# Ti50 Firmware Releases This document captures major feature differences between Ti50 firmware releases [TOC] # ChromeOS Release ChromeOS Version | PrePVT version | Prod Version ------------------- | -------------- | ------------ [ToT][ToT ebuild] | 0.24.21 | 0.23.14 [M113][113 release] | 0.24.13 | 0.23.14 [M112][112 release] | 0.24.13 | 0.23.3 [M111][111 release] | 0.24.3 | 0.23.3 [M110][110 release] | 0.24.3 | 0.23.3 [M109][109 release] | 0.24.3 | 0.23.3 [M108][108 release] | 0.24.1 | 0.23.1 [M107][107 release] | 0.22.6 | 0.21.0 [M106][106 release] | 0.22.2 | 0.21.0 [M105][105 release] | 0.22.1 | 0.21.0 # Ti50 Features This table should cover major features, so it's easy to check what features are supported by a specific Ti50 image. This table was started with 0.22.6 M107. Some features were complete before this. It only has information for features completed after 0.22.6. CCD, EC-EFS2, Factory Mode, Pinweaver, U2F, and Board ID are all supported in 0.22.6. The were added before 0.22.6, so they aren't included in the table. Feature Description | Feature Added | Feature Complete | Release Landed ------------------------------------ | ------------- | ---------------- | -------------- ZTE Serial Number | | 0.22.6 | M107 CCD Open preserved across deep sleep | | 0.22.6 | M107 APRO WP Sense | 0.22.6 | | M107 APRO Verification (without reset) | 0.24.0 | | M108 Fix updates after PoR and deep sleep | 0.24.14 | 0.23.14 | M113 # RO revisions ## 0.0.32 Released with 0.0.26 in R107-15100.0.0 * cryptolib 1.3.0 ## 0.0.36 in M108 Released with RW 0.23.0 in M108 * Rescue timeout improvements * Hardware crypto library 1.3.3 with following improvements: * Fixed read issue with 4k RSA keys * BigNumber optimizations (code size and performance) * Optimized blinded p/2 computation in RSA * Added prime checks for RSA key gen from primes * AES GCM now stores and restores context implicitly * Added additional checks that padded value in RSA encrypt is less than N ## 0.0.38 released on 12/21/2022 Released with RW 0.23.3 and 0.24.3 * Fixed potential RSA key import bug fix in crypto library 1.3.4 ## 0.0.40 released on 03/13/2023 Released with RW 0.23.20 and 0.24.20 * Fix issue signed images headers ## 0.0.46 released on 04/17/2023 * Cryptolib 1.3.8 with following improvements: * Enabled P384, TDES, CMAC support * Hardened ECDSA error checking in cryptolib * Code size optimizations * AES, GCM, CMAC, RSA security hardening * RO code size optimizations, updated internal layout # RW revisions Previously released RW images can be downloaded from `gs://chromeos-localmirror/distfiles/`, e.g. `gs://chromeos-localmirror/distfiles/ti50.ro.0.0.26.rw.0.22.1_FFFF_00000000_00000010.tar.xz` The latest official images are also distributed through the `chromeos-ti50` portage package in the chroot. ## Rollback Era Ti50 RW images include a rollback protection field in the header, which is used to lock out earlier versions from running on the GSC chip after a certain version has run. The below tables lists a row for every rollback era. Once both images slots on GSC progress to a lower row, then FW versions in previous rows are unavailable -- even with the rescue tool. All versions are **inclusive**. Bits | Lowest MP | Highest MP | Lowest PrePVT | Highest PrePVT | Reason ---- | --------- | ---------- | ------------- | -------------- | ------ 0 | N/A | N/A | 0.0.4 | 0.0.16 | Initial development 1 | 0.21.0 | 0.21.1 | 0.22.0 | 0.22.9 | Initial GUC Factory release 2 | 0.23.0 | 0.23.14 | 0.24.0 | 0.24.14 | First MP image shipping on devices 3 | 0.23.20 | current | 0.24.20 | current | Image header fixes ## MP images ### 0.21.0: Released 05/13/22 in M104-14826.0.0 Release [CL](https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/3647883) Artifacts: [loc](https://pantheon.corp.google.com/storage/browser/chromeos-releases/firmware-ti50-postsubmit/R103-14778.3.0-1-chromeos/led/hardtmad_google.com/40f35cc72dff5eeeadf4947527013cb9d6da802b81a5f3a27ce02c57ac5c91a2/ti50.tar.bz2) Release tarball: gs://chromeos-releases/firmware-ti50-postsubmit/R103-14778.3.0-1-chromeos/led/hardtmad_google.com/40f35cc72dff5eeeadf4947527013cb9d6da802b81a5f3a27ce02c57ac5c91a2/ti50.tar.bz2/ Feature Notes: * Released between 0.0.16 and 0.22.0 ``` Build: ti50_common:v0.0.2187-caec6ab3 libtock-rs:v0.0.906-9ddb6ac tock:v0.0.9593-4b88c2376 ms-tpm-20-ref:v0.0.247-f007cc5 chrome-bot@chromeos-ci-postsubmit-us-east1-d-x32-134-b2s1 2022-05-12 14:19:02 ``` ### 0.21.1: Not released in ChromeOS - First GUC Image Artifacts: [loc](https://pantheon.corp.google.com/storage/browser/chromeos-releases/firmware-ti50-postsubmit/R103-14778.3.0-1-chromeos/led/engeg_google.com/18aa516c77b9dc752a1fe3702b633409711aa228fb33a1d78d4b8bbc2b9f901f/ti50.tar.bz2) Release tarball: gs://chromeos-releases/firmware-ti50-postsubmit/R103-14778.3.0-1-chromeos/led/engeg_google.com/18aa516c77b9dc752a1fe3702b633409711aa228fb33a1d78d4b8bbc2b9f901f/ti50.tar.bz2/ Feature Notes: * Released between 0.0.16 and 0.22.0 * First GUC image. ### 0.23.0: Released 11/14/22 in M108 First MP image released on shipping devices. Release [CL](https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/4022274) Artifacts: [15224.3.0](https://pantheon.corp.google.com/storage/browser/chromeos-releases/canary-channel/betty/15224.3.0) Release tarball gs://chromeos-releases/canary-channel/betty/15224.3.0/ChromeOS-firmware-R107-15224.3.0-betty.tar.bz2 Known Issues: * Factory mode detected differently; this causes GSC to re-enter factory mode after upgrading from 0.21.1 * For i2c-based TPM devices, Ti50 won't communicate with AP on first attempt if GSC is in deep sleep and system wakes up due to lid open event. Shows up as "0x63 Failed to get boot mode from Cr50" error (b/259510330, b/259663369) Feature Notes: * Add AP RO Verification feature, but it does not hold system in reset upon failure yet (b/161483233) * Add Zero Touch Enrollment support (b/234857025) * Add Pinweaver support * Add U2F support * Add attestation support * Add network recovery support * Improve SPI and I2C TPM bus stability (b/237493220, b/247168128, b/245034621, b/251191468) * Fix connection issues with Google-A network (b/240506338) * Improve boot time performance (b/241986964) * General stability improvements for ti50 ``` Build: ti50_common:v0.0.2613-dbba229a libtock-rs:v0.0.913-61d23b3 tock:v0.0.9622-397f4aaa0 tpm2:v0.0.292-1a7d322 @chromeos-ci-firmware-us-east1-d-x32-0-soad 2022-11-07 14:44:25 ``` ### 0.23.1 Released 12/02/22 in R108 Release [CL](https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/4077027) Manifest snapshot: gs://chromeos-manifest-versions/buildspecs/107/15224.5.0.xml **Added Features:** * Fix "0x63 Failed to get boot mode from Cr50" error when waking i2c-based tpm device with lid open wake event (b/259510330, b/259663369). ``` Build: ti50_common:v0.0.2616-f4c7c42d libtock-rs:v0.0.913-61d23b3 tock:v0.0.9622-8d5f2ecda tpm2:v0.0.292-a7f6f39 @chromeos-ci-firmware-us-east1-d-x32-0-ci43 2022-12-02 10:33:22 ``` ### 0.23.3 Released on 12/21/2022 Release [CL](https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/4121474) Builder: [9](https://ci.chromium.org/ui/p/chromeos/builders/firmware/firmware-ti50-mp-15224.B-branch/9/overview) Artifacts: [15224.9.0](https://pantheon.corp.google.com/storage/browser/chromeos-releases/canary-channel/betty/15224.9.0) Manifest snapshot: gs://chromeos-manifest-versions/buildspecs/107/15224.9.0.xml **Bug Fixes** * Improve G2F signature security [b/261874682](https://b.corp.google.com/issues/261874682) * Fix U2F attestation problems [b/242678758](https://b.corp.google.com/issues/242678758) * Do not run AP RO verification on deep sleep wake [b/261635049](https://b.corp.google.com/issues/261635049) **Added Features** * Allow setting serial number when BID flags are set, but BID type is blank [b/238137986](https://b.corp.google.com/issues/238137986) * Process TPM vendor commands from USB even when AP is off [b/258320966](https://b.corp.google.com/issues/258320966) ``` Build: ti50_common:v0.0.2620-2cdd9003 libtock-rs:v0.0.913-61d23b3 tock:v0.0.9622-8d5f2ecda tpm2:v0.0.292-a7f6f39 @chromeos-ci-firmware-us-east1-d-x32-0-mkcu 2022-12-16 15:03:49 ``` ### 0.23.14 Released on 03/10/2023 in M113 Release [CL](https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/4327051) Builder: [15](https://ci.chromium.org/ui/p/chromeos/builders/firmware/firmware-ti50-mp-15224.B-branch/15/overview) Artifacts: [15224.12.0](https://pantheon.corp.google.com/storage/browser/chromeos-releases/canary-channel/betty/15224.12.0) Manifest snapshot: gs://chromeos-manifest-versions/buildspecs/107/15224.12.0.xml **Bug Fixes** * Allow changing AP RO write protect settings until board ID is set [b/229016958](https://b.corp.google.com/issues/229016958) * Improve USB stablity [b/259590362](https://b.corp.google.com/issues/259590362) * Allow 0x prefix when entering Board ID flags [b/265461193](https://b.corp.google.com/issues/265461193) * Make sysinfo command output compatible with Cr50 [b/263579376](https://b.corp.google.com/issues/263579376) * Require short physical presence to enable testlab [b/265822083](https://b.corp.google.com/issues/265822083) * Disable watchdog only around sleep [b/266015400](https://b.corp.google.com/issues/266015400) * Do