To enable console with DMA, we need to specifically
remap DMA channels for USART1.
ch2/3 and ch6/7 are already used by SPI1/2 modules.
So we have to remap USART1_TX to ch4 and USART1_RX to ch5.
BUG=b:64575809
BRANCH=none
TEST=confirm ec console works on scarlet rev1
Change-Id: Ie2bb141c72252aee98e4cd4a284a01b4d57605f4
Signed-off-by: Philip Chen <philipchen@google.com>
Reviewed-on: https://chromium-review.googlesource.com/611147
Commit-Ready: Philip Chen <philipchen@chromium.org>
Tested-by: Philip Chen <philipchen@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Indentation is growing out of control, let's move to a separate
function so that we can return early.
BRANCH=none
BUG=b:35775048
TEST=Flash hammer, usb_wake works.
Change-Id: I9abf99ff55b3977dfc307fc99aac6f1ab7dd1f6a
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/612922
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
The device_state module is used for debouncing GPIO inputs to
determine device sstate. It was overkill for managing the CCD cable
(RDD) attach/detach state, and split that handling between 3 files
(board.c, rdd.c, device_state.c). Move all of that logic into rdd.c
so it's easier to maintain.
BUG=none
BRANCH=cr50
TEST=manual
plug in CCD cable (or ground DIOM1)
ccd command reports cable connected and AP UART TX+RX
unplug CCD cable (or un-ground DIOM1)
ccd command reports cable disconnected and AP UART disabled
Change-Id: Id8fcd3a51605ae7a4843668ea18dd0ef84aceb2c
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/604499
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
This patch defines CONFIG_DATA_RAM_SIZE, which indicates the size
of the RAM used for data, thus can be marked as non-executable.
If it's not defined, it defaults to CONFIG_RAM_SIZE. Thus, other chips
are not affected.
BUG=b:36037354
BRANCH=none
TEST=buildall. Run 'sysjump disable' on Reef and verify mpu_protect_ram
is successful.
Change-Id: I54d74fd1dabff7e1013fff2542fd02c3646803d1
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/596518
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
When resuming from S3, it may take a while for the bus to become
alive again, so let's increase the timeout. 3 seconds is probably
a bit too long, but should work for our purpose: we just do not
want to be stuck in that state forever.
BRANCH=none
BUG=b:35587173
TEST=Use powerd_dbus_suspend to put poppy in S3. Press key, see
that hosts sometimes takes ~90ms, but sometimes up to 1.5s
to resume.
Change-Id: Ic800481b2b500fb68a8d1de16b11cbe77a4013d4
Reviewed-on: https://chromium-review.googlesource.com/569523
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
In the previous version of the code, we were counting ESOF (every
ms) to figure out when to clear the resume bit, and then using ESOF
counts again to wait for the USB interface to resume.
This missed the fact that ESOF (expected SOF) interrupts are not
triggered when SOF are actually received.
Somehow, this worked fine in most cases, except that sometimes the
last ESOF would race with the RXDP/RXDM going to state 2, and we
would not know that the resume completed successfully.
Let's also count SOF interrupts, and also take a received SOF as an
indicator of a successful resume.
While we're at it, trim down USB debugging messages, and add a line
when resume is successful.
BRANCH=none
BUG=b:35587173
TEST=Connect hammer, force autosuspend using:
DEVICE=$(dirname $(grep 5022 /sys/bus/usb/devices/*/idProduct))
echo 500 > $DEVICE/power/autosuspend_delay_ms
echo auto > $DEVICE/power/control
Add debugging in hammer code, make sure that usb_wake_done goes
back to 1 after resume succeeds.
Change-Id: I206c9c6b3066a3a337b6bd2370c9d0c6a9e2396c
Reviewed-on: https://chromium-review.googlesource.com/569522
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Implement the RFC 6979 to get a deterministic integer k when doing the
ECDSA signing of the x.509 certificates used by U2F and particularly
individual attestation mechanism, rather than using the random generator
as per the original ECDSA algorithm.
