docs: update CCD docs locations

BRANCH=none BUG=none TEST=verified that gitfiles points at the correct documents. Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: I6123e74449d6dbda1645f4293dd24914ccaf0d37 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2276330 Reviewed-by: Jett Rink <jettrink@chromium.org> Reviewed-by: Tom Hughes <tomhughes@chromium.org> Commit-Queue: Tom Hughes <tomhughes@chromium.org>
author: Vadim Bendebury <vbendeb@chromium.org> 2020-07-01 14:53:27 -0700
committer: Commit Bot <commit-bot@chromium.org> 2020-07-10 22:54:06 +0000
commit: dccc9023faec5a7c55487fcf6ca6d1b96d4cd08e (patch)
tree: e4903bbd1fb2f735eb0e0121ab985b28a4a935c7 /docs/case_closed_debugging_cr50.md
parent: 23ea3fbd4a6e52b8a54f4278bbed8975af34cca7 (diff)
download: chrome-ec-dccc9023faec5a7c55487fcf6ca6d1b96d4cd08e.tar.gz
1 files changed, 2 insertions, 833 deletions
diff --git a/docs/case_closed_debugging_cr50.md b/docs/case_closed_debugging_cr50.md
index 0e244c15a0..6eb622cc37 100644
--- a/docs/case_closed_debugging_cr50.md
+++ b/docs/case_closed_debugging_cr50.md
@@ -1,833 +1,2 @@
-# Google Security Chip (GSC) Case Closed Debugging (CCD)
-
-Cr50 is the firmware that runs on the Google Security Chip (GSC), which has
-support for [Case Closed Debugging](CCD).
-
-This document explains how to setup CCD, so you can access all of the necessary
-features to develop firmware on your Chrome OS device, access
-[debug consoles][consoles], and [disable hardware write protect][hw-wp].
-
-[TOC]
-
-## Overview
-
-Cr50 CCD was designed to restrict CCD access to device owners and is implemented
-through **CCD privilege levels** ([`Open`], [`Unlocked`], [`Locked`]) that can
-be used to enable access to different **[CCD capabilities][cap]**. Capability
-settings can be modified to require certain privilege levels to access each
-capability. Device owners can use these settings to customize CCD so that it is
-as open or restricted as they want.
-
-Cr50 CCD exposes [3 debug consoles][consoles]: AP, EC, and Cr50 as well as
-control over [Hardware Write Protect][hw-wp]. Cr50 CCD also allows
-[flashing the AP firmware] or [flashing the EC firmware].
-
-### Capability and Privilege Levels {#cap-priv}
-
-Privilege Levels |
----------------- |
-`Open`           |
-`Unlocked`       |
-`Locked`         |
-
-Capability Setting | Definition
------------------- | ----------
-`IfOpened`         | Specified capability is allowed if Cr50 Privilege Level is `Open`.
-`UnlessLocked`     | Specified capability is allowed unless Cr50 Privilege Level is `Locked`.
-`Always`           | Specified capability is always allowed, regardless of Cr50 Privilege Level.
-
-Capability Setting | Privilege Level Required
------------------- | ----------------------------------------
-`IfOpened`         | `Open`
-`UnlessLocked`     | `Open` or `Unlocked`
-`Always`           | `Open`, `Unlocked`, `Locked` (any state)
-
-## CCD Capabilities {#cap}
-
-The default Cr50 privilege level is [`Locked`] with the following capability
-settings:
-
-Capability        | Default    | Function
------------------ | ---------- | --------
-`UartGscRxAPTx`   | `Always`   | AP console read access
-`UartGscTxAPRx`   | `Always`   | AP console write access
-`UartGscRxECTx`   | `Always`   | EC console read access
-`UartGscTxECRx`   | `IfOpened` | EC console write access
-[`FlashAP`]       | `IfOpened` | Allows flashing the AP
-[`FlashEC`]       | `IfOpened` | Allows flashing the EC
-[`OverrideWP`]    | `IfOpened` | Override hardware write protect
-`RebootECAP`      | `IfOpened` | Allow rebooting the EC/AP from the Cr50 console
-`GscFullConsole`  | `IfOpened` | Allow access to restricted Cr50 console commands
-`UnlockNoReboot`  | `Always`   | Allow unlocking Cr50 without rebooting the AP
-`UnlockNoShortPP` | `Always`   | Allow unlocking Cr50 without physical presence
-`OpenNoTPMWipe`   | `IfOpened` | Allow opening Cr50 without wiping the TPM
-`OpenNoLongPP`    | `IfOpened` | Allow opening Cr50 without physical presence
-`BatteryBypassPP` | `Always`   | Allow opening Cr50 without physical presence and developer mode if the battery is removed
-`UpdateNoTPMWipe` | `Always`   | Allow updating Cr50 without wiping the TPM
-`I2C`             | `IfOpened` | Allow access to the I2C master (used for measuring power)
-`FlashRead`       | `Always`   | Allow dumping a hash of the AP or EC flash
-`OpenNoDevMode`   | `IfOpened` | Allow opening Cr50 without developer mode
-`OpenFromUSB`     | `IfOpened` | Allow opening Cr50 from USB
-
-## Consoles {#consoles}
-
-Cr50 presents 3 consoles through CCD: AP, EC, and Cr50, each of which show up on
-your host machine as a `/dev/ttyUSBX` device when a debug cable ([Suzy-Q] or
-[Type-C Servo v4]) is plugged in to the DUT.
