| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added service function read_tpm_nvmem_size() to return size of hidden
nvmem object, which is needed in FIPS framework code, but can't be
implemented locally due to conflicting headers between TPM2 library
and Cryptoc library, and util.h
BUG=none
TEST=make BOARD=cr50; meaningul test will be added in upcoming CLs
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Iab9520170cfdcd754f1fe2e79143f75766284921
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2258534
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A document describing how AP and H1 interact during the boot up
process, and typical failures causing the Chrome OS device falling
into recovery mode.
BUG=none
TEST=none
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Ib71ffbc9c7dadd5f42923c0bfac038ae7f0ca8e5
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2261318
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many source files over time started to respect 'bool' and 'size_t'
types for better code readability. However, these types are defined
in stdbool.h and stddef.h headers, so each time they were used
there was a need to include them. util.h included both, and one option
was to use it, but it conflicts with TPM2 library on definition MAX/MIN
BUG=none
TEST=make buildall -j
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ia0aca578e901c60aeafee5278471c228194d36bf
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2258540
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://crrev.com/c/2222386 added support for short EC keys to some
functions. Extending this support to sign and verify.
Added test vectors for regression testing in tpmtest.py
BUG=b:157528390
TEST=tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I3db2c9eee9da995d45d534a2732130948548ead8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2265605
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds another NVMEM API, which allows to erase stored TPM
objects selectively. The list of indices of the objects to be erases
is supplied in a zero terminated array.
The existing nvmem_erase_tpm_data() has been modified to erase only
selected objects, if the list of objects is supplied by the caller.
BUG=b:138578447
TEST=Using tpm_manager_client created a bogus NVMEM object, modified
Cr50 code to provide a CLI command which would invoke the new
NVMEM API function to delete the new object.
Invoked 'dump_nvmem' command before and after deleting the bogus
object. Observed the NVMEM contents compacted and the bogus
object deleted. Rebooted the device, observed proper Chrome OS
start up maintaining the existing user account.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I3e299c8004141fa01ff20c290131b6526575c42e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2253324
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add proper TRNG health tests and CR50-wide DRBG with reseeding
BUG=b:138578157
TEST=tpmtest.py -t1 fails after cr50 reboot.
rand_perf in console (kick-off FIPS TRNG test) and then
tpmtest.py -t1 and tpmtest.py -t2 should succeed.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I94c2dbd7a00dedcf1a0f318539a3c73c0c8076ef
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2251381
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The logic of deciding if the alternative RW image is newer than a
certain version needs to be updated to accommodate moving to higher
prod and prepvt major version numbers.
BUG=none
TEST=the 'nvmem_find_partition: No Legacy Partitions found.' message
is not printed during startup any more when updating from 6.3 to
6.4.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I59e18712b3365446c29f569bf0b50f95ab67df95
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2250658
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Time it takes for TRNG to come-up with 32-bit of randomness
varies, and once TRNG started to use 1-bit alphabet, it's average
increased. We handle this timeout by resetting TRNG and
writing record in the flash log. With current setting of EMPTY_COUNT
set to 400 it's almost never happens under normal use, and is harmless,
but adds unnecessary records in the log under heavy use like TRNG
health tests. Adjusting EMPTY_COUNT to higher value reduce probability
of TRNG reset when value is just delayed, but TRNG is not stalled yet.
BUG=b:138578157
TEST=tpmtest -t0
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ic0152da05934a70dd16b3e4178361bfcefbdda26
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2252481
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: William Wesson <wesson@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to changes in internal structures, stack consumption for SHA2,
HMAC, HMAC_DRBG grew up, and when combined with stack growth due to
changes in cprintf cause crash for some development console commands.
This patch increase console stack for CR50_DEV and CRYPTO_TEST modes.
BUG=none
TEST=manual, build with CR50_DEV or CRYPTO_TEST, run taskinfo
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I7170c65e4b8092d165c478f505a435f834744ed9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2251382
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to NIST SP 800-90B only vetted conditioning mechanism should
be used for post-processing raw entropy. See SP 800-90B, 3.1.5.1 Using
Vetted Conditioning Components. Use of non-vetted algorithms is governed
in 3.1.5.2, but assumes conservative coefficient 0.85 for entropy estimate,
which increase number of requests to TRNG to get desirable entropy.
More details on entropy estimate tests are in associated bug.
Entropy measurements using NIST assessment tool didn't report noticeable
change in entropy estimate. However, more changes are needed to use
DRBG instead of raw TRNG for all purposes.
