diff options
author | Nicolas Boichat <drinkcat@google.com> | 2017-03-28 17:53:48 +0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2017-04-11 20:22:32 -0700 |
commit | 68a537e4666e51ecc8a99a5362de1c3229bace89 (patch) | |
tree | 9ec9a0c6564948f73287b41a6f6cc9e18983b174 /include | |
parent | 629c3964a2bd8a92d61daaef633fc0cc5e65bc10 (diff) | |
download | chrome-ec-68a537e4666e51ecc8a99a5362de1c3229bace89.tar.gz |
rwsig: Make it possible to run as a task
(Optionally) split rwsig verification into a separate task. This
allows us to initialize other components (e.g. USB) while the
verification is in progress, speeding up the boot process to active
USB in RO case.
After CONFIG_RWSIG_JUMP_TIMEOUT, the EC will jump to the RW section
if no action is taken by the AP (such as a forced request to jump
to RW, or starting an update).
Note: This comes with a ~36ms boot time regression, as other code
gets to run before verification starts.
BRANCH=none
BUG=b:35587171
TEST=Flash, board boots to RW after 1s
TEST=Change jump timeout to 5s, add 5s delay in check_signature,
add console command to manually abort/continue rwsig verification.
'rwsig continue' works => Board jumps to RW after check_signature
is completed (or immediately while waiting for timeout)
'rwsig abort' works => Board does not jump to RW.
Change-Id: Ica5732b9298bb4d3b743cae2ba78df259db915ef
Reviewed-on: https://chromium-review.googlesource.com/468709
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/config.h | 7 | ||||
-rw-r--r-- | include/rwsig.h | 41 |
2 files changed, 46 insertions, 2 deletions
diff --git a/include/config.h b/include/config.h index 27afcbfb48..b94fef6eeb 100644 --- a/include/config.h +++ b/include/config.h @@ -1819,6 +1819,13 @@ #undef CONFIG_RWSIG /* + * When RWSIG verification is performed as a task, time to wait from signature + * verification to an automatic jump to RW (if AP does not request the wait to + * be interrupted). + */ +#define CONFIG_RWSIG_JUMP_TIMEOUT (1000 * MSEC) + +/* * Defines what type of futility signature type should be used. * RWSIG should be used for new designs. * Old adapters use the USBPD1 futility signature type. diff --git a/include/rwsig.h b/include/rwsig.h index 138751d3cc..bb70077732 100644 --- a/include/rwsig.h +++ b/include/rwsig.h @@ -10,9 +10,46 @@ #include "rsa.h" #ifndef __ASSEMBLER__ +#ifdef HAS_TASK_RWSIG +/* The functions below only make sense if RWSIG task is defined. */ -/* Checks RW signature. */ -void check_rw_signature(void); +/* Current status of RW signature verification */ +enum rwsig_status { + RWSIG_UNKNOWN = 0, /* Unknown/not started */ + RWSIG_IN_PROGRESS, + RWSIG_VALID, + RWSIG_INVALID, + RWSIG_ABORTED, +}; + +/* Returns current rwsig verification status. */ +enum rwsig_status rwsig_get_status(void); + +/* + * Aborts current verification, also prevents RWSIG task from automatically + * jumping to RW. + * This is used by usb_updater when a RW update is required, giving it enough + * time to actually perform the update. + */ +void rwsig_abort(void); + +/* + * Tells RWSIG task to jump to RW immediately, if the signature is correct. + * This is used by usb_updater when no RW update is required, to speed up + * boot time. + */ +void rwsig_continue(void); + +#else /* !HAS_TASK_RWSIG */ +/* These functions can only be called directly if RWSIG task is not defined. */ + +/* Checks RW signature. Returns a boolean indicating success. */ +int rwsig_check_signature(void); + +/* Jumps to RW, if signature is fine, returns on error (otherwise, jumps). */ +void rwsig_jump_now(void); + +#endif #endif /* !__ASSEMBLER__ */ |