1*4f2df630SAndroid Build Coastguard Worker# Google Security Chip (GSC) Case Closed Debugging (CCD) 2*4f2df630SAndroid Build Coastguard Worker 3*4f2df630SAndroid Build Coastguard WorkerCr50 or Ti50 is the firmware that runs on the Google Security Chip (GSC), which 4*4f2df630SAndroid Build Coastguard Workerhas support for [Case Closed Debugging](CCD). 5*4f2df630SAndroid Build Coastguard Worker 6*4f2df630SAndroid Build Coastguard WorkerThis document explains how to setup CCD, so you can access all of the necessary 7*4f2df630SAndroid Build Coastguard Workerfeatures to develop firmware on your Chrome OS device, access 8*4f2df630SAndroid Build Coastguard Worker[debug consoles][consoles], and [disable hardware write protect][hw-wp]. 9*4f2df630SAndroid Build Coastguard Worker 10*4f2df630SAndroid Build Coastguard Worker[TOC] 11*4f2df630SAndroid Build Coastguard Worker 12*4f2df630SAndroid Build Coastguard Worker## Overview 13*4f2df630SAndroid Build Coastguard Worker 14*4f2df630SAndroid Build Coastguard WorkerGSC CCD was designed to restrict CCD access to device owners and is implemented 15*4f2df630SAndroid Build Coastguard Workerthrough **CCD privilege levels** ([`Open`], [`Unlocked`], [`Locked`]) that can 16*4f2df630SAndroid Build Coastguard Workerbe used to enable access to different **[CCD capabilities][cap]**. Capability 17*4f2df630SAndroid Build Coastguard Workersettings can be modified to require certain privilege levels to access each 18*4f2df630SAndroid Build Coastguard Workercapability. Device owners can use these settings to customize CCD so that it is 19*4f2df630SAndroid Build Coastguard Workeras open or restricted as they want. 20*4f2df630SAndroid Build Coastguard Worker 21*4f2df630SAndroid Build Coastguard WorkerGSC CCD exposes [3 debug consoles][consoles]: AP, EC, and GSC as well as control 22*4f2df630SAndroid Build Coastguard Workerover [Hardware Write Protect][hw-wp]. GSC CCD also allows 23*4f2df630SAndroid Build Coastguard Worker[flashing the AP firmware] or [flashing the EC firmware]. 24*4f2df630SAndroid Build Coastguard Worker 25*4f2df630SAndroid Build Coastguard Worker### Capability and Privilege Levels {#cap-priv} 26*4f2df630SAndroid Build Coastguard Worker 27*4f2df630SAndroid Build Coastguard WorkerPrivilege Levels | 28*4f2df630SAndroid Build Coastguard Worker---------------- | 29*4f2df630SAndroid Build Coastguard Worker`Open` | 30*4f2df630SAndroid Build Coastguard Worker`Unlocked` | 31*4f2df630SAndroid Build Coastguard Worker`Locked` | 32*4f2df630SAndroid Build Coastguard Worker 33*4f2df630SAndroid Build Coastguard WorkerCapability Setting | Definition 34*4f2df630SAndroid Build Coastguard Worker------------------ | ---------- 35*4f2df630SAndroid Build Coastguard Worker`IfOpened` | Specified capability is allowed if GSC Privilege Level is `Open`. 36*4f2df630SAndroid Build Coastguard Worker`UnlessLocked` | Specified capability is allowed unless GSC Privilege Level is `Locked`. 37*4f2df630SAndroid Build Coastguard Worker`Always` | Specified capability is always allowed, regardless of GSC Privilege Level. 