Add new NV and GBB flag to control UDCfirmware-poppy-10431.B

This change adds a new NV and GBB flag for controlling USB device
mode behavior, adding an additional step to enable UDC on systems
that support it.

Users of this feature will need to first enable developer mode and
then enable UDC separately by running "crossystem dev_enable_udc=1".

Alternatively those without write protect enabled can set a GBB
flag to have UDC enabled by default while in developer mode.

This is based on the security reviewed proposal at
https://docs.google.com/document/d/1b6avd9xvhvljN_NKtctWrClj4mSYZ_uPmp7MmAnPwqs

BUG=b:78577893
BRANCH=poppy
TEST=manual testing on Eve device

Change-Id: I6f440320f28b033639b53246d3034bc8acc37a33
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1010769
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1033630
Commit-Queue: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Trybot-Ready: Furquan Shaikh <furquan@chromium.org>

7 files changed, 22 insertions, 1 deletions

diff --git a/firmware/2lib/2nvstorage.c b/firmware/2lib/2nvstorage.c
index 71a0dbb9..b0810c36 100644
--- a/firmware/2lib/2nvstorage.c
+++ b/firmware/2lib/2nvstorage.c
@@ -152,6 +152,9 @@ uint32_t vb2_nv_get(struct vb2_context *ctx, enum vb2_nv_param param)
 		return (p[VB2_NV_OFFS_DEV] & VB2_NV_DEV_FLAG_DEFAULT_BOOT)
 			>> VB2_NV_DEV_DEFAULT_BOOT_SHIFT;
 
+	case VB2_NV_DEV_ENABLE_UDC:
+		return GETBIT(VB2_NV_OFFS_DEV, VB2_NV_DEV_FLAG_UDC);
+
 	case VB2_NV_DISABLE_DEV_REQUEST:
 		return GETBIT(VB2_NV_OFFS_BOOT, VB2_NV_BOOT_DISABLE_DEV);
 
@@ -326,6 +329,10 @@ void vb2_nv_set(struct vb2_context *ctx,
 			(uint8_t)(value << VB2_NV_DEV_DEFAULT_BOOT_SHIFT);
 		break;
 
+	case VB2_NV_DEV_ENABLE_UDC:
+		SETBIT(VB2_NV_OFFS_DEV, VB2_NV_DEV_FLAG_UDC);
+		break;
+
 	case VB2_NV_DISABLE_DEV_REQUEST:
 		SETBIT(VB2_NV_OFFS_BOOT, VB2_NV_BOOT_DISABLE_DEV);
 		break;
diff --git a/firmware/2lib/include/2nvstorage.h b/firmware/2lib/include/2nvstorage.h
index 1a654691..55b16129 100644
--- a/firmware/2lib/include/2nvstorage.h
+++ b/firmware/2lib/include/2nvstorage.h
@@ -59,6 +59,8 @@ enum vb2_nv_param {
 	VB2_NV_DEV_BOOT_FASTBOOT_FULL_CAP,
 	/* Set default boot mode (see vb2_dev_default_boot) */
 	VB2_NV_DEV_DEFAULT_BOOT,
+	/* Enable USB Device Controller */
+	VB2_NV_DEV_ENABLE_UDC,
 	/*
 	 * Set by userspace to request that RO firmware disable dev-mode on the
 	 * next boot. This is likely only possible if the dev-switch is
diff --git a/firmware/2lib/include/2nvstorage_fields.h b/firmware/2lib/include/2nvstorage_fields.h
index 0ed3325a..9f9f0e4c 100644
--- a/firmware/2lib/include/2nvstorage_fields.h
+++ b/firmware/2lib/include/2nvstorage_fields.h
@@ -61,13 +61,14 @@ enum vb2_nv_offset {
 #define VB2_NV_BOOT2_PREV_RESULT_SHIFT 4  /* Number of bits to shift result */
 #define VB2_NV_BOOT2_PREV_TRIED                0x40
 
