OpenCellular

scottk/OpenCellular

Fork 0

mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2026-01-09 00:51:29 +00:00

Commit Graph

Author	SHA1	Message	Date
Aseda Aboagye	114f5cee5a	g: extension: Add a whitelist for vendor commands. The USB FW upgrade endpoint should really only accept vendor commands required to perform the firmware update. This commit adds a whitelist that is checked whenever a vendor command is received over this endpoint. The allowed commands over USB are the following: - EXTENSION_POST_RESET - VENDOR_CC_IMMEDIATE_RESET (only for dev images) There is also functionality to have a whitelist for vendor commands that come over the TPM interface. BUG=chrome-os-partner:62815 BRANCH=None TEST=Flash Cr50 with image containing this change. Verify that an upgrade over USB to newer image works. TEST=Try using usb_updater to send a vendor command that's not in the whitelist. Verify that the vendor command is dropped. Change-Id: I71f8ba090a1cc6c9e7c30ce0dd3c25259e8f292f Signed-off-by: Aseda Aboagye <aaboagye@google.com> Reviewed-on: https://chromium-review.googlesource.com/443447 Commit-Ready: Aseda Aboagye <aaboagye@chromium.org> Tested-by: Aseda Aboagye <aaboagye@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>	2017-02-18 17:26:59 -08:00
Bill Richardson	12da6c23fb	Cr50: Add TPM-compliant commands for console lock This allows custom TPM commands to be declared using the a DECLARE_VENDOR_COMMAND macro instead of the original (and still unchanged) DECLARE_EXTENSION_COMMAND macro. The new commands are nearly identical, but they are encapsulated using the vendor-specific protocols described in the TPMv2 spec. Our original extensions use a non-standard command code, and return a non-standard struct on completion, which can be confusing to standard TPM drivers and tools. Demonstrating the use of the new macros, this adds commands to obtain the state of the Cr50 restricted console lock, or to set the lock. There is intentionally no command to unlock the console. Note that this CL just adds the commands to the Cr50. We still need to provide a nice userspace utility for the AP to use. BUG=chrome-os-partner:58230 BUG=chrome-os-partner:57940 BRANCH=none TEST=make buildall; load, boot, test, and update again on Reef On Reef, I can use the trunks_send tool to send the raw TPM bytes to invoke these commands: Get the lock state: # trunks_send 80 01 00 00 00 0C 20 00 00 00 00 10 80010000000D00000000001000 The last byte 00 indicates that the lock is NOT set, so set it: # trunks_send 80 01 00 00 00 0C 20 00 00 00 00 10 80010000000C000000000011 Success. On the Cr50 console, I see it take effect: [480.080444 The console is locked] Query the state again: # trunks_send 80 01 00 00 00 0C 20 00 00 00 00 10 80010000000D00000000001001 and now the last byte 01 indicates that the console is locked. And of course the existing extension commands still work as before. In addition to uploading firmware, I can use the usb_updater from my build machine to query the running firmware version: $ ./extra/usb_updater/usb_updater -f open_device 18d1:5014 found interface 4 endpoint 5, chunk_len 64 READY ------- start Target running protocol version 5 Offsets: backup RO at 0x40000, backup RW at 0x4000 Keyids: RO 0x3716ee6b, RW 0xb93d6539 Current versions: RO 0.0.10 RW 0.0.9 $ Change-Id: I7fb1d888bf808c2ef0b2b07c782e926063cc2cc4 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/409692 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>	2016-11-11 23:11:51 -08:00
Vadim Bendebury	a8f2e3625e	add the 'extension' command framework This patch introduces a facility which would allow to compile in callbacks for arbitrary commands passed over various communication protocols. Typically this will be used for testing, when various test commands are multiplexed over an existing protocol. The callbacks are associated with 16 bit command codes. On input the callback receives a buffer, containing the command's argument, the size of the command argument and the maximum size of the buffer. On output the callback stores processing result in the same buffer and updates the size to the actual amount of returned data. Callback descriptors are stored in a dedicated read only section which is scanned by extension_route_command() to find a callback associated with a certain command code. A console channel is also being introduced to allow controlling console output generated by extension commands handlers. BRANCH=none BUG=chrome-os-partner:47524 TEST=none yet Change-Id: I8ae16a78ca7d72176a5e7f74dd7a232078e7c06c Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/312586 Reviewed-by: Randall Spangler <rspangler@chromium.org>	2015-11-17 14:40:26 -08:00

Author

SHA1

Message

Date

Aseda Aboagye

114f5cee5a

g: extension: Add a whitelist for vendor commands.

