This patch adds vboot for EC by EC (vboot EC) for x86 systems.
When ec is transitioning s5->s3, it checks the power supply is
enough to boot AP or not. If not, it runs other checks and may
finally validate and jump to a RW image.
BUG=b:38462249
BRANCH=none
TEST=Boot Fizz on barrel jack and type-c charger.
Change-Id: I5988b0595976370c5303c45541702ae89d86fc97
Reviewed-on: https://chromium-review.googlesource.com/518254
Commit-Ready: Daisuke Nojiri <dnojiri@chromium.org>
Tested-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
On a keyboard-less, volume-button-less board, we support simplified
sysrq handling.
For Fizz, we use the recovery button to trigger sysrq event and
holding it down to trigger warm reset.
BUG=b:38418116,b:38417391
BRANCH=none
TEST=On Fizz, try
1. Press recovery button and release -> sysrq sent
2. Press and hold recovery button -> warm reset
3. Press recovery button and power button -> enter recovery mode
Change-Id: If8760319dba3df4545e9805b396ac89c241dae80
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/537817
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Mapped reads are relative to CONFIG_EC_*_STORAGE_OFF, not
CONFIG_R*_MEM_OFF. The previous implementation happened to work for
internal mapped storage (eg. stm32) but failed for external mapped
storage which is copied to SRAM before execution (eg. npcx).
BUG=b:62841029
TEST=Verify sysjump works again on eve/poppy/soraka. Verify sysjump
and sig verification continues to work on fizz and stm32.
BRANCH=None
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: Id51ce5697555eea38b246b58dbf47f22d4befaa7
Reviewed-on: https://chromium-review.googlesource.com/541861
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
Recent changes broke the portability of this header file.
Fix the ACPI guards so it can be used in coreboot.
BUG=b:36024430
BRANCH=none
TEST=make -j buildall (as usual many haven boards fail)
Change-Id: I0d737e7aad7ead90289b43db09352092ef7e3e98
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://chromium-review.googlesource.com/539135
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
This API checks battery charge level and current power supply
to determine whether the AP has enough power to boot or not.
BUG=b:38462249
BRANCH=none
TEST=make buildall
Change-Id: I489f7ea92f230701b8f18c94d3e698aad90b4a03
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/517272
This patch adds wait between DSW_PWROK and PWRBTN assert. It is
required to be 95 msec or longer for Kaby Lake and Sky Lake.
Refer to the timing diagram for G3 to S0 on Sky Lake or Kaby Lake
platform design guide for details.
BUG=b:62584658
BRANCH=none
TEST=On Fizz, measured time between DSW_PWROK high and PWRBTN assert
for 1:AC plug-in, 2:recovery+power press, 3: reboot ec command.
Change-Id: I89a14ac9a49e20a332bd662d90be62f8ea23b003
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/534901
Provide APIs that allow chips to implement their own version of
backing up/restoring panic data to persistent storage.
BUG=b:62076222
BRANCH=None
TEST=make -j buildall
Change-Id: Idda2d55703d4fe7e0a8d6305695fbf4e193b596b
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/530196
Reviewed-by: Mulin Chao <mlchao@nuvoton.com>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
Handle UPDATE_EXTRA_CMD_PAIR_CHALLENGE command, where the
lid sends a random x25519 public key, and nonce, and the base
replies with its own (stable) x25519 public key, and computes
a shared secret using its private key to verify its identity.
BRANCH=none
BUG=b:38486828
TEST=Flash hammer, ./usb_updater2 -c always reports the same
device public key, and authenticator is correct.
Change-Id: Ida60ffa7476794ee92669951c740dbe35950fb9c
Reviewed-on: https://chromium-review.googlesource.com/532475
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
The contents of the board ID fields of the Cr50 image headers is an
important piece of information which determines if an image can run on
a particular H1 chip.
This patch adds this information to the output of the 'version'
command, printing both the contents of the fields of the RW images and
if the image would run with the current INFO1 board ID contents (Yes
or NO).
The board_id feature is in fact g chipset specific, this is why
board_id support files are being moved from the cr50 board scope to
the g chip scope.
