| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:274517542
TEST=none
Change-Id: I3238b87a4c7c30d2ecba303bcbb916f612169541
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4440808
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:274517542
TEST=none
Change-Id: Ie709c8df7e99b22bb5b02512bca3a1e69d713d0c
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4433929
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:274512057
TEST=none
Change-Id: Ia619b34d6ca5fec997f62b4d96d14b2d9bc5b020
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4409342
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a reland of commit ed10ce4730d37a4ae7eab60ad70257720399f289
Original change's description:
> cr50: Use platform/pinweaver
>
> Toggle the CONFIG_PLATFORM_PINWEAVER build flag, to build pinweaver with
> the platform/pinweaver implementation instead of the cr50
> implementation.
>
> BUG=b:262040869
> TEST=make board=cr50 -j
> TEST=(DUT) Use cryptohome CLI to create a user with a PIN.
> TEST=(DUT) Make 2 fail attempts on that PIN.
> TEST=(DUT) Update cr50 to the image including this CL.
> TEST=(DUT) Test leaf properties are correct: 3 more fail attempts locks
> the PIN, password auth resets the PIN, then PIN authentication succeeds.
> TEST=tast run $DUT hwsec.PINWeaver*
>
> Cq-Depend: chromium:4307211
> Change-Id: I6e52566ca8ee68bb0ee71d30538fb6b8cbc4f67d
> Signed-off-by: Mary Ruthven <mruthven@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311235
> Tested-by: Howard Yang <hcyang@google.com>
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Commit-Queue: Howard Yang <hcyang@google.com>
Bug: b:262040869
Cq-Depend: chromium:4354785
Change-Id: Ibb7ad2c1f752f7ed8678465f5b3901536314d466
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4349272
Tested-by: Howard Yang <hcyang@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Howard Yang <hcyang@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit ed10ce4730d37a4ae7eab60ad70257720399f289.
Reason for revert: Causes building chromeos-cr50-dev to fail
Original change's description:
> cr50: Use platform/pinweaver
>
> Toggle the CONFIG_PLATFORM_PINWEAVER build flag, to build pinweaver with
> the platform/pinweaver implementation instead of the cr50
> implementation.
>
> BUG=b:262040869
> TEST=make board=cr50 -j
> TEST=(DUT) Use cryptohome CLI to create a user with a PIN.
> TEST=(DUT) Make 2 fail attempts on that PIN.
> TEST=(DUT) Update cr50 to the image including this CL.
> TEST=(DUT) Test leaf properties are correct: 3 more fail attempts locks
> the PIN, password auth resets the PIN, then PIN authentication succeeds.
> TEST=tast run $DUT hwsec.PINWeaver*
>
> Cq-Depend: chromium:4307211
> Change-Id: I6e52566ca8ee68bb0ee71d30538fb6b8cbc4f67d
> Signed-off-by: Mary Ruthven <mruthven@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311235
> Tested-by: Howard Yang <hcyang@google.com>
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Commit-Queue: Howard Yang <hcyang@google.com>
Bug: b:262040869
Change-Id: Ib60f090c50b1e34635ce2e1f3537f7eb0c95490e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4348103
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Matt Vertescher <mvertescher@google.com>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
Auto-Submit: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Toggle the CONFIG_PLATFORM_PINWEAVER build flag, to build pinweaver with
the platform/pinweaver implementation instead of the cr50
implementation.
BUG=b:262040869
TEST=make board=cr50 -j
TEST=(DUT) Use cryptohome CLI to create a user with a PIN.
TEST=(DUT) Make 2 fail attempts on that PIN.
TEST=(DUT) Update cr50 to the image including this CL.
TEST=(DUT) Test leaf properties are correct: 3 more fail attempts locks
the PIN, password auth resets the PIN, then PIN authentication succeeds.
