Add Cr50 vendor commands to hash a block of AP SPI flash or EC SPI flash. |
||||||||||||
Issue descriptionSee go/verify-ro-firmware, "Cr50 console commands for option 1" In brief: - A command to enable verification commands. This requires physical presence. Enable times out after no verification commands have been sent for some period (15 sec? 60 sec?) - A command to read a block of AP SPI flash and print the SHA-256 hash - A command to read a block of EC SPI flash and print the SHA-256 hash Commands must fail if the device is not turned off (because if the device is on, the AP and/or EC are driving SPI and Cr50 can't.) Reading EC SPI requires forcing the EC into reset and then gang programmer mode, then back out on return. Which is why enable verification needs physical presence.
,
Jan 22 2018
,
Jan 24 2018
,
Feb 9 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/ff4d22819a8cccaae7bec08a973916f39154f3b2 commit ff4d22819a8cccaae7bec08a973916f39154f3b2 Author: Randall Spangler <rspangler@chromium.org> Date: Fri Feb 09 07:42:33 2018 cr50: Add SPI hashing command This allows hashing or dumping SPI flash from the Cr50 console even on a locked device, so you can verify the RO Firmware on a system via CCD. See design doc: go/verify-ro-firmware (more specifically, "Cr50 console commands for option 1") BUG= chromium:804507 BRANCH=cr50 release (after testing) TEST=manual: # Sample sequence spihash ap -> requires physical presence; tap power button spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin spihash 0 128 dump -> dumps first 128 bytes; compare with image.bin spihash 128 128 -> offset works spihash 0 0x100000 -> gives a hash; doesn't watchdog reset spihdev ec spihash 0 1024 -> compare with ec.bin spihash disable # Test timeout spihash ap # Wait 30 seconds spihash 0 1024 -> still works # Wait 60 seconds; goes back disabled automatically spihash 0 1024 -> fails because spihash is disabled # Presence not required when CCD opened ccd open spihash ap -> no PP required spihash 0 1024 -> works spihash disable # Possible for owner to disable via CCD config ccd -> HashFlash is "Always" ccd set HashFlash IfOpened ccd lock spihash ap -> access denied # Cleanup ccd open ccd reset ccd lock Change-Id: I27b5054730dea6b27fbad1b1c4aa0a650e3b4f99 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/889725 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> [modify] https://crrev.com/ff4d22819a8cccaae7bec08a973916f39154f3b2/board/cr50/usb_spi.c [modify] https://crrev.com/ff4d22819a8cccaae7bec08a973916f39154f3b2/include/ccd_config.h [modify] https://crrev.com/ff4d22819a8cccaae7bec08a973916f39154f3b2/common/ccd_config.c
,
Feb 9 2018
Host commands implemented. Vendor commands in progress: https://chromium-review.googlesource.com/910083
,
Feb 15 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/f49e1c3b42026eeaf57df0fd86b43660ddb1c184 commit f49e1c3b42026eeaf57df0fd86b43660ddb1c184 Author: Randall Spangler <rspangler@chromium.org> Date: Thu Feb 15 21:51:00 2018 cr50: Convert spihash to TPM vendor command The console command now calls the vendor command to do the work. Otherwise, the same as before. BUG= chromium:804507 BRANCH=cr50 release (after testing) TEST=manual: # Sample sequence spihash ap -> requires physical presence; tap power button spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin spihash dump 0 128 -> dumps first 128 bytes; compare with image.bin spihash 128 128 -> offset works spihash 0 0x100000 -> gives a hash; doesn't watchdog reset spihdev ec spihash 0 1024 -> compare with ec.bin spihash disable # Test timeout spihash ap # Wait 30 seconds spihash 0 1024 -> still works # Wait 60 seconds; goes back disabled automatically spihash 0 1024 -> fails because spihash is disabled # Presence not required when CCD opened ccd open spihash ap -> no PP required spihash 0 1024 -> works spihash disable # Possible for owner to disable via CCD config ccd -> HashFlash is "Always" ccd set HashFlash IfOpened ccd lock spihash ap -> access denied # Cleanup ccd open ccd reset ccd lock Change-Id: Ife9335a1e402a7596d99bf515ec89ff94e8a0044 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/910083 Reviewed-by: Aseda Aboagye <aaboagye@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> [modify] https://crrev.com/f49e1c3b42026eeaf57df0fd86b43660ddb1c184/include/tpm_vendor_cmds.h [modify] https://crrev.com/f49e1c3b42026eeaf57df0fd86b43660ddb1c184/board/cr50/usb_spi.c
,
Feb 15 2018
Cr50-side is implemented for both console and vendor commands. Passing to Vadim to implement gsctool support for the other end of the vendor commands.
