mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2025-12-31 11:01:19 +00:00
a285acd36f
Currently, the Cr50 state machines (EC, AP, RDD, bitbang, etc.) manage their own enabling and disabling of the ports (UART, SPI, etc.) This is tricky because the rules for when ports should be enabled are non-trivial and must be applied in the correct order. In additionl the changes all need to be serialized, so that the hardware ends up in the correct state even if multiple state machines are changing simultaneously. Consolidate all of that into chip/g/rdd.c. The debug command for it is now 'ccdstate', which just prints the state machines. This will allow subsequent renaming of the 'ccdopen', etc. commands to 'ccd open', etc. Also include UART bit-banging into that state which must be consistent. Previously, it was possible for bit-banging to leave UART TX connected, instead of returning it to the previous state. Use better names for CCD config fields for UART. I'd had them backwards. BUG=b:62537474 BRANCH=cr50 TEST=manual, with a CR50_DEV=1 image 1) No servo or CCD Pull SERVO_DETECT low (disconnected) Pull CCD_MODE_L high (disabled) Pull EC_DETECT and AP_DETECT high (on) Reboot. RX is enabled even if cables are disconnected so we buffer. ccdstate -> UARTAP UARTEC Pull EC_DETECT low. ccdstate -> UARTAP Pull EC_DETECT high and AP_DETECT low. ccdstate -> UARTEC Pull AP_DETECT high. ccdstate -> UARTAP UARTEC 2) Servo only still allows UART RX Pull SERVO_DETECT high (connected). ccdstate -> UARTAP UARTEC 3) Both servo and CCD prioritizes servo. Pull CCD_MODE_L low (enabled). ccdstate -> UARTAP UARTEC Reboot, to make sure servo wins at boot time. ccdstate -> UARTAP UARTEC Bit-banging doesn't work when servo is connected. bitbang 2 9600 even -> superseded by servo bitbang -> disabled ccdstate -> UARTAP UARTEC 4) CCD only allows more ports and remembers we wanted to bit-bang Pull SERVO_DETECT low. ccdstate --> UARTAP+TX UARTEC+BB I2C SPI bitbang 2 disable ccdstate --> UARTAP+TX UARTEC+TX I2C SPI Reboot and see we don't take over servo ports until we're sure servo isn't present. ccdstate --> UARTAP UARTEC (for first second) ccdstate --> UARTAP+TX UARTEC+TX I2C SPI (after that) 5) Bit-banging takes over ECTX bitbang 2 9600 even bitbang -> baud rate 9600, parity even ccdstate -> UARTAP+TX UARTEC+BB I2C SPI bitbang 2 disable ccdstate -> UARTAP+TX UARTEC+TX I2C SPI 6) Permissions work. Allow easy access to full console and ccdopen: ccdset OpenNoTPMWipe always ccdset OpenNoLongPP always ccdset GscFullConsole always Default when locked is full AP UART EC RO, no I2C or SPI ccdlock ccdstate -> UARTAP+TX UARTEC No EC transmit permission means no bit-banging bitbang 2 9600 even bitbang -> disabled ccdstate -> UARTAP+TX UARTEC But it remembers that we wanted to ccdopen ccdstate -> UARTAP+TX UARTEC+BB I2C SPI bitbang 2 disable ccdstate -> UARTAP+TX UARTEC+TX I2C SPI Try turning on/off permissions ccdset UartGscTxECRx always ccdlock ccdstate -> UARTAP+TX UARTEC+TX No read means no write either ccdset UartGscRxECTx ifopened ccdlock ccdstate -> UARTAP+TX ccdopen ccdset UartGscRXAPTx ifopened ccdlock ccdstate -> (nothing) Check AP transmit permissions too ccdopen ccdset UartGscRxAPTx always ccdset UartGscTxAPRx ifopened ccdlock ccdstate -> UARTAP Check I2C ccdopen ccdset I2C always ccdlock ccdstate -> UARTAP I2C SPI port is enabled if either EC or AP flash is allowed ccdopen ccdset flashap always ccdlock ccdstate -> UARTAP I2C SPI ccdopen ccdset flashec always ccdset flashap ifopened ccdlock ccdstate -> UARTAP I2C SPI Back to defaults ccdoops Change-Id: I641f7ab2354570812e3fb37b470de32e5bd10db7 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/615928 Reviewed-by: Mary Ruthven <mruthven@chromium.org>
204 lines
5.1 KiB
C
204 lines
5.1 KiB
C
/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
|
|
* Use of this source code is governed by a BSD-style license that can be
|
|
* found in the LICENSE file.