BRANCH=cr50
BUG=b:35587387,b:35587053
TEST=observed expected output in the version command:
> bid
Board ID: 000000fa, flags 000000ff
> vers
Chip: g cr50 B2-C
Board: 0
RO_A: * 0.0.10/29d77172
RO_B: 0.0.10/c2a3f8f9
RW_A: * 0.0.20/DBG/cr50_v1.1.6542-856c3aff4
RW_B: 0.0.20/DBG/cr50_v1.1.6543-2c68a2630+
BID A: 00000000:00000000:00000000 Yes
BID B: 000000ea:0000fffc:000000ff No
Build: 0.0.20/DBG/cr50_v1.1.6542-856c3aff4
tpm2:v0.0.289-cb2de5a
cryptoc:v0.0.8-6283eee
2017-06-09 15:34:19 vbendeb@eskimo.mtv.corp.google.com
>
Change-Id: I5b283abf304a7408ca8f424407044fca238185e1
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/530033
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
By default, read USB serial number from flash, but provide a way
for boards to override the function (e.g., to read serial number
from unique chip id).
BRANCH=none
BUG=b:62280271
TEST=Flash hammer
lsusb -d 18d1:5022 -v -v | grep iSerial
shows different chip IDs on different boards.
Change-Id: I0917752bb8e04c1eff4dffc0b3714f63dcd942b0
Reviewed-on: https://chromium-review.googlesource.com/523045
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Nick Sanders <nsanders@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
All other chips rely on gpio_enable_interrupt to enable interrupts. They
aren't enabled by default. This changes chip/g to match that.
If chip/g boards have interrupts, they also enable them in the
init_interrupts function in board.c. Nothing needs to be added to enable
interrupts.
BUG=b:35587228
BRANCH=cr50
TEST=use 'gpiocfg' to verify the setup hasn't changed.
Change-Id: I1e975999e0174b9dcbbe63c09c6110dc4161f8ff
Reviewed-on: https://chromium-review.googlesource.com/530006
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
In this CL, we add selecting LFCLK sources functionality for npcx7 ec
series. (Please notice not all of npcx7 ec series support this feature.)
Beside internal LFCLK source, ec also can choose the external 32kHz
crystal oscillator as LFCLK source for the specific application. We also
introduce a new definition, CONFIG_CLOCK_SRC_EXTERNAL, to switch this
feature in the board level driver.
This CL also adds:
1. LFCG register definitions in registers.h.
2. Change the order of each npcx modules by memory address.
BRANCH=none
BUG=none
TEST=Output LFCLK source through GPIO75. Compare with external 32kHz
crystal osc. on npcx7_evb and make sure the sources are the same.
Change-Id: I137146bf51ccb51266b9aac1e2e28bcea87dc4f5
Signed-off-by: Mulin Chao <mlchao@nuvoton.com>
Reviewed-on: https://chromium-review.googlesource.com/520745
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Adds a mechanism that allows a board to disable interrupting the AP /
kernel when the status of any one of the EC_HOST_EVENTS included in
CONFIG_HOST_EVENT_REPORT_MASK changes state. Default state enables
reporting of all events; a board can override this by defining
CONFIG_HOST_EVENT_REPORT_MASK in its board.h file.
NOTE: The host_set_events() and host_clear_events() routines no longer
interrupt the AP if none of the host events the AP is interested in
changed state.
BRANCH=none
BUG=chromium:637061
TEST=make buildall passes
Signed-off-by: Nick Vaccaro <nvaccaro@chromium.org>
Change-Id: I678fb9d9dab6890848b94b314efd711842b1fd48
Reviewed-on: https://chromium-review.googlesource.com/502078
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Add touchpad related host commands:
1) EC_CMD_TP_SELF_TEST: run open short test.
2) EC_CMD_TP_FRAME_INFO: get number of frame and frame size.
3) EC_CMD_TP_FRAME_SNAPSHOT: make a snapshot of the frame.
4) EC_CMD_TP_FRAME_GET: get frame data.
BRANCH=none
BUG=b:62077098
TEST=`make BOARD=rose -j`
`ectool --name=cros_tp tpselftest` and
`ectool --name=cros_tp tpframeget` works
Change-Id: I43db82278e556b1e6f6301fe88233fe7c4a18a14
Signed-off-by: Wei-Ning Huang <wnhuang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/515282
Commit-Ready: Wei-Ning Huang <wnhuang@chromium.org>
Tested-by: Wei-Ning Huang <wnhuang@chromium.org>
Reviewed-by: Rong Chang <rongchang@chromium.org>
When vendor commands are processed by the TPM device, the result of
the command execution is communicated through the TPM response header.
When vendor commands are sent through USB the command execution result
value is lost, as the USB reply includes only the response payload,
(if any), but not the result value.