,
Feb 15 2018
Copied issue chromium:804507 to issue chromium:812880
,
Feb 15 2018
let's continue host side implementation under a different title in issue chromium:812880
,
Feb 15 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/02fb2e30f51b0373a71209cdbb10da91e0affc01 commit 02fb2e30f51b0373a71209cdbb10da91e0affc01 Author: Randall Spangler <rspangler@chromium.org> Date: Thu Feb 15 23:55:03 2018 cr50: Add SPI hashing command This allows hashing or dumping SPI flash from the Cr50 console even on a locked device, so you can verify the RO Firmware on a system via CCD. See design doc: go/verify-ro-firmware (more specifically, "Cr50 console commands for option 1") BUG= chromium:804507 BRANCH=cr50 release (after testing) TEST=manual: # Sample sequence spihash ap -> requires physical presence; tap power button spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin spihash 0 128 dump -> dumps first 128 bytes; compare with image.bin spihash 128 128 -> offset works spihash 0 0x100000 -> gives a hash; doesn't watchdog reset spihdev ec spihash 0 1024 -> compare with ec.bin spihash disable # Test timeout spihash ap # Wait 30 seconds spihash 0 1024 -> still works # Wait 60 seconds; goes back disabled automatically spihash 0 1024 -> fails because spihash is disabled # Presence not required when CCD opened ccd open spihash ap -> no PP required spihash 0 1024 -> works spihash disable # Possible for owner to disable via CCD config ccd -> HashFlash is "Always" ccd set HashFlash IfOpened ccd lock spihash ap -> access denied # Cleanup ccd open ccd reset ccd lock Change-Id: I27b5054730dea6b27fbad1b1c4aa0a650e3b4f99 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/889725 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> (cherry picked from commit ff4d22819a8cccaae7bec08a973916f39154f3b2) Reviewed-on: https://chromium-review.googlesource.com/923121 Tested-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org> [modify] https://crrev.com/02fb2e30f51b0373a71209cdbb10da91e0affc01/board/cr50/usb_spi.c [modify] https://crrev.com/02fb2e30f51b0373a71209cdbb10da91e0affc01/include/ccd_config.h [modify] https://crrev.com/02fb2e30f51b0373a71209cdbb10da91e0affc01/common/ccd_config.c
,
Feb 15 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/4407b68a74bd6338ff4afa65ac80fe68da08e008 commit 4407b68a74bd6338ff4afa65ac80fe68da08e008 Author: Randall Spangler <rspangler@chromium.org> Date: Thu Feb 15 23:55:06 2018 cr50: Convert spihash to TPM vendor command The console command now calls the vendor command to do the work. Otherwise, the same as before. BUG= chromium:804507 BRANCH=cr50 release (after testing) TEST=manual: # Sample sequence spihash ap -> requires physical presence; tap power button spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin spihash dump 0 128 -> dumps first 128 bytes; compare with image.bin spihash 128 128 -> offset works spihash 0 0x100000 -> gives a hash; doesn't watchdog reset spihdev ec spihash 0 1024 -> compare with ec.bin spihash disable # Test timeout spihash ap # Wait 30 seconds spihash 0 1024 -> still works # Wait 60 seconds; goes back disabled automatically spihash 0 1024 -> fails because spihash is disabled # Presence not required when CCD opened ccd open spihash ap -> no PP required spihash 0 1024 -> works spihash disable # Possible for owner to disable via CCD config ccd -> HashFlash is "Always" ccd set HashFlash IfOpened ccd lock spihash ap -> access denied # Cleanup ccd open ccd reset ccd lock Change-Id: Ife9335a1e402a7596d99bf515ec89ff94e8a0044 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/910083 Reviewed-by: Aseda Aboagye <aaboagye@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> (cherry picked from commit f49e1c3b42026eeaf57df0fd86b43660ddb1c184) Reviewed-on: https://chromium-review.googlesource.com/923124 Tested-by: Vadim Bendebury <vbendeb@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org> [modify] https://crrev.com/4407b68a74bd6338ff4afa65ac80fe68da08e008/include/tpm_vendor_cmds.h [modify] https://crrev.com/4407b68a74bd6338ff4afa65ac80fe68da08e008/board/cr50/usb_spi.c
