diff options
| -rw-r--r-- | board/cr50/power_button.c | 7 | ||||
| -rw-r--r-- | board/cr50/usb_spi.c | 49 | ||||
| -rw-r--r-- | chip/g/usb_spi.c | 2 | ||||
| -rw-r--r-- | chip/g/usb_spi.h | 12 | ||||
| -rw-r--r-- | common/build.mk | 1 |
5 files changed, 68 insertions, 3 deletions
diff --git a/board/cr50/power_button.c b/board/cr50/power_button.c index a7d3634a00..bff6c4890c 100644 --- a/board/cr50/power_button.c +++ b/board/cr50/power_button.c @@ -3,6 +3,7 @@ * found in the LICENSE file. */ +#include "ap_ro_integrity_check.h" #include "console.h" #include "extension.h" #include "gpio.h" @@ -145,11 +146,13 @@ static int rctd_poll_handler(void) if (!ref_last_state) return 1; - CPRINTS("Esc press registered"); - if (++ref_press_count != PRESS_COUNT) + if (++ref_press_count != PRESS_COUNT) { + CPRINTS("Refresh press registered"); return 1; + } CPRINTS("RO Validation triggered"); + validate_ap_ro(); return 0; } diff --git a/board/cr50/usb_spi.c b/board/cr50/usb_spi.c index 9e40690c1a..316cb19409 100644 --- a/board/cr50/usb_spi.c +++ b/board/cr50/usb_spi.c @@ -68,6 +68,16 @@ static uint8_t new_gang_mode; static void spi_hash_inactive_timeout(void); DECLARE_DEFERRED(spi_hash_inactive_timeout); +/* + * Set to true when AP RO verification shortcut is enabled. Helps to prevent + * concurrent USB SPI operations over CCD. + */ +static bool shortcut_active_; +bool usb_spi_shortcut_active(void) +{ + return shortcut_active_; +} + /*****************************************************************************/ /* * Mutex and variable for tracking whether the SPI bus is used by the USB @@ -200,6 +210,12 @@ static void enable_spi_pinmux(void) gpio_get_level(GPIO_AP_FLASH_SELECT) ? "AP" : "EC"); spi_enable(CONFIG_SPI_FLASH_PORT, 1); + + /* + * Need to provide enough time for the SPI bus to stabilize + * (b/154966209). + */ + msleep(2); } /** @@ -469,6 +485,39 @@ static void spi_hash_pp_done(void) (spi_hash_device == USB_SPI_AP ? "AP" : "EC")); } +void enable_ap_spi_hash_shortcut(void) +{ + /* + * This is a big hammer, invoked when the Chrome OS device is + * processing the EC reset. Even if SPI bus was in use when the + * operator triggered the AP RO hash verification it should be + * released and re-acquired now. + */ + enum spi_bus_user_t curr_user; + + shortcut_active_ = true; + + curr_user = get_spi_bus_user(); + if (curr_user != SPI_BUS_USER_NONE) + set_spi_bus_user(curr_user, 0); + + /* + * Simulate successful completion of physical presence detection + * required to allow the AP flash hash check. This function is invoked + * when the operator entered the appropriate sequence on the device + * keyboard, so physical presence is already established. + */ + new_device = USB_SPI_AP; + spi_hash_pp_done(); +} + +void disable_ap_spi_hash_shortcut(void) +{ + spi_hash_disable(); + + shortcut_active_ = false; +} + /* Process vendor subcommand dealing with Physical presence polling. */ static enum vendor_cmd_rc spihash_pp_poll(void *buf, size_t input_size, diff --git a/chip/g/usb_spi.c b/chip/g/usb_spi.c index e41d9eab67..54f32fd553 100644 --- a/chip/g/usb_spi.c +++ b/chip/g/usb_spi.c @@ -106,7 +106,7 @@ void usb_spi_deferred(struct usb_spi_config const *config) (!write_count && read_count == (uint8_t)SPI_READBACK_ALL)) return; - if (!config->state->enabled) { + if (!config->state->enabled || usb_spi_shortcut_active()) { res = USB_SPI_DISABLED; } else if (write_count > USB_SPI_MAX_WRITE_COUNT || write_count != (count - HEADER_SIZE)) { diff --git a/chip/g/usb_spi.h b/chip/g/usb_spi.h index 0c2707df4f..7a3d5652b3 100644 --- a/chip/g/usb_spi.h +++ b/chip/g/usb_spi.h @@ -243,6 +243,18 @@ int usb_spi_interface(struct usb_spi_config const *config, int usb_spi_board_enable(int host); void usb_spi_board_disable(void); +#ifdef CONFIG_AP_RO_VERIFICATION +/* Returns true if AP RO verification is in progress. */ +bool usb_spi_shortcut_active(void); +#else +/* Make sure other than Cr50 boards build fine. */ +static inline bool usb_spi_shortcut_active(void) { return false; } +#endif + +/* Functions to use to fast track AP RO flash verification. */ +void enable_ap_spi_hash_shortcut(void); +void disable_ap_spi_hash_shortcut(void); + int usb_spi_sha256_start(HASH_CTX *ctx); int usb_spi_sha256_update(HASH_CTX *ctx, uint32_t offset, uint32_t size); void usb_spi_sha256_final(HASH_CTX *ctx, void *digest, size_t digest_size); diff --git a/common/build.mk b/common/build.mk index 095ad401a1..faa225328f 100644 --- a/common/build.mk +++ b/common/build.mk @@ -26,6 +26,7 @@ ifneq ($(CORE),cortex-m) common-$(CONFIG_AES)+=aes.o endif common-$(CONFIG_AES_GCM)+=aes-gcm.o +common-$(CONFIG_AP_RO_VERIFICATION)+=ap_ro_integrity_check.o common-$(CONFIG_CMD_ADC)+=adc.o common-$(HAS_TASK_ALS)+=als.o common-$(CONFIG_AP_HANG_DETECT)+=ap_hang_detect.o |