gcc 8.1 complains about duplicate const, and while some of these really
are duplicate, others look like they were supposed to tighten the API
contract so that variables are "const pointer to const data", but didn't
have that effect.
BUG=b:65441143
BRANCH=none
TEST=building Chrome EC as part of upstream coreboot's build with a
gcc 8.1 compiler now works (better. there are other issues left)
Change-Id: I6016c5f282516471746f08d5714ea07ebdd10331
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1039812
Commit-Ready: Patrick Georgi <pgeorgi@chromium.org>
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Before:
*** 4560 bytes still available in flash ****
After:
*** 4696 bytes still available in flash ****
BRANCH=none
BUG=b:65253310
TEST=Update Cr50 with this image and verify the keys are the same.
Change-Id: I1c722ced185c41f732ce0ed5236db01401f21dfc
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1031058
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Gemini Lake-based chipsets support a subset of virtual wires that other
Intel processors do. The current settings prevent the GLK APs from
bootign in some situations; PLTRST# doesn't get reasserted when there is
an error.
See "eSPI Compatibility Specification (562633)" for details.
BRANCH=None
BUG=b:79778835
TEST=Successfully booted bip after a cold reset from servo
Change-Id: I02b403ab6b06cbcae61ac46132018e95988a3d43
Signed-off-by: Justin TerAvest <teravest@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1064704
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
Reviewed-by: Vijay Hiremath <vijay.p.hiremath@intel.corp-partner.google.com>
When running signed with dev keys and the fallback certificate is not
available, proceed installing unverified root certificate. This at
least allows to keep basic TPM functions like storing objects in NVMEM
to keep going. Added a new return value to indicate this condition.
BRANCH=cr50, cr50-mp
BUG=none
TEST=verified that it is possible to switch chromebook between prod
and dev modes when running with a dev signed Cr50.
Change-Id: I5b16d0bcbcfb25368f65075e1d2d485a69cb729f
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1054990
Reviewed-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Usually, we enable CONFIG_FPU on NPCX, which requires larger
stack size. Also, NPCX has very deep call patch in I2C transactions
(in particular, I2C recovery path), so it generally requires larger
stack.
To make the code fit, however, we need to reduce the accelerometer
fifo depth from 1024 to 512, on a few boards.
BRANCH=none
BUG=b:75234824
TEST=make buildall -j, stackanalyzer result on poppy looks a little
better.
Change-Id: I37b5a2a97a760dc4fd225253c23962d74e25605a
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/967963
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
AES-CMAC implementation based on extant 128-bit AES, following closely
to the description in RFC 4493. Timing depends only on the length of the
message, not the content or the keys.
Signed-off-by: Jade Philipoom <jadep@google.com>
BRANCH=cr50
BUG=b:72788497
TEST=Passed the four test vectors provided in the RFC; these tests are defined as commands in aes_cmac.c and can be run with
"test_cmac 1 2 3 4" when CRYPTO_TEST_SETUP is defined.
Change-Id: I96fb4f29927c11970a6a17c0fd583694aa945c91
Reviewed-on: https://chromium-review.googlesource.com/975181
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Instead of fetching incoming CEC messages using a specific read
command, extend the standard mkbp event so the CEC message can
be delivered directly inside the event.
Signed-off-by: Stefan Adolfsson <sadolfsson@chromium.org>
BUG=b:76467407
BRANCH=none
TEST="ectool cec read" still working with a kernel that has support
for the increased mkbp size.
CQ-DEPEND=CL:1046186,CL:1051085
Change-Id: Id9d944be86ba85084b979d1df9057f7f3e7a1fd0
Reviewed-on: https://chromium-review.googlesource.com/1051105
Commit-Ready: Stefan Adolfsson <sadolfsson@chromium.org>
Tested-by: Stefan Adolfsson <sadolfsson@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Logical address selection is best done from the AP since
it depends on what kind of CEC device type we want to be.
Signed-off-by: Stefan Adolfsson <sadolfsson@chromium.org>
BUG=b:76467407
BRANCH=none
TEST=Set address to different values and verify that it
only receives messages on that address (or broadcast)
CQ-DEPEND=CL:1030229
Change-Id: Ia5ef182b22f2345831caaa7f29cc9f009f932c99
Reviewed-on: https://chromium-review.googlesource.com/1030370
Commit-Ready: Stefan Adolfsson <sadolfsson@chromium.org>
Tested-by: Stefan Adolfsson <sadolfsson@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
If pulses shorter than the CEC specification allows are detected,
ignore the bus for a while. This avoids CPU stress if there is a
misbehaving device sending short pulses on the CEC bus.
