From 4e9e48219c254654027040a09a181f377784b281 Mon Sep 17 00:00:00 2001
From: Vadim Sukhomlinov <sukhomlinov@google.com>
Date: Thu, 30 Jul 2020 17:10:39 -0700
Subject: fips: move FIPS power-up test completion to PMU_PWRDN_SCRATCH22

Status of completion of power-up tests was in long life register
which survives reboots and even firmware upgrades, which is not
an intended behavior. Moving status to PWRDN register makes it
reset on graceful reboots and firmware upgrades, but avoid
running tests on wake from deep sleep. This switch also enables
use of multiple bits to indicate status of tests, which makes it
more fault tolerant.

BUG=b:138577491
TEST=make BOARD=cr50, then deassert DIOM3 to trigger deep sleep
FIPS power-on tests shouldn't run on wake.

Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I098940e45afd5b5b9447b2780ff69372a922c03f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2330976
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
---
 board/cr50/board.c        | 11 +++--------
 board/cr50/scratch_reg1.h |  4 +++-
 chip/g/init_chip.h        |  1 +
 3 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/board/cr50/board.c b/board/cr50/board.c
index 180d33af9d..a28c901b72 100644
--- a/board/cr50/board.c
+++ b/board/cr50/board.c
@@ -194,22 +194,17 @@ int board_get_ccd_rec_lid_pin(void)
 
 bool board_fips_power_up_done(void)
 {
-	return !!(board_properties & BOARD_FIPS_POWERUP_DONE);
+	return !!(GREG32(PMU, PWRDN_SCRATCH22) == BOARD_FIPS_POWERUP_DONE);
 }
 
 /* Set status of FIPS power-up tests. */
 void board_set_fips_policy_test(bool asserted)
 {
 	/* Enable writing to the long life register */
-	GWRITE_FIELD(PMU, LONG_LIFE_SCRATCH_WR_EN, REG1, 1);
-
 	if (asserted)
-		GREG32(PMU, LONG_LIFE_SCRATCH1) |= BOARD_FIPS_POWERUP_DONE;
+		GREG32(PMU, PWRDN_SCRATCH22) = BOARD_FIPS_POWERUP_DONE;
 	else
-		GREG32(PMU, LONG_LIFE_SCRATCH1) &= ~BOARD_FIPS_POWERUP_DONE;
-
-	/* Disable writing to the long life register */
-	GWRITE_FIELD(PMU, LONG_LIFE_SCRATCH_WR_EN, REG1, 0);
+		GREG32(PMU, PWRDN_SCRATCH22) = 0;
 }
 
 /* Get header address of the backup RW copy. */
diff --git a/board/cr50/scratch_reg1.h b/board/cr50/scratch_reg1.h
index 0a7f973f2d..298450aa46 100644
--- a/board/cr50/scratch_reg1.h
+++ b/board/cr50/scratch_reg1.h
@@ -102,8 +102,10 @@
 /*
  * Indicates successful completion of FIPS power up
  * tests earlier. Reduces wake up time after sleep.
+ * Stored in PWRDN_SCRATCH22 and use multiple bits to harden against
+ * fault injection.
  */
-#define BOARD_FIPS_POWERUP_DONE       BIT(24)
+#define BOARD_FIPS_POWERUP_DONE       0xAA556633
 
 /*
  * Macro to capture all properties related to board strapping pins. This must be
diff --git a/chip/g/init_chip.h b/chip/g/init_chip.h
index 488bb3cc4c..f3a6b03ace 100644
--- a/chip/g/init_chip.h
+++ b/chip/g/init_chip.h
@@ -25,6 +25,7 @@
  *	SCRATCH19 - Preserving USB data sequencing PID through deep sleep
  *	SCRATCH20 - Preserving EC-EFS context
  *	SCRATCH21 - Preserving TPM_BOARD_CFG register
+ *	SCRATCH22 - Preserve FIPS power-up test status on Cr50
  *
  * PWRDN_SCRATCH 28 - 31 - Reserved for boot rom
  */
-- 
cgit v1.2.1