summaryrefslogtreecommitdiff
path: root/board/cr50/board.c
Commit message (Collapse)AuthorAgeFilesLines
* cr50: only check the fwmp when its writtenMary Ruthven2023-04-181-2/+0
| | | | | | | | | | | | | BUG=b:278703558,b:268352167 TEST=set the fwmp. Verify the WP policy is updated and enforced. Change-Id: I8cedfc14ecd5c51eed996abaa9f55098c6f3e673 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4440807 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Commit-Queue: Andrey Pronin <apronin@chromium.org>
* cr50: add update fwmp policies hookMary Ruthven2023-04-171-0/+2
| | | | | | | | | | | | | | | Update the FWMP WP policies whenever the fwmp is written or whenever the AP comes out of reset. Add a board_fwmp_update_policies function that is when TPM_RST_L is deasserted and called _plat__NvInformIndexDataChanged shows the FWMP is written. BUG=b:268352167 TEST=make buildall -j Change-Id: Ia00a356b88a36fb879c208b248da08825f21abca Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4367524 Reviewed-by: Andrey Pronin <apronin@chromium.org>
* cr50: add a factory config spaceMary Ruthven2023-04-141-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a 64 bit write once factory config space to info1. If the factory has something they want to configure, they can use part of the space to store that configration. Right now nothing in cr50 uses the factory config space. If we need to modify cr50 behavior based on the space value, we can add functionality later. The factory just needs to set the bit in the factory config. BUG=b:214065944 TEST=manual Clear the Board ID set the config to 0. Verify it does nothing gsctool -a --factory_config 0 gsctool -a --factory_config 0 Set the flags gsctool -ai 0xffffffff:0x10 Set the config to something gsctool -a --factory_config 0x12345678cafecafe gsctool -a --factory_config 12345678CAFECAFE # Set it to the same thing. Verify cr50 returns EC_SUCCESS. gsctool -a --factory_config 0x12345678cafecafe gsctool -a --factory_config 12345678CAFECAFE [40.114944 write_factory_config: ok.] Try to set it to something else. Verify it's rejected because the space is set. gsctool -a --factory_config 0xcafe [43.331302 write_factory_config: factory cfg already programmed] gsctool -a --factory_config 12345678CAFECAFE Set the Board ID Type gsctool -ai ZZCR:0x10 Try to set the config again. Verify it's rejected because the board id type is set. gsctool -a --factory_config 0x12345678cafecafe Factory config failed. (7) gsctool -a --factory_config 12345678CAFECAFE Change-Id: Ie816ebffcf6c24ad94bbcd2dc2f0c3936caafb11 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4424873 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* cr50: enable key combo0 on all boardsMary Ruthven2022-11-071-7/+4
| | | | | | | | | | | | | | Key combo0 needs to be enabled on all boards, so it can be used to release the device from reset after AP RO verification fails. BUG=b:236844541 TEST=pwrb + refresh releases ec rst after AP RO verification failed on hatch Change-Id: If5d434a32aba09fd4af85cd668d34997d5851216 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4009402 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* fix ChromiumOS authors and whitespace warningsMary Ruthven2022-09-131-1/+1
| | | | | | | | | | | BUG=none TEST=none Change-Id: I61b0b0106a43f723ec3bc805eb190aef00bbd05b Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3894391 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* apro: clear AP_RO_FAIL on combo0Mary Ruthven2022-08-251-0/+5
| | | | | | | | | | | | | | | | | | | | | | There are a couple of known issues saving the AP RO verification hash in cr50, so it's possible AP RO verification will fail even if the AP RO is ok. Add support for releasing the EC from reset with PWRB + refresh after AP RO verification fails. This just makes it easier to recover the device. If the device is released from reset, the status is set to AP_RO_FAIL_CLEARED and a APROF_FAIL_CLEARED flog event is logged. This only releases EC reset if the device failed AP RO verification. Any other verification status won't get cleared by the key combo. BUG=b:240530668 TEST=trigger verification on a device with a bad hash. Verify the EC is held in reset until PWRB + refresh is pressed. make -C extra/usb_updater gsctool Change-Id: I03a02501e7c91a41374816d82f48a5289f289c39 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3805820 Reviewed-by: Andrey Pronin <apronin@chromium.org>
* gpio: add gpio flags to disable sleepMary Ruthven2022-04-271-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add GPIO_SLEEP_DIS_LOW and GPIO_SLEEP_DIS_HIGH to disable sleep when a gpio with one of those flags is asserted. GPIO_SLEEP_DIS_LOW disables sleep when the signal is set to 0. GPIO_SLEEP_DIS_HIGH disables sleep when the signal is set to 1. This will disable all forms of sleep. The flags can be used for ccd signals to ensure cr50 doesn't enter sleep while c2d2 or servo micro are relying on a ccd signal to flash the device. These flags should not be add to signals used during normal cr50 operation. They disable regular sleep regular sleep so using them will significantly increase cr50 power consumption. This change adds GPIO_SLEEP_DIS_HIGH to AP_FLASH_SELECT. I'll add more signals in followup CLs. This