,
Feb 20 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/452e997610c598e1f84f4ceb5f88e8651c939933 commit 452e997610c598e1f84f4ceb5f88e8651c939933 Author: Randall Spangler <rspangler@chromium.org> Date: Tue Feb 20 23:54:30 2018 cr50: Add SPI hashing command This allows hashing or dumping SPI flash from the Cr50 console even on a locked device, so you can verify the RO Firmware on a system via CCD. See design doc: go/verify-ro-firmware (more specifically, "Cr50 console commands for option 1") BUG= chromium:804507 BRANCH=cr50 release (after testing) TEST=manual: # Sample sequence spihash ap -> requires physical presence; tap power button spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin spihash 0 128 dump -> dumps first 128 bytes; compare with image.bin spihash 128 128 -> offset works spihash 0 0x100000 -> gives a hash; doesn't watchdog reset spihdev ec spihash 0 1024 -> compare with ec.bin spihash disable # Test timeout spihash ap # Wait 30 seconds spihash 0 1024 -> still works # Wait 60 seconds; goes back disabled automatically spihash 0 1024 -> fails because spihash is disabled # Presence not required when CCD opened ccd open spihash ap -> no PP required spihash 0 1024 -> works spihash disable # Possible for owner to disable via CCD config ccd -> HashFlash is "Always" ccd set HashFlash IfOpened ccd lock spihash ap -> access denied # Cleanup ccd open ccd reset ccd lock Change-Id: I27b5054730dea6b27fbad1b1c4aa0a650e3b4f99 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/889725 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> (cherry picked from commit ff4d22819a8cccaae7bec08a973916f39154f3b2) Reviewed-on: https://chromium-review.googlesource.com/927717 Commit-Queue: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Bendebury <vbendeb@chromium.org> [modify] https://crrev.com/452e997610c598e1f84f4ceb5f88e8651c939933/board/cr50/usb_spi.c [modify] https://crrev.com/452e997610c598e1f84f4ceb5f88e8651c939933/include/ccd_config.h [modify] https://crrev.com/452e997610c598e1f84f4ceb5f88e8651c939933/common/ccd_config.c
,
Feb 20 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/50fb91d83be03def29485eb32babb9cedb93441a commit 50fb91d83be03def29485eb32babb9cedb93441a Author: Randall Spangler <rspangler@chromium.org> Date: Tue Feb 20 23:54:42 2018 cr50: Convert spihash to TPM vendor command The console command now calls the vendor command to do the work. Otherwise, the same as before. Conflicts: include/tpm_vendor_cmds.h set to the upstream version. BUG= chromium:804507 BRANCH=cr50 release (after testing) TEST=manual: # Sample sequence spihash ap -> requires physical presence; tap power button spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin spihash dump 0 128 -> dumps first 128 bytes; compare with image.bin spihash 128 128 -> offset works spihash 0 0x100000 -> gives a hash; doesn't watchdog reset spihdev ec spihash 0 1024 -> compare with ec.bin spihash disable # Test timeout spihash ap # Wait 30 seconds spihash 0 1024 -> still works # Wait 60 seconds; goes back disabled automatically spihash 0 1024 -> fails because spihash is disabled # Presence not required when CCD opened ccd open spihash ap -> no PP required spihash 0 1024 -> works spihash disable # Possible for owner to disable via CCD config ccd -> HashFlash is "Always" ccd set HashFlash IfOpened ccd lock spihash ap -> access denied # Cleanup ccd open ccd reset ccd lock Change-Id: Ife9335a1e402a7596d99bf515ec89ff94e8a0044 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/910083 Reviewed-by: Aseda Aboagye <aaboagye@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> (cherry picked from commit f49e1c3b42026eeaf57df0fd86b43660ddb1c184) Reviewed-on: https://chromium-review.googlesource.com/927720 Commit-Queue: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Bendebury <vbendeb@chromium.org> [modify] https://crrev.com/50fb91d83be03def29485eb32babb9cedb93441a/include/tpm_vendor_cmds.h [modify] https://crrev.com/50fb91d83be03def29485eb32babb9cedb93441a/board/cr50/usb_spi.c
