| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:278703558,b:268352167
TEST=set the fwmp. Verify the WP policy is updated and enforced.
Change-Id: I8cedfc14ecd5c51eed996abaa9f55098c6f3e673
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4440807
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the FWMP WP policies whenever the fwmp is written or whenever the
AP comes out of reset. Add a board_fwmp_update_policies function that is
when TPM_RST_L is deasserted and called _plat__NvInformIndexDataChanged
shows the FWMP is written.
BUG=b:268352167
TEST=make buildall -j
Change-Id: Ia00a356b88a36fb879c208b248da08825f21abca
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4367524
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a 64 bit write once factory config space to info1. If the factory
has something they want to configure, they can use part of the space to
store that configration.
Right now nothing in cr50 uses the factory config space. If we need to
modify cr50 behavior based on the space value, we can add functionality
later. The factory just needs to set the bit in the factory config.
BUG=b:214065944
TEST=manual
Clear the Board ID
set the config to 0. Verify it does nothing
gsctool -a --factory_config 0
gsctool -a --factory_config
0
Set the flags
gsctool -ai 0xffffffff:0x10
Set the config to something
gsctool -a --factory_config 0x12345678cafecafe
gsctool -a --factory_config
12345678CAFECAFE
# Set it to the same thing. Verify cr50 returns EC_SUCCESS.
gsctool -a --factory_config 0x12345678cafecafe
gsctool -a --factory_config
12345678CAFECAFE
[40.114944 write_factory_config: ok.]
Try to set it to something else. Verify it's rejected because
the space is set.
gsctool -a --factory_config 0xcafe
[43.331302 write_factory_config: factory cfg already programmed]
gsctool -a --factory_config
12345678CAFECAFE
Set the Board ID Type
gsctool -ai ZZCR:0x10
Try to set the config again. Verify it's rejected because the
board id type is set.
gsctool -a --factory_config 0x12345678cafecafe
Factory config failed. (7)
gsctool -a --factory_config
12345678CAFECAFE
Change-Id: Ie816ebffcf6c24ad94bbcd2dc2f0c3936caafb11
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4424873
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Key combo0 needs to be enabled on all boards, so it can be used to
release the device from reset after AP RO verification fails.
BUG=b:236844541
TEST=pwrb + refresh releases ec rst after AP RO verification failed on
hatch
Change-Id: If5d434a32aba09fd4af85cd668d34997d5851216
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4009402
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: I61b0b0106a43f723ec3bc805eb190aef00bbd05b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3894391
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are a couple of known issues saving the AP RO verification hash in
cr50, so it's possible AP RO verification will fail even if the AP RO is
ok. Add support for releasing the EC from reset with PWRB + refresh
after AP RO verification fails. This just makes it easier to recover the
device. If the device is released from reset, the status is set to
AP_RO_FAIL_CLEARED and a APROF_FAIL_CLEARED flog event is logged.
This only releases EC reset if the device failed AP RO verification. Any
other verification status won't get cleared by the key combo.
BUG=b:240530668
TEST=trigger verification on a device with a bad hash. Verify the EC is
held in reset until PWRB + refresh is pressed.
make -C extra/usb_updater gsctool
Change-Id: I03a02501e7c91a41374816d82f48a5289f289c39
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3805820
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add GPIO_SLEEP_DIS_LOW and GPIO_SLEEP_DIS_HIGH to disable sleep when a
gpio with one of those flags is asserted.
GPIO_SLEEP_DIS_LOW disables sleep when the signal is set to 0.
GPIO_SLEEP_DIS_HIGH disables sleep when the signal is set to 1.
This will disable all forms of sleep. The flags can be used for ccd
signals to ensure cr50 doesn't enter sleep while c2d2 or servo micro are
relying on a ccd signal to flash the device.
These flags should not be add to signals used during normal cr50
operation. They disable regular sleep regular sleep so using them will
significantly increase cr50 power consumption.
This change adds GPIO_SLEEP_DIS_HIGH to AP_FLASH_SELECT. I'll add more
signals in followup CLs.
This change also replaces SLEEP_MASK_CHARGING with SLEEP_MASK_GPIO.
Nothing was using SLEEP_MASK_CHARGING.