38*4f2df630SAndroid Build Coastguard Worker 39*4f2df630SAndroid Build Coastguard WorkerCapability Setting | Privilege Level Required 40*4f2df630SAndroid Build Coastguard Worker------------------ | ---------------------------------------- 41*4f2df630SAndroid Build Coastguard Worker`IfOpened` | `Open` 42*4f2df630SAndroid Build Coastguard Worker`UnlessLocked` | `Open` or `Unlocked` 43*4f2df630SAndroid Build Coastguard Worker`Always` | `Open`, `Unlocked`, `Locked` (any state) 44*4f2df630SAndroid Build Coastguard Worker 45*4f2df630SAndroid Build Coastguard Worker## CCD Capabilities {#cap} 46*4f2df630SAndroid Build Coastguard Worker 47*4f2df630SAndroid Build Coastguard WorkerThe default GSC privilege level is [`Locked`] with the following capability 48*4f2df630SAndroid Build Coastguard Workersettings: 49*4f2df630SAndroid Build Coastguard Worker 50*4f2df630SAndroid Build Coastguard WorkerCapability | Default | Function 51*4f2df630SAndroid Build Coastguard Worker----------------- | ---------- | -------- 52*4f2df630SAndroid Build Coastguard Worker`UartGscRxAPTx` | `Always` | AP console read access 53*4f2df630SAndroid Build Coastguard Worker`UartGscTxAPRx` | `Always` | AP console write access 54*4f2df630SAndroid Build Coastguard Worker`UartGscRxECTx` | `Always` | EC console read access 55*4f2df630SAndroid Build Coastguard Worker`UartGscTxECRx` | `IfOpened` | EC console write access 56*4f2df630SAndroid Build Coastguard Worker[`FlashAP`] | `IfOpened` | Allows flashing the AP 57*4f2df630SAndroid Build Coastguard Worker[`FlashEC`] | `IfOpened` | Allows flashing the EC 58*4f2df630SAndroid Build Coastguard Worker[`OverrideWP`] | `IfOpened` | Override hardware write protect 59*4f2df630SAndroid Build Coastguard Worker`RebootECAP` | `IfOpened` | Allow rebooting the EC/AP from the GSC console 60*4f2df630SAndroid Build Coastguard Worker`GscFullConsole` | `IfOpened` | Allow access to restricted GSC console commands 61*4f2df630SAndroid Build Coastguard Worker`UnlockNoReboot` | `Always` | Allow unlocking GSC without rebooting the AP 62*4f2df630SAndroid Build Coastguard Worker`UnlockNoShortPP` | `Always` | Allow unlocking GSC without physical presence 63*4f2df630SAndroid Build Coastguard Worker`OpenNoTPMWipe` | `IfOpened` | Allow opening GSC without wiping the TPM 64*4f2df630SAndroid Build Coastguard Worker`OpenNoLongPP` | `IfOpened` | Allow opening GSC without physical presence 65*4f2df630SAndroid Build Coastguard Worker`BatteryBypassPP` | `Always` | Allow opening GSC without physical presence and developer mode if the battery is removed 66*4f2df630SAndroid Build Coastguard Worker`Unused` | `Always` | Doesn't do anything 67*4f2df630SAndroid Build Coastguard Worker`I2C` | `IfOpened` | Allow access to the I2C controller (used for measuring power) 68*4f2df630SAndroid Build Coastguard Worker`FlashRead` | `Always` | Allow dumping a hash of the AP or EC flash 69*4f2df630SAndroid Build Coastguard Worker`OpenNoDevMode` | `IfOpened` | Allow opening GSC without developer mode 70*4f2df630SAndroid Build Coastguard Worker`OpenFromUSB` | `IfOpened` | Allow opening GSC from USB 71*4f2df630SAndroid Build Coastguard Worker 72*4f2df630SAndroid Build Coastguard Worker## Consoles {#consoles} 73*4f2df630SAndroid Build Coastguard Worker 74*4f2df630SAndroid Build Coastguard WorkerGSC presents 3 consoles through CCD: AP, EC, and GSC, each of which show up on 75*4f2df630SAndroid Build Coastguard Workeryour host machine as a `/dev/ttyUSBX` device when a debug cable ([Suzy-Q] or 76*4f2df630SAndroid Build Coastguard Worker[Type-C Servo v4]) is plugged in to the DUT. 77*4f2df630SAndroid Build Coastguard Worker 78*4f2df630SAndroid Build Coastguard WorkerConsole | Default access | Capability Name 79*4f2df630SAndroid Build Coastguard Worker------- | ------------------------------------------- | --------------- 80*4f2df630SAndroid Build Coastguard WorkerGSC | always read/write, but commands are limited | `GscFullConsole` enables