STM32F0 cannot keep PWM output active when chip is in deep sleep.
The only other board that uses both CONFIG_LOW_POWER_IDLE
and CONFIG_PWM on stm32 is jerry, and this logic should also apply
to it.
Also, switch using_pwm from array to bitmask to simplify handling.
BRANCH=none
BUG=b:36173380
TEST=On AP, tell it to autosuspend hammer:
echo auto > /sys/bus/usb/devices/1-2/power/control
Then see, using idlestats, that hammer does to deep sleep.
In hammer console: pwm 0 50, see that PWM output is stable,
idlestats shows EC does not sleep.
In hammer console: pwm 0 -1, idlestats shows EC sleeps again.
Change-Id: Ic74c1905364fe4335239da95a99193d0e3e979f7
Reviewed-on: https://chromium-review.googlesource.com/541115
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
- Move generic implementation to curve25519-generic.o
- Always use optimized version on cortex-m0.
- Rename .s files to .S, remove unnecessary lines in assembly files.
- Rename crypto_scalarmult_curve25519 to x25519_scalar_mult to match
the signature provided by the generic implementation.
- Replace some handcoded memcpy with function calls
- Remove unnecessary "volatile" specifications in the code.
BRANCH=none
BUG=b:62813194
TEST=To test old implementation only:
- Increase CONFIG_RO_SIZE to 60kb
- Increase console stack size to 2048
make BOARD=hammer PROJECT=x25519 TEST_BUILD=y
./util/flash_ec --board=hammer --image=build/hammer/x25519.bin
EC console: runtest, taskinfo
=> Used to takes ~4'17" to run (X25519 duration 256347 us).
1496/2048 stack size usage in CONSOLE task
=> Now takes ~1'25" to run (X25519 duration 84520 us)
732/2048 stack size usage in CONSOLE task
TEST=In test/x25519.c, uncomment #define TEST_X25519_1M_ITERATIONS
make BOARD=hammer PROJECT=x25519 TEST_BUILD=y
./util/flash_ec --board=hammer --image=build/hammer/x25519.bin
EC console: runtest, wait ~23 hours, test passes.
TEST=- Define CONFIG_CURVE25519_CORTEXM0 (next patch)
makes newsizes
build/hammer/RW/ec.RW.flat shrank by 1888 bytes: (52208 to 50320)
Change-Id: Icce38d3c32f431a85ac0f951cf34456b490dc665
Reviewed-on: https://chromium-review.googlesource.com/540962
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
RMA auth uses X25519 to generate a relatively small challenge and
response.
Currently, nothing calls the rma_auth code. We'll need console and
TPM vendor commands to do so.
BUG=b:37952913
BRANCH=none
TEST=make buildall
Change-Id: Iec7f2d0e3dc8243f79b009ead16bb3ba9f1bef9d
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/544184
as it turns out, we're pretty aggressive in iterating over all TCPCs
checking for alerts when any of them generate an interrupt or their
interrupt line is low. this can cause unfortunate behavior if the
driver hasn't initialized itself (and the chip) yet for interrupts to
be handled or we've released (disconnected) the driver so we can do a
TCPC firmware update. so, check the PD task state to see if it makes
sense to service the port's interrupt.
note: there seems to be a quirk with the ps8751 in that it holds its
ALERT# (interrupt) line low during firmware update. this line is
supposed to be falling edge triggered, so it's technically not
interrupting, but since we also poll the line level, we think there's
a continuous interrupt that isn't acutally there. we get away with
this because pd_exchange_status() has a 5ms delay in its polling loop
to avoid spinning.
the particular test case was to unplug the PD power brick during TCPC
firmware update (over i2c). the interrupt handler would be called,
accessing the TCPC over i2c and causing all sorts of havoc.
TEST=tested with follow-up CLs and verified ps8751 firmware update
works on electro.
BRANCH=none
BUG=b:35586896
Change-Id: I880cff49e0e9637256efa9003bcc46274536e631
Signed-off-by: Caveh Jalali <caveh@google.com>
Reviewed-on: https://chromium-review.googlesource.com/544661
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
Reviewed-by: Shawn N <shawnn@chromium.org>
In order to report specific wake events from differernt devices
add a host command that allows setting device event mask, and
triggering a host event when that device event is set.
This is done as a separate command and mask because we are running
out of host events, and it takes over the unused thermal overload
event that was never used in EC or BIOS.
