In case there is a sudden power loss to PCH, then there are no eSPI VW
messages sent from the PCH to EC indicating power state transition into
S5. Instead, the eSPI compatibility spec defines such events as global
reset events. For global reset events, eSPI_Reset# signal is asserted
without SLP_SUS# being asserted. This acts as an indication to the EC
that there was a global reset event.
Add a callback chipset_handle_espi_reset_assert that takes any necessary
action whenever eSPI_Reset# pin is asserted. On skylake, it would check
if power button was being pressed and release the button.
BUG=chrome-os-partner:62014
BRANCH=None
TEST=Verified that apshutdown works as expected.
Change-Id: I409afa0d00faca55ae3aa577743cedac58d4d877
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/438935
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
There is no point in keeping in one file multiple hooks task callbacks
to handle chipset shutdown and resume conditions.
Also, the policy of disabling deep sleep needs to be decided in the
board level hooks.
BRANCH=none
BUG=chrome-os-partner:59007
TEST=ran reef through 200 cycles of suspend/resume
Change-Id: I4d30cd04b986b243a5bea44c6978a5f82f8f62a7
Reviewed-on: https://chromium-review.googlesource.com/437729
Reviewed-by: Scott Collyer <scollyer@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Trybot-Ready: Vadim Bendebury <vbendeb@chromium.org>
Being able to determine what sleep state the system is in is very
handy, and reading the state is pretty safe.
Let's declare the idle console command safe and disallow its
parameters when console is locked.
BRANCH=none
BUG=none
TEST=verified that it is possible to read the idle state when console
is locked, but not possible to set it.
Change-Id: I97f680bf033290220a4fa7fd5a7af170736443d8
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/436905
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
The output of pinmux command is garbled (it probably was OK until the
console UART TX buffer was significantly reduced in size by
https://chromium-review.googlesource.com/418948).
Let's flush the console every so often.
Also, fixed the bug where the second GPIO port base address in PIMUX
was off, and added a newline to separate UART section of the output.
BRANCH=none
BUG=none
TEST=ran pinmux command successfully. make -j buildall passes
Change-Id: Iae0dcbbd0a55d704ffe2296d6e0e81b2c6aec527
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/436765
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
The commit changes the behaviour to block accesses over the USB-SPI
bridge while the console is restricted.
BUG=chrome-os-partner:62340
BRANCH=None
TEST=Build and flash cr50 on snappy; lock console; try to flash EC bin
using CCD. Verify that it fails with flashrom not able to find a flash
chip.
TEST=Disable console lock; Try to flash EC bin; verify it succeeds.
TEST=Repeat above tests but trying to read AP flash instead.
TEST=make -j buildall
Change-Id: Ib69af1a7372d841783acee2262efbf995d031234
Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Reviewed-on: https://chromium-review.googlesource.com/435437
Commit-Ready: Aseda Aboagye <aaboagye@chromium.org>
Tested-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
The cipher command implementation had to change to account for reduced
heap size and to improve coverage.
Note that the goal of this command is not to verify correctness of the
encryption services provided by the dcrypto, but to allow to exercise
the crypto engine on multiple passes, each time using the same clear
text but different initialization vector.
BRANCH=none
BUG=chrome-os-partner:62260
TEST=ran cipher command on a few devices:
> cip
Will wait up to 4074 ms
running 1000 iterations
blob size 7111 at 1e020
original data 8f3d99fbfcbd26dd0c4d8dc444d106ee
hashed data 826a4e9b04d214fbbd5fbf4e0fba8068
Encryption results: min 1128 us, max 1456 us, average 1180 us
Decryption results: min 1124 us, max 7348 us, average 1193 us
>
Change-Id: Idf72b355dce0f288d4a3d8a065bc08eb9c4f6bc3
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/434167
Reviewed-by: Nagendra Modadugu <ngm@google.com>
We wanted to reduce the number of interrupts that uart was producing so
we increased the number of characters needed in the fifos before it
would trigger an interrupt. Right now it needs 4 characters. If you
aren't printing a multiple of four characters, then not all text will be
printed.
This change changes the rxilvl back to 1. This will make using the
consoles and testing cr50 functionality more reliable.
BUG=chrome-os-partner:62158
BRANCH=none
TEST=login and boot still work fine. The AP and EC consoles print all
output correctly.