TRNG changes reviewed also at https://crrev.com/c/1926384
BUG=b:138577834
TEST=test/tpm_test/nist_entropy.sh
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I5a578b90b8b7a77fae6a218eec48e87e7644ab44
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2240519
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement board-local configuraration of FIPS 140-2/3 policy as
complementary to FWMP policy. This is intended mostly for lab
testing and dogfooding, when FWMP policy is not feasible.
board_fips_enforced() returns status of FIPS from FWMP and NVRAM
and caches state to avoid expensive operations later.
BUG=b:138577491
TEST=manual, make buildall -j
Actual test command to be added in upcoming CLs
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I8fa651e56e6e76a87bbc4dd911e7a8c0546e7e0f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2247112
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FIPS 140-2 certification requires that security related output from
module should be disabled until completion of known-answer tests.
However, it's tricky to justify what output is security related, as
most of output data can be used to track current execution stage which
may be helpful for attacker. So, its safer to disable any output for
a short time once internal testing is done.
Provide console_disable_output() and console_enable_output()
functions which are supposed to be used by board initialization code
driving FIPS mode initialization.
BUG=b:138577539
TEST=manual; make buildall -j
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I42902acef7a5e99142ce2b6517ae511f63206e93
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2247103
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add FE_LOG_FIPS_FAILURE event type
BUG=b:138577539
TEST=manual
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I11be32598ddbbb327175a656c21abcb8388246d0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2247106
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added check for output len as defined by NIST for HMAC_DRBG and
define error codes instead of constants.
Propagate status for hmac_drbg_generate_p256
BUG=b:138578157
TEST=make buildall ; make BOARD=cr50 ; tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I16a1eac51ca11a6419a86922cfe59c13d9c703a0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2243762
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=b:158843230
TEST=run 'ver' on cr50
Change-Id: Ia22cbc74dc23156a11caceb587f8380aa68ce23b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2243312
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=b:158774719
TEST=none
Change-Id: I4558a8d4cb9219c8d78db9982f9c5d80d8a30d84
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2242770
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To prevent issues with long HMAC keys (longer than block size, which
is 64 for SHA-256 and 128 bytes for SHA-384/512)
BUG=b:158094716
TEST=make BOARD=cr50 CRYPTO_TEST=1 ; test/tpm_test/tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: If4c3e6cd0c753f39a7ea39515ae0596cfab6a6b8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2239481
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to Python3 switch tpm_test.py stop working. Updates to make it
work with Python3.
cros lint complains it can't import Crypto and rsa
BUG=None
TEST=tpmtest.py
tpmtest.py -t
To test exception handling change line 167 in crypto_test.py from
if real_out_text != out_text:
to
if real_out_text == out_text:
and run tpmtest.py again.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I927b25ab3288274993949c53564bed73faa346e9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2231974
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL enables cr50 to accept EC points of which X and/or Y component
has less than 32 bytes.
For testing, the following 4 data inputs can pass the test:
1. Creating salted session with a full-length ephemeral key.
2. Creating salted session with a short ephemeral key.
3. Walking through enrollment flow with a full-length ephemeral key.
4. Walking through enrollment flow with a short ephemeral key.
BUG=b:157528390
TEST=see the comment above.
Change-Id: I12c744ab00391a31d81d4ac6b6e644981ae46f48
Signed-off-by: Leo Lai <cylai@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2222386
Tested-by: Leo Lai <cylai@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:158533918
TEST=tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ia6b59c49afc7ed19507fab254cab44b2a5c1953b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2236588
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In https://crrev.com/c/2227077 ECC command handler was reimplemented,
but associated test was uploaded with old version of constant.
BUG=b:138578319
TEST=make CRYPTO_TEST=1 BOARD=cr50 -j && test/tpm_test/tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I7c50ed108d193958e62f76c2f7315247df14a398
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2238649
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=buildall
Signed-off-by: Namyoon Woo <namyoon@google.com>
Change-Id: Ie71e668e2966979a94035dcde750b1e31a7ba3f7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2238540
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NIST ACVP test expects access to test point is on curve and verification
of signature with arbitrary public key. Current implementation supported
only fixed public key. ACVP tests to be submitted separately.
