| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When running the spihash command using gsctool (as opposed to the
running it from the Cr50 console), the operator needs to be prompted
when the PP button needs to be pressed.
This patch extends spihash command implementation by adding a new
subcommand for polling physical presence.
BRANCH=cr50, cr50-mp
BUG=b:73668125
TEST=with the appropriate gsctool changes the user is periodically
prompted to press the physical presence button, and eventually it
is possible to set up spi hash access to AP and EC.
Change-Id: I96aed1619d364c80a2f35ca8dc41241f1a444103
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/930568
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit d015bc937c0eecf1cb8f1b163874ea69c890dea4)
Reviewed-on: https://chromium-review.googlesource.com/942117
(cherry picked from commit 683dc5cfda7eb6246f9aea89d296597eb60ed765)
Reviewed-on: https://chromium-review.googlesource.com/949072
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This option will cause usb console output to block and
also compute a crc32.
Signed-off-by: mschilder@google.com
TEST=make buildall -j
BRANCH=none
BUG=none
Change-Id: Icf66d5ddbea52008a9c97094e7c83194caa7db79
Reviewed-on: https://chromium-review.googlesource.com/936281
Commit-Ready: Marius Schilder <mschilder@chromium.org>
Tested-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit e5e1b7ea5dbc6a22e14c63ef9a6c4f00cfd1993f)
Reviewed-on: https://chromium-review.googlesource.com/949075
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add crc32_ctx.. functions to take context parameter.
This allows for multiple instances to exist in parallel.
Conflicts:
test/build.mk
Signed-off-by: mschilder@google.com
TEST=make buildall -j8 succeeds
BRANCH=none
BUG=b:73832883
Change-Id: I66bbc56377eeebf01c790caad0bc4c7a51a1bc58
Reviewed-on: https://chromium-review.googlesource.com/935825
Commit-Ready: Marius Schilder <mschilder@chromium.org>
Tested-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit 3c4800e59452a7124c34f563d548e09849d59b8d)
Reviewed-on: https://chromium-review.googlesource.com/949074
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Various parts of Cr50 code and Cr50 related utilities duplicate
definition of __packed available in include/common.h. Let's use the
same definition everywhere.
BRANCH=cr50, cr50-mp
BUG=none
TEST=make buildall succeeds
verified that linker generated map files for Cr50 RW are the same
before and after this change.
built and used gsctoo and rma_reset
Change-Id: Ib91f9bbad1f6822b347f32b393630f592df80d60
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/931929
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 58759f5fbb21edaafab8fe212980a8cae692e686)
Reviewed-on: https://chromium-review.googlesource.com/949071
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The console command now calls the vendor command to do the work.
Otherwise, the same as before.
Conflicts:
include/tpm_vendor_cmds.h
set to the upstream version.
BUG=chromium:804507
BRANCH=cr50 release (after testing)
TEST=manual:
# Sample sequence
spihash ap -> requires physical presence; tap power button
spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin
spihash dump 0 128 -> dumps first 128 bytes; compare with image.bin
spihash 128 128 -> offset works
spihash 0 0x100000 -> gives a hash; doesn't watchdog reset
spihdev ec
spihash 0 1024 -> compare with ec.bin
spihash disable
# Test timeout
spihash ap
# Wait 30 seconds
spihash 0 1024 -> still works
# Wait 60 seconds; goes back disabled automatically
spihash 0 1024 -> fails because spihash is disabled
# Presence not required when CCD opened
ccd open
spihash ap -> no PP required
spihash 0 1024 -> works
spihash disable
# Possible for owner to disable via CCD config
ccd -> HashFlash is "Always"
ccd set HashFlash IfOpened
ccd lock
spihash ap -> access denied
# Cleanup
ccd open
ccd reset
ccd lock
Change-Id: Ife9335a1e402a7596d99bf515ec89ff94e8a0044
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/910083
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit f49e1c3b42026eeaf57df0fd86b43660ddb1c184)
Reviewed-on: https://chromium-review.googlesource.com/927720
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows hashing or dumping SPI flash from the Cr50 console even on
a locked device, so you can verify the RO Firmware on a system via CCD.
See design doc: go/verify-ro-firmware
(more specifically, "Cr50 console commands for option 1")
BUG=chromium:804507
BRANCH=cr50 release (after testing)
TEST=manual:
# Sample sequence
spihash ap -> requires physical presence; tap power button
spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin
spihash 0 128 dump -> dumps first 128 bytes; compare with image.bin
spihash 128 128 -> offset works
spihash 0 0x100000 -> gives a hash; doesn't watchdog reset
spihdev ec
spihash 0 1024 -> compare with ec.bin
spihash disable
# Test timeout
spihash ap
# Wait 30 seconds
spihash 0 1024 -> still works
# Wait 60 seconds; goes back disabled automatically
spihash 0 1024 -> fails because spihash is disabled
# Presence not required when CCD opened
ccd open
spihash ap -> no PP required
spihash 0 1024 -> works
spihash disable
# Possible for owner to disable via CCD config
ccd -> HashFlash is "Always"
ccd set HashFlash IfOpened
ccd lock
spihash ap -> access denied
# Cleanup
ccd open
ccd reset
ccd lock
Change-Id: I27b5054730dea6b27fbad1b1c4aa0a650e3b4f99
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/889725
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit ff4d22819a8cccaae7bec08a973916f39154f3b2)
Reviewed-on: https://chromium-review.googlesource.com/927717
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When user is trying to execute 'ccd open' or 'ccd unlock' and password
is set, the return error code does not allow to tell the reason for
the command failure.
Let's add a distinct return code to indicate this condition so that
the user can supply password.
BRANCH=cr50
BUG=b:62537474
TEST=verified along with the accompanying gsctool modifications.
