| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently EPS seed when created during endorsement is immediately stored
to flash and copied to global state of TPM. However, its length in state
is not set. It seems that it was ok as state eventually was reloaded
from NV and size updated. But if TPM receives command shortly after
boot this may not be the case.
BUG=b:278028110,b:262324344
TEST=make; TCG tests
Change-Id: Ifac259ea3817d6d139d9b5ba2af4fc66d07df4ef
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4489113
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL checks if the space was defined but not written, and if so,
returns TPM_READ_NOT_FOUND from read_tpm_nvmem().
BUG=b:276384456
TEST=with crrev.com/c/2494503, verify that calling chkfwmp
prints "read_tpm_nvmem: object at 0x100a not written"
and then the following when the space is not written:
```
FWMP read result: 1
ccd unlock allowed: 1
policy update allowed: 1
```
To create an unwritten space, run
tpm_manager_client define_space --index=0x100a --size=40
Change-Id: I8eff2be8da1e28204216d4dbbd54e57e8a8127b3
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4483017
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
Auto-Submit: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:278703558,b:268352167
TEST=set the fwmp. Verify the WP policy is updated and enforced.
Change-Id: I8cedfc14ecd5c51eed996abaa9f55098c6f3e673
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4440807
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=b:268352167
TEST=see bug
Change-Id: I3a4f2ae746cbc2e64df535c4c91b16cdbd7f292a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4367525
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the FWMP WP policies whenever the fwmp is written or whenever the
AP comes out of reset. Add a board_fwmp_update_policies function that is
when TPM_RST_L is deasserted and called _plat__NvInformIndexDataChanged
shows the FWMP is written.
BUG=b:268352167
TEST=make buildall -j
Change-Id: Ia00a356b88a36fb879c208b248da08825f21abca
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4367524
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for reading the factory config from virtual nvmem. This
change uses the same index as ti50 --index=0x3fff06. There are two
indices that are reserved, but not implemented for cr50. This change
registers a REGISTER_DEPRECATED_CONFIG for VIRTUAL_NV_INDEX_RMA_BYTES
and VIRTUAL_NV_INDEX_WV_UDS_BYTES.
BUG=b:278118981,b:214065944
TEST=manual
Set the factory config to 0xface
Read the config from virtual nvmem
tpm_manager_client read_space --index=0x3fff06 --file=/tmp/contents
INFO tpm_manager_client: [main.cc(595)] ...
result: NVRAM_RESULT_SUCCESS
data: CEFA000000000000
}
RMA_BYTES and the WV_UDS_BYTES index still return nothing
tpm_manager_client read_space --index=0x3fff04 --file=/tmp/contents
INFO tpm_manager_client: [main.cc(595)] ...
result: NVRAM_RESULT_SUCCESS
data:
}
tpm_manager_client read_space --index=0x3fff05 --file=/tmp/contents
INFO tpm_manager_client: [main.cc(595)] ...
result: NVRAM_RESULT_SUCCESS
data:
}
Change-Id: I651f00851b1e60fe0f898fd75111be27b2bf497e
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4424877
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a 64 bit write once factory config space to info1. If the factory
has something they want to configure, they can use part of the space to
store that configration.
Right now nothing in cr50 uses the factory config space. If we need to
modify cr50 behavior based on the space value, we can add functionality
later. The factory just needs to set the bit in the factory config.
BUG=b:214065944
TEST=manual
Clear the Board ID
set the config to 0. Verify it does nothing
gsctool -a --factory_config 0
gsctool -a --factory_config
0
Set the flags
gsctool -ai 0xffffffff:0x10
Set the config to something
gsctool -a --factory_config 0x12345678cafecafe
gsctool -a --factory_config
12345678CAFECAFE
# Set it to the same thing. Verify cr50 returns EC_SUCCESS.
gsctool -a --factory_config 0x12345678cafecafe
gsctool -a --factory_config
12345678CAFECAFE
[40.114944 write_factory_config: ok.]
Try to set it to something else. Verify it's rejected because
the space is set.
gsctool -a --factory_config 0xcafe
[43.331302 write_factory_config: factory cfg already programmed]
gsctool -a --factory_config
12345678CAFECAFE
Set the Board ID Type
gsctool -ai ZZCR:0x10
Try to set the config again. Verify it's rejected because the
board id type is set.
gsctool -a --factory_config 0x12345678cafecafe
Factory config failed. (7)
gsctool -a --factory_config
12345678CAFECAFE
Change-Id: Ie816ebffcf6c24ad94bbcd2dc2f0c3936caafb11
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4424873
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per b/277777628 FIPS module build depends on value of `CC` env var,
which is not a desirable behavior.