,
Jul 2
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/04f3de90a89ffa5cf432c5fb674bfbdfdb8e208e commit 04f3de90a89ffa5cf432c5fb674bfbdfdb8e208e Author: Randall Spangler <rspangler@chromium.org> Date: Mon Jul 02 08:28:41 2018 cr50: Add SPI hashing command This allows hashing or dumping SPI flash from the Cr50 console even on a locked device, so you can verify the RO Firmware on a system via CCD. See design doc: go/verify-ro-firmware (more specifically, "Cr50 console commands for option 1") BUG= chromium:804507 BRANCH=cr50 release (after testing) TEST=manual: # Sample sequence spihash ap -> requires physical presence; tap power button spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin spihash 0 128 dump -> dumps first 128 bytes; compare with image.bin spihash 128 128 -> offset works spihash 0 0x100000 -> gives a hash; doesn't watchdog reset spihdev ec spihash 0 1024 -> compare with ec.bin spihash disable # Test timeout spihash ap # Wait 30 seconds spihash 0 1024 -> still works # Wait 60 seconds; goes back disabled automatically spihash 0 1024 -> fails because spihash is disabled # Presence not required when CCD opened ccd open spihash ap -> no PP required spihash 0 1024 -> works spihash disable # Possible for owner to disable via CCD config ccd -> HashFlash is "Always" ccd set HashFlash IfOpened ccd lock spihash ap -> access denied # Cleanup ccd open ccd reset ccd lock Change-Id: I27b5054730dea6b27fbad1b1c4aa0a650e3b4f99 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/889725 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1122067 Reviewed-by: Marco Chen <marcochen@chromium.org> Commit-Queue: Marco Chen <marcochen@chromium.org> Tested-by: Marco Chen <marcochen@chromium.org> [modify] https://crrev.com/04f3de90a89ffa5cf432c5fb674bfbdfdb8e208e/board/cr50/usb_spi.c [modify] https://crrev.com/04f3de90a89ffa5cf432c5fb674bfbdfdb8e208e/include/ccd_config.h [modify] https://crrev.com/04f3de90a89ffa5cf432c5fb674bfbdfdb8e208e/common/ccd_config.c
,
Jul 2
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/71e51708c8b42d245eb366ce23bf564a5828f56b commit 71e51708c8b42d245eb366ce23bf564a5828f56b Author: Randall Spangler <rspangler@chromium.org> Date: Mon Jul 02 08:28:43 2018 cr50: Convert spihash to TPM vendor command The console command now calls the vendor command to do the work. Otherwise, the same as before. BUG= chromium:804507 BRANCH=cr50 release (after testing) TEST=manual: # Sample sequence spihash ap -> requires physical presence; tap power button spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin spihash dump 0 128 -> dumps first 128 bytes; compare with image.bin spihash 128 128 -> offset works spihash 0 0x100000 -> gives a hash; doesn't watchdog reset spihdev ec spihash 0 1024 -> compare with ec.bin spihash disable # Test timeout spihash ap # Wait 30 seconds spihash 0 1024 -> still works # Wait 60 seconds; goes back disabled automatically spihash 0 1024 -> fails because spihash is disabled # Presence not required when CCD opened ccd open spihash ap -> no PP required spihash 0 1024 -> works spihash disable # Possible for owner to disable via CCD config ccd -> HashFlash is "Always" ccd set HashFlash IfOpened ccd lock spihash ap -> access denied # Cleanup ccd open ccd reset ccd lock Change-Id: Ife9335a1e402a7596d99bf515ec89ff94e8a0044 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/910083 Reviewed-by: Aseda Aboagye <aaboagye@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1122069 Reviewed-by: Marco Chen <marcochen@chromium.org> Commit-Queue: Marco Chen <marcochen@chromium.org> Tested-by: Marco Chen <marcochen@chromium.org> [modify] https://crrev.com/71e51708c8b42d245eb366ce23bf564a5828f56b/include/tpm_vendor_cmds.h [modify] https://crrev.com/71e51708c8b42d245eb366ce23bf564a5828f56b/board/cr50/usb_spi.c
,
Jul 18