not report false TPM2 p256 errors [b/234159838](https://b.corp.google.com/issues/234159838) * Fix TPM evict object serialization bug [b/263168766](https://b.corp.google.com/issues/263168766) * Fix GSC reboot issue when accessing orderly counters from previous ti50 FW versions. [b/263168766](https://b.corp.google.com/issues/263168766) * Allow update within 60s of PoR [b/270401267](https://b.corp.google.com/issues/270401267) * Fix turning on updates after deep sleep [b/270401267](https://b.corp.google.com/issues/270401267) * Fix handling RO update failures [b/271503973](https://b.corp.google.com/issues/271503973) * Update AP RO verification NonZeroGbbFlags and WrongRootKey error codes **Added Features** * Allow to exclude GBB flags from AP RO hash calculations [b/261763740](https://b.corp.google.com/issues/261763740) * Show INFO space factory mode state in `sysinfo` output * Add I2C errors to FLOG * Support two root keys AP RO verification, prepvt and mp [b/261600803](https://b.corp.google.com/issues/261600803) * Add FLOG entry for crashes * Use initial factory mode indicator (INFO space value) to allow setting SN [b/264261220](https://b.corp.google.com/issues/264261220) * Process TPM vendor commands according their source (USB vs TPM) [b/266955081](https://b.corp.google.com/issues/266955081) ``` Build: ti50_common:v0.0.2802-000016bf libtock-rs:v0.0.913-61d23b3 tock:v0.0.9624-338968540 ms-tpm-20-ref:v0.0.310-9f3037a @chromeos-ci-firmware-us-east1-d-x32-0-v1rm 2023-03-07 10:44:14 ``` ### 0.23.21 Released on 4/18/2023 in M114 Release [CL](https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/4442649) Builder: [16](https://ci.chromium.org/ui/p/chromeos/builders/firmware/firmware-ti50-mp-15224.B-branch/16/overview) Artifacts: [15224.13.0](https://pantheon.corp.google.com/storage/browser/chromeos-releases/canary-channel/betty/15224.13.0) Manifest snapshot: gs://chromeos-manifest-versions/buildspecs/107/15224.13.0.xml **New Features** * New additional metrics, including boot time and a detailed error code for AP RO verification. Now available through the `GetTi50Metrics` vendor command with value 0x41. [b/262608026](https://b.corp.google.com/issues/262608026), [b/263298180](https://b.corp.google.com/issues/263298180) * New vendor commands 0x42 and 0x43 to get crash and console logs. [b/268396021](https://b.corp.google.com/issues/268396021), [b/265310865](https://b.corp.google.com/issues/265310865) * Support pinweaver v2. [b/248209280](https://b.corp.google.com/issues/248209280) * Add Widevine UDS to virtual NV [b/248610274](https://b.corp.google.com/issues/248610274) * Add GetRSUDevID command to TPM for RMA. [b/265309995](https://b.corp.google.com/issues/265309995) **Bug Fixes** * Fix CCD open failure with the battery disconnected. [b/270712314](https://b.corp.google.com/issues/270712314) * Fix rejection of RO and RW header updates with invalid fields. [b/272057805](https://b.corp.google.com/issues/272057805) * Fix `wp follow_batt_pres` command in GSC console. [b/269218898](https://b.corp.google.com/issues/269218898) * Fix FIDO errors, reporting an invalid P-256 public key. [b/271795015](https://b.corp.google.com/issues/271795015) * Restrict the `recbtnforce` command to the GscFullConsole CCD capability [b/268219945](https://b.corp.google.com/issues/268219945) * Fix pinweaver key import/export to be compatible with v2. [b/267729980](https://b.corp.google.com/issues/267729980) * Fix AP/EC comms broken by EC then AP flash resulting in detached I2C lines. [b/264817647](https://b.corp.google.com/issues/264817647) * Stabilize console output line order. [b/276491121](https://b.corp.google.com/issues/276491121) * Fix `\r\r\n` console output. [b/242980684](https://b.corp.google.com/issues/242980684) * Fix issue where EC not put in reset on recovery key combo when GSC in deep sleep. [b/248161678](https://b.corp.google.com/issues/248161678) ``` Build: ti50_common:v0.0.2949-4ee72fd9 libtock-rs:v0.0.915-d883b40 tock:v0.0.9629-77d147129 ms-tpm-20-ref:v0.0.312-affdc53 @chromeos-ci-firmware-us-central1-b-x32-0-j9et 2023-04-11 06:54:23 ``` ## PrePVT images ### 0.22.0 Released 06/21/22 From post submit release [19748](https://luci-milo.appspot.com/ui/p/chromeos/builders/postsubmit/firmware-ti50-postsubmit/19748/overview). * Add ChromeOS Identity/Attestation support (b/173326151) * Adds U2F application (b/233971198) * Add network recovery support (b/217278402) * Improve FAFT stability (e.g. FWMP and RMA unlock) * Wait 10 seconds after RMA/CCD open until forced AP reboot (b/231222819) * Fix `dut-control active_dut_controller` case insensitivity issue (b/233283958) * Fixed intermittent watchdog resets (b/235344334) ``` for d in $(repo list | sed 's/ .