1. Add -fconserve-stack to FIPS module builds explicitly to make sure
its digest is same as reported and doesn't depend on environment.
2. gcc specific option moved to core/cortex-m/build.mk
3. Verified that binutils workaround is still needed (b/238039591)
BUG=b:277777628, b:238039591
TEST=make BOARD=cr50; tpm_test.py, FIPS digest is the same
Change-Id: I664cee178de400efed3fe2e06b9b4b72f6ce6067
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4425068
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Remove CONFIG_FLASH to save 1668 bytes in DBG images.
BUG=none
TEST=none
Change-Id: Ic8bc18107571f1e5c0d8d381b624cde6f1e5f05d
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4424872
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Due to large share of devices with slow TRNG increase timeout cycles
from 0x7ff to 0xfff.
2. Increase total reset attempts from 16 to 32.
2. Log number of resets.
BUG=b:211648605
TEST=make CRYPTO_TEST=1
Change-Id: Ib0f9472d6f84c39cd7576f374ab482e522a39809
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4380143
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Increase timeout from 700ms to 1000ms as we saw some timeouts of
unknown origin.
2. INT_STATE wasn't collected for timeouts, change when we get it.
3. Add address of function to log so we can identify source of failure.
BUG=b:273935442
TEST=make CRYPTO_TEST=1; tpm_test
Change-Id: Ifbb1ea5d52662a71d944baa9a7a189224529d85e
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4380209
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The pairing secret (Pk) used for biometrics PinWeaver protocol needs to
be cleared during TPM clear.
BUG=b:262040869
TEST=(with depended CL) pinweaver_client biometrics_selftest
Cq-Depend: chromium:4337481
Change-Id: Ie07869f75aea64a7950d04693722b74c11a913ca
Signed-off-by: Howard Yang <hcyang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4344442
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a reland of commit ed10ce4730d37a4ae7eab60ad70257720399f289
Original change's description:
> cr50: Use platform/pinweaver
>
> Toggle the CONFIG_PLATFORM_PINWEAVER build flag, to build pinweaver with
> the platform/pinweaver implementation instead of the cr50
> implementation.
>
> BUG=b:262040869
> TEST=make board=cr50 -j
> TEST=(DUT) Use cryptohome CLI to create a user with a PIN.
> TEST=(DUT) Make 2 fail attempts on that PIN.
> TEST=(DUT) Update cr50 to the image including this CL.
> TEST=(DUT) Test leaf properties are correct: 3 more fail attempts locks
> the PIN, password auth resets the PIN, then PIN authentication succeeds.
> TEST=tast run $DUT hwsec.PINWeaver*
>
> Cq-Depend: chromium:4307211
> Change-Id: I6e52566ca8ee68bb0ee71d30538fb6b8cbc4f67d
> Signed-off-by: Mary Ruthven <mruthven@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311235
> Tested-by: Howard Yang <hcyang@google.com>
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Commit-Queue: Howard Yang <hcyang@google.com>
Bug: b:262040869
Cq-Depend: chromium:4354785
Change-Id: Ibb7ad2c1f752f7ed8678465f5b3901536314d466
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4349272
Tested-by: Howard Yang <hcyang@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Howard Yang <hcyang@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit ed10ce4730d37a4ae7eab60ad70257720399f289.
Reason for revert: Causes building chromeos-cr50-dev to fail
Original change's description:
> cr50: Use platform/pinweaver
>
> Toggle the CONFIG_PLATFORM_PINWEAVER build flag, to build pinweaver with
> the platform/pinweaver implementation instead of the cr50
> implementation.
>
> BUG=b:262040869
> TEST=make board=cr50 -j
> TEST=(DUT) Use cryptohome CLI to create a user with a PIN.
> TEST=(DUT) Make 2 fail attempts on that PIN.
> TEST=(DUT) Update cr50 to the image including this CL.
> TEST=(DUT) Test leaf properties are correct: 3 more fail attempts locks
> the PIN, password auth resets the PIN, then PIN authentication succeeds.