the full set of GSC console commands 81*4f2df630SAndroid Build Coastguard WorkerAP | read/write | `UartGscRxAPTx` / `UartGscTxAPRx` 82*4f2df630SAndroid Build Coastguard WorkerEC | read-only | `UartGscRxECTx` / `UartGscTxECRx` 83*4f2df630SAndroid Build Coastguard Worker 84*4f2df630SAndroid Build Coastguard Worker### Connecting to a Console 85*4f2df630SAndroid Build Coastguard Worker 86*4f2df630SAndroid Build Coastguard WorkerWhen a debug cable ([Suzy-Q] or [Type-C Servo v4]) is plugged in to the DUT, the 87*4f2df630SAndroid Build Coastguard Worker3 consoles will show up as `/dev/ttyUSBX` devices. You can connect to them with 88*4f2df630SAndroid Build Coastguard Workeryour favorite terminal program (e.g., `minicom`, `screen`, etc). You can also 89*4f2df630SAndroid Build Coastguard Workeruse the [`usb_console`] command to connect to Cr50 (`18d1:5014`) or Ti50 90*4f2df630SAndroid Build Coastguard Worker(`18d1:504a`) and specify the interface to choose between the consoles. 91*4f2df630SAndroid Build Coastguard Worker 92*4f2df630SAndroid Build Coastguard Worker```bash 93*4f2df630SAndroid Build Coastguard Worker# Install `usb_console` 94*4f2df630SAndroid Build Coastguard Worker(chroot) sudo emerge ec-devutils 95*4f2df630SAndroid Build Coastguard Worker``` 96*4f2df630SAndroid Build Coastguard Worker 97*4f2df630SAndroid Build Coastguard Worker```bash 98*4f2df630SAndroid Build Coastguard Worker# Connect to Cr50 (GSC) console 99*4f2df630SAndroid Build Coastguard Worker(chroot) $ sudo usb_console -d 18d1:5014 100*4f2df630SAndroid Build Coastguard Worker# Connect to Ti50 (GSC) console 101*4f2df630SAndroid Build Coastguard Worker(chroot) $ sudo usb_console -d 18d1:504a 102*4f2df630SAndroid Build Coastguard Worker``` 103*4f2df630SAndroid Build Coastguard Worker 104*4f2df630SAndroid Build Coastguard Worker```bash 105*4f2df630SAndroid Build Coastguard Worker# Connect to AP console (on Cr50-based device) 106*4f2df630SAndroid Build Coastguard Worker(chroot) $ sudo usb_console -d 18d1:5014 -i 1 107*4f2df630SAndroid Build Coastguard Worker# Connect to AP console (on Ti50-based device) 108*4f2df630SAndroid Build Coastguard Worker(chroot) $ sudo usb_console -d 18d1:504a -i 1 109*4f2df630SAndroid Build Coastguard Worker``` 110*4f2df630SAndroid Build Coastguard Worker 111*4f2df630SAndroid Build Coastguard Worker```bash 112*4f2df630SAndroid Build Coastguard Worker# Connect to EC console (on Cr50-based device) 113*4f2df630SAndroid Build Coastguard Worker(chroot) $ sudo usb_console -d 18d1:5014 -i 2 114*4f2df630SAndroid Build Coastguard Worker# Connect to EC console (on Ti50-based device) 115*4f2df630SAndroid Build Coastguard Worker(chroot) $ sudo usb_console -d 18d1:504a -i 2 116*4f2df630SAndroid Build Coastguard Worker``` 117*4f2df630SAndroid Build Coastguard Worker 118*4f2df630SAndroid Build Coastguard Worker#### Using "servod" to access the console 119*4f2df630SAndroid Build Coastguard Worker 120*4f2df630SAndroid Build Coastguard Worker[`servod`] can be used to create alternative console devices when combined with 121*4f2df630SAndroid Build Coastguard Workera [Servo]. 122*4f2df630SAndroid Build Coastguard Worker 123*4f2df630SAndroid Build Coastguard WorkerFirst, make sure your [servo firmware is updated][update servo v4]. 