*//'); do printf '%32s %s\n' $d $(git -C $d rev-parse HEAD); done chromite 0581b6624322177b9a15a6dd585ab02e14164a48 common b39a1736c0c26418a69fc44dd6f7b910a8eab4b2 manifest 2ad62b0d138785249ac98283f17a1d6ee9428be8 ports/cr50-utils da48c5d2ef77a7de7755633386f53540f7db1b2c ports/pinweaver fc39c8b509da8a45869d7c0e44b263dd631c6fb4 ports/tpm2_server 6bbf32f9ae1c59df3ec8754d18cd3b065281c3f5 repohooks e322b4af8abd1bc63a98c42bb4e831320d02f79a third_party/cargo/registry 320b5afca7f3044af5ccd8d6e935355498a47bb5 third_party/lowrisc/opentitan cf34c94db6cfb4687353babdf3b0557166241c64 third_party/tock/libtock-c fd756aa2695cdfad8dc3391c6963eb5b65f595b8 third_party/tock/libtock-rs 9cf55aca92cdac47a608cec226490d92d92cf93b third_party/tock/tock c12c1a08ffddaa7ce49dce7164dd630f4e525418 third_party/tpm2 1159ee2ab3500199dea727c920e131951210b69d ``` ### 0.22.1 Released 07/06/22 * Fix TPM quote and sign bugs making attestation impossible * Add u2f support * Improve CCD USB reset behavior * Prevent EC reset on wake from deep sleep * Increase number of AES key contexts ``` for d in $(repo list | sed 's/ .*//'); do printf '%32s %s\n' $d $(git -C $d rev-parse HEAD) done chromite b1d07170c2910c7aa7e9149f6ff2950a91f9ac69 common a8929162addb521f39db5cdb99b6228f57091055 manifest a8bfc9a825dfaf432324d5edbb58e8a2606d4d07 ports/cr50-utils da48c5d2ef77a7de7755633386f53540f7db1b2c ports/pinweaver cb73fa7ecf332e8f04a9ae411c851ca9e0fff41a ports/tpm2_server 6bbf32f9ae1c59df3ec8754d18cd3b065281c3f5 repohooks b03ba18e5d45a6782555c1e41fca0bb218f3868a third_party/cargo/registry 4a334c947a3b6b5489379da61121960442f9b8d9 third_party/lowrisc/opentitan cf34c94db6cfb4687353babdf3b0557166241c64 third_party/tock/libtock-c fd756aa2695cdfad8dc3391c6963eb5b65f595b8 third_party/tock/libtock-rs 958193e42ef6a003330e3b47b11cac906d1c7685 third_party/tock/tock 2f42815fd678b0a908377da99a01d1df2309d984 third_party/tpm2 1159ee2ab3500199dea727c920e131951210b69d ``` ### 0.22.2 Released 07/25/22 From post submit release [21333](https://luci-milo.appspot.com/ui/p/chromeos/builders/postsubmit/firmware-ti50-postsubmit/21333/overview). * Fix issue with I2C-based EC flashing (b/234422943) * Add serial number and RMA support for zero touch enrollment (b/230491627) * Improve platform level cold boot stress testing performance (b/228429691, b/239642389, b/235185547, and b/235553213) * Wipe GSC filesystem between developer and production image transition * Fix UART race condition that causes intermittent watchdog resets (b/235344334) * Add user presences timestamp detection for FPMCU automated testing (b/217974287) * Detect factory mode differently. This causes GSC to re-enter factory mode after upgrade to 0.22.2 or later. ``` for d in $(repo list | sed 's/ .*//'); do printf '%32s %s\n' $d $(git -C $d rev-parse HEAD) done chromite e2c258fc1143b37e96a8d17fee12428851aff5bd common 38180a22bc689d2af0d12caa799aee385729f4a6 manifest a8bfc9a825dfaf432324d5edbb58e8a2606d4d07 ports/cr50-utils da48c5d2ef77a7de7755633386f53540f7db1b2c ports/pinweaver cb73fa7ecf332e8f04a9ae411c851ca9e0fff41a ports/tpm2_server 6bbf32f9ae1c59df3ec8754d18cd3b065281c3f5 repohooks dcb7597b7d8473aef208b87b165c7f14898eafda third_party/cargo/registry aa78805c82b9ef0238adae4e81218d09ad248919 third_party/lowrisc/opentitan cf34c94db6cfb4687353babdf3b0557166241c64 third_party/tock/libtock-c fd756aa2695cdfad8dc3391c6963eb5b65f595b8 third_party/tock/libtock-rs f6dab4f4174d9b00fb44adad51f5a26ae4a7b3b2 third_party/tock/tock 012f3e5e6a8e7a3ce58774278caa5f1ac1af1922 third_party/tpm2 47c6c19153c6e32933c7112ff6095d60d1632754 ``` ### 0.22.3 Released 08/11/22 From post submit release [22127](https://luci-milo.appspot.com/ui/p/chromeos/builders/postsubmit/firmware-ti50-postsubmit/22127/overview) **Known Issues:** * Crypto faults causes issues with log in and GSC FW update (b/242744329) **Added Features:** * Remove internal pull resistors, which prevents leakage current onto SoC rails (b/239791508) * Refresh key passed through to EC during power button press (b/239674288) * Power consumption of normal sleep reduce by 25% down to 9mW * Improve cancellation of long running crypto operation * Improves reboot stress tests * Add Pinweaver application, which adds pin support for log in * Honor `FullGscConosle` CCD cap instead of requiring `ccd open` * Fix regression with power button input for `ccd open` * Reboot AP instead of GSC after `ccd open` (still delayed by 10 seconds) * Improve runtime performance at startup by serializing data, which led to less data written to NVMem ``` for d in $(repo list | sed 's/ .