We multiply 2 32-bit numbers (and not 64-bit numbers), and then add
another 32-bit number, which makes it possible to optimize the
assembly and save a few instructions.
With -O3, 3072-bit exponent, lower verification time from 122 ms to
104 ms on STM32F072 @48Mhz.
Optimized mac function from Dmitry Grinberg <dmitrygr@google.com>.
BRANCH=poppy
BUG=b:35647963
BUG=b:77608104
TEST=On staff, flash, verification successful
TEST=make test-rsa, make test-rsa3
TEST=Flash test-utils and test-rsa to hammer => pass
Change-Id: I584c54c631a3f59f691849a279b308e8d4b4b22d
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/449024
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
There are still more ifdef than can be added: this just takes out
the low hanging fruits.
BRANCH=poppy
BUG=b:35647963
TEST=make buildall -j, see that we gain from 0 to 64 bytes on many
boards.
Change-Id: Ibe85b8bfa5d5c22c160e4a6656104256067beee9
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1070948
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Allow setting password from the AP, but not from USB. Remove the old
password control logic, which is no longer needed.
Allow open if:
- Not explicitly blocked
- Not blocked via FWMP
- One of the following is true:
- A password is set
- Battery is removed (also doesn't require physical presence)
- Dev mode is on, and request came from the AP
Reduces cr50 binary by 152 bytes.
BUG=b:79983505
BRANCH=cr50
TEST=manual, with a CR50_DEV=1 build
ccd oops
ccd lock
ccd unlock -> fails
gsctool -U -> fails from host
gsctool -t -U -> fails from AP
ccd oops
ccd password foo -> fails from console
gsctool -P -> fails from host
gsctool -t -P -> works from AP
ccd get -> confirms password set
ccd lock
ccd unlock foo -> works
ccd lock
gsctool -U -> works from host, if correct password supplied
ccd lock
gsctool -t -U -> works from AP, if correct password supplied
ccd open foo -> works
ccd lock
gsctool -O -> works from host, if correct password supplied
ccd lock
gsctool -t -O -> works from AP, if correct password supplied
ccd oops
ccd lock
(remove battery)
ccd open -> works without physical presence
(reattach battery)
ccd lock
gsctool -O -> works from host
ccd lock
gsctool -t -O -> works from AP, if dev mode is enabled
Change-Id: I364b322d03db250e7dd140767d7a22dbb3ac1eef
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1072957
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
On hammer, we do not need the console channels, so we can just
disable them to save flash size.
BRANCH=poppy
BUG=b:35647963
TEST=make newsizes, staff image size shrinks by 704 bytes
Change-Id: I7a493ae57573814b166d45e57f1ad3d885f26086
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1070949
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This makes it easier to add params or flags for vendor commands
without changing all of the command handlers. It also reduces code
size by 56 bytes.
For now, existing command handlers continue to use
DECLARE_VENDOR_COMMAND(). Added DECLARE_VENDOR_COMMAND_P() for
handlers which take the params struct directly. The CCD command will
be the first user of that, since it will have different rules for
'open' based on where the command comes from.
No change to existing command behavior.
BUG=b:79983505
BRANCH=cr50
TEST=gsctool -I still works
Change-Id: I7ed288a9c45e381162e246b50ae88cf76e67490d
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1069538
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Previously, calls to tpm_alt_extension() were treated as if they came
from the AP via the TPM interface, even though they actually
originated from the cr50 console, which is accessible via the USB
interface.
This affects the following console commands:
spi_hash - was already allowed as both a safe console command and via
the USB vendor command interface. No change.
rma_auth - was allowed as a safe console command, but not via the USB
vendor command interface. Now allowed from both. No change in
security, since anyone could already do it via the console.
Unfortunately, getting a challenge fails because commands issued via
the USB vendor command interface have a maximum payload of 32 bytes
and the challenge is bigger than that; that's tracked in b:80098603.
ccd - was already allowed as a safe console command. This directly
called ccd_command_wrapper() for lock, open, and password subcommands.