BUG=b:229974371
TEST=Toggle AP_FLASH_SELECT while the AP is off. Verify cr50 doesn't
enter deep sleep and the gpiocfg and sleepmask output looks ok.
> gpioset AP_FLASH_SELECT 1
> gpiocfg
GPIO0_GPIO1: read 0 drive 0
GPIO0_GPIO2: read 1 drive 1
GPIO1_GPIO0: read 0 INT_RISING
GPIO1_GPIO1: read 0 INT_HIGH
GPIO1_GPIO4: read 0 INT_FALLING
GPIO1_GPIO5: read 0 drive 1
GPIO1_GPIO7: read 0 INT_RISING
GPIO1_GPIO8: read 0 INT_FALLING
gpio sleepmask: 00001000
> sleepmask
sleep mask: 00000008
> gpioset AP_FLASH_SELECT 0
> gpiocfg
GPIO0_GPIO1: read 0 drive 0
GPIO0_GPIO2: read 0 drive 0
GPIO1_GPIO0: read 0 INT_RISING
GPIO1_GPIO1: read 0 INT_HIGH
GPIO1_GPIO4: read 0 INT_FALLING
GPIO1_GPIO5: read 0 drive 1
GPIO1_GPIO7: read 0 INT_RISING
GPIO1_GPIO8: read 0 INT_FALLING
gpio sleepmask: 00000000
> sleepmask
sleep mask: 00000000
>
Change-Id: I1de35455c5a6702635fb714b14d6791f8e5eb2ed
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3605881
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:229974371
TEST=Assert AP_FLASH_SELECT then enter and exit deep sleep on EC-EFS
board.
Change-Id: I00437076ef4881dd60dd67e511100410dd155555
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3607064
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a vendor command that returns the time since user_pres_l was
asserted. This is only used for testing.
Tracking user_pres_l needs to be enabled with a vendor command since
DIOM4 may not be pulled up and may be pulled down on old boards.
Enabling the vendor command survives deep sleep reset. It gets cleared
after cr50 reset.
Cr50 clears the user_pres_l status if tracking is disabled.
BUG=b:219981194,b:208504127
TEST=manual
# Verify it survives deep sleep
sudo gsctool -y enable
sudo gsctool -y
...
user pres enabled
# enter deep sleep
sudo gsctool -y
...
user pres enabled
# Verify it doesn't survive cr50 reboot
sudo gsctool -y enable
sudo gsctool -y
...
user pres enabled
cr50 > reboot
sudo gsctool -y
...
user pres disabled
# Check gsctool output after triggering DIOM4 pulse
sudo gsctool -y enable
# Trigger pulse and wait 5 seconds
sudo gsctool -y
...
user pres enabled
last press: 5064331
Change-Id: Ib37980a5cd8d3378bf718e8e32a7d4152435a816
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3495863
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cr50 resets the EC when key_combo0 is pressed, so it can clear the ec
boot mode.
BUG=b:219102909
TEST=none
Change-Id: I3d024b5a16d5658cf259b5513513e7734aa62d31
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3457894
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a vendor command to disable deep sleep the next time TPM_RST_L is
asserted. Normally cr50 enters deep sleep whenever TPM_RST_L is
asserted. New boards want to disable deep sleep during certain power
states. This vendor command allows the AP to disable deep sleep for the
next suspend cycle.
When deep sleep is disabled, cr50 modifies TPM_RST_L to be WAKE_HIGH and
sets it back to WAKE_LOW after TPM_RST_L is deasserted, so TPM_RST_L
doesn't constantly wake cr50 from regular sleep.
This uses 248 bytes
BUG=b:214479456
TEST=manual
# Check G3 resume works ok.
# Disable Deep Sleep from the AP. The vendor command is 59
# (0x3b)
trunks_send --raw 80010000000c20000000003b
ccdstate
DS Dis: on
AP > shutdown -P now
...
[454.992733 Block DS]
ccdstate
DS Dis: on
pinmux
40060018: DIOM3 0 IN WAKE_HIGH
idle
idle action: sleep
# Verify cr50 starts cycling through sleep spinner at two ticks
# a second.
EC > powerbtn
# check the cr50 console
...