Added two new test commands to support ACVP:
- TEST_POINT - test that given point is on selected curve
- TEST_VERIFY_ANY - same as TEST_VERIFY, but use provided Q
- TEST_SIGN_ANY - same as TEST_SIGN, but use provided d (private key)
BUG=b:138578319
TEST=make CRYPTO_TEST=1 BOARD=cr50 -j && test/tpm_test/tpmtest.py
Change-Id: Ibeabede935f5bbac918b3043072e05f8a6417aa4
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2227077
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For long HMAC keys we should also compare length with SHA256 block size
rather than size of opad. It updates previous patch.
https://crrev.com/c/1850535 introduced change in LITE_HMAC_CTX structure
which change size of opad field. HMAC computation was using sizeof(opad)
instead of SHA256_BLOCK_SIZE and that caused incorrect values.
BUG=b:158094716
TEST=make BOARD=cr50 CRYPTO_TEST=1 ; test/tpm_test/tpmtest.py
Change-Id: I9c7d63ad3f1751b09b6968379082e875b3558bef
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2231962
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch closes the AP RO verification loop on the Cr50 side.
If the check is triggered, the valid AP hash is found, and the RO
contents is found to not match the hash, the Cr50 will
- assert the EC reset;
- set a flag to prevent the code from deasserting EC reset;
- start a periodic hook to reassert EC reset in case the user hits
power+refresh.
This will prevent the Chrome OS device from booting.
A new CLI command is being added to display the verification state. In
developer images the new command would allow to clear the failure
state, when running prod images the only way out of the failure state
would be the powercycle.
BUG=b:153764696
TEST=verified that erasing or programming AP RO hash when board ID is
set is impossible.
Verified proper shutdown in case AP RO has is present and the AP
RO space is corrupted and recovery using the new cli command when
running a dev image.
Verified that 'ecrst off' properly reports the override.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I1029114126a9a79f80385af7bc8d5467738e04ca
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2218676
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://crrev.com/c/1850535 introduced change in LITE_HMAC_CTX structure
which change size of opad field. HMAC computation was using sizeof(opad)
instead of SHA256_BLOCK_SIZE and that caused incorrect values.
BUG=b:158094716
TEST=make BOARD=cr50 CRYPTO_TEST=1 ; test/tpm_test/tpmtest.py
or rfc6979 and hmac_drbg in Cr50 console.
Change-Id: I58c166381b9f95f02f9f0c26a04a88e552d8057f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2229280
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FTDI module used by tpmtest has stability issues, causing unstable
connection, which seemed to be dependent on setup delay. increased delay
to make it more stable.
Also, FTDI don't work correctly with multiple Ultradebug interfaces.
Make it use ISERIAL env variable if configured to guide interface choice.
BUG=None
TEST=make
Change-Id: Ifa27aac7ef42a8eb990963fa0cf1923a7405f0c7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2226139
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
You may need to do 'sudo emerge swig' to get latest swig installed.
Python3 differentiates between string and bytes, so need proper handling.
BUG=None
TEST=cd test/tpm_test && make
Change-Id: I6e09258a1f6a3fb2923760f446a2ff911e871b40
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2222978
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=b:158019009
TEST=make -j BOARD=cr50 CR50_DEV=1
Change-Id: If9554fcf499fb08b301d6f58764e9a4983b6884b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2227075
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SQA images won't be built anymore. This change removes the SQA support.
It deletes all SQA ifdefs and replaces CR50_RELAXED with CR50_DEV.
BUG=b:158011401
TEST=manual
build regular image and check eraselfashinfo and rollback aren't
included.
build image with CR50_SQA=1 and check it's no different than the
regular image.
build DBG image and make sure it still starts open, it has the
eraseflashinfo and rollback commands, and it can flash old cr50
images.
Change-Id: I5e94c88b1903cfcf0eee0081fc871e55fc8586c7
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2227149
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Not sure why this board was kept in, probably because fizz was mixed
up with fuzz.
BUG=none
TEST='make buildall -j' succeeds
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I4b08333d12bdfe8001b7e1c2b7c5860aef947a22
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2227168
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes a define that was needed for protobuf 3.7.0 that is no
longer needed.
BUG=chromium:1090402
TEST=USE='asan fuzzer' ./build_packages --board=amd64-generic
--skip_chroot_upgrade chromeos-cr50-dev
Change-Id: I0779485fe8d522e0a261e2d87b6a9bc1eacfbcc0
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2225949
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Manoj Gupta <manojgupta@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to support NIST ACVP testing, new commands to provide access to
HMAC implementations (software, and hardware accelerated HMAC SHA-256)
with CRYPTO_TEST_SETUP added:
- Software HMAC (_cpri_StartHMAC) TPM implementation
- dcrypto HMAC (DCRYPTO_HMAC_SHA256_init)
Updated hash_test.py to support different hash algorithms for hash
and HMAC, added HMAC tests.