It made an extra check for password set for the unlock subcommand.
Moved the unlock check to the vendor command handler. Also changed
the order of checks so that FWMP disabling unlock and open supersedes
an existing password; this matches go/ccd-open-simple. (That has no
effect on existing systems, because CCD is disabled at a higher
level.)
Reduces code size by 8 bytes.
BUG=b:79983505
BRANCH=cr50
TEST=manual, on a CR50_DEV=1 build
Compile with DEBUG_EXTENSION defined to print extra debug output
'ccd lock' now shows as coming from USB
'ccd unlock' fails because no password is set
'ccd unlock' and 'ccd open' fail if FWMP disallows unlock
'rma_auth' prints a challenge
'gsctool -t -r' prints a challenge from AP root shell
'gsctool -r 12345678' returns error 6 (incorrect challenge), rather
than error 127 (no such command).
'gsctool -I' works from the host
'gsctool -t -I' still works from AP root shell
Change-Id: I2cd1027f5135b9c336df97ee4b1b1a15354728b4
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1068102
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Change prefix from CONFIG_ESPI to CONFIG_HOSTCMD_ESPI for consistency.
BRANCH=none
BUG=chromium:818804
TEST=Full stack builds and works on yorp (espi) and grunt (lpc)
Change-Id: I8b6e7eea515d14a0ba9030647cec738d95aea587
Signed-off-by: Jett Rink <jettrink@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1067513
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Added flags parameter to extension_route_command(). The caller now
specifies whether the command comes from the USB interface or the AP.
Moved USB-specific shuffling of response to embed result code into
usb_upgrade.c, so extension_route_command() can be more generic.
No change to permissions/behavior for existing commands.
ccd_command_wrapper() still sends vendor commands as if they come from
the AP. That's fixed in the next CL.
Reduces code size by 128 bytes
BUG=b:79983505
BRANCH=cr50
TEST=manual
Build with DEBUG_EXTENSION defined, to turn on printing each command
'ccd lock' comes from AP and works
From host, 'gscutil -I' comes from USB and fails
From AP, 'gscutil -t -I' comes from AP and works
Change-Id: I7136bb54073de9c5951a174c308151b1871c56f3
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1068101
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
We have converted all LPC-only configs to HOSTCMD_LPC so the remaining
CONFIG_LPC defines represent the common case.
BRANCH=none
BUG=chromium:818804
TEST=Full stack builds and works on yorp (espi) and grunt (lpc)
Change-Id: Iba9a48f2cab12fadd0d9ab8eab0d5d5476eab238
Signed-off-by: Jett Rink <jettrink@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1067503
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Introduce CONFIG_HOSTCMD_LPC and CONFIG_HOSTCMD_ESPI which will replace
CONFIG_LPC and CONFIG_ESPI. Today the CONFIG_LPC option guards both
common code to eSPI and LPC and LPC-only code. Going forward
CONFIG_HOSTCMD_LPC will guard only LPC code, and a new option
CONFIG_HOSTCMD_X86 will guard common code to both LPC and eSPI.
I am leaving the CONFIG_LPC and CONFIG_ESPI defines in this CL so each
CL in the stack compiles.
BRANCH=none
BUG=chromium:818804
TEST=Full stack builds and works on yorp (espi) and grunt (lpc)
Change-Id: I6ae3a805167a3404701d8a53c14dc83299afb376
Signed-off-by: Jett Rink <jettrink@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1067498
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Previously manual_mode used the current values of voltage/current to
set the desired values for each charge_request() call. Since manual
mode is entered/exited in the host command task, this can easily lead
to a race condition where the charger gets disabled in the host
command task, the reenabled by the charger task. This in turn makes
the ectool chargecontrol idle command unreliable.
This CL replaces manual mode with two variables, manual_voltage and
manual_current. The default values are -1 which means that they are
inactive. When the ectool command 'chargecontrol idle' is executed, it
sets both variables to 0. This then removes the race condition
possibility as each iteration of the charger loop will use
manual_voltage and/or manual_current if not -1.