-
-Console | Default access                              | Capability Name
-------- | ------------------------------------------- | ---------------
-Cr50    | always read/write, but commands are limited | `GscFullConsole` enables the full set of Cr50 console commands
-AP      | read/write                                  | `UartGscRxAPTx` / `UartGscTxAPRx`
-EC      | read-only                                   | `UartGscRxECTx` / `UartGscTxECRx`
-
-### Connecting to a Console
-
-When a debug cable ([Suzy-Q] or [Type-C Servo v4]) is plugged in to the DUT, the
-3 consoles will show up as `/dev/ttyUSBX` devices. You can connect to them with
-your favorite terminal program (e.g., `minicom`, `screen`, etc). You can also
-use the [`usb_console`] command to connect to Cr50 (`18d1:5014`) and specify the
-interface to choose between the consoles.
-
-```bash
-# Install `usb_console`
-(chroot) sudo emerge ec-devutils
-```
-
-```bash
-# Connect to Cr50 console
-(chroot) $ usb_console -d 18d1:5014
-```
-
-```bash
-# Connect to AP console
-(chroot) $ usb_console -d 18d1:5014 -i 1
-```
-
-```bash
-# Connect to EC console
-(chroot) $ usb_console -d 18d1:5014 -i 2
-```
-
-#### Using "servod" to access the console
-
-[`servod`] can be used to create alternative console devices when combined with
-a [Servo].
-
-First, make sure your [servo firmware is updated][update servo v4].
-
-Next, start [`servod`]:
-
-```bash
-(chroot) $ sudo servod -b $BOARD
-```
-
-Then use `dut-control` to display the console devices:
-
-```bash
-(chroot) $ dut-control cr50_uart_pty ec_uart_pty cpu_uart_pty
-```
-
-Connect to the console devices with your favorite terminal program (e.g.,
-`minicom`, `screen`, etc.).
-
-## CCD Open {#ccd-open}
-
-Some basic CCD functionality is accessible by default: read-only access to the
-EC console, read-write access to the AP console, and a few basic Cr50 console
-commands. Note that while Cr50 has read-write access to the AP console by
-default, the AP console itself is disabled for production devices.
-
-In order to access all CCD functionality or to modify capability settings, Cr50
-CCD needs to be [`Open`].
-
-1.  Connect to the Cr50 console by connecting a [Suzy-Q] or [Type-C Servo v4] to
-    the DUT and running the following command:
-
-    ```bash
-    (chroot) $ usb_console -d 18d1:5014
-    ```
-
-    *** note
-    **NOTE**: If another program is already connected to the Cr50 console,
-    you'll see `tx [Errno 16] Resource Busy`. For example, this will happen if
-    [`servod`] is running.
-    ***
-
-1.  At the Cr50 console, use the `version` command to make sure you have a
-    recent enough version to use CCD. The relevant version is either `RW_A` or
-    `RW_B`, whichever has the asterisk next to it:
-
-    ```
-    cr50 > version
-
-    Chip:    g cr50 B2-C
-    Board:   0
-    RO_A:  * 0.0.10/29d77172
-    RO_B:    0.0.10/c2a3f8f9
-    RW_A:  * 0.3.23/cr50_v1.9308_87_mp.320-aa1dd98  <---- This is the version
-    RW_B:    0.3.18/cr50_v1.9308_87_mp.236-8052858
-    BID A:   00000000:00000000:00000000 Yes
-    BID B:   00000000:00000000:00000000 Yes
-    Build:   0.3.23/cr50_v1.9308_87_mp.320-aa1dd98
-             tpm2:v1.9308_26_0.36-d1631ea
-             cryptoc:v1.9308_26_0.2-a4a45f5
-             2019-10-14 19:18:05 @chromeos-ci-legacy-us-central2
-    ```
-
-1.  Production (`MP`) versions of Cr50 firmware use a [minor version][semver] of
-    `3`: `0.3.x`. Production firmware versions `0.3.9` or newer support CCD.
