| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=cr50, cr50-mp
BUG=none
TEST=none
Change-Id: I377aab1b5a729a0ca98e2340050300d938e51bd5
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/978541
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit 4d959e92cab7d26733f5a0379f1afeed42a0c7a5)
Reviewed-on: https://chromium-review.googlesource.com/978602
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When running the spihash command using gsctool (as opposed to the
running it from the Cr50 console), the operator needs to be prompted
when the PP button needs to be pressed.
This patch extends spihash command implementation by adding a new
subcommand for polling physical presence.
BRANCH=cr50, cr50-mp
BUG=b:73668125
TEST=with the appropriate gsctool changes the user is periodically
prompted to press the physical presence button, and eventually it
is possible to set up spi hash access to AP and EC.
Change-Id: I96aed1619d364c80a2f35ca8dc41241f1a444103
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/930568
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit d015bc937c0eecf1cb8f1b163874ea69c890dea4)
Reviewed-on: https://chromium-review.googlesource.com/942117
(cherry picked from commit 683dc5cfda7eb6246f9aea89d296597eb60ed765)
Reviewed-on: https://chromium-review.googlesource.com/949072
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Execution of this command requires physical presence on the DUT, this
is why it is save to allow it over USB.
BRANCH=cr50, cr50-mp
BUG=chromium:812880
TEST=using modified gsctool verified that the command goes through and
physical presence indication is requested
Change-Id: I0aa371d8aaa5a480cc12d5d16edad8497142f4b4
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/927796
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit 53ca6cfbdf3a54d574f140a3eaf926eb80a53697)
Reviewed-on: https://chromium-review.googlesource.com/942115
(cherry picked from commit 84a21b4425b1f91d6c2a4887af8b3cd75782bc04)
Reviewed-on: https://chromium-review.googlesource.com/949070
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will align the MP branch with recent updates to the reef branch
numbering.
BRANCH=none
BUG=none
TEST=none
Change-Id: I2fdba1600a813e0d5c55df65d24710bcdac7298d
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/961738
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't want to be able to run it unless the code was compiled with
development options enabled.
BRANCH=none
BUG=none
TEST=verified that spihash is not available in prod image
Change-Id: Iede7b19e71f061bfa7e66c321ca80ac7f7ea3112
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/961617
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Section offsets and sizes are hex numbers which should not be longer
than 8 characters.
BRANCH=none
BUG=b:73668125
TEST=descriptions which miss the size field are properly reported now.
Before the utility would just terminate with an error without a
message.
Change-Id: I9bc461b5f848b80e464fecc9b40dcf0ea213c9a7
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/949311
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 1dfe3193e7110888268c98e1e9339e79b0ee5025)
Reviewed-on: https://chromium-review.googlesource.com/961616
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When checking the RMA authentication code the code currently just
verifies the value, but does not act on it.
This patch directs the user input through the same vendor command path
which is used when the RMA operation is controlled using gsctool.
BRANCH=cr50, cr50-mp
BUG=b:74080723
TEST=verified that issuing 'rma_auth <code>' on the Cr50 console now
trigger CCD open and reboot.
Change-Id: Ib3fab131b6a24b65618f0b1f2504638f8df11a4b
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/945311
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit f6b72676a0e4794805b14ab3452db7c82b989518)
Reviewed-on: https://chromium-review.googlesource.com/961615
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set GscFullConsole to Always in RMA open. We need this to be accessible
after rma open, so that we can use RMA open as a ccd open testlab
replacement.
Commands like rddkeepalive and bitbang are needed for testlab use, so
they should be accessible after open.
BUG=b:74019846
BRANCH=cr50, cr50-mp
TEST=build, do rma open, verify commands are not locked out, and do rma
disable
Change-Id: Iaeb89cea94d478dc0eb25c92bb09d488d14cad41
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/942309
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 097f5e6a0b1258dbb69842d1ebc6e4dd0142a5d7)
Reviewed-on: https://chromium-review.googlesource.com/961614
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When running w/ blocking usb console output
(CONFIG_USB_CONSOLE_CRC) and the host is not polling the console,
upgrade will fail.
Signed-off-by: mschilder@google.com
TEST=buildall -j8; gsctool update succeeds on mn50
BRANCH=none
BUG=none
Change-Id: I5c09694c146ba0fbf7562b86ab0fad0d578bc5ff
Reviewed-on: https://chromium-review.googlesource.com/938392
Commit-Ready: Marius Schilder <mschilder@chromium.org>
Tested-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit ab706d65fd9a262498654ac559011f99b1038cb3)
Reviewed-on: https://chromium-review.googlesource.com/949077
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This field allows multiple product families to be independently versioned
and released, without risk of having one product family's image flashed
to another product family's chip.