So the generated certs have bit-for-bit identical signatures when the
content is identical.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=cr50
BUG=b:35545754
TEST=pass U2FTest and manually dump several individual attestation certs,
run the "rfc6779" console command when enabled.
Change-Id: I7b73eee6d5a863aae9a7eec49db884151bad5ab4
Reviewed-on: https://chromium-review.googlesource.com/558073
Commit-Ready: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
The new signer (version: 1.2 00840c1b6) allows hex values in the
manifest, which means there is no need to explicitly convert the
values before adding them to the manifest.
A nice side effect of this is the fact that there is no need to care
about the sign of the values any more, the signer does the right
thing.
BRANCH=none
BUG=none
TEST=built an image using the following invocation:
$ make BOARD=cr50 H1_DEVIDS='0x12009015 0x90e95664' -j
and successfully ran it on a device. Note that the old signer was
chocking on hex values exceeding 0x7fffffff, the new one handles
them properly.
Change-Id: I08c0339f922d287c82d56fb51570bfbf7107531e
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/598728
Reviewed-by: Nick Sanders <nsanders@chromium.org>
Save a small amount of time when the USB resume is making the chip boot
from deep-sleep by removing the verbose serial traces in main and
increasing the usb initialization priority.
This brings us from borderline timings wrt the USB specification to a
reasonable margin.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=none
BUG=b:38160821
TEST=run on hotelgolf, go to deep-sleep on USB-suspend.
On USB resume, measure the time from CPU boot to the end of usb_init
using the CPU cycle count. We are shaving 1.3ms.
Change-Id: Ia5bf69c0ca26748dec59a87f3908a5fe68296b36
Reviewed-on: https://chromium-review.googlesource.com/563206
Commit-Ready: Marius Schilder <mschilder@chromium.org>
Tested-by: Marius Schilder <mschilder@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Remove the code switching between PHY0 and PHY1. We now only use the CCD
PHY on all boards.
BUG=b:36488273
BRANCH=cr50
TEST=ccd works fine. cr50 usb doesn't show up on the AP. You cannot
switch the PHY on cr50.
Change-Id: I6ff641af9d7129daa8592f952f9df97c3862395b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/595201
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
AP and EC UART now use the CCD V1 capabilities to determine when
access is allowed. Transmit to AP and EC can be toggled independently
from read access to output from those UARTs.
Note that disabling read access disables both transmit and receive.
That is, it's not possible to set a UART where transmit is allowed but
receive isn't. Why would you want to do that, anyway?
See go/cr50-ccd-wp for more information.
BUG=b:62537474
BRANCH=cr50
TEST=manual with CR50_DEV=1
ccdoops
ccdset cr50fullconsole always -> so we can use ccd command for testing
ccd -> AP RX+TX, EC RX+TX
ccdset uartecrx unlesslocked
ccdset uartectx ifopened
ccdset uartaprx always
ccdset uartaptx unlesslocked
ccdunlock
ccd -> AP RX+TX, EC RX
ccdlock
ccd -> AP RX, EC disabled
ccdoops
ccdset cr50fullconsole always
ccd -> AP RX+TX, EC RX+TX
ccdset uartaprx ifopened
ccdlock
ccd -> AP disabled, EC RX
Change-Id: I55db5897bb52cd60658ab221eadf5c59fc86744a
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/595196
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
In eSPI systems, when the Host performs a data read from the Shared
Memory space, the returned data may be corrupted. This is a result of
the Core-to-Host access enable bit being toggled (by toggling CSAE bit
in SIBCTRL register) during an eSPI transaction.
The workaround in this CL is to set CSAE bit to 1 during initialization
and remove the toggling of CSAE bit from other EC firmware code.
(i.e., let the CSAE bit be always 1.)
