There are plans to extend use of the LONG_LIFE_SCRATCH1 register for
other purposes than keeping board properties. Just as the board
properties, the new use is also very board specific. This patch moves
the board properties code from chip/g to board/cr50, where it belongs.
Instead of reading board properties bitmap and checking if various
bits are set, api functions are now provided to allow determining
various properties settings without actually looking at the properties
bitmap.
CQ-DEPEND=CL:*313057
BRANCH=none
BUG=chrome-os-partner:58961
TEST=verified that both Gru and Reef boot with the new image,
additionally, on Reef confirmed that it is possible to
communicate with the H1 over USB, and that plt_reset signal is
handled properly.
Change-Id: Id0dd2dc16389f773a149fb01eee1ce7bb99c4547
Reviewed-on: https://chromium-review.googlesource.com/422081
Commit-Ready: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Scott Collyer <scollyer@chromium.org>
The idle task on g devices seems to be very close to its stack
capacity. Adding debug code, print statements, etc., causes occasional
stack overflow panics.
Let's increase the stack size to avoid these problems.
BRANCH=none
BUG=none
TEST=the stack overflow panics do not happen anymore when debug
processing on the idle task context is added.
Change-Id: Id259719c1b644e2743f3bb3dbf0d99d667662901
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/422078
Reviewed-by: Randall Spangler <rspangler@chromium.org>
word_in_value shouldn't be able to be used without being initialized,
so just initialize it to make GCC 5.3 happy. It's configured separately
in the (last_write_pointer & 3) and (!(last_write_pointer & 3)) paths,
so it can't actually slip through uninitialized.
There is probably a way to rwrite this that won't confuse GCC as much,
but I haven't found it yet. The solutions I did try generally ended
up increasing the binary size, so I'm falling back to just initializing
the variable.
chip/g/i2cs.c: In function '_i2cs_write_complete_int':
chip/g/i2cs.c:178:19: error: 'word_in_value' may be used uninitialized
in this function [-Werror=maybe-uninitialized]
This does not change the size of any ec.*.flat file.
BRANCH=none
BUG=none
TEST=build succeeds under GCC 4.9.2, 5.3 and 6.2
Change-Id: Iaf8641b3d252c494ad13fbeb8ad8ece3cdfe6e76
Signed-off-by: Martin Roth <martinroth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/403504
Reviewed-by: Shawn N <shawnn@chromium.org>
Avoid building and including crypto test code in
prod builds: only define CRYPTO_TEST_SETUP when
CR50_DEV is defined.
At HEAD, this change drops the size of prod ec.RW.bin
from 200704 to 188416.
BRANCH=none
BUG=chrome-os-partner:54104
TEST=build succeeds
Change-Id: I1e6018ec917dbe71cb445206ce232b8ea7a46cb1
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/418489
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
This change adds the plumbing for SHA-384 & 512.
The actual hash implementation is software only,
and a part of the third_party/cryptoc library.
BRANCH=none
BUG=none
CQ-DEPEND=CL:418263
TEST=TCG tests pass
Change-Id: Iba7e6d420fd7fa0bce4ad9061e00f9275ecf4d72
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/417888
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
It turns out that even when the UART status register returns TX_IDLE
bit set, the transmitter is still active - probably working out the
stop sequence.
So, resetting immediately after TX_EMPTY is asserted causes the last
character to be corrupted on the receiving side.
This patch adds a wait for the duration of transmitting 10 bits at
115200 baud, which should be plenty. Wait loop in capped in case timer
is not running for any reason.
BRANCH=none
BUG=chrome-os-partner:60321
TEST=added code to print out a string and then call cflush() and reset
immediately. The last character is not lost any more, the exact
string is printed.
Change-Id: If386c515d9d9cc63d161fba73e6ed4e70e465136
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/418487
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Deep sleep needs to be considered a normal behavior and should not add
to the rollback count. This change subtracts one from the reset count
when the system sees that it just resumed from deep sleep.
Ideally the rollback counter would be able to verify the TPM
functionality and detect rolling reboots. With this change the rollback
counter will only be able to detect rolling reboots, but it fixes the
false positives for rolling reboots we were seeing before.