TEST=tast run $DUT hwsec.PINWeaver*
Cq-Depend: chromium:4307211
Change-Id: I6e52566ca8ee68bb0ee71d30538fb6b8cbc4f67d
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4311235
Tested-by: Howard Yang <hcyang@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Howard Yang <hcyang@google.com>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:273334049
TEST=none
Change-Id: Id04168d7f24e81dfe7618b3ee916927991077166
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4336837
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:272827066
TEST=none
Change-Id: If98811f65df739a54f62419b7f245918dd5d7259
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4330878
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:269537147
TEST=none
Change-Id: I64defabc471a0107ebb3c06082a23855dbd14121
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4292311
Auto-Submit: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:269537147
TEST=none
Change-Id: Ic214e5f8b1424221d3b6d5aa8d08178cd722ab57
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4258271
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:257997543
TEST=none
Change-Id: I117f12872c91135ab7902b9e63ce5af5f79e7f15
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4103620
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: I55e7afbd9e5121f5e274723b55251fa24cd1e80a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4083154
Reviewed-by: Andrew Luo <aluo@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Labstation images don't have cros_build_lib, so flash_cr50 can't run on
them. Replace cros_build_lib, so flash_cr50 can run on labstations.
BUG=none
TEST=run on labstation
Change-Id: I6cab324952ef1b2f4a87b22ebd55f5a9cbaf7798
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4083152
Reviewed-by: Andrew Luo <aluo@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for using brescue to update gsc over uart. Ti50 images have
a different format, so the rw_hex support flash_cr50.py support doesn't
work. brescue already has support for ti50 images. Use that instead of
replicating the brescue logic.
BUG=b:260764993
TEST=./util/flash_cr50.py -r pch_disable -p 9999 -i
/opt/google/cr50/firmware/cr50.bin.prod -c brescue
Change-Id: Iec4ada15bb5a7913ab0e476a6ffe4f4334ed4d9f
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4083151
Reviewed-by: Andrew Luo <aluo@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:257997543
TEST=none
Change-Id: I9b76a48f6b67ed2b5b6a95d24bfe2f742b799344
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4066235
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The watchdog ccd name changed from ccd to ccd_cr50. Modify flash_cr50 to
support both.
BUG=none
TEST=update hdctools and use flash_cr50
Change-Id: Ieafeac1275c582ec86a94a05cc7a31c216e3420b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4024801
Reviewed-by: Ziting Shen <zitingshen@google.com>
Commit-Queue: Ziting Shen <zitingshen@google.com>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:257997543
TEST=none
Change-Id: Ic853b1142a1d1255d26ef0795475020cdd3138ec
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4009998
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to match the copy in ToT EC repo.
BUG=b:227228605
TEST=script works with python3
Signed-off-by: Edward Hill <ecgh@chromium.org>
Change-Id: Idd4ff156f980d1edaaf4f98d468e3cffbe7ae771
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3989665
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The script has been reworked to support multiple versions of GSC and
has been moved into the Ti50 tree.
BUG=None
TEST=None
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I4ff086b73796bad09a7b572aa68566470582c28b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3936350
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:243160187
TEST=none
Change-Id: Ib3fa73f9344f4342777a4f100bd28ee874f422dc
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3922444
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: I61b0b0106a43f723ec3bc805eb190aef00bbd05b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3894391
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The main fixes that were needed were:
* Use utf-8 encoding from git subprocess.
* Don't use 'is' to compare string equality (Python does not guarantee
interning of strings). For the parser state, the string comparison
was removed by changing this to an Enum, since we have Python 3
anyway.
BUG=chromium:1031705
TEST=create commit with invalid config options and run script, notice
the script points them out and exits 1, then test without that
commit, no output and exit 0.
