Handle UPDATE_EXTRA_CMD_PAIR_CHALLENGE command, where the
lid sends a random x25519 public key, and nonce, and the base
replies with its own (stable) x25519 public key, and computes
a shared secret using its private key to verify its identity.
BRANCH=none
BUG=b:38486828
TEST=Flash hammer, ./usb_updater2 -c always reports the same
device public key, and authenticator is correct.
Change-Id: Ida60ffa7476794ee92669951c740dbe35950fb9c
Reviewed-on: https://chromium-review.googlesource.com/532475
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
As part of the pairing process, AP needs to be able to inject
some entropy into the base.
Let's also define PAIR_CHALLENGE, which will be implemented in
a later CL.
BRANCH=none
BUG=b:38487027
TEST=Flash hammer. On host, reboot hammer to RO:
usb_updater2 -r; sleep 0.5; usb_updater2 -s
usb_updater2 -e (adds entropy)
EC console: check that rollbackinfo shows secret is updated
Change-Id: I964bb578c6bfbb1ab5105a70b43682d51df4ed47
Reviewed-on: https://chromium-review.googlesource.com/513807
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
AP will use that command to tell base EC that it believe the current
FW is functionning correctly, and that the rollback region can
be unlocked for an update on the next reboot.
BRANCH=none
BUG=b:35586219
BUG=b:35587171
TEST=- Flash hammer ToT image with rollback version 0
> flashwp true; reboot
> flashinfo => all flash is protected
- Update CONFIG_ROLLBACK_VERSION to 1
$ make BOARD=hammer -j
- Flash new RW
$ sudo extra/usb_updater/usb_updater2 -w
$ sudo extra/usb_updater/usb_updater2 -r
$ sleep 0.5
$ sudo extra/usb_updater/usb_updater2 -s
$ sudo extra/usb_updater/usb_updater2 build/hammer/ec.bin
> rollbackinfo
rollback minimum version: 0
RW rollback version: 1
- Tell RW to unprotect rollback
$ sudo extra/usb_updater/usb_updater2 -u
$ sudo extra/usb_updater/usb_updater2 -r
> rollbackinfo
rollback minimum version: 1
RW rollback version: 1
Change-Id: Ib52253e9b8bba872688d6f601d9bfad8862be25f
Reviewed-on: https://chromium-review.googlesource.com/489889
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Starting with
be294d4ef "hammer: Only define required options for RO and RW"
we do not define CONFIG_RWSIG for the RW section. However,
we want CMD_UNLOCK_RW to be usable when EC is in RW section, to
unlock itself in prevision for an update on the next reboot.
BRANCH=none
BUG=b:35587171
TEST=Update hammer using usb_updater2
Change-Id: I7ae001363697bc3e17d4a59b21413d35101228cb
Reviewed-on: https://chromium-review.googlesource.com/489888
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
The existing commands do not really need longer response code.
Future commands can always reply with more data as needed.
BRANCH=none
BUG=b:35587171
TEST=Update hammer using usb_updater2
Change-Id: I37cb8ac444d58216a7d98c9090043b06d95c74e1
Reviewed-on: https://chromium-review.googlesource.com/489887
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Add support for 4 extra commands that are required to update
hammer:
- UPDATE_EXTRA_CMD_IMMEDIATE_RESET
- UPDATE_EXTRA_CMD_JUMP_TO_RW: Tells the RWSIG task to jump
to RW as soon as possible (assuming the image verifies)
- UPDATE_EXTRA_CMD_STAY_IN_RO: Tells the RWSIG task to not
jump to RW, and stay in RO, to leave enough time for
AP to update RW.
- UPDATE_EXTRA_CMD_UNLOCK_RW: Tells EC to unlock the RW
section so that it can be updated (on next reboot).
BRANCH=none
BUG=b:35587171
TEST=Test RO+RW update
cd extra/usb_updater; make
# Jump to RW
sudo ./usb_updater2 -j
sleep 0.5
# Update RO, then reboot
sudo ./usb_updater2 ../../build/hammer/ec.bin
sleep 0.5
# Update RW (first tell RO to not jump to RW)
sudo ./usb_updater2 -s
sudo ./usb_updater2 ../../build/hammer/ec.bin
TEST=Test RW update only, with RO protected
On EC console: flashwp true; reboot
cd extra/usb_updater; make
# Tell RW to unprotect RW and jump back to RO
sudo ./usb_updater2 -w
sudo ./usb_updater2 -r
sleep 0.5
# Update RW, then reboot
sudo ./usb_updater2 -s
sudo ./usb_updater2 ../../build/hammer/ec.bin
Change-Id: I5e8df7bdb4f06f2ac7b47de53dcde69c5002f578
Reviewed-on: https://chromium-review.googlesource.com/458470
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
Let's move to protocol version 6, which provides most of the new features
we want to update generic EC firmware.
Note that this matches chip/g version as of commit 0e5497db6,
plus the following uncommited chip/g patches (CL:458364):
c73af7dd2 chip/g/upgrade: Clarify pdu/frame terminology
baea0a8c7 chip/g/upgrade: Rename SIGNED_TRANSFER_SIZE to UPDATE_PDU_SIZE
d6e41b75c chip/g/upgrade: Remove cr50-specific upgrade subclass and
protocol
3dc0b9a25 chip/g/upgrade: Rename upgrade to update
13436f9b9 chip/g/upgrade: Split rdpu initialization to a separate function
fab9a0936 chip/g/upgrade: Minor formatting fixups
8161ef7c0 chip/g/upgrade: Fix valid_transfer_start logic
bd6d79434 chip/g/upgrade: Fix logic for short USB packets within frames
b09e252ed chip/g/upgrade: Improve error handling
Then:
diff -u include/update_fw.h chip/g/upgrade_fw.h
diff -u common/usb_update.c chip/g/usb_upgrade.c
diff -u common/update_fw.c chip/g/upgrade_fw.c
Only shows chip/g specific differences.
BRANCH=none
BUG=b:36375666
BUG=b:35587171
TEST=make buildall -j
TEST=Can update hammer over USB using usb_updater2
Change-Id: I5b0f0281d844972dab572955d5495f808127e523
Reviewed-on: https://chromium-review.googlesource.com/458321
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Nick Sanders <nsanders@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
Let's split the usb headers in 3 different parts, instead of having
usb_descriptor.h pull in usb_hw.h and usb_api.h.
- usb_api.h: EC functions related to usb (e.g. connect/disconnect)
- usb_descriptor.h: common USB names and structures
- usb_hw.h: Functions required for interactive with EC's USB HW
BRANCH=none
BUG=b:35587171
TEST=make buildall -j
Change-Id: I37ead61e3be5e7ae464f1c9137cf02eaab0ff92e
Reviewed-on: https://chromium-review.googlesource.com/454861
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
This copies the generic USB update code into common
so it can be used on other platforms. There should be
no functional change. cr50 folks want no change to their
code so vbendeb@chomium.org will refactor this back
together at a later date.
BUG=chromium:571476
TEST=none
BRANCH=none
Change-Id: I710afb22940013e7db5d8694898b90c0ae245777
Signed-off-by: Nick Sanders <nsanders@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/362131
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