Signed-off-by: Stefan Adolfsson <sadolfsson@chromium.org>
BUG=b:76467407
BRANCH=none
TEST=none
CQ-DEPEND=CL:1030228
Change-Id: I55819f9437a00799718e235c30f256508465bf4c
Reviewed-on: https://chromium-review.googlesource.com/1030229
Commit-Ready: Stefan Adolfsson <sadolfsson@chromium.org>
Tested-by: Stefan Adolfsson <sadolfsson@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
When an incoming message is complete, store it in a
internal circular buffer and notify the AP so the
message can be read out.
Signed-off-by: Stefan Adolfsson <sadolfsson@chromium.org>
BUG=b:76467407
BRANCH=none
TEST=Write different type of messages from one EC to another EC
using ectool. Also use ectool on the second EC to verify that
they are received correctly.
CQ-DEPEND=CL:1030226
Change-Id: Ie4370b0c954befe81a055cd5dff7d7f13dbefbd0
Reviewed-on: https://chromium-review.googlesource.com/1030227
Commit-Ready: Stefan Adolfsson <sadolfsson@chromium.org>
Tested-by: Stefan Adolfsson <sadolfsson@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Adds handling of incoming messages:
* Start-bit detection
* ACK incoming messages
* Broadcast handling
* Pulse-width validation
* EOM detection
Signed-off-by: Stefan Adolfsson <sadolfsson@chromium.org>
BUG=b:76467407
BRANCH=none
TEST=Tested in later CL when messages are plumbed all the
way back to the AP.
CQ-DEPEND=CL:1030225
Change-Id: I541072b8afa3d911b310628f09f0b665f11a0a15
Reviewed-on: https://chromium-review.googlesource.com/1030226
Commit-Ready: Stefan Adolfsson <sadolfsson@chromium.org>
Tested-by: Stefan Adolfsson <sadolfsson@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
The Linux kernel has enable/disable hooks in the CEC
driver API. Make it possible to use those calls on
the EC CEC implementation.
Signed-off-by: Stefan Adolfsson <sadolfsson@chromium.org>
BUG=b:76467407
BRANCH=none
TEST=Verify with logical analyzer that nothing happens on
the bus in disable mode and it still works in enable mode.
CQ-DEPEND=CL:1030223
Change-Id: Ib5255d76427f288862740cd2e3299ba47f39d998
Reviewed-on: https://chromium-review.googlesource.com/1030224
Commit-Ready: Stefan Adolfsson <sadolfsson@chromium.org>
Tested-by: Stefan Adolfsson <sadolfsson@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
According to the CEC specification, a resend must be
attempted at least once and up to five times after NAK.
This fix does it five times.
Signed-off-by: Stefan Adolfsson <sadolfsson@chromium.org>
BUG=b:76467407
BRANCH=none
TEST=Write CEC message without sink. Verify with logical
analyzer that it resends 5 times.
CQ-DEPEND=CL:1030221
Change-Id: Id296e12b6657b9e7ca0453a2deb06e8aaf17f839
Reviewed-on: https://chromium-review.googlesource.com/1030222
Commit-Ready: Stefan Adolfsson <sadolfsson@chromium.org>
Tested-by: Stefan Adolfsson <sadolfsson@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Add hooks that ectool or AP will use to send CEC messages.
Messages are sent by setting a timer and flipping
a GPIO in the timer interrupt. The timer is then
recharged in inside that interrupt depending on
where it is in the CEC state-machine.
Signed-off-by: Stefan Adolfsson <sadolfsson@chromium.org>
BUG=b:76467407
BRANCH=none
TEST=Switched on and off a TV:
ectool cecwrite 0x40 0x04
ectool cecwrite 0x40 0x36
CQ-DEPEND=CL:1030220
Change-Id: Ia640d0d035bcee9be88863046e88402c7a63c19f
Reviewed-on: https://chromium-review.googlesource.com/1030221
Commit-Ready: Stefan Adolfsson <sadolfsson@chromium.org>
Tested-by: Stefan Adolfsson <sadolfsson@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Add CEC stub implementation and enable it for Fizz. All
it does is print a message when the driver is initialized.
Signed-off-by: Stefan Adolfsson <sadolfsson@chromium.org>
BUG=b:76467407
BRANCH=none
TEST=Check that "CEC initialized" is printed on the
console when the EC boots.