-
-    Development (`PrePVT`) versions of Cr50 firmware use a minor version of
-    `4`: `0.4.x`. Development firmware versions `0.4.9` or newer support CCD.
-
-    Your device likely supports CCD if it was manufactured in the last few
-    years. If you have an older version, follow the [Updating Cr50] instructions
-    before continuing.
-
-1.  Put the device into [Recovery Mode] and enable [Developer Mode].
-
-    *** note
-    **NOTE**: Developer Mode has to be enabled as described. Using GBB flags to
-    force Developer Mode will not work.
-    ***
-
-    If you can't put your device into [Developer Mode] because it doesn't boot,
-    follow the [CCD Open Without Booting the Device] instructions.
-
-1.  Verify Cr50 knows the device is in [Developer Mode] by finding `TPM:
-    dev_mode` in the Cr50 console `ccd` command output:
-
-    ```
-    cr50 > ccd
-          ...
-          TPM: dev_mode                     <==== This is the important part
-          ...
-    ```
-
-1.  Start the CCD open process from the AP.
-
-    ```bash
-    (dut) $ gsctool -a -o
-    ```
-
-1.  Over the next 5 minutes you will be prompted to press the power button
-    multiple times. After the last power button press the device will reboot.
-
-    *** note
-    **WARNING**: Opening CCD causes Cr50 to forget that it is in
-    [Developer Mode], so when the device reboots, it will say that the OS
-    image is invalid. Use the key combinations to enter [Recovery Mode] and
-    re-enable [Developer Mode]. See [this bug] for details.
-    ***
-
-1.  Use the `ccd` command on the Cr50 console to verify the state is [`Open`]:
-
-    ```
-    cr50 > ccd
-
-    State: Opened
-    ...
-    ```
-
-1.  **The [`Open`] state is lost if Cr50 reboots, the device loses power (e.g.,
-    battery runs out and AC is not plugged in), or the battery is removed. Note
-    that Cr50 does not reboot when the system reboots; it only reboots if it is
-    updated, the devices loses power, the battery runs out, or it crashes**. If
-    you plan on [flashing the AP firmware] or [flashing the EC firmware], it is
-    recommended you modify the capability settings or set a CCD password, so you
-    can reopen the device in the case that you accidentally brick it with bad
-    firmware. The simplest way to do this is to reset to factory settings and
-    enable testlab mode:
-
-    ```
-    cr50 > ccd reset factory
-    ```
-
-    ```
-    cr50 > ccd testlab enable
-    ```
-
-    For full details, see the section on [CCD Open Without Booting the Device].
-
-## Configuring CCD Capability Settings
-
-Cr50 capabilities allow you to configure CCD to restrict or open the device as
-much as you want. You can use the `ccd` command on the Cr50 console to check and
-modify the capabilities, but CCD has to be [`Open`] to change the capabilities.
-
-Setting capabilities you want to use to [`Always`] will make them accessible
-even if CCD loses the [`Open`] state, which happens when Cr50 reboots or the
-device loses power.
-
-Basic CCD functionality is covered by `UartGscTxECRx`, `UartGscRxECTx`,
-`UartGscTxAPRx`, `UartGscRxAPTx`, [`FlashAP`], [`FlashEC`], [`OverrideWP`], and
-`GscFullConsole`.