BUG=chrome-os-partner:60449
BRANCH=none
TEST=manual
check the reset counter
turn off the AP
wait for cr50 to enter deep sleep
plug in suzyq
check it resumes from deep sleep and that the reset counter
still has the same value
Change-Id: Ie8490c29636403b409b2a3f0912a5b312d23bc24
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/418321
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
This change adds a usb clock enable before trying to write to the usb
registers when preparing for deep sleep.
It is possible that usb has not been initialized, so we need to make
sure that the clock is enabled.
BUG=chrome-os-partner:60555
BRANCH=none
TEST=manual, on both dev and prod fused H1
run hibernate on the EC
wait until cr50 enters deep sleep
plug/unplug the charger
verify the AP can boot to the kernel
Change-Id: I26359f4224cd25dc57c32d1508e26b133c43d317
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/417771
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
* Include trng.h from trng.c before any other header to verify that the
header is self-contained.
* Add inclusion of stdint.h to trng.h to provide definition for uint32_t.
BUG=none
BRANCH=none
TEST=make -j buildall
Change-Id: I78fb6d915c357236ca0fed2a57f093f0eec07fe9
Reviewed-on: https://chromium-review.googlesource.com/417424
Commit-Ready: Carl Hamilton <carlh@chromium.org>
Tested-by: Carl Hamilton <carlh@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Set the default idle action based on whether bus obfuscation is enabled.
BUG=none
BRANCH=none
TEST=verify the idle default is sleep on b1 boards and wfi on b2.
Verify that both types of chips go to sleep and resume
successfully.
Change-Id: Ib5a11c4060aa411ff36c06c7fcadf0bf4c223bf1
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/410167
The manifest used for signing in dev mode was originally used for
kevin evt 1, but now it is a common dev mode manifest. Rename the fie
appropriately and modify the makefile using it.
BRANCH=none
BUG=chrome-os-partner:57956
TEST=verified that it is still possible to build cr50 with CR50_DEV=1
Change-Id: If744406a83a7045cd34c76c941fdef209bef51ac
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/417220
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
This change adds support for signing SHA-384 & 512 hashes
when using PKCS#1 padding (CR50 does not support
SHA-384 & 512 at the moment, the actual hashing is to be
done on the host).
BRANCH=none
BUG=chrome-os-partner:59754
TEST=TCG tests pass
Change-Id: I78e774639a7968cbb50e58cdd0bf479e64123630
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/415218
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Enabling and disabling sleep in the rdd interrupt is redundant because
USB already takes care of that. When USB is initialized it will disable
sleep. If it is released or suspended then it will re-enable sleep. This
change removes the sleep enable and disable from the rdd interrupt. With
this change now sleep can be enabled while suzyq is still plugged in
using the command 'ccd disable'.
BUG=none
BRANCH=none
TEST=manual
The consoles still work
Updating the EC, AP and Cr50 still works
After running 'reboot ap-off' in the EC console and 'ccd
disable' in the Cr50 console Cr50 will go to sleep.
Change-Id: Ie8e6201e9fd611c514e93bc70d298d3b0d228611
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/413606
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
This patch introduces version 6 of the cr50 USB update protocol. This
version allows to multiplex TPM vendor and extension commands over the
same USB endpoint which is used for firmware updates.
When channeling TPM vendor commands the USB update frame looks as follows:
4 bytes 4 bytes 4 bytes 2 bytes variable size
+-----------+--------------+---------------+-----------+------~~~-------+
+ total size| block digest | EXT_CMD | Vend. sub.| data |
+-----------+--------------+---------------+-----------+------~~~-------+
Where 'Vend. sub' is the vendor subcommand, and data field is
subcommand dependent. The target tells between update PDUs and
encapsulated vendor subcommands by looking at the EXT_CMD value - it
is set to 0xbaccd00a and as such is guaranteed not to be a valid
update PDU destination address.
In the previous protocol versions target reset was requested by the
host sending a 4 byte PDU after the target receives the UPGRADE_DONE
message and moves the state machine to the 'awaiting_reset' state.