CQ-DEPEND=CL:1030219
Change-Id: I1cf674e664e091354e344e0c08a69bd09f415904
Reviewed-on: https://chromium-review.googlesource.com/1030220
Commit-Ready: Stefan Adolfsson <sadolfsson@chromium.org>
Tested-by: Stefan Adolfsson <sadolfsson@chromium.org>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
In npcx5 series, there is no other chip generation and npcx's system
driver fixed the first character of revision array as 'A'. But in npcx7
series, there are two chip generations and it's better to show chip
generation information by 'version' console command.
In this CL, we used SRID_CR to distinguish the generation of npcx7
series. It also adds the support for NPCX787G in system_get_chip_name()
since it is used on the version 1 of npcx7 evb.
BRANCH=none
BUG=none
TEST=No build errors for npcx5/7 series. Verified npcx5m5g, npcx7m6g and
npcx7m7wb on evbs by 'version' console command.
Change-Id: I7572b5688b4430c6febd21c25f36c3903fb97e27
Signed-off-by: Mulin Chao <mlchao@nuvoton.com>
Reviewed-on: https://chromium-review.googlesource.com/1046689
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
This change adds console command to trigger sci/smi/wake based on the
user-provided argument. This command is enabled only when DEBUG_LPC is
set to 1. It was very helpful while debugging b:78497502 where I could
trigger the interrupts to check communication between AP and EC.
BUG=b:78497502
BRANCH=None
TEST=Verified by enabling DEBUG_LPC that sci/smi/wake are generated as
expected.
Change-Id: I5b52f5ea4e1824e520fd76315091f73bef157ebf
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1033541
Commit-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
In this CL, we changed chip variants npcx7m6xb to npcx7m6fb and npcx7m7w
to npcx7m7wb for better clafiication since it introduced new parameter
"b" for chip generation in the same family series.
In new npcx7 series naming rule, it follows:
Format: NPCX7(M)(N)(G/K/F)(B/C)
param M: 8: 128-pins package, 9: 144-pins package
param N: 5: 128KB RAM Size, 6: 256KB RAM Size, 7: 384KB RAM Size
param G/K/F/W: Google EC depends on specific features.
param B/C: Chip generation in npcx7. (Generation A is ignored. It
follows nameing rule in npcx5.)
The all chip variants of npcx7 used in boards are also listed below:
npcx7m6g - for npcx7 ec without internal flash on npcx_evb.
npcx7m6f - for npcx7 ec with internal flash.
npcx7m6fb - for npcx7 ec with internal flash, enhanced features.
npcx7m7wb - for npcx7 ec with internal flash, enhanced features + WOV.
BRANCH=none
BUG=none
TEST=No build errors for npcx7 series.
Change-Id: I896ee33209efa5d7157c90515005db5f36318c76
Signed-off-by: Mulin Chao <mlchao@nuvoton.com>
Reviewed-on: https://chromium-review.googlesource.com/1025471
Reviewed-by: Jett Rink <jettrink@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
This adds some of the ground work for hardware backed brute force
resistance on Cr50. The feature is called Pinweaver. It will
initially be used to enable PIN authentication on CrOS devices
without reducing the security of the platform. A Merkle tree is
used to validate encrypted metadata used to track login attempts.
The metadata tracks counts of failed attempts, a timestamp of the
last failed attempt, the secrets, and any associated parameters.
Instead of storing the metadata on Cr50 an AES-CTR is used with an
HMAC to encrypt the data so it can be stored off-chip and loaded
when needed.
The Merkle tree is used to track the current state of all the
metadata to prevent replay attacks of previously exported copies.
It is a tree of hashes whose root hash is stored on Cr50, and whose
leaves are the HMACs of the encrypted metadata.
BRANCH=none
BUG=chromium:809730, chromium:809741, chromium:809743, chromium:809747
TEST=cd ~/src/platform/ec && V=1 make run-pinweaver -j
Change-Id: Id10bb49d8ebc5a487dd90c6093bc0f51dadbd124
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/895395
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
This was missed on it83xx, but is helpful for servod
to work reliably. Refactor save_flags to use common code.
BUG=b:77830536
TEST=(not yet done) it waits 10 sec for external reboot.
Change-Id: Ia2aac1879d73ac11dd7f3dfc13a1dd871905473e
Signed-off-by: Nick Sanders <nsanders@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1018597
Tested-by: Dino Li <Dino.Li@ite.com.tw>
Reviewed-by: Jett Rink <jettrink@chromium.org>
Currently, there's only one board with 3 PD ports and it uses NPCX.
Therefore, this commit just adds the index to NPCX which will be used to
save the fact that there was an explicit contract in place.