Change-Id: I286f87ab12114cd7dd7ebcdf0e321f7a24723367
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/861208
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit d99e680b3ce01db9561739862d4e584820060db7)
Reviewed-on: https://chromium-review.googlesource.com/896785
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When implementing 'ccd open' and 'ccd unlock' through gsctool, we need
to be able to pass to the host the state of the physical presences
state machine regarding the expected user action (pressing the PP
button).
Two new VENDOR_CC_CCD subcommands are being added: CCDV_PP_POLL_OPEN
and CCDV_PP_UNLOCK. In response to these commands, the Cr50 always
returns VENDOR_RC_SUCCESS return code and a single byte payload
showing the CCD and PP state:
- CCDPP_CLOSED - PP process is not running, CCD closed. Maybe user
missed a button press deadline.
- CCDPP_AWAITING_PRESS (self explanatory)
- CCDPP_BETWEEN_PRESSES (self explanatory)
- CCDPP_PP_DONE - CCD is opened/unlocked (as per user request), PP
process succeeded.
BRANCH=cr50
BUG=b:62537474
TEST=with the upcoming change to gsctool verified that PP states are
properly conveyed to the user.
Change-Id: I97b1fef4440eea93c5c5ac01b7c60bfce9a4595c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/861001
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 8347907c46df8186d339c10dcca1b1c5f8f641ed)
Reviewed-on: https://chromium-review.googlesource.com/896783
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Depending on device configuration and compile time options, CCD
commands 'open' and 'unlock' could either be executed immediately, or
require the user to take the device through physical presence state
machine.
As these commands execute through TPM vendor commands, there needs to
be a different return value indicating that the command action is not
finished and PP process is in progress.
Let's add another vendor command return value, and do not consider it
a failure if vendor command returns this value in response to 'ccd
open' or 'ccd unlock'.
BRANCH=cr50
BUG=b:62537474
TEST=took an Eve through 'ccd open' sequence
Change-Id: Ie62ccfb4319a13b6fb6c1c854a0ea26beb9f517c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/860999
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 88c5e62f89a7d9eab423c8fd11dd49c51e512826)
Reviewed-on: https://chromium-review.googlesource.com/896761
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds an API which exports current physical presence state
machine state to allow the caller to see if the state machine is in
one of the three distinct states:
- no PP process in progress
- user PP input is expected
- PP process in progress, user input is not currently expected
BRANCH=cr50
BUG=b:62537474
TEST=with the rest of the patches applied verified that PP state is
properly communicated through this API.
Change-Id: Ia10cd20c490dadef595f30e0b7257e51b6abf8fa
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/860998
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit 0207f0c53ba644a3fc2a4df8ce6f316faf6b7033)
Reviewed-on: https://chromium-review.googlesource.com/896760
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using and extending the existing framework, move ccd commands
'password, lock, open, and unlock to the same processing path.
The first three commands accept a single parameter, password. It is
required for the password command and optional for unlock and open.
The lock command does not require any parameters.
Wiping the TPM, if necessary, now happens on the same context where
CCD command is executed, i.e. the TPM task context. This is why the
same context TPM reset function needs to be exported and used here.
ccd_open() and ccd_unlock() could be further refactored, this would
require a bit more effort to find appropriate balance between
commonalities and differences.
BRANCH=cr50
BUG=b:62537474
TEST=verified that ccd commands to open, unlock, lock and set and
clear password all work.
Change-Id: I2b9f2b550347b590a55bfaef262a4f050d3f4c1c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/854709
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit b31fca4b91f10be84a845222775b67553d63bf4e)
Reviewed-on: https://chromium-review.googlesource.com/896757
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want CCD commands lock, open, password, and unlock (at least to
start with) to be available over both CLI and through crosh (i.e.
coming over /dev/tpm0).
Let's allocate a TPM vendor command for handling all CCD subcommands,
and move to this new framework the 'ccd password' command, which
already is available over vendor command.
BRANCH=cr50
BUG=b:62537474
TEST=verified that 'ccd password' still works both over Suzy-Q CLI and
using gsctool on the target.
Change-Id: I2d06230b762f47af7e580b188a587bc5678ca169
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/853280
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 877e5909b403cd40b415757b2921594bb6d8a021)
Reviewed-on: https://chromium-review.googlesource.com/896754
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Nobody is calling the flush function for consumer_ops structure,
so let's remove it to save flash space, until we find a use for it.
CQ-DEPEND=CL:*529221
BRANCH=none
BUG=chromium:795624
TEST=make buildall -j, saves from 40 to 128 bytes on some boards.
Change-Id: Iad18b30f419ccebc54a90914ec46da84b8d19601
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/826905
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
(cherry picked from commit bbb40ce21d7a972c812621091390a994c6fce4b6)
Reviewed-on: https://chromium-review.googlesource.com/896748
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The modified CRC8 implementation didn't detect some errors. For
example, using the modified CRC8: CC5QQLALU and DC5QQLALU calculates
to the same value.
BUG=b:37952913
BRANCH=none
TEST=make buildall
Used online CRC-5-USB calculator to test several values against
this implementation.
Signed-off-by: Sam Hurst <shurst@chromium.org>
Change-Id: I5a17941e25691872a25b41525f65f36e2ed1d4fa
Reviewed-on: https://chromium-review.googlesource.com/660812
Commit-Ready: Sam Hurst <shurst@google.com>
Tested-by: Sam Hurst <shurst@google.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Michael Tang <ntang@chromium.org>
(cherry picked from commit cdcc09096ad5fac8e74903346b09552e3aeb3547)
Reviewed-on: https://chromium-review.googlesource.com/896746
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Setting password should be allowed only after the owner logged in for
the first time and before they log out or someone else logs in.
Once any other user but the owner logs in, it should become impossible
to set password until the device is reset.
As proposed here, this would apply to both attempts to set password
through crosh and Cr50 console.
