From d2e77ddbc913a34c14e87eaa9c3104f62ec40142 Mon Sep 17 00:00:00 2001
From: Shawn Nematbakhsh <shawnn@chromium.org>
Date: Sun, 10 Apr 2016 15:46:39 -0700
Subject: [PATCH] pd: Add config to disable PD communication in locked RO

The scheme to disable PD communication in locked RO needs to be
implemented on other platforms, so move it to common code, behind
CONFIG_USB_PD_COMM_LOCKED.

BUG=chrome-os-partner:52157
BRANCH=glados
TEST=Manual on chell. Lock system and boot to recovery, then verify PD
communication is functional. Enable CONFIG_USB_PD_COMM_LOCKED and verify
PD communication isn't functional under the same test conditions.

Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: I8d1f24c0b60cf1c54e329af003b7083ee55ffc40
Reviewed-on: https://chromium-review.googlesource.com/338064
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
---
 board/plankton/board.h   |  1 -
 board/samus_pd/board.c   | 17 -----------------
 board/samus_pd/board.h   |  3 +--
 board/snoball/board.h    |  1 -
 common/usb_pd_protocol.c | 22 +++++++++++++++++++++-
 include/config.h         | 10 +++++++++-
 6 files changed, 31 insertions(+), 23 deletions(-)

diff --git a/board/plankton/board.h b/board/plankton/board.h
index 425216360a..1fc193d35d 100644
--- a/board/plankton/board.h
+++ b/board/plankton/board.h
@@ -20,7 +20,6 @@
 #define CONFIG_USB_POWER_DELIVERY
 #define CONFIG_USB_PD_ALT_MODE
 #undef  CONFIG_USB_PD_COMM_ENABLED
-#define CONFIG_USB_PD_COMM_ENABLED 0
 #define CONFIG_USB_PD_CUSTOM_VDM
 #define CONFIG_USB_PD_DUAL_ROLE
 #define CONFIG_USB_PD_DYNAMIC_SRC_CAP
diff --git a/board/samus_pd/board.c b/board/samus_pd/board.c
index 8e574527c1..270c82e7e9 100644
--- a/board/samus_pd/board.c
+++ b/board/samus_pd/board.c
@@ -207,7 +207,6 @@ void board_config_pre_init(void)
 /* Initialize board. */
 static void board_init(void)
 {
-	int pd_enable;
 	int slp_s5 = gpio_get_level(GPIO_PCH_SLP_S5_L);
 	int slp_s3 = gpio_get_level(GPIO_PCH_SLP_S3_L);
 
@@ -254,22 +253,6 @@ static void board_init(void)
 	if (system_get_image_copy() == SYSTEM_IMAGE_RW)
 		pd_status_flags |= PD_STATUS_IN_RW;
 