With this patch the single byte result value is prepended to the USB
response payload. The recipient will always look for the value in the
first byte of the response to find the vendor command execution
status.
The corresponding change to the Cr50 usb_updater will remove the
response code from the payload before considering the command's return
data.
BRANCH=cr50
BUG=b:35587387,b:35587053
TEST=verified proper existing extension commands processing (post
reset, turn update on) by the new version of usb_updater and
backwards compatibility with earlier Cr50 RW version (down to
0.0.13).
Change-Id: I5c8b3ea71d3cbbaccc06c909754944b3ab04675d
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/525093
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
When invoking vendor command handlers in try_vendor_command(), the
buffer containing the command is passed to the handler to communicate
the command contents and to hold the command execution return data. It
was fine when invoking vendor command handlers from the TPM stack, as
the receive buffer is 4K in size and is large enough for any expected
vendor command response.
It is different in case of USB: the command is in the receive buffer
of the USB queue, and the response data could easily exceed the
command size, which would cause corruption of the USB receive queue
contents when the response data is placed into the same buffer where
the command is.
Let's introduce a local storage to pass the command and receive the
response data from the handler. 32 bytes is enough for the foreseeable
future, should a need arise for a larger buffer, testing would result
in an error (a new error type is added to indicate insufficient buffer
space for command processing).
BRANCH=none
BUG=b:35587387,b:35587053
TEST=with the rest of the patches applied verified proper processing
of the 'Get Board ID' command for which response size exceeds the
request size.
Change-Id: I2131496f3a99c7f3a1869905120a453d75efbdce
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/525092
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Mix in board-generated entropy with the externally provided one,
which should help make the per-device secret stronger.
BRANCH=none
BUG=b:38486828
TEST=reboot; rollbackaddent Hello => works fine when USB is connected,
fails otherwise, as board-generated entropy relies on USB timing.
Change-Id: I314f44759c5f8b859913a748db95e9d42b5cdd11
Reviewed-on: https://chromium-review.googlesource.com/518609
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
This function will be used to generate some entropy using the
Clock Recovery System.
BRANCH=none
BUG=b:38486828
TEST=make BOARD=hammer -j tests
./util/flash_ec --board=hammer --image=build/hammer/test-entropy.bin
EC console: runtest
TEST=Test fails when no USB connection is active
TEST=Test passes when USB connection is active
TEST=Pasting the values into:
tr ';' '\n' | awk 'BEGIN { e = 0; tot=16384.0 }
{ p = $1/tot; if (p > 0) { e -= p*log(p)/log(2) } }
END { print e }'
shows an entropy > 4 bits per sample.
Change-Id: I2363c7bce42c72c33ef0bf3f099d709ee9c13d13
Reviewed-on: https://chromium-review.googlesource.com/518608
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Cr50 has different gpio configurations for different boards. They cannot
be determined until board_init. We want a way to delay enabling the gpio
interrupts until the board type can be determined.
This change adds a gpio flag, GPIO_INT_DISABLE. When set gpio_pre_init
will setup the interrupt, but not enable it. board_init then enables all
of the interrupts with init_interrupts.
BUG=b:35587228
BRANCH=cr50
TEST=use 'gpiocfg' to verify the setup hasn't changed. Add print
statements to verify that gpio_pre_init skips enabling the interrupt on
any gpio that has GPIO_INT_DISABLE set
Change-Id: I91f73297ab80781b99aa82eda479ae311c13cb77
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/523808
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
The UART block on the g chip has no functionality to adjust the parity.
Unfortunately, this feature is needed for certain applications.
This commit adds a UART bit bang driver with support for configuring the
baud rate and parity. It currently only supports 8 data bits.
BUG=b:35648297
BRANCH=cr50
TEST=make -j buildall
TEST=With some other patches, successfully flash rowan EC at 9600 baud.
Change-Id: I86a160c0960e46b3a8bb1057518f625aefb7d81f
Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Reviewed-on: https://chromium-review.googlesource.com/503473
Commit-Ready: Aseda Aboagye <aaboagye@chromium.org>
Tested-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
The default USB packet has a maximum size of 64 bytes, however, we need
to support some USB over I2C write transaction that exceed this default.
To support so with protocol backwards-compatible in mind, we enable a
config option CONFIG_USB_I2C_MAX_WRITE_COUNT that will enlarge the USB
RX queue.
BRANCH=none
BUG=b:35587174
TEST=Complete presubmit test.
TEST=Manually update elan trackpad firmware with interrupt disabled.