Password handling on Cr50 passes the following states:
- password setting is not allowed after Cr50 reset until an upstart
(as opposed to resume) TPM startup happens, as signalled by the TPM
callback. After the proper TPM reset the state changes to
'POST_RESET_STATE' which means that the device was just
reset/rebooted (not resumed) and no user logged in yet.
- if the owner logs in in this state, the state changes to
'PASSWORD_ALLOWED_STATE'. The owner can open crosh session and set
the password.
- when the owner logs out or any user but the owner logs in, the state
changes to PASSWORD_NOT_ALLOWED_STATE and does not change until TPM
is reset. This makes sure that password can be set only by the owner
and only before anybody else logged in.
Separate changes to the TPM library code make sure that TPM reset is
reported through the platform layer, so that POST_RESET_STATE is
entered.
BRANCH=cr50
BUG=b:67007578
TEST=with the rest of the infrastructure in place verified that
password can be set only when the owner logged in for the first
time before anybody else logs in or the owner logs out.
Change-Id: Ieaa3dc8ff9d2e43ae11151eb31173220f5c75b58
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/804141
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
(cherry picked from commit 91c1b0abab0889359a1e1cfc6e764266536e18f2)
Reviewed-on: https://chromium-review.googlesource.com/820564
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new vendor command takes the CCD state machine through necessary
transitions leaving it in the CCD locked state.
It succeeds only if user password is not set and CCD capabilities are
right, which is guaranteed to be the case after an RMA unlock.
BRANCH=cr50
BUG=b:68213540
TEST=tested using the modified gsctool utility.
Change-Id: Ic2cce34e74b1ff476841cfa1a99f50d6a947c315
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/784352
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit baff7ae621d88929c0ab808eee54c081e44b2710)
Reviewed-on: https://chromium-review.googlesource.com/813080
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These functions are not used by usb_i2c.c on chip/stm32, let's
move them to board/cr50 which is the only place where they are
used.
Conflicts:
board/hammer/board.c
board/tigertail/board.c
BRANCH=none
BUG=None
TEST=make buildall -j
Change-Id: I8c1b292838b8dbee9a9001add9332e0add80c342
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/778749
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit cd1f377f16fefc87e9d24290dc281ea193f7732b)
Reviewed-on: https://chromium-review.googlesource.com/813077
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the Cr50 code resets TPM communications layer at a certain
point during TPM reset process.
It turns out that this is not sufficient - the comms layer keeps
receiving and trying to invoke TPM layer, which does not mesh well
with TPM reset.
Let's provide two callbacks for each comms layer - to shut it down and
to bring it back up. We shut down the comms when starting TPM reset
and bring them back up when reset is completed.
BRANCH=cr50
BUG=b:68012381
TEST=ran AP firmware test suite on both SPI and I2C based devices.
Change-Id: I7caf4a09b9a5c6e5fc6bfe60eae1c0d64ab24904
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/754502
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit 3919001a390f593ba8e022f223bf1e43b7dbc0a2)
Reviewed-on: https://chromium-review.googlesource.com/766076
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is necessary to be able to set password both from the Cr50 console
and through a vendor command.
This patch moves all password management logic to the TPM task context
using the alternative vendor command path.
BRANCH=cr50
BUG=b:62537474
TEST=verified that using Cr50 console CCD password still can be set
and cleared as before.
Change-Id: I0574caf931e3717567fdb270e406643eac47764b
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/740914
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 734fe2d40bbd3f8068a0bfae7d3d10b53d97019c)
Reviewed-on: https://chromium-review.googlesource.com/766073
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TPM reset sequence when TPM wipeout is requested has a side effect of
rebooting the entire device. This is not always desirable, in some
cases other actions need to happen before the device is rebooted.
This patch makes resetting the EC the TPM reset caller's responsibility,
BRANCH=cr50
BUG=none
TEST=verified that RMA reset and WP disable properly wipe out the TPM
and reboot the device.
Change-Id: I6e827ce923a2454ae5b2e2597d1a4c9390bbb8b6
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/733813
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit e3d15afa68d9e4c8866a0301b33ff6e6d78b1750)
Reviewed-on: https://chromium-review.googlesource.com/736814
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When RMA process has been initialized and the user entered the
expected authentication code value, the Cr50 needs to wipe out TPM
memory, open and unlock CCD and reboot the device.
This patch adds a function to accomplish that. User response is
validated on the TPM task context, and TPM reset request also requires
TPM task processing. To decouple response processing from the
following reset, the response processing is handled by a hook task
callback, delayed for 1s to make sure that user receives the response.
After TPM has successfully reset the CCD is reinitialized with RMA
'opened' and the device is rebooted.
Just in case something goes wrong with the unlock and the hook is not
invoked, add a 10s deferred function to take the EC out of reset so
that the device still can reboot.
BRANCH=none
BUG=b:67007905
TEST=on a Bob device:
- on the Cr50 console enter 'ccd lock', verify that ccd is locked
(by examining output of the 'ccd' command)
- at the bash prompt enter gsctool -r -s -t, copy the
authentication code from the Cr50 console and pass it to gsctool.
- observe the device reset TPM wiping out its memory, enable CCD
and reboot.
Change-Id: I6fafb5e642cb2b6f2040507a7f1989607fd31316
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/729983
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit aeb0c8e4b90e6f5b9a2aaba776e4ed3db675e073)
Reviewed-on: https://chromium-review.googlesource.com/736812
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Move generic implementation to curve25519-generic.o
- Always use optimized version on cortex-m0.
- Rename .s files to .S, remove unnecessary lines in assembly files.
- Rename crypto_scalarmult_curve25519 to x25519_scalar_mult to match
the signature provided by the generic implementation.
- Replace some handcoded memcpy with function calls
- Remove unnecessary "volatile" specifications in the code.