A�UART on]
10/ 1 [102.484012 Missed edge]
[102.484352 deferred_tpm_rst_isr]
[102.484580 AP on]
[102.484779 set TPM wake]
[102.484981 tpm_reset_request(0, 0)]
[102.485279 tpm_reset_now(0)]
[547.928375 AP on]
[547.928615 set TPM wake]
pinmux
40060018: DIOM3 0 IN WAKE_LOW
# Disable Deep Sleep from the AP. The vendor command is 59
# (0x3b)
trunks_send --raw 80010000000c20000000003b
ccdstate
DS Dis: on
ecrst pulse
...
[602.638427 AP on]
[547.928615 set TPM wake]
[602.638668 tpm_reset_request(0, 0)]
...
ccdstate
DS Dis: off
# Check S3 resume works ok.
# Use AP commands to enter S3
AP > trunks_send --raw 80010000000c20000000003b
AP > echo deep > /sys/power/mem_sleep
AP > echo mem > /sys/power/state
10\ 1 [243.409412 dis DS]
1|[249.536811 tpm_rst_asserted]
[250.537197 AP off]
[250.537631 Block DS]
# Wake the AP with a power button press from the EC
EC > powerbtn
# verify cr50 prints "Missed edge", but the device resumes ok.
1/ 10- 1 [270.112655 Missed edge]
[270.113037 deferred_tpm_rst_isr]
[270.113315 AP on]
[270.113529 set TPM wake]
[270.113712 tpm_reset_request(0, 0)]
[270.114013 tpm_reset_now(0)]
[270.116996 tpm_init]
tpm_manufactured: manufactured
[270.118301 tpm_reset_now: done]
[270.156967 PinWeaver: Loading Tree!]
[270.189353 Skipping commit]
Change-Id: I96049a9d38b5c66acad9c73628f588f4cf6b2b3f
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3406587
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add "ERROR" and some exclamation points to make invalid strap messages
more noticeable.
BUG=b:214550629
TEST=look at invalid strap error messages on red board.
strap pin readings: a1:3 a9:1 a6:1 a12:3
[0.005569 WARN Ambiguous strap cfg. Use spi based on old brdprop.]
[0.006675 get_properties: ERROR NO TABLE ENTRY!!! cfg: 0x7 prop: 0x1]
strap pin readings: a1:3 a9:1 a6:1 a12:3
[0.005649 get_properties: ERROR INVALID STRAP PINS!!! cfg 0xd7 prop 0x42
Change-Id: Ie1e29fd4152a2b3f984989e37b771339895e6a0e
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3390071
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=cr50 uses red board straps after power-on and hard resets.
Change-Id: I0ee4a48a3e8661565dede1f7686cf6b2e1181914
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3386406
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Log brdprop errors in flog, so the team can track brdprop errors from
the AP without grepping through cr50 logs.
BUG=b:214550629
TEST=flash on red board. Verify invalid strap events are logged.
enable closed-loop-reset on the red board. Verify "ambiguous" strap
logs are ignored.
Change-Id: Ibea73fb19119fa81ed3652c5d68e430cdbae9fa5
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3386405
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only default to SPI and PLT_RST when no valid properties are found.
BUG=b:210760012
TEST=make clobber ; make -j BOARD=cr50 CRYPTO_TEST=1 H1_RED_BOARD=1
Change-Id: Ic2842bc305322deb5fdc43e1d3487d499e9cb23b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3341778
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need to block access to all crypto in case of FIPS errors. There are
multiple steps to implement, this is one of few.
There is common API crypto_enabled() which is used by nvmem and some
other functions to check wherever access to crypto is possible.
This is same intent as fips_crypto_allowed(), though the latter checks
for FIPS KAT errors, while the former checks only key ladder status.
Here we make all FIPS errors to revoke access from key ladder, and
fips_crypto_allowed() to check key ladder status. This way we also
ensure that in case of FIPS errors access to device secrets will be
blocked.
We moved crypto_api.c from chip/g to board/cr50 to move crypto_enabled()
into fips.c and alias it to fips_crypto_enabled().
crypto_api.h is no longer included from dcrypto.h, and compile time
assert for cipher salt size is moved to proper place.
Since crypto is used by nvmem_init(), move FIPS power-up tests earlier
to ensure nvmem_init() can access crypto.
BUG=b:197893750
TEST=make CRYPTO_TEST=1; tpm_test; check nvmem is properly initialized
on board_init().