With the ability to transfer vendor commands, there is no need for the
target to have a special state for reset. The host can send the posted
or immediate reboot request using the appropriate vendor command.
As a result the 'awaiting_reset' state has been removed, the target
accepts vendor commands only when state machine is in the rx_idle
state.
Vendor command response size is not fixed, it is subcommand dependent.
In the current implementation the total size of the vendor command PDU
can not exceed 64 bytes, as there is no reassembly on the target side.
For backwards compatibility in case the target is running protocol
version earlier than 6, the 4 byte PDU is still sent to the target
after UPGRADE_DONE is sent.
BRANCH=none
BUG=chrome-os-partner:60013
TEST=tested updates on Reef and Gru, observed that it is possible to
update earlier versions of firmware, and that it is possible to
request immediate and posted reset (depending on the presence of
the -u flag in the usb_updater invocation).
Change-Id: I6ea9e9f742c96b8ab0670e9cec87a83cd47bb20e
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/414948
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
When usb update errors happen it helps a lot to be able to see the
actual error code returned by the target and where the error was
generated.
This patch adds a few printouts to help with debugging.
BRANCH=none
BUG=none
TEST=observed proper error messages generated while debugging
introduction of extension/vendor commands transfer over USB.
Change-Id: I06c77e7467f7f9547704c88c4b673866fb2e6032
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/414947
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Some upcoming changes will introduce transfer of vendor and extension
commands over the usb updater endpoint.
This patch exposes a function which allows to verify integrity of
received USB PDUs.
BRANCH=none
BUG=chrome-os-partner:60013
TEST=no functional changes, usb_updater still works fine.
Change-Id: I8d9e6746ef0dfbb17bba618410514ca047a59a45
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/414441
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
When cr50 rollback happens, the newer header's magic field is set to
zero to prevent it from ever running again.
Take this into consideration when displaying versions of the inactive
RW image.
BRANCH=none
BUG=none
TEST=loaded two versions of the new code on a cr50 and then modified
the fallback counter to force it to boot the older version and
reboot a Reef. Once Reef fully boots to chrome os examine CR50
version report:
Before:
> vers
...
RW_A: 0.0.9/DEV/cr50_v1.1.5654-2228b76+
RW_B: * 0.0.11/DEV/cr50_v1.1.5654-2228b76+
...
After:
> vers
...
RW_A: * 0.0.9/DEV/cr50_v1.1.5654-2228b76+
RW_B: Error
Change-Id: I2a9ee13117a0bc91710226cd733c5c484c6d0595
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/413089
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
When the host requests the uploader to post a reboot request, the
uploader should exit right away once the request is posted.
BRANCH=none
BUG=chrome-os-partner:59911
TEST=verified that cr50 gets successfully updated from this image to a
newer one on both reef and gru: the reboot happens under upstart
control, not by cr50 rebooting on its own.
Change-Id: I9e4a2da686fe512b633daa05c675871e5946926f
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/412348
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
In the future, we'd like to have different HID devices on different
endpoints (keyboard, trackpad, etc.), so we'd like to separate the
keyboard handling.
For other chip implementing usb_hid.c (namely, chip/g), we, for now
just rename the config option and endpoint/interface definitions.
Making the code more generic can be done at a later stage.
BRANCH=none
BUG=chrome-os-partner:59083
TEST=make buildall -j
TEST=make BOARD=hammer -j && util/flash_ec --board=hammer
Change-Id: Iad1b00fa226f7635c0f34aae6a435dc53a3ea555
Reviewed-on: https://chromium-review.googlesource.com/409256
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
block offset was being used in a printf before it was being
initialized. Initialize it earlier to fix the problem.
This does not change the size of any ec.*.flat file.
BRANCH=none
BUG=none
TEST=build succeeds under GCC 4.9.2, 5.3 and 6.2
Change-Id: I3233ca3b10d35a6f61036c2e30224dc3747618fd
Signed-off-by: Martin Roth <martinroth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/403501
Reviewed-by: Shawn N <shawnn@chromium.org>
Various cryptographic operations leak timing
information if comparisons are not executed
in constant time. This change adds DCRYPTO_equals(),
a constant runtime comparator.