124*4f2df630SAndroid Build Coastguard Worker 125*4f2df630SAndroid Build Coastguard WorkerNext, start [`servod`]: 126*4f2df630SAndroid Build Coastguard Worker 127*4f2df630SAndroid Build Coastguard Worker```bash 128*4f2df630SAndroid Build Coastguard Worker(chroot) $ sudo servod -b $BOARD 129*4f2df630SAndroid Build Coastguard Worker``` 130*4f2df630SAndroid Build Coastguard Worker 131*4f2df630SAndroid Build Coastguard WorkerThen use `dut-control` to display the console devices: 132*4f2df630SAndroid Build Coastguard Worker 133*4f2df630SAndroid Build Coastguard Worker```bash 134*4f2df630SAndroid Build Coastguard Worker(chroot) $ dut-control gsc_uart_pty ec_uart_pty cpu_uart_pty 135*4f2df630SAndroid Build Coastguard Worker``` 136*4f2df630SAndroid Build Coastguard Worker 137*4f2df630SAndroid Build Coastguard WorkerConnect to the console devices with your favorite terminal program (e.g., 138*4f2df630SAndroid Build Coastguard Worker`minicom`, `screen`, etc.). 139*4f2df630SAndroid Build Coastguard Worker 140*4f2df630SAndroid Build Coastguard Worker## CCD Open {#ccd-open} 141*4f2df630SAndroid Build Coastguard Worker 142*4f2df630SAndroid Build Coastguard WorkerSome basic CCD functionality is accessible by default: read-only access to the 143*4f2df630SAndroid Build Coastguard WorkerEC console, read-write access to the AP console, and a few basic GSC console 144*4f2df630SAndroid Build Coastguard Workercommands. Note that while GSC has read-write access to the AP console by 145*4f2df630SAndroid Build Coastguard Workerdefault, the AP console itself is disabled for production devices. 146*4f2df630SAndroid Build Coastguard Worker 147*4f2df630SAndroid Build Coastguard WorkerIn order to access all CCD functionality or to modify capability settings, GSC 148*4f2df630SAndroid Build Coastguard WorkerCCD needs to be [`Open`]. 149*4f2df630SAndroid Build Coastguard Worker 150*4f2df630SAndroid Build Coastguard Worker1. Connect to the GSC console by connecting a [Suzy-Q] or [Type-C Servo v4] to 151*4f2df630SAndroid Build Coastguard Worker the DUT and running one of the following commands: 152*4f2df630SAndroid Build Coastguard Worker 153*4f2df630SAndroid Build Coastguard Worker ```bash 154*4f2df630SAndroid Build Coastguard Worker # Connect to Cr50 (GSC) console 155*4f2df630SAndroid Build Coastguard Worker (chroot) $ sudo usb_console -d 18d1:5014 156*4f2df630SAndroid Build Coastguard Worker # Connect to Ti50 (GSC) console 157*4f2df630SAndroid Build Coastguard Worker (chroot) $ sudo usb_console -d 18d1:504a 158*4f2df630SAndroid Build Coastguard Worker ``` 159*4f2df630SAndroid Build Coastguard Worker 160*4f2df630SAndroid Build Coastguard Worker *** note 161*4f2df630SAndroid Build Coastguard Worker **NOTE**: If another program is already connected to the GSC console, 162*4f2df630SAndroid Build Coastguard Worker you'll see `tx [Errno 16] Resource Busy`. For example, this will happen if 163*4f2df630SAndroid Build Coastguard Worker [`servod`] is running. 164*4f2df630SAndroid Build Coastguard Worker *** 165*4f2df630SAndroid Build Coastguard Worker 166*4f2df630SAndroid Build Coastguard Worker1. At the GSC console, use the `version` command to make sure you have a recent 167*4f2df630SAndroid Build Coastguard Worker enough version to use CCD. The relevant version is either `RW_A` or `RW_B`, 168*4f2df630SAndroid Build Coastguard Worker whichever has the asterisk next to it: 169*4f2df630SAndroid Build Coastguard Worker 170*4f2df630SAndroid Build Coastguard Worker ``` 171*4f2df630SAndroid Build Coastguard Worker cr50 > version 172*4f2df630SAndroid Build Coastguard Worker 173*4f2df630SAndroid Build Coastguard Worker Chip: g cr50 B2-C 174*4f2df630SAndroid Build Coastguard Worker Board: 0 175*4f2df630SAndroid Build Coastguard Worker RO_A: * 0.0.10/29d77172 176*4f2df630SAndroid Build Coastguard Worker RO_B: 0.0.10/c2a3f8f9 177*4f2df630SAndroid Build Coastguard Worker RW_A: * 0.3.23/cr50_v1.9308_87_mp.320-aa1dd98 <---- This is the version 178*4f2df630SAndroid Build Coastguard Worker RW_B: 0.3.18/cr50_v1.9308_87_mp.236-8052858 179*4f2df630SAndroid Build Coastguard Worker BID A: 00000000:00000000:00000000 Yes 180*4f2df630SAndroid Build Coastguard Worker BID B: 00000000:00000000:00000000 Yes 181*4f2df630SAndroid Build Coastguard Worker Build: 0.3.23/cr50_v1.9308_87_mp.320-aa1dd98 182*4f2df630SAndroid Build Coastguard Worker tpm2:v1.9308_26_0.36-d1631ea 183*4f2df630SAndroid Build Coastguard Worker cryptoc:v1.9308_26_0.2-a4a45f5 184*4f2df630SAndroid Build Coastguard Worker 2019-10-14 19:18:05 @chromeos-ci-legacy-us-central2 185*4f2df630SAndroid Build Coastguard Worker ``` 186*4f2df630SAndroid Build Coastguard Worker 187*4f2df630SAndroid Build Coastguard Worker1. Production (`MP`) versions of Cr50 firmware use a [minor version][semver] of 188*4f2df630SAndroid Build Coastguard Worker `3`: `0.3.x`. Production firmware versions `0.3.9` or newer support CCD. 189*4f2df630SAndroid Build Coastguard Worker 190*4f2df630SAndroid Build Coastguard Worker Production (`MP`) versions of Ti50 firmware use a [minor version][semver] of 191*4f2df630SAndroid Build Coastguard Worker `23`: `0.23.x`. 192*4f2df630SAndroid Build Coastguard Worker 193*4f2df630SAndroid Build Coastguard Worker Development (`PrePVT`) versions of Cr50 firmware use a minor version of `4`: 194*4f2df630SAndroid Build Coastguard Worker `0.4.x`. Development firmware versions `0.4.9` or newer support CCD. 195*4f2df630SAndroid Build Coastguard Worker 196*4f2df630SAndroid Build Coastguard Worker Development (`PrePVT`) versions of Ti50 firmware use a minor version of 197*4f2df630SAndroid Build Coastguard Worker `24`: `0.24.x`. 198*4f2df630SAndroid Build Coastguard Worker 199*4f2df630SAndroid Build Coastguard Worker Your device likely supports CCD if it was manufactured in the last few 200*4f2df630SAndroid Build Coastguard Worker years. If you have an older version, follow the [Updating Cr50] instructions 201*4f2df630SAndroid Build Coastguard Worker before continuing. 202*4f2df630SAndroid Build Coastguard Worker 203*4f2df630SAndroid Build Coastguard Worker1. Put the device into [Recovery Mode] and enable [Developer Mode]. 204*4f2df630SAndroid Build Coastguard Worker 205*4f2df630SAndroid Build Coastguard Worker *** note 206*4f2df630SAndroid Build Coastguard Worker **NOTE**: Developer Mode has to be enabled as described. Using GBB flags to 207*4f2df630SAndroid Build Coastguard Worker force Developer Mode will not work. 208*4f2df630SAndroid Build Coastguard Worker *** 209*4f2df630SAndroid Build Coastguard Worker 210*4f2df630SAndroid Build Coastguard Worker If you can't put your device into [Developer Mode] because it doesn't boot, 211*4f2df630SAndroid Build Coastguard Worker follow the [CCD Open Without Booting the Device] instructions. 212*4f2df630SAndroid Build Coastguard Worker 213*4f2df630SAndroid Build Coastguard Worker1. Verify GSC knows the device is in [Developer Mode] by finding `TPM: 214*4f2df630SAndroid Build Coastguard Worker dev_mode` in the GSC console `ccd` command output: 215*4f2df630SAndroid Build Coastguard Worker 216*4f2df630SAndroid Build Coastguard Worker ``` 217*4f2df630SAndroid Build Coastguard Worker (gsc) > ccd 218*4f2df630SAndroid Build Coastguard Worker ... 