Change-Id: I1113e063f747f0207c4b59a74f4e4a06bbcd5fcd
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2068520
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
(cherry picked from commit a9666e310606cbd1a54d32fa0cb200f16cf1d451)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3858397
Tested-by: Mary Ruthven <mruthven@chromium.org>
Auto-Submit: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This utility currently uses the outdated servo controls `servo_v4_type`
and `servo_v4_role`. These were replaced with `root.dut_connection_type`
and `servo_pd_role` respectively. This commit updates this utility to
use the updated controls
BUG=none
TEST=Flash Cr50 FW on a DeWatt device
Signed-off-by: Robert Zieba <robertzieba@google.com>
Change-Id: Ic24215725a09ce464c39fa1ffc8c2b3965a9738f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3811889
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:235079109
TEST=none
Change-Id: Ia0892309b9586737b518d9b037b083e0b3231b34
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3691319
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the dump_fmap flashrom output to calculate the offset and size. All
of the information is included on one line.
BUG=none
TEST=ap_ro_hash.py -v GBB True
Change-Id: I160173caaaf540c20786e892d244ee8a941833b6
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3654254
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a range is too big, break it up into smaller blocks that GSC can
handle.
BUG=none
TEST=run `ap_ro_hash.py COREBOOT` on volteer.
Change-Id: I094c2eb725af07e21b3e249336cb7b556761b50c
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3644691
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use mp, prepvt, and tot as the bcmp input. Convert those to the correct
tpm2 and cr50 branch names.
BUG=none
TEST=./util/bcmp.sh mp ; ./util/bcmp.sh tot ; ./util/bcmp.sh prepvt ;
verify the tpm2 and cr50 branch names are correct.
Change-Id: I0d1c237fd4322a102b939a7c16f10f991bf408fb
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3615476
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:229877169
TEST=none
Change-Id: I9b1e04f5487662816401129adb593b7f1c0e259b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3628135
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Print the calculated digest, so we can use it for debugging.
BUG=none
TEST=./ap_ro_hash.py -v True GBB prints a digest that matches the
digest from the trunks_send command and the one saved in cr50.
Change-Id: I686dac5248782ea68d7bab98c2554940cc0b74b3
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3624499
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:229877169
TEST=none
Change-Id: I492616346f21b824915fba33c66ad296507bcaf7
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3611617
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's allow wider major version range, expanding it from 0..2 to 0..4.
BUG=b:183016758
TEST=successfully generated hashes for cr50_v3... images.
Change-Id: I8f9e8119b4a31753932065234505cd5d22df91a4
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3582971
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adding the encrypted cryptolib header to the RO created another match
for the header magic pattern of 'fd ff ff ff'.
One of the distinct properties of the fake header is filling up the
signature field with 0x53 bytes, let's use this to filter out the fake
header when looking for the RW.
BUG=b:217564005,b:228839885
TEST=successfully processed Ti50 image with HW cryptolib included.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I83e4f7ad90ba1030ec4134db00485f10dc2fcdee
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3561025
Reviewed-by: Andrew Luo <aluo@chromium.org>
Reviewed-by: Edward Hill <ecgh@chromium.org>
Commit-Queue: Edward Hill <ecgh@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:222132584
TEST=none
Change-Id: I2a231373f992fdb21ae6eeb440e2e7243adbe481
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3498710
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Boards like zork can reset cr50 with pch_disable, but don't have the
cr50_reset_odl overlay in their hdctools overlay. Add support for trying
to use that control to reset cr50. Allow people to use that signal if
they want. Worst case is it won't reset cr50.
BUG=none
TEST=./util/flash_cr50.py -i $IMG -p 9999 -c cr50-rescue -r pch_disable
Change-Id: I0843fc6d93bedaa32f491389badc7f1836e3402d
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3465528
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Commit-Queue: Aseda Aboagye <aaboagye@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: I329192d5b4d383d72b90bc90c46589b156f5391b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3456709
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. ECDSA pair-wise consistency test failure wasn't updating FIPS status.
Added new failure bit FIPS_FATAL_ECDSA_PWCT.
2. ECDSA KAT was only simulating error in verify, but not in sign.
Split 'fips ecdsa' into 'fips ecver' and 'fips ecsign'.
3. Added a way to introduce self-integrity error by not updating FIPS
module digest with 'FIPS_BREAK=1' during build.
