diff --git a/Makefile.rules b/Makefile.rules index d2a151205b..565c95c34d 100644 --- a/Makefile.rules +++ b/Makefile.rules @@ -45,8 +45,8 @@ cmd_flat_to_obj = $(CC) -T $(out)/firmware_image.lds -nostdlib $(CPPFLAGS) \ # Allow the .roshared section to overlap other sections (itself) cmd_ec_elf_to_flat ?= $(OBJCOPY) --set-section-flags .roshared=share \ -O binary $< $@ -cmd_elf_to_signed ?= sudo $(out)/util/signer --key=util/signer/$(3) \ - --input=$< --format=bin --output=$@.signed $(SIG_EXTRA) \ +cmd_elf_to_signed ?= sudo $(SIGNER) --key=util/signer/$(3) \ + --input=$< --format=bin --output=$@.signed $(SIGNER_EXTRAS) \ && sudo chown $(shell whoami) $@.signed && mv $@.signed $@ cmd_elf_to_dis = $(OBJDUMP) -D $< > $@ cmd_elf_to_hex = $(OBJCOPY) -O ihex $< $@ @@ -274,7 +274,7 @@ $(out)/RO/%.flat: $(out)/RO/%.elf $(out)/RO/%.smap $(call quiet,elf_to_signed,RO_SIGN,$(CR50_RO_KEY)) $(out)/RW/%.flat: $(out)/RW/%.elf $(out)/RW/%.smap - $(call quiet,elf_to_signed,RW_SIGN,loader-testkey-A.pem) + $(call quiet,elf_to_signed,RW_SIGN,$(CR50_RW_KEY)) $(out)/RO/%.hex: $(out)/RO/%.flat $(call quiet,bin_to_hex,OBJCOPY) diff --git a/chip/g/build.mk b/chip/g/build.mk index 9cc0edb8a1..ed5c62ccbe 100644 --- a/chip/g/build.mk +++ b/chip/g/build.mk @@ -101,6 +101,18 @@ $(out)/RW/ec.RW_B.flat: $(out)/util/signer endif CR50_RO_KEY ?= rom-testkey-A.pem +ifeq ($(CR50_DEV),) +CR50_RW_KEY = loader-testkey-A.pem +SIGNER = $(out)/util/signer +SIGNER_EXTRAS = +else +SIGNER = $(HOME)/bin/codesigner +CR50_RW_KEY = cr50_rom0-dev-blsign.pem.pub +RW_SIGNER_EXTRAS = -x util/signer/fuses.xml +RW_SIGNER_EXTRAS += -j util/signer/ec_RW-manifest-kevin_evt_1.json +$(out)/RW/ec.RW_B.flat: $(out)/RW/ec.RW.flat +$(out)/RW/ec.RW.flat $(out)/RW/ec.RW_B.flat: SIGNER_EXTRAS = $(RW_SIGNER_EXTRAS) +endif # This file is included twice by the Makefile, once to determine the CHIP info # # and then again after defining all the CONFIG_ and HAS_TASK variables. We use diff --git a/util/signer/ec_RW-manifest-kevin_evt_1.json b/util/signer/ec_RW-manifest-kevin_evt_1.json new file mode 100644 index 0000000000..94295f7473 --- /dev/null +++ b/util/signer/ec_RW-manifest-kevin_evt_1.json @@ -0,0 +1,157 @@ +{ +// List of fuses and their expected values. +"fuses": { + "FLASH_PERSO_PAGE_LOCK": 5, // individualized + "FW_DEFINED_DATA_BLK0": 2, // kevin EVT 1 + "FW_DEFINED_DATA_EXTRA_BLK6": 0 // escape hatch +}, +// Rollback