| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL in case of unorderly TPM reset that doesn't also reset GSC
preserves RAM-backed values of orderly nv indices.
BUG=b:201101365
TEST=1) create an orderly counter
2) increment it
3) trigger EC reset
4) verify that the counter value was preserved
Cq-Depend: chromium:3417937
Change-Id: I799183ad06584055d025c2acf5f83ff2ded32d39
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3418122
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Boards like zork can reset cr50 with pch_disable, but don't have the
cr50_reset_odl overlay in their hdctools overlay. Add support for trying
to use that control to reset cr50. Allow people to use that signal if
they want. Worst case is it won't reset cr50.
BUG=none
TEST=./util/flash_cr50.py -i $IMG -p 9999 -c cr50-rescue -r pch_disable
Change-Id: I0843fc6d93bedaa32f491389badc7f1836e3402d
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3465528
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Commit-Queue: Aseda Aboagye <aaboagye@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: I329192d5b4d383d72b90bc90c46589b156f5391b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3456709
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a logical error, so cr50 will save the ccd config after setting the
password.
BUG=b:219075883
TEST=see comment#4 from the bug
Change-Id: I2e389c90c9ffe49dc340846258569835ca867ffb
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3457942
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reject VENDOR_CMD_FROM_ALT_IF commands everywhere VENDOR_CMD_FROM_USB
commands are rejected. ccd_config generates ALT_IF tpm commands from the
'ccd' console command. Treat these the same as VENDOR_CMD_FROM_USB
commands. Reject setting the ccd password and ccd open from the console
unless usb commands are allowed.
BUG=b:219075883
TEST=run firmware_Cr50Open.ccd_open_restricted and firmware_Cr50Password
grep for VENDOR_CMD_FROM_USB in platform/cr50 to make sure all flags
checks have been updated.
Change-Id: I69590a55d14745fd14d813b0adfa555ec40f0229
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3456708
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. ECDSA pair-wise consistency test failure wasn't updating FIPS status.
Added new failure bit FIPS_FATAL_ECDSA_PWCT.
2. ECDSA KAT was only simulating error in verify, but not in sign.
Split 'fips ecdsa' into 'fips ecver' and 'fips ecsign'.
3. Added a way to introduce self-integrity error by not updating FIPS
module digest with 'FIPS_BREAK=1' during build.
4. Added reporting of FIPS module digest.
BUG=b:134594373
TEST=make CRYPTO_TEST=1;
in ccd test:
fips pwct; tpm_test.py should fail; fips should print error.
-
fips ecver; fips test reports ECDSA error
fips ecsign; fips test reports ECDSA error
-
FIPS module digest is printed
-
FIPS_BREAK=1 make CRYPTO_TEST=1 produce build with zero digest
reporint FIPS self-integrity error.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ib0a92c118f07a76e4b52eaf9b011ff4f73a02c61
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3425998
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a vendor command to disable deep sleep the next time TPM_RST_L is
asserted. Normally cr50 enters deep sleep whenever TPM_RST_L is
asserted. New boards want to disable deep sleep during certain power
states. This vendor command allows the AP to disable deep sleep for the
next suspend cycle.
When deep sleep is disabled, cr50 modifies TPM_RST_L to be WAKE_HIGH and
sets it back to WAKE_LOW after TPM_RST_L is deasserted, so TPM_RST_L
doesn't constantly wake cr50 from regular sleep.
This uses 248 bytes
BUG=b:214479456
TEST=manual
# Check G3 resume works ok.
# Disable Deep Sleep from the AP. The vendor command is 59
# (0x3b)
trunks_send --raw 80010000000c20000000003b
ccdstate
DS Dis: on
AP > shutdown -P now
...
[454.992733 Block DS]
ccdstate
DS Dis: on
pinmux
40060018: DIOM3 0 IN WAKE_HIGH
idle
idle action: sleep
# Verify cr50 starts cycling through sleep spinner at two ticks
# a second.
EC > powerbtn
# check the cr50 console
...
A�UART on]
10/ 1 [102.484012 Missed edge]
[102.484352 deferred_tpm_rst_isr]
[102.484580 AP on]
[102.484779 set TPM wake]
[102.484981 tpm_reset_request(0, 0)]
[102.485279 tpm_reset_now(0)]
[547.928375 AP on]
[547.928615 set TPM wake]
pinmux
40060018: DIOM3 0 IN WAKE_LOW
# Disable Deep Sleep from the AP. The vendor command is 59
# (0x3b)
trunks_send --raw 80010000000c20000000003b
ccdstate
DS Dis: on
ecrst pulse
...