-	/*
-	 * Do not enable PD communication in RO as a security measure.
-	 * We don't want to allow communication to outside world until
-	 * we jump to RW. This can by overridden with the removal of
-	 * the write protect screw to allow for easier testing, and for
-	 * booting without a battery.
-	 */
-	if (system_get_image_copy() != SYSTEM_IMAGE_RW
-	    && system_is_locked()) {
-		ccprintf("[%T PD comm disabled]\n");
-		pd_enable = 0;
-	} else {
-		pd_enable = 1;
-	}
-	pd_comm_enable(pd_enable);
-
 #ifdef CONFIG_PWM
 	/* Enable ILIM PWM: initial duty cycle 0% = 500mA limit. */
 	pwm_enable(PWM_CH_ILIM, 1);
diff --git a/board/samus_pd/board.h b/board/samus_pd/board.h
index a1f34546e5..e0a7b4e929 100644
--- a/board/samus_pd/board.h
+++ b/board/samus_pd/board.h
@@ -52,8 +52,7 @@
 #define CONFIG_USB_PD_ALT_MODE
 #define CONFIG_USB_PD_ALT_MODE_DFP
 #define CONFIG_USB_PD_CHECK_MAX_REQUEST_ALLOWED
-#undef  CONFIG_USB_PD_COMM_ENABLED
-#define CONFIG_USB_PD_COMM_ENABLED 0
+#define CONFIG_USB_PD_COMM_LOCKED
 #define CONFIG_USB_PD_CUSTOM_VDM
 #define CONFIG_USB_PD_DUAL_ROLE
 #define CONFIG_USB_PD_TRY_SRC
diff --git a/board/snoball/board.h b/board/snoball/board.h
index f73a50f5ad..f7e27a5038 100644
--- a/board/snoball/board.h
+++ b/board/snoball/board.h
@@ -20,7 +20,6 @@
 #define CONFIG_USB_POWER_DELIVERY
 #define CONFIG_USB_PD_ALT_MODE
 /* TODO: Consider disabling PD communication in RO */
-#define CONFIG_USB_PD_COMM_ENABLED 1
 #define CONFIG_USB_PD_CUSTOM_VDM
 #define CONFIG_USB_PD_DYNAMIC_SRC_CAP
 #define CONFIG_USB_PD_LOGGING
diff --git a/common/usb_pd_protocol.c b/common/usb_pd_protocol.c
index d903831d6f..2e34367459 100644
--- a/common/usb_pd_protocol.c
+++ b/common/usb_pd_protocol.c
@@ -46,8 +46,12 @@ static int debug_level;
  * detects source/sink connection and disconnection, and will still
  * provide VBUS, but never sends any PD communication.
  */
-static uint8_t pd_comm_enabled = CONFIG_USB_PD_COMM_ENABLED;
+#if !defined(CONFIG_USB_PD_COMM_ENABLED) || defined(CONFIG_USB_PD_COMM_LOCKED)
+static uint8_t pd_comm_enabled;
 #else
+static uint8_t pd_comm_enabled = 1;
+#endif
+#else /* CONFIG_COMMON_RUNTIME */
 #define CPRINTF(format, args...)
 static const int debug_level;
 static const uint8_t pd_comm_enabled = 1;
@@ -3335,4 +3339,20 @@ DECLARE_HOST_COMMAND(EC_CMD_USB_PD_SET_AMODE,
 
 #endif /* HAS_TASK_HOSTCMD */
 
+#ifdef CONFIG_USB_PD_COMM_LOCKED
+/* Enable PD communication at init if we're in RO or unlocked. */
+static void pd_comm_init(void)
+{
+	int pd_enable = 1;
+
+	if (system_get_image_copy() != SYSTEM_IMAGE_RW
+	    && system_is_locked()) {
+		ccprintf("[%T PD comm disabled]\n");
+		pd_enable = 0;
+	}
+
+	pd_comm_enable(pd_enable);
+}
+DECLARE_HOOK(HOOK_INIT, pd_comm_init, HOOK_PRIO_LAST);
+#endif /* CONFIG_USB_PD_COMM_LOCKED */
 #endif /* CONFIG_COMMON_RUNTIME */
diff --git a/include/config.h b/include/config.h
index 8181bbb532..d31270008f 100644
--- a/include/config.h
+++ b/include/config.h
@@ -1775,7 +1775,15 @@
 #undef CONFIG_USB_PD_CHECK_MAX_REQUEST_ALLOWED
 
 /* Default state of PD communication enabled flag */
-#define CONFIG_USB_PD_COMM_ENABLED 1
+#define CONFIG_USB_PD_COMM_ENABLED
+
+/*
+ * Do not enable PD communication in RO as a security measure.
+ * We don't want to allow communication to outside world until
+ * we jump to RW. This can by overridden with the removal of
+ * the write protect screw to allow for easier testing.
+ */
+#undef CONFIG_USB_PD_COMM_LOCKED
 
 /* Respond to custom vendor-defined messages over PD */
 #undef CONFIG_USB_PD_CUSTOM_VDM