-
-```
-cr50 > ccd set $CAPABILITY $REQUIREMENT
-```
-
-### Examples
-
-#### EC Console
-
-If the EC console needs to be read-write even when CCD is [`Locked`] set the
-capability to [`Always`]:
-
-```
-cr50 > ccd set UartGscTxECRx Always
-```
-
-#### Restrict Consoles
-
-If you want to restrict capabilities more than [`Always`], you can set them to
-[`IfOpened`], which will make it so that it is only accessible when CCD is
-[`Open`]ed, not [`Lock`]ed:
-
-##### Restrict EC
-
-```
-cr50 > ccd set UartGscTxECRx IfOpened
-cr50 > ccd set UartGscRxECTx IfOpened
-```
-
-##### Restrict AP
-
-```
-cr50 > ccd set UartGscTxAPRx IfOpened
-cr50 > ccd set UartGscRxAPTx IfOpened
-```
-
-#### Most Accessible
-
-If you want things as accessible as possible and want all capabilities to be
-[`Always`], you can run
-
-```
-cr50 > ccd reset factory
-```
-
-This will also permanently disable write protect. To reset write protect run
-
-```
-cr50 > wp follow_batt_pres atboot
-```
-
-To reset capabilities to Default run
-
-```
-cr50 > ccd reset
-```
-
-## Flashing EC {#flashec}
-
-Flashing the EC is restricted by the `FlashEC` capability.
-
-The steps to flash the EC differ based on the board being used, but the
-[`flash_ec`] script will handle this for you.
-
-```bash
-(chroot) $ sudo servod -b $BOARD
-(chroot) $ ~/trunk/src/platform/ec/util/flash_ec -i $IMAGE -b $BOARD
-```
-
-## Flashing the AP {#flashap}
-
-*** note
-**WARNING**: Before attempting to flash the AP firmware, start with the
-[CCD Open] steps; if you flash broken firmware before opening CCD, you may make
-it impossible to restore your device to a working state.
-***
-
-Flashing the AP is restricted by the `FlashAP` capability.
-
-```bash
-(chroot) $ sudo flashrom -p raiden_debug_spi:target=AP -w $IMAGE
-```
-
-This default flashing command takes a very long time to complete, there are ways
-to [speed up the flashing process] by cutting some corners.
-
-If you have many CCD devices connected, you may want to use the Cr50 serial
-number:
-
-```bash
-(chroot) $ lsusb -vd 18d1:5014 | grep iSerial
-```
-
-You can then add the serial number to the [`flashrom`] command:
-
-```bash
-(chroot) $ sudo flashrom -p raiden_debug_spi:target=AP,serial=$SERIAL -w $IMAGE
-```
-
-**If you don't see Cr50 print any messages when you're running the [`flashrom`]
-command and you have more than one Cr50 device connected to your workstation,
-you probably need to use the serial number.**
-
-### Special Cases {#flashap-special-cases}
-
-Cr50 puts the device in reset to flash the AP. Due to hardware limitations Cr50
-may not be able to disable hardware write protect while the device is in reset.
-If you want to reflash the AP RO firmware using CCD and your board has issues
-disabling hardware write protect, you may need to also disable software write
-protect.
-
-To determine if the board you are using has this issue:
-
-1.  Disable write protect using the Cr50 console command:
-
-    ```
-    cr50 > wp disable
-    ```
-
-1.  Check if hardware write protect disabled when the AP is off:
-
-    ```bash
-    (chroot) $ sudo flashrom -p raiden_debug_spi:target=AP --wp-status
-    ```
-
-1.  If the last command shows that hardware write protect is still enabled when
-    the AP is off, then you need to disable software write protect:
-
-    ```bash
-    (chroot) $ flashrom -p host --wp-disable
-    ```
-
-## Control Hardware Write Protect {#hw-wp}
-
-Control of hardware write protect is restricted by the `OverrideWP` capability.
-When the capability is allowed, the hardware write protect setting can be
-controlled with the `wp` command in the Cr50 console. Otherwise, the hardware
-write protect is determined based on the presence of the battery.
-
-Hardware Write Protect Setting | Battery State                  | Hardware Write Protect State
------------------------------- | ------------------------------ | ----------------------------
-`follow_batt_pres`             | Connected                      | Enabled
-`follow_batt_pres`             | Disconnected                   | Disabled
-`follow_batt_pres`             | N/A (Chromebox has no battery) | Write Protect Screw means Enabled
-`enabled`                      | Any                            | Enabled
-`disabled`                     | Any                            | Disabled
-
-### Write Protect Commands
-
-```
-cr50 > wp [enable|disable|follow_batt_pres]
-```
-
-There are two write protect settings: the current setting and the `atboot`
-setting.
-
-The `wp` command adjusts the current write protect setting that will last until
-Cr50 reboots or loses power. Note that Cr50 does not reboot when the rest of the
-system reboots. It will only reboot in the cases where the firmware is being
-updated, it crashes, the battery completely drains, the battery is removed, or
-power is otherwise lost.
-
-The `atboot` setting is the state of the write protect when Cr50 boots; it
-defaults to `follow_batt_pres`.
