| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. -fconserve-stack costs 888 bytes (1.7K for CRYPTO_TEST=1) of code
size with unclear benefits. This option exists since initial commit
`e24fa592d` on 7 Dec 2011. Real stack usage after TCG tests is
sligthly reduced for TPM2 and CONSOLE tasks, slightly increased for
HOOKS task.
2. FIPS digest remains the same as FIPS module still compiles with this
option set. This has a penalty of ~200 bytes, but maintaining stable
digest is more important.
Before:
*** 3700 bytes in flash and 1100 bytes in RAM
Task Ready Name Events Time (s) StkUsed
0 R << idle >> 80000000 2622.363199 104/512
1 HOOKS 00000000 83.747318 664/1024
2 TPM 00000000 34.779582 7600/8192
3 R CONSOLE 00000000 0.338724 424/1024
After:
*** 4588 bytes in flash and 1100 bytes in RAM
Task Ready Name Events Time (s) StkUsed
0 R << idle >> 80000000 747.794338 104/512
1 R HOOKS 80000000 9.372003 704/1024
2 TPM 00000000 36.982134 7588/8192
3 R CONSOLE 00000000 0.428505 408/1024
BUG=b:277777628
TEST=make BOARD=cr50; tpm_test.py; TCG tests
Change-Id: I1ae1c8af6b0870b48f3f985476fa0a0d2b8f57d0
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4426791
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:274517542
TEST=none
Change-Id: I3238b87a4c7c30d2ecba303bcbb916f612169541
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4440808
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:278703558,b:268352167
TEST=set the fwmp. Verify the WP policy is updated and enforced.
Change-Id: I8cedfc14ecd5c51eed996abaa9f55098c6f3e673
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4440807
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move ap_ro_status to ap_ro_status.h from ap_ro_integrity_check.h so that
we could have enum ap_ro_status exposed to trunks and tpm_manager.
BUG=b:275524662
TEST=make buildall -j
Change-Id: Ibe0a6ef5de1fe63d9bb0a677b5902857109251fb
Signed-off-by: Ching-Kang Yen <chingkang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4431682
Commit-Queue: Ching-Kang Yen <chingkang@chromium.org>
Tested-by: Ching-Kang Yen <chingkang@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=b:267674073
TEST=none
Change-Id: Icbd9bb41f875f9d93ebeb6f14554401d88558e94
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4367526
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=b:268352167
TEST=see bug
Change-Id: I3a4f2ae746cbc2e64df535c4c91b16cdbd7f292a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4367525
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the FWMP WP policies whenever the fwmp is written or whenever the
AP comes out of reset. Add a board_fwmp_update_policies function that is
when TPM_RST_L is deasserted and called _plat__NvInformIndexDataChanged
shows the FWMP is written.
BUG=b:268352167
TEST=make buildall -j
Change-Id: Ia00a356b88a36fb879c208b248da08825f21abca
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4367524
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=b:274517542
TEST=none
Change-Id: Ie709c8df7e99b22bb5b02512bca3a1e69d713d0c
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4433929
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Check the size of the field to determine what size each space is.
BUG=none
TEST=BOARD_ID size is still 12, SN DATA size is still 16, APRV size is
still 4, and FACTORY CFG size is still 8.
Change-Id: Ib01baa7a9b63c5d6cc99b5feff71f50095cac901
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4426795
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for reading the factory config from virtual nvmem. This
change uses the same index as ti50 --index=0x3fff06. There are two
indices that are reserved, but not implemented for cr50. This change
registers a REGISTER_DEPRECATED_CONFIG for VIRTUAL_NV_INDEX_RMA_BYTES
and VIRTUAL_NV_INDEX_WV_UDS_BYTES.