BRANCH=cr50
TEST=make BOARD=cr50 CRYPTO_TEST=1 -j && test/tpm_test/tpmtest.py
BUG=b:138578319
Change-Id: I57da2f27734fc7e5dbc896d75c5f8b2ed60e3b18
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1854885
Reviewed-by: Gurleen Grewal <gurleengrewal@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Gurleen Grewal <gurleengrewal@google.com>
(cherry picked from commit 32c349afe72541570984a32bd85b8f1fcf2acb39)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2227074
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TPM test directory has bitrotted and does not compile any more,
leave alone pass tests. This patch updates the tests to match changed
EC codebase:
test/tpm_test/Makefile - look for include files in more directories
test/tpm_test/bn_test.c -
1. add support for OpenSSL 1.1 where BIGNUM structure became opaque
and require special functions to access it.
2. added backward compatibility layer for OpenSSL 1.0.2
3. fixed issues with OpenSSL memory allocations
4. added support to print details of failure
5. added more cases for modulo inverse testing
6. added testing for bn_div to increase branch coverage
BRANCH=cr50
BUG=none
TEST=./test/tpm_test (../../build/tpm_test/bn_test) now passes
Change-Id: Ida5fb07277909977f78ad1199e7a0f3677aabdc3
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1764711
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
(cherry picked from commit fb1d26a58e5511d70f747e8b943096c22dead07c)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2223147
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch assigns the bit offset 0 in TPM_BOARD_CFG register to
indicate the status of INT_AP_L extension. The bit 1 means INT_AP_L
pulse extension is activated, and 0 means it is not.
BUG=b:148691139
TEST=tested on atlas and on careena.
1. Checked the default TPM_BOARD_CFG (PWRDN_SCRATCH21) value was zero
and the INT_AP_L assertion duration was 4~10 microseconds.
> md 0x400000f4 1 // memory dump on GC_PMU_PWRDN_SCRATCH21
400000F4: 0x00000000
2. Attempted to change the board configuration (with a hacked UART
command.). The register value was unchanged.
> brdcfg 0x01
TPM_BOARD_CFG = 0x00000000
> md 0x400000f4 1
400000F4: 0x00000000
3. Forced to write the board configuration with a hacked UART command.
The register value was changed.
> brdcfg 0x01 force
TPM_BOARD_CFG = 0x80000001
> md 0x400000f4 1
400000F4: 0x80000001
4. Checked the INT_AP_L assertion duration extended to 110
microseconds or longer.
5. After cr50 deep sleep, checked the pulse duration was still
extended.
- turned AP off.
- disconnected Suzy-Qable.
- waited three seconds
- connected Suzy-Qable, and checked the reset cause was 'hibernate
rbox'.
> md 0x400000f4 1
400000F4: 0x8000001
6. With 100 usec long INT_AP pulse, checked trunks_cliend
regression_test, stress_test and ext_command_test runs good.
Checked dmesg and found no TPM errors through all tests.
(ap) $ trunks_client --regression_test
(ap) $ trunks_client --stress_test
(ap) $ trunks_client --ext_command_test
7.checked no character loss during uart_stress_tester.
(chroot) $ uart_stress_tester.py -c -t 600 /dev/ttyUSB2 /dev/ttyUSB1
8. the shortest duration of INT_AP_L assertion and deassertion
observed in logic analyzer were 110 usec and 152 usec.
9. measured the depthcharge exit timestamp and cr50 flash time with
or without INT_AP pulse extended to 100 usec, on atlas and helios:
-----------------+-------------------+------------------
| atlas | helios
-----------------+-------------------+------------------
boot (sec) | 1.398 -> 1.402 | 1.004 -> 1.011
cr50 flash (sec) | 10.800 -> 14.609 | 16.024 -> 16.466
-----------------+-------------------+------------------
Signed-off-by: Namyoon Woo <namyoon@google.com>
Change-Id: I2b9f9defb63cf05f9d91b741ccb4b49c4c6bc8e2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2202839
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the TPM vendor-defined register, TPM_BOARD_CFG,
which indicates the board configuration status. This register is
attributed as one-time-programmable and the value is maintained
across deep sleeps. Cr50 allows a write on this register right after
a cr50 reset until it receives a TPM2_PCR_Extend command.