BRANCH=coral
BUG=b:68364154
TEST=Manual
Executed 'ectool chargecontrol idle' and 'ectool chargecontrol normal'
numerous times and verified that the charging was disabled/resumed
each time as expected. Without this fix the problem could be
reproduced always in less than 10 attempts, typcially less than
5. With this CL charging is disabled reliably each time and I'm not
able to reproduce the problem.
Change-Id: I1ed9cdb42249cdf72ab34dd95b8f42c09d9a490c
Signed-off-by: Scott Collyer <scollyer@google.com>
Reviewed-on: https://chromium-review.googlesource.com/851419
Tested-by: Scott Collyer <scollyer@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Shawn N <shawnn@chromium.org>
Commit-Queue: Scott Collyer <scollyer@chromium.org>
(cherry picked from commit b7254f38979f274acc66330905399ff5ddf4129b)
Reviewed-on: https://chromium-review.googlesource.com/922069
Commit-Ready: Daisuke Nojiri <dnojiri@chromium.org>
Tested-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
When EC sees voltage drops below BAT_LOW_VOLTAGE_THRESH,
we kick off a timer and ask AP to throttle.
When the timer expires which means EC hasn't seen under-voltage
for BAT_UVP_TIMEOUT_US, we ask AP to stop throttling.
We reset the throttling status and do nothing when AP is off (S5).
BUG=b:73050145, chromium:838754
BRANCH=scarlet
TEST=manually test on scarlet, confirm EC sends
EC_HOST_EVENT_THROTTLE_START and EC_HOST_EVENT_THROTTLE_STOP
host events when entering/exiting UVP.
Change-Id: Ia760989f760f95549f7a8a8acb1d01de23feab5a
Signed-off-by: Philip Chen <philipchen@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1064983
Commit-Ready: Philip Chen <philipchen@chromium.org>
Tested-by: Philip Chen <philipchen@chromium.org>
Reviewed-by: David Schneider <dnschneid@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
sleepmask is really useful for debugging sleep issues. Add a read only
version of sleepmask to non-DBG images. It will only be accessible once
the console is unlocked.
BUG=none
BRANCH=cr50
TEST=make sure sleepmask can be modified in DBG images and can only be
read in prod images.
Change-Id: I31ef966f6302d4a7602a014cb08c9b972d13f41e
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1062804
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
gcc 8.1 complains about duplicate const, and while some of these really
are duplicate, others look like they were supposed to tighten the API
contract so that variables are "const pointer to const data", but didn't
have that effect.
BUG=b:65441143
BRANCH=none
TEST=building Chrome EC as part of upstream coreboot's build with a
gcc 8.1 compiler now works (better. there are other issues left)
Change-Id: I6016c5f282516471746f08d5714ea07ebdd10331
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1039812
Commit-Ready: Patrick Georgi <pgeorgi@chromium.org>
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Make Esc+Refresh+Power on Grunt enter Recovery Mode.
If Power is released fast:
[0.045303 KB init state: -- 02 08 -- -- -- -- -- -- -- -- -- --]
Add CONFIG_KEYBOARD_IGNORE_REFRESH_BOOT_KEY to handle this case.
If Power is held longer:
[0.045448 KB init state: 08 0a 08 08 08 -- 08 -- 08 08 -- 08 08]
Add CONFIG_KEYBOARD_PWRBTN_ASSERTS_KSI3 to handle this case.
BUG=b:79758966
BRANCH=none
TEST=Esc+Refresh+Power gives recovery screen on Grunt
Change-Id: I43a7d485535ff7b0d9bfce59f28c0049ee989818
Signed-off-by: Edward Hill <ecgh@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1063032
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Daniel Kurtz <djkurtz@chromium.org>
Currently, field sizes are automatically set to the smallest size
which can fit a given value. This patch makes cbi-util allow field
sizes to be specified.