*//'); do printf '%32s %s\n' $d $(git -C $d rev-parse HEAD) done chromite b352bb0a31b29d81391ce18c1070fcd34926da1b common 57b43bda52911bc739bb03dee2084ad49ea55bbb manifest a8bfc9a825dfaf432324d5edbb58e8a2606d4d07 ports/cr50-utils da48c5d2ef77a7de7755633386f53540f7db1b2c ports/pinweaver 3abfd77090d24ca8d2d7260d6ba6aaec2e4c35ae ports/tpm2_server 6bbf32f9ae1c59df3ec8754d18cd3b065281c3f5 repohooks 32b1168199c41dc9e6e0b91dfe37b0568dee538d third_party/cargo/registry e88a2f79e298d9107f82b861d2418f26c9d84c4c third_party/lowrisc/opentitan cf34c94db6cfb4687353babdf3b0557166241c64 third_party/tock/libtock-c fd756aa2695cdfad8dc3391c6963eb5b65f595b8 third_party/tock/libtock-rs f6dab4f4174d9b00fb44adad51f5a26ae4a7b3b2 third_party/tock/tock ae35db7727c1b9524fd38459e6834f009476c1cc third_party/tpm2 47c6c19153c6e32933c7112ff6095d60d1632754 ``` ### 0.22.4 Released 08/18/22 From post submit release [22405](https://luci-milo.appspot.com/ui/p/chromeos/builders/postsubmit/firmware-ti50-postsubmit/22405/overview) **Known Issues:** * EC console lost after ITE EC programming; not a regression (b/243076325) * Occasional TPM ready IRQ timeout for spi devices; not a regression (b/242137071) * ZTE enrollment does not work due to serial number endianness issue; not a regression (b/238137986) **Added Features:** * Improve stability around crypto faults (b/242744329) * Implement TPM version string command; less error message in ti50 and AP logs ``` for d in $(repo list | sed 's/ .*//'); do printf '%32s %s\n' $d $(git -C $d rev-parse HEAD) done chromite 7de50cba80c38fdd637cffd43a0a35931cc4d7fa common 7430395c23103cade652110c9f0433d15a51368c manifest a8bfc9a825dfaf432324d5edbb58e8a2606d4d07 ports/cr50-utils da48c5d2ef77a7de7755633386f53540f7db1b2c ports/pinweaver 3abfd77090d24ca8d2d7260d6ba6aaec2e4c35ae ports/tpm2_server 6bbf32f9ae1c59df3ec8754d18cd3b065281c3f5 repohooks 32b1168199c41dc9e6e0b91dfe37b0568dee538d third_party/cargo/registry e88a2f79e298d9107f82b861d2418f26c9d84c4c third_party/lowrisc/opentitan cf34c94db6cfb4687353babdf3b0557166241c64 third_party/tock/libtock-c fd756aa2695cdfad8dc3391c6963eb5b65f595b8 third_party/tock/libtock-rs f6dab4f4174d9b00fb44adad51f5a26ae4a7b3b2 third_party/tock/tock ae35db7727c1b9524fd38459e6834f009476c1cc third_party/tpm2 47c6c19153c6e32933c7112ff6095d60d1632754 ``` ### 0.22.6 Released 09/07/22 in R107 Release [CL](https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/3879336) From post submit release [23031](https://luci-milo.appspot.com/ui/p/chromeos/builders/postsubmit/firmware-ti50-postsubmit/23031/overview) Manifest [snapshot](https://chrome-internal.googlesource.com/chromeos/manifest-internal/+/defca58bc62d924441776145690e3a588a7e26ae/snapshot.xml) from build page. **Known Issues:** * DCRYPTO_FAULT occurring in 0.22.3+ (b/242744329) **Added Features:** * Handles GSC console input/output better around ā€˜\r\nā€™ * Write protect sensing console prints are connected to GSC console (for AP RO verification) * SPI communication stability * Cold reboot stress test improvements * ZTE should be fully functional with final fixes ``` Use manifest snapshot instead of repo list. Here's the basic version output. Build: ti50_common:v0.0.2437-3f888584 libtock-rs:v0.0.911-f6dab4f tock:v0.0.9607-ae35db772 ms-tpm-20-ref:v0.0.273-54c1dac chrome-bot@chromeos-ci-postsubmit-us-central1-b-x32-52-62pp 2022-09-01 12:35:18 ``` ### 0.22.7 Released 09/23/22 Release [CL](https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/3913922) From postsubmit build [24085](https://luci-milo.appspot.com/ui/p/chromeos/builders/postsubmit/firmware-ti50-postsubmit/24085/overview) Manifest [snapshot](https://chrome-internal.googlesource.com/chromeos/manifest-internal/+/e04db0a1e95d1fed785b798d25e3b1227a6841e4/snapshot.xml) **Known Issues:** * TPM_RC_HASH error connecting to Google Wifi (b/240506338). * SPI communication issues on reboot that can lead to recovery screen occasionally (~1/4000 rate) (b/247168128). * Rare TPM_RC_POLICY_FAIL on login (b/248109533). **Added Features:** * Crypto alert fixes (b/242744329). * ZTE fixes (b/234857025). * Boot time improvement: delay NV writes to flash (b/241986964). * TPM version reporting (b/245950072). * Owner seed reset (b/247811154). ``` Build: ti50_common:v0.0.2474-5fd512d0 libtock-rs:v0.0.911-f6dab4f tock:v0.0.9608-e951d16b8 ms-tpm-20-ref:v0.0.275-e3ce8bb chrome-bot@chromeos-ci-postsubmit-us-east1-d-x32-118-21s0 2022-09-21 20:36:39 ``` ### 0.22.9 Released 10/10/22 Release [CL](https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/3942977) From postsubmit build [24729](https://luci-milo.appspot.com/ui/p/chromeos/builders/postsubmit/firmware-ti50-postsubmit/24729/overview) Artifacts: gs://chromeos-releases/firmware-ti50-postsubmit/R108-15168.0.0-71987-8801006591156662625/ Manifest [snapshot](https://chrome-internal.googlesource.com/chromeos/manifest-internal/+/11fb83313a9cb7059477344e7e0376765d8550f1/snapshot.xml) **Known Issues:** * False warnings about I2CP bus stuck when AP is in low power mode (b/5025966) **Added Features:** * New RO with improved cryptolib performance * Fixed several FAFT tests * SPI driver synchronization fixes * I2C driver wedge bus recovery * Ecfs USB to UART cap fix * RSA support for NULL padding * Core OS: fixed issue that could lead to delaying scheduled short alarms * New CCD command `ap_ro_verify` to provision SPI settings for AP RO verification. The values are not yet checked for system correctness. ``` Build: ti50_common:v0.0.2510-ff8e5ad9 libtock-rs:v0.0.911-f6dab4f tock:v0.0.9616-b881615a7 ms-tpm-20-ref:v0.0.276-8c00699 chrome-bot@chromeos-ci-postsubmit-us-east1-d-x32-3-787r 2022-10-06 17:18:40 ``` ### 0.24.0 Released 11/11/22 in R108 Release [CL](https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/4021007) From pre-PVT builder [17](https://ci.chromium.org/ui/p/chromeos/builders/firmware/firmware-ti50-prepvt-15086.B-branch/17/overview) Artifacts: [15086.13.0](https://pantheon.corp.google.com/storage/browser/chromeos-releases/canary-channel/betty/15086.13.0) Manifest snapshot: gs://chromeos-manifest-versions/buildspecs/107/15086.13.0.xml **Known Issues:** * Previously enrolled power button gnubby (G2F) may need to be re-enrolled (b/252818957) * For i2c-based TPM devices, Ti50 won't communicate with AP on first attempt if GSC is in deep sleep and system wakes up due to lid open event. Shows up as "0x63 Failed to get boot mode from Cr50" error (b/259510330, b/259663369) **Added Features:** * Added AP RO verification feature without holding EC in reset (b/161483233) * Improved SPI and I2C TPM bus stability (b/237493220, b/247168128, b/245034621, b/251191468) * Fixed connection issues with Google-A network (b/240506338) * Fixed transient leakage power on UART pins at GSC startup * Changed how G2F (Power button as gnubby) serial numbers are generated (b/252818957) * Improved EFS2 hash invalidation for firmware_UpdateFirmwareDataKeyVersion and firmware_UpdateFirmwareVersion FAFT tests (b/253337357) * Improved filesystem performance (b/253662388, b/235873536) * Decreased flash size needed through more performant syscalls (b/236994893) ``` Build: ti50_common:v0.0.2613-dbba229a libtock-rs:v0.0.913-61d23b3 tock:v0.0.9622-397f4aaa0 tpm2:v0.0.292-1a7d322 @chromeos-ci-firmware-us-east1-d-x32-0-soad 2022-11-07 14:44:25 ``` ### 0.24.1 Released 12/02/22 in R108 Release [CL](https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/4077027) From pre-PVT builder [18](https://ci.chromium.org/ui/p/chromeos/builders/firmware/firmware-ti50-prepvt-15086.B-branch/18/overview) Artifacts: [15086.14.0](https://pantheon.corp.google.com/storage/browser/chromeos-releases/canary-channel/betty/15086.14.0) Manifest snapshot: gs://chromeos-manifest-versions/buildspecs/107/15086.14.0.xml **Added Features:** * Fix "0x63 Failed to get boot mode from Cr50" error when waking i2c-based tpm device with lid open wake event (b/259510330, b/259663369). ``` Build: ti50_common:v0.0.2616-fe48da33 libtock-rs:v0.0.913-61d23b3 tock:v0.0.9622-397f4aaa0 tpm2:v0.0.292-1a7d322 @chromeos-ci-firmware-us-central1-b-x32-0-2aia 2022-12-02 10:38:30 ``` ### 0.24.3 Released on 12/21/2022 Release [CL](https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/4121474) Builder [22](https://ci.chromium.org/ui/p/chromeos/builders/firmware/firmware-ti50-prepvt-15086.B-branch/22/overview) Artifacts: [15086.18.0](https://pantheon.corp.google.com/storage/browser/chromeos-releases/dev-channel/betty/15086.18.0) Manifest snapshot: gs://chromeos-manifest-versions/buildspecs/107/15086.18.0.xml **Bug Fixes** * Improve G2F signature security [b/261874682](https://b.corp.google.com/issues/261874682) * Fix U2F attestation problems [b/242678758](https://b.corp.google.com/issues/242678758) * Do not run AP RO verification on deep sleep wake [b/261635049](https://b.corp.google.com/issues/261635049) **Added Features** * Allow setting serial number when BID flags are set, but BID type is blank [b/238137986](https://b.corp.google.com/issues/238137986) * Process TPM vendor commands from USB even when AP is off [b/258320966](https://b.corp.google.com/issues/258320966) ``` Build: ti50_common:v0.0.2628-56003e0f libtock-rs:v0.0.913-61d23b3 tock:v0.0.9622-397f4aaa0 