-
-To change the `atboot` setting, add the `atboot` arg to the `wp` command:
-
-```
-cr50 > wp atboot [enable|disable|follow_batt_pres]
-```
-
-You can query the write protect state with `gsctool`:
-
-```bash
-(dut) $ gsctool -a -w
-
-...
-Flash WP: forced disabled  <-- Current hardware write protect state
- at boot: forced disabled  <-- "atboot" hardware write protect state
-
-```
-
-`gsctool -a -w` Status | Hardware Write Protect State
----------------------- | ------------------------------------
-`forced disabled`      | Disabled
-`forced enabled`       | Enabled
-`enabled`              | Enabled, following battery presence
-`disabled`             | Disabled, following battery presence
-
-### Special Case Devices
-
-Bob devices have a write protect screw in addition to battery presence. The
-write protect screw will force enable write protect until it's removed. If Cr50
-is set to `follow_batt_pres`, you need to remove the write protect screw and
-disconnect the battery to disable write protect. If you run `wp disable`, you
-will also need to remove the screw.
-
-If you are attempting to flash the AP, see the [Flashing the AP Special Cases]
-section for additional steps you may have to take to disable write protection.
-
-## UART Rescue mode
-
-### Overview
-
-UART Rescue Mode is a feature of the Cr50 RO firmware that supports programming
-the RW firmware using only the UART interface. This is used to recover a bad RW
-firmware update (which should be rare).
-
-This is also useful when bringing up new designs, as this allows to update Cr50
-image even before USB CCD or TPM interfaces are operational.
-
-UART rescue works on all existing devices, all it requires is that Cr50 console
-is mapped to a `/dev/xxx` device on the workstation (the same device used to
-attach a terminal to the console).
-
-Rescue works as follows: when the RO starts, after printing the regular banner
-on the console it prints a magic string to the console and momentarily waits for
-the host to send a sync symbol, to indicate that an alternative RW will have to
-be loaded over UART. The RO also enters this mode if there is no valid RW to
-run.
-
-When rescue mode is triggered, the RO is expecting the host to transfer a single
-RW image in hex format.
-
-### Install the cr50-rescue utility
-
-The `cr50-rescue` utility is used to flash a given firmware to Cr50 using rescue
-mode. This tool must be installed inside the chroot.
-
-```bash
-(chroot) $ sudo emerge cr50-utils
-```
-
-### Preparing an RW image
-
-To prepare the signed hex RW image, fetch a released image from Google storage,
-which can be found by running:
-
-```bash
-(chroot) $ gsutil ls gs://chromeos-localmirror/distfiles/cr50*
-```
-
-(depending on your setup you might have to do this inside chroot). Copy the
-image you want to use for rescue to your workstation and extract cr50.bin.prod
-from the tarball.
-
-The latest Cr50 images can be found in the [chromeos-cr50 ebuild]. Generally,
-you should always use the PROD_IMAGE indicated in that file. Once rescued, the
-user can update to the PREPVT image later if needed.
-
-Once the binary image is ready, use the following commands to carve out the RW A
-section out of it and convert it into hex format:
-
-```bash
-(chroot) $ dd if=<cr50 bin file> of=cr50.rw.bin skip=16384 count=233472 bs=1
-objcopy -I binary -O ihex --change-addresses 0x44000 cr50.rw.bin cr50.rw.hex
-```
-
-then you can use `cr50.rw.hex` as the image passed to `cr50-rescue`.
-
-### Programming the RW image with rescue mode
-
-With servo_micro (or servo_v2 reworked for connecting to Cr50 console), run
-[`servod`] and disable Cr50 ec3po and UART timestamp:
-
-```bash
-(chroot) $ dut-control cr50_uart_timestamp:off dut-control cr50_ec3po_interp_connect:off
-```
-
-Get a raw Cr50 UART device path and use it for `cr50-rescue` argument `-d`
-below.
-
-```bash
-(chroot) $ dut-control raw_cr50_uart_pty
-```
-
-Prior to running `cr50-rescue`, the terminal from the Cr50 console UART must be
-disconnected, and Cr50 must be unpowered-- the system needs to have AC power and
-battery disconnected.
-
-After ensuring those steps, the rescue command may be run as follows:
-
-```bash
-(chroot) $ cr50-rescue -v -i <path to the signed hex RW image> -d <cr50 console UART tty>
-```
-
-After starting the command, provide power to the board and rescue mode will
-start automatically. After flashing successfully (see sample output below), Cr50
-must be unpowered again, by disconnecting AC power and battery.
