diff options
| author | Randall Spangler <rspangler@chromium.org> | 2018-02-08 11:09:54 -0800 |
|---|---|---|
| committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2018-02-20 23:54:42 +0000 |
| commit | 50fb91d83be03def29485eb32babb9cedb93441a (patch) | |
| tree | 41d24668406a87dbe81d1804780968b50edf5bd4 /include | |
| parent | c7c449cd096d6edcfce1f1f26174cae64b8d1bdb (diff) | |
| download | chrome-ec-50fb91d83be03def29485eb32babb9cedb93441a.tar.gz | |
cr50: Convert spihash to TPM vendor command
The console command now calls the vendor command to do the work.
Otherwise, the same as before.
Conflicts:
include/tpm_vendor_cmds.h
set to the upstream version.
BUG=chromium:804507
BRANCH=cr50 release (after testing)
TEST=manual:
# Sample sequence
spihash ap -> requires physical presence; tap power button
spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin
spihash dump 0 128 -> dumps first 128 bytes; compare with image.bin
spihash 128 128 -> offset works
spihash 0 0x100000 -> gives a hash; doesn't watchdog reset
spihdev ec
spihash 0 1024 -> compare with ec.bin
spihash disable
# Test timeout
spihash ap
# Wait 30 seconds
spihash 0 1024 -> still works
# Wait 60 seconds; goes back disabled automatically
spihash 0 1024 -> fails because spihash is disabled
# Presence not required when CCD opened
ccd open
spihash ap -> no PP required
spihash 0 1024 -> works
spihash disable
# Possible for owner to disable via CCD config
ccd -> HashFlash is "Always"
ccd set HashFlash IfOpened
ccd lock
spihash ap -> access denied
# Cleanup
ccd open
ccd reset
ccd lock
Change-Id: Ife9335a1e402a7596d99bf515ec89ff94e8a0044
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/910083
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit f49e1c3b42026eeaf57df0fd86b43660ddb1c184)
Reviewed-on: https://chromium-review.googlesource.com/927720
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/tpm_vendor_cmds.h | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/include/tpm_vendor_cmds.h b/include/tpm_vendor_cmds.h index b61ca2623c..927a39817b 100644 --- a/include/tpm_vendor_cmds.h +++ b/include/tpm_vendor_cmds.h @@ -50,6 +50,8 @@ enum vendor_cmd_cc { VENDOR_CC_DISABLE_RMA = 32, VENDOR_CC_MANAGE_CCD_PWD = 33, VENDOR_CC_CCD = 34, + VENDOR_CC_GET_ALERTS_DATA = 35, + VENDOR_CC_SPI_HASH = 36, LAST_VENDOR_COMMAND = 65535, }; @@ -107,5 +109,36 @@ enum vendor_cmd_rc { */ #define VENDOR_RC_ERR 0x00000500 +/*** Structures and constants for VENDOR_CC_SPI_HASH ***/ + +enum vendor_cc_spi_hash_request_subcmd { + /* Relinquish the bus */ + SPI_HASH_SUBCMD_DISABLE = 0, + /* Acquire the bus for AP SPI */ + SPI_HASH_SUBCMD_AP = 1, + /* Acquire the bus for EC SPI */ + SPI_HASH_SUBCMD_EC = 2, + /* Hash SPI data */ + SPI_HASH_SUBCMD_SHA256 = 4, + /* Read SPI data */ + SPI_HASH_SUBCMD_DUMP = 5, +}; + +enum vendor_cc_spi_hash_request_flags { + /* EC uses gang programmer mode */ + SPI_HASH_FLAG_EC_GANG = (1 << 0), +}; + +/* Structure for VENDOR_CC_SPI_HASH request which follows tpm_header */ +struct vendor_cc_spi_hash_request { + uint8_t subcmd; /* See vendor_cc_spi_hash_request_subcmd */ + uint8_t flags; /* See vendor_cc_spi_hash_request_flags */ + /* Offset and size used by SHA256 and DUMP; ignored by other subcmds */ + uint32_t offset; /* Offset in flash to hash/read */ + uint32_t size; /* Size in bytes to hash/read */ +} __packed; + +/* Maximum size of a response = SHA-256 hash or 1-32 bytes of data */ +#define SPI_HASH_MAX_RESPONSE_BYTES 32 #endif /* __INCLUDE_TPM_VENDOR_CMDS_H */ |