BUG=b:278118981,b:214065944
TEST=manual
Set the factory config to 0xface
Read the config from virtual nvmem
tpm_manager_client read_space --index=0x3fff06 --file=/tmp/contents
INFO tpm_manager_client: [main.cc(595)] ...
result: NVRAM_RESULT_SUCCESS
data: CEFA000000000000
}
RMA_BYTES and the WV_UDS_BYTES index still return nothing
tpm_manager_client read_space --index=0x3fff04 --file=/tmp/contents
INFO tpm_manager_client: [main.cc(595)] ...
result: NVRAM_RESULT_SUCCESS
data:
}
tpm_manager_client read_space --index=0x3fff05 --file=/tmp/contents
INFO tpm_manager_client: [main.cc(595)] ...
result: NVRAM_RESULT_SUCCESS
data:
}
Change-Id: I651f00851b1e60fe0f898fd75111be27b2bf497e
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4424877
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a 64 bit write once factory config space to info1. If the factory
has something they want to configure, they can use part of the space to
store that configration.
Right now nothing in cr50 uses the factory config space. If we need to
modify cr50 behavior based on the space value, we can add functionality
later. The factory just needs to set the bit in the factory config.
BUG=b:214065944
TEST=manual
Clear the Board ID
set the config to 0. Verify it does nothing
gsctool -a --factory_config 0
gsctool -a --factory_config
0
Set the flags
gsctool -ai 0xffffffff:0x10
Set the config to something
gsctool -a --factory_config 0x12345678cafecafe
gsctool -a --factory_config
12345678CAFECAFE
# Set it to the same thing. Verify cr50 returns EC_SUCCESS.
gsctool -a --factory_config 0x12345678cafecafe
gsctool -a --factory_config
12345678CAFECAFE
[40.114944 write_factory_config: ok.]
Try to set it to something else. Verify it's rejected because
the space is set.
gsctool -a --factory_config 0xcafe
[43.331302 write_factory_config: factory cfg already programmed]
gsctool -a --factory_config
12345678CAFECAFE
Set the Board ID Type
gsctool -ai ZZCR:0x10
Try to set the config again. Verify it's rejected because the
board id type is set.
gsctool -a --factory_config 0x12345678cafecafe
Factory config failed. (7)
gsctool -a --factory_config
12345678CAFECAFE
Change-Id: Ie816ebffcf6c24ad94bbcd2dc2f0c3936caafb11
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4424873
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: I38904ea19d451349c9fb062a7040ff0ed4863aff
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4426794
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per b/277777628 FIPS module build depends on value of `CC` env var,
which is not a desirable behavior.
1. Add -fconserve-stack to FIPS module builds explicitly to make sure
its digest is same as reported and doesn't depend on environment.
2. gcc specific option moved to core/cortex-m/build.mk
3. Verified that binutils workaround is still needed (b/238039591)
BUG=b:277777628, b:238039591
TEST=make BOARD=cr50; tpm_test.py, FIPS digest is the same
Change-Id: I664cee178de400efed3fe2e06b9b4b72f6ce6067
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4425068
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=wp vendor command is enabled in DBG images over usb. It's still
disabled in non-DBG images.
Change-Id: I2649edc71bf9a1c9c03ff3744ccb7beb60ab1ff9
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4367527
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Remove CONFIG_FLASH to save 1668 bytes in DBG images.
BUG=none
TEST=none
Change-Id: Ic8bc18107571f1e5c0d8d381b624cde6f1e5f05d
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4424872
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add '--factory_config' command to get the factory config if optarg is not
provided and set it if one is provided.
BUG=b:275356839
TEST=localhost ~ # gsctool -a --factory_config
EEDDCCBBAA998877
Failed because already set:
localhost ~ # gsctool -a --factory_config 001122334455667788
Factory config failed. (7)
Successful set:
localhost ~ # gsctool -a --factory_config
0
localhost ~ # gsctool -a --factory_config 001122334455667788
localhost ~ # gsctool -a --factory_config
1122334455667788
Change-Id: I128e9871eb2aece3a9173c5a6e31c2ce5a4d3cd0
Signed-off-by: Brian Granaghan <granaghan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4404231
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=b:275356839
TEST=build
Change-Id: I6de6de6a43cfe45860bbe9b4aa7cce211da0166e
Signed-off-by: Brian Granaghan <granaghan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4421422
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=b:265310865
TEST=gsctool -aD --clog
Change-Id: Ifaeb6fcf97257bf525c0ad2ec84281f1d5718c24
Signed-off-by: Brian Granaghan <granaghan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4409005
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit c0d219f6a26a3c379f90201dff4dac8f93c13467.