BUG=b:73728151
BRANCH=none
TEST=make buildall -J
Change-Id: I53f5e5b1e9ac7ea19997f8d1228a568e66c43d39
Reviewed-on: https://chromium-review.googlesource.com/935759
Commit-Ready: Jeff Andersen <jeffandersen@google.com>
Tested-by: Jeff Andersen <jeffandersen@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Nadim Taha <ntaha@google.com>
(cherry picked from commit 3b2fec7700604be1a9c8cf8c3c7e3ec8a6bdfa73)
Reviewed-on: https://chromium-review.googlesource.com/949076
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This option will cause usb console output to block and
also compute a crc32.
Signed-off-by: mschilder@google.com
TEST=make buildall -j
BRANCH=none
BUG=none
Change-Id: Icf66d5ddbea52008a9c97094e7c83194caa7db79
Reviewed-on: https://chromium-review.googlesource.com/936281
Commit-Ready: Marius Schilder <mschilder@chromium.org>
Tested-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit e5e1b7ea5dbc6a22e14c63ef9a6c4f00cfd1993f)
Reviewed-on: https://chromium-review.googlesource.com/949075
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add crc32_ctx.. functions to take context parameter.
This allows for multiple instances to exist in parallel.
Conflicts:
test/build.mk
Signed-off-by: mschilder@google.com
TEST=make buildall -j8 succeeds
BRANCH=none
BUG=b:73832883
Change-Id: I66bbc56377eeebf01c790caad0bc4c7a51a1bc58
Reviewed-on: https://chromium-review.googlesource.com/935825
Commit-Ready: Marius Schilder <mschilder@chromium.org>
Tested-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit 3c4800e59452a7124c34f563d548e09849d59b8d)
Reviewed-on: https://chromium-review.googlesource.com/949074
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch enhances the gsctool utility to allow to verify RO sections
of the target AP and EC flash memory.
The only command line parameter required for the new option ('O') is
the file name of the target descriptors database, containing memory
description sections for one or more Chrome OS devices.
Memory description sections are of two types (both types could be
referring AP or EC memory):
- hash descriptor, this section includes the address range of the
memory and one or more hash values for the contents of that address
range. Multiple hashes are needed in case when the same device has
mnore than one RO firmware releases in circulation.
- dump descriptor, this is a request for this utility to display on
the console the contents of the certain area of flash memory on the
target.
When this utility starts the process, the target might request that
the operator confirms physical presence, in this case the utility
keeps prompting the operator to press the physical presence button
until DUT is satisfied,
BRANCH=none
BUG=b:73668125
TEST=created a descriptor database for a Robo device feeding it with
values retrieved on the device by locally running spihash command
on the device.
Then ran this utility to verify successful hash and dump
retrievals, comparing dump values with values obtained through
Cr50 console directly.
Created additional dummy hash variants and verified that the
utility succeeds only if all matches happen at the same variant
index in different hash sections.
Change-Id: Ib43cf4eb642d141b7cd7f129ef412e14bd59f30b
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/933545
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit d57e5eb3128774732e3b3fe40c0f939d9aaeff1a)
Reviewed-on: https://chromium-review.googlesource.com/961613
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a lateral move allowing to share some data structures and
functions previously limited to the gsctool.c scope.
This will allow adding new functionality in a separate .c file, and
further refactor gsctool.c which little by little became quite
unwieldy.
BRANCH=none
BUG=b:73668125
TEST=gsctool utility still works for uploading Cr50 images.
Change-Id: Ib56db3e0b983c53a228a658467a3059abcf2166e
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/933543
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 52b93ce19d00c9a6507c630501904b845a1b6486)
Reviewed-on: https://chromium-review.googlesource.com/961612
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds code which would parse the RO hash/dump descriptor
file including a database listing expected values of hashes for
various ranges of target SPI flash devices, or areas which need to be
printed out (hex dumped) for operator inspection.
Lines starting with '#' are completely ignored. The rest of the
logical lines could actually split into multiple text lines in the
file, so to separate one logical line from another at least one empty
line is required.
Hash descriptor database file consists of sections for various Chrome
OS boards. Each board description section starts with a logical line
of 4 characters which is the board ID (the same as the board's RLZ
code).
Each board description section includes variable number of range
descriptor entries, each entry being a logical line, potentially split
into multiple text lines.
