From 4809c70bbea8743cc7c1d382d7510ed937dce914 Mon Sep 17 00:00:00 2001 From: Randall Spangler Date: Tue, 11 Jul 2017 16:30:27 -0700 Subject: cr50: Add case closed debugging V1 configuration This adds the CCD configuration module, and the console commands to control it. It is not wired up to any of the CCD capabilities; that's coming in the next CL. Briefly: * CCD configuration is persistently stored in nvmem_vars. Use ccdinfo to print it. * CCD can be Locked, Unlocked (some capabilities), or Opened (all capabilities), using the ccdlock / ccdunlock / ccdopen commands. * CCD config can be restricted by setting a password via ccdpass. * Individual config capabilities can be set via ccdset. Some of those will be used to gate access to things like write protect and UARTs. Others affect the requirements for ccdunlock / ccdopen (for example, is physical presenc required). * The entire config can be reset via ccdreset. If only unlocked, config that is restricted to Opened is not reset. * If CR50_DEV=1, ccdoops will force-reset and open the config. See go/cr50-ccd-wp for more information. BUG=b:62537474 BRANCH=none TEST=manual with CR50_DEV=1 build gpioget # make sure GPIO_BATT_PRES_L=0 ccdlock # lock, because CR50_DEV=1 builds start unlocked ccdinfo # locked, flags=0, all capabilities default ccdpass # access denied (we're locked) ccdreset # access denied ccdset flashap always # access denied ccdunlock ccdinfo # unlocked ccdpass foo ccdinfo # flags=2 (password set when unlocked) ccdset flashap always # access denied ccdset uartectx unlesslocked ccdinfo # yes, uartectx permission changed ccdlock ccdunlock # fails without password ccdunlock bar # wrong password ccdunlock foo # busy (wait 3 sec) ccdunlock foo ccdreset ccdinfo # no password, flags 0, capabilities all default ccdopen # requires physical presence; tap power or use 'pp' ccdset uartectx unlesslocked ccdset batterybypasspp ifopened ccdpass baz ccdinfo # password set, flag 0, ccdset changes worked ccdunlock ccdreset ccdinfo # uartectx back to ifopened, password still set ccdopen baz # still requires physical presence ccdset opennolongpp always ccdlock ccdopen baz # no pp required ccdset unlocknoshortpp unlesslocked ccdlock ccdopen baz # short pp sequence required (3 taps) ccdlock ccdunlock baz # short pp sequence required ccdopen baz # pp not required ccdset unlocknoshortpp always ccdlock testlab open # access denied testlab enable # access denied ccdunlock baz testlab open # access denied testlab enable # access denied ccdopen baz testlab enable # requires short pp ccdinfo # flags 1 ccdreset ccdinfo # no password, flags=1, caps all default ccdlock testlab open ccdinfo # opened testlab disable # requires short pp; let it time out ccdinfo # still opened, flags=1 ccdlock ccdoops # backdoor in CR50_DEV images to force-reset CCD ccdinfo # opened, flags=0, all defaults (yes, oops wipes out testlab) ccdreset rma ccdinfo # flags = 0x400000, everything but Cr50FullConsole always ccdreset # back to flags=0, all default Change-Id: I24e8d8f361874671e6e94f27492ae00db919bea9 Reviewed-on: https://chromium-review.googlesource.com/569439 Commit-Ready: Randall Spangler Tested-by: Randall Spangler Reviewed-by: Vadim Bendebury --- include/link_defs.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'include/link_defs.h') diff --git a/include/link_defs.h b/include/link_defs.h index 1f16399cf7..262a149772 100644 --- a/include/link_defs.h +++ b/include/link_defs.h @@ -54,6 +54,10 @@ extern const struct hook_data __hooks_pwrbtn_change[]; extern const struct hook_data __hooks_pwrbtn_change_end[]; extern const struct hook_data __hooks_battery_soc_change[]; extern const struct hook_data __hooks_battery_soc_change_end[]; +#ifdef CONFIG_CASE_CLOSED_DEBUG +extern const struct hook_data __hooks_ccd_change[]; +extern const struct hook_data __hooks_ccd_change_end[]; +#endif extern const struct hook_data __hooks_tick[]; extern const struct hook_data __hooks_tick_end[]; extern const struct hook_data __hooks_second[]; -- cgit v1.2.1