> Changes done :
> 1. Shared schema between host and embedded controller.
2. Commands messages are handled at driver level.
3. Debug message type added to enable debugging on i2c, spi and gpio's.
4. Auto test capabilities added to ethernet module.
5. Unit test cases written for multiple devices like LTC4275, LTC4274, LTC4015,ADT7481, PCA9557, SX1509.
This CL retries reads and writes from/to TPM device if an error
is returned by read()/write(), up to 3 total attempts.
This is useful case of transient TPM communication errors that go
away after a single retry. Without this CL, after such errors the
encstateful key might be regenerated and encstateful data wiped.
BRANCH=none
BUG=chromium:702724
TEST=1) normal boot still works;
2) simulate a single error, verify that it retries.
Change-Id: I259882209df0aad66cd083729f746ea45909922b
Reviewed-on: https://chromium-review.googlesource.com/1067939
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
This sets O_CLOEXEC when opening the TPM device to make sure the file
descriptor isn't shared across processes. The TPM character device
exposes the raw communication channel to send/receive commands to/from
the TPM. The TPM is not designed for concurrent access by multiple
users and the kernel driver already returns EBUSY on open when a
different process has already opened it. Consequently, it only makes
sense to have the /dev/tpm0 file descriptor be closed automatically on
exec().
None of the callers I'm aware of need to share the TPM file descriptor
across processes, and mount-encrypted has some ad-hoc code to close the
descriptor when it does fork+exec to spawn a helper. The existing code
isn't consistent and comprehensive (mount-encrypted spawns other
helpers where it forgets to close the file descriptor), so the plan is
to set O_CLOEXEC and remove the ad-hoc code.
BRANCH=None
BUG=None
TEST=Compiles, passes tests, image boots.
Change-Id: Ia6e73fb12e8f2ed8fe99b4c53ea6eb8cda4a21f5
Reviewed-on: https://chromium-review.googlesource.com/1055569
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
This change adds a new NV and GBB flag for controlling USB device
mode behavior, adding an additional step to enable UDC on systems
that support it.
Users of this feature will need to first enable developer mode and
then enable UDC separately by running "crossystem dev_enable_udc=1".
Alternatively those without write protect enabled can set a GBB
flag to have UDC enabled by default while in developer mode.
This is based on the security reviewed proposal at
https://docs.google.com/document/d/1b6avd9xvhvljN_NKtctWrClj4mSYZ_uPmp7MmAnPwqs
BUG=b:74339386
BRANCH=poppy
TEST=manual testing on Eve device
Change-Id: I6f440320f28b033639b53246d3034bc8acc37a33
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1010769
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Add a command that checks whether the well-known secret (SHA1 hash of
20 zero bytes) works for owner authentication. This is accomplished by
sending a DefineSpace command for TPM_NV_INDEX_TRIAL, which will
trigger auth checks but not actually allocate an NVRAM space.
Successful command execution thus indicates that authorization was
successful. tpmc exposes the status via its exit status. This will be
used in the tpm-firmware-updater driver script to verify that the TPM
is in upgradable state.
BRANCH=None
BUG=chromium:788719
TEST=compiles
Change-Id: I630831127e0e01186650412a92643c2153fbe2ee
Reviewed-on: https://chromium-review.googlesource.com/978171
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
The new TlclGetSpaceInfo function returns more detailed information
about a defined NVRAM space. The existing TlclGetPermissions function
is now using TlclGetSpaceInfo behind the scenes.
BRANCH=None
BUG=chromium:788719
TEST=New unit tests.
Change-Id: I6c4f490d575788b696fd742a69e81e2767ec50f1
Reviewed-on: https://chromium-review.googlesource.com/937705
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Add the remaining constants for NVRAM space attributes. The code
previously only declared the ones required in vboot_reference, but
that led to other code growing its own ad-hoc declarations for missing
constants. Just declare them all to simplify things.
BRANCH=None
BUG=chromium:788719
TEST=compiles
Change-Id: I749ae5e4dc1b2ba56121fe42fd136b505d8cae80
Reviewed-on: https://chromium-review.googlesource.com/937704
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
Adds two new functions and their corresponding TPM commands to create
delegation families and list the delegation family table, respectively.
This isn't sufficient to meaningfully manage delegation families, but good
enough for the (ab)use case of storing flags in delegation family labels, which
we are going to do in order to strengthen encrypted stateful to guarantee
recreation of the encrypted file system after TPM clear..
BRANCH=None
BUG=chromium:788719
TEST=new unit tests
Change-Id: I31beb662784a8fff450b485c7cabc553944d7772
Reviewed-on: https://chromium-review.googlesource.com/817199
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Add the ability to take TPM ownership. This requires two new commands:
TPM_OIAP to start an auth session and TPM_TakeOwnership to establish
ownership. TPM_TakeOwnership requires an auth session and proper
command authentication to work, which is also added.
BRANCH=None
BUG=chromium:788719
TEST=new unit tests
Change-Id: Ib70144eedb0b1c7c43b26c06529d33ccbaa51a0e
Reviewed-on: https://chromium-review.googlesource.com/790414
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Trybot-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