The first use case for this is platforms that have AP wake events
that go to the EC, for instance devices that use Deep S3 and have
a limited set of wake pins. (such as Eve)
This allows the AP to determine the exact wake source for an event
so it can be logged and acted on by the AP if necessary.
BUG=b:36024430
BRANCH=eve
TEST=manual testing on eve with trackpad and dsp wake events
Change-Id: I48d94014c00dc1dad098ab96af0ddc7860229762
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://chromium-review.googlesource.com/555632
Reviewed-by: Scott Collyer <scollyer@chromium.org>
Implement U2F (universal second factor authentication) feature
over TPM vendor commands.
The raw U2F APDU as defined by the FIDO Alliance 'U2F Raw Message Formats'
specification can be sent using the VENDOR_CC_U2F_APDU command.
So the vendor command is taking a ISO7816-4:2005 APDU format frame as input
as defined by the spec and returns another APDU using ISO7816-4 status
code.
The APDU is processed by the common U2F code using u2f_apdu_rcv(),
this hardware specific code provides:
- the user physical presence detection (done by the power button press)
returned by the pop_check_presence() callback.
- the connection to the cryptographic hardware to generate/derive the
keys used by the U2F and individual attestation functions.
This feature/vendor command has 3 modes:
- disabled
- U2F (only the commands/flags defined by the U2F specification)
- G2F (the U2F commands plus some extensions for individual attestation)
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=cr50
BUG=b:35545754
TEST=pass U2FTest and HIDTest.
Change-Id: Ic2591f369763fb4ba67926e2b4a0c2cd35330a18
Reviewed-on: https://chromium-review.googlesource.com/518139
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Add the common code to support FIDO U2F (Universal second factor
authentication) protocol implementation: the APDU parsing and standard
commands execution, plus a few non-standard flags and hooks.
The u2f.h header is the unmodified copy from the U2F v1.1
Specifications archive.
Mostly copied over from the cr52 code-base.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=cr50
BUG=b:35545754
TEST=with follow-up CLs, run U2FTest on Eve.
CQ-DEPEND=CL:*390230
Change-Id: I636d4a77ea69d69b5ab18a958e58ee6fcb2476bc
Reviewed-on: https://chromium-review.googlesource.com/518136
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Base32 encoding is used to turn the RMA reset binary
challenge/response into less-typo-prone text, at 5 bits per character.
BUG=b:37952913
BRANCH=none
TEST=make runtests
Change-Id: I474750a20204ba353cea1e91982aa03e8071c0c2
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/544177
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
This patch makes EC read the slot to verify and jump to from the
battery backed up RAM (BBRAM).
BUG=b:38462249
BRANCH=none
TEST=Boot Fizz
Change-Id: I0c78861ea3ccdc45d0aa08e690e3a68f53658409
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/518255
similar to the USB_PD_TCPC case, add release/init operations when the
pd_task enters/leaves the PD_STATE_SUSPENDED state. one use case for
PD_SUSPEND is to get exlusive access to the TCPC for things like
firmware update, so the release/init operation is needed to get the
TCPC and driver into a good state.
updated all tcpm_drv style drivers. for backward compatibility, "old"
drivers that may not handle init/release properly simply return
EC_ERROR_UNIMPLEMENTED for tcpm_release(). pd_task() uses this as a
signal that it should not try to re-init() the driver.
TEST=tested in combination with follow-on CLs to do TCPC firmware
update on electro. also built for kevin, eve, sand which are
some of the other boards using these drivers.
"make buildall -j" passes.
BRANCH=none
BUG=b:35586896
Change-Id: I3d2964a79e710428f7a6e7004d68ab424af85be8
Signed-off-by: Caveh Jalali <caveh@google.com>
Reviewed-on: https://chromium-review.googlesource.com/544660
Reviewed-by: Shawn N <shawnn@chromium.org>
This patch sets/clears RESET_FLAG_AP_OFF on S5<->S3 transitions.
It's set when the system gracefully shuts down and cleared when the
system boots up. The result is EC tries to go back to the
previous state upon AC plug-in on battery-less systems.
This is required for digital signage and kiosk.
This also reverts: CL 514209, 486946, and 486945.