Each entry consists of semicolon separated fields:
{a|e|g}:{h|d}:base_addr:size[:value[:value[:value...]]]]
Where
- the first sindgle character field defines the way the range is
accessed:
a - AP flash
e - EC flash
g - EC flash requiring gang programming mode
- the second single character field defines the range type
h - Cr50 returns the hash of the range
d - Cr50 returns actual contents of the range (hex dump)
- the third and and forth fields are base address and size of the range
- ranges of type 'h' include one or more values for the hash of the
range, each hash is a 64 byte hex string. Ranges of type 'd' do
not include any data.
All values are expressed in hex.
The parser API provides functions to open the passed in hash
descriptor file and find there the section for a particular board, a
function to advance to the next entry in the board's section, and a
function to close the file when board entries scanning is completed.
When scanning the entries, the parser verifies their sanity, i.e.
conformance with the above described format, that all hashes are of
the right size, that there are no hashes attached to 'dump' entries
and there is at least one hash attached to the 'hash' entries, and
that there are no invalid characters in the hashes and address range
definitions.
The parser is not yet used by the gsctool, but when the new module is
compiled stand alone with -DTEST_PARSER passed to the compiler, it
becomes an executable which can be given the test hash database (the
new file, sample_descriptor) to interpret and report success or
failure.
BRANCH=none
BUG=chromium:812880
TEST=ran the following commands:
$ gcc -DTEST_PARSER desc_parser.c -o dp
$ ./dp sample_descriptor
Section 1, rv 0
Section 2, rv 0
Section 3, rv 0
Unexpected data in section 4
Section 4, rv -22
Invalid hash 1 size 0 in section 5
Section 5, rv -22
Invalid hash 1 size 0 in section 6
Section 6, rv -22
Invalid hash 1 size 63 in section 7
Section 7, rv -22
Invalid hash 1 size 65 in section 8
Section 8, rv -22
Invalid hash 1 value in section 9
Section 9, rv -22
Unexpected number of variants in section 10
Section 10, rv -22
Invalid hex value 10x in section 11
Section 11, rv -22
Section 12, rv -61
$
Change-Id: I14b2754a5f6ba26b3c56ddc26d45cb4574514b69
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/923419
Reviewed-by: Andrey Pronin <apronin@chromium.org>
(cherry picked from commit 9a6de75ebf220effe1e428f4e253178f36360ec1)
Reviewed-on: https://chromium-review.googlesource.com/961611
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CONFIG_IGNORE_G_UPDATE_CHECKS currently drops all upgrade checks.
Now with CONFIG_BOARD_ID_SUPPORT only check for board_id match.
CR50_DEV still retains full no check behavior.
TEST=buildall -j8
BRANCH=none
BUG=none
Change-Id: I0d085a26c814cd0f35450f0a0db06fe8525ab896
Reviewed-on: https://chromium-review.googlesource.com/933589
Commit-Ready: Marius Schilder <mschilder@chromium.org>
Tested-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit 25e8bc3efd94e6110f46c9f8aa6d7a0ab456c995)
Reviewed-on: https://chromium-review.googlesource.com/949073
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Both CCD and SPI_HASH commands need to enforce physical presence. This
patch separates PP polling into a function which can be used by both
commands.
Conflicts:
extra/usb_updater/gsctool.c
BRANCH=none
BUG=b:73668125
TEST=verified that running 'gsctool -a -o' on a Robo device still
allows to unlock CCD with PP enforced.
Change-Id: I49abb0e56ad37664eaad7cc34de44e1ac06e2d1b
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/930567
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 1850d5908a348e31d61b2816f6f086fd4d3596de)
Reviewed-on: https://chromium-review.googlesource.com/961610
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Various parts of Cr50 code and Cr50 related utilities duplicate
definition of __packed available in include/common.h. Let's use the
same definition everywhere.
BRANCH=cr50, cr50-mp
BUG=none
TEST=make buildall succeeds
verified that linker generated map files for Cr50 RW are the same
before and after this change.
built and used gsctoo and rma_reset
Change-Id: Ib91f9bbad1f6822b347f32b393630f592df80d60
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/931929
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 58759f5fbb21edaafab8fe212980a8cae692e686)
Reviewed-on: https://chromium-review.googlesource.com/949071
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The function used to read or write Board ID value, when invoked for
reading, reports the value on the console, but does not save the read
value in the passed in structure.
Let's always save it in the structure so that the caller of this
function has access to the retrieved value.