tpm2:v0.0.295-36025e4 @chromeos-ci-firmware-us-central2-d-x32-0-keps 2022-12-16 14:53:22 ``` ### 0.24.12 Released on 2/1/2023 Release [CL](https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/4214172) Builder [22](https://ci.chromium.org/ui/p/chromeos/builders/firmware/firmware-ti50-prepvt-15086.B-branch/28/overview) Artifacts: [15086.24.0](https://pantheon.corp.google.com/storage/browser/chromeos-releases/canary-channel/betty/15086.24.0) Manifest snapshot: gs://chromeos-manifest-versions/buildspecs/107/15086.24.0.xml **Bug Fixes** * Allow changing AP RO write protect settings until board ID is set [b/229016958](https://b.corp.google.com/issues/229016958) * Improve USB stablity [b/259590362](https://b.corp.google.com/issues/259590362) * Allow 0x prefix when entering Board ID flags [b/265461193](https://b.corp.google.com/issues/265461193) * Make sysinfo command output compatible with Cr50 [b/263579376](https://b.corp.google.com/issues/263579376) * Require short physical presence to enable testlab [b/265822083](https://b.corp.google.com/issues/265822083) * Disable watchdog only around sleep [b/266015400](https://b.corp.google.com/issues/266015400) * Do not report false TPM2 p256 errors [b/234159838](https://b.corp.google.com/issues/234159838) * Fix TPM evict object serialization bug [b/263168766](https://b.corp.google.com/issues/263168766) * Fix GSC reboot issue when accessing orderly counters from previous ti50 FW versions. [b/263168766](https://b.corp.google.com/issues/263168766) **Added Features** * Allow to exclude GBB flags from AP RO hash calculations [b/261763740](https://b.corp.google.com/issues/261763740) * Show INFO space factory mode state in `sysinfo` output * Add I2C errors to FLOG * Support two root keys AP RO verification, prepvt and mp [b/261600803](https://b.corp.google.com/issues/261600803) * Add FLOG entry for crashes * Use initial factory mode indicator (INFO space value) to allow setting SN [b/264261220](https://b.corp.google.com/issues/264261220) * Process TPM vendor commands according their source (USB vs TPM) [b/266955081](https://b.corp.google.com/issues/266955081) ``` Build: ti50_common:v0.0.2779-8d972cb6 libtock-rs:v0.0.913-61d23b3 tock:v0.0.9622-397f4aaa0 ms-tpm-20-ref:v0.0.308-b3e5f5e @chromeos-ci-firmware-us-central2-d-x32-0-qlml 2023-01-30 14:12:36 ``` ### 0.24.13 Released on 2/10/2023 Release [CL](https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/4241502) Builder [29](https://ci.chromium.org/ui/p/chromeos/builders/firmware/firmware-ti50-prepvt-15086.B-branch/29/overview) Artifacts: [15086.25.0](https://pantheon.corp.google.com/storage/browser/chromeos-releases/canary-channel/betty/15086.25.0) Manifest snapshot: gs://chromeos-manifest-versions/buildspecs/107/15086.25.0.xml **Bug Fixes** * Fix enter to recovery mode [b/248161678](https://b.corp.google.com/issues/248161678), [b/267703710](https://b.corp.google.com/issues/267703710) ``` Build: ti50_common:v0.0.2783-8368c19f libtock-rs:v0.0.913-61d23b3 tock:v0.0.9622-397f4aaa0 ms-tpm-20-ref:v0.0.308-b3e5f5e @chromeos-ci-firmware-us-central1-b-x32-0-33ar 2023-02-08 10:36:28 ``` ### 0.24.14 Released on 3/10/2023 in M113 Release [CL](https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/4326634) Builder [30](https://ci.chromium.org/ui/p/chromeos/builders/firmware/firmware-ti50-prepvt-15086.B-branch/30/overview) Artifacts: [15086.26.0](https://pantheon.corp.google.com/storage/browser/chromeos-releases/canary-channel/betty/15086.26.0) Manifest snapshot: gs://chromeos-manifest-versions/buildspecs/107/15086.26.0.xml **Bug Fixes** * Allow update within 60s of PoR [b/270401267](https://b.corp.google.com/issues/270401267) * Fix turning on updates after deep sleep [b/270401267](https://b.corp.google.com/issues/270401267) * Fix handling RO update failures [b/271503973](https://b.corp.google.com/issues/271503973) * Update AP RO verification NonZeroGbbFlags and WrongRootKey error codes ``` Build: ti50_common:v0.0.2790-4c1a74e8 libtock-rs:v0.0.913-61d23b3 tock:v0.0.9622-397f4aaa0 ms-tpm-20-ref:v0.0.308-b3e5f5e @chromeos-ci-firmware-us-east1-d-x32-0-v1rm 2023-03-06 11:13:07 ``` ### 0.24.21 Released on 4/5/2023 Release [CL](https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/4405126) Builder [40](https://ci.chromium.org/ui/p/chromeos/builders/firmware/firmware-ti50-prepvt-15086.B-branch/40/overview) Artifacts [15086.35.0](https://pantheon.corp.google.com/storage/browser/chromeos-releases/canary-channel/betty/15086.35.0) Manifest snapshot: gs://chromeos-manifest-versions/buildspecs/107/15086.35.0.xml **New Features** * New additional metrics, including