Conflicts:
common/build.mk
core/cortex-m0/curve25519/mpy121666.S
core/cortex-m0/curve25519/mul.S
core/cortex-m0/curve25519/reduce25519.S
core/cortex-m0/curve25519/scalarmult.c
core/cortex-m0/curve25519/sqr.S
BRANCH=none
BUG=b:62813194
TEST=To test old implementation only:
- Increase CONFIG_RO_SIZE to 60kb
- Increase console stack size to 2048
make BOARD=hammer PROJECT=x25519 TEST_BUILD=y
./util/flash_ec --board=hammer --image=build/hammer/x25519.bin
EC console: runtest, taskinfo
=> Used to takes ~4'17" to run (X25519 duration 256347 us).
1496/2048 stack size usage in CONSOLE task
=> Now takes ~1'25" to run (X25519 duration 84520 us)
732/2048 stack size usage in CONSOLE task
TEST=In test/x25519.c, uncomment #define TEST_X25519_1M_ITERATIONS
make BOARD=hammer PROJECT=x25519 TEST_BUILD=y
./util/flash_ec --board=hammer --image=build/hammer/x25519.bin
EC console: runtest, wait ~23 hours, test passes.
TEST=- Define CONFIG_CURVE25519_CORTEXM0 (next patch)
makes newsizes
build/hammer/RW/ec.RW.flat shrank by 1888 bytes: (52208 to 50320)
Change-Id: Icce38d3c32f431a85ac0f951cf34456b490dc665
Reviewed-on: https://chromium-review.googlesource.com/540962
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
(cherry picked from commit edc668ea6cca1d4f3e53c211406d6a8bf5fe6364)
Reviewed-on: https://chromium-review.googlesource.com/734797
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Keep only the most compact version of the curve25519 code
and remove the remaining unused code for easier compilation.
Do the minimal changes to make it compile in the EC code base,
there should be no real functional changes.
Re-use the wording from BoringSSL include/openssl/curve25519.h for the
header.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=none
BUG=chrome-os-partner:62991
TEST=run x25519 on host (ie 'make run-x25519')
and the STM32L4 target:
make BOARD=eve_fp PROJECT=x25519 TEST_BUILD=y
./util/flash_ec --board=eve_fp --image=build/eve_fp/x25519.bin
execute 'runtest' in the console.
Change-Id: I13dbe453eff39b461effb1b3ffa549afc1749fef
Reviewed-on: https://chromium-review.googlesource.com/444187
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Adam Langley <agl@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 0d858f1544cfd50f4a63f348d722bb16d638c0b1)
Reviewed-on: https://chromium-review.googlesource.com/734796
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In some scenarios we want to take RW updates w/o taking version numbers into consideration,
much like the behavior we get w/ CR50_DEV.
But then without the additional CR50_DEV features enabled for the rest of the code.
BRANCH=none
BUG=none
TEST=compiles
Change-Id: I7dd946ab77bbdc35850ed934cd53735418e13845
Reviewed-on: https://chromium-review.googlesource.com/724967
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Marius Schilder <mschilder@chromium.org>
Trybot-Ready: Marius Schilder <mschilder@chromium.org>
(cherry picked from commit e5663fcc81f7341a1b0fa7bd6f9904093f0a3f56)
Reviewed-on: https://chromium-review.googlesource.com/734793
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TPM task provides access to various cryptographic functions which
require huge stack size. Some other contexts might require to execute
these functions, but no other task in the system has enough stack.
The suggested solution is to create an alternative TPM task execution
path, where the command comes not from the communications interface
(SPI or I2C), but from another task in the system.
An interface function is created to allow a single task to pass the
command to the TPM task. The task requesting the alternative execution
path creates the command context, sends an event to the TPM task to
alert it to the presence of the command and then polls the flag
indicating that the TPM task has completed execution of the command.
BRANCH=cr50
BUG=b:67008109
TEST=tested after applying the next patch (add console command for
generating RMA auth challenge).
Change-Id: I168489a5fbb4a3e1d718198812019116738b2f61
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/699523
(cherry picked from commit a960c5684cfadcec348ba101aa2cecea57e5e2ab)
Reviewed-on: https://chromium-review.googlesource.com/734786
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The usb_updater utility has long been not just an updater, and has
long been using other interfaces in addition to USB. gsctool is a much
more suitable name.
Conflicts:
docs/usb_updater.md
extra/usb_updater/Makefile
extra/usb_updater/usb_updater2.c
include/rwsig.h
CQ-DEPEND=CL:709776
BRANCH=cr50
BUG=b:67007500
TEST=verified that make -C ./extra/usb_updater generates
./extra/usb_updater/gsctool:
$ ./extra/usb_updater/gsctool --help
Usage: gsctool [options] <binary image>
This updates the Cr50 RW firmware over USB.
The required argument is the full RO+RW image.
Options:
[...]
$
Change-Id: I3ab70c28acf3664ddefaa923a87ba1fd5c3c437b
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/709738
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit a08f61506cc71b690858e51da905c7dcb2d7ef10)
Reviewed-on: https://chromium-review.googlesource.com/734785
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a PERSO_AUTH appid to sign data passed through the
AUTH mn50.
Add a signer command to start and generate signatures.
Clean UART init to avoid spurious nonprinting characters
that will contaminate the siugnature.
Conflicts:
board/mn50/board.c
BUG=b:36910757
BRANCH=None
TEST=generates signature for uart and spi
Signed-off-by: Nick Sanders <nsanders@chromium.org>
Change-Id: I5fc3c4ee34898421060b57b774a09734f6a1bae5
Reviewed-on: https://chromium-review.googlesource.com/670984
Reviewed-by: Marius Schilder <mschilder@chromium.org>
(cherry picked from commit 02045eb040227250689caec9b9401c2cd3861363)
Reviewed-on: https://chromium-review.googlesource.com/734784
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enable necessary flags for the Cr50 to start supporting RMA
authentication. This also requires that the RMA server public key
definition is split between the actual and test. Even though they are
the same at this time, the actual public key would be defined in the
new future and it would be different from the test key.