change also replaces SLEEP_MASK_CHARGING with SLEEP_MASK_GPIO. Nothing was using SLEEP_MASK_CHARGING. BUG=b:229974371 TEST=Toggle AP_FLASH_SELECT while the AP is off. Verify cr50 doesn't enter deep sleep and the gpiocfg and sleepmask output looks ok. > gpioset AP_FLASH_SELECT 1 > gpiocfg GPIO0_GPIO1: read 0 drive 0 GPIO0_GPIO2: read 1 drive 1 GPIO1_GPIO0: read 0 INT_RISING GPIO1_GPIO1: read 0 INT_HIGH GPIO1_GPIO4: read 0 INT_FALLING GPIO1_GPIO5: read 0 drive 1 GPIO1_GPIO7: read 0 INT_RISING GPIO1_GPIO8: read 0 INT_FALLING gpio sleepmask: 00001000 > sleepmask sleep mask: 00000008 > gpioset AP_FLASH_SELECT 0 > gpiocfg GPIO0_GPIO1: read 0 drive 0 GPIO0_GPIO2: read 0 drive 0 GPIO1_GPIO0: read 0 INT_RISING GPIO1_GPIO1: read 0 INT_HIGH GPIO1_GPIO4: read 0 INT_FALLING GPIO1_GPIO5: read 0 drive 1 GPIO1_GPIO7: read 0 INT_RISING GPIO1_GPIO8: read 0 INT_FALLING gpio sleepmask: 00000000 > sleepmask sleep mask: 00000000 > Change-Id: I1de35455c5a6702635fb714b14d6791f8e5eb2ed Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3605881 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* cr50: deassert AP_FLASH_SELECT before deep sleepMary Ruthven2022-04-271-0/+7
| | | | | | | | | | | BUG=b:229974371 TEST=Assert AP_FLASH_SELECT then enter and exit deep sleep on EC-EFS board. Change-Id: I00437076ef4881dd60dd67e511100410dd155555 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3607064 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* cr50: return the time since user_pres was assertedMary Ruthven2022-03-011-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a vendor command that returns the time since user_pres_l was asserted. This is only used for testing. Tracking user_pres_l needs to be enabled with a vendor command since DIOM4 may not be pulled up and may be pulled down on old boards. Enabling the vendor command survives deep sleep reset. It gets cleared after cr50 reset. Cr50 clears the user_pres_l status if tracking is disabled. BUG=b:219981194,b:208504127 TEST=manual # Verify it survives deep sleep sudo gsctool -y enable sudo gsctool -y ... user pres enabled # enter deep sleep sudo gsctool -y ... user pres enabled # Verify it doesn't survive cr50 reboot sudo gsctool -y enable sudo gsctool -y ... user pres enabled cr50 > reboot sudo gsctool -y ... user pres disabled # Check gsctool output after triggering DIOM4 pulse sudo gsctool -y enable # Trigger pulse and wait 5 seconds sudo gsctool -y ... user pres enabled last press: 5064331 Change-Id: Ib37980a5cd8d3378bf718e8e32a7d4152435a816 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3495863 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: reset the ec efs boot_mode after the key combo0 is pressedMary Ruthven2022-02-211-4/+15
| | | | | | | | | | | | | | Cr50 resets the EC when key_combo0 is pressed, so it can clear the ec boot mode. BUG=b:219102909 TEST=none Change-Id: I3d024b5a16d5658cf259b5513513e7734aa62d31 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3457894 Reviewed-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
* add vendor command to disable deep sleepMary Ruthven2022-01-261-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a vendor command to disable deep sleep the next time TPM_RST_L is asserted. Normally cr50 enters deep sleep whenever TPM_RST_L is asserted. New boards want to disable deep sleep during certain power states. This vendor command allows the AP to disable deep sleep for the next suspend cycle. When deep sleep is disabled, cr50 modifies TPM_RST_L to be WAKE_HIGH and sets it back to WAKE_LOW after TPM_RST_L is deasserted, so TPM_RST_L doesn't constantly wake cr50 from regular sleep. This uses 248 bytes BUG=b:214479456 TEST=manual # Check G3 resume works ok. # Disable Deep Sleep from the AP. The vendor command is 59 # (0x3b) trunks_send --raw 80010000000c20000000003b ccdstate DS Dis: on AP > shutdown -P now ... [454.992733 Block DS] ccdstate DS Dis: on pinmux 40060018: DIOM3 0 IN WAKE_HIGH idle idle action: sleep # Verify cr50 starts cycling through sleep spinner at two ticks # a second. EC > powerbtn # check the cr50 console ... A�UART on] 10/ 1 [102.484012 Missed edge] [102.484352 deferred_tpm_rst_isr] [102.484580 AP on] [102.484779 set TPM wake] [102.484981 tpm_reset_request(0, 0)] [102.485279 tpm_reset_now(0)] [547.928375 AP on] [547.928615 set TPM wake] pinmux 40060018: DIOM3 0 IN WAKE_LOW # Disable Deep Sleep from the AP. The vendor command is 59 # (0x3b) trunks_send --raw 80010000000c20000000003b ccdstate DS Dis: on ecrst pulse ... [602.638427 AP on] [547.928615 set TPM wake] [602.638668 tpm_reset_request(0, 0)] ... ccdstate DS Dis: off # Check S3 resume works ok. # Use AP commands to enter S3 AP > trunks_send --raw 80010000000c20000000003b AP > echo deep > /sys/power/mem_sleep AP > echo mem > /sys/power/state 10\ 1 [243.409412 dis DS] 1|[249.536811 tpm_rst_asserted] [250.537197 AP off] [250.537631 Block DS] # Wake the AP with a power button press from the EC EC > powerbtn # verify cr50 prints "Missed edge", but the device resumes ok. 1/ 10- 1 [270.112655 Missed edge] [270.113037 deferred_tpm_rst_isr] [270.113315 AP on] [270.113529 set TPM wake] [270.113712 tpm_reset_request(0, 0)] [270.114013 tpm_reset_now(0)] [270.116996 tpm_init] tpm_manufactured: manufactured [270.118301 tpm_reset_now: done] [270.156967 PinWeaver: Loading Tree!] [270.189353 Skipping commit] Change-Id: I96049a9d38b5c66acad9c73628f588f4cf6b2b3f Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3406587 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* cr50: make strap errors louderMary Ruthven2022-01-251-4/+4