BUG=b:148691139
TEST=none
Signed-off-by: Namyoon Woo <namyoon@google.com>
Change-Id: I89ae5a53c15990ef78812aec5da81a59f04d7d98
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2202838
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch applies INT_AP_L extension on I2CS. It uses
GPIO_MONITOR_I2CS_SDA to detect a transaction start during INT_AP_L
assertion and to deassert INT_AP_L.
BUG=b:148691139
TEST=None
Signed-off-by: Namyoon Woo <namyoon@google.com>
Change-Id: Iedd59b488dfdfaaf71dd71eda6437f1a9402d3c4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2150517
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a feature to extend each level of GPIO_INT_AP_L at
least for 100 microseconds. The assertion (low GPIO_INT_AP_L)
duration might be shorter only if AP asserts a SPS CS before
INT_AP_L deassertion, because it means means AP recognized
GPIO_INT_AP_L assertion already.
This patch increases the flash usage by 280 bytes.
BUG=b:148691139
TEST=None
Signed-off-by: Namyoon Woo <namyoon@google.com>
Change-Id: Ie74b236bc5352e9fc21fe600c12946e50955160a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2114430
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new option triggers sending the VENDOR_CC_SEED_AP_RO_CHECK vendor
command with the empty payload.
The Cr50 response indicates if the erase succeeded or there were
problems (either board ID space not erased, or flash erase operation
failed).
BUG=b:153764696
TEST=verified successful erase of the AP RO flash space on devices
with empty board ID space, and failure to erase in case board ID
space is programmed with the appropriate error message.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I4b7c981323771b73a837e766bd5e94e3824e8e00
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2204976
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a no-op change which will make it easier to have gsctool
report sensible errors in case attempts to erase AP RO hash space
fail.
BUG=b:153764696
TEST='make buildall -j' succeeds
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Iad396a52439ac7e4377f1dc983f00e976fabd8ad
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2207791
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch extends the VENDOR_CC_SEED_AP_RO_CHECK handler to erase the
AP RO hash space if two requirements are met:
- the vendor command payload is empty
- the board ID space in INFO1 is not programmed
Also, after this patch it would be impossible to program the AP RO
hash if the Board ID INFO1 field is set. This will prevent attempts to
write the hash by the users of existing devices.
BUG=b:153764696
TEST=after expanding gsctool was able to verify AP RO hash space erase
when allowed. Was able to write the hash when board ID space is
uninitialized, and was not able to write the hash when the Board
ID space is set.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I0d2409cb0a97bf98f52e7f10fd41660305638122
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2204975
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code opening the RO windows to make it possible to update or
enable the RO images, leaves the window open, allowing subsequent
writes into the RO space. It has been acceptable until now, because RO
updates are usually followed up by reboots.
With introduction of the AP RO hash, there is a need to close the
window (specifically, disable write access) when not in use. This
patch adds a function for that and uses the new function everywhere
where flash_open_ro_window() is called.
BUG=b:153764696
TEST=verified successful Cr50 RO and AP RO hash updates.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Ia595e5c7ce0beb1a67ef3513117984d18655a60c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2204973
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's make sure that should there be an error during flash write
operation saving the AP hash information, the error gets reported to
the AP in the VC response.
BUG=b:153764696
TEST='make buildall -j'
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Idf9f8d267cae923909c2afc777b95bb2c7b638b3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2202955
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When AP RO verification is attempted, a lot of thing could go wrong,
and the operator would usually have very little insight into what's
happening unless there is a terminal connected to the Cr50 console.