BUG=b:37536389
BRANCH=none
TEST=Tested as follows:
A. Boot to S0
A.1. Unplug AC while system is in S0 then plug in - PASS
A.2. Unplug AC while system is in S3 then plug in - PASS
A.3. Press recovery+power in S0 - PASS
A.4. Press recovery+power in G3 - FAIL (To be fixed)
A.5. Execute reboot console command - PASS
A.6. Execute reboot OS command - PASS
A.7. Execute reboot console command in G3 - PASS
B. Boot to G3
B.1 Unplug AC while system is in G3 then plug in - PASS
B.2 Unplug AC after B.1 then plug in - PASS
B.3 Shutdown by power button on recovery screen then unplug
plug in AC - PASS
B.4 Execute reboot ap-off console command - PASS
B.5 Execute shutdown command from OS then plug in AC - PASS
Change-Id: Iaa6f930585050fdd3511c711b449dff47525066d
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/517287
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This patch adds vboot for EC by EC (vboot EC) for x86 systems.
When ec is transitioning s5->s3, it checks the power supply is
enough to boot AP or not. If not, it runs other checks and may
finally validate and jump to a RW image.
BUG=b:38462249
BRANCH=none
TEST=Boot Fizz on barrel jack and type-c charger.
Change-Id: I5988b0595976370c5303c45541702ae89d86fc97
Reviewed-on: https://chromium-review.googlesource.com/518254
Commit-Ready: Daisuke Nojiri <dnojiri@chromium.org>
Tested-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
On a keyboard-less, volume-button-less board, we support simplified
sysrq handling.
For Fizz, we use the recovery button to trigger sysrq event and
holding it down to trigger warm reset.
BUG=b:38418116,b:38417391
BRANCH=none
TEST=On Fizz, try
1. Press recovery button and release -> sysrq sent
2. Press and hold recovery button -> warm reset
3. Press recovery button and power button -> enter recovery mode
Change-Id: If8760319dba3df4545e9805b396ac89c241dae80
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/537817
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Mapped reads are relative to CONFIG_EC_*_STORAGE_OFF, not
CONFIG_R*_MEM_OFF. The previous implementation happened to work for
internal mapped storage (eg. stm32) but failed for external mapped
storage which is copied to SRAM before execution (eg. npcx).
BUG=b:62841029
TEST=Verify sysjump works again on eve/poppy/soraka. Verify sysjump
and sig verification continues to work on fizz and stm32.
BRANCH=None
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: Id51ce5697555eea38b246b58dbf47f22d4befaa7
Reviewed-on: https://chromium-review.googlesource.com/541861
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
Recent changes broke the portability of this header file.
Fix the ACPI guards so it can be used in coreboot.
BUG=b:36024430
BRANCH=none
TEST=make -j buildall (as usual many haven boards fail)
Change-Id: I0d737e7aad7ead90289b43db09352092ef7e3e98
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://chromium-review.googlesource.com/539135
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
This API checks battery charge level and current power supply
to determine whether the AP has enough power to boot or not.
BUG=b:38462249
BRANCH=none
TEST=make buildall
Change-Id: I489f7ea92f230701b8f18c94d3e698aad90b4a03
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/517272
This patch adds wait between DSW_PWROK and PWRBTN assert. It is
required to be 95 msec or longer for Kaby Lake and Sky Lake.
Refer to the timing diagram for G3 to S0 on Sky Lake or Kaby Lake
platform design guide for details.
BUG=b:62584658
BRANCH=none
TEST=On Fizz, measured time between DSW_PWROK high and PWRBTN assert
for 1:AC plug-in, 2:recovery+power press, 3: reboot ec command.
Change-Id: I89a14ac9a49e20a332bd662d90be62f8ea23b003
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/534901
Provide APIs that allow chips to implement their own version of
backing up/restoring panic data to persistent storage.
BUG=b:62076222
BRANCH=None
TEST=make -j buildall
Change-Id: Idda2d55703d4fe7e0a8d6305695fbf4e193b596b
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/530196
Reviewed-by: Mulin Chao <mlchao@nuvoton.com>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
Handle UPDATE_EXTRA_CMD_PAIR_CHALLENGE command, where the
lid sends a random x25519 public key, and nonce, and the base
replies with its own (stable) x25519 public key, and computes
a shared secret using its private key to verify its identity.
BRANCH=none
BUG=b:38486828
TEST=Flash hammer, ./usb_updater2 -c always reports the same
device public key, and authenticator is correct.