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
BUG=b:79514391
BRANCH=none
TEST=Tested as follows:
1. Create CBI image:
$ cbi-util create --file cbi.bin --board_version 0x202 \
--oem_id 0xabcd:2 --sku_id 0xff:4 --size 256
2. Verify the image:
$ cbi-util show --file cbi.bin
CBI image: /home/dnojiri/tmp/nami/tmp/cbi.new.bin
TOTAL_SIZE: 22
Data Field: name: value (hex, tag, size)
BOARD_VERSION: 514 (0x202, 0, 2)
OEM_ID: 43981 (0xabcd, 1, 2)
SKU_ID: 255 (0xff, 2, 4)
3. Verify the output matches with the previous output if field sizes
are not specified.
Change-Id: Ic7149274d6e4a118ea12bbf03199b548b7089a3e
Reviewed-on: https://chromium-review.googlesource.com/1056201
Commit-Ready: Daisuke Nojiri <dnojiri@chromium.org>
Tested-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
When running signed with dev keys and the fallback certificate is not
available, proceed installing unverified root certificate. This at
least allows to keep basic TPM functions like storing objects in NVMEM
to keep going. Added a new return value to indicate this condition.
BRANCH=cr50, cr50-mp
BUG=none
TEST=verified that it is possible to switch chromebook between prod
and dev modes when running with a dev signed Cr50.
Change-Id: I5b16d0bcbcfb25368f65075e1d2d485a69cb729f
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1054990
Reviewed-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Add the FP_CAPTURE_RESET_TEST capture mode to be able to perform the
reset pixel values test.
Update ectool accordingly and also remove the deprecated 'fpcheckpixels'
command.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=poppy
BUG=b:78597564
TEST=run 'ectool --name=cros_fp fpmode capture test_reset',
then 'ectool --name=cros_fp fpframe > test.pnm'
CQ-DEPEND=CL:*626747
Change-Id: I183f33b1cb9ba4db67219b8f7740d29dc0551f2d
Reviewed-on: https://chromium-review.googlesource.com/1061074
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
When the EC sends an interrupt to the AP notifying it of new
accelerometer data we need to make sure the spot we record the timestamp
of the event is virtually identical to the spot the AP records the same
point in time.
Therefore a better spot for that is right next to the gpio toggling of
the interrupt line.
BUG=b:67743747
TEST=In the kernel, fifo_info->info.timestamp still has sane values.
TEST=CTS should still pass
BRANCH=master
Change-Id: Ic77101a045123e779f576c46b401c765304976fd
Signed-off-by: Alexandru M Stan <amstan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/802976
Reviewed-by: Gwendal Grignou <gwendal@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Instead of fetching incoming CEC messages using a specific read
command, extend the standard mkbp event so the CEC message can
be delivered directly inside the event.
Signed-off-by: Stefan Adolfsson <sadolfsson@chromium.org>
BUG=b:76467407
BRANCH=none
TEST="ectool cec read" still working with a kernel that has support
for the increased mkbp size.
CQ-DEPEND=CL:1046186,CL:1051085
Change-Id: Id9d944be86ba85084b979d1df9057f7f3e7a1fd0
Reviewed-on: https://chromium-review.googlesource.com/1051105
Commit-Ready: Stefan Adolfsson <sadolfsson@chromium.org>
Tested-by: Stefan Adolfsson <sadolfsson@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This patch promotes board/nami/keyboard_backlight.c to common
directory.
Board customization is done via board_kblight_init callback.
It currently supports two drivers: direct PWM control and lm3509.
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
BUG=b:78360907,b:78141647
BRANCH=none
TEST=On Nami (for lm3509) and Sona (pwm), verify the followings:
1. Alt + brightness up/down works
2. After suspend-resume, brightness is restored
3. Lid close/open
4. After screen is off, keyboard backlight is turned off
Change-Id: I584c06e8702fe7b289999698f277311cfd3400bd
Reviewed-on: https://chromium-review.googlesource.com/1051027
Commit-Ready: Daisuke Nojiri <dnojiri@chromium.org>
Tested-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
The kernel is only able to know the number of USB PD port through
EC_CMD_USB_PD_PORTS, but the kernel needs also to be able to know
that there is a dedicated port. Add a host command that will
return the total number of charge port (USB PD + BJ).