BRANCH=none
BUG=none
TEST=No build errors for make buildall. Flash poppy ec image, make sure
it can boot to OS. Run "ectool version" over 100000 times, no error
occurs.
Change-Id: I7aac6805ece64e8f77964d4acb026d9871cd2ebe
Signed-off-by: CHLin <CHLIN56@nuvoton.com>
Reviewed-on: https://chromium-review.googlesource.com/590396
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: CH Lin <chlin56@nuvoton.com>
Reviewed-by: Shawn N <shawnn@chromium.org>
id only really needs 4 bits (16 touch events should be more than
enough), so we can steal 2 bits from that field.
We also reorder the fields to make sure that width/x are aligned
on 8-bit boundary.
BRANCH=none
BUG=b:63936194
TEST=Flash hammer, touchpad works, ABS_PRESSURE > 255 is reported
when a palm is pressed on the touchpad.
Change-Id: I1abf1bf53cc9dd998082cea5dc7cd3be17f99ec6
Reviewed-on: https://chromium-review.googlesource.com/583297
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Chun-ta Lin <itspeter@chromium.org>
Reviewed-by: KT Liao <kt.liao@emc.com.tw>
When in factory mode, we should not be trying to figure out board
strapping options, just enable SPI interface so that the tester can
communicate with the chip.
Also, to close the loop with the tester, let's add indication of the
cert installation result, by setting the two top bits of the DUMMY
(aka underrun) character to 1 and the lower bits to the endorsement
operation result (0 means success, nonzero values communicate
different failure modes) and by preventing the TPM driver from sending
anything but underrun chars on the SPI interface.
BRANCH=cr50
BUG=b:63686091
TEST=pending
Change-Id: I1a22ed6988ad87dd929a393359c4604e6ecd3b58
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/578651
Reviewed-by: Nick Sanders <nsanders@chromium.org>
Because that's what it means. That is, it reports the state of
uartn_tx_connect(), not uartn_enable().
No functional changes; just a rename.
BUG=none
BRANCH=cr50
TEST=make buildall -j
Change-Id: Ie2273b277bd73a40307be7ec215417c1225cd567
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/590859
SPI access now depends on CCD_CAP_AP_FLASH and CCD_CAP_EC_FLASH.
usb_spi_state.enabled_host and .enabled_device are now bitfields which
depend on which SPI interface is enabled. This was implied before by
a single & comparing enabled_host to enabled_device, but is now
explicit so that the device can decide to enable just a subset of
buses.
BUG=b:62537474
BRANCH=cr50
BRANCH=cr50
TEST=manual with CR50_DEV=1
Connect host PC to dev board USB port
On host PC:
sudo servod -c ccd_cr50.xml -c reef_r1_inas.xml
In test protocol below, (test EC) means this command:
sudo flashrom -p raiden_debug_spi:target=EC --wp-status
And (test AP) means this command:
sudo flashrom -p raiden_debug_spi:target=AP --wp-status
"pass" means no console warning about "SPI access denied"
"fail" means console warnings about "SPI access denied"
To get even more confirmation, in chip/g/usb_spi.c temporarily
put this debug statement at the end of usb_spi_deferred():
CPRINTS("SPI res=%d", (int)res);
Pass is res=0, fail is res=5.
ccdoops
(test AP) --> pass
(test EC) --> pass
ccdunlock
(test AP) --> fail
(test EC) --> fail
ccdoops
ccdset flashap unlesslocked
ccdunlock
(test AP) --> pass
(test EC) --> fail
ccdoops
ccdset flashec unlesslocked
ccdunlock
(test AP) --> fail
(test EC) --> pass
Change-Id: I3d37d088b748832f164f2ca0ff29a93d6532ebed
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/590858
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Add support for OTP memory: if needed store serial number in first bank.
BUG=chromium:746471
BRANCH=none
TEST=On sweetberry, check we can write serial number with serialno
command. Check serial number survive a firmware update.