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: If70c2a21d61348bd97a47e26db5d8eec08bbf8ed
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3123836
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make DIOA12 an output on Zork, so it can be used for the ccd recovery or
lid switch signals.
BUG=b:197916691
TEST=setting CCD_REC_LID_PIN toggles lid_open on tomato
Change-Id: I755498fd9bb9b764b0e0aa2bf0394c45b087c767
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3124565
Reviewed-by: Ting Shen <phoenixshen@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Ting Shen <phoenixshen@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to implement self-integrity test for FIPS module we need to
make sure binary code of module in image doesn't change from build to
build. To do that we already place FIPS module as constant address.
However, any call to functions outside the module creates a relocation
which is changing depending on location of that external function in the
image. To prevent that we either need to bring these functions in the
module like it was done with memcpy() and some others or replace their
invocations with callbacks. Task & Memory management functions are hard
to bring in the module, so replace few invocations with indirect calls
using vtable. This way invocation code will remain the same.
1. Identify and minimize dependency on EC OS - remove few asserts
and cprintfs.
2. Remove checking privilege level in TRNG init - we know that it is
high by the order of initialization in board_init() and that our
RO doesn't drop permissions. Correct initialization of TRNG is
important for certification, so we can't just assume it may be
initialized improperly.
3. Added vtable with EC OS functions, initialization of FIPS module
vtable in board_init().
4. Switched to using vtable instead of direct calls. Note, we continue
to use EC OS with CRYPTO_TEST=1 to reduce vtable size and image
size.
BUG=b:138578318
TEST=make BOARD=cr50; tests
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ibd7bd2353fc4e7e5886f9bfef96b36dc64ff2359
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3107847
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In preparation to switching from TRNG to DRBG, refactor to remove
duplicated code, reduce code size.
1. Isolate hardware-dependent code (trng.c) from platform-agnostic in
fips_rand.c. This will enable better host emulation for tests.
2. Change how read_rand() returns status to take advantage of ARM ABI.
Unfortunately any composite type on ARM is returned on stack. Use
uint64_t with combined validity flag in high bits and random in low
32 bits. This alone reduce code size around 100 bytes.
3. Avoid code duplication by implementing rand() using read_rand().
4. Drop use of common/trng.h to reduce dependency on code outside
boundary. To be completed with migration to DRBG.
BUG=b:138577416
TEST=make BOARD=cr50 CRYPTO_TEST=1; rand_perf and FIPS tests
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ifdc42e7210414a4abeac8c132a684e451fbbc19c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3100489
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FIPS security policy was updated to move U2F key management out of scope
as it doesn't add anything from certification standpoint on L1, but
greatly complicates design and requires flash operations to be in the
FIPS module boundary.
This change aligns FIPS initialization flow with security policy:
1) Checking of U2F key type is removed and would be handled during
U2F command processing to choose approved / not-approved key gen.
2) FIPS module is always in approved mode when self-integrity tests,
known-answer tests and TRNG power-up tests succeeds.
3) Implementation of console command and TPM2 command moved out of
FIPS boundary.
BUG=b:134594373
TEST=make BOARD=cr50 [CRYPTO_TEST=1]; console commands
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I03fc8fa450927e4d37e691770e872e7ffa5b628d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3093088
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To implement FIPS module we need to bring many crypto functions in the
module boundary. Unfortunately, cryptoc is a third-party library used
by dcrypto code in cr50. Cryptoc is also not well-maintained and shared
with other projects. While just making local copy of cryptoc would
solve an issue, it's suboptimal as prevents from many optimizations and
improvements.
Provided SHA & HMAC implementations from Ti50 project. This provides
better performance (500us vs. 670us earlier for HMAC DRBG) and reduce
code size. This implementation also enables stack use savings when
only specific digest is needed. Earlier SHA512 context was allocated
when only SHA256 is needed greatly increasing stack consumption for
code using HMAC_DRBG and others.
However, it introduce subtle API changes which require handling.
As for tests, since core implementation is hardware-independent, make
it available for BOARD=host too.