Change-Id: I2d48d02a275173d560c03e5363845a5afc94df7a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/434891
Reviewed-by: Scott Collyer <scollyer@chromium.org>
Store our image size (known at build time) in our version struct (now
renamed to image_data). This will allow us to more efficiently determine
the size of an image in a follow-up CL.
Note that compatibility is broken for old ROs that do not include this
CL.
BUG=chromium:577915
TEST=Verify on kevin + lars + lars_pd that stored image size matches
output of system_get_image_used() for both RO and RW images.
BRANCH=None
Change-Id: I49ea5fc27a7f11f66daba485a87d0dfe7d0c770f
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/427408
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
The previous implementation of DCRYPTO_app_cipher
consumed roughly 16ms to cipher a 16kB buffer
(i.e. performance that is far worse than the
hardware is capable of).
This change speeds up the implementation by about
85%, to the tune of roughly 2.2ms for a 16kB buffer.
The gains originate from various sources: loop
unrolling, data-pipelining, eliminating local
variables (to reduce register pressure), eliminating
support for unaligned input/output data, compiling
hot code with -O (rather the default -Os), and
using the hidden key-ladder, which need only be
setup once per reset.
This change also switches from AES-128 to AES-256.
BRANCH=none
BUG=chrome-os-partner:62260
TEST=make buildall succeeds;
cipher command succeeds;
TCG tests pass
Change-Id: I133741be6d9f1353d6ae732d0e863b4b18cc8c9e
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/433359
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Add support for verifying messages signed
with 4096-bit RSA keys. Such messages may
be generated by host side applications.
Also update tpmtest.py to test 4k verification.
BRANCH=none
BUG=none
TEST=added new tests to tpmtest.py; TCG tests pass
Change-Id: I7450bd710c154c68c030ce176bfe7becbfbcb729
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/428220
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Marius Schilder <mschilder@chromium.org>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
With introduction of encryption it is becoming impossible to read
NVMEM contents directly from flash. Decrypting the contents each time
there is a read request creates a significant performance hit. NVMEM
needs to be rearchitecture such that there is no need to run
decryption each time NVMEM read is performed.
This patch does just that, implementation details are described in the
header comment in common/nvmem.c.
To reduce memory impact the size of NVMEM is being decreased from 16K
to 12K. This is acceptable because eviction objects stored in NVMEM
serialized now, which dramatically reduces NVMEM size requirements.
The TPM2 NVMEM size definition must be kept in sync.
Another optimization this change introduces is bypassing writing into
the flash if NVMEM contents did not change, which is verified by
examining the hash of the cached storage.
A test is added to verify that the new commit scheme works as
expected, and the nvmem test is re-introduced to the list of test ran
on each 'make buildall'.
CQ-DEPEND=CL:433839
BRANCH=none
BUG=chrome-os-partner:62260,chrome-os-partner:62421
BUG=chrome-os-partner:62437
TEST=ran the following tests, all succeeded
make buildall -j
TEST_LIST_HOST=nvmem make runtests
tcg test suite
corp enroll on reef, reboot a few times, verify that enrollment sticks
Change-Id: I177daa3ceb4fd7aac299ca26b4506b863e31b946
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/433184
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Enable the Clock Recovery Subsystem to automatically adjust the internal
HSI48 clock for proper USB operation on the STM32F0.
BUG=chrome-os-partner:34160
TEST=Manual testing on STM32F072B-DISCOVERY
Plugged in board and verified that device was detected with dmesg.
[1400698.702999] usb 3-10: new full-speed USB device number 47 using xhci_hcd
[1400698.720063] usb 3-10: New USB device found, idVendor=18d1, idProduct=500f
[1400698.720069] usb 3-10: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[1400698.720072] usb 3-10: Product: PDeval-stm32f072
[1400698.720075] usb 3-10: Manufacturer: Google Inc.
BRANCH=none
Change-Id: I496a9a121a4b1a0009fe04cfe24aaa693ada9236
Reviewed-on: https://chromium-review.googlesource.com/433059
Commit-Ready: Sam Hurst <shurst@google.com>
Tested-by: Sam Hurst <shurst@google.com>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
If common layer called i2c_xfer() with only one byte read length and the
flag is I2C_XFER_STOP, the npcx's i2c driver will return error directly.
The reason is once ec read last byte of previous transaction, hardware
will release SCL and i2c slave start to send following byte. Ec might
not have chance to generate NACK in time. A additional dummy byte is
necessary to make sure ec generate NACK before STOP condition.