Change-Id: Ida60ffa7476794ee92669951c740dbe35950fb9c
Reviewed-on: https://chromium-review.googlesource.com/532475
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
The contents of the board ID fields of the Cr50 image headers is an
important piece of information which determines if an image can run on
a particular H1 chip.
This patch adds this information to the output of the 'version'
command, printing both the contents of the fields of the RW images and
if the image would run with the current INFO1 board ID contents (Yes
or NO).
The board_id feature is in fact g chipset specific, this is why
board_id support files are being moved from the cr50 board scope to
the g chip scope.
BRANCH=cr50
BUG=b:35587387,b:35587053
TEST=observed expected output in the version command:
> bid
Board ID: 000000fa, flags 000000ff
> vers
Chip: g cr50 B2-C
Board: 0
RO_A: * 0.0.10/29d77172
RO_B: 0.0.10/c2a3f8f9
RW_A: * 0.0.20/DBG/cr50_v1.1.6542-856c3aff4
RW_B: 0.0.20/DBG/cr50_v1.1.6543-2c68a2630+
BID A: 00000000:00000000:00000000 Yes
BID B: 000000ea:0000fffc:000000ff No
Build: 0.0.20/DBG/cr50_v1.1.6542-856c3aff4
tpm2:v0.0.289-cb2de5a
cryptoc:v0.0.8-6283eee
2017-06-09 15:34:19 vbendeb@eskimo.mtv.corp.google.com
>
Change-Id: I5b283abf304a7408ca8f424407044fca238185e1
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/530033
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
By default, read USB serial number from flash, but provide a way
for boards to override the function (e.g., to read serial number
from unique chip id).
BRANCH=none
BUG=b:62280271
TEST=Flash hammer
lsusb -d 18d1:5022 -v -v | grep iSerial
shows different chip IDs on different boards.
Change-Id: I0917752bb8e04c1eff4dffc0b3714f63dcd942b0
Reviewed-on: https://chromium-review.googlesource.com/523045
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Nick Sanders <nsanders@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
All other chips rely on gpio_enable_interrupt to enable interrupts. They
aren't enabled by default. This changes chip/g to match that.
If chip/g boards have interrupts, they also enable them in the
init_interrupts function in board.c. Nothing needs to be added to enable
interrupts.
BUG=b:35587228
BRANCH=cr50
TEST=use 'gpiocfg' to verify the setup hasn't changed.
Change-Id: I1e975999e0174b9dcbbe63c09c6110dc4161f8ff
Reviewed-on: https://chromium-review.googlesource.com/530006
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
In this CL, we add selecting LFCLK sources functionality for npcx7 ec
series. (Please notice not all of npcx7 ec series support this feature.)
Beside internal LFCLK source, ec also can choose the external 32kHz
crystal oscillator as LFCLK source for the specific application. We also
introduce a new definition, CONFIG_CLOCK_SRC_EXTERNAL, to switch this
feature in the board level driver.
This CL also adds:
1. LFCG register definitions in registers.h.
2. Change the order of each npcx modules by memory address.
BRANCH=none
BUG=none
TEST=Output LFCLK source through GPIO75. Compare with external 32kHz
crystal osc. on npcx7_evb and make sure the sources are the same.
Change-Id: I137146bf51ccb51266b9aac1e2e28bcea87dc4f5
Signed-off-by: Mulin Chao <mlchao@nuvoton.com>
Reviewed-on: https://chromium-review.googlesource.com/520745
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Adds a mechanism that allows a board to disable interrupting the AP /
kernel when the status of any one of the EC_HOST_EVENTS included in
CONFIG_HOST_EVENT_REPORT_MASK changes state. Default state enables
reporting of all events; a board can override this by defining
CONFIG_HOST_EVENT_REPORT_MASK in its board.h file.
NOTE: The host_set_events() and host_clear_events() routines no longer
interrupt the AP if none of the host events the AP is interested in
changed state.
BRANCH=none
BUG=chromium:637061
TEST=make buildall passes
Signed-off-by: Nick Vaccaro <nvaccaro@chromium.org>
Change-Id: I678fb9d9dab6890848b94b314efd711842b1fd48
Reviewed-on: https://chromium-review.googlesource.com/502078
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Add touchpad related host commands:
1) EC_CMD_TP_SELF_TEST: run open short test.