Before change (with cryptoc):
*** 12368 bytes in flash and 5784 bytes in RAM
After:
*** 13136 bytes in flash and 5796 bytes in RAM
BUG=b:138578318
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I2ff5362aee9078ce83dc1f8081943a5101d5f666
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3064201
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes the restriction of TPM_MODE vendor command,
allowing any board's AP to disable TPM mode if required.
In addition, TPM reset processing flow is being modified to always
reboot the H1 in case TPM reset happens when TPM is disabled.
BUG=b:191180387, b:191180208
TEST=on an Atlas device:
localhost ~ # gsctool -a -f
start
target running protocol version 6
keyids: RO 0xaa66150f, RW 0x334f70df
offsets: backup RO at 0, backup RW at 0x4000
Current versions:
RO 0.0.11
RW 0.6.30
$ localhost ~ # gsctool -a -m disable
TPM Mode: disabled (2)
localhost ~ # gsctool -a -f
start
[WARNING:bus.cc(638)] Bus::SendWithReplyAndBlock took 1516ms to...
Problems reading from TPM, got 10 bytes
Failed to start transfer
localhost ~ # reboot
-- GSC reboots during device rebnoot
localhost ~ # gsctool -a -f
start
target running protocol version 6
keyids: RO 0xaa66150f, RW 0x334f70df
offsets: backup RO at 0, backup RW at 0x4000
Current versions:
RO 0.0.11
RW 0.6.30
localhost ~ # reboot
-- GSC does NOT reboot during device rebnoot
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I492bd2f201f3c5c7d1cd9b228ec6ab1cdcf8fa53
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2987913
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To be able to send and receive multiple SPI buffer quantities in a
single SPI transaction it is necessary to control the SPI CS signal
directly, as opposed to connecting it to the SPI controller.
Direct mode allows to keep CS asserted as long as necessary to
transfer the full data blob, size of which might exceed the the size
of the SPI controller buffer.
BUG=b:79492818
TEST=flashrom access still works fine:
$ flashrom -p raiden_debug_spi:target=ap --flash-name
flashrom f10dff7b-dirty on Linux 5.4.0-71-generic (x86_64)
flashrom is free software, get the source code at https://flashrom.org
Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Raiden target: 2
Found GigaDevice flash chip "GD25Q127C/GD25Q128C" (16384 kB, SPI) on...
vendor="GigaDevice" name="GD25Q127C/GD25Q128C"
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Idecf019d3fd19675d7f78e4dc1140106a2112c6b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2973580
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some factories programmed hashes into devices that don't support reading
from AP flash while EC_RST_L is asserted. Skip AP RO verification on
these devices if the RLZ is blocked.
BUG=b:185783841
TEST=manual
Set board id to YVRQ:0x10
Verify AP RO verification can be triggered
Set board id to VYRC:0x10
Verify AP RO verification is skipped even if the hash is stored.
Change-Id: I7ef5ceafd55ae5e90b4a754d1e92317a9a745ef9
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2950313
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:186446598
TEST=none
Change-Id: I0192cd85904fe162c38bbedd5321187bc24be8d9
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2970991
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CRYPTO_TEST images don't need to have restricted CCD. Open CCD for
crypto test images like we do for DBG images.
BUG=none
TEST=ccd is automatically open in crypto test images
Change-Id: I674ef9055e1a87caf9f8b2b28f9893e79ed9e7e5
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2916576
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add CONFIG_CMD_ROLLBACK for building the rollback command.
BUG=b:186663661
TEST=flash usage doesn't change with make -j BOARD=cr50
Change-Id: Iea22485368fbb57eed114653c6f78758cc5c8111
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2875476
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Isolate CONFIG_AP_RO_VERIFICATION
BUG=b:186663661
TEST=flash usage doesn't change with make -j BOARD=cr50
#undef CONFIG_AP_RO_VERIFICATION doesn't have build errors.
Change-Id: I9bf7e897a44302062551ecb553236a08dc96432e
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2875474
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add CONFIG_CMD_SYSRST to control building the sysrst command.
BUG=b:186663661
TEST=flash usage doesn't change with make -j BOARD=cr50
Change-Id: I4922b5b55d895bc2f4b43614fe2af210c5fbe134
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2875469
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add CONFIG_CMD_ECRST to control building the ecrst command.