BRANCH=none
BUG=chrome-os-partner:60266
TEST=make BOARD=pyro; test battery command on pyro with CONFIG_CRC8 and
CONFIG_SMBUS.
Change-Id: I372ff494b49656cbfbd4044b99b00b13daf0b741
Signed-off-by: Mulin Chao <mlchao@nuvoton.com>
Reviewed-on: https://chromium-review.googlesource.com/430569
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Shawn N <shawnn@chromium.org>
On boards based on the g chip cryptographic functions come from
hardware, they should be implemented in chip/g as opposed to a
particular board.
The common modules (like nvmem) should be using some generic API,
which hopefully will be implemented by other chips, or could be
replaced by a purely software implementation where crypto hardware
support is not available.
Crypto API definition is being added in include/ and the g chip
implementation (a wrapper around dcrypto functions) is being added in
chip/g.
test/nvmem_vars.h needed to be edited to avoid conflict with
<string.h>.
BRANCH=none
BUG=chrome-os-partner:62260
TEST=make buildall -j still passes. Booting reef with the new image
works fine too.
Change-Id: Ifef281215f89239966882ecbe3e90c8351b9b91a
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/431313
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Nagendra Modadugu <ngm@google.com>
This change introduces DCRYPTO_app_cipher(), an encrypt/decrypt
function that accepts an IV and corresponding data. Typical
restrictions on IV reuse apply. The key is derived from the hardware
based on the type of the RW image signature (dev vs prod).
A console command is added to exercise the cipher function.
Since stack requirements of the dcrypto code exceed the console task
allowance, the actual command is executed on the HOOKs task context.
BRANCH=none
BUG=chrome-os-partner:55331
TEST=make buildall -j passes. Running the cipher command from the
console succeeds:
> cipher
original data ad67d44cb4feffff6b3b334635eb9612
rv 0x01, out data 861dc395a2fc745ca886a703cb02a897, time 16636 us
rv 0x01, orig. data ad67d44cb4feffff6b3b334635eb9612, time 17004 us
sha1 before and after match!
>
Change-Id: I7686d8c8489c1b8a984859c3be4f82c338573c6f
Signed-off-by: nagendra modadugu <ngm@google.com>
Signed-off-by: Marius Schilder <mschilder@chromium.org>
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/428171
Reviewed-by: Nagendra Modadugu <ngm@google.com>
Add and export chip_save_reset_flags to allow boards to use this
function when required.
BUG=chrome-os-partner:61883
BRANCH=None
TEST=Compiles successfully for poppy.
Change-Id: I6f96bc61135fc4e3abb62a01d47c2cba8eb45b60
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/431191
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
Add functions that derive application specific keys based
on FRK2. For the moment, derived keys need to be manually
copied into the AES engine. Since key-ladder state depends
on the code-signer (prod vs. dev), application derived keys
are also different in the two modes. Thus ciphertext blobs
produced by prod-signed code cannot be decrypted by dev-signed
code.
To minimize stack requirements on the hook_task, the SHA
context in DCRYPTO_appkey_init() is placed in allocated/freed
memory. This SHA object will become unnecessary once the
AES engine is seeded directly from the key-ladder.
BRANCH=none
BUG=chrome-os-partner:55331
TEST=pending
Change-Id: Ifb274b15e61be317e02ec31fc52f9a41e06dcba3
Signed-off-by: nagendra modadugu <ngm@google.com>
Signed-off-by: Marius Schilder <mschilder@chromium.org>
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/428170
Reviewed-by: Nagendra Modadugu <ngm@google.com>
There's no indication that the h/w AES function fails,
but checking the return value prevents applications
from silently proceeding and failing at a future time
(e.g. NVMEM encryption).