BRANCH=None
BUG=chromium:841944
TEST=Called command from kernel driver and checked that the port count
was the expected value.
Change-Id: I6ccd8a2dee35bbe8bb66dfbe09d1cc09c54b73a0
Signed-off-by: Fabien Parent <fparent@baylibre.com>
Reviewed-on: https://chromium-review.googlesource.com/1046593
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
When EC sees discharge current hit BAT_MAX_DISCHG_CURRENT,
we kick off a timer and ask AP to throttle.
Then EC keeps monitoring discharge current. If the current doesn't
drop below BAT_MAX_DISCHG_CURRENT - BAT_OCP_HYSTERESIS, we restart
the timer and notify AP again, which shouldn't happen unless
AP misses or ignores the first notification.
When the timer expires, which means EC hasn't seen over-current
for BAT_OCP_TIMEOUT_US, we ask AP to stop throttling.
BUG=b:74321682, chromium:838754
BRANCH=scarlet
TEST=manually test on scarlet, confirm EC sends
EC_HOST_EVENT_THROTTLE_START and EC_HOST_EVENT_THROTTLE_STOP
host events when entering/exiting OCP.
Change-Id: I1e55fc23249596d8afec52a3885655ca9c1f2151
Signed-off-by: Philip Chen <philipchen@google.com>
Reviewed-on: https://chromium-review.googlesource.com/994188
Commit-Ready: Philip Chen <philipchen@chromium.org>
Tested-by: Philip Chen <philipchen@chromium.org>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
This patch adds an interrupt handler for a tablet switch and an init
hook to enable the interrupt.
The handler does the typical tasks for convertible devices: 1. sets
tablet mode then 2. disables peripherals if tablet mode is on.
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
BUG=b:77298177
BRANCH=none
TEST=buildall. Verify on Nami.
Change-Id: If7fb5ea15f388d2b6084d800d2bc05efafd1945e
Reviewed-on: https://chromium-review.googlesource.com/1043057
Commit-Ready: Daisuke Nojiri <dnojiri@chromium.org>
Tested-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Port 0:
TCPC: ANX3429
PPC: SN5S330
BC1.2: PI3USB9281
Port 1:
TCPC: PS8751
Power switch (sink): NX5P3290
Power switch (source): NX20P5090
BC1.2: PI3USB9281
Charger: ISL9238
BRANCH=none
BUG=b:74395451
TEST=make buildall -j
TEST=Did "gpioset EN_PP5000_A 1" before the folllowing tests:
* Plugged adapter to port-0/port-1/both and saw charging
* Plugged USB device to port-0/port-1/both and saw sourcing VBUS
* Plugged adapter to one port and USB device to another port
* Plugged USB disk to port-0 and booted into kernel
* When AP off, not sourcing VBUS to USB device
* Rebooting AP still works
Change-Id: Icde5e24c2cda3d0f2046486528a210af84befcca
Signed-off-by: Tom Wai-Hong Tam <waihong@google.com>
Reviewed-on: https://chromium-review.googlesource.com/969701
Commit-Ready: Wai-Hong Tam <waihong@google.com>
Tested-by: Wai-Hong Tam <waihong@google.com>
Reviewed-by: Wai-Hong Tam <waihong@google.com>
Update the fingerprint match event to include the index of the template
which matched.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=poppy
BUG=b:77516790
TEST=on ZerbleBarn, enroll 5 fingers and do matching from the console,
see the proper finger index in the trace.
TEST=on Meowth, check unmodified biod still works for match with the
updated MCU firmware.