BUG=b:186663661
TEST=flash usage doesn't change with make -j BOARD=cr50
Change-Id: Ia3b7a0284c594d03257fa669bff0ab8bec155125
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2875468
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add 'atboot' arg to rddkeepalive that can be used to store rddkeepalive
across cr50 resets.
The atboot flag gets cleared with rddkeepalive disable.
BUG=b:144724216
TEST=manual
# Verify 'rddkeepalive disable' is unchanged
rddkeepalive disable
Using actual Rdd state
rddkeepalive
Rdd: connected
# Verify 'rddkeepalive enable' is unchanged
rddkeepalive enable
Forcing Rdd detect keepalive
rddkeepalive
Rdd: keepalive
# Verify 'rddkeepalive disable' disables keepalive
rddkeepalive disable
Using actual Rdd state
rddkeepalive
Rdd: connected
ccd
...
Flags: 0x000000
# Verify 'rddkeepalive enable atboot' enables keepalive and sets
# the atboot flag.
rddkeepalive enable atboot
Forcing Rdd detect keepalive atboot.
rddkeepalive
Rdd: keepalive (atboot)
# check the ccd rddkeepalive atboot flag (0x80000)
ccd
...
Flags: 0x080000
reboot
...
rddkeepalive
Rdd: keepalive (atboot)
ccd
...
Flags: 0x080000
# Verify this new string doesn't break dut-control
dut-control cr50.ccd_keepalive_en
ccd_keepalive_en:on
# 'rddkeepalive enable' doesn't touch the atboot flag
rddkeepalive enable
Forcing Rdd detect keepalive
rddkeepalive
Rdd: keepalive (atboot)
# 'rddkeepalive disable' clears it.
rddkeepalive disable
Using actual Rdd state
rddkeepalive
Rdd: connected
Change-Id: I10227e335a5de6ed73290ff5be2e65892913de35
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2799441
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enable EC_PACKET_MODE_EN wake on high in ec_comm_init_ instead of
board_configure_deep_sleep_wakepins, so cr50 will wake from regular
sleep and deep sleep when EC_PACKET_MODE_EN is asserted.
BUG=b:183611249
TEST=manual
# Verify EC-EFS after wake from deep sleep
# shutdown AP wait for cr50 to enter deep sleep
ec > reboot ap-off
# wait for cr50 to enter deep sleep.
# Verify cr50 wakes up from deep sleep and verifies EC hash.
ec > reboot ap-off
# Verify EC-EFS after wake from sleep
# keep AP off. Set the idle action to sleep
cr50 > idle s
# Disable TPM_RST_L wake to prevent that from constantly waking
# cr50.
cr50 > rw 0x40060284
read 0x40060284 = 0x00860008
cr50 > rw 0x40060284 0x00860000
# Verify cr50 wakes up from sleep and verifies EC hash.
ec > reboot ap-off
Change-Id: I7fc31154becaafaa536fc1ee6775a7723e49a469
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2799447
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove coil terms from i2c comments
BUG=b:175244613
TEST=make buildall -j
Change-Id: If056c099304e1fa676991e22ddaa9cb91ccfdeb3
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613509
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: Iea0b26d4aec99509bc2db0ccc3ad8da701d63e79
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613505
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We can't change the register names at this point. We can only change the
gpios. This changes the gpio names.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I0dadd84bbb3d19011e86428b79d0cb08321c35e3
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2611762
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename i2cs functionas and variables to i2cp. Change some basic
comments.
I will rework the i2cp comments to stop using controller when referring
to the i2cp, because it's kind of confusing now that master has been
renamed to controller.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I9574e77ab42427ca90d5b8a6421793f52e519f67
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2611761
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: If5b5dc1b2390dfec43955ec88a959ba26b52082b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2611758
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: I6743d715ff9b2b46aad212d8496b1314e89fa685
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613455
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Print "AC: wait" when cr50 starts waiting to see if AC present stays
disconnected for 5 seconds.
BUG=b:175287237
TEST=none
Change-Id: Iaaf1349e1486c4df135139f31774466d1a58e962
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2585264
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Status of completion of power-up tests was in long life register
which survives reboots and even firmware upgrades, which is not
an intended behavior. Moving status to PWRDN register makes it
reset on graceful reboots and firmware upgrades, but avoid
running tests on wake from deep sleep. This switch also enables
use of multiple bits to indicate status of tests, which makes it
more fault tolerant.