BRANCH=none
BUG=chrome-os-partner:55331
TEST=tpmtest.py passes
Change-Id: I8e3a9426ec31a1b0798aface55c636dc1c707b34
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/430371
Commit-Ready: Marius Schilder <mschilder@chromium.org>
Tested-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
3 minutes is too long to delay sleep after init and resume from wake
pin. This change decreases the delay to 20 seconds
BUG=none
BRANCH=none
TEST=manual
Use the cr50 power consumption to verify the sleep state
active 50mW
sleep 7mW
deep sleep 1mW
make sure suzyq is disconnected
use uart to reboot cr50
run 'reboot ap-off' on the EC console
make sure cr50 enters deep sleep at second 20
use uart to wakeup cr50 make sure it stays awake for 20 seconds
and then enters deep sleep.
wake it up again using uart and run 'idle s'
verify it enters regular sleep after 20 seconds
use uart to wake it up, make sure it does a regular sleep resume
and then goes back into regular sleep after 20 seconds
Change-Id: I65791bd3d915ceda11dc29b74e150ba589f2fa9e
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/430388
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Similarly to eve, we have a problem where the EC is not able to
distinguish between power up and reset, as VCC1_RST is simply
tied to PP3300_DSW.
BRANCH=none
BUG=chrome-os-partner:61028
BUG=chrome-os-partner:61930
TEST=Press Power+Volume Up+Volume Down, poppy enters recovery
Change-Id: Id0d89b56058e288c14e10eee7656965eee75047a
Reviewed-on: https://chromium-review.googlesource.com/428532
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Shawn N <shawnn@chromium.org>
On tablet platform, ec isn't in charge of keyboard and KSI pins are free
to use. This CL adds MIWU group and GPIO's ISR for KSI pins if there is
no keyboard scan task.
BRANCH=none
BUG=none
TEST=test all KSI pins for GPIO_INT on npcx_evb.
Change-Id: I76c8e48c067b6cb84e483eb94b104eb1998987be
Signed-off-by: Mulin Chao <mlchao@nuvoton.com>
Reviewed-on: https://chromium-review.googlesource.com/430554
Reviewed-by: Randall Spangler <rspangler@chromium.org>
In rare case, if a bus error indicates a conflict on the data
line (SDA) is detected during transmission of the byte. (i.e.,
SDA is toggling during holding data period.) and SDAST are
set at the same time, the i2c driver is not good enough to handle
it. Ec will get stuck in i2c ISR forever since SDAST util
watchdog reset occurs.
This CL includes:
1. Do a dummy read to make sure i2c slave doesn't hold i2c bus.
It makes sure i2c master can generate STOP successfully.
2. Disable smb's interrupts in "A Bus Error has been identified".
Once bus error occurred, it's better to forbid ec to enter
ISR again. Let i2c_recovery() disable the module and reset
hardware state machine to the default.
BRANCH=none
BUG=chrome-os-partner:59294
TEST=test i2c console commands on wheatley for hours.
Change-Id: Iecadcd866e115e31b18dfd68359a018867cac40e
Signed-off-by: Mulin Chao <mlchao@nuvoton.com>
Reviewed-on: https://chromium-review.googlesource.com/428482
Reviewed-by: Shawn N <shawnn@chromium.org>
DCRYPTO_HMAC_SHA256_init makes two calls to DCRYPTO_SHA256_init()
without an intervening HASH_final() call. This is incorrect usage
of the the hashing API, and results in the hardware SHA engine
getting locked for the life-time of the process (and resulting
in all future hash calls falling back to the software implementation).
This bug manifested itself when introducing NVRAM encryption, which
requires the hardware SHA engine to be available for key generation.
BRANCH=none
BUG=chrome-os-partner:55331
TEST=TCG tests pass
Change-Id: Ia4ccb6a6d64636c4618ef775291442975f3f1f92
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/430154
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
When debug enabled cr50 image is signed, the default manifest passed
to the signer is util/signer/ec_RW-manifest-dev.json. Images signed
with this manifest will not run on devices where the RO part is fused
for production.
It is possible to build node locked images for such devices, but the
manifest must include the lines
"DEV_ID0": <value>.
"DEV_ID1": <value>,
with the values matching the chip the image is built for.
This patch allows to pass the values in the make command line or the
environment, defined as follows:
H1_DEVIDS='<num 1> <num 2>'
When this value is defined, the default manifest is edited to add the
required lines.
One side effect of this patch is that the temp file where the edited
manifest is placed to is not deleted.
BRANCH=none
BUG=none
TEST=verified that images still can be built for both dev RW and prod
RO (node locked) with both debug features enabled and disabled
(CR50_DEV set and not set)
Change-Id: I0e81fc9aa65aa4d239e60de6047e2470f6eeaf50
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/428337
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This function belongs in dcrypto as it relies heavily on the crypto
hardware; also, it will be handy to be able to use this function in
other cases.
BRANCH=none
BUG=chrome-os-partner:55331
TEST=buildall still builds. TPM manufacturing still works too.