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/45f666f404c37f6d4f51eb84fe82cafe144680c0 commit 45f666f404c37f6d4f51eb84fe82cafe144680c0 Author: Randall Spangler <rspangler@chromium.org> Date: Wed Jul 18 05:37:54 2018 cr50: Add SPI hashing command This allows hashing or dumping SPI flash from the Cr50 console even on a locked device, so you can verify the RO Firmware on a system via CCD. See design doc: go/verify-ro-firmware (more specifically, "Cr50 console commands for option 1") BUG= chromium:804507 BRANCH=cr50 release (after testing) TEST=manual: # Sample sequence spihash ap -> requires physical presence; tap power button spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin spihash 0 128 dump -> dumps first 128 bytes; compare with image.bin spihash 128 128 -> offset works spihash 0 0x100000 -> gives a hash; doesn't watchdog reset spihdev ec spihash 0 1024 -> compare with ec.bin spihash disable # Test timeout spihash ap # Wait 30 seconds spihash 0 1024 -> still works # Wait 60 seconds; goes back disabled automatically spihash 0 1024 -> fails because spihash is disabled # Presence not required when CCD opened ccd open spihash ap -> no PP required spihash 0 1024 -> works spihash disable # Possible for owner to disable via CCD config ccd -> HashFlash is "Always" ccd set HashFlash IfOpened ccd lock spihash ap -> access denied # Cleanup ccd open ccd reset ccd lock Change-Id: I27b5054730dea6b27fbad1b1c4aa0a650e3b4f99 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/889725 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> (cherry picked from commit ff4d22819a8cccaae7bec08a973916f39154f3b2) Reviewed-on: https://chromium-review.googlesource.com/1141532 Reviewed-by: Nick Sanders <nsanders@chromium.org> Commit-Queue: Nick Sanders <nsanders@chromium.org> Tested-by: Nick Sanders <nsanders@chromium.org> [modify] https://crrev.com/45f666f404c37f6d4f51eb84fe82cafe144680c0/board/cr50/usb_spi.c [modify] https://crrev.com/45f666f404c37f6d4f51eb84fe82cafe144680c0/include/ccd_config.h [modify] https://crrev.com/45f666f404c37f6d4f51eb84fe82cafe144680c0/common/ccd_config.c
,
Jul 18
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/c876020f79602b7c4761314fbf583f9af95278bb commit c876020f79602b7c4761314fbf583f9af95278bb Author: Randall Spangler <rspangler@chromium.org> Date: Wed Jul 18 05:40:53 2018 cr50: Convert spihash to TPM vendor command The console command now calls the vendor command to do the work. Otherwise, the same as before. BUG= chromium:804507 BRANCH=cr50 release (after testing) TEST=manual: # Sample sequence spihash ap -> requires physical presence; tap power button spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin spihash dump 0 128 -> dumps first 128 bytes; compare with image.bin spihash 128 128 -> offset works spihash 0 0x100000 -> gives a hash; doesn't watchdog reset spihdev ec spihash 0 1024 -> compare with ec.bin spihash disable # Test timeout spihash ap # Wait 30 seconds spihash 0 1024 -> still works # Wait 60 seconds; goes back disabled automatically spihash 0 1024 -> fails because spihash is disabled # Presence not required when CCD opened ccd open spihash ap -> no PP required spihash 0 1024 -> works spihash disable # Possible for owner to disable via CCD config ccd -> HashFlash is "Always" ccd set HashFlash IfOpened ccd lock spihash ap -> access denied # Cleanup ccd open ccd reset ccd lock Change-Id: Ife9335a1e402a7596d99bf515ec89ff94e8a0044 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/910083 Reviewed-by: Aseda Aboagye <aaboagye@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> (cherry picked from commit f49e1c3b42026eeaf57df0fd86b43660ddb1c184) Reviewed-on: https://chromium-review.googlesource.com/1141535 Reviewed-by: Nick Sanders <nsanders@chromium.org> Commit-Queue: Nick Sanders <nsanders@chromium.org> Tested-by: Nick Sanders <nsanders@chromium.org> [modify] https://crrev.com/c876020f79602b7c4761314fbf583f9af95278bb/include/tpm_vendor_cmds.h [modify] https://crrev.com/c876020f79602b7c4761314fbf583f9af95278bb/board/cr50/usb_spi.c
,
Nov 13