Reason for revert: We aren't ready to land this yet.
Original change's description:
> gsctool: Use OpenSSL EVP API for compat
>
> The primitive `SHA_*` functions are marked deprecated in OpenSSL v3,
> which causes the build to fail (warnings treated as errors, as is good
> and proper). Using the EVP APIs should work both with OSSL v1 and v3,
> enabling us to upgrade to 3.
>
> BUG=b:275420721
> TEST=builds and tests pass
>
> Change-Id: I709309f9aadd2ec238d69ba40b4947619b0463c7
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4405312
> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
> Tested-by: Chris Palmer <palmer@chromium.org>
> Commit-Queue: Chris Palmer <palmer@chromium.org>
Bug: b:275420721
Change-Id: Ic702ee6cea62e1e854d2fcebc46e7bd59f41fb63
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4411763
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The primitive `SHA_*` functions are marked deprecated in OpenSSL v3,
which causes the build to fail (warnings treated as errors, as is good
and proper). Using the EVP APIs should work both with OSSL v1 and v3,
enabling us to upgrade to 3.
BUG=b:275420721
TEST=builds and tests pass
Change-Id: I709309f9aadd2ec238d69ba40b4947619b0463c7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4405312
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Chris Palmer <palmer@chromium.org>
Commit-Queue: Chris Palmer <palmer@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Due to large share of devices with slow TRNG increase timeout cycles
from 0x7ff to 0xfff.
2. Increase total reset attempts from 16 to 32.
2. Log number of resets.
BUG=b:211648605
TEST=make CRYPTO_TEST=1
Change-Id: Ib0f9472d6f84c39cd7576f374ab482e522a39809
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4380143
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Increase timeout from 700ms to 1000ms as we saw some timeouts of
unknown origin.
2. INT_STATE wasn't collected for timeouts, change when we get it.
3. Add address of function to log so we can identify source of failure.
BUG=b:273935442
TEST=make CRYPTO_TEST=1; tpm_test
Change-Id: Ifbb1ea5d52662a71d944baa9a7a189224529d85e
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4380209
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=b:274512057
TEST=none
Change-Id: Ia619b34d6ca5fec997f62b4d96d14b2d9bc5b020
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4409342
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This also renames the file to have the correct spelling.
go/ti50-fw-releases should be updated to match once this lands.
BUG=b:273367615
TEST=None
Change-Id: Ic330e83ef54494cf5b2e35ed23fcdd6e6497c0cc
Signed-off-by: Alyssa Haroldsen <kupiakos@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4404429
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The pairing secret (Pk) used for biometrics PinWeaver protocol needs to
be cleared during TPM clear.
BUG=b:262040869
TEST=(with depended CL) pinweaver_client biometrics_selftest
Cq-Depend: chromium:4337481
Change-Id: Ie07869f75aea64a7950d04693722b74c11a913ca
Signed-off-by: Howard Yang <hcyang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4344442
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit f4b79570b7b423cce8431ebdd2deae102db7a91b.
Reason for revert: This breaks the CQ b/277089899
Original change's description:
> gsctool: Add command to get or set factory config.
>
> Add '--factory_config' command to get the factory config if not optarg
> is provided and set it if one is provided.
>
> BUG=b:275356839
> TEST=localhost ~ # gsctool -a --factory_config
> EEDDCCBBAA998877
> Failed because already set:
> localhost ~ # gsctool -a --factory_config 001122334455667788
> Factory config failed. (7)
>
> Successful set:
> localhost ~ # gsctool -a --factory_config
> 0
> localhost ~ # gsctool -a --factory_config 001122334455667788
> localhost ~ # gsctool -a --factory_config
> 1122334455667788
>
> Change-Id: I69c3c6a9c5540d39d2a9fc02fc3702174229a77d
> Signed-off-by: Brian Granaghan <granaghan@google.com>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4400915
> Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Bug: b:275356839
Change-Id: I9217cffe68808c2191d796f16864a9289b928f21
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4400343
Reviewed-by: Aaron Massey <aaronmassey@google.com>
Tested-by: Aaron Massey <aaronmassey@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add '--factory_config' command to get the factory config if not optarg
is provided and set it if one is provided.