CQ-DEPEND=CL:*621808
Change-Id: I5be77ba65ce232989606274aba9a6c20841d533c
Reviewed-on: https://chromium-review.googlesource.com/1047267
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Nicolas Norvez <norvez@chromium.org>
Keep the timestamp of the latest power lost. Add a handler to wake
the chipset task to check if power lost stays low for a while (the
time between now and the latest power lost is longer than a period).
BRANCH=none
BUG=b:78455067
TEST=Toggle EC GPIO SYS_RST_L for a low pulse to execute PMIC reset
sequence and verified AP reset but not a transition S0 -> S5.
TEST=Toggle EC GPIO PMIC_KPD_PWR_ODL and SYS_RST_L for a low pulse
(see power_off function) to execute PMIC shutdown sequence and verified
a power-lost transition S0 -> S5.
Change-Id: I8ed789d701e834195865bfdf2d302388d42618d2
Signed-off-by: Tom Wai-Hong Tam <waihong@google.com>
Signed-off-by: Alexandru M Stan <amstan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1028831
Commit-Ready: Wai-Hong Tam <waihong@google.com>
Tested-by: Wai-Hong Tam <waihong@google.com>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
This makes the EC listen to the AP_RST_REQ GPIO from AP. The rising
edge interrupts to trigger a hook to call chipset_reset().
As the hook task will be preempted by the chipset task, it adds a
flag bypass_power_lost_trigger to avoid triggering to S5 as the
chipset state machines sees power lost during the reset.
So far the chipset_reset() implementation is to do a cold reset;
will be revised to a warm reset after the PMIC registers are
reprogrammed.
BRANCH=none
BUG=b:74395451
TEST=make buildall -j
TEST=Ran 'reboot' on AP console which toggles the GPIO.
Change-Id: I946cb029541ce018a8ed1ce25681d38998a7f4b6
Signed-off-by: Wai-Hong Tam <waihong@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1023986
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
We add a configuration option to set the minimum shared memory
size (CONFIG_SHAREDMEM_MINIMUM_SIZE), so that the link will fail
if there is not enough IRAM left.
Also, we add 2 macros around shared_mem_acquire, that check, at
build time, that the shared memory size is sufficient for the
allocation:
- SHARED_MEM_ACQUIRE_CHECK should be used instead of
shared_mem_acquire, when size is known in advance.
- SHARED_MEM_CHECK_SIZE should be used when only a maximum size
is known.
This does not account for "jump tags" that boards often add on
jump from RO to RW. Luckily, RW usually does not do verification,
and does not need as much shared memory.
BRANCH=none
BUG=chromium:739771
TEST=make buildall -j, no error
Change-Id: Ic4c72938affe65fe8f8bc17ee5111c1798fc536f
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1002713
Reviewed-by: Gwendal Grignou <gwendal@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
This is the power sequence for rev-0 board. Confirmed the behavior of
reprogramming the PMIC registers to enable the instant reset and
shutdown.
BRANCH=none
BUG=b:74395451
TEST=make buildall -j
TEST=Tried the following cases:
* Cold reset:
$ dut-control cold_reset:on sleep:0.2 cold_reset:off
Result: G3 -> S0
* Long power press to shutdown:
$ dut-control pwr_button:press sleep:8.2 pwr_button:release
Result: S0 -> S5 -> G3
* Long power press to power-on but then shutdown:
$ dut-control pwr_button:press sleep:8.2 pwr_button:release
Result: G3 -> S0 -> S5 -> G3
* Short power press to power-on:
$ dut-control pwr_button:press sleep:0.2 pwr_button:release
Result: G3 -> S0
* Console command: apreset
Result: S0 -> S5 -> S0
* Console command: power off
Result: S0 -> S5 -> G3
* Console command: power on
Result: G3 -> S0
* Console command: apshutdown
Result: S0 -> S5 -> G3
* Lid open to power-on:
$ dut-control lid_open:no sleep:0.2 lid_open:yes
Result: G3 -> S0
Change-Id: Ia9d44b1dccac66b5b580c08c6c1697ef5989b923
Signed-off-by: Wai-Hong Tam <waihong@google.com>
Signed-off-by: Alexandru M Stan <amstan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/969702
Add a state to indicate that a data role is actually disconnected and
notify the board-level data swap function with this state when a cable
is unplugged. This allows the board to clean up and restore any state
that may have been set up with a data role swap.