| | | | | | | | | | | | | | | | | | | | | Add "ERROR" and some exclamation points to make invalid strap messages more noticeable. BUG=b:214550629 TEST=look at invalid strap error messages on red board. strap pin readings: a1:3 a9:1 a6:1 a12:3 [0.005569 WARN Ambiguous strap cfg. Use spi based on old brdprop.] [0.006675 get_properties: ERROR NO TABLE ENTRY!!! cfg: 0x7 prop: 0x1] strap pin readings: a1:3 a9:1 a6:1 a12:3 [0.005649 get_properties: ERROR INVALID STRAP PINS!!! cfg 0xd7 prop 0x42 Change-Id: Ie1e29fd4152a2b3f984989e37b771339895e6a0e Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3390071 Reviewed-by: Douglas Anderson <dianders@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* H1_RED_BOARD: unconditionally use red board brdpropstabilize-wristpin-14469.59.B-cr50_stabstabilize-14477.B-cr50_stabstabilize-14469.9.B-cr50_stabstabilize-14469.8.B-cr50_stabstabilize-14469.58.B-cr50_stabstabilize-14469.41.B-cr50_stabrelease-R99-14469.B-cr50_stabMary Ruthven2022-01-151-5/+5
| | | | | | | | | | BUG=none TEST=cr50 uses red board straps after power-on and hard resets. Change-Id: I0ee4a48a3e8661565dede1f7686cf6b2e1181914 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3386406 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* brdprop: log invalid and ambiguous eventsMary Ruthven2022-01-151-0/+46
| | | | | | | | | | | | | | | | Log brdprop errors in flog, so the team can track brdprop errors from the AP without grepping through cr50 logs. BUG=b:214550629 TEST=flash on red board. Verify invalid strap events are logged. enable closed-loop-reset on the red board. Verify "ambiguous" strap logs are ignored. Change-Id: Ibea73fb19119fa81ed3652c5d68e430cdbae9fa5 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3386405 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* H1_RED_BOARD: modify get_propertiesMary Ruthven2021-12-151-4/+5
| | | | | | | | | | | | | Only default to SPI and PLT_RST when no valid properties are found. BUG=b:210760012 TEST=make clobber ; make -j BOARD=cr50 CRYPTO_TEST=1 H1_RED_BOARD=1 Change-Id: Ic2842bc305322deb5fdc43e1d3487d499e9cb23b Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3341778 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: merge crypto_enabled() and fips_crypto_allowed()Vadim Sukhomlinov2021-08-311-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to block access to all crypto in case of FIPS errors. There are multiple steps to implement, this is one of few. There is common API crypto_enabled() which is used by nvmem and some other functions to check wherever access to crypto is possible. This is same intent as fips_crypto_allowed(), though the latter checks for FIPS KAT errors, while the former checks only key ladder status. Here we make all FIPS errors to revoke access from key ladder, and fips_crypto_allowed() to check key ladder status. This way we also ensure that in case of FIPS errors access to device secrets will be blocked. We moved crypto_api.c from chip/g to board/cr50 to move crypto_enabled() into fips.c and alias it to fips_crypto_enabled(). crypto_api.h is no longer included from dcrypto.h, and compile time assert for cipher salt size is moved to proper place. Since crypto is used by nvmem_init(), move FIPS power-up tests earlier to ensure nvmem_init() can access crypto. BUG=b:197893750 TEST=make CRYPTO_TEST=1; tpm_test; check nvmem is properly initialized on board_init(). Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: If70c2a21d61348bd97a47e26db5d8eec08bbf8ed Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3123836 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* add BOARD_CCD_REC_LID_PIN_DIOA12 to Zork brdpropstabilize-14189.B-cr50_stabMary Ruthven2021-08-271-1/+2
| | | | | | | | | | | | | | | | Make DIOA12 an output on Zork, so it can be used for the ccd recovery or lid switch signals. BUG=b:197916691 TEST=setting CCD_REC_LID_PIN toggles lid_open on tomato Change-Id: I755498fd9bb9b764b0e0aa2bf0394c45b087c767 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3124565 Reviewed-by: Ting Shen <phoenixshen@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Ting Shen <phoenixshen@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* cr50: replace direct calls to EC OS from FIPS module with callbacksVadim Sukhomlinov2021-08-231-0/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to implement self-integrity test for FIPS module we need to make sure binary code of module in image doesn't change from build to build. To do that we already place FIPS module as constant address. However, any call to functions outside the module creates a relocation which is changing depending on location of that external function in the image. To prevent that we either need to bring these functions in the module like it was done with memcpy() and some others or replace their invocations with callbacks. Task & Memory management functions are hard to bring in the module, so replace few invocations with indirect calls using vtable. This way invocation code will remain the same. 1. Identify and minimize dependency on EC OS - remove few asserts and cprintfs. 