The usb_updater utility has long been not just an updater, and has
long been using other interfaces in addition to USB. gsctool is a much
more suitable name.
CQ-DEPEND=CL:709776
BRANCH=cr50
BUG=b:67007500
TEST=verified that make -C ./extra/usb_updater generates
./extra/usb_updater/gsctool:
$ ./extra/usb_updater/gsctool --help
Usage: gsctool [options] <binary image>
This updates the Cr50 RW firmware over USB.
The required argument is the full RO+RW image.
Options:
[...]
$
Change-Id: I3ab70c28acf3664ddefaa923a87ba1fd5c3c437b
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/709738
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
This patch gives EC the capability of verifying and jumping to
RW_A or RW_B. EC tries the slot stored in a persistent storage
(e.g. BBRAM). If verification fails due to invalid contents, EC
tries the other slot. AP's expectation and its reaction to the
state of the slots and the currently running image are summarized
below.
Since the system is still unlocked (CONFIG_SYSTEM_UNLOCKED), EC
won't try to verify or jump to RW yet.
| AP expects X
----------+---------------------------
SLOT_A=X | proceed
SLOT_B=X | proceed
----------+---------------------------
SLOT_A=X' | reboot to B
SLOT_B=X | proceed
----------+---------------------------
SLOT_A=X | proceed
SLOT_B=X' | reboot to A
----------+---------------------------
SLOT_A=X' | write X to B, reboot to B
SLOT_B=X' | write X to A, reboot to A
BUG=b:38462249
BRANCH=none
TEST=Lock the system and boot Fizz on barrel-jack and type-c.
Change-Id: I51e3abd4d9af44ab3d531561cb9bfa2e8d775f6a
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/556286
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Mapped reads are relative to CONFIG_EC_*_STORAGE_OFF, not
CONFIG_R*_MEM_OFF. The previous implementation happened to work for
internal mapped storage (eg. stm32) but failed for external mapped
storage which is copied to SRAM before execution (eg. npcx).
BUG=b:62841029
TEST=Verify sysjump works again on eve/poppy/soraka. Verify sysjump
and sig verification continues to work on fizz and stm32.
BRANCH=None
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: Id51ce5697555eea38b246b58dbf47f22d4befaa7
Reviewed-on: https://chromium-review.googlesource.com/541861
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
(Optionally) split rwsig verification into a separate task. This
allows us to initialize other components (e.g. USB) while the
verification is in progress, speeding up the boot process to active
USB in RO case.
After CONFIG_RWSIG_JUMP_TIMEOUT, the EC will jump to the RW section
if no action is taken by the AP (such as a forced request to jump
to RW, or starting an update).
Note: This comes with a ~36ms boot time regression, as other code
gets to run before verification starts.
BRANCH=none
BUG=b:35587171
TEST=Flash, board boots to RW after 1s
TEST=Change jump timeout to 5s, add 5s delay in check_signature,
add console command to manually abort/continue rwsig verification.
'rwsig continue' works => Board jumps to RW after check_signature
is completed (or immediately while waiting for timeout)
'rwsig abort' works => Board does not jump to RW.
Change-Id: Ica5732b9298bb4d3b743cae2ba78df259db915ef
Reviewed-on: https://chromium-review.googlesource.com/468709
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