[602.638427 AP on]
[547.928615 set TPM wake]
[602.638668 tpm_reset_request(0, 0)]
...
ccdstate
DS Dis: off
# Check S3 resume works ok.
# Use AP commands to enter S3
AP > trunks_send --raw 80010000000c20000000003b
AP > echo deep > /sys/power/mem_sleep
AP > echo mem > /sys/power/state
10\ 1 [243.409412 dis DS]
1|[249.536811 tpm_rst_asserted]
[250.537197 AP off]
[250.537631 Block DS]
# Wake the AP with a power button press from the EC
EC > powerbtn
# verify cr50 prints "Missed edge", but the device resumes ok.
1/ 10- 1 [270.112655 Missed edge]
[270.113037 deferred_tpm_rst_isr]
[270.113315 AP on]
[270.113529 set TPM wake]
[270.113712 tpm_reset_request(0, 0)]
[270.114013 tpm_reset_now(0)]
[270.116996 tpm_init]
tpm_manufactured: manufactured
[270.118301 tpm_reset_now: done]
[270.156967 PinWeaver: Loading Tree!]
[270.189353 Skipping commit]
Change-Id: I96049a9d38b5c66acad9c73628f588f4cf6b2b3f
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3406587
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: Ide0ac9a563e4a1dbbf2ae209f5807e82db2e20c5
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3415374
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add "ERROR" and some exclamation points to make invalid strap messages
more noticeable.
BUG=b:214550629
TEST=look at invalid strap error messages on red board.
strap pin readings: a1:3 a9:1 a6:1 a12:3
[0.005569 WARN Ambiguous strap cfg. Use spi based on old brdprop.]
[0.006675 get_properties: ERROR NO TABLE ENTRY!!! cfg: 0x7 prop: 0x1]
strap pin readings: a1:3 a9:1 a6:1 a12:3
[0.005649 get_properties: ERROR INVALID STRAP PINS!!! cfg 0xd7 prop 0x42
Change-Id: Ie1e29fd4152a2b3f984989e37b771339895e6a0e
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3390071
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=cr50 uses red board straps after power-on and hard resets.
Change-Id: I0ee4a48a3e8661565dede1f7686cf6b2e1181914
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3386406
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Log brdprop errors in flog, so the team can track brdprop errors from
the AP without grepping through cr50 logs.
BUG=b:214550629
TEST=flash on red board. Verify invalid strap events are logged.
enable closed-loop-reset on the red board. Verify "ambiguous" strap
logs are ignored.
Change-Id: Ibea73fb19119fa81ed3652c5d68e430cdbae9fa5
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3386405
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:214266426
TEST=RESCUE=../cr50-utils/software/tools/SPI/rescue EARLY=1 \
TEST= util/brescue.sh ti50.bin /dev/ttyUSB5
TEST=util/brescue.sh ti50.bin /dev/ttyUSB5
Change-Id: I427b9c16896ddf9f12cf78f185e7718e23786648
Signed-off-by: Andrew Luo <aluo@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3388229
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Andrew Luo <aluo@chromium.org>
Tested-by: Andrew Luo <aluo@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: Icc4198dc7e87c74cbbc5466b4a04d716ebab22a2
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3386404
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
A few good suggestions were made by people who read this doc, this
patch introduces the recommended changes.
BUG=none
TEST=none
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Id6d58d8db670e0ed616b79b7f430618ab5d1d1eb
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3385607
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: I37e1ce5ca998c08d328a663ac18050755400a0eb
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3381053
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a deep sleep option to the idle command on red boards, so it's
easier to test deep sleep.
BUG=none
TEST=run `idle d` with a red board image
Change-Id: I913b1fbd46c34530dbdf2ee8ef0ca5dc05584efd
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3373463
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We do FIPS power-on test on cold boot only and only redo it on wake
from sleep if there was an error earlier. However, when waking we didn't
set FIPS mode flags properly causing incorrect reporting of not-approved
mode while there are no errors.
On the other side, some nvmem code which doesn't use FIPS crypto was
calling crypto_enabled() before FIPS power-on tests where completed,
which caused failure of load_ec_hash when it was present. Adjust
behavior of crypto_enabled to only check for lack of FIPS errors, but
not completion of power-on tests. This way we unblock nvmem init code
early in the boot, while still block access if any FIPS errors happens
later.
BUG=none
TEST=make; in CCD - try idle d
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ibae3654cc1289fef439f9e03cb90170f3377f0da
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3373465
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Getting following error when building Rescue with `libelf-dev-`:
Package libelf was not found in the pkg-config search path.
Perhaps you should add the directory containing `libelf.pc'
to the PKG_CONFIG_PATH environment variable
No package 'libelf' found
/usr/bin/ld: cannot find -lelf
And using `libelf-dev` instead seems to resolve the issue.