BUG=b:138577491
TEST=make BOARD=cr50, then deassert DIOM3 to trigger deep sleep
FIPS power-on tests shouldn't run on wake.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I098940e45afd5b5b9447b2780ff69372a922c03f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2330976
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The logic of deciding if the alternative RW image is newer than a
certain version needs to be updated to accommodate moving to higher
prod and prepvt major version numbers.
BUG=none
TEST=the 'nvmem_find_partition: No Legacy Partitions found.' message
is not printed during startup any more when updating from 6.3 to
6.4.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I59e18712b3365446c29f569bf0b50f95ab67df95
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2250658
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement board-local configuraration of FIPS 140-2/3 policy as
complementary to FWMP policy. This is intended mostly for lab
testing and dogfooding, when FWMP policy is not feasible.
board_fips_enforced() returns status of FIPS from FWMP and NVRAM
and caches state to avoid expensive operations later.
BUG=b:138577491
TEST=manual, make buildall -j
Actual test command to be added in upcoming CLs
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I8fa651e56e6e76a87bbc4dd911e7a8c0546e7e0f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2247112
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch closes the AP RO verification loop on the Cr50 side.
If the check is triggered, the valid AP hash is found, and the RO
contents is found to not match the hash, the Cr50 will
- assert the EC reset;
- set a flag to prevent the code from deasserting EC reset;
- start a periodic hook to reassert EC reset in case the user hits
power+refresh.
This will prevent the Chrome OS device from booting.
A new CLI command is being added to display the verification state. In
developer images the new command would allow to clear the failure
state, when running prod images the only way out of the failure state
would be the powercycle.
BUG=b:153764696
TEST=verified that erasing or programming AP RO hash when board ID is
set is impossible.
Verified proper shutdown in case AP RO has is present and the AP
RO space is corrupted and recovery using the new cli command when
running a dev image.
Verified that 'ecrst off' properly reports the override.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I1029114126a9a79f80385af7bc8d5467738e04ca
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2218676
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SQA images won't be built anymore. This change removes the SQA support.
It deletes all SQA ifdefs and replaces CR50_RELAXED with CR50_DEV.
BUG=b:158011401
TEST=manual
build regular image and check eraselfashinfo and rollback aren't
included.
build image with CR50_SQA=1 and check it's no different than the
regular image.
build DBG image and make sure it still starts open, it has the
eraseflashinfo and rollback commands, and it can flash old cr50
images.
Change-Id: I5e94c88b1903cfcf0eee0081fc871e55fc8586c7
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2227149
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch assigns the bit offset 0 in TPM_BOARD_CFG register to
indicate the status of INT_AP_L extension. The bit 1 means INT_AP_L
pulse extension is activated, and 0 means it is not.
BUG=b:148691139
TEST=tested on atlas and on careena.
1. Checked the default TPM_BOARD_CFG (PWRDN_SCRATCH21) value was zero
and the INT_AP_L assertion duration was 4~10 microseconds.
> md 0x400000f4 1 // memory dump on GC_PMU_PWRDN_SCRATCH21
400000F4: 0x00000000
2. Attempted to change the board configuration (with a hacked UART
command.). The register value was unchanged.
> brdcfg 0x01
TPM_BOARD_CFG = 0x00000000
> md 0x400000f4 1
400000F4: 0x00000000
3. Forced to write the board configuration with a hacked UART command.
The register value was changed.
> brdcfg 0x01 force
TPM_BOARD_CFG = 0x80000001
> md 0x400000f4 1
400000F4: 0x80000001
4. Checked the INT_AP_L assertion duration extended to 110
microseconds or longer.
5. After cr50 deep sleep, checked the pulse duration was still
extended.
- turned AP off.
- disconnected Suzy-Qable.
- waited three seconds
- connected Suzy-Qable, and checked the reset cause was 'hibernate
rbox'.
> md 0x400000f4 1
400000F4: 0x8000001
6. With 100 usec long INT_AP pulse, checked trunks_cliend
regression_test, stress_test and ext_command_test runs good.
Checked dmesg and found no TPM errors through all tests.
(ap) $ trunks_client --regression_test
(ap) $ trunks_client --stress_test
(ap) $ trunks_client --ext_command_test
7.checked no character loss during uart_stress_tester.