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/374690fe48a3f9b579ed203be8835d2fb7350538 commit 374690fe48a3f9b579ed203be8835d2fb7350538 Author: Randall Spangler <rspangler@chromium.org> Date: Tue Nov 13 06:45:42 2018 cr50: Add SPI hashing command This allows hashing or dumping SPI flash from the Cr50 console even on a locked device, so you can verify the RO Firmware on a system via CCD. See design doc: go/verify-ro-firmware (more specifically, "Cr50 console commands for option 1") BUG= chromium:804507 BRANCH=cr50 release (after testing) TEST=manual: # Sample sequence spihash ap -> requires physical presence; tap power button spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin spihash 0 128 dump -> dumps first 128 bytes; compare with image.bin spihash 128 128 -> offset works spihash 0 0x100000 -> gives a hash; doesn't watchdog reset spihdev ec spihash 0 1024 -> compare with ec.bin spihash disable # Test timeout spihash ap # Wait 30 seconds spihash 0 1024 -> still works # Wait 60 seconds; goes back disabled automatically spihash 0 1024 -> fails because spihash is disabled # Presence not required when CCD opened ccd open spihash ap -> no PP required spihash 0 1024 -> works spihash disable # Possible for owner to disable via CCD config ccd -> HashFlash is "Always" ccd set HashFlash IfOpened ccd lock spihash ap -> access denied # Cleanup ccd open ccd reset ccd lock Change-Id: I27b5054730dea6b27fbad1b1c4aa0a650e3b4f99 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/889725 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/1332783 Reviewed-by: Marco Chen <marcochen@chromium.org> Commit-Queue: Marco Chen <marcochen@chromium.org> Tested-by: Marco Chen <marcochen@chromium.org> [modify] https://crrev.com/374690fe48a3f9b579ed203be8835d2fb7350538/board/cr50/usb_spi.c [modify] https://crrev.com/374690fe48a3f9b579ed203be8835d2fb7350538/include/ccd_config.h [modify] https://crrev.com/374690fe48a3f9b579ed203be8835d2fb7350538/common/ccd_config.c
,
Nov 13
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/513c671f20630776d1b323ba01e41148c7288282 commit 513c671f20630776d1b323ba01e41148c7288282 Author: Randall Spangler <rspangler@chromium.org> Date: Tue Nov 13 06:45:43 2018 cr50: Convert spihash to TPM vendor command The console command now calls the vendor command to do the work. Otherwise, the same as before. BUG= chromium:804507 BRANCH=cr50 release (after testing) TEST=manual: # Sample sequence spihash ap -> requires physical presence; tap power button spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin spihash dump 0 128 -> dumps first 128 bytes; compare with image.bin spihash 128 128 -> offset works spihash 0 0x100000 -> gives a hash; doesn't watchdog reset spihdev ec spihash 0 1024 -> compare with ec.bin spihash disable # Test timeout spihash ap # Wait 30 seconds spihash 0 1024 -> still works # Wait 60 seconds; goes back disabled automatically spihash 0 1024 -> fails because spihash is disabled # Presence not required when CCD opened ccd open spihash ap -> no PP required spihash 0 1024 -> works spihash disable # Possible for owner to disable via CCD config ccd -> HashFlash is "Always" ccd set HashFlash IfOpened ccd lock spihash ap -> access denied # Cleanup ccd open ccd reset ccd lock Change-Id: Ife9335a1e402a7596d99bf515ec89ff94e8a0044 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/910083 Reviewed-by: Aseda Aboagye <aaboagye@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/1221377 Reviewed-by: Marco Chen <marcochen@chromium.org> Commit-Queue: Marco Chen <marcochen@chromium.org> Tested-by: Marco Chen <marcochen@chromium.org> [modify] https://crrev.com/513c671f20630776d1b323ba01e41148c7288282/include/tpm_vendor_cmds.h [modify] https://crrev.com/513c671f20630776d1b323ba01e41148c7288282/board/cr50/usb_spi.c
,
Dec 5