Change-Id: Ia8983b036b7297f7ca673459ae34b7e5ecd2ee01
Reviewed-on: https://chromium-review.googlesource.com/513642
Commit-Ready: Chun-ta Lin <itspeter@chromium.org>
Tested-by: Chun-ta Lin <itspeter@chromium.org>
Reviewed-by: Chun-ta Lin <itspeter@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
There is a new keyboard matrix layout:
- We can map the search key to both KSO1, KSI0 and KSO0, KSI3
(old layout will only use the former, new layout will use the latter).
- There is a new key on KSO0, KSI5, which we can map to HID page 0xffd1
code 0x0018.
BRANCH=none
BUG=b:62004286
TEST=Flash hammer
kbpress 0 3 1; kbpress 0 3 0 reports KEY_LEFTMETA as expected
kbpress 0 5 1; kbpress 0 5 0 reports "BTN_0", which is probably
incorrect, and needs to be fixed.
Change-Id: I9fb428805ff756b6d63f50cc5b061c6a0e1defbc
Reviewed-on: https://chromium-review.googlesource.com/512502
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Some device has large pages that take up to 2s to erase.
Add support to send a deferred erase command, that willi
be processed on HOOK task.
It can leave the other tasks (HOST_CMD) responsive.
If the whole EC can stall on flash erase, like the STM32F4 do,
at least the command FLASH_ERASE_GET_RESULT can be retried when it times
out.
BRANCH=none
TEST=Check with flashrom doing a loop of overwrites.
BUG=b:38018926
Change-Id: I8ce8e901172843d00aac0d8d59a84cbd13f58a10
Signed-off-by: Gwendal Grignou <gwendal@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/510012
Reviewed-by: Alexandru M Stan <amstan@chromium.org>
This patch adds vendor and console commands to read and write the
board ID space in the INFO1 block.
Current image's board ID settings are saved in the image header by the
latest codesigner.
Board ID write attempts are rejected if the board ID space is already
initialized, or if the currently running image will not be allowed to
run with the new board ID space settings.
Error codes are returned to the caller as a single byte value.
Successful read command returns 12 bytes of the board ID space
contents.
The console command always allows to read the board ID value, and
allows to write it if the image was built with debug enabled.
BUG=b:35586335
BRANCH=cr50
TEST=as follows:
- verified that board ID can be read by any image and set by debug
images.
- with the upcoming patches verified the ability to set and read
board ID values using vendor commands.
Change-Id: I35a3e2db92175a29de8011172b80091065b27414
Signed-off-by: Philip Chen <philipchen@google.com>
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/522234
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Add the implementation of a robust non-volatile incrementing counter
using 2 pages from the underlying flash.
It is used to implement the U2F functionality.
The main goal of the counter is providing a strictly incrementing value
whatever adverse events (malicious or not) happen as it is used to
prevent rollback attacks in the U2F protocol.
Given the limitation of the flash process: ie wear-out endurance and
2kB-page erase granularity only and possible isolated bit-flips
(accentuated by power losses), the counting is done by pulling down
several bits at a time from their erased state (1) to 0.
The counting is implemented this way with 2 pages called LOW and HIGH:
The LOW page is implemented in a strike style, with each "strike" zero-ing
out 4 bits at a time, meaning each word can be struck a total of 8
times.
Once the LOW page is completely struck, the HIGH page is incremented by 2.
The even increment is for the value, the odd increment is a guard signal
that the LOW page must be erased. So as an example:
If HIGH is 2, the LOW page would increment to 3, erase itself, and then
increment to 4. If this process is interrupted for some reason (power loss
or user intervention) and the HIGH left at 3, on next resume, the HI page
will recognize something was left pending and erase again.
For a platform with 2-kB flash pages, it can count up to 8388608, then
it is stuck at 0xFFFFFFF indefinitely.
Mostly copied over from Marius code in cr52 code-base.
Signed-off-by: Marius Schilder <mschilder@google.com>
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=cr50
BUG=b:35545754
TEST=with follow-up CLs, run U2FTest on Eve
Change-Id: Idd0756078e3641c4a24f9c4ccf6611909bd5f00f
Reviewed-on: https://chromium-review.googlesource.com/518135
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
The previous boards that used double tap both used lightbar
sequence. Eve, also needs double tap, but doens't have lightbar. Added
a board specific call when processing the double tap event to allow
more flexibility.
BUG=b:35584895
BRANCH=none
TEST=Manual tested double tap and verified it was detected based on
the console print.