|
|
*
|
|
* Case Closed Debug interface
|
|
*/
|
|
#ifndef __CROS_EC_CASE_CLOSED_DEBUG_H
|
|
#define __CROS_EC_CASE_CLOSED_DEBUG_H
|
|
|
|
enum ccd_mode {
|
|
/*
|
|
* The disabled mode tri-states the DP and DN lines.
|
|
*/
|
|
CCD_MODE_DISABLED,
|
|
|
|
/*
|
|
* The partial mode allows some CCD functionality and is to be set
|
|
* when the device is write protected and a CCD cable is detected.
|
|
* This mode gives access to the APs console.
|
|
*/
|
|
CCD_MODE_PARTIAL,
|
|
|
|
/*
|
|
* The fully enabled mode is used in factory and test lab
|
|
* configurations where it is acceptable to be able to reflash the
|
|
* device over CCD.
|
|
*/
|
|
CCD_MODE_ENABLED,
|
|
|
|
CCD_MODE_COUNT,
|
|
};
|
|
|
|
/*
|
|
* Set current CCD mode, this function is idempotent.
|
|
*/
|
|
void ccd_set_mode(enum ccd_mode new_mode);
|
|
|
|
/* Initialize the PHY based on CCD state */
|
|
void ccd_phy_init(int enable_ccd);
|
|
|
|
/*
|
|
* Get current CCD mode.
|
|
*/
|
|
enum ccd_mode ccd_get_mode(void);
|
|
|
|
/**
|
|
* Return non-zero if the CCD external interface is enabled.
|
|
*/
|
|
int ccd_ext_is_enabled(void);
|
|
|
|
/******************************************************************************/
|
|
/* New CCD "V1" configuration. Eventually this will supersede the above code */
|
|
|
|
/* Case-closed debugging state */
|
|
enum ccd_state {
|
|
CCD_STATE_LOCKED = 0,
|
|
CCD_STATE_UNLOCKED,
|
|
CCD_STATE_OPENED,
|
|
|
|
/* Number of CCD states */
|
|
CCD_STATE_COUNT
|
|
};
|
|
|
|
/* Flags */
|
|
enum ccd_flag {
|
|
/* Flags that can only be set internally; fill from bottom up */
|
|
|
|
/*
|
|
* Test lab mode is enabled. This MUST be in the first byte so that
|
|
* it's in a constant position across all versions of CCD config.
|
|
*
|
|
* Note: This is used internally by CCD config. Do NOT test this
|
|
* to control other things; use capabilities for those.
|
|
*/
|
|
CCD_FLAG_TEST_LAB = (1 << 0),
|
|
|
|
/*
|
|
* What state were we in when the password was set?