BUG=b:72838807
BRANCH=None
TEST=make -j buildall
CQ-DEPEND=CL:905390
Change-Id: Ic960f14a52f2a740adbe08bc340c45edfefbbf26
Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Reviewed-on: https://chromium-review.googlesource.com/905922
Commit-Ready: Aseda Aboagye <aaboagye@chromium.org>
Tested-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
BUG=b:74256016
BRANCH=scarlet
CQ-DEPEND=CL:1025118
TEST=On scarlet, run 'date; powerd_dbus_suspend --wakeup_timeout=10; date',
confirm alarm works and the sleep time is ~10 secs
TEST='idlestat' when scarlet is in S3, confirm scarlet enters sleep mode
and wakes up without missing wake deadline
TEST=Run 'power_Resume' test on scarlet for 10 times and see consistent
'seconds_system_resume'
Change-Id: I4b0cbc2a6b8a85047b682358aec374e8f05a4346
Signed-off-by: Philip Chen <philipchen@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1008838
Commit-Ready: Philip Chen <philipchen@chromium.org>
Tested-by: Philip Chen <philipchen@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
Try to ensure the SPI host protocol byte codes (aka EC_SPI_xxx) are
transmitted and at the right time despite the errata and other brokenness
of the SPI HW controller in the STM32H7 rev Y silicon.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=poppy
BUG=b:73947203
TEST=on Meowth, run:
'while true; do ectool --name=cros_fp version || break ; done'
same thing with 'fpinfo', 'fptemplate', 'fpframe'.
Change-Id: Ia455dc0d4b2803a150122655460ef5c11afcda6c
Reviewed-on: https://chromium-review.googlesource.com/1012202
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Since the proper signer utility has been introduced in the chroot,
there is no need in generating reduced command option set when
building a self signed image.
Also, the same manifest can be used for all images, self signed or
signed using a fob. The manifest needs to be tweaked for the self
signed images to match the test Key ID.
Since the same base manifest is used for all signings, there is no
need to support the "poor man's json parser" any more.
Rearranged build.mk to accommodate new logic, and added some comments.
BRANCH=cr50, cr50-mp
BUG=b:78212718
TEST=verified that images with proper header version are created when
both self signed and signed with a private key coming from the
signing fob.
Change-Id: I5a1f8a223098b0a6c830ef24ffe380fc0badcafa
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1017238
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
NPCX79nxB chips add UART FIFO support with 16-bytes of TX/RX buffers.
This CL enables the UART FIFO mode when NPCX79nxB chips are used.
The UART interrupt priority is decreased from 1 to 4 because now it has
the capability to buffter data in the FIFO when ec is serving the
interrupts with higher priority.
BRANCH=none
BUG=none
TEST=No build errors for make buildall.
TEST=stress test the uart port by shell command "while true; do echo
'taskinfo'>/dev/pts/19; sleep 0.1; done".
Change-Id: Ib09c1b5550d0db249201fc4fdd8d3b28c24b8a8e
Signed-off-by: CHLin <CHLIN56@nuvoton.com>
Reviewed-on: https://chromium-review.googlesource.com/1012002
Commit-Ready: CH Lin <chlin56@nuvoton.com>
Tested-by: CH Lin <chlin56@nuvoton.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
When building EC targets in the setups where the Cr50 codesigner
utility is not present let's just bypass the signing step.
Also removing bitrotten source code of the old codesigner.
BRANCH=none
BUG=chromium:830302
TEST='make buildall' succeeds even if cr50-codesigner is not available.
Change-Id: Ic6c4988455bcee6c45504e1fe781f6e03636d57a
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1005401
Reviewed-by: Allen Webb <allenwebb@google.com>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Touch the watchdog during init to prevent it from firing
prematurely during HOOK_INIT processing before the tasks are
started and watchdog_reload() will be called with HOOK_TICK.
BUG=b:77336348
BRANCH=eve,poppy,fizz,reef,kevin
TEST=run stress test for several days:
while true ; do ectool reboot_ec RO ; ectool reboot_ec RW ; done
Change-Id: I79e744a4678ab1808870d0e7647d2ce273ddeb8f
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1001532
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Mulin Chao <mlchao@nuvoton.com>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
During watchdog initialization, the driver doesn't disable ITIM16
module which used for detecting watchdog timeout before updating
new preload value. Although the ITEN bit on reset is zero, it caused
preload value is not updated to module successfully since ITEN won't
be reset (ITIM16 is still enabled) in sysjump case.
Despite WDCNT will be reloaded by touching watchdog in HOOK_TICK
hook function later, it's better to disable any ITIM16 module before
updating ITCNT register.
BRANCH=none
BUG=b:77336821
TEST=No build errors for npcx5 series.