-/* Fields in VB2_NV_OFFS_DEV (unused = 0xc0) */
+/* Fields in VB2_NV_OFFS_DEV (unused = 0x80) */
 #define VB2_NV_DEV_FLAG_USB                    0x01
 #define VB2_NV_DEV_FLAG_SIGNED_ONLY            0x02
 #define VB2_NV_DEV_FLAG_LEGACY                 0x04
 #define VB2_NV_DEV_FLAG_FASTBOOT_FULL_CAP      0x08
 #define VB2_NV_DEV_FLAG_DEFAULT_BOOT           0x30
 #define VB2_NV_DEV_DEFAULT_BOOT_SHIFT 4  /* Number of bits to shift */
+#define VB2_NV_DEV_FLAG_UDC                    0x40
 
 /* Fields in VB2_NV_OFFS_TPM (unused = 0xf8) */
 #define VB2_NV_TPM_CLEAR_OWNER_REQUEST         0x01
diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h
index 3411de77..aec76e67 100644
--- a/firmware/2lib/include/2struct.h
+++ b/firmware/2lib/include/2struct.h
@@ -301,6 +301,9 @@ enum vb2_gbb_flag {
 
 	/* Disable FWMP */
 	VB2_GBB_FLAG_DISABLE_FWMP = (1 << 15),
+
+	/* Enable USB Device Controller */
+	VB2_GBB_FLAG_ENABLE_UDC = (1 << 16),
 };
 
 struct vb2_gbb_header {
diff --git a/firmware/include/gbb_header.h b/firmware/include/gbb_header.h
index 4503ffaa..7a0f0cf2 100644
--- a/firmware/include/gbb_header.h
+++ b/firmware/include/gbb_header.h
@@ -76,6 +76,8 @@
 #define GBB_FLAG_ENABLE_SERIAL				0x00004000
 /* Disable using FWMP */
 #define GBB_FLAG_DISABLE_FWMP                           0x00008000
+/* Enable USB Device Controller */
+#define GBB_FLAG_ENABLE_UDC                             0x00010000
 
 
 #ifdef __cplusplus
diff --git a/host/lib/crossystem.c b/host/lib/crossystem.c
index 5a758616..8cdfe8d6 100644
--- a/host/lib/crossystem.c
+++ b/host/lib/crossystem.c
@@ -502,6 +502,8 @@ int VbGetSystemPropertyInt(const char *name)
 		value = vb2_get_nv_storage(VB2_NV_DEV_BOOT_SIGNED_ONLY);
 	} else if (!strcasecmp(name,"dev_boot_fastboot_full_cap")) {
 		value = vb2_get_nv_storage(VB2_NV_DEV_BOOT_FASTBOOT_FULL_CAP);
+	} else if (!strcasecmp(name,"dev_enable_udc")) {
+		value = vb2_get_nv_storage(VB2_NV_DEV_ENABLE_UDC);
 	} else if (!strcasecmp(name,"oprom_needed")) {
 		value = vb2_get_nv_storage(VB2_NV_OPROM_NEEDED);
 	} else if (!strcasecmp(name,"recovery_subcode")) {
@@ -702,6 +704,9 @@ int VbSetSystemPropertyInt(const char *name, int value)
 	} else if (!strcasecmp(name, "fastboot_unlock_in_fw")) {
 		return vb2_set_nv_storage_with_backup(
 		    VB2_NV_FASTBOOT_UNLOCK_IN_FW, value);
+	} else if (!strcasecmp(name, "dev_enable_udc")) {
+		return vb2_set_nv_storage_with_backup(
+		    VB2_NV_DEV_ENABLE_UDC, value);
 	} else if (!strcasecmp(name, "boot_on_ac_detect")) {
 		return vb2_set_nv_storage_with_backup(
 		    VB2_NV_BOOT_ON_AC_DETECT, value);
diff --git a/utility/crossystem.c b/utility/crossystem.c
index 911d585d..a6ee1f0a 100644
--- a/utility/crossystem.c
+++ b/utility/crossystem.c
@@ -50,6 +50,7 @@ const Param sys_param_list[] = {
    "Enable developer mode boot only from official kernels (writable)"},
   {"dev_default_boot", IS_STRING|CAN_WRITE,
    "default boot from legacy or usb (writable)"},
+  {"dev_enable_udc", CAN_WRITE, "Enable USB Device Controller"},
   {"devsw_boot", 0, "Developer switch position at boot"},
   {"devsw_cur",  0, "Developer switch current position"},
   {"disable_dev_request", CAN_WRITE, "Disable virtual dev-mode on next boot"},