> TEST=tast run $DUT hwsec.PINWeaver*
>
> Cq-Depend: chromium:4307211
> Change-Id: I6e52566ca8ee68bb0ee71d30538fb6b8cbc4f67d
> Signed-off-by: Mary Ruthven <mruthven@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311235
> Tested-by: Howard Yang <hcyang@google.com>
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Commit-Queue: Howard Yang <hcyang@google.com>
Bug: b:262040869
Change-Id: Ib60f090c50b1e34635ce2e1f3537f7eb0c95490e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4348103
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Matt Vertescher <mvertescher@google.com>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
Auto-Submit: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Toggle the CONFIG_PLATFORM_PINWEAVER build flag, to build pinweaver with
the platform/pinweaver implementation instead of the cr50
implementation.
BUG=b:262040869
TEST=make board=cr50 -j
TEST=(DUT) Use cryptohome CLI to create a user with a PIN.
TEST=(DUT) Make 2 fail attempts on that PIN.
TEST=(DUT) Update cr50 to the image including this CL.
TEST=(DUT) Test leaf properties are correct: 3 more fail attempts locks
the PIN, password auth resets the PIN, then PIN authentication succeeds.
TEST=tast run $DUT hwsec.PINWeaver*
Cq-Depend: chromium:4307211
Change-Id: I6e52566ca8ee68bb0ee71d30538fb6b8cbc4f67d
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311235
Tested-by: Howard Yang <hcyang@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Howard Yang <hcyang@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add CONFIG_PLATFORM_PINWEAVER build flag, and support for building
platform/pinweaver.
BUG=b:262040869
TEST=make board=cr50 -j
Change-Id: I993051af60ab4163c37726eac87bd98a8b60fc69
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311234
Tested-by: Howard Yang <hcyang@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Howard Yang <hcyang@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename the headers so they will not collide with platform/pinweaver
headers with the same names.
BUG=b:262040869
TEST=make -j BOARD=cr50
Cq-Depend: chromium:4337377
Change-Id: Iee9f44c4fcb6ab0a01faec5886f07b84c271d1fc
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311233
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Howard Yang <hcyang@google.com>
Commit-Queue: Howard Yang <hcyang@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DBG images are running low on space. This change removes some of the
more rarely used console commands. It saves 2352 bytes.
This disables sleepmask, timerinfo, i2cxfer, history, and i2cscan in
DBG images. If someone needs to reenable them for a build, they can
comment out the undefs.
BUG=none
TEST=make buildall -j
Change-Id: I40115d6e2769fae4e489eb926778c38c94b66cd3
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4307437
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL allows kernel & firmware antirollback spaces update only in certain
board states by adding the appropriate checks to _plat__NvUpdateAllowed().
BUG=b:270243270
TEST=set specific PCR0 values using https://crrev.com/c/2494503,
verify that can update antirollback for normal/dev/recovery values,
cannot update for recovery+dev value only when block_devmode is set.
Change-Id: I979e3e07a877bf5604e99184c9b60eaaa1abf6b4
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4290246
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Auto-Submit: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to incorrect flags for TPM2 objects U2F secrets were not fully
zeroized (however were overwritten with new owner). Doesn't affect G2F.
BUG=b:268382629
TEST=make CRYPTO_TEST=1 U2F_TEST=1
fips del
fips old
fips u2f # prints old keys
u2f_test # all tests passed
fips del
fips new
fips u2f # print new key size
u2f_test # all tests passed
fips del
fips u2f # prints 0 sizes for u2f secrets
Change-Id: I2549dd5fd20937170c9b8d87363d90b138fdc4dc
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4269450
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL allows FWMP update only in certain board states by adding
the appropriate checks to _plat__NvUpdateAllowed().
BUG=b:267674073
TEST=set specific PCR0 values using https://crrev.com/c/2494503,
verify that can update FWMP for normal/dev/recovery values,
cannot update for recovery+dev value.
Change-Id: Ie8999cf762cb36ddb0a155e1f241da3103c6af37
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4241653
Tested-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL adds a trivial (always returns TRUE) callback to check
if platform allows TPM2 stack to update (modify or delete) a
specific nvmem index.
BUG=b:267674073
TEST=build
Change-Id: Iba51e15771de1350083a950041562070d813a1b5
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4241651
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL adds get_tpm_pcr_value() for reading current PCR values.