First, check without write protect, check we can write 0s (but not 1s)
serialno
Serial number: NNNNNNNNNNNNNNNNNNNNNN
>
> serial set MMMMMMMMMMMMMMMMMMMMMMMMMMMMM
Saving serial number
Serial number: LLLLLLLLLLLLLLLLLLLLLL
After lock enabled, check we can not overwrite.
> serial set AMMMMMMMMMMMMMMMMMMMMMMMMMMMM
Saving serial number
Serial number: LLLLLLLLLLLLLLLLLLLLLL
Access Denied
Check that serialno returns "Uninitialized" if it was never set.
Change-Id: I9ab08486a7c3e1958e964649640d69b5b70947e3
Signed-off-by: Gwendal Grignou <gwendal@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/580290
Reviewed-by: Nick Sanders <nsanders@chromium.org>
One Time Programmable memory can be used to store permanent data like
serial numbers.
Reorganize the code to support writing serial number to OTP, in
addition to pstate (if using its own memory bank) or autogenerate from
unique id (hammer).
+ Add CONFIG_OTP to enable OTP code
+ Add CONFIG_SERIALNO_LEN to indicate the size of the serial number
string. Currently set to 28, when USB serial number is needed.
+ Expose flash_read|write_pstate_serial and add otp_read|write_serail,
remove more generic flash_read|write_serial.
+ Make board_read|write_serial generic, declared outside of USB subsystem.
Priority order to read|write serial string:
- board definition (like hammer)
- pstate location, if stored in its private memory bank
- otp area
If none of these methods are available, a compilation error is raised.
BUG=chromium:746471
BRANCH=none
TEST=compile
Change-Id: I3d16125a6c0f424fb30e38123e63cf074b3cb2d3
Signed-off-by: Gwendal Grignou <gwendal@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/580289
Reviewed-by: Nick Sanders <nsanders@chromium.org>
gpio_interrupt_type_sel() is guaranteed to be called with at least one
GPIO_INT_ANY bit set, but our new toolchain doesn't seem to realize it.
BUG=chromium:747553
BRANCH=None
TEST=`make BOARD=gru -j` with next_gcc, also verify kevin boots to OS.
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: Ice2a9963983dca2ee9c0c543bf55c27753c42933
Reviewed-on: https://chromium-review.googlesource.com/584820
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
If we have no ISR for an enabled GPIO interrupt (eg. for a UART GPIO
interrupt that wakes from low-power idle) then clear it, to avoid
interrupt storm.
BUG=b:63958831
BRANCH=eve
TEST=Verify we can repeatedly wake from low-power idle on eve by hitting
'enter' on the EC console.
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: I6a01cae33e3bf1a3b5b42c0389c4613dc1cb9b7d
Reviewed-on: https://chromium-review.googlesource.com/584011
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Duncan Laurie <dlaurie@google.com>
Reviewed-by: Mulin Chao <mlchao@nuvoton.com>
Currently sweetberry hits an integer truncation issue
at 2.4 ohm when uA per div goes below 1. We can use 100ths
of a uA as the current per div scale.
BRANCH=None
BUG=chromium:608039
TEST=log from sweetberry with 10 ohm config.
Signed-off-by: Nick Sanders <nsanders@chromium.org>
Change-Id: I9e9216230329483fd0bfcb44ce23cd15bae864b3
Reviewed-on: https://chromium-review.googlesource.com/577051
Commit-Ready: Nick Sanders <nsanders@chromium.org>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-by: Nick Sanders <nsanders@chromium.org>
hwtimer ticks at 8 * 32768 Hz rather than 250 KHz, so adjust our timing
appropriately. Also ensure that udelay() will delay for at least the
requested time, taking into account our timer precision.
BUG=b:63858553
TEST=Generate square wave with 1000us udelay between GPIO edge toggle,
verify period is 1000us + code overhead. Also verify timer behavior on
overflow with 'forcetime' command. Also verify accuracy of system clock
to 0.2% with `timerinfo` and a stopwatch.