BUG=b:275356839
TEST=localhost ~ # gsctool -a --factory_config
EEDDCCBBAA998877
Failed because already set:
localhost ~ # gsctool -a --factory_config 001122334455667788
Factory config failed. (7)
Successful set:
localhost ~ # gsctool -a --factory_config
0
localhost ~ # gsctool -a --factory_config 001122334455667788
localhost ~ # gsctool -a --factory_config
1122334455667788
Change-Id: I69c3c6a9c5540d39d2a9fc02fc3702174229a77d
Signed-off-by: Brian Granaghan <granaghan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4400915
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add '-l' command to fetch GSC console logs and print them to stdsout.
BUG=b:268396021
TEST=localhost ~ # gsctool -aDl
Valid CCD config found
CCD_MODE: deasserted
AP RO verification result: setting unprovisioned
PLT_RST_L DEASSERTED
WARNING: with `AllowUnverifiedRo` disabled EC will be kept in reset in
future Ti50 versions
Unverified AP RO allowed
ERROR: failed to retrieve key ladder state, setting to dev
libtpm initialized
Deferring NV write.
Deferring NV write.
Servo: debouncing -> disconnected
Starting erase
Change-Id: I59db7ebba0517d89900f31451b0d919712d2c564
Signed-off-by: Brian Granaghan <granaghan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4266190
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a reland of commit ed10ce4730d37a4ae7eab60ad70257720399f289
Original change's description:
> cr50: Use platform/pinweaver
>
> Toggle the CONFIG_PLATFORM_PINWEAVER build flag, to build pinweaver with
> the platform/pinweaver implementation instead of the cr50
> implementation.
>
> BUG=b:262040869
> TEST=make board=cr50 -j
> TEST=(DUT) Use cryptohome CLI to create a user with a PIN.
> TEST=(DUT) Make 2 fail attempts on that PIN.
> TEST=(DUT) Update cr50 to the image including this CL.
> TEST=(DUT) Test leaf properties are correct: 3 more fail attempts locks
> the PIN, password auth resets the PIN, then PIN authentication succeeds.
> TEST=tast run $DUT hwsec.PINWeaver*
>
> Cq-Depend: chromium:4307211
> Change-Id: I6e52566ca8ee68bb0ee71d30538fb6b8cbc4f67d
> Signed-off-by: Mary Ruthven <mruthven@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311235
> Tested-by: Howard Yang <hcyang@google.com>
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Commit-Queue: Howard Yang <hcyang@google.com>
Bug: b:262040869
Cq-Depend: chromium:4354785
Change-Id: Ibb7ad2c1f752f7ed8678465f5b3901536314d466
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4349272
Tested-by: Howard Yang <hcyang@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Howard Yang <hcyang@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Until ti50 repo becomes public, we want to at least make the release
notes public. Copy all release notes from private repo to public one.
BUG=b:274094827
TEST=rendered correctly
Change-Id: I2f1291449defd4dc6d336853a16a7187d3d68325
Signed-off-by: Jett Rink <jettrink@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4356016
Tested-by: Jett Rink <jettrink@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Auto-Submit: Jett Rink <jettrink@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before this fix, update_pcr was inserting an extra byte at the start
of the updated value.
BUG=b:273331256
TEST=see BUG
Change-Id: Idb648ff7f999c48f93bd7dfe9a207ecd48fa53d5
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4351200
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit ed10ce4730d37a4ae7eab60ad70257720399f289.
Reason for revert: Causes building chromeos-cr50-dev to fail
Original change's description:
> cr50: Use platform/pinweaver
>
> Toggle the CONFIG_PLATFORM_PINWEAVER build flag, to build pinweaver with
> the platform/pinweaver implementation instead of the cr50
> implementation.