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/46502e88f45de0ec4e917b77f51d9329f7162701 commit 46502e88f45de0ec4e917b77f51d9329f7162701 Author: Randall Spangler <rspangler@chromium.org> Date: Wed Dec 05 00:45:56 2018 cr50: Add SPI hashing command This allows hashing or dumping SPI flash from the Cr50 console even on a locked device, so you can verify the RO Firmware on a system via CCD. See design doc: go/verify-ro-firmware (more specifically, "Cr50 console commands for option 1") BUG= chromium:804507 BRANCH=cr50 release (after testing) TEST=manual: # Sample sequence spihash ap -> requires physical presence; tap power button spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin spihash 0 128 dump -> dumps first 128 bytes; compare with image.bin spihash 128 128 -> offset works spihash 0 0x100000 -> gives a hash; doesn't watchdog reset spihdev ec spihash 0 1024 -> compare with ec.bin spihash disable # Test timeout spihash ap # Wait 30 seconds spihash 0 1024 -> still works # Wait 60 seconds; goes back disabled automatically spihash 0 1024 -> fails because spihash is disabled # Presence not required when CCD opened ccd open spihash ap -> no PP required spihash 0 1024 -> works spihash disable # Possible for owner to disable via CCD config ccd -> HashFlash is "Always" ccd set HashFlash IfOpened ccd lock spihash ap -> access denied # Cleanup ccd open ccd reset ccd lock Change-Id: I27b5054730dea6b27fbad1b1c4aa0a650e3b4f99 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/889725 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/1332783 Reviewed-by: Marco Chen <marcochen@chromium.org> Commit-Queue: Marco Chen <marcochen@chromium.org> Tested-by: Marco Chen <marcochen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/1359938 Reviewed-by: Chia-Hsiu Chang <chia-hsiu.chang@quanta.corp-partner.google.com> Tested-by: Chia-Hsiu Chang <chia-hsiu.chang@quanta.corp-partner.google.com> Commit-Queue: Chia-Hsiu Chang <chia-hsiu.chang@quanta.corp-partner.google.com> [modify] https://crrev.com/46502e88f45de0ec4e917b77f51d9329f7162701/board/cr50/usb_spi.c [modify] https://crrev.com/46502e88f45de0ec4e917b77f51d9329f7162701/include/ccd_config.h [modify] https://crrev.com/46502e88f45de0ec4e917b77f51d9329f7162701/common/ccd_config.c
,
Dec 5
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/fb9afbca596d19d1ce9c17ea954d257b4163fc6e commit fb9afbca596d19d1ce9c17ea954d257b4163fc6e Author: Randall Spangler <rspangler@chromium.org> Date: Wed Dec 05 00:45:57 2018 cr50: Convert spihash to TPM vendor command The console command now calls the vendor command to do the work. Otherwise, the same as before. BUG= chromium:804507 BRANCH=cr50 release (after testing) TEST=manual: # Sample sequence spihash ap -> requires physical presence; tap power button spihash 0 1024 -> gives a hash; compare with first 1KB of image.bin spihash dump 0 128 -> dumps first 128 bytes; compare with image.bin spihash 128 128 -> offset works spihash 0 0x100000 -> gives a hash; doesn't watchdog reset spihdev ec spihash 0 1024 -> compare with ec.bin spihash disable # Test timeout spihash ap # Wait 30 seconds spihash 0 1024 -> still works # Wait 60 seconds; goes back disabled automatically spihash 0 1024 -> fails because spihash is disabled # Presence not required when CCD opened ccd open spihash ap -> no PP required spihash 0 1024 -> works spihash disable # Possible for owner to disable via CCD config ccd -> HashFlash is "Always" ccd set HashFlash IfOpened ccd lock spihash ap -> access denied # Cleanup ccd open ccd reset ccd lock Change-Id: Ife9335a1e402a7596d99bf515ec89ff94e8a0044 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/910083 Reviewed-by: Aseda Aboagye <aaboagye@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/1221377 Reviewed-by: Marco Chen <marcochen@chromium.org> Commit-Queue: Marco Chen <marcochen@chromium.org> Tested-by: Marco Chen <marcochen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/1359939 Reviewed-by: Chia-Hsiu Chang <chia-hsiu.chang@quanta.corp-partner.google.com> Tested-by: Chia-Hsiu Chang <chia-hsiu.chang@quanta.corp-partner.google.com> Commit-Queue: Chia-Hsiu Chang <chia-hsiu.chang@quanta.corp-partner.google.com> [modify] https://crrev.com/fb9afbca596d19d1ce9c17ea954d257b4163fc6e/include/tpm_vendor_cmds.h [modify] https://crrev.com/fb9afbca596d19d1ce9c17ea954d257b4163fc6e/board/cr50/usb_spi.c |
||||||||||||
►
Sign in to add a comment |
||||||||||||
Comment 1 by rspangler@chromium.org
, Jan 22 2018