BRANCH=cr50
BUG=b:65253310
TEST=make buildall -j passes. More tests were conducted on the full
patchset.
Change-Id: I5a3f9d8c71374d78192e3f0a2752391b842da962
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/691554
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit b097ecdcc5785f24f6405eb8a19dce52064912a2)
Reviewed-on: https://chromium-review.googlesource.com/734781
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new vendor command operates in two modes: when received with a
zero size payload, it triggers the Cr50 to generate a new RMA
authentication challenge and the expected authentication code value.
When receive with the payload, it compares the received payload with
the pre-calculate authentication code, and returns to the host the
comparison result (passed/not passed).
A care is taken not to accept payload until at least there is a valid
calculated auth code present (to avoid reporting a match on a payload
of all zeros).
Test config needed to be modified to allow compiling of the ccprintf
wrapper.
BRANCH=cr50
BUG=b:37952913
TEST=with the rest of the patches applied observed expected behavior
of generating challenge/response and verifying the auth code.
Change-Id: I30638b0ceef68830565f222dd1f4af17cfc8d7ef
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/690992
(cherry picked from commit 2341692a8fe7f9b6327a060659b1e76bbe114e12)
Reviewed-on: https://chromium-review.googlesource.com/734637
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RMA auth uses X25519 to generate a relatively small challenge and
response.
Currently, nothing calls the rma_auth code. We'll need console and
TPM vendor commands to do so.
BUG=b:37952913
BRANCH=none
TEST=make buildall
Change-Id: Iec7f2d0e3dc8243f79b009ead16bb3ba9f1bef9d
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/544184
(cherry picked from commit 282765fdd409fd16ed1e092e5d7fee8de5af7a5a)
Reviewed-on: https://chromium-review.googlesource.com/734634
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The WebUSB specification defines a specific Platform Descriptor in the
Binary Object Store:
https://wicg.github.io/webusb/#webusb-platform-capability-descriptor
This descriptor provides a special 'Landing page' URL to the host
browser and associated privileges for it.
Bump the USB version for BOS descriptors to 2.1 to be compatible with
Chrome implementation.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BUG=none
BRANCH=twinkie
TEST=manual: on Twinkie (chip/stm32) and HG proto2 (chip/g), enumerate
WebUSB descriptors with lsusb and connect to a WebUSB page in Chrome
R61+.
Change-Id: I7211ab554f4a6c156c1e8e79a3d9f0d6644217c6
Reviewed-on: https://chromium-review.googlesource.com/664813
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
(cherry picked from commit 77f011206c87a7a3e8cd93d3635c6c4f0ea3e32d)
Reviewed-on: https://chromium-review.googlesource.com/734626
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove 'ryu' and related ryu-only code.
Conflicts:
board/ryu/board.c
board/ryu/board.h
include/config.h
power/build.mk
util/genvif.c
BUG=None
TEST=`make buildall -j`
BRANCH=None
Change-Id: I19b966ea6964a7ed083724f7de80ae192235a406
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/656314
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
(cherry picked from commit f67f1a9b7874824e3744ef173ba76135440b328d)
Reviewed-on: https://chromium-review.googlesource.com/660895
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Minor cleanup to the 'ccd help' command.
Add 'ccd get' as a clearer alias to print the config.
Change CONFIG_CMD_CCDDISABLE to CONFIG_CMD_CCD_DISABLE to indicate
that it's a sub-command for 'ccd'.
BUG=b:65407395
BRANCH=cr50
TEST=manual
ccd -> see clue for 'ccd help'
ccd help -> see 'get' command
ccd get -> prints config
ccd disable -> error (config option isn't defined by default)
Change-Id: Icbcaa178171ca948cfaae58ab1a1e73ab3d95243
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/654380
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit f3c51cb5bcdf469faf843e76af9d7c468b640960)
Reviewed-on: https://chromium-review.googlesource.com/660894
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For historical reasons, CCD, reset, and power button control were
scattered around several files. Consolidate the code in more sensible
(in retrospect) places.
No functional changes, just moving code.
BUG=none
BRANCH=cr50
TEST=make buildall; boot cr50
Change-Id: Ic381a5a5d0627753cc771189aa377e88b81b155e
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/653766
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit ccb151d013d429337a1bb07adfdb55469f3543ba)
Reviewed-on: https://chromium-review.googlesource.com/660893
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use our newly-created chip_pre_init() for doing JTAG initialization.
Conflicts:
chip/npcx/build.mk
BUG=chromium:747629
BRANCH=None
TEST=`make buildall -j`
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: Ic5771895a214a9f1aa9bd289eef576f52adf973f
Reviewed-on: https://chromium-review.googlesource.com/629676
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 0898c7a63a4ccb0f11c1c61bb085d8d062f664ab)
Reviewed-on: https://chromium-review.googlesource.com/660892
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In USB FS on a bulk/interrupt endpoint, the transactions normally toggles
between DATA0 and DATA1 PIDs.
After a USB suspend/resume cycle, we need to restart from the PID we
were at before suspend.
In our current code, when going to deep-sleep during USB suspend, we are
re-initializing everything when the MCU restarts at each resume. So we set
implicitly the PID to DATA0. The USB Hardware IP just silently discards the
packet when the PID of an incoming OUT packet is not matching the
expectation in the endpoint register.
In order to preserve DATA PIDS, record the state of the PID toggling on
each endpoint when going to deep-sleep and restore it during the USB
initialization.
Conflicts:
include/usb_api.h
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=none
BUG=b:38160821
TEST=manual, plug a HG proto2 on a Linux host machine and enable
'auto-suspend' for this USB device. Let it go to sleep and wake-it up by
sending a U2FHID request. Repeat the process several times and see that
the key answers every time (while it was failing after the second cycle
before).