Change-Id: If2e70eaa71a76e8374b98f4667cb54ea6253b760
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/428169
Reviewed-by: Marius Schilder <mschilder@chromium.org>
When the EC does a sysjump it redoes the PD negotiation. This changes
the voltage levels on the CC lines. Debounce the rdd disconnect signal
for 2 seconds so cr50 will ignore the negotiation and keep CCD enabled.
BUG=chrome-os-partner:60924
BRANCH=none
TEST=connect suzyq. Make sure usb does not drop out during a EC sysjump
or reboot.
Change-Id: I95b9bc81f736e3b7a65103817c140874b1ed34ec
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/426398
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Detachable devices need firmware help to process battery disconnect
requests promptly.
The request happens when the user keeps pressed both power and "volume
up" buttons and yanks the charger cable.
Once this condition is detected a 5 s timeout is started, and if the
charger cable is not plugged back in during this interval, the code
initiates a low polarity pulse on both EC_RST_L and BAT_EN outputs.
Lowering BAT_EN level will cause the battery cut off which is supposed
to cause an immediate system power down.
BRANCH=none
BUG=chrome-os-partner:59833
TEST=verified desired behavior on an H1 dev board with a H1B2-D chip.
Change-Id: Iecdcc93e228f4bc18734569bd896b0afa4bb752a
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/426345
Reviewed-by: Marius Schilder <mschilder@chromium.org>
There are three different H1 B2 chips SKUs in the wild now, one
version is for clamshell Chromebooks, one is for experimental build of
Poppy and one for detachable devices.
The SKUs differ by some fuse settings, as outlined by the comment in
the code.
This patch maps fuse settings into the chip revision string and also
makes sure that the revision is determined once and then used for all
following invocations of system_get_chip_revision().
BRANCH=none
BUG=chrome-os-partner:59833
TEST=verified that on dev boards with three different H1 B2 SKUs the
revision is reported as expected (B2-C, B2-D and B2-P).
Change-Id: I7d588d7326c28e9fa4921351254ad60a21c3f6b8
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/426344
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Carl Hamilton <carlh@chromium.org>
Callers may not need computation of the public key.
Making this optional speeds this routine up.
Cr50 never passes in NULL for any argument, so is not affected.
BUG=none
TEST=build
BRANCH=none
Change-Id: Ia0077a35064f53b53f51867254aaa51eac6c55d8
Reviewed-on: https://chromium-review.googlesource.com/427058
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Marius Schilder <mschilder@chromium.org>
We don't need to loop and waiting ADC's data valid flag
after the change was made.
Signed-off-by: Dino Li <dino.li@ite.com.tw>
BRANCH=none
BUG=none
TEST=1. We build a EC binary for PD EVB (declared two ADC channels
for VBUS measurement of PD task and priority is highest)
2. Use console command "adc" continually to read ADC channels
and check if any error.
Change-Id: I1379e0b4c9ef721c29cb053d7d85e1a8ece9471b
Reviewed-on: https://chromium-review.googlesource.com/421307
Commit-Ready: Dino Li <Dino.Li@ite.com.tw>
Tested-by: Dino Li <Dino.Li@ite.com.tw>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
We have hard timing requirements once we begin to output our host
command response, and most of the time is spent copying our response to
OBUF. Optimize our copy loops to remove needless increments and to avoid
needless struct dereference.
BUG=chrome-os-partner:61304
BRANCH=gru
TEST=Manual on kevin, verify the following performance metrics:
Time spent in shi_fill_out_status(): Was 40us, now 28us
Time spent in shi_write_half_obuf(): Was 60us, now 31us
Time spent in shi_write_first_pkg_outbuf:
Was 90us, now 37us (bad case)
Was 26us, now 16us (better case / less data copied)
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: I04075c92744eeefe8f2be009e6598718c45143c4
Reviewed-on: https://chromium-review.googlesource.com/425330
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Shawn N <shawnn@chromium.org>
It is not proper to use SET_BIT macro to clear a "write 1 to clear" bit
in a register. It will also clear other bits if they are also set.
BRANCH=none
BUG=chrome-os-partner:34346
TEST=make buildall; boot up on gru, run ectool stress test for a while
without problem.