>
> BUG=b:262040869
> TEST=make board=cr50 -j
> TEST=(DUT) Use cryptohome CLI to create a user with a PIN.
> TEST=(DUT) Make 2 fail attempts on that PIN.
> TEST=(DUT) Update cr50 to the image including this CL.
> TEST=(DUT) Test leaf properties are correct: 3 more fail attempts locks
> the PIN, password auth resets the PIN, then PIN authentication succeeds.
> TEST=tast run $DUT hwsec.PINWeaver*
>
> Cq-Depend: chromium:4307211
> Change-Id: I6e52566ca8ee68bb0ee71d30538fb6b8cbc4f67d
> Signed-off-by: Mary Ruthven <mruthven@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311235
> Tested-by: Howard Yang <hcyang@google.com>
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Commit-Queue: Howard Yang <hcyang@google.com>
Bug: b:262040869
Change-Id: Ib60f090c50b1e34635ce2e1f3537f7eb0c95490e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4348103
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Matt Vertescher <mvertescher@google.com>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
Auto-Submit: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the definition for UINT64_MAX which is used in v2 PinWeaver code,
and toggle the BIOMETRICS_DEV flag to increase PinWeaver version to 2.
BUG=b:262040869
TEST=make buildall -j
TEST=tast run $DUT hwsec.PINWeaver*
Cq-Depend: chromium:4337476
Change-Id: I54642a098bbe697e461d636a416ed5512c8ae528
Signed-off-by: Howard Yang <hcyang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4337180
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Toggle the CONFIG_PLATFORM_PINWEAVER build flag, to build pinweaver with
the platform/pinweaver implementation instead of the cr50
implementation.
BUG=b:262040869
TEST=make board=cr50 -j
TEST=(DUT) Use cryptohome CLI to create a user with a PIN.
TEST=(DUT) Make 2 fail attempts on that PIN.
TEST=(DUT) Update cr50 to the image including this CL.
TEST=(DUT) Test leaf properties are correct: 3 more fail attempts locks
the PIN, password auth resets the PIN, then PIN authentication succeeds.
TEST=tast run $DUT hwsec.PINWeaver*
Cq-Depend: chromium:4307211
Change-Id: I6e52566ca8ee68bb0ee71d30538fb6b8cbc4f67d
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311235
Tested-by: Howard Yang <hcyang@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Howard Yang <hcyang@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add CONFIG_PLATFORM_PINWEAVER build flag, and support for building
platform/pinweaver.
BUG=b:262040869
TEST=make board=cr50 -j
Change-Id: I993051af60ab4163c37726eac87bd98a8b60fc69
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311234
Tested-by: Howard Yang <hcyang@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Howard Yang <hcyang@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename the headers so they will not collide with platform/pinweaver
headers with the same names.
BUG=b:262040869
TEST=make -j BOARD=cr50
Cq-Depend: chromium:4337377
Change-Id: Iee9f44c4fcb6ab0a01faec5886f07b84c271d1fc
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311233
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Howard Yang <hcyang@google.com>
Commit-Queue: Howard Yang <hcyang@google.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=b:273510573
TEST=gsctool -b dbg.bin
Change-Id: I3de2687491add2d63532e028d3d62a318ce6d13a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4342809
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=b:273334049
TEST=none
Change-Id: Id04168d7f24e81dfe7618b3ee916927991077166
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4336837
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=b:272827066
TEST=none
Change-Id: If98811f65df739a54f62419b7f245918dd5d7259
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4330878
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is impractical to use GSC images smaller than one flash page size,
let's not accept them for downloading.
BUG=b:272058012
TEST=get the following error trying to transfer a corrupted image:
Image at offset 0x4000 too short (1024 bytes)
Change-Id: Ia80e8ceaf6a5848e194000acf51824189f157ba1
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4317923
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add -x <num> or --clog <num> command to fetch the crash log associated
with num and dump the raw output stdout.
BUG=b:265310865
TEST=gsctool -a -x 2
00000000000000000df0ad0b000000000000000000000000000000000200...