BRANCH=None
Change-Id: I5da41bd7250db87de5143cc54ebd0bb750fb7003
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/578551
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Unique device ID register (96 bits) is at a different place on STM32F4
compared to other STM32.
BUG=none
BRANCH=none
TEST=Using board_read_serial() from hammer/board.c in
sweetberry/board.c, confirmed that we can extract and assign a unique
USB serial number.
Change-Id: Idb257f0f20422482c729a2b97b4b16ee231ca4d9
Signed-off-by: Gwendal Grignou <gwendal@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/579575
Commit-Ready: Gwendal Grignou <gwendal@google.com>
Tested-by: Gwendal Grignou <gwendal@google.com>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
This CL adds CHIP_VARIANT_NPCX7M6G to support another npcx7 ec SKU.
Please note that the default setting in npcx7_evb is npcx7m6f.
For the EVB using the 128-pins EC package, please change CHIP_VARIANT
from npcx7m6f to npcx7m6g in build.mk.
BRANCH=none
BUG=none
TEST=No build errors for make buildall; Set CHIP_VARIANT=npcx7m6g in
board/npcx7_evb/build.mk; Build the image and test on EVB.
Change-Id: I2f857e4f6524eab45930bac3cc209409d4a53ee8
Signed-off-by: CHLin <CHLIN56@nuvoton.com>
Reviewed-on: https://chromium-review.googlesource.com/569320
Commit-Ready: Jun Lin <riverq@gmail.com>
Tested-by: Jun Lin <riverq@gmail.com>
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Mulin Chao <mlchao@nuvoton.com>
STM32 I2C frequency can be computed as such:
tSCL = tSYNC1 + tSYNC2 + { [(SCLH+1) + (SCLL+1)] x
(PRESC+1) x tI2CCLK }
The default values we use come from the datasheet, which assume,
for 400 kHz setting, that tSYNC1 + tSYNC2 = 750 ns, and therefore
set tSCLH as 500 ns and tSCLL as 1250ns.
On hammer, we measured a total tSCL of ~2150 ns (465 kHz) with
these settings, so we can easily slow it down to ~2500 ns (400 kHz)
by increasing tSCLH to 750 ns (SCLH = 0x5).
As highlighted in 48b2edf031
"stm32f0/i2c: adjust the 100kHz setting to never go above 100kHz"
this has the disadvantage of slowing down other boards where
the RC value on the I2C bus are different, but slowing down should
always be safe, and is the best we can do without adding config
defines for the fall/rise time.
BRANCH=none
BUG=b:36172041
TEST=Flash hammer, measure SCL frequency to be about 400 kHz
Change-Id: Ia2cac9fb09228abd8a318d57335855be529485c2
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/563219
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Before
72afc55bd9 "stm32: cleanup flash-f by using constant from register.h"
lock() function would simply do:
STM32_FLASH_CR = FLASH_CR_LOCK;
which would clear all other bits in STM32_FLASH_CR, including
FLASH_CR_OPTER and FLASH_CR_OPTWRE.
This allow preserve_optb to work, as it does:
1. erase_optb
a. unlock()
b. Set FLASH_CR_OPTER
c. lock() (clears FLASH_CR_OPTER!)
2. write_optb
a. unlock()
b. Set FLASH_CR_OPTPG
c. Write option byte
d. Clear FLASH_CR_OPTPG
e. lock()
After the patch, we now have:
STM32_FLASH_CR |= FLASH_CR_LOCK;
which seems more correct. However, 1.c. does not clear FLASH_CR_OPTER,
and 2.b. ends up with both FLASH_CR_OPTPG and FLASH_CR_OPTER set,
and the programming operation does not do anything.
This patches does 3 things:
- Rename FLASH_CR_OPTSTRT to FLASH_CR_OPTER, as that's the correct
register name for STM32F0 and STM32F3.