Also replace crypto related callsites that used
memcmp() as a binary comparator.
BUG=none
BRANCH=none
TEST=tcg tests pass
Change-Id: I3d3da3c0524c3a349d60675902d1f2d338ad455f
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/410163
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
When bus obfuscation is enabled we have the chance of doing a security
reset when resuming from sleep. Since we cannot disable bus obfuscation
on current boards, we need to disable sleep.
BUG=chrome-os-partner:57994
BRANCH=none
TEST=make buildall
Change-Id: I6f49278a9b41c1d15c646838044e34f03b979479
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/409576
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
This change is a safegaurd to ensure that TPM register data is always
placed in the correct location in the HW read I2CS fifo. It is only
checked for 1 or 4 byte regsiter reads. Because of the way in which a
TPM command is sent and the response is read, there are multiple reads
of the STS register prior to reading the TPM fifo register. Therefore
ensuring the fifo has zero depth when 1 or 4 byte regsiter reads,
improves the robustness of the design.
Added a counter to track the number of times the fifo is adjusted and
a new console command 'i2cs disp|rst' to display the count and reset
it to 0 if desired.
Removed section in code for TPM fifo register reads intended to handle
the case where there was a mismatch between how many bytes were copied
into the fifo and the number read by the host. Since the burstcount
field in the status register always contains a valid amount of data
that can be read by the host, there should not be cases where the
host reads less data than was copied from the TPM fifo register. In
the unexpected cases where the host may not drain all of the I2CS read
fifo data during a TPM register read, the I2CS fifo depth will be
corrected the next time that it reads either the access or STS
register which happens prior to the start of any TPM transaction.
BRANCH=none
BUG=chrome-os-partner:57338,chrome-os-partner:59191
TEST=manual
Booted Reef and verfied that TPM functionality is working.
Change-Id: I065a55e64bbcc0cb3357a2bd83447a05400b8899
Signed-off-by: Scott <scollyer@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/382689
Commit-Ready: Scott Collyer <scollyer@chromium.org>
Tested-by: Scott Collyer <scollyer@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
The jittery clock and trng security features require high permissions to
be initialized. In the future these initializations and the permission
level drop may be moved to RO.
This change adds permission level checks before trying to access any
registers that require high permission, so when we update RO to change
the permission RW can still function fine.
BUG=chrome-os-partner:59107
BRANCH=none
TEST=Move the permission drop to the beginning of main and verify the
system still boots.
Change-Id: I5b7cb856decd0640288ad3476f875ec9edc42635
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/405840
We previously used binary extended Euclid. That does not perform well
when inverting a small public exponent.
We also abused that routine to perform the division of n by one of its
factors. Really did not perform well there either.
This CL introduces a classic Knuth long division and a normal extended
Euclid based on that.
This drops the execution time of the common inversions into the single
msec range (vs. multiple seconds before..)
TEST=tcg_tests pass the usual 381/391; test/tpm_test/bn_test passes.
BUG=chrome-os-partner:57422
BRANCH=none
Change-Id: Ic9b4aecd0356fcab3e823dbd60c5b228a87447d3
Reviewed-on: https://chromium-review.googlesource.com/406940
Commit-Ready: Marius Schilder <mschilder@chromium.org>
Tested-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
This combines stm32 and chip/g usb_i2c interfaces so they
will not diverge. Note that this fixes the chip/g implementation
to use 8-bit i2c addresses.
BUG=chrome-os-partner:57059
BRANCH=none
TEST=servod interacts with servo_micro and servo_v4
Change-Id: Ibff217d84b132556202c8a71e3d42c07d546c634
Reviewed-on: https://chromium-review.googlesource.com/405108
Commit-Ready: Nick Sanders <nsanders@chromium.org>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
The i2c_xfer API assumes it's getting an 8 bit slave address, but the
driver was assuming a 7 bit slave address was being passed in. Fixed
the location where this is used to shift it back to 7 bits.