2. Remove checking privilege level in TRNG init - we know that it is high by the order of initialization in board_init() and that our RO doesn't drop permissions. Correct initialization of TRNG is important for certification, so we can't just assume it may be initialized improperly. 3. Added vtable with EC OS functions, initialization of FIPS module vtable in board_init(). 4. Switched to using vtable instead of direct calls. Note, we continue to use EC OS with CRYPTO_TEST=1 to reduce vtable size and image size. BUG=b:138578318 TEST=make BOARD=cr50; tests Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: Ibd7bd2353fc4e7e5886f9bfef96b36dc64ff2359 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3107847 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Andrey Pronin <apronin@chromium.org>
* cr50: refactor TRNG use, implement rand() using read_rand()Vadim Sukhomlinov2021-08-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | In preparation to switching from TRNG to DRBG, refactor to remove duplicated code, reduce code size. 1. Isolate hardware-dependent code (trng.c) from platform-agnostic in fips_rand.c. This will enable better host emulation for tests. 2. Change how read_rand() returns status to take advantage of ARM ABI. Unfortunately any composite type on ARM is returned on stack. Use uint64_t with combined validity flag in high bits and random in low 32 bits. This alone reduce code size around 100 bytes. 3. Avoid code duplication by implementing rand() using read_rand(). 4. Drop use of common/trng.h to reduce dependency on code outside boundary. To be completed with migration to DRBG. BUG=b:138577416 TEST=make BOARD=cr50 CRYPTO_TEST=1; rand_perf and FIPS tests Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: Ifdc42e7210414a4abeac8c132a684e451fbbc19c Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3100489 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: update FIPS initialization logic to match security policyVadim Sukhomlinov2021-08-131-52/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | FIPS security policy was updated to move U2F key management out of scope as it doesn't add anything from certification standpoint on L1, but greatly complicates design and requires flash operations to be in the FIPS module boundary. This change aligns FIPS initialization flow with security policy: 1) Checking of U2F key type is removed and would be handled during U2F command processing to choose approved / not-approved key gen. 2) FIPS module is always in approved mode when self-integrity tests, known-answer tests and TRNG power-up tests succeeds. 3) Implementation of console command and TPM2 command moved out of FIPS boundary. BUG=b:134594373 TEST=make BOARD=cr50 [CRYPTO_TEST=1]; console commands Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I03fc8fa450927e4d37e691770e872e7ffa5b628d Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3093088 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: drop cryptoc for SHA1/SHA2 supportstabilize-14150.882.B-cr50_stabstabilize-14150.881.B-cr50_stabstabilize-14150.74.B-cr50_stabstabilize-14150.734.B-cr50_stabstabilize-14150.64.B-cr50_stabstabilize-14150.43.B-cr50_stabstabilize-14150.376.B-cr50_stabrelease-R94-14150.B-cr50_stabrelease-R94-14150.49.B-cr50_stabVadim Sukhomlinov2021-08-121-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To implement FIPS module we need to bring many crypto functions in the module boundary. Unfortunately, cryptoc is a third-party library used by dcrypto code in cr50. Cryptoc is also not well-maintained and shared with other projects. While just making local copy of cryptoc would solve an issue, it's suboptimal as prevents from many optimizations and improvements. Provided SHA & HMAC implementations from Ti50 project. This provides better performance (500us vs. 670us earlier for HMAC DRBG) and reduce code size. This implementation also enables stack use savings when only specific digest is needed. Earlier SHA512 context was allocated when only SHA256 is needed greatly increasing stack consumption for code using HMAC_DRBG and others. However, it introduce subtle API changes which require handling. As for tests, since core implementation is hardware-independent, make it available for BOARD=host too. Before change (with cryptoc): *** 12368 bytes in flash and 5784 bytes in RAM After: *** 13136 bytes in flash and 5796 bytes in RAM BUG=b:138578318 TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I2ff5362aee9078ce83dc1f8081943a5101d5f666 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3064201 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* tpm_mode: make available to all boards and restore on resetsVadim Bendebury2021-06-301-30/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch removes the restriction of TPM_MODE vendor command, allowing any board's AP to disable TPM mode if required. In addition, TPM reset processing flow is being modified to always reboot the H1 in case TPM reset happens when TPM is disabled. BUG=b:191180387, b:191180208 TEST=on an Atlas device: localhost ~ # gsctool -a -f start target running protocol version 6 keyids: RO 0xaa66150f, RW 0x334f70df offsets: backup RO at 0, backup RW at 0x4000 Current versions: RO 0.0.11 RW 0.6.30 $ localhost ~ # gsctool -a -m disable TPM Mode: disabled (2) localhost ~ # gsctool -a -f start [WARNING:bus.cc(638)] Bus::SendWithReplyAndBlock took 1516ms to... Problems reading from TPM, got 10 bytes Failed to start transfer localhost ~ # reboot -- GSC reboots during device rebnoot localhost ~ # gsctool -a -f start target running protocol version 6 keyids: RO 0xaa66150f, RW 0x334f70df offsets: backup RO at 0, backup RW at 0x4000 Current versions: RO 0.0.11 RW 0.6.30 localhost ~ # reboot -- GSC does NOT reboot during device rebnoot Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: I492bd2f201f3c5c7d1cd9b228ec6ab1cdcf8fa53 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2987913 Reviewed-by: Mary Ruthven <mruthven@chromium.org>
* cr50: switch SPI CS to GPIO modestabilize-RUST-14057.B-cr50_stabstabilize-14057.B-cr50_stabVadim Bendebury2021-06-251-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | To be able to send and receive multiple SPI buffer quantities in a single SPI transaction it is necessary to control the SPI CS signal directly, as opposed to connecting it to the SPI controller. Direct mode allows to keep CS asserted as long as necessary to transfer the full data blob, size of which might exceed the the size of the SPI controller buffer. BUG=b:79492818 TEST=flashrom access still works fine: $ flashrom -p raiden_debug_spi:target=ap --flash-name flashrom f10dff7b-dirty on Linux 5.4.0-71-generic (x86_64) flashrom is free software, get the source code at https://flashrom.org Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns). Raiden target: 2 Found GigaDevice flash chip "GD25Q127C/GD25Q128C" (16384 kB, SPI) on... vendor="GigaDevice" name="GD25Q127C/GD25Q128C" Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: Idecf019d3fd19675d7f78e4dc1140106a2112c6b Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2973580 Reviewed-by: Mary Ruthven <mruthven@chromium.org>
* ap_ro_integrity_check: skip verify based on RLZMary Ruthven2021-06-181-0/+69
| | | | | | | | | | | | | | | | | | | Some factories programmed hashes into devices that don't support reading from AP flash while EC_RST_L is asserted. Skip AP RO verification on these devices if the RLZ is blocked. BUG=b:185783841 TEST=manual Set board id to YVRQ:0x10 Verify AP RO verification can be triggered Set board id to VYRC:0x10 Verify AP RO verification is skipped even if the hash is stored. Change-Id: I7ef5ceafd55ae5e90b4a754d1e92317a9a745ef9 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2950313 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* brdprop: print tpm-board-cfgMary Ruthven2021-06-181-1/+1
| | | | | | | | | | | BUG=b:186446598 TEST=none Change-Id: I0192cd85904fe162c38bbedd5321187bc24be8d9 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2970991 Reviewed-by: Namyoon Woo <namyoon@chromium.org> Commit-Queue: Namyoon Woo <namyoon@chromium.org>
* CRYPTO_TEST: open ccdMary Ruthven2021-05-251-1/+1
| | | | | | | | | | | | | CRYPTO_TEST images don't need to have restricted CCD. Open CCD for crypto test images like we do for DBG images. BUG=none TEST=ccd is automatically open in crypto test images Change-Id: I674ef9055e1a87caf9f8b2b28f9893e79ed9e7e5 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2916576 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* add CONFIG_CMD_ROLLBACKMary Ruthven2021-05-071-1/+1
| | | | | | | | | | | | | Add CONFIG_CMD_ROLLBACK for building the rollback command. BUG=b:186663661 TEST=flash usage doesn't change with make -j BOARD=cr50 Change-Id: Iea22485368fbb57eed114653c6f78758cc5c8111 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2875476 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Namyoon Woo <namyoon@chromium.org>
* isolate CONFIG_AP_RO_VERIFICATIONMary Ruthven2021-05-071-0/+2
| | | | | | | | | | | | | | | Isolate CONFIG_AP_RO_VERIFICATION BUG=b:186663661 TEST=flash usage doesn't change with make -j BOARD=cr50 #undef CONFIG_AP_RO_VERIFICATION doesn't have build errors. Change-Id: I9bf7e897a44302062551ecb553236a08dc96432e Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2875474 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Namyoon Woo <namyoon@chromium.org>
* add CONFIG_CMD_SYSRSTMary Ruthven2021-05-071-9/+11
| | | | | | | | | | | | | Add CONFIG_CMD_SYSRST to control building the sysrst command. BUG=b:186663661 TEST=flash usage doesn't change with make -j BOARD=cr50 Change-Id: I4922b5b55d895bc2f4b43614fe2af210c5fbe134 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2875469 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Namyoon Woo <namyoon@chromium.org>
* add CONFIG_CMD_ECRSTMary Ruthven2021-05-071-0/+2
| | | | | | | | | | | | | Add CONFIG_CMD_ECRST to control building the ecrst command. BUG=b:186663661 TEST=flash usage doesn't change with make -j BOARD=cr50 Change-Id: Ia3b7a0284c594d03257fa669bff0ab8bec155125 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2875468 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Namyoon Woo <namyoon@chromium.org>