boot time and a detailed error code for AP RO verification. Now available through the `GetTi50Metrics` vendor command with value 0x41. [b/262608026](https://b.corp.google.com/issues/262608026), [b/263298180](https://b.corp.google.com/issues/263298180) * New vendor commands 0x42 and 0x43 to get crash and console logs. [b/268396021](https://b.corp.google.com/issues/268396021), [b/265310865](https://b.corp.google.com/issues/265310865) * Support pinweaver v2. [b/248209280](https://b.corp.google.com/issues/248209280) * Add Widevine UDS to virtual NV [b/248610274](https://b.corp.google.com/issues/248610274) * Add GetRSUDevID command to TPM for RMA. [b/265309995](https://b.corp.google.com/issues/265309995) **Bug Fixes** * Fix CCD open failure with the battery disconnected. [b/270712314](https://b.corp.google.com/issues/270712314) * Fix rejection of RO and RW header updates with invalid fields. [b/272057805](https://b.corp.google.com/issues/272057805) * Fix `wp follow_batt_pres` command in GSC console. [b/269218898](https://b.corp.google.com/issues/269218898) * Fix FIDO errors, reporting an invalid P-256 public key. [b/271795015](https://b.corp.google.com/issues/271795015) * Restrict the `recbtnforce` command to the GscFullConsole CCD capability [b/268219945](https://b.corp.google.com/issues/268219945) * Fix pinweaver key import/export to be compatible with v2. [b/267729980](https://b.corp.google.com/issues/267729980) * Fix AP/EC comms broken by EC then AP flash resulting in detached I2C lines. [b/264817647](https://b.corp.google.com/issues/264817647) * Stabilize console output line order. [b/276491121](https://b.corp.google.com/issues/276491121) * Fix `\r\r\n` console output. [b/242980684](https://b.corp.google.com/issues/242980684) * Fix issue where EC not put in reset on recovery key combo when GSC in deep sleep. [b/248161678](https://b.corp.google.com/issues/248161678) ``` Build: ti50_common:v0.0.2939-57543958 libtock-rs:v0.0.915-7efdaf5 tock:v0.0.9628-93b95c696 ms-tpm-20-ref:v0.0.310-953df73 @chromeos-ci-firmware-us-central1-b-x32-0-pnrp 2023-04-03 09:47:17 ``` ### 0.24.30 Released on 4/21/2023 Release [CL](https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/4460051) Builder [37](https://ci.chromium.org/ui/p/chromeos/builders/firmware/firmware-ti50-prepvt-15086.B-branch/37/overview) Artifacts: [15086.37.0](https://pantheon.corp.google.com/storage/browser/chromeos-releases/canary-channel/betty/15086.37.0) Manifest snapshot: gs://chromeos-manifest-versions/buildspecs/107/15086.37.0.xml **Bug Fixes** * Add PCR-based policy to update fwmp and antirollback spaces [b/274977008](https://b.corp.google.com/issues/274977008) * Remove crash id parameter from GetCrashLog command [b/265310865](https://b.corp.google.com/issues/265310865) * AP RO verification returns detailed results [b/263298180](https://b.corp.google.com/issues/263298180) ``` Build: ti50_common_prepvt-15086.B:v0.0.239-60fad06f libtock-rs:v0.0.918-d13e197 tock:v0.0.9630-0fa93d584 ms-tpm-20-ref:v0.0.314-b366a8a @chromeos-ci-firmware-us-central2-d-x32-0-zjfs 2023-04-18 10:59:06 ``` [105 release]: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/refs/heads/release-R105-14989.B/chromeos-base/chromeos-ti50/chromeos-ti50-0.0.1.ebuild [106 release]: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/refs/heads/release-R106-15054.B/chromeos-base/chromeos-ti50/chromeos-ti50-0.0.1.ebuild [107 release]: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/refs/heads/release-R107-15117.B/chromeos-base/chromeos-ti50/chromeos-ti50-0.0.1.ebuild [108 release]: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/refs/heads/release-R108-15183.B/chromeos-base/chromeos-ti50/chromeos-ti50-0.0.1.ebuild [109 release]: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/refs/heads/release-R109-15236.B/chromeos-base/chromeos-ti50/chromeos-ti50-0.0.1.ebuild [110 release]: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/refs/heads/release-R110-15278.B/chromeos-base/chromeos-ti50/chromeos-ti50-0.0.1.ebuild [111 release]: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/refs/heads/release-R111-15329.B/chromeos-base/chromeos-ti50/chromeos-ti50-0.0.1.ebuild [112 release]: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/refs/heads/release-R112-15359.B/chromeos-base/chromeos-ti50/chromeos-ti50-0.0.1.ebuild [113 release]: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/refs/heads/release-R113-15393.B/chromeos-base/chromeos-ti50/chromeos-ti50-0.0.1.ebuild [ToT ebuild]: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/refs/heads/main/chromeos-base/chromeos-ti50/chromeos-ti50-0.0.1.ebuild