BRANCH=none
BUG=chromium:812880
TEST=verified that 'gsctool -i' still operates as expected.
Change-Id: I9bc713386758ca6701e6b853e042652e2f392871
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/925692
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit cd76cde2173e7e18d54865d97beece25fa2cb14e)
Reviewed-on: https://chromium-review.googlesource.com/961609
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the upcoming extensions it would be beneficial to be able to keep
gsctool functionality spread among multiple source files. The current
Makefile is also not generating proper dependencies, which was fine
when gsctool utility was first introduced, but is not adequate any
more, and would be even more noticeable when more source files are
added.
In preparation let's just convert the build scheme into separately
compiling .c files, generating .d files while at it, and then linking
the .o files together in a separate link operation.
BRANCH=none
BUG=chromium:812880
TEST=verified that gsctool still builds fine and allows to update Cr50
image.
Change-Id: I537bbe6bf76ac71e8d30040b276b78513d390bbf
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/923418
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 77fe675d7566d9999a4de3485e20b52e4628e972)
Reviewed-on: https://chromium-review.googlesource.com/961608
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cr50 cannot override the state of the power button. It was possible with
dev cr50 chips, but the capability was removed in prod chips. Change the
console command, so it is only used to get the state of the power
button.
Remove all of the commands used to override the power button.
BUG=b:73557298
BRANCH=none
TEST=none
Change-Id: I99cb5e8a18dd972fba460c434364702f06a26305
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/926964
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
(cherry picked from commit 64a4e6b7045861c57505bcbbc8ad3a5ad6e0e5ed)
Reviewed-on: https://chromium-review.googlesource.com/949069
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the DEBUG_DRIVE register, not the DEBUG_BLOCK_OUTPUT. Copy/paste
error?
BRANCH=none
BUG=none
TEST=none
Change-Id: Ic915b8675559d6f43d153f3a309becc621416dbe
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/924698
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit 3aff8da158e97b42550844eb5cfcbe9f937130d7)
Reviewed-on: https://chromium-review.googlesource.com/927782
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A typical CCD use case is when the DUT is not fully functional, or
even completely dead, including corrupted AP/EC firmware.
We still want to be able to enable CCD in this case, but routing CCD
commands through TPM task context (necessary to ensure the large stack
size some CCD commands require) is blocked if TPM was not reset after
startup.
Let's allow both reset requests and alternative commands when AP is
held in reset after reboot. The only situation when the alternative
command arrives would be the CCD use case of the system not generating
TPM reset pulse at startup and the operator is trying to execute a CCD
or RMA reset command.
BRANCH=cr50, cr50-mp
BUG=b:73292631
TEST=on a reef device: destroyed AP firmware and observed that the
'ccd open' command indeed results in the hung Cr50 console after
Cr50 is reset in this state.
Loaded the new Cr50 image, (which caused another Cr50 reset),
successfully took it through the 'ccd open' sequence resulting in
enabling AP flash write access, restored the AP flash and
observed the DUT boot into Chrome OS.
Change-Id: I4413bc200f5b2be563ba666ff80dd2d889ae5790
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/920924
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit f495e27ce67888cd955bffded589f877ae503897)
Reviewed-on: https://chromium-review.googlesource.com/927781
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The console command now calls the vendor command to do the work.
Otherwise, the same as before.
Conflicts:
include/tpm_vendor_cmds.h
set to the upstream version.
BUG=chromium:804507
BRANCH=cr50 release (after testing)
TEST=manual:
# Sample sequence
spihash ap -> requires physical presence; tap power button
spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin
spihash dump 0 128 -> dumps first 128 bytes; compare with image.bin
spihash 128 128 -> offset works
spihash 0 0x100000 -> gives a hash; doesn't watchdog reset
spihdev ec
spihash 0 1024 -> compare with ec.bin
spihash disable
# Test timeout
spihash ap
# Wait 30 seconds
spihash 0 1024 -> still works
# Wait 60 seconds; goes back disabled automatically
spihash 0 1024 -> fails because spihash is disabled
# Presence not required when CCD opened
ccd open
spihash ap -> no PP required
spihash 0 1024 -> works
spihash disable
# Possible for owner to disable via CCD config
ccd -> HashFlash is "Always"
ccd set HashFlash IfOpened
ccd lock
spihash ap -> access denied
# Cleanup
ccd open
ccd reset
ccd lock
Change-Id: Ife9335a1e402a7596d99bf515ec89ff94e8a0044
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/910083
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit f49e1c3b42026eeaf57df0fd86b43660ddb1c184)
Reviewed-on: https://chromium-review.googlesource.com/927720
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will prevent earlier released images from running on the device
unless Info1 is erased.