4. Added reporting of FIPS module digest.
BUG=b:134594373
TEST=make CRYPTO_TEST=1;
in ccd test:
fips pwct; tpm_test.py should fail; fips should print error.
-
fips ecver; fips test reports ECDSA error
fips ecsign; fips test reports ECDSA error
-
FIPS module digest is printed
-
FIPS_BREAK=1 make CRYPTO_TEST=1 produce build with zero digest
reporint FIPS self-integrity error.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ib0a92c118f07a76e4b52eaf9b011ff4f73a02c61
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3425998
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: Ide0ac9a563e4a1dbbf2ae209f5807e82db2e20c5
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3415374
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:214266426
TEST=RESCUE=../cr50-utils/software/tools/SPI/rescue EARLY=1 \
TEST= util/brescue.sh ti50.bin /dev/ttyUSB5
TEST=util/brescue.sh ti50.bin /dev/ttyUSB5
Change-Id: I427b9c16896ddf9f12cf78f185e7718e23786648
Signed-off-by: Andrew Luo <aluo@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3388229
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Andrew Luo <aluo@chromium.org>
Tested-by: Andrew Luo <aluo@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: I37e1ce5ca998c08d328a663ac18050755400a0eb
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3381053
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: I926e6ec710dc63ad1f5ec25637e1792f0363b736
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3366873
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The markdown document describes the use of the scripts and provides
instructions on connecting to GSC and controlling it using Servo Micro
or C2D2 with very low overhead.
BUG=none
TEST=verified instructions by running the commands successfully.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I268ffa364d4230d72dcd529c1102cb422b980e1e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3352888
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The script builds a Cr50 image from scratch, then by examining the
contents of builed/cr50/RW the script figures out the source files
which were used to build the image and then compares all source files
with a different git branch.
The branch to compare with by default is
cros/firmware-cr50-stab-14294.B, if the user wants to compare to a
different branch, the name of the branch can be passed as command line
parameter.
The Cr50 tree branch names in firmware branches are modified by
addition of the '-cr50_stab' suffix, the script tries adding the
suffix if the branch to compare to does not exist in the Cr50 tree.
Two git trees are examined, Cr50 and tpm2. If the other branch does
not exist in either of the trees or building Cr50 image fails, the
script reports error and exits.
The result of running the script is a set of git diffs for files which
are different between branches.
BUG=b:200823466
TEST=ran the script to compare ToT and pre-pvt Cr50 branches, observed
sensible results.
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Change-Id: Ic044c2d23758eed1a5573385e903e59ed4328635
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3297446
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: I3ddfcb55cfe7fcf941a23575d167ad8bd1ccedc0
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3352184
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: I5f6e29b470afd087aef7c9e11720f87f3663999c
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3345283
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: I1fd5721c8f06d04322668ab0fb73c7375521727a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3336198
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cr50 uses local implementation of crypto, no need to keep track of the
third_party tree.
BUG=None
TEST=built cr50 image and ran it, verified that cryptoc is not
included in the version string any more.
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Change-Id: Ic016492ffc203a704d9ad252a4a05cc16074863f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3318734
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: Ib31feddde38061df787ec78b7a2131f00b4cc634
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3291134
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:173227629
TEST=make buildall -j
Change-Id: Iaf8028984cc58cc4108907fdba4ea4b38c43cf70
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3293250
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:203205487
TEST=none
Change-Id: I90ef2a52a40ceef6de930df2acb635cdc0b3d014
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3227259
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Script inserting FIPS checksum into the image uses the dd utility
which generates stderr output even when there is no errors.
This patch adds code which captures the dd stderr output and prints it
out only if there is an actual error. stdout output of the script is
suppressed unless make was invoked with V=1.
Also made a few modifications as requested by shellcheck.
BUG=none
TEST=make output does not have extra lines.
built and ran a Cr50 image, it reports successful FIPS integrity
self check.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I9121bc5a9a40633b9a3d18ea5766bc1ed274a9c2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3210946
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|