-
-Note that `<cr50 console UART tty>` above has to be a direct FTDI interface,
-`pty` devices created by [`servod`] do not work for this purpose. Use either
-servo-micro or a USB/UART cable. Note that multifunctional *SPI-UART/FTDI/USB
-cables might not work*, as they impose a significant delay in the UART stream,
-which makes the synchronization described below impossible.
-
-`cr50-rescue` starts listening on the console UART and printing it out to the
-terminal. When the target is reset, `cr50-rescue` detects the `Bldr |` string in
-the target output, at this point the utility intercepts the boot process and the
-target proceeds to receiving the new RW image and saving it into flash. Note the
-currently present RW and RW_B images will be wiped out first.
-
-#### Sample output
-
-```bash
-(chroot) $ cr50-rescue -v -i cr50.3.24.rw.hex -d /dev/pts/0
-
-low 00044000, high 0007cfff
-base 00044000, size 00039000
-..startAdr 00000000
-..maxAdr 0x0003d000
-..dropped to 0x0003a188
-..skipping from 0x00000000 to 0x00004000
-226 frames
-(waiting for "Bldr |")
-Havn2|00000000_000000@0
-exp  ?36
-Himg =2CD687F2B1579ED1E85C7F35055550A63B9B146E2CAC808295C59F97849F08E7
-Hfss =184D83B3D89599C90E4852EF16F9FAEEEED07BC0AFDF1028136AA3C9F71D4F43
-Hinf =44D21600B3723BDB0DCB9E0891E9F7373FC1BDE69598C9D7F04B1ABEB70529BD
-exp  ?40
-exp  ?48
-exp  ?67
-jump @00080400
-
-Bldr |(waiting for "oops?|")1527394
-retry|0
-oops?|0.1.2.3.4.5.6.7.8.9.10.11.12.13.14.15.16.17.18.19.20.21.22.23.24.25.26.27.28.29.30.31.32.33.34.35.36.37.38.39.40.41.42.43.44.45.46.47.48.49.50.51.52.53.54.55.56.57.58.59.60.61.62.63.64.65.66.67.68.69.70.71.72.73.74.75.76.77.78.79.80.81.82.83.84.85.86.87.88.89.90.91.92.93.94.95.96.97.98.99.100.101.102.103.104.105.106.107.108.109.110.111.112.113.114.115.116.117.118.119.120.121.122.123.124.125.126.127.128.129.130.131.132.133.134.135.136.137.138.139.140.141.142.143.144.145.146.147.148.149.150.151.152.153.154.155.156.157.158.159.160.161.162.163.164.165.166.167.168.169.170.171.172.173.174.175.176.177.178.179.180.181.182.183.184.185.186.187.188.189.190.191.192.193.194.195.196.197.198.199.200.201.202.203.204.205.206.207.208.209.210.211.212.213.214.215.216.217.218.219.220.221.222.223.224.225.done!
-```
-
-## CCD Open Without Booting the Device {#ccd-open-no-boot}
-
-If you can’t boot your device, you won’t be able to enable [Developer Mode] to
-send the open command from the AP. If you have enabled CCD on the device before,
-Cr50 may be configured in a way that you can still open Cr50.
-
-### Option 1: Remove the battery
-
-If you can remove the battery, you can bypass the [Developer Mode] requirements.
-`ccd open` is allowed from the Cr50 console if the Chrome OS Firmware Management
-Parameters (`FWMP`) do not disable CCD and the battery is disconnected. This is
-the most universal method and will work even if you haven’t enabled CCD before.
-
-1.  Disconnect the battery
-
-1.  Send `ccd open` from the Cr50 console.
-
-### Option 2: "OpenNoDevMode" and "OpenFromUSB" are set to Always
-
-If "OpenNoDevMode" and "OpenFromUSB" are set to Always, you will be able to open
-Cr50 from the Cr50 console without enabling [Developer Mode]:
-
-```
-cr50 > ccd open
-```
-
-You will still need physical presence (i.e., press the power button) unless
-`testlab` mode is also enabled:
-
-```
-cr50 > ccd testlab
-       CCD test lab mode enabled
-```
-
-#### Enabling
-
-If CCD is [`Open`], you can enable these settings with:
-
-```
-cr50 > ccd set OpenFromUSB Always
-cr50 > ccd set OpenNoDevMode Always
-```
-
-### Option 3: CCD Password is Set
-
-If the CCD password is set, you can open from the Cr50 console without
-[Developer Mode].