Change-Id: I73d8669803e7dcbbbac00de09822f4a286965fce
Signed-off-by: Scott Collyer <scollyer@google.com>
Reviewed-on: https://chromium-review.googlesource.com/516546
Commit-Ready: Scott Collyer <scollyer@chromium.org>
Tested-by: Scott Collyer <scollyer@chromium.org>
Reviewed-by: Gwendal Grignou <gwendal@chromium.org>
It needs to be possible to prevent unlocking of CCD on enterprise
enrolled devices, in particular to prevent users from moving into dev
mode.
A bit in the FWMP structure flags field was allocated for the purposes
of preventing console unlock in those cases.
This patch adds code to read the FWMP structure from the TPM NVMEM,
verify it and determine if it should be possible to unlock the
console. The restriction is not honored by Cr50 DBG images.
The FWMP value is read only once per TPM reset, this means each time
the admin console changes the relevant flag bit, the Chrome OS device
has to be rebooted to pick up the new flag value.
BRANCH=cr50
BUG=b:35587387,b:35587053
TEST=verified that FWMP is properly read and acted upon.
Change-Id: I17e15ea2b2293a0c096858fba3ccc389452caede
Reviewed-on: https://chromium-review.googlesource.com/457824
Commit-Ready: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
In order to ensure we are always meeting the deadlines for the IRQ_HPD
pulse, increase the priority of the processing by moving the rising edge
from the low-priority HOOK task (in a deferred function) to the caller
task (which is the high-priority PD task).
The downside is we are now sleeping in the PD task blocking the
processing of the PD messages during this time.
Changed HPD_DSTREAM_DEBOUNCE_IRQ to 500us instead of 750us. According
to DP spec, the IRQ_HPD pulse width is between 500us and 1000us.
Ensure there is a minimum of 2ms delay in between each IRQ_HPD as specified
by the DP spec, by sleeping before sending the next pulse if needed.
(in practice, this should not wait if we are not too off processing the
messages)
BUG=chromium:711334
BRANCH=glados strago reef oak
TEST=manual, on SKL platform with kernel 3.18 and MST, verify display is
functional on USB-C dock.
Change-Id: Ib2e9dd608c5f1c671cc5a0fd979a5742101375ff
Signed-off-by: Kevin K Wong <kevin.k.wong@intel.com>
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/508629
Reviewed-by: Todd Broch <tbroch@chromium.org>
As part of the pairing process, AP needs to be able to inject
some entropy into the base.
Let's also define PAIR_CHALLENGE, which will be implemented in
a later CL.
BRANCH=none
BUG=b:38487027
TEST=Flash hammer. On host, reboot hammer to RO:
usb_updater2 -r; sleep 0.5; usb_updater2 -s
usb_updater2 -e (adds entropy)
EC console: check that rollbackinfo shows secret is updated
Change-Id: I964bb578c6bfbb1ab5105a70b43682d51df4ed47
Reviewed-on: https://chromium-review.googlesource.com/513807
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Previously, result codes were being stored as `enum ec_status` values.
The compiler was forcing this value to only be one byte large, since
that's all that was necessary to represent all the values of that
enum.
This change fixes this bug by switching result code variable types from
`enum ec_status` to `uint16_t`.
BRANCH=none
BUG=none
TEST=make buildall -j
Change-Id: Iacdca51dc6c1de677d2fbb59ad6dd2572d21ea7f
Reviewed-on: https://chromium-review.googlesource.com/513609
Commit-Ready: Jeff Andersen <jeffandersen@google.com>
Tested-by: Jeff Andersen <jeffandersen@google.com>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
For pairing purpose, we want to store some secret random number in
the base. The most convenient location for this is the rollback
region.
Since the rollback region can now be updated without incrementing
rollback_min_version (when we add entropy to the secret), we need
to add an increasing id to tell the code which rollback region is
the latest.
We also add console commands to manually add entropy.
BRANCH=none
BUG=b:38486828
TEST=Flash hammer (with or without CONFIG_ROLLBACK_ENTROPY_SIZE set)
rollbackinfo => 1 version 0 block, 1 empty block, RW verifies
correctly.
rollbackupdate 0; rollbackinfo => No change
rollbackupdate 1; reboot => RO refuses to jump to RW
only when CONFIG_ROLLBACK_ENTROPY_SIZE is set:
rollbackinfo => Secret is [00..00] on both blocks (so the data
was copied correctly)
rollbackupdate 2, 3, 4; rollbackinfo => Writes alternate
between the 2 blocks.
rollbackupdate 2 => Refuses to downgrade version
TEST=From blank secret [00..00], 'rollbackaddent Hello' updates it
to [ba..fa], which matches the output of:
(dd if=/dev/zero bs=1 count=32; echo -n Hello) | sha256sum
Change-Id: I79c3e790e56e21958cc1b4ba05bd4e5f359d3090
Reviewed-on: https://chromium-review.googlesource.com/511985
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Move the existing fingerprint host command in the driver and
add more of them to prepare the new fingerprint architecture.