This patch adds a new log event for registering the AP RO verification
progress. The event payload is a single byte value, logging the
following events:
0 - refresh key press is detected
1 - power button has been released before AP RO check was triggered
2 - trigger sequence timeout (refresh button not pressed in time)
3 - AP RO check triggered
4 - could not run the check, hash space not programmed
5 - could not run the check, hash space corrupted
6 - AP RO verification failed
7 - AP RO verification succeeded
BUG=b:153764696
TEST=verified logging during various AP RO verification attempts:
$ gsctool -a -L
Log time zone is PST
Dec 31 69 16:00:01 : 00
May 06 20 21:20:49 : 09 01
May 06 20 21:21:53 : 09 00
May 06 20 21:21:54 : 09 00
May 06 20 21:21:55 : 09 03
May 06 20 21:21:56 : 09 07
May 06 20 21:23:03 : 09 00
May 06 20 21:23:04 : 09 00
May 06 20 21:23:05 : 09 02
May 07 20 11:21:52 : 09 00
May 07 20 11:21:53 : 09 00
May 07 20 11:21:54 : 09 01
May 08 20 11:57:21 : 09 00
May 08 20 11:57:22 : 09 00
May 08 20 11:57:23 : 09 03
May 08 20 11:57:24 : 09 04
May 08 20 12:07:15 : 09 00
May 08 20 12:07:16 : 09 00
May 08 20 12:07:17 : 09 03
May 08 20 12:07:19 : 09 07
May 08 20 12:09:20 : 09 00
May 08 20 12:09:21 : 09 00
May 08 20 12:09:22 : 09 03
May 08 20 12:09:23 : 09 06
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I739f9dbb2e7b8fc87601d61e1f87eb49d85bdf14
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2191283
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch flips on the switch for the AP RO verification
implementation.
BUG=b:153764696
TEST=generated AP integrity verification data using the ap_ro_hash.py
script and then ran the verification procedure, observing the
'hash match' message on the Cr50 console.
Also verified that the Open Box RMA procedure still succeeds.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I15f19aefcb11a055e66994e33976b98ce6fdf099
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2220829
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds plumbing necessary to invoke the AP RO verification function
in response to the operator entering the 'magic sequence' of holding
the power button pressed and pressing/releasing the refresh button
three times within five seconds.
The code used during the 'Open box RMA' verification process is used,
with the physical presence confirmation phase bypassed.
This patch also makes sure that attempts to use CCD to program AP or
EC flash while AP RO verification is in progress would fail.
BUG=b:153764696, b:154966209
TEST=with the next patch applied, generated AP integrity verification
data using the ap_ro_hash.py script and then ran the verification
procedure, observing the 'hash match' message on the Cr50
console.
Also verified that the Open Box RMA procedure still succeeds.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Ic101fb892554ebb05f9ebe6d1546bfb439f74043
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2171399
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
BRANCH=none
TEST=script works with a cr50 running 0.6.2
Change-Id: I14cfd8d90bff40843493d22576307421524d3350
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2207571
Reviewed-by: Wai-Hong Tam <waihong@google.com>
(cherry picked from commit be7c49d46cd1e8b94be5ce7b3752ec6f4a04223d)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2218678
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At this point images with testlab support are available. Fail if cr50 is
running a prod image that is too old.
BUG=none
BRANCH=none
TEST=none
Change-Id: I096502417c4a44b4a2f458a2a5601de2d154d5cf
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2207572
Reviewed-by: Wai-Hong Tam <waihong@google.com>
(cherry picked from commit 26dfe4442eb06ef1c3e60b47fbf2065c095de824)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2218679
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds code which accepts the vendor command communicating
the list of the AP firmware sections to verify and the expected
cumulative sha256 sum value of the sections.
The vendor command payload is checked for sanity: each range offset is
not expected to exceed 32M bytes (the largest possible SPI flash size)
and each size is not expected to exceed 4M bytes.
If any inconsistencies are found in the payload, or the flash
integrity space is already programmed, an error is returned to the AP.
It the command validity check succeeds, the payload of the vendor
command is prepended by a header including the number of the flash
regions to check and a 4 byte checksum of the stored information.
This combined information is stored in the dedicated H1 flash space,
specifically the RO_B region, at offset of 0x3000, 2K bytes page below
the region used for the flash log.
The valid RO range in upgrade_fw.c:set_valid_sections() is modified to
prevent erasing of the AP RO hash value during Cr50 RO updates.
The new file also introduces a function used to verify the AP flash
when requested. The returned value indicates one of three conditions:
- valid verification information not found
- AP flash integrity verification failed
- AP flash integrity verification succeeded
A new console command allows to examine the contents of the space
where the list of ranges and the sum are stored. CR50_DEV builds also
allow to erase the page.
BUG=b:153764696
TEST=with the rest of the patches applied verified successful
execution of the AP RO verification sequence.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I1894ef897a86e9d60b9f5bcff3a680f632239e1b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2171398
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes it possible to check if the INFO1 Board ID space is
programmed or not.
BUG=b:153764696
TEST='make buildall -j'
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Ic771956a08e276c2e1a426729a8ecdae3f86a04f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2204974
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