2) EC_CMD_TP_FRAME_INFO: get number of frame and frame size.
3) EC_CMD_TP_FRAME_SNAPSHOT: make a snapshot of the frame.
4) EC_CMD_TP_FRAME_GET: get frame data.
BRANCH=none
BUG=b:62077098
TEST=`make BOARD=rose -j`
`ectool --name=cros_tp tpselftest` and
`ectool --name=cros_tp tpframeget` works
Change-Id: I43db82278e556b1e6f6301fe88233fe7c4a18a14
Signed-off-by: Wei-Ning Huang <wnhuang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/515282
Commit-Ready: Wei-Ning Huang <wnhuang@chromium.org>
Tested-by: Wei-Ning Huang <wnhuang@chromium.org>
Reviewed-by: Rong Chang <rongchang@chromium.org>
When vendor commands are processed by the TPM device, the result of
the command execution is communicated through the TPM response header.
When vendor commands are sent through USB the command execution result
value is lost, as the USB reply includes only the response payload,
(if any), but not the result value.
With this patch the single byte result value is prepended to the USB
response payload. The recipient will always look for the value in the
first byte of the response to find the vendor command execution
status.
The corresponding change to the Cr50 usb_updater will remove the
response code from the payload before considering the command's return
data.
BRANCH=cr50
BUG=b:35587387,b:35587053
TEST=verified proper existing extension commands processing (post
reset, turn update on) by the new version of usb_updater and
backwards compatibility with earlier Cr50 RW version (down to
0.0.13).
Change-Id: I5c8b3ea71d3cbbaccc06c909754944b3ab04675d
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/525093
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
When invoking vendor command handlers in try_vendor_command(), the
buffer containing the command is passed to the handler to communicate
the command contents and to hold the command execution return data. It
was fine when invoking vendor command handlers from the TPM stack, as
the receive buffer is 4K in size and is large enough for any expected
vendor command response.
It is different in case of USB: the command is in the receive buffer
of the USB queue, and the response data could easily exceed the
command size, which would cause corruption of the USB receive queue
contents when the response data is placed into the same buffer where
the command is.
Let's introduce a local storage to pass the command and receive the
response data from the handler. 32 bytes is enough for the foreseeable
future, should a need arise for a larger buffer, testing would result
in an error (a new error type is added to indicate insufficient buffer
space for command processing).
BRANCH=none
BUG=b:35587387,b:35587053
TEST=with the rest of the patches applied verified proper processing
of the 'Get Board ID' command for which response size exceeds the
request size.
Change-Id: I2131496f3a99c7f3a1869905120a453d75efbdce
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/525092
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Mix in board-generated entropy with the externally provided one,
which should help make the per-device secret stronger.
BRANCH=none
BUG=b:38486828
TEST=reboot; rollbackaddent Hello => works fine when USB is connected,
fails otherwise, as board-generated entropy relies on USB timing.
Change-Id: I314f44759c5f8b859913a748db95e9d42b5cdd11
Reviewed-on: https://chromium-review.googlesource.com/518609
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
This function will be used to generate some entropy using the
Clock Recovery System.
BRANCH=none
BUG=b:38486828
TEST=make BOARD=hammer -j tests
./util/flash_ec --board=hammer --image=build/hammer/test-entropy.bin
EC console: runtest
TEST=Test fails when no USB connection is active
TEST=Test passes when USB connection is active
TEST=Pasting the values into:
tr ';' '\n' | awk 'BEGIN { e = 0; tot=16384.0 }
{ p = $1/tot; if (p > 0) { e -= p*log(p)/log(2) } }
END { print e }'
shows an entropy > 4 bits per sample.
Change-Id: I2363c7bce42c72c33ef0bf3f099d709ee9c13d13
Reviewed-on: https://chromium-review.googlesource.com/518608
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Cr50 has different gpio configurations for different boards. They cannot
be determined until board_init. We want a way to delay enabling the gpio
interrupts until the board type can be determined.
This change adds a gpio flag, GPIO_INT_DISABLE. When set gpio_pre_init
will setup the interrupt, but not enable it. board_init then enables all
of the interrupts with init_interrupts.