BUG=b:267674073
TEST=build
Cq-Depend: chromium:4242409
Change-Id: I632cb13a3f44130f29b72cc4c22ea97a692ffad8
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4241650
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adjust error codes to distinguish different places in key generation.
BUG=b:262324344
TEST=TCG tests
Change-Id: I33ef8b772821ad43cf8af1b33b6b49143eb24aef
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4199163
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If usb_spi_sha256_update returns something other than EC_SUCCESS, fail
verification.
BUG=b:260878795
TEST=add a delay to make spi_hash timeout. Verify cr50 fails
verification.
Change-Id: I4ba750748eb131046828f642b9736ed62a781789
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4066233
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Boards with large RO regions may take more than a minute to go through
every AP RO verification factory flag. Increase the timeout to 10
minutes. No boards should take that long to run verification.
BUG=b:236844541,b:260878795
TEST=run firmware_GSCAPROV1Trigger on zork
Change-Id: I94110b33acee746bb319c4829e627d7b511306e6
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4066234
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Key combo0 needs to be enabled on all boards, so it can be used to
release the device from reset after AP RO verification fails.
BUG=b:236844541
TEST=pwrb + refresh releases ec rst after AP RO verification failed on
hatch
Change-Id: If5d434a32aba09fd4af85cd668d34997d5851216
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4009402
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A future cl will call usb_spi_sha256_update in more places. Move the
range print statement into usb_spi_sha256_update, so we don't need to
print the range in multiple places later.
BUG=b:236844541
TEST=make -j BOARD=cr50
Change-Id: I9475d14ea0d65be1ad68f606252d50d9af964253
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3840652
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: I61b0b0106a43f723ec3bc805eb190aef00bbd05b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3894391
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are a couple of known issues saving the AP RO verification hash in
cr50, so it's possible AP RO verification will fail even if the AP RO is
ok. Add support for releasing the EC from reset with PWRB + refresh
after AP RO verification fails. This just makes it easier to recover the
device. If the device is released from reset, the status is set to
AP_RO_FAIL_CLEARED and a APROF_FAIL_CLEARED flog event is logged.
This only releases EC reset if the device failed AP RO verification. Any
other verification status won't get cleared by the key combo.
BUG=b:240530668
TEST=trigger verification on a device with a bad hash. Verify the EC is
held in reset until PWRB + refresh is pressed.
make -C extra/usb_updater gsctool
Change-Id: I03a02501e7c91a41374816d82f48a5289f289c39
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3805820
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DO NOT LAND IN RELEASE BRNACHES.
Add chargen to tot images, so we can verify c2d2 and servo micro
functionality with tot cr50 images.
BUG=b:240718978
TEST=run chargen
Change-Id: I98bc344a2914f311a056904a7fc5b650b22c40d0
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3805824
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GPIO_EC_FLASH_SELECT is only used in usb_spi.c and EC_TX_CR50_RX_OUT
isn't used anywhere by cr50. These are both debug signals mainly used by
servo or ccd for flashing the EC. Disable sleep when they're asserted.
Add GPIO_SLEEP_DIS_HIGH to EC_FLASH_SELECT, so sleep is disabled when
it's set to 1.
Add GPIO_SLEEP_DIS_LOW to EC_TX_CR50_RX_OUT, so sleep is disabled when
it's set to 0.
BUG=none
TEST=gpioset EC_TX_CR50_RX_OUT and gpiset EC_FLASH_SELECT change the
gpiocfg sleepmask.
Change-Id: Ice4c0d85349eeb547644b134904f95e4a4fe375b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3605882
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add GPIO_SLEEP_DIS_LOW and GPIO_SLEEP_DIS_HIGH to disable sleep when a
gpio with one of those flags is asserted.
GPIO_SLEEP_DIS_LOW disables sleep when the signal is set to 0.
GPIO_SLEEP_DIS_HIGH disables sleep when the signal is set to 1.
This will disable all forms of sleep. The flags can be used for ccd
signals to ensure cr50 doesn't enter sleep while c2d2 or servo micro are
relying on a ccd signal to flash the device.
These flags should not be add to signals used during normal cr50
operation. They disable regular sleep regular sleep so using them will
significantly increase cr50 power consumption.
This change adds GPIO_SLEEP_DIS_HIGH to AP_FLASH_SELECT. I'll add more
signals in followup CLs.