Change-Id: I75e2cfc39f22483d9e9b32c5f8b887dbafc37108
Reviewed-on: https://chromium-review.googlesource.com/655238
Commit-Ready: Marius Schilder <mschilder@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit 096ea20ed18095a967e1829b6ae60b13453416be)
Reviewed-on: https://chromium-review.googlesource.com/660891
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove big and pit boards along with several now-obsolete CONFIGs /
source files.
Conflicts:
board/big/board.h
board/pit/board.h
include/config.h
BUG=chromium:735109
TEST=`make buildall -j`
BRANCH=None
CQ-DEPEND=CL:544681
Change-Id: Ieb784bd36157fd1f6240cd19de6e6d12191a8097
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/540667
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit b0dd82b39c57eab3a30923eb4a755172b9852f7e)
Reviewed-on: https://chromium-review.googlesource.com/660889
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the Cr50 state machines (EC, AP, RDD, bitbang, etc.) manage
their own enabling and disabling of the ports (UART, SPI, etc.) This
is tricky because the rules for when ports should be enabled are
non-trivial and must be applied in the correct order. In additionl
the changes all need to be serialized, so that the hardware ends up in
the correct state even if multiple state machines are changing
simultaneously.
Consolidate all of that into chip/g/rdd.c. The debug command for it
is now 'ccdstate', which just prints the state machines. This will
allow subsequent renaming of the 'ccdopen', etc. commands to 'ccd
open', etc.
Also include UART bit-banging into that state which must be
consistent. Previously, it was possible for bit-banging to leave UART
TX connected, instead of returning it to the previous state.
Use better names for CCD config fields for UART. I'd had them backwards.
BUG=b:62537474
BRANCH=cr50
TEST=manual, with a CR50_DEV=1 image
1) No servo or CCD
Pull SERVO_DETECT low (disconnected)
Pull CCD_MODE_L high (disabled)
Pull EC_DETECT and AP_DETECT high (on)
Reboot. RX is enabled even if cables are disconnected so we buffer.
ccdstate -> UARTAP UARTEC
Pull EC_DETECT low.
ccdstate -> UARTAP
Pull EC_DETECT high and AP_DETECT low.
ccdstate -> UARTEC
Pull AP_DETECT high.
ccdstate -> UARTAP UARTEC
2) Servo only still allows UART RX
Pull SERVO_DETECT high (connected).
ccdstate -> UARTAP UARTEC
3) Both servo and CCD prioritizes servo.
Pull CCD_MODE_L low (enabled).
ccdstate -> UARTAP UARTEC
Reboot, to make sure servo wins at boot time.
ccdstate -> UARTAP UARTEC
Bit-banging doesn't work when servo is connected.
bitbang 2 9600 even -> superseded by servo
bitbang -> disabled
ccdstate -> UARTAP UARTEC
4) CCD only allows more ports and remembers we wanted to bit-bang
Pull SERVO_DETECT low.
ccdstate --> UARTAP+TX UARTEC+BB I2C SPI
bitbang 2 disable
ccdstate --> UARTAP+TX UARTEC+TX I2C SPI
Reboot and see we don't take over servo ports until we're
sure servo isn't present.
ccdstate --> UARTAP UARTEC (for first second)
ccdstate --> UARTAP+TX UARTEC+TX I2C SPI (after that)
5) Bit-banging takes over ECTX
bitbang 2 9600 even
bitbang -> baud rate 9600, parity even
ccdstate -> UARTAP+TX UARTEC+BB I2C SPI
bitbang 2 disable
ccdstate -> UARTAP+TX UARTEC+TX I2C SPI
6) Permissions work. Allow easy access to full console and ccdopen:
ccdset OpenNoTPMWipe always
ccdset OpenNoLongPP always
ccdset GscFullConsole always
Default when locked is full AP UART EC RO, no I2C or SPI
ccdlock
ccdstate -> UARTAP+TX UARTEC
No EC transmit permission means no bit-banging
bitbang 2 9600 even
bitbang -> disabled
ccdstate -> UARTAP+TX UARTEC
But it remembers that we wanted to
ccdopen
ccdstate -> UARTAP+TX UARTEC+BB I2C SPI
bitbang 2 disable
ccdstate -> UARTAP+TX UARTEC+TX I2C SPI
Try turning on/off permissions
ccdset UartGscTxECRx always
ccdlock
ccdstate -> UARTAP+TX UARTEC+TX
No read means no write either
ccdset UartGscRxECTx ifopened
ccdlock
ccdstate -> UARTAP+TX
ccdopen
ccdset UartGscRXAPTx ifopened
ccdlock
ccdstate -> (nothing)
Check AP transmit permissions too
ccdopen
ccdset UartGscRxAPTx always
ccdset UartGscTxAPRx ifopened
ccdlock
ccdstate -> UARTAP
Check I2C
ccdopen
ccdset I2C always
ccdlock
ccdstate -> UARTAP I2C
SPI port is enabled if either EC or AP flash is allowed
ccdopen
ccdset flashap always
ccdlock
ccdstate -> UARTAP I2C SPI
ccdopen
ccdset flashec always
ccdset flashap ifopened
ccdlock
ccdstate -> UARTAP I2C SPI
Back to defaults
ccdoops
Change-Id: I641f7ab2354570812e3fb37b470de32e5bd10db7
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/615928
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit a285acd36f898a394b82b8cb865bf60922f7ae2c)
Reviewed-on: https://chromium-review.googlesource.com/656425
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, only usb_pd_protocol.c cares about the actual ccd mode
(disabled/partial/enabled). Everything else just cares whether it's
enabled or not. So promote the boolean ccd_is_connected() from
board/cr50 up to chip/g, and rename it to ccd_ext_is_enabled() to
match the new nomenclature (since 'CCD' itself is now too overloaded).
