccd -> HashFlash is "Always"
   ccd set HashFlash IfOpened
   ccd lock
   spihash ap -> access denied
   # Cleanup
   ccd open
   ccd reset
   ccd lock

Change-Id: I27b5054730dea6b27fbad1b1c4aa0a650e3b4f99
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/889725
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>

1 files changed, 1 insertions, 0 deletions

diff --git a/common/ccd_config.c b/common/ccd_config.c
index 18b9aaa077..d9f12bc503 100644
--- a/common/ccd_config.c
+++ b/common/ccd_config.c
@@ -141,6 +141,7 @@ static const struct ccd_capability_info cap_info[CCD_CAP_COUNT] = {
 	{"BatteryBypassPP",	CCD_CAP_STATE_ALWAYS},
 	{"UpdateNoTPMWipe",	CCD_CAP_STATE_ALWAYS},
 	{"I2C",			CCD_CAP_STATE_IF_OPENED},
+	{"FlashRead",		CCD_CAP_STATE_ALWAYS},
 };
 
 static const char *ccd_state_names[CCD_STATE_COUNT] = {