Change-Id: I0c5a850e85e41820515b1a8f15bb43d77397737f
Signed-off-by: CHLin <CHLIN56@nuvoton.com>
Reviewed-on: https://chromium-review.googlesource.com/425589
Commit-Ready: CH Lin <chlin56@nuvoton.com>
Tested-by: CH Lin <chlin56@nuvoton.com>
Reviewed-by: Shawn N <shawnn@chromium.org>
- Before the change was made, the "__ro_end" was at 00013520h.
We change to 00012760h.
- Rename "CONFIG_IT83XX_ILM_BLOCK_SIZE" to "IT83XX_ILM_BLOCK_SIZE"
this is because we don't support reconfiguration at board-level.
- Put some task functions into "__ram_code" section to
fill the gap and improving performance of code-fetch.
Signed-off-by: Dino Li <dino.li@ite.com.tw>
BRANCH=none
BUG=none
TEST=console commands: flasherase, flashwrite, and flashread.
Change-Id: I2f2906a2a0b6971aadd00120c282801161447808
Reviewed-on: https://chromium-review.googlesource.com/424248
Commit-Ready: Dino Li <Dino.Li@ite.com.tw>
Tested-by: Dino Li <Dino.Li@ite.com.tw>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Setting HICTRL.FW_OBF clears the HIKMST.OBF and STATUS.OBF flags but it
does not deassert IRQ1 when already asserted. To make sure IRQ1 will
also be deasserted need to emulate a host read.
Modified drivers:
1. lpc.c: emulate a host read to clear OBF and deasserted IRQ1.
BRANCH=none
BUG=chrome-os-partner:34346
TEST=make buildall; Run FAFT items related to Power on/off, reboot,
and keyboard on Wheatley.
Change-Id: Ibf0ff3b8a4eeece853916e4e19d67fcc7ae2e989
Signed-off-by: CHLin <CHLIN56@nuvoton.com>
Reviewed-on: https://chromium-review.googlesource.com/419909
Commit-Ready: Aaron Durbin <adurbin@chromium.org>
Tested-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
The code that referenced these structure definitions was removed
months ago. GCC 6.2 warns about the structures being definte but
not used.
BRANCH=none
BUG=none
TEST=Build tested only
Change-Id: I68de7cc351667b3fb51aa9004dfc86d936f4a9cc
Signed-off-by: Martin Roth <martinroth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/424432
Reviewed-by: Shawn N <shawnn@chromium.org>
The common/system.c:system_usable_ram_end() function is used to
determine how much room there is available for shared memory. This
assumes that the jdata container is located at the top of SRAM right
below the panic data buffer.
This correct for embedded mode, but when building for host, panic
structure is allocated in a different memory block, not necessarily
adjacent to the __shared_mem_buf array. This leads to incorrect
calculations of the available shared memory amount.
Let's make sure the two memory blocks are adjacent, this way the
available memory calculations are accurate.
BRANCH=none
BUG=none
TEST=verified that
make runtests -j
succeeds, including the new test for malloc/free from shared memory
(coming up in the next patch).
Change-Id: I1fdba0512ac5a85b113a8284216c8b00f1564a94
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/424176
Reviewed-by: Randall Spangler <rspangler@chromium.org>
The function usb_power_map_error() is only called from a single
location, with a fixed value passed in, and the return value, which
is the only reason for the function, is ignored.
The whole thing is useless, so remove the function and call. Since the
sizes of all platforms are unchanged before and after removing this, I
suspect it was getting optimized out anyway.
Fixes coverity warning 157563: Useless call
BUG=None
BRANCH=None
TEST=build tested only.
Change-Id: Ie6572d2f5579819f06a53a567e1a93aabca217db
Signed-off-by: Martin Roth <martinroth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/418070
Reviewed-by: Shawn N <shawnn@chromium.org>
With expanding USB interface to processing vendor commands and to
query current version running on the chip, there are now occurrences
of fw_upgrade_complete() invoked at the device startup without actual
data transfer.
This causes clearing rollback counter before it is actually examined.
Let's not invoke fw_upgrade_complete() unless there was actual data
transferred for flash programming.
BRANCH=none
BUG=none
TEST=verified on chromebook reboots that the counter value is not
changed until the rollback condition is checked.
Change-Id: I50bf450882b001ba1c2f38657d27f87f8596b3e2
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/422454
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Perform PKCS1-padding-only signing for RSASSA if hashing algorithm is
TPM_ALG_NULL.
This feature is guarded by SUPPORT_PADDING_ONLY_RSASSA macro in
tpm2/Implementation.h.