BUG=b:35587228
BRANCH=cr50
TEST=use 'gpiocfg' to verify the setup hasn't changed. Add print
statements to verify that gpio_pre_init skips enabling the interrupt on
any gpio that has GPIO_INT_DISABLE set
Change-Id: I91f73297ab80781b99aa82eda479ae311c13cb77
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/523808
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
The UART block on the g chip has no functionality to adjust the parity.
Unfortunately, this feature is needed for certain applications.
This commit adds a UART bit bang driver with support for configuring the
baud rate and parity. It currently only supports 8 data bits.
BUG=b:35648297
BRANCH=cr50
TEST=make -j buildall
TEST=With some other patches, successfully flash rowan EC at 9600 baud.
Change-Id: I86a160c0960e46b3a8bb1057518f625aefb7d81f
Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Reviewed-on: https://chromium-review.googlesource.com/503473
Commit-Ready: Aseda Aboagye <aaboagye@chromium.org>
Tested-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
The default USB packet has a maximum size of 64 bytes, however, we need
to support some USB over I2C write transaction that exceed this default.
To support so with protocol backwards-compatible in mind, we enable a
config option CONFIG_USB_I2C_MAX_WRITE_COUNT that will enlarge the USB
RX queue.
BRANCH=none
BUG=b:35587174
TEST=Complete presubmit test.
TEST=Manually update elan trackpad firmware with interrupt disabled.
Change-Id: Ia8983b036b7297f7ca673459ae34b7e5ecd2ee01
Reviewed-on: https://chromium-review.googlesource.com/513642
Commit-Ready: Chun-ta Lin <itspeter@chromium.org>
Tested-by: Chun-ta Lin <itspeter@chromium.org>
Reviewed-by: Chun-ta Lin <itspeter@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
There is a new keyboard matrix layout:
- We can map the search key to both KSO1, KSI0 and KSO0, KSI3
(old layout will only use the former, new layout will use the latter).
- There is a new key on KSO0, KSI5, which we can map to HID page 0xffd1
code 0x0018.
BRANCH=none
BUG=b:62004286
TEST=Flash hammer
kbpress 0 3 1; kbpress 0 3 0 reports KEY_LEFTMETA as expected
kbpress 0 5 1; kbpress 0 5 0 reports "BTN_0", which is probably
incorrect, and needs to be fixed.
Change-Id: I9fb428805ff756b6d63f50cc5b061c6a0e1defbc
Reviewed-on: https://chromium-review.googlesource.com/512502
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Some device has large pages that take up to 2s to erase.
Add support to send a deferred erase command, that willi
be processed on HOOK task.
It can leave the other tasks (HOST_CMD) responsive.
If the whole EC can stall on flash erase, like the STM32F4 do,
at least the command FLASH_ERASE_GET_RESULT can be retried when it times
out.
BRANCH=none
TEST=Check with flashrom doing a loop of overwrites.
BUG=b:38018926
Change-Id: I8ce8e901172843d00aac0d8d59a84cbd13f58a10
Signed-off-by: Gwendal Grignou <gwendal@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/510012
Reviewed-by: Alexandru M Stan <amstan@chromium.org>
This patch adds vendor and console commands to read and write the
board ID space in the INFO1 block.
Current image's board ID settings are saved in the image header by the
latest codesigner.
Board ID write attempts are rejected if the board ID space is already
initialized, or if the currently running image will not be allowed to
run with the new board ID space settings.
Error codes are returned to the caller as a single byte value.
Successful read command returns 12 bytes of the board ID space
contents.
The console command always allows to read the board ID value, and
allows to write it if the image was built with debug enabled.
BUG=b:35586335
BRANCH=cr50
TEST=as follows:
- verified that board ID can be read by any image and set by debug
images.
- with the upcoming patches verified the ability to set and read
board ID values using vendor commands.
Change-Id: I35a3e2db92175a29de8011172b80091065b27414
Signed-off-by: Philip Chen <philipchen@google.com>
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/522234
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Add the implementation of a robust non-volatile incrementing counter
using 2 pages from the underlying flash.
It is used to implement the U2F functionality.
The main goal of the counter is providing a strictly incrementing value
whatever adverse events (malicious or not) happen as it is used to
prevent rollback attacks in the U2F protocol.
Given the limitation of the flash process: ie wear-out endurance and
2kB-page erase granularity only and possible isolated bit-flips
(accentuated by power losses), the counting is done by pulling down
several bits at a time from their erased state (1) to 0.