The USB FW upgrade endpoint should really only accept vendor commands
required to perform the firmware update.  This commit adds a whitelist
that is checked whenever a vendor command is received over this
endpoint.

The allowed commands over USB are the following:

 - EXTENSION_POST_RESET
 - VENDOR_CC_IMMEDIATE_RESET (only for dev images)

There is also functionality to have a whitelist for vendor commands that
come over the TPM interface.

BUG=chrome-os-partner:62815
BRANCH=None
TEST=Flash Cr50 with image containing this change.  Verify that an
upgrade over USB to newer image works.
TEST=Try using usb_updater to send a vendor command that's not in the
whitelist.  Verify that the vendor command is dropped.

Change-Id: I71f8ba090a1cc6c9e7c30ce0dd3c25259e8f292f
Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Reviewed-on: https://chromium-review.googlesource.com/443447
Commit-Ready: Aseda Aboagye <aaboagye@chromium.org>
Tested-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>

2017-02-18 17:26:59 -08:00

Bill Richardson

12da6c23fb

Cr50: Add TPM-compliant commands for console lock

This allows custom TPM commands to be declared using the a
DECLARE_VENDOR_COMMAND macro instead of the original (and still
unchanged) DECLARE_EXTENSION_COMMAND macro.

The new commands are nearly identical, but they are encapsulated
using the vendor-specific protocols described in the TPMv2 spec.
Our original extensions use a non-standard command code, and
return a non-standard struct on completion, which can be
confusing to standard TPM drivers and tools.

Demonstrating the use of the new macros, this adds commands to
obtain the state of the Cr50 restricted console lock, or to set
the lock. There is intentionally no command to unlock the
console.

Note that this CL just adds the commands to the Cr50. We still
need to provide a nice userspace utility for the AP to use.

BUG=chrome-os-partner:58230
BUG=chrome-os-partner:57940
BRANCH=none
TEST=make buildall; load, boot, test, and update again on Reef

On Reef, I can use the trunks_send tool to send the raw TPM bytes
to invoke these commands:

Get the lock state:

  # trunks_send 80 01 00 00 00 0C 20 00 00 00 00 10
  80010000000D00000000001000

The last byte 00 indicates that the lock is NOT set, so set it:

  # trunks_send 80 01 00 00 00 0C 20 00 00 00 00 10
  80010000000C000000000011

Success. On the Cr50 console, I see it take effect:

  [480.080444 The console is locked]

Query the state again:

  # trunks_send 80 01 00 00 00 0C 20 00 00 00 00 10
  80010000000D00000000001001

and now the last byte 01 indicates that the console is locked.

And of course the existing extension commands still work as
before. In addition to uploading firmware, I can use the
usb_updater from my build machine to query the running firmware
version:

  $ ./extra/usb_updater/usb_updater -f
  open_device 18d1:5014
  found interface 4 endpoint 5, chunk_len 64
  READY
  -------
  start
  Target running protocol version 5
  Offsets: backup RO at 0x40000, backup RW at 0x4000
  Keyids: RO 0x3716ee6b, RW 0xb93d6539
  Current versions:
  RO 0.0.10
  RW 0.0.9
  $

Change-Id: I7fb1d888bf808c2ef0b2b07c782e926063cc2cc4
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/409692
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>

2016-11-11 23:11:51 -08:00

Vadim Bendebury

a8f2e3625e

add the 'extension' command framework

This patch introduces a facility which would allow to compile in
callbacks for arbitrary commands passed over various communication
protocols.

Typically this will be used for testing, when various test commands
are multiplexed over an existing protocol.

The callbacks are associated with 16 bit command codes. On input the
callback receives a buffer, containing the command's argument, the
size of the command argument and the maximum size of the buffer. On
output the callback stores processing result in the same buffer and
updates the size to the actual amount of returned data.

Callback descriptors are stored in a dedicated read only section which
is scanned by extension_route_command() to find a callback associated
with a certain command code.

A console channel is also being introduced to allow controlling
console output generated by extension commands handlers.

BRANCH=none
BUG=chrome-os-partner:47524
TEST=none yet

Change-Id: I8ae16a78ca7d72176a5e7f74dd7a232078e7c06c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/312586
Reviewed-by: Randall Spangler <rspangler@chromium.org>

2015-11-17 14:40:26 -08:00

3 Commits