Conflicts:
util/signer/ec_RW-manifest-dev.json
util/signer/ec_RW-manifest-prod.json
Kept major revision number at 1.
BRANCH=cr50, cr50-mp
BUG=b:70891959
TEST=verified that two bits in the rollback mask have been erased now:
> sysinfo
Reset flags: 0x00000800 (hard)
[...]
Rollback: 2/2/128
Change-Id: Ic345c79010fbe0e075e14e652ea1eba263226ab1
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/916737
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit c07cbae93ca50c1c3b2565d82119f23ad6011c6f)
Reviewed-on: https://chromium-review.googlesource.com/927719
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new key ID is set to zero.
BRANCH=cr50, cr50-eve
BUG=b:70891959
TEST=verified that prod server properly responds to the challenge
generated by a CR50 running on Robo device.
Change-Id: I1e0da4a2cebca7f985c5f2a6da509c850924a874
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/915503
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Michael Tang <ntang@chromium.org>
(cherry picked from commit 7b44ce57a3273e7ff6b339d3a9214fb891512fa3)
Reviewed-on: https://chromium-review.googlesource.com/927718
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows hashing or dumping SPI flash from the Cr50 console even on
a locked device, so you can verify the RO Firmware on a system via CCD.
See design doc: go/verify-ro-firmware
(more specifically, "Cr50 console commands for option 1")
BUG=chromium:804507
BRANCH=cr50 release (after testing)
TEST=manual:
# Sample sequence
spihash ap -> requires physical presence; tap power button
spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin
spihash 0 128 dump -> dumps first 128 bytes; compare with image.bin
spihash 128 128 -> offset works
spihash 0 0x100000 -> gives a hash; doesn't watchdog reset
spihdev ec
spihash 0 1024 -> compare with ec.bin
spihash disable
# Test timeout
spihash ap
# Wait 30 seconds
spihash 0 1024 -> still works
# Wait 60 seconds; goes back disabled automatically
spihash 0 1024 -> fails because spihash is disabled
# Presence not required when CCD opened
ccd open
spihash ap -> no PP required
spihash 0 1024 -> works
spihash disable
# Possible for owner to disable via CCD config
ccd -> HashFlash is "Always"
ccd set HashFlash IfOpened
ccd lock
spihash ap -> access denied
# Cleanup
ccd open
ccd reset
ccd lock
Change-Id: I27b5054730dea6b27fbad1b1c4aa0a650e3b4f99
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/889725
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit ff4d22819a8cccaae7bec08a973916f39154f3b2)
Reviewed-on: https://chromium-review.googlesource.com/927717
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will allow to make differences between pre-pvt and mp images
better visible.
Conflict: Set major version field to 1.
BRANCH=cr50
BUG=none
TEST=none
Change-Id: I3abf24443a208482167231d93983b8edcace5f55
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/907170
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit 8d1422813ee10dcbd13f7a340dafa83728023e9c)
Reviewed-on: https://chromium-review.googlesource.com/906987
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When RMA procedure is completed WP needs to be enabled back.
BRANCH=cr50, cr50-mp
BUG=b:37952913, b:73075443
TEST=on a Robo device, verified that WP is enabled, took the device
through RMA unlock, verified that WP is disabled, took the device
through RMA disable, verified that WP is enabled again.
Also confirmed that after RMA is disabled WP status follows the
battery.
Change-Id: Iad6af7d16aadcd10d580f709aeb942cf508a8489
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/905926
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 4a673c15ad36698a7a00fe7dbbc86854b7b7596c)
Reviewed-on: https://chromium-review.googlesource.com/906986
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TPM task is running on a higher priority than the hook task
invoking TPM reset for RMA purposes. The waiting task ID value needs
to be set before TPM task is signaled to reset.
BRANCH=cr50, cr50-mp
BUG=b:37952913
TEST=with the corresponding ccd_config.c changes fully verified RMA
process (not just generating and processing the challenge).
Change-Id: Id112d59ae0c3fd31a32e652c6a043fc3fd3bbe07
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/905925
Commit-Ready: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 41a308abcb02474e3883a5be7c3001738c020789)
Reviewed-on: https://chromium-review.googlesource.com/907962
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will allow to release an MP image withouth geopardizing devices'
security.