* add 'atboot' arg to rddkeepalivestabilize-13895.B-cr50_stabMary Ruthven2021-04-011-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add 'atboot' arg to rddkeepalive that can be used to store rddkeepalive across cr50 resets. The atboot flag gets cleared with rddkeepalive disable. BUG=b:144724216 TEST=manual # Verify 'rddkeepalive disable' is unchanged rddkeepalive disable Using actual Rdd state rddkeepalive Rdd: connected # Verify 'rddkeepalive enable' is unchanged rddkeepalive enable Forcing Rdd detect keepalive rddkeepalive Rdd: keepalive # Verify 'rddkeepalive disable' disables keepalive rddkeepalive disable Using actual Rdd state rddkeepalive Rdd: connected ccd ... Flags: 0x000000 # Verify 'rddkeepalive enable atboot' enables keepalive and sets # the atboot flag. rddkeepalive enable atboot Forcing Rdd detect keepalive atboot. rddkeepalive Rdd: keepalive (atboot) # check the ccd rddkeepalive atboot flag (0x80000) ccd ... Flags: 0x080000 reboot ... rddkeepalive Rdd: keepalive (atboot) ccd ... Flags: 0x080000 # Verify this new string doesn't break dut-control dut-control cr50.ccd_keepalive_en ccd_keepalive_en:on # 'rddkeepalive enable' doesn't touch the atboot flag rddkeepalive enable Forcing Rdd detect keepalive rddkeepalive Rdd: keepalive (atboot) # 'rddkeepalive disable' clears it. rddkeepalive disable Using actual Rdd state rddkeepalive Rdd: connected Change-Id: I10227e335a5de6ed73290ff5be2e65892913de35 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2799441 Reviewed-by: Namyoon Woo <namyoon@chromium.org>
* ec-comm: make EC_PACKET_MODE_EN a wake source in all statesMary Ruthven2021-04-011-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enable EC_PACKET_MODE_EN wake on high in ec_comm_init_ instead of board_configure_deep_sleep_wakepins, so cr50 will wake from regular sleep and deep sleep when EC_PACKET_MODE_EN is asserted. BUG=b:183611249 TEST=manual # Verify EC-EFS after wake from deep sleep # shutdown AP wait for cr50 to enter deep sleep ec > reboot ap-off # wait for cr50 to enter deep sleep. # Verify cr50 wakes up from deep sleep and verifies EC hash. ec > reboot ap-off # Verify EC-EFS after wake from sleep # keep AP off. Set the idle action to sleep cr50 > idle s # Disable TPM_RST_L wake to prevent that from constantly waking # cr50. cr50 > rw 0x40060284 read 0x40060284 = 0x00860008 cr50 > rw 0x40060284 0x00860000 # Verify cr50 wakes up from sleep and verifies EC hash. ec > reboot ap-off Change-Id: I7fc31154becaafaa536fc1ee6775a7723e49a469 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2799447 Reviewed-by: Namyoon Woo <namyoon@chromium.org>
* coil: cleanup i2c commentsMary Ruthven2021-01-081-3/+3
| | | | | | | | | | | | Remove coil terms from i2c comments BUG=b:175244613 TEST=make buildall -j Change-Id: If056c099304e1fa676991e22ddaa9cb91ccfdeb3 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613509 Reviewed-by: Namyoon Woo <namyoon@chromium.org>
* coil: rename i2cs files to i2cpMary Ruthven2021-01-081-1/+1
| | | | | | | | | BUG=b:175244613 TEST=make buildall -j Change-Id: Iea0b26d4aec99509bc2db0ccc3ad8da701d63e79 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613505
* coil: rename I2CS gpiosMary Ruthven2021-01-071-1/+1
| | | | | | | | | | | | | We can't change the register names at this point. We can only change the gpios. This changes the gpio names. BUG=b:175244613 TEST=make buildall -j Change-Id: I0dadd84bbb3d19011e86428b79d0cb08321c35e3 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2611762 Reviewed-by: Namyoon Woo <namyoon@chromium.org>
* coil: i2cs -> i2cpMary Ruthven2021-01-071-7/+7
| | | | | | | | | | | | | | | | | Rename i2cs functionas and variables to i2cp. Change some basic comments. I will rework the i2cp comments to stop using controller when referring to the i2cp, because it's kind of confusing now that master has been renamed to controller. BUG=b:175244613 TEST=make buildall -j Change-Id: I9574e77ab42427ca90d5b8a6421793f52e519f67 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2611761 Reviewed-by: Namyoon Woo <namyoon@chromium.org>
* coil: I2C_PORT_MASTER -> I2C_PORT_CONTROLLERMary Ruthven2021-01-071-1/+1
| | | | | | | | | | BUG=b:175244613 TEST=make buildall -j Change-Id: If5b5dc1b2390dfec43955ec88a959ba26b52082b Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2611758 Reviewed-by: Namyoon Woo <namyoon@chromium.org>
* coil: brdprop BOARD_SLAVE->BOARD_PERIPHMary Ruthven2021-01-061-17/+17
| | | | | | | | | | BUG=b:175244613 TEST=make buildall -j Change-Id: I6743d715ff9b2b46aad212d8496b1314e89fa685 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613455 Reviewed-by: Namyoon Woo <namyoon@chromium.org>
* Add debug message for detachable cutoffMary Ruthven2020-12-101-0/+1
| | | | | | | | | | | | | | Print "AC: wait" when cr50 starts waiting to see if AC present stays disconnected for 5 seconds. BUG=b:175287237 TEST=none Change-Id: Iaaf1349e1486c4df135139f31774466d1a58e962 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2585264 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* fips: move FIPS power-up test completion to PMU_PWRDN_SCRATCH22Vadim Sukhomlinov2020-08-061-8/+3