This change also replaces SLEEP_MASK_CHARGING with SLEEP_MASK_GPIO.
Nothing was using SLEEP_MASK_CHARGING.
BUG=b:229974371
TEST=Toggle AP_FLASH_SELECT while the AP is off. Verify cr50 doesn't
enter deep sleep and the gpiocfg and sleepmask output looks ok.
> gpioset AP_FLASH_SELECT 1
> gpiocfg
GPIO0_GPIO1: read 0 drive 0
GPIO0_GPIO2: read 1 drive 1
GPIO1_GPIO0: read 0 INT_RISING
GPIO1_GPIO1: read 0 INT_HIGH
GPIO1_GPIO4: read 0 INT_FALLING
GPIO1_GPIO5: read 0 drive 1
GPIO1_GPIO7: read 0 INT_RISING
GPIO1_GPIO8: read 0 INT_FALLING
gpio sleepmask: 00001000
> sleepmask
sleep mask: 00000008
> gpioset AP_FLASH_SELECT 0
> gpiocfg
GPIO0_GPIO1: read 0 drive 0
GPIO0_GPIO2: read 0 drive 0
GPIO1_GPIO0: read 0 INT_RISING
GPIO1_GPIO1: read 0 INT_HIGH
GPIO1_GPIO4: read 0 INT_FALLING
GPIO1_GPIO5: read 0 drive 1
GPIO1_GPIO7: read 0 INT_RISING
GPIO1_GPIO8: read 0 INT_FALLING
gpio sleepmask: 00000000
> sleepmask
sleep mask: 00000000
>
Change-Id: I1de35455c5a6702635fb714b14d6791f8e5eb2ed
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3605881
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=b:229974371
TEST=Assert AP_FLASH_SELECT then enter and exit deep sleep on EC-EFS
board.
Change-Id: I00437076ef4881dd60dd67e511100410dd155555
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3607064
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New boards generate very short pulses on TPM_RST_L. They deassert
TPM_RST_L and then quickly reassert it. Most processing is not done in
the assert/deassert interrupts. The interrupts schedule deferred
functions to reset the TPM and set the AP state.
tpm_rst_asserted sets the AP state to debouncing and schedules
deferred_set_ap_off_data for a second later.
tpm_rst_deasserted schedules a deferred_tpm_rst_isr call ASAP.
deferred_tpm_rst_isr sets the AP state to on and cancels any pending
deferred_set_ap_off calls. If there's a short period where the AP is
off, cr50 won't enable deep sleep or disable the TPM, it'll be in the
debouncing state until the rising edge, and then the AP will be set back
to on.
The issue with short pulses is cr50 doesn't fully process
deferred_tpm_rst_isr before the tpm_rst_asserted interrupt is
triggered.
tpm_rst_deasserted is triggered which schedules deferred_tpm_rst_isr
tpm_rst_asserted is triggered which schedules deferred_set_ap_off
deferred_tpm_rst_isr is processed which sets the AP state to on and
cancels deferred_set_ap_off.
Even though tpm_rst_asserted happened after tpm_rst_deasserted cr50
process set_ap_on which cancels the pending set_ap_off call. Cr50 gets
left with the AP state on even though tpm_rst_asserted was the last
interrupt. This change adds polling to catch this state after a second,
so cr50 can enable deep sleep.
BUG=b:226680127
TEST=manual
reset the AP on hoglin. check for appoll messages
run firmware_Cr50DeviceState on hatch
comment out enabling the TPM_RST_L interrupt handlers.
verify cr50 eventually gets to the correct ap state.
Change-Id: Ib100d4019a1e65cc4c5ce699d268f65884b4f009
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3597031
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add "K" or "F" to the AP state to give more information about the device
state. K for kernel. F for Firmware.
This uses 48 bytes
BUG=b:148492097
TEST=check ccdstate output at different times during boot. Run
firmware_Cr50DeviceState
Change-Id: If2a26c39047b9ae1818eb8d6afbaafa3d1765ca5
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3597035
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Resetting the AP interferes with factory processes. Wipe the tpm,
disable AP communications, and then enable factory mode without
resetting the AP, so factory scripts can continue running and don't need
to handle a device reset.
BUG=b:229355653
TEST=manual
# "Disconnect" the battery, so cr50 can enable factory mode.
bp disconnect atboot
# Enable factory mode
gsctool -aF enable
# Verify cr50 wipes the TPM
[52.115535 tpm_reset_request(1, 1)]
[52.116683 tpm_reset_now(1)]
[52.494602 Compaction done, went from 12304 to 60 bytes]
...