|
|
* (0=opened, 1=unlocked)
|
|
*/
|
|
CCD_FLAG_PASSWORD_SET_WHEN_UNLOCKED = (1 << 1),
|
|
|
|
/* (flags in the middle are unused) */
|
|
|
|
/* Flags that can be set via ccd_set_flags(); fill from top down */
|
|
|
|
/* Override write protect at boot */
|
|
CCD_FLAG_OVERRIDE_WP_AT_BOOT = (1 << 22),
|
|
|
|
/*
|
|
* If overriding WP at boot, set it to what value
|
|
* (0=disabled, 1=enabled)
|
|
*/
|
|
CCD_FLAG_OVERRIDE_WP_STATE_ENABLED = (1 << 23),
|
|
};
|
|
|
|
/* Capabilities */
|
|
enum ccd_capability {
|
|
/* UARTs to/from AP and EC */
|
|
CCD_CAP_GSC_RX_AP_TX = 0,
|
|
CCD_CAP_GSC_TX_AP_RX = 1,
|
|
CCD_CAP_GSC_RX_EC_TX = 2,
|
|
CCD_CAP_GSC_TX_EC_RX = 3,
|
|
|
|
/* Access to AP SPI flash */
|
|
CCD_CAP_AP_FLASH = 4,
|
|
|
|
/* Access to EC flash (SPI or internal) */
|
|
CCD_CAP_EC_FLASH = 5,
|
|
|
|
/* Override WP temporarily or at boot */
|
|
CCD_CAP_OVERRIDE_WP = 6,
|
|
|
|
/* Reboot EC or AP */
|
|
CCD_CAP_REBOOT_EC_AP = 7,
|
|
|
|
/* GSC restricted console commands */
|
|
CCD_CAP_GSC_RESTRICTED_CONSOLE = 8,
|
|
|
|
/* Allow ccd-unlock or ccd-open without AP reboot */
|
|
CCD_CAP_UNLOCK_WITHOUT_AP_REBOOT = 9,
|
|
|
|
/* Allow ccd-unlock or ccd-open without short physical presence */
|
|
CCD_CAP_UNLOCK_WITHOUT_SHORT_PP = 10,
|
|
|
|
/* Allow ccd-open without wiping TPM data */
|
|
CCD_CAP_OPEN_WITHOUT_TPM_WIPE = 11,
|
|
|
|
/* Allow ccd-open without long physical presence */
|
|
CCD_CAP_OPEN_WITHOUT_LONG_PP = 12,
|
|
|
|
/* Allow removing the battery to bypass physical presence requirement */
|
|
CCD_CAP_REMOVE_BATTERY_BYPASSES_PP = 13,
|
|
|
|
/* Allow GSC firmware update without wiping TPM data */
|
|
CCD_CAP_GSC_FW_UPDATE_WITHOUT_TPM_WIPE = 14,
|
|
|
|
/* Access to I2C via USB */
|
|
CCD_CAP_I2C = 15,
|
|
|
|
/* Number of currently defined capabilities */
|
|
CCD_CAP_COUNT
|
|
};
|
|
|
|
/**
|
|
* Initialize CCD configuration at boot.
|
|
*
|
|
* This must be called before any command which gets/sets the configuration.
|
|
*
|
|
* @param state Initial case-closed debugging state. This should be
|
|
* CCD_STATE_LOCKED unless this is a debug build, or if
|
|
* a previous value is being restored after a low-power
|
|
* resume.
|
|
*/
|
|
void ccd_config_init(enum ccd_state state);
|
|
|
|
/**
|
|
* Get a single CCD flag.
|
|
*
|
|
* @param flag Flag to get
|
|
* @return 1 if flag is set, 0 if flag is clear
|
|
*/
|
|
int ccd_get_flag(enum ccd_flag flag);
|
|
|
|
/**
|
|
* Set a single CCD flag.
|
|
*
|
|
* @param flag Flag to set
|
|
* @param value New value for flag (0=clear, non-zero=set)
|
|
* @return EC_SUCCESS or non-zero error code.
|
|
*/
|
|
int ccd_set_flag(enum ccd_flag flag, int value);
|
|
|
|
/**
|
|
* Check if a CCD capability is enabled in the current CCD mode.
|
|
*
|
|
* @param cap Capability to check
|
|
* @return 1 if capability is enabled, 0 if disabled
|
|
*/
|
|
int ccd_is_cap_enabled(enum ccd_capability cap);
|
|
|
|
/**
|
|
* Get the current CCD state.
|
|
*
|
|
* This is intended for use by the board if it needs to back up the CCD state
|
|
* across low-power states and then restore it when calling ccd_config_init().
|
|
* Do NOT use this to gate debug capabilities; use ccd_is_cap_enabled() or
|
|
* ccd_get_flag() instead.
|
|
*
|
|
* @return The current CCD state.
|
|
*/
|
|
enum ccd_state ccd_get_state(void);
|
|
|
|
/**
|
|
* Force CCD disabled.
|
|
*
|
|
* This should be called if security checks fail and for some reason the board
|
|
* can't immediately reboot. It locks CCD and disables all CCD capabilities
|
|
* until reboot.
|
|
*/
|
|
void ccd_disable(void);
|
|
|
|
#endif /* __CROS_EC_CASE_CLOSED_DEBUG_H */
|