BUG=None
TEST=sudo apt-get install libelf-dev
then build Rescue utility
Change-Id: I11a98f43b31312a9b0908650221c327805d37835
Signed-off-by: Fei Shao <fshao@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3372126
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: I926e6ec710dc63ad1f5ec25637e1792f0363b736
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3366873
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems we have relatively high number of devices with slow TRNG,
mostly Octopus and Grunt platforms. To mitigate potential issues reduce
load on TRNG during witness generation in prime number check, relying
on already generated random from DRBG.
BUG=b:211648605
TEST=test/tpm_test/tpm_test.py - checking RSA key gen and that
deterministic key gen is not affected.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Id661ad4191321b761c25a5c1fc3bda10336feff9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3361250
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems we have relatively high number of devices with slow TRNG,
mostly Octopus and Grunt platforms. To mitigate potential issues
increased TRNG reset counts from 8 to 16 to give a chance to recover,
and updated recording of TRNG stall to record only first occurrence
of stall per 32-bit.
BUG=b:211648605
TEST=test/tpm_test/nist_entropy.sh - loads TRNG
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I11d0e9ca2955894b2ed95dbfbf71ad8ff153c53e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3358466
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace int to size_t in DCRYPTO_x509_* functions to indicate that
returned value is actually a size.
Replaced int to enum dcrypto_result and removed arithmetic on enum in
DCRYPTO_x509_gen_u2f_cert_name() to make code clear.
Added intermediate variable certificate_len in GetG2fCert to make logic
clear. However, virtual nvmem requires further refactoring to replace
void with size_t to escalate errors if any.
Added check that G2F certificate is not all zeroes in tpm_test.py
BUG=b:212517336
TEST=test/tpm_test.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I5ee4567219f43dd3c7e7ef7d260b446732c5c22d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3361100
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Logical error introduced in crrev.com/c/3179708 that causes x509 gen u2f
cert failed. Fix the incorrect interpretation of the `result` variable in
an `if` statement.
BUG=b:211820657
TEST=make buildall -j
TEST=manual test, u2fd get g2f certificate doesn't fail anymore
Change-Id: I37aaa5946c43896458c93a67352b5f2d92a1965a
Signed-off-by: Howard Yang <hcyang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3360325
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's have different log entries for the case when AP RO verification
is provisioned but failed, and when it is supported.
BUG=b:211762871
TEST=none
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: If99c89e6c6c0d10eec2d9e9c97d13e85bb3f1f23
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3360091
Tested-by: Vadim Bendebury <vbendeb@gmail.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The apro_result variable saves the state reported by an attempted AP
RO verification, setting this variable to AP_RO_FAIL prevents
releasing of the EC reset on the following reboots.
In case verification could not be run because control structures have
not been found, and there is no evidence of a previously succeeding
verification, apro_result has to be set to
AP_RO_UNSUPPORTED_TRIGGERED.
BUG=b:211762871
TEST=verified various states of AP RO verification, in particular
confirmed that running verification on a device where it is not
supported does not prevent future reboots.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I74ad47a6fd92c6d906e723df6e7d37520ff92b27
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3360089
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=b:210879337
TEST=./tpmtest.py -T hash ; ./tpmtest.py -T drbg
Change-Id: I80152b1c95111b2c294b154f2495b3611b3b8870
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3352714
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Logical error was introduced in crrev.com/c/3119223 which resulted in
failing attempts to read G2F certificate from virtual nvmem.
This CL fixes it and adds a test for this command.
BUG=b:211820657
TEST=make BOARD=cr50; test/tpm_test/tpm_test.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I3c46e9e050d5084dbac1b0a7c3d7e378987a3759
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3359755
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
An independent tester followed the instructions discovered a few
inaccuracies, now being fixed.
BUG=None
TEST=None
Change-Id: I528d5e0121f000bf0018157699441bb689b1f509
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3354850
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Remove people who have left the team.
BUG=none
TEST=none
Change-Id: I2af957fa776a6665a4f856e74d94183fc1cb85f1
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3353246
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The markdown document describes the use of the scripts and provides
instructions on connecting to GSC and controlling it using Servo Micro
or C2D2 with very low overhead.
BUG=none
TEST=verified instructions by running the commands successfully.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I268ffa364d4230d72dcd529c1102cb422b980e1e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3352888
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The script builds a Cr50 image from scratch, then by examining the
contents of builed/cr50/RW the script figures out the source files
which were used to build the image and then compares all source files
with a different git branch.
The branch to compare with by default is
cros/firmware-cr50-stab-14294.B, if the user wants to compare to a
different branch, the name of the branch can be passed as command line
parameter.
The Cr50 tree branch names in firmware branches are modified by
addition of the '-cr50_stab' suffix, the script tries adding the
suffix if the branch to compare to does not exist in the Cr50 tree.
Two git trees are examined, Cr50 and tpm2. If the other branch does
not exist in either of the trees or building Cr50 image fails, the
script reports error and exits.
The result of running the script is a set of git diffs for files which
are different between branches.