[52.587989 tpm_reset_now: done]
[52.588844 TPM is erased]
# Verify the AP stayed up and the TPM is disabled
gsctool -af
Problems reading from TPM, got 10 bytes
Failed to start transfer
Change-Id: If64df4e834c8ae65de36c0ebb7ea868d558089bd
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3597032
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
g2f_attestation_cert() is another function which is invoked on the TPM
command context, when virtual TPM NVMEM spaces are read.
One of the side effects of invoking of g2f_attestation_cert() is the
creation of the U2F state, if it did not exist before. In this case
the state should not be immediately committed to the NVMEM, the commit
will happen when the TPM command execution is completed.
BUG=b:199981251
TEST=running ./test/tpm_test/tpmtest.py does not trigger the 'attempt
to commit in unlocked state' message any more.
'make buildall' and 'make CRYTPO_TEST=1 BOARD=cr50' pass
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I708e8807ffd3207cc6ab84a0e380908e715f7a15
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3482487
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The disable deep sleep variable is supposed to be temporary and only
apply to the next TPM_RST_L pulse. If TPM_RST_L doesn't get asserted
within 10 seconds of the disable deep sleep vendor command, it probably
means something went wrong with suspend and it was aborted. Clear
disable deep sleep after 10 seconds, so it doesn't get applied to some
other suspend.
BUG=b:222124677
TEST=manual
# Send command to disable deep sleep
trunks_send --raw 80010000000c20000000003b
> [50.252944 dis DS]
ccdstate
DS Dis: on
# Wait 10 seconds and make sure cr50 clears it
> [60.252941 DDS: clear]
# Send command to disable deep sleep
trunks_send --raw 80010000000c20000000003b
# Shutdown the device immediately.
shudown -P now
# Verify cr50 disables deep sleep
1 [24.650581 dis DS]
1/[27.364002 tpm_rst_asserted]
[28.364776 AP off]
[28.365516 Block DS]
# Wait 20 seconds. Check that cr50 doesn't clear it
> ccdstate
DS Dis: on
AP: off
..
> idle
idle action: sleep
# boot the device
10| 1 inicom2.8Minicom2.8[85.437511 deferred_tpm_rst_isr]
[85.438472 AP on]
[85.439010 set TPM wake]
[85.439594 tpm_reset_request(0, 0)]
[85.440494 tpm_reset_now(0)]
[85.443954 tpm_init]
tpm_manufactured: manufactured
[85.446109 tpm_reset_now: done]
[85.446891 DDS: clear]
# shutdown the device
# check cr50 enters deep sleep
Change-Id: I2140dbb01e8d9b21c5f5309e43efc21b636361e5
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3498704
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The DIOA1 PINMUX definition uses a GPIO flag instead of a DIO flag. It
doesn't matter that much, because GPIO_INPUT maps to DIO_DIRECT_INPUT
which is a noop. i2cp_set_pinmux configures the DIOA1 input in existing
images. This change just modifies the flag for correctness.
BUG=b:221090807
TEST=check pinmux output on spi and i2c boards. Verify it doesn't
change.
Change-Id: I227156e5799d872da32a87a7bcab4ae638c18c08
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3495872
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a vendor command that returns the time since user_pres_l was
asserted. This is only used for testing.
Tracking user_pres_l needs to be enabled with a vendor command since
DIOM4 may not be pulled up and may be pulled down on old boards.
Enabling the vendor command survives deep sleep reset. It gets cleared
after cr50 reset.
Cr50 clears the user_pres_l status if tracking is disabled.
BUG=b:219981194,b:208504127
TEST=manual
# Verify it survives deep sleep
sudo gsctool -y enable
sudo gsctool -y
...
user pres enabled
# enter deep sleep
sudo gsctool -y
...
user pres enabled
# Verify it doesn't survive cr50 reboot
sudo gsctool -y enable
sudo gsctool -y
...
user pres enabled
cr50 > reboot
sudo gsctool -y
...
user pres disabled
# Check gsctool output after triggering DIOM4 pulse
sudo gsctool -y enable
# Trigger pulse and wait 5 seconds
sudo gsctool -y
...
user pres enabled
last press: 5064331
Change-Id: Ib37980a5cd8d3378bf718e8e32a7d4152435a816
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3495863
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The problem is in the below chain invoked on processing TPM Clear command:
_plat__OwnerClearCallback()
u2f_gen_kek_seed()
u2f_get_state()
u2f_load_or_create_state()
write_tpm_nvmem_hidden()
NvCommit()
This chain is executed only if U2F data do not exist in the NVMEM.