state. +"info": { +"0": -1, +"1": -1, +"2": -1, +"3": -1, +"4": -1, +"5": -1, +"6": -1, +"7": -1, +"8": -1, +"9": -1, +"10": -1, +"11": -1, +"12": -1, +"13": -1, +"14": -1, +"15": -1, +"16": -1, +"17": -1, +"18": -1, +"19": -1, +"20": -1, +"21": -1, +"22": -1, +"23": -1, +"24": -1, +"25": -1, +"26": -1, +"27": -1, +"28": -1, +"29": -1, +"30": -1, +"31": -1, +"32": -1, +"33": -1, +"34": -1, +"35": -1, +"36": -1, +"37": -1, +"38": -1, +"39": -1, +"40": -1, +"41": -1, +"42": -1, +"43": -1, +"44": -1, +"45": -1, +"46": -1, +"47": -1, +"48": -1, +"49": -1, +"50": -1, +"51": -1, +"52": -1, +"53": -1, +"54": -1, +"55": -1, +"56": -1, +"57": -1, +"58": -1, +"59": -1, +"60": -1, +"61": -1, +"62": -1, +"63": -1, +"64": -1, +"65": -1, +"66": -1, +"67": -1, +"68": -1, +"69": -1, +"70": -1, +"71": -1, +"72": -1, +"73": -1, +"74": -1, +"75": -1, +"76": -1, +"77": -1, +"78": -1, +"79": -1, +"80": -1, +"81": -1, +"82": -1, +"83": -1, +"84": -1, +"85": -1, +"86": -1, +"87": -1, +"88": -1, +"89": -1, +"90": -1, +"91": -1, +"92": -1, +"93": -1, +"94": -1, +"95": -1, +"96": -1, +"97": -1, +"98": -1, +"99": -1, +"100": -1, +"101": -1, +"102": -1, +"103": -1, +"104": -1, +"105": -1, +"106": -1, +"107": -1, +"108": -1, +"109": -1, +"110": -1, +"111": -1, +"112": -1, +"113": -1, +"114": -1, +"115": -1, +"116": -1, +"117": -1, +"118": -1, +"119": -1, +"120": -1, +"121": -1, +"122": -1, +"123": -1, +"124": -1, +"125": -1, +"126": -1, +"127": -1 +}, + + // Note: tag needs to match what cros_personalize anticipated! + // https://cs.corp.google.com/search/?q=kCrosFwr + "tag": "00000000000000000000000000000000000000000000000000000000", + + // cros_loader uses b1-dev key as key to verify RW with + "keyid": -1187158727, // b1-dev key + + "p4cl": 177, // P4 sync cl for XML we link against. 177 == 0xb1. + + "timestamp": 0, + "epoch": 0, // FWR diversification contributor, 32 bits. + "major": 0, // FW2_HIK_CHAIN counter. + "minor": 6, // Harmless version field. + "applysec": -1, // Mask to and with fuse BROM_APPLYSEC. + "config1": 13, // Which BROM_CONFIG1 actions to take before launching. + "err_response": 0, // Mask to or with fuse BROM_ERR_RESPONSE. + "expect_response": 3 // purgatory level when expectation fails. +} diff --git a/util/signer/fuses.xml b/util/signer/fuses.xml new file mode 100644 index 0000000000..627c8796b8 --- /dev/null +++ b/util/signer/fuses.xml @@ -0,0 +1,2034 @@ + + + + + RegName + BNK0_INTG_CHKSUM + + + FuseLogicalOffset + 0 + + + Width + 24 + + + + + + + RegName + BNK0_INTG_LOCK + + + FuseLogicalOffset + 1 + + + Width + 3 + + + + + + + RegName + DS_GRP0 + + + FuseLogicalOffset + 2 + + + Width + 9 + + + + + + + RegName + DS_GRP1 + + + FuseLogicalOffset + 3 + + + Width + 9 + + + + + + + RegName + DS_GRP2 + + + FuseLogicalOffset + 4 + + + Width + 9 + + + + + + + RegName + DEV_ID0 + + + FuseLogicalOffset + 5 + + + Width + 32 + + + + + + + RegName + DEV_ID1 + + + FuseLogicalOffset + 6 + + + Width + 32 + + + + + + + RegName + BNK1_INTG_CHKSUM + + + FuseLogicalOffset + 7 + + + Width + 24 + + + + + + + RegName + BNK1_INTG_LOCK + + + FuseLogicalOffset + 8 + + + Width + 3 + + + + + + + RegName + LB0_POST_OVRD + + + FuseLogicalOffset + 9 + + + Width + 3 + + + + + + + RegName + LB0_POST_PATCNT + + + FuseLogicalOffset + 10 + + + Width + 2 + + + + + + + RegName + LB0_POST_WARMUP_OVRD + + + FuseLogicalOffset + 11 + + + Width + 3 + + + + + + + RegName + LB0_POST_WARMUP_CNT + + + FuseLogicalOffset + 12 + + + Width + 2 + + + + + + + RegName + LB1_POST_OVRD + + + FuseLogicalOffset + 13 + + + Width + 3 + + + + + + + RegName + LB1_POST_PATCNT + + + FuseLogicalOffset + 14 + + + Width + 2 + + + + + + + RegName + LB1_POST_WARMUP_OVRD + + + FuseLogicalOffset + 15 + + + Width + 3 + + + + + + + RegName + LB1_POST_WARMUP_CNT + + + FuseLogicalOffset + 16 + + + Width + 2 + + + + + + + RegName + LB2_POST_OVRD + + + FuseLogicalOffset + 17 + + + Width + 3 + + + + + + + RegName + LB2_POST_PATCNT + + + FuseLogicalOffset + 18 + + + Width + 2 + + + + + + + RegName + LB2_POST_WARMUP_OVRD + + + FuseLogicalOffset + 19 + + + Width + 3 + + + + + + + RegName + LB2_POST_WARMUP_CNT + + + FuseLogicalOffset + 20 + + + Width + 2 + + + + + + + RegName + LB3_POST_OVRD + + + FuseLogicalOffset + 21 + + + Width + 3 + + + + + + + RegName + LB3_POST_PATCNT + + + FuseLogicalOffset + 22 + + + Width + 2 + + + + + + + RegName + LB3_POST_WARMUP_OVRD + + + FuseLogicalOffset + 23 + + + Width + 3 + + + + + + + RegName + LB3_POST_WARMUP_CNT + + + FuseLogicalOffset + 24 + + + Width + 2 + + + + + + + RegName + LB4_POST_OVRD + + + FuseLogicalOffset + 25 + + + Width + 3 + + + + + + + RegName + LB4_POST_PATCNT + + + FuseLogicalOffset + 26 + + + Width + 2 + + + + + + + RegName + LB4_POST_WARMUP_OVRD + + + FuseLogicalOffset + 27 + + + Width + 3 + + + + + + + RegName + LB4_POST_WARMUP_CNT + + + FuseLogicalOffset + 28 + + + Width + 2 + + + + + + + RegName + MBIST_POST_SEQ + + + FuseLogicalOffset + 29 + + + Width + 25 + + + + + + + RegName + LBIST_POST_SEQ + + + FuseLogicalOffset + 30 + + + Width + 25 + + + + + + + RegName + LBIST_VIA_TAP_DIS + + + FuseLogicalOffset + 31 + + + Width + 3 + + + + + + + RegName + MBIST_VIA_TAP_DIS + + + FuseLogicalOffset + 32 + + + Width + 3 + + + + + + + RegName + TAP_DISABLE + + + FuseLogicalOffset + 33 + + + Width + 3 + + + + + + + RegName + RNGBIST_AR_EN + + + FuseLogicalOffset + 34 + + + Width + 3 + + + + + + + RegName + TESTMODE_KEYS_EN + + + FuseLogicalOffset + 35 + + + Width + 3 + + + + + + + RegName + PKG_ID + + + FuseLogicalOffset + 36 + + + Width + 3 + + + + + + + RegName + BIN_ID + + + FuseLogicalOffset + 37 + + + Width + 3 + + + + + + + RegName + RC_JTR_OSC48_CC_TRIM + + + FuseLogicalOffset + 38 + + + Width + 8 + + + + + + + RegName + RC_JTR_OSC48_CC_EN + + + FuseLogicalOffset + 39 + + + Width + 3 + + + + + + + RegName + RC_JTR_OSC60_CC_TRIM + + + FuseLogicalOffset + 40 + + + Width + 8 + + + + + + + RegName + RC_JTR_OSC60_CC_EN + + + FuseLogicalOffset + 41 + + + Width + 3 + + + + + + + RegName + RC_TIMER_OSC48_CC_TRIM + + + FuseLogicalOffset + 42 + + + Width + 8 + + + + + + + RegName + RC_TIMER_OSC48_CC_EN + + + FuseLogicalOffset + 43 + + + Width + 3 + + + + + + + RegName + RC_TIMER_OSC48_FC_TRIM + + + FuseLogicalOffset + 44 + + + Width + 5 + + + + + + + RegName + RC_TIMER_OSC48_FC_EN + + + FuseLogicalOffset + 45 + + + Width + 3 + + + + + + + RegName + RC_RTC_OSC256K_CC_TRIM + + + FuseLogicalOffset + 46 + + + Width + 8 + + + + + + + RegName + RC_RTC_OSC256K_CC_EN + + + FuseLogicalOffset + 47 + + + Width + 3 + + + + + + + RegName + SEL_VREG_REG_EN + + + FuseLogicalOffset + 48 + + + Width + 3 + + + + + + + RegName + SEL_VREF_REG + + + FuseLogicalOffset + 49 + + + Width + 4 + + + + + + + RegName + SEL_VREF_BATMON_EN + + + FuseLogicalOffset + 50 + + + Width + 3 + + + + + + + RegName + SEL_VREF_BATMON + + + FuseLogicalOffset + 51 + + + Width + 3 + + + + + + + RegName + X_OSC_LDO_CTRL_EN + + + FuseLogicalOffset + 52 + + + Width + 3 + + + + + + + RegName + X_OSC_LDO_CTRL + + + FuseLogicalOffset + 53 + + + Width + 4 + + + + + + + RegName + TEMP_OFFSET_CAL + + + FuseLogicalOffset + 54 + + + Width + 12 + + + + + + + RegName + TRNG_LDO_CTRL_EN + + + FuseLogicalOffset + 55 + + + Width + 3 + + + + + + + RegName + TRNG_LDO_CTRL + + + FuseLogicalOffset + 56 + + + Width + 5 + + + + + + + RegName + TRNG_ANALOG_CTRL_EN + + + FuseLogicalOffset + 57 + + + Width + 3 + + + + + + + RegName + TRNG_ANALOG_CTRL + + + FuseLogicalOffset + 58 + + + Width + 4 + + + + + + + RegName + EXT_XTAL_PDB + + + FuseLogicalOffset + 59 + + + Width + 2 + + + + + + + RegName + DIS_EXT_XTAL_CLK_TREE + + + FuseLogicalOffset + 60 + + + Width + 3 + + + + + + + RegName + OBFUSCATION_EN + + + FuseLogicalOffset + 61 + + + Width + 3 + + + + + + + RegName + HIK_CREATE_LOCK + + + FuseLogicalOffset + 62 + + + Width + 3 + + + + + + + RegName + BNK2_INTG_CHKSUM + + + FuseLogicalOffset + 63 + + + Width + 24 + + + + + + + RegName + BNK2_INTG_LOCK + + + FuseLogicalOffset + 64 + + + Width + 3 + + + + + + + RegName + TESTMODE_OTPW_DIS + + + FuseLogicalOffset + 65 + + + Width + 3 + + + + + + + RegName + HKEY_WDOG_TIMER_EN + + + FuseLogicalOffset + 66 + + + Width + 3 + + + + + + + RegName + FLASH_PERSO_PAGE_LOCK + + + FuseLogicalOffset + 67 + + + Width + 3 + + + + + + + RegName + ALERT_RSP_CFG + + + FuseLogicalOffset + 68 + + + Width + 8 + + + + + + + RegName + BNK3_INTG_CHKSUM + + + FuseLogicalOffset + 69 + + + Width + 24 + + + + + + + RegName + BNK3_INTG_LOCK + + + FuseLogicalOffset + 70 + + + Width + 3 + + + + + + + RegName + FW_DEFINED_DATA_BLK0 + + + FuseLogicalOffset + 71 + + + Width + 8 + + + + + + + RegName + FW_DEFINED_BROM_ERR_RESPONSE + + + FuseLogicalOffset + 72 + + + Width + 16 + + + + + + + RegName + FW_DEFINED_BROM_APPLYSEC + + + FuseLogicalOffset + 73 + + + Width + 12 + + + + + + + RegName + FW_DEFINED_BROM_CONFIG0 + + + FuseLogicalOffset + 74 + + + Width + 8 + + + + + + + RegName + FW_DEFINED_BROM_CONFIG1 + + + FuseLogicalOffset + 75 + + + Width + 8 + + + + + + + RegName + RBOX_MODE_DBG_OVRD_DIS + + + FuseLogicalOffset + 76 + + + Width + 1 + + + + + + + RegName + RBOX_MODE_OUTPUT_OVRD_DIS + + + FuseLogicalOffset + 77 + + + Width + 7 + + + + + + + RegName + RBOX_CLK10HZ_COUNT + + + FuseLogicalOffset + 78 + + + Width + 16 + + + + + + + RegName + RBOX_SHORT_DELAY_COUNT + + + FuseLogicalOffset + 79 + + + Width + 16 + + + + + + + RegName + RBOX_LONG_DELAY_COUNT + + + FuseLogicalOffset + 80 + + + Width + 8 + + + + + + + RegName + RBOX_DEBOUNCE_PERIOD + + + FuseLogicalOffset + 81 + + + Width + 16 + + + + + + + RegName + RBOX_DEBOUNCE_BYPASS_PWRB + + + FuseLogicalOffset + 82 + + + Width + 1 + + + + + + + RegName + RBOX_DEBOUNCE_BYPASS_KEY0 + + + FuseLogicalOffset + 83 + + + Width + 1 + + + + + + + RegName + RBOX_DEBOUNCE_BYPASS_KEY1 + + + FuseLogicalOffset + 84 + + + Width + 1 + + + + + + + RegName + RBOX_KEY_COMBO0_VAL + + + FuseLogicalOffset + 85 + + + Width + 8 + + + + + + + RegName + RBOX_KEY_COMBO1_VAL + + + FuseLogicalOffset + 86 + + + Width + 8 + + + + + + + RegName + RBOX_KEY_COMBO2_VAL + + + FuseLogicalOffset + 87 + + + Width + 8 + + + + + + + RegName + RBOX_KEY_COMBO0_HOLD + + + FuseLogicalOffset + 88 + + + Width + 8 + + + + + + + RegName + RBOX_KEY_COMBO1_HOLD + + + FuseLogicalOffset + 89 + + + Width + 8 + + + + + + + RegName + RBOX_KEY_COMBO2_HOLD + + + FuseLogicalOffset + 90 + + + Width + 8 + + + + + + + RegName + RBOX_BLOCK_KEY0_SEL + + + FuseLogicalOffset + 91 + + + Width + 1 + + + + + + + RegName + RBOX_BLOCK_KEY1_SEL + + + FuseLogicalOffset + 92 + + + Width + 1 + + + + + + + RegName + RBOX_BLOCK_KEY0_VAL + + + FuseLogicalOffset + 93 + + + Width + 1 + + + + + + + RegName + RBOX_BLOCK_KEY1_VAL + + + FuseLogicalOffset + 94 + + + Width + 1 + + + + + + + RegName + RBOX_POL_AC_PRESENT + + + FuseLogicalOffset + 95 + + + Width + 1 + + + + + + + RegName + RBOX_POL_PWRB_IN + + + FuseLogicalOffset + 96 + + + Width + 1 + + + + + + + RegName + RBOX_POL_PWRB_OUT + + + FuseLogicalOffset + 97 + + + Width + 1 + + + + + + + RegName + RBOX_POL_KEY0_IN + + + FuseLogicalOffset + 98 + + + Width + 1 + + + + + + + RegName + RBOX_POL_KEY0_OUT + + + FuseLogicalOffset + 99 + + + Width + 1 + + + + + + + RegName + RBOX_POL_KEY1_IN + + + FuseLogicalOffset + 100 + + + Width + 1 + + + + + + + RegName + RBOX_POL_KEY1_OUT + + + FuseLogicalOffset + 101 + + + Width + 1 + + + + + + + RegName + RBOX_POL_EC_RST + + + FuseLogicalOffset + 102 + + + Width + 1 + + + + + + + RegName + RBOX_POL_BATT_DISABLE + + + FuseLogicalOffset + 103 + + + Width + 1 + + + + + + + RegName + RBOX_TERM_AC_PRESENT + + + FuseLogicalOffset + 104 + + + Width + 2 + + + + + + + RegName + RBOX_TERM_ENTERING_RW + + + FuseLogicalOffset + 105 + + + Width + 2 + + + + + + + RegName + RBOX_TERM_PWRB_IN + + + FuseLogicalOffset + 106 + + + Width + 2 + + + + + + + RegName + RBOX_TERM_PWRB_OUT + + + FuseLogicalOffset + 107 + + + Width + 2 + + + + + + + RegName + RBOX_TERM_KEY0_IN + + + FuseLogicalOffset + 108 + + + Width + 2 + + + + + + + RegName + RBOX_TERM_KEY0_OUT + + + FuseLogicalOffset + 109 + + + Width + 2 + + + + + + + RegName + RBOX_TERM_KEY1_IN + + + FuseLogicalOffset + 110 + + + Width + 2 + + + + + + + RegName + RBOX_TERM_KEY1_OUT + + + FuseLogicalOffset + 111 + + + Width + 2 + + + + + + + RegName + RBOX_DRIVE_PWRB_OUT + + + FuseLogicalOffset + 112 + + + Width + 2 + + + + + + + RegName + RBOX_DRIVE_KEY0_OUT + + + FuseLogicalOffset + 113 + + + Width + 2 + + + + + + + RegName + RBOX_DRIVE_KEY1_OUT + + + FuseLogicalOffset + 114 + + + Width + 2 + + + + + + + RegName + RBOX_DRIVE_EC_RST + + + FuseLogicalOffset + 115 + + + Width + 2 + + + + + + + RegName + RBOX_DRIVE_BATT_DISABLE + + + FuseLogicalOffset + 116 + + + Width + 2 + + + + + + + RegName + BNK4_INTG_CHKSUM + + + FuseLogicalOffset + 117 + + + Width + 24 + + + + + + + RegName + BNK4_INTG_LOCK + + + FuseLogicalOffset + 118 + + + Width + 3 + + + + + + + RegName + FW_DEFINED_DATA_EXTRA_BLK0 + + + FuseLogicalOffset + 119 + + + Width + 8 + + + + + + + RegName + FW_DEFINED_DATA_EXTRA_BLK1 + + + FuseLogicalOffset + 120 + + + Width + 8 + + + + + + + RegName + FW_DEFINED_DATA_EXTRA_BLK2 + + + FuseLogicalOffset + 121 + + + Width + 8 + + + + + + + RegName + FW_DEFINED_DATA_EXTRA_BLK3 + + + FuseLogicalOffset + 122 + + + Width + 8 + + + + + + + RegName + FW_DEFINED_DATA_EXTRA_BLK4 + + + FuseLogicalOffset + 123 + + + Width + 8 + + + + + + + RegName + FW_DEFINED_DATA_EXTRA_BLK5 + + + FuseLogicalOffset + 124 + + + Width + 8 + + + + + + + RegName + FW_DEFINED_DATA_EXTRA_BLK6 + + + FuseLogicalOffset + 125 + + + Width + 5 + + + + + + + RegName + SWDP_P4_LAST_SYNC + + + Default + 177 + + + FuseLogicalOffset + 0 + + + +