BUG=b:200823466
TEST=ran the script to compare ToT and pre-pvt Cr50 branches, observed
sensible results.
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Change-Id: Ic044c2d23758eed1a5573385e903e59ed4328635
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3297446
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: I3ddfcb55cfe7fcf941a23575d167ad8bd1ccedc0
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3352184
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modify the hash_command_handler print statements, so it's easy to tell
the difference between firmware and hardware hash commands with the
console output.
BUG=b:210879337
TEST=make -j BOARD=cr50 CRYPTO_TEST=1
Change-Id: I0fca79c102cd284b564fe6ca8464c22c1629e2a0
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3345983
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: I5f6e29b470afd087aef7c9e11720f87f3663999c
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3345283
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In crrev.com/c/3221264 we uncommented the code that starts checking
auth_hmac for v1 key handles, but u2fd is not ready to provide the auth
secret yet. Comment the code back and put NULL for authTimeSecret for v1
key handles before secret enforement is implemented in u2fd.
BUG=b:210366574, b:172971998
TEST=make buildall -j
Change-Id: I8cf008213c88b8c88ab91f0601c319aea7ebfde0
Signed-off-by: Howard Yang <hcyang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3337970
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Only default to SPI and PLT_RST when no valid properties are found.
BUG=b:210760012
TEST=make clobber ; make -j BOARD=cr50 CRYPTO_TEST=1 H1_RED_BOARD=1
Change-Id: Ic2842bc305322deb5fdc43e1d3487d499e9cb23b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3341778
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: I1fd5721c8f06d04322668ab0fb73c7375521727a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3336198
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cr50 uses local implementation of crypto, no need to keep track of the
third_party tree.
BUG=None
TEST=built cr50 image and ran it, verified that cryptoc is not
included in the version string any more.
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Change-Id: Ic016492ffc203a704d9ad252a4a05cc16074863f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3318734
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the keep_ec_in_reset call into do_ap_ro_check, so AP RO
verification will hold the EC in reset when it's triggered from the AP.
This change removes the ap_ro_verification_failed_ variable, so all of
the AP RO verification is included in ap_ro_info. ap_ro_ver_state isn't
needed anymore, so this CL removes it.
BUG=b:207545621
TEST=make clobber ; make buildall -j
Change-Id: Id0b2e04b042d48f2b8a9dae021e762369ca5f3eb
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3300174
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In a situation where there is a failing V1 check and no V2 information
in the AP flash, the results of V2 check were overriding the results
of V2 check, replacing 'failed' with 'not found'.
This patch prevents the override and simplifies the verification logic
- always check for V2 if V1 check fails.
BUG=b:207545621
TEST=the DUT properly stops booting when a corrupted V1 structure is
detected and V2 structure is not present.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I0abe19780bf34ed4455f1a1a61b9cf23ff83173f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3299280
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
AP RO verification test keys in vboot_reverence have been updated, by
crrev.com/c/3297447, this patch brings the root public key payload hash
in sync.
BUG=b:141191727
TEST=built a Cr50 image for guybrush and used it to verify AP RO hash
signed with the new test key.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I121d3738db28e473e2bfd1f8fcf8c7681bad1ddd
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3298880
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit b5cebbaadb4966e9d1820b0dcabd690d3e5d762e.
BUG=b:207391162
TEST=The chan output is the same on ToT and mp images.
Change-Id: Ief9bc6f6c9b027284b423e46681c313fd3fd73aa
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3296743
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: Ib31feddde38061df787ec78b7a2131f00b4cc634
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3291134
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=b:173227629
TEST=make buildall -j
Change-Id: Ic1d704233bca5438a0832f5f3533d640464ce1a5
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3293253
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=b:173227629
TEST=make buildall -j
Change-Id: I2b203dfe45416aa3b632f6f788d14264b08f44e0
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3293252
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Nothing uses spi_nor and sfdp.h has non-inclusive terms in it. Remove
both to make the codebase more inclusive.
BUG=b:173227629
TEST=make buildall -j
Change-Id: I2b880fcae3ab9619ff9703ba49be2936a5a9bd73
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3293251
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=b:173227629
TEST=make buildall -j
Change-Id: Iaf8028984cc58cc4108907fdba4ea4b38c43cf70
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3293250
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=b:173227629
TEST=make buildall -j
Change-Id: I34c9f7a3b79438518bb20ce8d6d819040d562432
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3293255
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 9cb1b936e76809cb68419c3ff3612e17fec81e9c.
BUG=b:200823466
TEST=make buildall -j
Change-Id: I82d322106022d70f9df3b7b618526ce8adf7e846
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3289991
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 520bd3f6ad2098e6969dd353350e2e2281f28989.
BUG=b:200823466
TEST=make buildall -j
Change-Id: Ie94334d0151f9f4755ec0937e7fcb04deed8b0a7
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3285831
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