The counting is implemented this way with 2 pages called LOW and HIGH:
The LOW page is implemented in a strike style, with each "strike" zero-ing
out 4 bits at a time, meaning each word can be struck a total of 8
times.
Once the LOW page is completely struck, the HIGH page is incremented by 2.
The even increment is for the value, the odd increment is a guard signal
that the LOW page must be erased. So as an example:
If HIGH is 2, the LOW page would increment to 3, erase itself, and then
increment to 4. If this process is interrupted for some reason (power loss
or user intervention) and the HIGH left at 3, on next resume, the HI page
will recognize something was left pending and erase again.
For a platform with 2-kB flash pages, it can count up to 8388608, then
it is stuck at 0xFFFFFFF indefinitely.
Mostly copied over from Marius code in cr52 code-base.
Signed-off-by: Marius Schilder <mschilder@google.com>
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=cr50
BUG=b:35545754
TEST=with follow-up CLs, run U2FTest on Eve
Change-Id: Idd0756078e3641c4a24f9c4ccf6611909bd5f00f
Reviewed-on: https://chromium-review.googlesource.com/518135
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
The previous boards that used double tap both used lightbar
sequence. Eve, also needs double tap, but doens't have lightbar. Added
a board specific call when processing the double tap event to allow
more flexibility.
BUG=b:35584895
BRANCH=none
TEST=Manual tested double tap and verified it was detected based on
the console print.
Change-Id: I73d8669803e7dcbbbac00de09822f4a286965fce
Signed-off-by: Scott Collyer <scollyer@google.com>
Reviewed-on: https://chromium-review.googlesource.com/516546
Commit-Ready: Scott Collyer <scollyer@chromium.org>
Tested-by: Scott Collyer <scollyer@chromium.org>
Reviewed-by: Gwendal Grignou <gwendal@chromium.org>
It needs to be possible to prevent unlocking of CCD on enterprise
enrolled devices, in particular to prevent users from moving into dev
mode.
A bit in the FWMP structure flags field was allocated for the purposes
of preventing console unlock in those cases.
This patch adds code to read the FWMP structure from the TPM NVMEM,
verify it and determine if it should be possible to unlock the
console. The restriction is not honored by Cr50 DBG images.
The FWMP value is read only once per TPM reset, this means each time
the admin console changes the relevant flag bit, the Chrome OS device
has to be rebooted to pick up the new flag value.
BRANCH=cr50
BUG=b:35587387,b:35587053
TEST=verified that FWMP is properly read and acted upon.
Change-Id: I17e15ea2b2293a0c096858fba3ccc389452caede
Reviewed-on: https://chromium-review.googlesource.com/457824
Commit-Ready: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
In order to ensure we are always meeting the deadlines for the IRQ_HPD
pulse, increase the priority of the processing by moving the rising edge
from the low-priority HOOK task (in a deferred function) to the caller
task (which is the high-priority PD task).
The downside is we are now sleeping in the PD task blocking the
processing of the PD messages during this time.
Changed HPD_DSTREAM_DEBOUNCE_IRQ to 500us instead of 750us. According
to DP spec, the IRQ_HPD pulse width is between 500us and 1000us.
Ensure there is a minimum of 2ms delay in between each IRQ_HPD as specified
by the DP spec, by sleeping before sending the next pulse if needed.
(in practice, this should not wait if we are not too off processing the
messages)
BUG=chromium:711334
BRANCH=glados strago reef oak
TEST=manual, on SKL platform with kernel 3.18 and MST, verify display is
functional on USB-C dock.
Change-Id: Ib2e9dd608c5f1c671cc5a0fd979a5742101375ff
Signed-off-by: Kevin K Wong <kevin.k.wong@intel.com>
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/508629
Reviewed-by: Todd Broch <tbroch@chromium.org>
As part of the pairing process, AP needs to be able to inject
some entropy into the base.
Let's also define PAIR_CHALLENGE, which will be implemented in
a later CL.
BRANCH=none
BUG=b:38487027
TEST=Flash hammer. On host, reboot hammer to RO:
usb_updater2 -r; sleep 0.5; usb_updater2 -s
usb_updater2 -e (adds entropy)
EC console: check that rollbackinfo shows secret is updated
Change-Id: I964bb578c6bfbb1ab5105a70b43682d51df4ed47
Reviewed-on: https://chromium-review.googlesource.com/513807
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