BRANCH=none
BUG=none
TEST=verified that ccd subcommands open and unlock fail both wnen
issued on the Cr50 console and through gsctool, and the
'CCD is disabled in this image'
message is printed on the Cr50 console.
Change-Id: Ied66293efb573777e8d0ea024211dcd30069edab
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/905569
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change creates a state machine to handle ap uart detection. It
removes all of the ap_uart stuff from ap_state.c and moves it to
ap_uart_state.c. All boards will now use ap_uart to enable/disable ap
uart and tpm_rst_l to detect the ap state.
Separate ap uart detection from ap detection, so we can disable the ap
uart without enabling deep sleep. If the ap is in S3 on ARM devices,
Cr50 wont be in deep sleep, but the AP UART RX signal wont be pulled up.
In this case we need cr50 ap rx to be disabled and deep sleep to be
disabled.
BUG=b:35647982
BRANCH=cr50
TEST=run firmware_Cr50DeviceState on scalet and electro
Change-Id: I81336a9e232df8d44b325eef59327a1c06a80cba
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/884307
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit 4d3c8c1776f4055d999deea6593f499b588430f2)
Reviewed-on: https://chromium-review.googlesource.com/900557
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Automated code scanner highlighted a few problems in the recent ode
additions. This patch fixes the problems.
BRANCH=cr50
BUG=none
TEST=none
Change-Id: I1f199eb5d2af992384ab04f3010b4b646464a70f
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/897993
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit 8dba841b4e4e514204f6e002115862fe3229666f)
Reviewed-on: https://chromium-review.googlesource.com/900167
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Flash operations in do_flash_op() involve waiting polling for the chip
to complete the operation. If a concurrent operation is started while
another operation is in progress, flash gets confused and locks up.
Let's add a mutex to ensure that flash operation runs to completion
before another operation starts.
BRANCH=cr50
BUG=b:67651754
TEST=multiple times ran firmware update while the device was coming up
and saving TPM status in NVMEM. Observed no failures.
Change-Id: I777a38f8a63cf17d60edb11cc3f916a4ea904741
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/894180
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit cdd2c95284be89c9a7e79a27c35b0e1f1773e27f)
Reviewed-on: https://chromium-review.googlesource.com/896789
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change reenables the gpio interrupts if the signal is not high.
BUG=none
BRANCH=cr50
TEST=firmware_Cr50DeviceState
Change-Id: Iae4e18594954789cd6841e01d1c943de3b389415
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/884306
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 4d0eb3be49fac06cdb932a3ac9fb429d97f7a340)
Reviewed-on: https://chromium-review.googlesource.com/896788
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add BOARD_DEEP_SLEEP_DISABLED and BOARD_DETECT_AP_WITH_UART to
BOARD_ALL_PROPERTIES, so they will be updated after cr50 reboots.
BUG=b:35647982
BRANCH=cr50
TEST=test deep sleep on scarlet
Change-Id: I8999ae7c6c1dad6799b5fdb99ebf5d7618a21c2b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/882343
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit a4e1e476308ed717c0909c0a67e9a45152371dd0)
Reviewed-on: https://chromium-review.googlesource.com/896787
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ap_state doesn't disable/enable the detect ap interrupt correctly. This
means cr50 is mostly just polling the AP state. Cr50 may not realize the
AP is up until almost a second after it first turned on. This change
reenables the detect ap on interrupt while debouncing the AP state or if
Cr50 thinks the AP is off, so cr50 can more quickly detect the
transition from off to on.
This issue doesn't affect devices that detect the AP with TPM_RST_L,
because we never disable the TPM_RST_L interrupt and that handler calls
ap_on_deferred directly.
BUG=b:71866206
BRANCH=cr50
TEST=run power_state:rec on Dru and make sure there are no tpm irq
timeouts.
Change-Id: I67388f9dce94fb22efe5755a0de563e5af42f8f5
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/869410
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 7b5b83055cbf8b4e67e6e63e72dd8f8038f80635)
Reviewed-on: https://chromium-review.googlesource.com/896786
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When user is trying to execute 'ccd open' or 'ccd unlock' and password
is set, the return error code does not allow to tell the reason for
the command failure.
Let's add a distinct return code to indicate this condition so that
the user can supply password.
BRANCH=cr50
BUG=b:62537474
TEST=verified along with the accompanying gsctool modifications.
Change-Id: I286f87ab12114cd7dd7ebcdf0e321f7a24723367
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/861208
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit d99e680b3ce01db9561739862d4e584820060db7)
Reviewed-on: https://chromium-review.googlesource.com/896785
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When TPM is wiped out on 'ccd open', the TPM reset could be invoked on
the TPM task context, if physical presence verification was not
required, or on the hooks task context, if PP was required.