(chroot) $ uart_stress_tester.py -c -t 600 /dev/ttyUSB2 /dev/ttyUSB1
8. the shortest duration of INT_AP_L assertion and deassertion
observed in logic analyzer were 110 usec and 152 usec.
9. measured the depthcharge exit timestamp and cr50 flash time with
or without INT_AP pulse extended to 100 usec, on atlas and helios:
-----------------+-------------------+------------------
| atlas | helios
-----------------+-------------------+------------------
boot (sec) | 1.398 -> 1.402 | 1.004 -> 1.011
cr50 flash (sec) | 10.800 -> 14.609 | 16.024 -> 16.466
-----------------+-------------------+------------------
Signed-off-by: Namyoon Woo <namyoon@google.com>
Change-Id: I2b9f9defb63cf05f9d91b741ccb4b49c4c6bc8e2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2202839
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the TPM vendor-defined register, TPM_BOARD_CFG,
which indicates the board configuration status. This register is
attributed as one-time-programmable and the value is maintained
across deep sleeps. Cr50 allows a write on this register right after
a cr50 reset until it receives a TPM2_PCR_Extend command.
BUG=b:148691139
TEST=none
Signed-off-by: Namyoon Woo <namyoon@google.com>
Change-Id: I89ae5a53c15990ef78812aec5da81a59f04d7d98
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2202838
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes cr50 respond EC-EFS2 related TPM commands no matter
it has the board property, BOARD_EC_CR50_COMM_SUPPORT or not.
board_has_ec_cr50_comm_support() calls remain for configuring
GPIO_EC_PACKET_MODE_EN only.
BUG=b:155214584
TEST=checked gsctool running on Coral.
[before]
$ gsctool --getbootmode
finding_device 18d1:5014
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Error 8 in Getting boot mode
[after]
$ gsctool --getbootmode
finding_device 18d1:5014
Found device.
found interface 3 endpoint 4, chunk_len 64
READY
-------
Boot mode = 0x00: NORMAL
Also checked 'ec_comm' uart command.
[before]
> ec_comm
No EC-CR50 comm support
Invalid argument
Usage: ec_comm [corrupt]
[after]
> ec_comm
uart : 0xff
packet mode : DISABLED
phase : 0
preamble_count : 0
bytes_received : 0
bytes_expected : 0
response : 0x0000
ec_hash : UNLOADED <-- It is marked as unloaded,
secdata_error_code : 0x00001203 <-- because of NVMEM error.
boot_mode : NORMAL <-- Still, boot_mode is normal.
Signed-off-by: Namyoon Woo <namyoon@google.com>
Change-Id: I08dc9abd8f194c83484b5be9b0a5e8844b2fd221
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2185872
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch reprioritizes ec_comm_init() and ec_efs_init() so that
they won't be executed prior to board_init(), which executes
nvmem_init().
BUG=b:151187315
BRANCH=cr50
TEST=let cr50 reboot a few times, and checked the console message
and the ec_comm command output that Kernel secdata was reloaded
without error. Swapped cr50 image from normal to dev, vice versa,
and repeated the rebooting.
[Reset cause: hard]
[0.003799 Inits done]
strap pin readings: a1:2 a9:3 a6:0 a12:0
[0.005893 Valid strap: 0xe properties: 0xa00041]
[0.007991 init_jittery_clock_locking_optional: run level high, ...
[0.045539 init took 29953]
[0.051185 tpm_rst_asserted]
[0.052074 EC-COMM: Initializtion]
Console is enabled; type HELP for help.
...
> ec_comm
...
response : 0xec00
ec_hash : LOADED
secdata_error_code : 0x00000000
>
Change-Id: Ia695896986374ac9d23ac111fe0086ec6a13923e
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2093102
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- add ec_efs, which tracks the system boot mode.
- add ec_comm.h header file for EC-EFS related functions.
- revised vboot.h header file.
BUG=b:141143112
BRANCH=cr50
TEST=none
Change-Id: Iec1bf466b832bac5ad6be8a52304c1d699a38fb2
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2055363
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:147835918
BRANCH=cr50
TEST=none
Change-Id: I07d4071c4fe99df0a030be1e087f43a696081c3c
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2051101
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|