-
-```
-cr50 > ccd open $PASSWORD
-cr50 > ccd unlock $PASSWORD
-```
-
-Alternatively, you can use `gsctool`, entering the password when prompted:
-
-```
-(dut) $ gsctool -a -o
-(dut) $ gsctool -a -u
-```
-
-#### Enabling
-
-When CCD is [`Open`], run the `gsctool` command and enter the password when
-prompted.
-
-```bash
-(chroot) $ gsctool -a -P
-```
-
-You can use the CCD command on the Cr50 console to check if the password is set.
-
-```
-cr50 > ccd
-       ...
-       Password: [none|set]
-       ...
-```
-
-#### Disabling
-
-When CCD is [`Open`], you can use `gsctool` to clear the password:
-
-```bash
-(dut) $ gsctool -a -P clear:$PASSWORD
-```
-
-Alternatively, you can use the Cr50 console to clear the password and reset CCD
-capabilities to their default values:
-
-```
-cr50 > ccd reset
-```
-
-## Troubleshooting
-
-### rddkeepalive
-
-Cr50 only enables CCD when it detects a debug accessory is connected (e.g.,
-[Suzy-Q] or [Type-C Servo v4]). It detects the cable based on the voltages on
-the CC lines. If you are flashing the EC and AP or working with unstable
-hardware, these CC voltages may become unreliable for detecting a debug
-accessory.
-
-To work around this, you can force Cr50 to always assume that a debug cable is
-detected:
-
-```
-cr50 > rddkeepalive enable
-```
-
-*** note
-**NOTE**: Enabling `rddkeepalive` does increase power consumption.
-***
-
-To disable:
-
-```
-cr50 > rddkeepalive disable
-```
-
-### Updating Cr50 {#updating-cr50}
-
-Production (`MP`) versions of Cr50 firmware use a [minor version][semver] of
-`3`: `0.3.x`. Production firmware versions `0.3.9` or newer support CCD.
-
-Development (`PrePVT`) versions of Cr50 firmware use a minor version of `4`:
-`0.4.x`. Development firmware versions `0.4.9` or newer support CCD.
-
-There aren't many differences between the MP and PrePVT versions of images, but
-it is a little easier to CCD [`Open`] PrePVT images. You can't run PrePVT images
-on MP devices, so if you're trying to update to PrePVT and it fails try using
-the MP image.
-
-1.  Flash a test image newer than M66.
-
-1.  Enable [Developer Mode] and connect a debug cable ([`Suzy-Q`] or [`Type-C
-    Servo v4`]).
-
-1.  Check the running Cr50 version with `gsctool`:
-
-```bash
-(dut) $ sudo gsctool -a -f
-
-...
-RW 0.4.26  <-- The "RW" version is the one to check
-```
-
-1.  Update Cr50 using the firmware in the OS image:
-
-*Production (MP) image*:
-
-```bash
-(dut) $ sudo gsctool -a /opt/google/cr50/firmware/cr50.bin.prod
-```
-
-*Development (PrePVT) image*:
-
-```bash
-(dut) $ sudo gsctool -a /opt/google/cr50/firmware/cr50.bin.prepvt
-```
-
-1.  Check the Cr50 version again to make sure it's either `0.3.X` or `0.4.X`.
-
-### Speed up Flashing the AP {#speed-up-ap-flash}
-
-In the [default AP flashing steps][flashap] [`flashrom`] reads the entire flash
-contents and only erases and programs the pages that have to be modified.
-However, when Cr50 controls the SPI bus, it can only run at 1.5 MHz, versus the
-50 MHz that the AP normally runs it at.
-
-We can take advantage of the fact that Chrome OS device AP firmware is split
-into sections, only a few of which are essential for maintaining the device
-identity and for booting the device in recovery mode to program faster by only
-reading and writing sections we care about:
-
-```bash
-# This will save device flash map and VPD sections in
-# /tmp/bios.essentials.bin. VPD sections contain information like device
-# firmware ID, WiFi calibration, enrollment status, etc. Use the below command
-# only if you need to preserve the DUT's identity, no need to run it in case
-# the DUT flash is not programmed at all, or you do not care about preserving
-# the device identity.
-sudo flashrom -p raiden_debug_spi:target=AP -i FMAP -i RO_VPD -i RW_VPD -r /tmp/bios.essentials.bin --fast-verify
-
-# This command will erase the entire flash chip in one shot, the fastest
-# possible way to erase.