| | | | | | | | | | | | | | | | | | | | | | | | Status of completion of power-up tests was in long life register which survives reboots and even firmware upgrades, which is not an intended behavior. Moving status to PWRDN register makes it reset on graceful reboots and firmware upgrades, but avoid running tests on wake from deep sleep. This switch also enables use of multiple bits to indicate status of tests, which makes it more fault tolerant. BUG=b:138577491 TEST=make BOARD=cr50, then deassert DIOM3 to trigger deep sleep FIPS power-on tests shouldn't run on wake. Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I098940e45afd5b5b9447b2780ff69372a922c03f Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2330976 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* cr50: do not trigger unnecessary legacy NVMEM partition checksVadim Bendebury2020-06-221-1/+1
| | | | | | | | | | | | | | | | The logic of deciding if the alternative RW image is newer than a certain version needs to be updated to accommodate moving to higher prod and prepvt major version numbers. BUG=none TEST=the 'nvmem_find_partition: No Legacy Partitions found.' message is not printed during startup any more when updating from 6.3 to 6.4. Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: I59e18712b3365446c29f569bf0b50f95ab67df95 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2250658 Reviewed-by: Mary Ruthven <mruthven@chromium.org>
* cr50/board: add board-local FIPS settingVadim Sukhomlinov2020-06-161-0/+59
| | | | | | | | | | | | | | | | | | | | | | | Implement board-local configuraration of FIPS 140-2/3 policy as complementary to FWMP policy. This is intended mostly for lab testing and dogfooding, when FWMP policy is not feasible. board_fips_enforced() returns status of FIPS from FWMP and NVRAM and caches state to avoid expensive operations later. BUG=b:138577491 TEST=manual, make buildall -j Actual test command to be added in upcoming CLs Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: I8fa651e56e6e76a87bbc4dd911e7a8c0546e7e0f Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2247112 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
* ap_ro: add handling of the corrupted hashVadim Bendebury2020-06-051-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch closes the AP RO verification loop on the Cr50 side. If the check is triggered, the valid AP hash is found, and the RO contents is found to not match the hash, the Cr50 will - assert the EC reset; - set a flag to prevent the code from deasserting EC reset; - start a periodic hook to reassert EC reset in case the user hits power+refresh. This will prevent the Chrome OS device from booting. A new CLI command is being added to display the verification state. In developer images the new command would allow to clear the failure state, when running prod images the only way out of the failure state would be the powercycle. BUG=b:153764696 TEST=verified that erasing or programming AP RO hash when board ID is set is impossible. Verified proper shutdown in case AP RO has is present and the AP RO space is corrupted and recovery using the new cli command when running a dev image. Verified that 'ecrst off' properly reports the override. Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: I1029114126a9a79f80385af7bc8d5467738e04ca Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2218676 Reviewed-by: Mary Ruthven <mruthven@chromium.org>
* remove CR50_SQAMary Ruthven2020-06-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | SQA images won't be built anymore. This change removes the SQA support. It deletes all SQA ifdefs and replaces CR50_RELAXED with CR50_DEV. BUG=b:158011401 TEST=manual build regular image and check eraselfashinfo and rollback aren't included. build image with CR50_SQA=1 and check it's no different than the regular image. build DBG image and make sure it still starts open, it has the eraseflashinfo and rollback commands, and it can flash old cr50 images. Change-Id: I5e94c88b1903cfcf0eee0081fc871e55fc8586c7 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2227149 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Namyoon Woo <namyoon@chromium.org>
* Introduce BOARD_CFG_LONG_INT_AP_BIT in TPM_BOARD_CFG registerNamyoon Woo2020-06-011-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch assigns the bit offset 0 in TPM_BOARD_CFG register to indicate the status of INT_AP_L extension. The bit 1 means INT_AP_L pulse extension is activated, and 0 means it is not. BUG=b:148691139 TEST=tested on atlas and on careena. 1. Checked the default TPM_BOARD_CFG (PWRDN_SCRATCH21) value was zero and the INT_AP_L assertion duration was 4~10 microseconds. > md 0x400000f4 1 // memory dump on GC_PMU_PWRDN_SCRATCH21 400000F4: 0x00000000 2. Attempted to change the board configuration (with a hacked UART command.). The register value was unchanged. > brdcfg 0x01 TPM_BOARD_CFG = 0x00000000 > md 0x400000f4 1 400000F4: 0x00000000 3. Forced to write the board configuration with a hacked UART command. The register value was changed. > brdcfg 0x01 force TPM_BOARD_CFG = 0x80000001 > md 0x400000f4 1 400000F4: 0x80000001 4. Checked the INT_AP_L assertion duration extended to 110 microseconds or longer. 