- Fix the above by clearing FLASH_CR_OPTER in erase_optb
- Also clear FLASH_CR_OPTWRE in lock(). Not strictly necessary,
but this seems to be the right thing to do.
BRANCH=none
BUG=chromium:739608
TEST=On hammer, type flashwp true; reboot; flashwp all; reboot
flashinfo => All flash is protected
Change-Id: Ic276545ae3c0bdb685c7b117a7f896ec341731bb
Reviewed-on: https://chromium-review.googlesource.com/562839
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Wei-Ning Huang <wnhuang@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Split bn_modexp() into three variants:
bn_modexp() for large exponents (as before)
bn_modexp_word() for single word public exponents
bn_modexp_blinded() for large exponents w/ randomization
We randomize bn_modexp_blinded() with:
1) pick 64 bit random R1 and compute R1 ** -1 and R1 ** pubexp, mod N.
2) multiply input by R1 ** pubexp
3) pick 64 bit random R2 and add (e*d*R2 - R2) to private exponent (i.e.
a random multiple of phi(N))
4) exponentiate
5) multiply output w/ R1 ** -1 to obtain expected result
Since we enlarge the exponent, bn_modexp_blinded() is slower than
bn_modexp(). We only use bn_modexp_blinded() when private exponents are
in play and we have phi(N) available.
Also refactored the combined p256 and rsa dcrypto binary blob into two
parts. And added unique first word to each dcrypto blob to make code
caching reliable.
The TPM task stack maxes out at 8040/8192 in tcg_test due to increased
stack usage of bn_modexp_blinded() but is still within safe bounds,
with 88 byte redzone.
BRANCH=cr50
BUG=b:35587382,b:35587381
TEST=buildall, tcg_test (200+)
Change-Id: Ied1f908418f31f8025363179537aa4ebd2c80420
Reviewed-on: https://chromium-review.googlesource.com/540684
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Marius Schilder <mschilder@chromium.org>
PSTATE is already included in WP_BANK_OFFSET + WP_BANK_COUNT,
so this change is not only unnecessary, but also harmful.
BRANCH=none
BUG=chromium:739608
TEST=Flash hammer, flashwp true; reboot; flashinfo
=> RO is protected
Change-Id: I31048c0156eff354fbcc6ae5828a6ef313b56b97
Reviewed-on: https://chromium-review.googlesource.com/561037
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
We currently set STM32_FLASH_OPT_LOCKED
to (STM32_FLASH_CR & FLASH_CR_OPTWRE), however the bit is set
when option byte are _unlocked_.
From STM32F0 Reference Manual:
Bit 9 OPTWRE: Option byte write enable
When set, the option byte can be programmed. This bit is set
on writing the correct key sequence to the FLASH_OPTKEYR register.
This bit can be reset by software
BRANCH=none
BUG=chromium:739608
TEST=Flash hammer, flashwp true; reboot; flashinfo
=> hammer does not hang on reboot, RO is protected
Change-Id: I1b6eb5d638534ece90d6d5164586f49bdb0c151d
Reviewed-on: https://chromium-review.googlesource.com/561036
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Wei-Ning Huang <wnhuang@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
After entering prepare_to_sleep() and doing interrupt_disable(), if an
interrupt happens, it will stay pending (as the handler is masked).
Then, when calling 'wfi' in __idle(), we will go through the instruction
rather than entering deep-sleep (if requested) as we have a pending
interrupt.
The downside of this corner case is that we never undo the actions done
to prepare for deep-sleep in the IDLE_DEEP_SLEEP clause of
prepare_to_sleep(). For USB suspend, this means that on the subsequent
deep-sleep entry, we are going to try to save GR_USB_CFG/the USB
device address while the USB controller is already in reset/power-down,
recording a null value in SCRATCH18. Then, at resume time, we will
restore 0 in USB_CFG and the USB device will no longer work.