BRANCH=none
BUG=chrome-os-partner:57059
TEST=manual
Cr50 console 'ccd i2c on' then
> i2cxfer r16 0 0x40 0
Unknown error
Usage: i2cxfer r/r16/rlen/w/w16 port addr offset [value | len]
> i2cxfer r16 0 0x80 0
0x2771 [10097]
Shows that it's now assuming an 8 bit address
Change-Id: I791b7c136a741856749c281dd4c8166b5cf97ef9
Signed-off-by: Scott <scollyer@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/405780
Commit-Ready: Scott Collyer <scollyer@chromium.org>
Tested-by: Scott Collyer <scollyer@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
The RESETDET and USBRST USB interrupt status bits are often set
together. There is no point in resetting USB twice.
BRANCH=none
BUG=none
TEST=verified that cr50 still operates fine of Reef and ec and ap
consoles are available (still intermittently).
Change-Id: I467d975a3a5955b6072a2a3376de7a1501e7c6c5
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/404910
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Previously, sleep was being reenabled only after tpm fifo reads as
that would typcially be near the end of a host driven TPM
command. However, in the case the host reads or writes to the STS
register, then sleep would not be re-enabled. Moved the re-enable
point to at the end of every i2cs interrupt. Since sleep is delayed by
1 second prior to being reenabled then Cr50 will not go to sleep in
the middle of TPM command since the host is either writing or reading
STS at a much faster rate when a TPM command is being executed.
BRANCH=none
BUG=chrome-os-partner:40397
TEST=manual
Added a debug counter in idle.c and shortened sleep delays from 3
minutes to 5 seconds. Unplugged suzyq and verified that when
reconnected, the counter was incrementing to verify that Reef would
go to sleep. Also verified that TPM worked successfully and kernel
was launched.
Change-Id: I03ad33ed3591bbba24b5c56445c06d0e11368019
Signed-off-by: Scott <scollyer@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/401808
Commit-Ready: Scott Collyer <scollyer@chromium.org>
Tested-by: Scott Collyer <scollyer@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
This fixes a build failure using gcc 5.3 where opcode and max_attempts
are used before being initialized.
BUG=None
BRANCH=None
TEST=Build all boards successfully.
Change-Id: Ia7c4273f8812cca9f127fcd71101ce3a4e4ad4c7
Signed-off-by: Martin Roth <martinroth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/370662
Reviewed-by: David Hendricks <dhendrix@chromium.org>
Reviewed-by: Nagendra Modadugu <ngm@google.com>
clang doesn't like the array here:
ec-utils-0.0.1-r3361: x86_64-cros-linux-gnu-clang -std=gnu99 -g -Wall -Werror -Wpointer-arith -Wcast-align -Wcast-qual -Wundef -Wsign-compare -Wredundant-decls -Wmissing-declarations -O0 -I/build/reef/usr/include/libusb-1.0 -I../../include -I../../board/cr50 -I ../../chip/g -I../../util usb_updater.c -lusb-1.0 -lcrypto -o usb_updater
ec-utils-0.0.1-r3361: In file included from usb_updater.c:32:
ec-utils-0.0.1-r3361: In file included from ../../include/usb_descriptor.h:14:
ec-utils-0.0.1-r3361: ../../chip/g/usb_hw.h:29:14: error: tentative array definition assumed to have
ec-utils-0.0.1-r3361: one element [-Werror]
ec-utils-0.0.1-r3361: static int (*usb_iface_request[]) (struct usb_setup_packet *req);
ec-utils-0.0.1-r3361: ^
ec-utils-0.0.1-r3361: 1 error generated.
But it's willing to forgive if this is extern. It should be extern
anyway.
BRANCH=none
BUG=chromium:658436
TEST=reef pre-cq passes (building ec-utils)
Change-Id: I5b5f8eb8dcdc3340487b118b30469c8cee73e182
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/401421
Reviewed-by: Shawn N <shawnn@chromium.org>
This is based off of the protocol in the stm32 directory. We should
unify these implementations and the other ccd endpoints at some point.
Right now I though that I should keep the implementation the same as the
other g chips ccd drivers.