Change-Id: I19baa47bca347b9dca2fc1dcaacca81519facf21
Signed-off-by: Mulin Chao <mlchao@nuvoton.com>
Reviewed-on: https://chromium-review.googlesource.com/999458
Reviewed-by: Randall Spangler <rspangler@chromium.org>
The upcoming cr50-codesigner change will allow to use it for swapping
arbitrary blobs in the Cr50 image before signing.
Let's use this feature to replace test RMA public key with the prod
one.
BRANCH=cr50, cr50-mp
BUG=b:73296144
TEST=with the rest of the patches in place verified that invoking make
with CR50_SWAP_RMA_KEYS=1 causes swapping the RMA public key in
the generated image.
Change-Id: I4c9994c1a542f456b24d2066ecada9f92f1bfaf3
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/996514
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Source code for Cr50 codesigner has been added to the chroot and the
executable is installed as /usr/bin/cr50-codesigner when cros sdk is
created/updated.
Let's use the 'official' version instead of outdated local one.
BRANCH=cr50,cr50-mp
BUG=b:73296144
TEST=verified that properly signed Cr50 images can be built.
Change-Id: Ibc68340a26011c7d5ac028bbee73cd0f2c39c291
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/996512
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Before this change uart_ec_interrupt and software watchdog
interrupt handler both had priority 0. Since UART IRQ number is
33, and software watchdog is 44, the UART interrupt handler
would have higher prority.
Fix this by increasing all interrupt handler priorities, leaving
the software watchdog handler alone on priority 0.
BRANCH=eve,poppy,fizz
BUG=b:76391320
TEST=Cherry-pick CL:979736 (causes a watchdog in UART interrupt
handler), check that panicinfo contains a sensible PC in r5
after reset.
Change-Id: I97f99af5192a4a9571854a4d3f7c48a4674d605e
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/979738
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
This is a specific option for it83xx chip and is used to
include EC2I module.
And we won't need it without LPC module enabled, so just
depend on CONFIG_LPC.
BUG=none
BRANCH=none
TEST=make buildall -j, boot to kernel on reef_it8320.
Change-Id: I1aa4a182e94d802dbf9ca19cc4a47ef9542d74a7
Signed-off-by: Dino Li <Dino.Li@ite.com.tw>
Reviewed-on: https://chromium-review.googlesource.com/987674
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
If an ITIM32 timeout event occurred during lpc_sib_wait_host_read_done()
and lpc_sib_wait_host_write_done() routines, in rare case, ec might have
a chance to gets stuck since ec's interrupts are disabled when CSWR/CSRD
bits are high forever. (Normally, CSWR/CSRD bits won't be always high.
These bits are high forever also means something wrong on LPC/eSPI
bus.)
In order to prevent this situation, the CL checks TO_STS bit of ITCTS
in these routines. If this bit is set, restoring ITIM32 preload counter
value to maximum value and processing overflow will be done by
force_time().
BRANCH=eve,fizz,poppy
BUG=b:76182199
TEST=No build errors for npcx series. Passed test command of CL 979389
on npcx_evb. No symptom occurred during warm reset stress test on
soraka.
Change-Id: Ic645f7c5a2a1e49a3c1f3d7e089dd66b4bb75ac6
Signed-off-by: Mulin Chao <mlchao@nuvoton.com>
Reviewed-on: https://chromium-review.googlesource.com/979874
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
Use the reset count to determine if there was a rollback in
system_rollback_detected. Before system.c was checking if the inactive
header was newer than active one to determine if the system rolled back.
This wasn't accurate. Cr50 rollback isn't the only reason why a newer
image may be rejected. The image may have been rejected because it
wasn't signed correctly or it's corrupted, so we shouldn't be using the
newer header as a sign that there was a rollback.
The reset count is cleared when the AP boots. This means the rollback
state will be lost the first deep sleep resume after the AP has booted.
BUG=none
BRANCH=cr50
TEST=manual
flash a dbg image with version 4.0 that has two infomap bits
erased.
Check sysinfo to see that it doesn't think cr50 rolledback
flash a dbg image with version 4.4 that has one infomap bit
erased.
Make sure that 4.4 image is rejected and cr50 is still running
4.0
Check sysinfo to see that it doesn't think cr50 rolledback
flash a dbg image with version 4.4 that has two infomap bits
erased.
Make sure cr50 jumps to that image
rollback to the 4.0 image
Make sure sysinfo shows there was a rollback.
Boot the system
Make sure sysinfo shows there was a rollback.
Change-Id: I85f2e001ffed9e2185a276dfa916e9b0a05ff7bf
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/985029
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