This patch makes sure that the proper TPM reset is invoked depending
on the context. Also fixing the return value in ccd_command_wrapper(),
because it is expected to be from the ec_error_list enun, and this is
what is returned in the vendor command error response payload.
BRANCH=cr50
BUG=b:62537474
TEST=verified that TPM and device reset happen smoothly in both cases
when 'ccd open' requires and does not require PP.
Change-Id: I1935fc90b386bb8f2158001e153da371fca22d03
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/861206
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit b95b487cbcdadd1e9026dee255cebbe7660dd549)
Reviewed-on: https://chromium-review.googlesource.com/896784
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When implementing 'ccd open' and 'ccd unlock' through gsctool, we need
to be able to pass to the host the state of the physical presences
state machine regarding the expected user action (pressing the PP
button).
Two new VENDOR_CC_CCD subcommands are being added: CCDV_PP_POLL_OPEN
and CCDV_PP_UNLOCK. In response to these commands, the Cr50 always
returns VENDOR_RC_SUCCESS return code and a single byte payload
showing the CCD and PP state:
- CCDPP_CLOSED - PP process is not running, CCD closed. Maybe user
missed a button press deadline.
- CCDPP_AWAITING_PRESS (self explanatory)
- CCDPP_BETWEEN_PRESSES (self explanatory)
- CCDPP_PP_DONE - CCD is opened/unlocked (as per user request), PP
process succeeded.
BRANCH=cr50
BUG=b:62537474
TEST=with the upcoming change to gsctool verified that PP states are
properly conveyed to the user.
Change-Id: I97b1fef4440eea93c5c5ac01b7c60bfce9a4595c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/861001
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 8347907c46df8186d339c10dcca1b1c5f8f641ed)
Reviewed-on: https://chromium-review.googlesource.com/896783
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CCD management policies explicitly prohibit running the 'unlock'
command from the Cr50 CLI unless CCD password is set.
This patch enforces the policy.
BRANCH=cr50
BUG=b:62537474
TEST=ran the following commands on the Cr50 console:
> ccd
State: Locked
Password: none
...
> ccd unlock
Cann't unlock without password
Access Denied
Usage: ccd [help | ...]
>
Change-Id: I5a14a54049a233e86e097064ff235e9b7a8bbb86
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/861000
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 35c8f62480ec47dac9825e1fc0fdf6a59b47df8f)
Reviewed-on: https://chromium-review.googlesource.com/896782
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Depending on device configuration and compile time options, CCD
commands 'open' and 'unlock' could either be executed immediately, or
require the user to take the device through physical presence state
machine.
As these commands execute through TPM vendor commands, there needs to
be a different return value indicating that the command action is not
finished and PP process is in progress.
Let's add another vendor command return value, and do not consider it
a failure if vendor command returns this value in response to 'ccd
open' or 'ccd unlock'.
BRANCH=cr50
BUG=b:62537474
TEST=took an Eve through 'ccd open' sequence
Change-Id: Ie62ccfb4319a13b6fb6c1c854a0ea26beb9f517c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/860999
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 88c5e62f89a7d9eab423c8fd11dd49c51e512826)
Reviewed-on: https://chromium-review.googlesource.com/896761
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds an API which exports current physical presence state
machine state to allow the caller to see if the state machine is in
one of the three distinct states:
- no PP process in progress
- user PP input is expected
- PP process in progress, user input is not currently expected
BRANCH=cr50
BUG=b:62537474
TEST=with the rest of the patches applied verified that PP state is
properly communicated through this API.
Change-Id: Ia10cd20c490dadef595f30e0b7257e51b6abf8fa
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/860998
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit 0207f0c53ba644a3fc2a4df8ce6f316faf6b7033)
Reviewed-on: https://chromium-review.googlesource.com/896760
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In preparation to conveying the PP state to gsctool let's split the
'PP_DETECT_IN_PROGRESS' physical presence FSM state in two:
- PP_DETECT_AWAITING_PRESS, a state when user physical presence
indication is expected
- PP_DETECT_BETWEEN_PRESSES, a state when the previous indication was
accepted, but the next one is not yet required.
The code is modified to accept the disjunction of the twp new states
as the old PP_DETECT_IN_PROGRESS state.