BUG=chrome-os-partner:57059
BRANCH=none
CQ-DEPEND=CL:390015
TEST=manual
download the servo patch and run 'sudo servod -c ccd_cr50.xml -c
reef_r1_inas.xml'
Test the usb i2c bridge by running 'dut-control | grep pp'
Attach servo and verify cr50 will not enable i2c
Change-Id: I0f72671505f5451a960d3baea4b2c34b6910d892
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/388896
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Nick Sanders <nsanders@chromium.org>
The USB stream should check that there are bytes in the rx fifo to read
before trying to read them. This should have been in here already.
Checking if rx is valid in usb-stream makes the rx_valid call in usb_spi
unnecessary so that is removed.
BUG=none
BRANCH=none
TEST=manual
Test CCD functionality still works on gru and reef
AP/EC consoles
sudo flashrom -p raiden_debug_spi:[AP|EC] -r img.bin
usb updater
Change-Id: Ieb77e35cc471b1f97d540ea4560591f0f40dd600
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/397858
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
To be able to identify different cr50 devices connected to the same
machine we need a serial number. This change uses dev id 0 and 1 to come
up with one.
BUG=chrome-os-partner:56641
BUG=chrome-os-partner:58342
BRANCH=none
TEST=lsusb -vd 18d1:5014 | grep iSerial shows different numbers for
different devices. Verify when ccd is disabled the serial number is 0.
Change-Id: I85c54af4a21bdfd0542019c02aa8420d9a879fae
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/395633
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
This change adds options to the powerbtn console command to press and
release the power button.
BUG=chrome-os-partner:58123
BRANCH=none
TEST=manual
'powerbtn press' force a power button press
'powerbtn release' release the power button. This will not
override the signal if the button is physically pressed.
Change-Id: I52631d30dbae874ba6637f728cb6e435cb626e12
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/396207
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
On both Reef and Gru there are INA (shunt bus voltage monitor) ICs
connected to the Cr50 I2C master bus. The use case for these chips is
in a lab setting using case closed debugging. Power to the INA chips
is controlled by a separate Cr50 gpio signal.
By default, the INAs are powered off and the I2C master bus is not
connected. A function ina_connect() is provided which needs to be
called prior to attempting to access the INAs via I2C.
BRANCH=none
BUG=chrome-os-partner:57059
TEST=manual
Tested both Reef and Gru. Verified that console command 'ccd ina
on|off' works as expected and that can repeatedly read registers on
the INA using the following command "i2cxfer r16 0 0x40 0".
Read 0x2771 [10097] which is the default value. In addition
wrote register 14 (bits 15:1 are writeable) and verified the value was
able to read the value back which was written.
Change-Id: I670f7897555dae29642264531599dc4471c52bbd
Signed-off-by: Scott <scollyer@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/394168
Commit-Ready: Scott Collyer <scollyer@chromium.org>
Tested-by: Scott Collyer <scollyer@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Added i2cm driver to support chip_i2c-xfer function. The initial use
case is for INA chips on the Reef/Gru platforms. Note that this CL
does not include any board specific changes and therefore does not
include an I2C port definition or required pinmux settings.
BRANCH=none
BUG=chrome-os-partner:57059,chrome-os-partner:58355
TEST=manual
Used console command "i2cxfer r16 0 0x40 0" to read the config
register. Read 0x2771 [10097] which is the default value. In addition
wrote register 14 and read back the value.
Change-Id: If9e377da4c8f4835d4676281872a0f079fe56aa6
Signed-off-by: Scott <scollyer@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/388794
Commit-Ready: Scott Collyer <scollyer@chromium.org>
Tested-by: Scott Collyer <scollyer@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Usually CR50 TPM reset happens when the AP reboots, the CR50 RO does
not get a chance to run in this case, so the running RW does not
change either,
Once the idle RW section was updated, the only way to start it is to
reboot the CR50 completely, Rebooting CR50 causes the whole system
reset, so it should not be happening at random moments in time.
This patch introduces a mechanism to delay reboot to the moment when
the TPM is reset. The reboot request would be posted in the end of the
update, and then the AP would reboot, triggering a TPM reboot, which
in turn would trigger the CR50 reset.
The USB update handler now posts the reboot request instead of
triggering the reboot immediately.
BRANCH=none
BUG=chrome-os-partner:58226
TEST=with the rest of the patches applied verified that the system
gets reset and the new image version kicks in on both gru (over
SPI) and reef (over USB).