This will make it easier to handle CCD state directly in board/cr50
after we split it from common/case_closed_debug.c
BUG=none
BRANCH=cr50
TEST=make buildall; boot cr50; make sure USB endpoints still work
Change-Id: Ic3df7467bfe29f1c5d7060cac1309a1f0e090d9e
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/648212
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit ac1ce379e08505d807eaf5ee2bbb9e1ec1d0b72a)
Reviewed-on: https://chromium-review.googlesource.com/656421
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CCD_CHANGE_HOOK should use CONFIG_CASE_CLOSED_DEBUG_V1.
All boards which use chip/g either use both CONFIG_USB_SERIALNO and
CONFIG_CASE_CLOSED_DEBUG or neither of them, so just depend on
CONFIG_USB_SERIALNO.
This is in preparation for making common/case_closed_debug refer only
to the usb_pd_protocol version (with mode=disabled/partial/enabled),
and cr50 will have its own version (with only enabled/disabled, and
tied more closely to CCD config).
No functionality changes.
BUG=none
BRANCH=cr50
TEST=make buildall -j; boot cr50 and see change hook called
Change-Id: I1985c8c48c1a85fed4549402a7b47b8a9cf135d7
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/648067
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit 29d8cc67c35c0e8d17400202fb548707bf448218)
Reviewed-on: https://chromium-review.googlesource.com/656420
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to test certain devices in the test lab using cased closed
debugging (CCD), we need a mechanism to programmatically "press" the
recovery button. Even though this signal is being buffered through the
EC to the AP, and the EC could theoretically set it if needed, we cannot
trust the EC in its RO image since it may speak to the outside world
over USB PD.
Instead, this commit introduces a console command on cr50 that can be
used to force the recovery button state to be pressed. However, it is
gated behind the CCD capabilities defaulting to the IfOpened state.
Additionally, a new vendor command is added to query the trusted state
of the recovery button. The AP should use this command instead of
trusting the GPIO connected to it.
BUG=b:37751915, b:64146626
BRANCH=cr50
TEST=Flash cr50. Press KEY0, verify that reported rec btn follows the
state of the button.
TEST=`recbtnforce enable` causes the button to be reported as pressed.
Physical presses of the button do not alter the reported state.
TEST=`recbtnforce disable` causes the reported state to follow that of
the physical button.
TEST=The `recbtnforce` command is set to the IfOpened capability by
default.
TEST=CCD locking the DUT and attempting to force the recovery button
results in an error of access denied. The physical state is reported.
TEST=From the AP, issue the vendor command to retrieve the button state
and verify that it behaves as expected.
Change-Id: Ib8c2928e75e5f9a1a83c5361664efc3fa0ae2ddb
Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Reviewed-on: https://chromium-review.googlesource.com/635955
Commit-Ready: Aseda Aboagye <aaboagye@chromium.org>
Tested-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit c191bf9f4d5b4c2e45583820307d95592d2221ba)
Reviewed-on: https://chromium-review.googlesource.com/656394
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, chip/g uses jtag_pre_init() to do some chip
pre-initialization that isn't actually related to JTAG. This has been
harmless, but it's currently the only chip which actually does "JTAG"
pre-init, and we'd like to get rid of that. So, move that
functionality to a new optional chip_pre_init() function.
BUG=chromium:747629
BRANCH=cr50
TEST=make buildall
boot cr50
make all dis; confirm chip_pre_init() is called early in <main>
Change-Id: I3cae0747ab0c3cc974fce9f108947207b38e035f
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/629876
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Shawn N <shawnn@chromium.org>
(cherry picked from commit 1029239bc18c1a8e1bff5f7aad040cdfe421dbd2)
Reviewed-on: https://chromium-review.googlesource.com/656388
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code to mirror Rdd detect into CCD_MODE_L and handle keepalive is
now inside chip/g/rdd.c It uses a HOOK_SECOND state machine similar to
what's coming for EC/AP/Servo.
This also removes the explicit 'ccd enable' / 'ccd disable' commands,
since they'd be overridden by the HOOK_SECOND handler. If you need to
force CCD enabled, use 'ccd keepalive enable'.
BUG=b:64799106
BRANCH=cr50
TEST=With a CR50_DEV=1 images:
Disconnect CCD cable (pull RDCC1 and RDCC2 outside 0.2-2.0V)
gpioget --> CCD_MODE_L = 1
ccd --> CCD disabled
Connect CCD cable --> see 'Debug accessory connected'
gpioget --> CCD_MODE_L = 0
ccd --> CCD enabled
Briefly disconnect and reconnect CCD cable --> No debug output
gpioget --> CCD_MODE_L = 0
ccd --> CCD enabled
Disconnect CCD cable and wait a second --> 'disconnected'
gpioget --> CCD_MODE_L = 1
ccd --> CCD disabled
Force CCD_MODE_L = 0 externally, wait a second
gpioget --> CCD_MODE_L = 0
ccd --> CCD enabled
Stop forcing CCD_MODE_L externally, wait a second
gpioget --> CCD_MODE_L = 1
ccd --> CCD disabled
ccd keepalive enable
gpioget --> CCD_MODE_L = 0
ccd --> CCD enabled
ccd keepalive disable
gpioget --> CCD_MODE_L = 1
ccd --> CCD disabled
Change-Id: I65110b45e76f60390828e0fbbac8f36fc2cc9b37
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/619393
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit b91ff0a480304a8b831e943d7b62c528c16b2e83)
Reviewed-on: https://chromium-review.googlesource.com/656386
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to be able to collect statistics of the i2c bus problems. This
patch logs an event each time the wedged bus recovery happens.
BRANCH=cr50
BUG=b:63760920
TEST=with the upcoming patches verified that i2c recovery events are
logged as expected.