The end result is write_tpm_nvmem_hidden() invoking nvmem_commit()
which removes the lock, which in turn causes the error when tmp command
processor tries to commit nvmem in the end of processing the command.
This is why the problem happens only once, after the first time U2F data
is present and the above chain is not traversed.
In the fix we avoid calling u2f_get_state() from u2f_gen_kek_seed() by
updating U2F state in memory if it is loaded and in nvmem directly.
Also discovered and fixing bug that resulted in platform owner
not being properly cleaned due incorrect error checking.
_plat__OwnerClearCallback() modified to print error status.
However, this fix doesn't address a case when tpm_test.py fails first
time on TPM2_Startup.
BUG=b:199981251
TEST=tcg tests now passes without errors from clean TPM state,
test/tpm_test/tpmtest.py passes U2F tests.
in CCD with CRYPTO_TEST=1
fips kek works after initial fw upload.
fips u2f
fips kek works with U2F state.
----------------------- Test Environment -------------------------------
Test Suite Version: 2.1a
Operating System: Linux
Processor Information: Intel(R) Core(TM) i9-10885H CPU @ 2.40GHz
TDDL Version: SocketTDDL
-------------------------- Test Object ---------------------------------
TPM Vendor: CROS
TPM Firmware Version: a77bf07 2
TPM Spec Version: 1.16
Vendor Specific Info: xCG , fTPM, ,
Tested Spec Version: 1.16
---------------------- Test Result Summary -----------------------------
Test executed on: Tue Feb 22 19:07:53 2022
Performed Tests: 248
Passed Tests: 248
Failed Tests: 0
Errors: 0
Warnings: 0
========================================================================
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I452129bd696c5207dbef22ef1489fdab924677eb
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3482484
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cr50 resets the EC when key_combo0 is pressed, so it can clear the ec
boot mode.
BUG=b:219102909
TEST=none
Change-Id: I3d024b5a16d5658cf259b5513513e7734aa62d31
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3457894
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL in case of unorderly TPM reset that doesn't also reset GSC
preserves RAM-backed values of orderly nv indices.
BUG=b:201101365
TEST=1) create an orderly counter
2) increment it
3) trigger EC reset
4) verify that the counter value was preserved
Cq-Depend: chromium:3417937
Change-Id: I799183ad06584055d025c2acf5f83ff2ded32d39
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3418122
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. ECDSA pair-wise consistency test failure wasn't updating FIPS status.
Added new failure bit FIPS_FATAL_ECDSA_PWCT.
2. ECDSA KAT was only simulating error in verify, but not in sign.
Split 'fips ecdsa' into 'fips ecver' and 'fips ecsign'.
3. Added a way to introduce self-integrity error by not updating FIPS
module digest with 'FIPS_BREAK=1' during build.
4. Added reporting of FIPS module digest.
BUG=b:134594373
TEST=make CRYPTO_TEST=1;
in ccd test:
fips pwct; tpm_test.py should fail; fips should print error.
-
fips ecver; fips test reports ECDSA error
fips ecsign; fips test reports ECDSA error
-
FIPS module digest is printed
-
FIPS_BREAK=1 make CRYPTO_TEST=1 produce build with zero digest
reporint FIPS self-integrity error.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ib0a92c118f07a76e4b52eaf9b011ff4f73a02c61
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3425998
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a vendor command to disable deep sleep the next time TPM_RST_L is
asserted. Normally cr50 enters deep sleep whenever TPM_RST_L is
asserted. New boards want to disable deep sleep during certain power
states. This vendor command allows the AP to disable deep sleep for the
next suspend cycle.
When deep sleep is disabled, cr50 modifies TPM_RST_L to be WAKE_HIGH and
sets it back to WAKE_LOW after TPM_RST_L is deasserted, so TPM_RST_L
doesn't constantly wake cr50 from regular sleep.