BRANCH=cr50
BUG=b:62537474
TEST=successfully took Eve through 'ccd open'
Change-Id: I0d229f2f8beeec01ea2a9106b0cbc3f9801ff479
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/860997
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit 25b59e26caa0fc1a8593d98ea5fc0af2a7650d09)
Reviewed-on: https://chromium-review.googlesource.com/896759
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to be able to tell between cases when a CCD command executed
on the TPM vendor command context was invoked through CLI or received
over /dev/tpm0.
Let's add a flag set for the duration of execution of the CLI command.
BRANCH=cr50
BUG=b:62537474
TEST=none, this is not used yet.
Change-Id: I309b4364285816a5f54522b00c93a4bf5025e2c4
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/860913
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit b946052a56318dc1f4f04e6f0205d93cd66f2851)
Reviewed-on: https://chromium-review.googlesource.com/896758
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using and extending the existing framework, move ccd commands
'password, lock, open, and unlock to the same processing path.
The first three commands accept a single parameter, password. It is
required for the password command and optional for unlock and open.
The lock command does not require any parameters.
Wiping the TPM, if necessary, now happens on the same context where
CCD command is executed, i.e. the TPM task context. This is why the
same context TPM reset function needs to be exported and used here.
ccd_open() and ccd_unlock() could be further refactored, this would
require a bit more effort to find appropriate balance between
commonalities and differences.
BRANCH=cr50
BUG=b:62537474
TEST=verified that ccd commands to open, unlock, lock and set and
clear password all work.
Change-Id: I2b9f2b550347b590a55bfaef262a4f050d3f4c1c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/854709
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit b31fca4b91f10be84a845222775b67553d63bf4e)
Reviewed-on: https://chromium-review.googlesource.com/896757
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cr50 should not automatically touch the EC reset when enabling the
USB-EC SPI bridge. Otherwise, this could interefere with ECs that might
have internal SPI flash and need to have their resets deasserted in
order to access the internal SPI flash.
This commits simply removes the assertion of EC reset when enabling the
USB-EC SPI bridge. The user or external scripts should control the
resets as necessary using servo or the cr50 console.
BUG=b:71548795,b:71557464
BRANCH=None
TEST=Flash meowth cr50. Verify that I can flash the EC using a
servo_v4.
TEST=Repeat above test with a servo_micro.
TEST=Repeat above test with a SuzyQable.
Change-Id: I114c34df43cf1e8ba622e75c3e6ecf517afc40a4
Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Reviewed-on: https://chromium-review.googlesource.com/850865
Commit-Ready: Aseda Aboagye <aaboagye@chromium.org>
Tested-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit 8d1d243134b7234a6df5558e715ea497e0fb97b9)
Reviewed-on: https://chromium-review.googlesource.com/896756
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently only 'ccd password' command is processed using TPM vendor
command. More CCD commands are going to be processed the same way.
This patch refactors the code to make it easier to add more
subcommands.
BRANCH=cr50
BUG=b:62537474
TEST=verified that 'ccd password' still works both from crosh and CLI.
Change-Id: Id55da51d6edc5652591ad30160a4102b3026a186
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/854708
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 17a167cda16420def302cd10c0c214e61f9f5406)
Reviewed-on: https://chromium-review.googlesource.com/896755
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want CCD commands lock, open, password, and unlock (at least to
start with) to be available over both CLI and through crosh (i.e.
coming over /dev/tpm0).
Let's allocate a TPM vendor command for handling all CCD subcommands,
and move to this new framework the 'ccd password' command, which
already is available over vendor command.
BRANCH=cr50
BUG=b:62537474
TEST=verified that 'ccd password' still works both over Suzy-Q CLI and
using gsctool on the target.
Change-Id: I2d06230b762f47af7e580b188a587bc5678ca169
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/853280
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 877e5909b403cd40b415757b2921594bb6d8a021)
Reviewed-on: https://chromium-review.googlesource.com/896754
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The compiler marks data put into the TPM2_common.bss section as
PROGBITS, which the linker does not like. Changing the section name
prevents the marking and keeps linker happy.
BRANCH=cr50
BUG=chromium:799385
TEST=verified that local_state is still in where it belongs:
$ egrep '(local_state|__bss_libtpm2)' build/cr50/RW/ec.RW.smap
00010400 B __bss_libtpm2_start
00015d0c b local_state
00015d18 B __bss_libtpm2_end
Change-Id: I48f7d2cb08c7ccb2ef3b3159eaf4d66e2b8720b4
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/852793
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 57bb4ddf4163dbe3da48ba56464adbabfa596344)
Reviewed-on: https://chromium-review.googlesource.com/896753
|