BUG=chrome-os-partner:60967
BRANCH=none
TEST=On a unowned machine with TPM2: corp enroll, login, install
a network certificate (gECC or GMC), then:
a) retrieve the public key from the installed certificate
LIBCHAPS=`ls /usr/lib**/libchaps.so`
CERTID=`pkcs11-tool --module=$LIBCHAPS --slot=1 --type=cert \
-O | grep "ID:" | awk '{print $2}'`
pkcs11-tool --module=$LIBCHAPS --slot=1 --id=$CERTID \
--type=cert -r > /tmp/cert
openssl x509 -inform der -pubkey -noout -in /tmp/cert > /tmp/pub.key
b) sign a sample text using the private key for the certificate and
MD5-RSA-PKCS mechanism, not supported by TPM2_Sign command:
echo "ABCDEF" > /tmp/1.txt
pkcs11-tool --module=$LIBCHAPS --slot=1 --id=$CERTID --sign \
-i /tmp/1.txt -o /tmp/1.sig -m MD5-RSA-PKCS
c) verify signature:
openssl dgst -md5 -verify /tmp/pub.key \
-signature /tmp/1.sig /tmp/1.txt
Step (b) should succeed and step (c) should return "Verified OK".
Change-Id: I0d7a11c48cdb04e37748f7255b98e9e023481a96
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/420854
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Provide the calling stubs for p256 sign, verify, point mul, etc.
This also drops third_party/cryptoc/p256_ec and p256_ecdsa from the
image. And fewer routines from cryptoc/p256.c remain as well.
BRANCH=none
BUG=none
TEST=tcg_tests pass, test/tpm_test/tpmtest.py pass
Change-Id: Ib6c35f5d34a2c8434e78b44cbef8b69802734c50
Signed-off-by: Marius Schilder <mschilder@google.com>
Reviewed-on: https://chromium-review.googlesource.com/422942
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Marius Schilder <mschilder@chromium.org>
Tested-by: Marius Schilder <mschilder@chromium.org>
Trybot-Ready: Marius Schilder <mschilder@chromium.org>
After every reboot, we were resetting the write protect and console
lock states back to default. With this change the wp and lock states
will be preserved through deep sleep. They will still be reset on any
other type of reboot (like Power On reset or panic).
The states are also cleared if the system detects a rollback even when
booting from the deep sleep.
With this patch it is going to be impossible to remove hardware write
protection guarding writes into AP and EC firmware flash, unless the
cr50 console is unlocked.
Locking the console would reinstate hardware write protection
automatically even if it was disabled when the console was unlocked.
Two long life scratch register 1 bits are used to keep the console and
write protect states over resets. To make code cleaner bitmap
assignments of the long life scratch register is put in its own
include file.
BUG=chrome-os-partner:58961
BRANCH=none
TEST=manual
On prod/dev images verify that the default wp and console lock
states are still correct.
change the lock and write protect states from the default and
verify they are preserved through deep sleep.
reboot cr50 and make sure that they are reset.
unlock the console and enable flash writes, then set fallback
counter on cr50 to the value of 6 (rw 0x40000128 1; rw
0x4000012c 6) and put the AP into deep sleep by hitting
Alt-H-VolUp.
In five minutes press the power button on the device to bring
it back from s5. Observe cr50 fall back to an older image and
console lock and wp disabled.
Change-Id: Ie7e62cb0b2eda49b04a592ee1d0903e83246b045
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/420812
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
There are plans to extend use of the LONG_LIFE_SCRATCH1 register for
other purposes than keeping board properties. Just as the board
properties, the new use is also very board specific. This patch moves
the board properties code from chip/g to board/cr50, where it belongs.
Instead of reading board properties bitmap and checking if various
bits are set, api functions are now provided to allow determining
various properties settings without actually looking at the properties
bitmap.
CQ-DEPEND=CL:*313057
BRANCH=none
BUG=chrome-os-partner:58961
TEST=verified that both Gru and Reef boot with the new image,
additionally, on Reef confirmed that it is possible to
communicate with the H1 over USB, and that plt_reset signal is
handled properly.
Change-Id: Id0dd2dc16389f773a149fb01eee1ce7bb99c4547
Reviewed-on: https://chromium-review.googlesource.com/422081
Commit-Ready: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Scott Collyer <scollyer@chromium.org>