As the USB configuration is difficult to restore in case of deep-sleep
abortion, simply skip writing a bogus value in SCRATCH18 on the real
deep-sleep entry happening afterwards. This is good enough to resume
properly on USB.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=cr50
BUG=b:38160821
TEST=manual: add a (long) panic_printf trace in prepare_to_sleep() in
order to dramatically increase the probability of getting an
interruption pending after entering the function. On cr52, trigger USB
suspends by suspending the host, and see we no longer regularly get a
null USB device address at USB resume.
Change-Id: Ied3fc003eefe7fc164a320b15b5f9d400551198e
Reviewed-on: https://chromium-review.googlesource.com/559332
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
STM32F0 cannot keep PWM output active when chip is in deep sleep.
The only other board that uses both CONFIG_LOW_POWER_IDLE
and CONFIG_PWM on stm32 is jerry, and this logic should also apply
to it.
Also, switch using_pwm from array to bitmask to simplify handling.
BRANCH=none
BUG=b:36173380
TEST=On AP, tell it to autosuspend hammer:
echo auto > /sys/bus/usb/devices/1-2/power/control
Then see, using idlestats, that hammer does to deep sleep.
In hammer console: pwm 0 50, see that PWM output is stable,
idlestats shows EC does not sleep.
In hammer console: pwm 0 -1, idlestats shows EC sleeps again.
Change-Id: Ic74c1905364fe4335239da95a99193d0e3e979f7
Reviewed-on: https://chromium-review.googlesource.com/541115
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
In the CL:505861, we print the warnning message to indicate that the VBAT
has ever dropped if the IBBR bit is set but do not clear the IBBR. This
forbid the access to BBRAM until EC power-on reset.
In this CL, we clear the IBBR bit to make BBRAM work again without the
need of EC power-on reset.
BRANCH=none
BUG=none
TEST=No build error for make buildall; Check warining messages are
printed and IBBR bit is cleared.
Change-Id: I58a0370c1c496b3c1208d9d5ac6b55c4d66fe8b6
Signed-off-by: CHLin <CHLIN56@nuvoton.com>
Reviewed-on: https://chromium-review.googlesource.com/542976
Commit-Ready: CH Lin <chlin56@nuvoton.com>
Tested-by: CH Lin <chlin56@nuvoton.com>
Reviewed-by: Shawn N <shawnn@chromium.org>
Use existed macro instead of creating new one.
BRANCH=none
BUG=none
TEST=plug USB-C power adapter and USB-C to hdmi adapter, both work.
Change-Id: I133142232ac6abfa7f285c289eb03c4d65e84d5f
Signed-off-by: Dino Li <Dino.Li@ite.com.tw>
Reviewed-on: https://chromium-review.googlesource.com/554655
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
This patch makes EC read the slot to verify and jump to from the
battery backed up RAM (BBRAM).
BUG=b:38462249
BRANCH=none
TEST=Boot Fizz
Change-Id: I0c78861ea3ccdc45d0aa08e690e3a68f53658409
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/518255
This patch sets/clears RESET_FLAG_AP_OFF on S5<->S3 transitions.
It's set when the system gracefully shuts down and cleared when the
system boots up. The result is EC tries to go back to the
previous state upon AC plug-in on battery-less systems.
This is required for digital signage and kiosk.
This also reverts: CL 514209, 486946, and 486945.