Change-Id: I1241b2dece33f89cd724d53a48f94e17f4415c62
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/620114
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Shawn N <shawnn@chromium.org>
(cherry picked from commit 52527acbfb4267db45df05a08ebb7a1a30682e61)
Reviewed-on: https://chromium-review.googlesource.com/656385
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow TPM to log events in a circular buffer through tpm_log_event().
Logs can be retrieved through a new vendor command
VENDOR_CC_POP_LOG_ENTRY.
BUG=b:63760920
TEST=On eve, store TPM logs through 'logentry' cr50 console command,
verify logs are fetched correctly through 'trunks_send --pop_logentry'.
BRANCH=None
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: Idbc405728c0ba68078447fb59717d6115830e3d8
Reviewed-on: https://chromium-review.googlesource.com/599352
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit fe6a06fbf604fa587889ccc5bc3cc1597172ba3e)
Reviewed-on: https://chromium-review.googlesource.com/622271
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This mostly adds a bunch of comments, but does make a few changes to
the code:
1) The devices console command now prints both the current device
state and the last known state.
2) servo_state_unknown() also checks if we're bit-banging the EC UART,
since that could also cause EC_DETECT to go high.
BUG=none
BRANCH=cr50
TEST=make buildall; use 'devices' command
Change-Id: I73e7524545ef49494eb36155b99f4042c1fd466d
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/602695
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit 6c55126080f7fa1f165d38924834c894c4a24c27)
Reviewed-on: https://chromium-review.googlesource.com/622267
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We can re-use our pd_log FIFO for other purposes, such as TPM logging.
Carve out event_log, a generic logging module which pd_log is compatible
with.
Conflicts:
(deleted boards)
board/fizz/board.h
board/nefario/board.h
board/reef_it8320/board.h
board/scarlet/board.h
board/zoombini/board.h
BUG=b:63760920
TEST=On kevin, verify PD logging is still functional and entries are
seen in dmesg.
BRANCH=None
Change-Id: I8e6ad6f93e9eebc676aca64652c60f81da471a94
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/597314
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
(cherry picked from commit ec99f3913791bfe1935735ddcda18bd29ffcfd18)
Reviewed-on: https://chromium-review.googlesource.com/599500
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
AP and EC UART now use the CCD V1 capabilities to determine when
access is allowed. Transmit to AP and EC can be toggled independently
from read access to output from those UARTs.
Note that disabling read access disables both transmit and receive.
That is, it's not possible to set a UART where transmit is allowed but
receive isn't. Why would you want to do that, anyway?
See go/cr50-ccd-wp for more information.
BUG=b:62537474
BRANCH=cr50
TEST=manual with CR50_DEV=1
ccdoops
ccdset cr50fullconsole always -> so we can use ccd command for testing
ccd -> AP RX+TX, EC RX+TX
ccdset uartecrx unlesslocked
ccdset uartectx ifopened
ccdset uartaprx always
ccdset uartaptx unlesslocked
ccdunlock
ccd -> AP RX+TX, EC RX
ccdlock
ccd -> AP RX, EC disabled
ccdoops
ccdset cr50fullconsole always
ccd -> AP RX+TX, EC RX+TX
ccdset uartaprx ifopened
ccdlock
ccd -> AP disabled, EC RX
Change-Id: I55db5897bb52cd60658ab221eadf5c59fc86744a
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/595196
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
(cherry picked from commit c7b11ca7b855d35dce75502429ed56af990ea41a)
Reviewed-on: https://chromium-review.googlesource.com/599494
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add usb_i2c_board_is_enabled().
On Cr50, this is now also connected to the I2C CCD capability. The
USB-I2C bridge can only be used when the capability is available.
On other platforms (Servo V4, etc.) where usb_i2c_board_enable() is
a no-op, add a dummy implementation which always returns true.
See go/cr50-ccd-wp for more information.
Conflicts:
(added one line manually)
board/hammer/board.c
board/servo_micro/board.c
(deleted board)
board/tigertail/board.c
BUG=b:62537474
BRANCH=cr50
TEST=manual with CR50_DEV=1
Connect host PC to dev board USB port
On host PC:
sudo servod -c ccd_cr50.xml -c reef_r1_inas.xml
dut-control pp3300_ec_shv_reg --> fail, error 0x8001
ccdoops --> reset I2C config
ccd i2c disable --> I2C disabled
On host PC:
sudo servod -c ccd_cr50.xml -c reef_r1_inas.xml
dut-control pp3300_ec_shv_reg --> fail, error 0x0006
ccd i2c enable --> I2C enabled
ccdunlock --> I2C disabled
ccdoops --> I2C enabled
ccdset i2c unlesslocked
ccdlock --> I2C disabled
ccdunlock --> I2C enabled
Change-Id: Ia3df32e239a5f7c5915bc6c7e408ce0dc8b26c89
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/590577
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit 00ea73ab166ebc8a2c4b5693b7fa776c76c7fe45)
Reviewed-on: https://chromium-review.googlesource.com/599493
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default USB packet has a maximum size of 64 bytes, however, we need
to support some USB over I2C write transaction that exceed this default.
To support so with protocol backwards-compatible in mind, we enable a
config option CONFIG_USB_I2C_MAX_WRITE_COUNT that will enlarge the USB
RX queue.
BRANCH=none
BUG=b:35587174
TEST=Complete presubmit test.
TEST=Manually update elan trackpad firmware with interrupt disabled.
Change-Id: Ia8983b036b7297f7ca673459ae34b7e5ecd2ee01
Reviewed-on: https://chromium-review.googlesource.com/513642
Commit-Ready: Chun-ta Lin <itspeter@chromium.org>
Tested-by: Chun-ta Lin <itspeter@chromium.org>
Reviewed-by: Chun-ta Lin <itspeter@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
(cherry picked from commit d5c08763e12cff3207696ec53232cf6eb3303096)
Reviewed-on: https://chromium-review.googlesource.com/599492
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|