Change-Id: Iff859f2e7a48c5035a27fffd17aefe7e318af569
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/395627
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
The keyid field of struct SignedHeader is what distinguishes prod
keys from dev keys. This may be useful someday, so let's have the
update protocol return those values for the active RO and RW
images.
Bump the UPGRADE_PROTOCOL_VERSION accordingly.
Note: This doesn't enforce any keyid matches, it just returns the
current values as part of the initial upgrade handshake in case
we want to know.
BUG=chrome-os-partner:57956
BRANCH=none
TEST=make buildall; try on Gru
Make sure that Cr50 can be freely updated and downgraded between
firmwares that speak either v4 or v5 of the protocol, by using
the v5-aware usb_updater tool.
And of course, make sure that v5 images report their keyids. Duh.
Change-Id: If2cc0d4023dca2078b9398fd899618dc2cd409b9
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/394732
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
This change adds apreset, ecreset, ec_rst, sys_rst and powerbtn options
to the ccd console command.
BUG=chrome-os-partner:58123
BUG=chrome-os-partner:56835
BRANCH=none
TEST=manual
sysrst resets the AP
sysrst on/off controls SYS_RST_L
ecrst resets the ec
ecrst on/off controls EC_RST_L
powerbtn 500 will simulate a power button press for 500 ms
Change-Id: I89adc88eb407730c9d57811a07bfef8fcf63c5b9
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/393809
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
- changed the pad assignment for plt_rst_l from DIOA13 to DIOM3;
- removed the board property used to keep uart rx disabled, Uart0 is
now enabled by default on Cr50.
- removed resetting fallback counter on USB updates for reef boards,
they are going to use the same mechanism as kevin and gru.
BRANCH=none
BUG=chrome-os-partner:56540
TEST=Tested on Reef Board ID 1 and Gru Board ID 1. Verfied that
plt_rst_l signal is being detected and that there are no
interrupt storms related to not having a pullup resistor on the
uart rx line. Verified that both platforms successfully boot into
chrome OS using cr50 TPM.
Change-Id: I300a0c75e60acbecf93500b46aced303955a192a
Signed-off-by: Scott <scollyer@chromium.org>
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/391140
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
When tpm is reset the i2c slave interface initialization function is
called, but it does not quite re-initialize the interface.
This patch adds both a hardware pulse to make sure that the i2c slave
interface state machine is set into the initial state, and code to
zero static variables of the driver.
BRANCH=none
BUG=none
TEST=with the change on the AP firmware side which prevents losing i2c
ready interrupts early in the process tpm reset became much more
reliable. Resetting from EC, AP of cr50 consoles reliably
restarts reef without any TPM communications problems.
Change-Id: I604607c32d4dfc554b245d3d3d82b9ad38271962
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/392306
Reviewed-by: Scott Collyer <scollyer@chromium.org>
Commit 9e7c12b added a command-line option to "make" to build
development versions of the Cr50 board. This makes the symbol
definition useful in makefiles and not just C code.
BUG=chrome-os-partner:57408
BRANCH=none
TEST=make buildall; try on Gru with and without CR50_DEV=1
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: Id0719d63263b00e192a2e4866dbe1551ae49e23c
Reviewed-on: https://chromium-review.googlesource.com/391127
Commit-Ready: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
The application may need to read/write/erase the flash memory,
but we not want console users to do so. This CL adds
CONFIG_FLASH_PHYSICAL, which allows the higher-level CONFIG_FLASH
to be undefined while still providing the chip-specific
flash_physical_* accessor functions.
There aren't many board.h files that needed changes, since
CONFIG_FLASH_PHYSICAL is enabled by default, just like CONFIG_FLASH.
BUG=chrome-os-partner:57408
BRANCH=none
TEST=make buildall; try on Gru with and without CR50_DEV=1
See that it still boots, updates, wipes, restores, etc. without
linking common/flash.o in the production image; and that the
flash commands are still there in the dev build.
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: I7eb1bbcb414b1c70ee427c4fcb5cea899dbb9e93
Reviewed-on: https://chromium-review.googlesource.com/391188
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