58a609000000000000000000000000000df0ad0b00000000440000000000...
000000000000000024440c00000000000000000001000000480000006801...
65720000000000009400000001000000010000008800000072763569a271...
00000018b8e20100000000000100000002000000000000000d0000000000...
.
.
.
Change-Id: I10fa3c19c31c18f1007bcc161e7ff8d2ac9e6e6c
Signed-off-by: Brian Granaghan <granaghan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4257728
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Headers smaller than flash page are not valid, let's not accept them
durinf firmware updates.
BUG=b:272058500
TEST=using dd corrupted an existing image header size field to be set
to 0x400, and tried to download the image using gsctool and
observed the expected error message on the Cr50 console:
fw_upgrade_command_handler:505 image at 4000 too small
and in the host terminal:
Error: status 0xb
Change-Id: I27b0bbd6a1204b20bd2d0ac1ce88082ed911d339
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4316741
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DBG images are running low on space. This change removes some of the
more rarely used console commands. It saves 2352 bytes.
This disables sleepmask, timerinfo, i2cxfer, history, and i2cscan in
DBG images. If someone needs to reenable them for a build, they can
comment out the undefs.
BUG=none
TEST=make buildall -j
Change-Id: I40115d6e2769fae4e489eb926778c38c94b66cd3
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4307437
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:269537147
TEST=none
Change-Id: I64defabc471a0107ebb3c06082a23855dbd14121
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4292311
Auto-Submit: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL allows kernel & firmware antirollback spaces update only in certain
board states by adding the appropriate checks to _plat__NvUpdateAllowed().
BUG=b:270243270
TEST=set specific PCR0 values using https://crrev.com/c/2494503,
verify that can update antirollback for normal/dev/recovery values,
cannot update for recovery+dev value only when block_devmode is set.
Change-Id: I979e3e07a877bf5604e99184c9b60eaaa1abf6b4
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4290246
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Auto-Submit: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If gsctool is compiled more strictly, these uninitialized variables
cause errors. Set the pointers to empty string like other char*
variables.
BUG=none
TEST=make all for gsctool compiles without errors in a more strict
setting
Change-Id: Id65d51bcc5b81451f4235650c2cf8042986d5197
Signed-off-by: Jett Rink <jettrink@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4290237
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Auto-Submit: Jett Rink <jettrink@chromium.org>
Tested-by: Jett Rink <jettrink@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Jett Rink <jettrink@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add nice strings for two new AP RO verification status codes.
Also make the unknown value match what is specified in ti50 (255)
BUG=none
TEST=make gsctool builds
Change-Id: I26399640dd2cc73d7f463f38e49e5234024c24fb
Signed-off-by: Jett Rink <jettrink@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4237256
Tested-by: Jett Rink <jettrink@chromium.org>
Commit-Queue: Jett Rink <jettrink@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Auto-Submit: Jett Rink <jettrink@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to incorrect flags for TPM2 objects U2F secrets were not fully
zeroized (however were overwritten with new owner). Doesn't affect G2F.
BUG=b:268382629
TEST=make CRYPTO_TEST=1 U2F_TEST=1
fips del
fips old
fips u2f # prints old keys
u2f_test # all tests passed
fips del
fips new
fips u2f # print new key size
u2f_test # all tests passed
fips del
fips u2f # prints 0 sizes for u2f secrets
Change-Id: I2549dd5fd20937170c9b8d87363d90b138fdc4dc
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4269450
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:269537147
TEST=none
Change-Id: Ic214e5f8b1424221d3b6d5aa8d08178cd722ab57
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4258271
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:260531154
BRANCH=none
TEST=none
Change-Id: I9e9cb4aadb7b59d7d1f64847d3e4852ca15f5b9e
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4160818
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Peter Marheine <pmarheine@chromium.org>
Code-Coverage: Zoss <zoss-cl-coverage@prod.google.com>
Commit-Queue: Peter Marheine <pmarheine@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Evan Benn <evanbenn@chromium.org>
(cherry picked from commit 611a9ab148c8a56dbdbc4e2844a74fcbe63b0457)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4253167
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
