pd: Add config to disable PD communication in locked RO

The scheme to disable PD communication in locked RO needs to be implemented on other platforms, so move it to common code, behind CONFIG_USB_PD_COMM_LOCKED. BUG=chrome-os-partner:52157 BRANCH=glados TEST=Manual on chell. Lock system and boot to recovery, then verify PD communication is functional. Enable CONFIG_USB_PD_COMM_LOCKED and verify PD communication isn't functional under the same test conditions. Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org> Change-Id: I8d1f24c0b60cf1c54e329af003b7083ee55ffc40 Reviewed-on: https://chromium-review.googlesource.com/338064 Commit-Ready: Shawn N <shawnn@chromium.org> Tested-by: Shawn N <shawnn@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2026-01-11 02:15:14 +00:00 · 2016-04-10 15:46:39 -07:00
parent a3341ee7e9
commit d2e77ddbc9
6 changed files with 31 additions and 23 deletions
--- a/include/config.h
+++ b/include/config.h
@@ -1775,7 +1775,15 @@
 #undef CONFIG_USB_PD_CHECK_MAX_REQUEST_ALLOWED

 /* Default state of PD communication enabled flag */
-#define CONFIG_USB_PD_COMM_ENABLED 1
+#define CONFIG_USB_PD_COMM_ENABLED
+
+/*
+ * Do not enable PD communication in RO as a security measure.
+ * We don't want to allow communication to outside world until
+ * we jump to RW. This can by overridden with the removal of
+ * the write protect screw to allow for easier testing.
+ */
+#undef CONFIG_USB_PD_COMM_LOCKED

 /* Respond to custom vendor-defined messages over PD */
 #undef CONFIG_USB_PD_CUSTOM_VDM