BUG=b:78308749
BRANCH=eve,poppy
TEST=manual on eve: plug in C-to-C cable, execute data swap on port 0
with 'pd 0 swap data' and ensure the OTG pins are asserted. Then unplug
the cable and ensure OTG pins are now deasserted.
Change-Id: I7d8fff22dd5836b4b5af54f0ede71ee1b6e40b5c
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1035423
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
We do not want to erase the OCM flash automatically so we
can ensure that we fix our supply chain issues. Add a command
that will erase the OCM if needed.
BRANCH=none
BUG=b:77658388
TEST=verified command works on yorp
Change-Id: Iaf6ada3b1e223d15ae0d9624bdcc54b90cb33b64
Signed-off-by: Jett Rink <jettrink@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1035428
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
In order to be able to recover from the AP and Cr50 getting out of
sync, this logging functionality gives Cr50 a way to track the
state changes of the merkle tree so that the AP can be updated to
the current state as long as it has a recent enough copy.
This involves packing the important information so it can be stored
efficiently on flash, and adding the necessary messages for the
replay.
CQ-DEPEND=CL:895395,CL:929430
BRANCH=none
BUG=chromium:809729, chromium:809745
TEST=cd ~/src/platform/ec && V=1 make run-weaver_ng -j
Change-Id: I40f98de2c8e9706cccb5b922215699f2132fa121
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/963773
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
This connects the pinweaver code to the tpm vendor
specific command code.
CQ-DEPEND=CL:895395
BRANCH=none
BUG=chromium:809741
TEST=TBD
Change-Id: I2a6c4bf52ad77b7bf0395095404e925e1dd48dbc
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/929430
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
This adds some of the ground work for hardware backed brute force
resistance on Cr50. The feature is called Pinweaver. It will
initially be used to enable PIN authentication on CrOS devices
without reducing the security of the platform. A Merkle tree is
used to validate encrypted metadata used to track login attempts.
The metadata tracks counts of failed attempts, a timestamp of the
last failed attempt, the secrets, and any associated parameters.
Instead of storing the metadata on Cr50 an AES-CTR is used with an
HMAC to encrypt the data so it can be stored off-chip and loaded
when needed.
The Merkle tree is used to track the current state of all the
metadata to prevent replay attacks of previously exported copies.
It is a tree of hashes whose root hash is stored on Cr50, and whose
leaves are the HMACs of the encrypted metadata.
BRANCH=none
BUG=chromium:809730, chromium:809741, chromium:809743, chromium:809747
TEST=cd ~/src/platform/ec && V=1 make run-pinweaver -j
Change-Id: Id10bb49d8ebc5a487dd90c6093bc0f51dadbd124
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/895395
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
According to PD spec:
- Data role shall not be reset on soft reset.
- Data role shall be reset to power-role default on hard reset.
Implement the above. Even if both ports follow spec, it's still possible
for a data role conflict to occur if, for example, data role swap occurs
(data role mismatches power role default) followed by a hardware reset
of one port (such that data role gets reset to power role default).
Handle such cases by taking error recovery actions.
BUG=b:71333840,chromium:805040
TEST=Connect scarlet to powered Apple accessory, verify scarlet comes up
in SNK-DFP after soft reset and issuing "reboot" on EC console. After
issuing a hard reset, the port comes up in SNK-UFP (which is the
power-role default).
BRANCH=None
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Change-Id: I65139f277d59a0612f8323d711080f52425ff5e7
Reviewed-on: https://chromium-review.googlesource.com/885462
Commit-Ready: Aseda Aboagye <aaboagye@chromium.org>
Tested-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