5. After cr50 deep sleep, checked the pulse duration was still extended. - turned AP off. - disconnected Suzy-Qable. - waited three seconds - connected Suzy-Qable, and checked the reset cause was 'hibernate rbox'. > md 0x400000f4 1 400000F4: 0x8000001 6. With 100 usec long INT_AP pulse, checked trunks_cliend regression_test, stress_test and ext_command_test runs good. Checked dmesg and found no TPM errors through all tests. (ap) $ trunks_client --regression_test (ap) $ trunks_client --stress_test (ap) $ trunks_client --ext_command_test 7.checked no character loss during uart_stress_tester. (chroot) $ uart_stress_tester.py -c -t 600 /dev/ttyUSB2 /dev/ttyUSB1 8. the shortest duration of INT_AP_L assertion and deassertion observed in logic analyzer were 110 usec and 152 usec. 9. measured the depthcharge exit timestamp and cr50 flash time with or without INT_AP pulse extended to 100 usec, on atlas and helios: -----------------+-------------------+------------------ | atlas | helios -----------------+-------------------+------------------ boot (sec) | 1.398 -> 1.402 | 1.004 -> 1.011 cr50 flash (sec) | 10.800 -> 14.609 | 16.024 -> 16.466 -----------------+-------------------+------------------ Signed-off-by: Namyoon Woo <namyoon@google.com> Change-Id: I2b9f9defb63cf05f9d91b741ccb4b49c4c6bc8e2 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2202839 Tested-by: Namyoon Woo <namyoon@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Namyoon Woo <namyoon@chromium.org>
* Introduce TPM_BOARD_CFG registerNamyoon Woo2020-06-011-0/+30
| | | | | | | | | | | | | | | | | | This patch adds the TPM vendor-defined register, TPM_BOARD_CFG, which indicates the board configuration status. This register is attributed as one-time-programmable and the value is maintained across deep sleeps. Cr50 allows a write on this register right after a cr50 reset until it receives a TPM2_PCR_Extend command. BUG=b:148691139 TEST=none Signed-off-by: Namyoon Woo <namyoon@google.com> Change-Id: I89ae5a53c15990ef78812aec5da81a59f04d7d98 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2202838 Tested-by: Namyoon Woo <namyoon@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Namyoon Woo <namyoon@chromium.org>
* make cr50 agnostic about EC-EFS2Namyoon Woo2020-05-141-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch makes cr50 respond EC-EFS2 related TPM commands no matter it has the board property, BOARD_EC_CR50_COMM_SUPPORT or not. board_has_ec_cr50_comm_support() calls remain for configuring GPIO_EC_PACKET_MODE_EN only. BUG=b:155214584 TEST=checked gsctool running on Coral. [before] $ gsctool --getbootmode finding_device 18d1:5014 Found device. found interface 3 endpoint 4, chunk_len 64 READY ------- Error 8 in Getting boot mode [after] $ gsctool --getbootmode finding_device 18d1:5014 Found device. found interface 3 endpoint 4, chunk_len 64 READY ------- Boot mode = 0x00: NORMAL Also checked 'ec_comm' uart command. [before] > ec_comm No EC-CR50 comm support Invalid argument Usage: ec_comm [corrupt] [after] > ec_comm uart : 0xff packet mode : DISABLED phase : 0 preamble_count : 0 bytes_received : 0 bytes_expected : 0 response : 0x0000 ec_hash : UNLOADED <-- It is marked as unloaded, secdata_error_code : 0x00001203 <-- because of NVMEM error. boot_mode : NORMAL <-- Still, boot_mode is normal. Signed-off-by: Namyoon Woo <namyoon@google.com> Change-Id: I08dc9abd8f194c83484b5be9b0a5e8844b2fd221 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2185872 Tested-by: Namyoon Woo <namyoon@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Namyoon Woo <namyoon@chromium.org>
* change the init proiorities of ec_efs_init() and ec_comm_init()release-R82-12974.B-cr50_stabNamyoon Woo2020-03-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch reprioritizes ec_comm_init() and ec_efs_init() so that they won't be executed prior to board_init(), which executes nvmem_init(). BUG=b:151187315 BRANCH=cr50 TEST=let cr50 reboot a few times, and checked the console message and the ec_comm command output that Kernel secdata was reloaded without error. Swapped cr50 image from normal to dev, vice versa, and repeated the rebooting. [Reset cause: hard] [0.003799 Inits done] strap pin readings: a1:2 a9:3 a6:0 a12:0 [0.005893 Valid strap: 0xe properties: 0xa00041] [0.007991 init_jittery_clock_locking_optional: run level high, ... [0.045539 init took 29953] [0.051185 tpm_rst_asserted] [0.052074 EC-COMM: Initializtion] Console is enabled; type HELP for help. ... > ec_comm ... response : 0xec00 ec_hash : LOADED secdata_error_code : 0x00000000 > Change-Id: Ia695896986374ac9d23ac111fe0086ec6a13923e Signed-off-by: Namyoon Woo <namyoon@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2093102 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* restructure EC-EFS moduleNamyoon Woo2020-02-201-0/+9
| | | | | | | | | | | | | | | - add ec_efs, which tracks the system boot mode. - add ec_comm.h header file for EC-EFS related functions. - revised vboot.h header file. BUG=b:141143112 BRANCH=cr50 TEST=none Change-Id: Iec1bf466b832bac5ad6be8a52304c1d699a38fb2 Signed-off-by: Namyoon Woo <namyoon@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2055363 Reviewed-by: Mary Ruthven <mruthven@chromium.org>
* cr50: add Asurada strapMary Ruthven2020-02-191-0/+7
| | | | | | | | | | | BUG=b:147835918 BRANCH=cr50 TEST=none Change-Id: I07d4071c4fe99df0a030be1e087f43a696081c3c Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2051101 Reviewed-by: Namyoon Woo <namyoon@chromium.org>
View Lorry Controller Status