This uses 248 bytes
BUG=b:214479456
TEST=manual
# Check G3 resume works ok.
# Disable Deep Sleep from the AP. The vendor command is 59
# (0x3b)
trunks_send --raw 80010000000c20000000003b
ccdstate
DS Dis: on
AP > shutdown -P now
...
[454.992733 Block DS]
ccdstate
DS Dis: on
pinmux
40060018: DIOM3 0 IN WAKE_HIGH
idle
idle action: sleep
# Verify cr50 starts cycling through sleep spinner at two ticks
# a second.
EC > powerbtn
# check the cr50 console
...
Aï¿œUART on]
10/ 1 [102.484012 Missed edge]
[102.484352 deferred_tpm_rst_isr]
[102.484580 AP on]
[102.484779 set TPM wake]
[102.484981 tpm_reset_request(0, 0)]
[102.485279 tpm_reset_now(0)]
[547.928375 AP on]
[547.928615 set TPM wake]
pinmux
40060018: DIOM3 0 IN WAKE_LOW
# Disable Deep Sleep from the AP. The vendor command is 59
# (0x3b)
trunks_send --raw 80010000000c20000000003b
ccdstate
DS Dis: on
ecrst pulse
...
[602.638427 AP on]
[547.928615 set TPM wake]
[602.638668 tpm_reset_request(0, 0)]
...
ccdstate
DS Dis: off
# Check S3 resume works ok.
# Use AP commands to enter S3
AP > trunks_send --raw 80010000000c20000000003b
AP > echo deep > /sys/power/mem_sleep
AP > echo mem > /sys/power/state
10\ 1 [243.409412 dis DS]
1|[249.536811 tpm_rst_asserted]
[250.537197 AP off]
[250.537631 Block DS]
# Wake the AP with a power button press from the EC
EC > powerbtn
# verify cr50 prints "Missed edge", but the device resumes ok.
1/ 10- 1 [270.112655 Missed edge]
[270.113037 deferred_tpm_rst_isr]
[270.113315 AP on]
[270.113529 set TPM wake]
[270.113712 tpm_reset_request(0, 0)]
[270.114013 tpm_reset_now(0)]
[270.116996 tpm_init]
tpm_manufactured: manufactured
[270.118301 tpm_reset_now: done]
[270.156967 PinWeaver: Loading Tree!]
[270.189353 Skipping commit]
Change-Id: I96049a9d38b5c66acad9c73628f588f4cf6b2b3f
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3406587
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add "ERROR" and some exclamation points to make invalid strap messages
more noticeable.
BUG=b:214550629
TEST=look at invalid strap error messages on red board.
strap pin readings: a1:3 a9:1 a6:1 a12:3
[0.005569 WARN Ambiguous strap cfg. Use spi based on old brdprop.]
[0.006675 get_properties: ERROR NO TABLE ENTRY!!! cfg: 0x7 prop: 0x1]
strap pin readings: a1:3 a9:1 a6:1 a12:3
[0.005649 get_properties: ERROR INVALID STRAP PINS!!! cfg 0xd7 prop 0x42
Change-Id: Ie1e29fd4152a2b3f984989e37b771339895e6a0e
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3390071
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=cr50 uses red board straps after power-on and hard resets.
Change-Id: I0ee4a48a3e8661565dede1f7686cf6b2e1181914
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3386406
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Log brdprop errors in flog, so the team can track brdprop errors from
the AP without grepping through cr50 logs.
BUG=b:214550629
TEST=flash on red board. Verify invalid strap events are logged.
enable closed-loop-reset on the red board. Verify "ambiguous" strap
logs are ignored.
Change-Id: Ibea73fb19119fa81ed3652c5d68e430cdbae9fa5
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3386405
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We do FIPS power-on test on cold boot only and only redo it on wake
from sleep if there was an error earlier. However, when waking we didn't
set FIPS mode flags properly causing incorrect reporting of not-approved
mode while there are no errors.
On the other side, some nvmem code which doesn't use FIPS crypto was
calling crypto_enabled() before FIPS power-on tests where completed,
which caused failure of load_ec_hash when it was present. Adjust
behavior of crypto_enabled to only check for lack of FIPS errors, but
not completion of power-on tests. This way we unblock nvmem init code
early in the boot, while still block access if any FIPS errors happens
later.
BUG=none
TEST=make; in CCD - try idle d
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ibae3654cc1289fef439f9e03cb90170f3377f0da
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3373465
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