BUG=b:37536389
BRANCH=none
TEST=Tested as follows:
A. Boot to S0
A.1. Unplug AC while system is in S0 then plug in - PASS
A.2. Unplug AC while system is in S3 then plug in - PASS
A.3. Press recovery+power in S0 - PASS
A.4. Press recovery+power in G3 - FAIL (To be fixed)
A.5. Execute reboot console command - PASS
A.6. Execute reboot OS command - PASS
A.7. Execute reboot console command in G3 - PASS
B. Boot to G3
B.1 Unplug AC while system is in G3 then plug in - PASS
B.2 Unplug AC after B.1 then plug in - PASS
B.3 Shutdown by power button on recovery screen then unplug
plug in AC - PASS
B.4 Execute reboot ap-off console command - PASS
B.5 Execute shutdown command from OS then plug in AC - PASS
Change-Id: Iaa6f930585050fdd3511c711b449dff47525066d
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/517287
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
flash_physical_protect_now(), which is called when
EC_FLASH_PROTECT_ALL_NOW is set, should protect the entire flash
temporarily until reboot. Current behavior enable flash protect on all
region permanently. The correct implementation should be writing an
invalid key to the flash controller to disable flash flash only
temporarily until reboot.
Since the implementation of flash-stm32f3 and flash-stm32f4 is almost
the same after restoring the changes made in commit
35f4d8acaa, we merge to file by creating a
symlink from flash-stm32f3.c to flash-stm32f4.c to reduce code
duplication.
BRANCH=none
BUG=b:37584134
TEST=on eve:
1) `ectool --name=cros_tp flashprotect`
Flash protect flags: 0x00000008 wp_gpio_asserted
2) `flashrom -p ec:type=tp --wp-enable
3) `ectool --name=cros_tp reboot_ec`
3) `flashrom -p ec:type=tp --wp-status`
WP: status: 0x80
WP: status.srp0: 1
WP: write protect is enabled.
WP: write protect range: start=0x00000000, len=0x00040000
4) `ectool --name=cros_tp flashprotect`, all_now should present
Flash protect flags: 0x0000000f wp_gpio_asserted ro_at_boot ro_now \
all_now
5) `ectool --name=cros_tp reboot_ec; sleep 0.3; \
ectool --name=cros_tp rwsigaction abort` to stay in RO.
In EC console, `flashinfo`, should show that only RO is actually
flash protected:
Protected now:
YYYYYY..
6) `flashrom -p ec:type=tp -w ec.bin -i EC_RW` works
7) `make BOARD=ryu -j` works (for testing flash-stm32f3.c)
Change-Id: Ia7a60ae8b3084198abb468e4fc8074b4445d6915
Signed-off-by: Wei-Ning Huang <wnhuang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/549681
Commit-Ready: Wei-Ning Huang <wnhuang@chromium.org>
Tested-by: Wei-Ning Huang <wnhuang@chromium.org>
Reviewed-by: Gwendal Grignou <gwendal@chromium.org>
Don't discard irqprio data when the IRQ_PRIORITY macro is used directly
(for watchdog / watchdog timer).
This change is probably a NOP for all platforms, since the power-on
default for the IRQ prio register seems to be zero, which is the same
priority we're setting in our direct use of IRQ_PRIORITY.
BUG=chromium:634701
BRANCH=None
TEST=Verify 'prio_44' entry exists in irqprio section by checking
ec.RO.map on kevin.
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: Idaffc484a2ce4749c18212f179b3951ff570aed0
Reviewed-on: https://chromium-review.googlesource.com/545201
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
The INFO1 mask field contents serves as input for the rollback
protection mechanism, when the RO decides if an RW is allowed to run
on the device.
The existing code updates INFO1 mask to match the lowest rollback
priority of the two images (RW_A and RW_B) present on the device.
INFO1 mask should be also updated when the current image is endorsed
by the host. In this case the alternative RW is destroyed, so the
INFO1 mask could be set based solely on the currently running image.
This patch refactors the code to allow setting INFO1 mask based on one
or both RW headers' contents.
BRANCH=cr50
BUG=b:62138152
TEST=verified that "normal" INFO1 mask updates still work as before,
the mask is modified to match the image with the lowest rollback
priority.
Also verified that when the VENDOR_CC_INVALIDATE_INACTIVE_RW
command is received the INFO1 mask is updated based on the
currently running image.
Change-Id: I23172388674e1f3a4c2489e139dd197a84029f54
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/541738
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