The commands are mostly stubbed for now.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
CQ-DEPEND=*364728
BRANCH=none
BUG=b:35648259
TEST=make BOARD=eve_fp (with and without a private repository)
do a fingerprint image capture with 'fptest'.
Change-Id: Ie17a5fde2d6470c6272e8059bddc845cea07aff2
Reviewed-on: https://chromium-review.googlesource.com/491071
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Typically, we do not need RW section to be able to update rollback
information (rollback block should be protected when RW is running),
so we can save some flash space by undefining this option.
BRANCH=none
BUG=b:35586219
TEST=make newsizes saves ~420 bytes on hammer and staff.
Change-Id: Ic457673e56ace083f2ebb1ca0f37f54bf125bfa4
Reviewed-on: https://chromium-review.googlesource.com/511983
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Adds min_frequency and max_frequency to struct motion_sensor_t.
New attributes min_frequency and max_frequency are now returned in
ectool's MOTIONSENSE_CMD_INFO response.
Incremented ectool's MOTIONSENSE_CMD_INFO version to version 3.
Add constants for MIN_FREQUENCY and MAX_FREQUENCY to each sensor's
header file.
BRANCH=none
BUG=chromium:615059
TEST=build/boot and verify MOTIONSENSE_CMD_INFO response on kevin,
make buildall -j passes.
Change-Id: I66db9715c122ef6bb4665ad5d086a9ecc9c7c93a
Signed-off-by: Nick Vaccaro <nvaccaro@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/482703
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
This change adds CONFIG_POWER_BUTTON_INIT_IDLE. When it's set,
the system starts with the power button state idle. It means
when the board boots from power-off, it stays at G3.
BUG=b:37536389
BRANCH=none
TEST=Power on Fizz. Verify it stays at G3. Verify it boots
by pressing power button.
Change-Id: I09a62a69d9f201b2dc261838cc9b4425fe3a8dc1
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/486945
Reviewed-by: Duncan Laurie <dlaurie@google.com>
Add an option to allow the scancode sets to be mutable. The only
reason to use this is to allow a scancode to be changed at runtime,
for instance to support different keyboards in one image.
The side effect of this is the scancode sets are moved out of the
shared RO section.
BUG=b:36735408
BRANCH=none
TEST=make -j buildall
Change-Id: Iefb97691d1f295411d7b5db603d9214d41af49fd
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://chromium-review.googlesource.com/506717
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
First, libpayload expects the keyboard interface index to be 0.
Then, hid_iface_request needs to reply to USB_HID_DT_HID request
with the content of struct usb_hid_descriptor. With current code,
the variable name is generated (and therefore hard to guess), so
we create a new set of macros so that we can use a specific
variable name.
Also, add support for HID Get_Protocol and Set_Protocol, as they
are compulsory for devices supporting boot protocol, even though
those are mostly no-op for now.
Finally, add a note regarding USB HID keyboard boot protocol, to
make sure that we do not accidentally change the report format.
BRANCH=none
BUG=b:36538963
TEST=Keyboard works in FW screen, both trackpad and keyboard
still work when AP has booted.
TEST=hammer/staff can still be updated (both RO from RW, and RW
from RO)
Change-Id: Ibea4888385909c9ce3b430464e5805c039d4b9ed
Reviewed-on: https://chromium-review.googlesource.com/505796
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Some chip supports two owned slave address. The second slave address is
used for other purpose such as board specific i2c commands. This option
can be set if user of the second slave address requires larger host
packet er size.
BRANCH=none
BUG=b:37187312
TEST=`make BOARD=rose -j`
Change-Id: I8d0b04bf4dded55e3957c7b25d849663299593e5
Signed-off-by: Wei-Ning Huang <wnhuang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/472288
Commit-Ready: Wei-Ning Huang <wnhuang@chromium.org>
Tested-by: Wei-Ning Huang <wnhuang@chromium.org>
Reviewed-by: Rong Chang <rongchang@chromium.org>