-sudo flashrom -p raiden_debug_spi:target=AP -E --do-not-diff
-
-# This command will program essential flash sections necessary for the
-# Chrome OS device to boot in recovery mode. Note that the SI_ALL section is
-# not always present in the flash image, do not include it if it is not in
-# dump_fmap output.
-sudo flashrom -p raiden_debug_spi:target=AP -w image-atlas.bin -i FMAP -i WP_RO [-i SI_ALL] --do-not-diff --noverify
-
-# This command will restore the previously preserved VPD sections of the
-# flash, provided it was saved in the first step above.
-sudo flashrom -p raiden_debug_spi:target=AP -w /tmp/bios.essential.bin -i RO_VPD -i RW_VPD --do-not-diff --noverify
-```
-
-Once flash is programmed, the device can be booted in recovery mode and start
-Chrome OS from external storage, following the usual recovery procedure. Once
-Chrome OS is installed, AP flash can be updated to include the rest of the image
-by running [`flashrom`] or `futility` from the device bash prompt.
-
-[Case Closed Debugging]: ./case_closed_debugging.md
-[chromeos-cr50 ebuild]: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/refs/heads/master/chromeos-base/chromeos-cr50/chromeos-cr50-0.0.1.ebuild
-[Developer Mode]: https://chromium.googlesource.com/chromiumos/docs/+/master/developer_mode.md#dev-mode
-[Recovery Mode]: https://chromium.googlesource.com/chromiumos/docs/+/master/debug_buttons.md
-[Servo]: https://chromium.googlesource.com/chromiumos/third_party/hdctools/+/master/docs/servo.md
-[`servod`]: https://chromium.googlesource.com/chromiumos/third_party/hdctools/+/master/docs/servo.md
-[Type-C Servo v4]: https://chromium.googlesource.com/chromiumos/third_party/hdctools/+/master/docs/servo_v4.md
-[update servo v4]: https://chromium.googlesource.com/chromiumos/third_party/hdctools/+/master/docs/servo_v4.md#updating-firmware
-[Suzy-Q]: https://chromium.googlesource.com/chromiumos/third_party/hdctools/+/master/docs/ccd.md#SuzyQ-SuzyQable
-[`hdctools`]: https://chromium.googlesource.com/chromiumos/third_party/hdctools/+/refs/heads/master/README.md
-[`FlashAP`]: #flashap
-[flashing the AP firmware]: #flashap
-[flashap]: #flashap
-[Flashing the AP Special Cases]: #flashap-special-cases
-[`FlashEC`]: #flashec
-[flashing the EC firmware]: #flashec
-[`OverrideWP`]: #hw-wp
-[`Always`]: #cap-priv
-[`IfOpened`]: #cap-priv
-[`Open`]: #cap-priv
-[`Locked`]: #cap-priv
-[`Unlocked`]: #cap-priv
-[Updating Cr50]: #updating-cr50
-[CCD Open Without Booting the Device]: #ccd-open-no-boot
-[cap]: #cap
-[consoles]: #consoles
-[hw-wp]: #hw-wp
-[`flash_ec`]: https://chromium.googlesource.com/chromiumos/platform/ec/+/master/util/flash_ec
-[CCD Open]: #ccd-open
-[`flashrom`]: https://chromium.googlesource.com/chromiumos/third_party/flashrom/+/master/README.chromiumos
-[speed up the flashing process]: #speed-up-ap-flash
-[this bug]: https://issuetracker.google.com/149420712
-[semver]: https://semver.org/
-[`usb_console`]: https://chromium.googlesource.com/chromiumos/platform/ec/+/master/extra/usb_serial/console.py
+The has been moved into a [different
+branch](https://chromium.googlesource.com/chromiumos/platform/ec/+/cr50_stab/docs/case_closed_debugging_cr50.md)
author	Vadim Bendebury <vbendeb@chromium.org>	2020-07-01 14:53:27 -0700
committer	Commit Bot <commit-bot@chromium.org>	2020-07-10 22:54:06 +0000
commit	dccc9023faec5a7c55487fcf6ca6d1b96d4cd08e (patch)
tree	e4903bbd1fb2f735eb0e0121ab985b28a4a935c7 /docs/case_closed_debugging_cr50.md
parent	23ea3fbd4a6e52b8a54f4278bbed8975af34cca7 (diff)
download	chrome-ec-dccc9023faec5a7c55487fcf6ca6d1b96d4cd08e.tar.gz