219*4f2df630SAndroid Build Coastguard Worker TPM: dev_mode <==== This is the important part 220*4f2df630SAndroid Build Coastguard Worker ... 221*4f2df630SAndroid Build Coastguard Worker ``` 222*4f2df630SAndroid Build Coastguard Worker 223*4f2df630SAndroid Build Coastguard Worker1. Start the CCD open process from the AP. 224*4f2df630SAndroid Build Coastguard Worker 225*4f2df630SAndroid Build Coastguard Worker ```bash 226*4f2df630SAndroid Build Coastguard Worker (dut) $ gsctool -a -o 227*4f2df630SAndroid Build Coastguard Worker ``` 228*4f2df630SAndroid Build Coastguard Worker 229*4f2df630SAndroid Build Coastguard Worker1. Over the next 5 minutes you will be prompted to press the power button 230*4f2df630SAndroid Build Coastguard Worker multiple times. After the last power button press the device will reboot. 231*4f2df630SAndroid Build Coastguard Worker 232*4f2df630SAndroid Build Coastguard Worker *** note 233*4f2df630SAndroid Build Coastguard Worker **WARNING**: Opening CCD causes GSC to forget that it is in 234*4f2df630SAndroid Build Coastguard Worker [Developer Mode], so when the device reboots, it will either say that 235*4f2df630SAndroid Build Coastguard Worker the OS image is invalid or it will enter a bootloop. Use the key 236*4f2df630SAndroid Build Coastguard Worker combinations to enter [Recovery Mode] and re-enable [Developer Mode]. 237*4f2df630SAndroid Build Coastguard Worker See [this bug] for details. 238*4f2df630SAndroid Build Coastguard Worker *** 239*4f2df630SAndroid Build Coastguard Worker 240*4f2df630SAndroid Build Coastguard Worker1. Use the `ccd` command on the GSC console to verify the state is [`Open`]: 241*4f2df630SAndroid Build Coastguard Worker 242*4f2df630SAndroid Build Coastguard Worker ``` 243*4f2df630SAndroid Build Coastguard Worker (gsc) > ccd 244*4f2df630SAndroid Build Coastguard Worker 245*4f2df630SAndroid Build Coastguard Worker State: Opened 246*4f2df630SAndroid Build Coastguard Worker ... 247*4f2df630SAndroid Build Coastguard Worker ``` 248*4f2df630SAndroid Build Coastguard Worker 249*4f2df630SAndroid Build Coastguard Worker1. **The [`Open`] state is lost if GSC reboots, the device loses power (e.g., 250*4f2df630SAndroid Build Coastguard Worker battery runs out and AC is not plugged in), or the battery is removed. Note 251*4f2df630SAndroid Build Coastguard Worker that GSC does not reboot when the system reboots; it only reboots if it is 252*4f2df630SAndroid Build Coastguard Worker updated, the devices loses power, the battery runs out, or it crashes**. If 253*4f2df630SAndroid Build Coastguard Worker you plan on [flashing the AP firmware] or [flashing the EC firmware], it is 254*4f2df630SAndroid Build Coastguard Worker recommended you modify the capability settings or set a CCD password, so you 255*4f2df630SAndroid Build Coastguard Worker can reopen the device in the case that you accidentally brick it with bad 256*4f2df630SAndroid Build Coastguard Worker firmware. The simplest way to do this is to reset to factory settings and 257*4f2df630SAndroid Build Coastguard Worker enable testlab mode: 258*4f2df630SAndroid Build Coastguard Worker 259*4f2df630SAndroid Build Coastguard Worker ``` 260*4f2df630SAndroid Build Coastguard Worker (gsc) > ccd reset factory 261*4f2df630SAndroid Build Coastguard Worker ``` 262*4f2df630SAndroid Build Coastguard Worker 263*4f2df630SAndroid Build Coastguard Worker ``` 264*4f2df630SAndroid Build Coastguard Worker (gsc) > ccd testlab enable 265*4f2df630SAndroid Build Coastguard Worker ``` 266*4f2df630SAndroid Build Coastguard Worker 267*4f2df630SAndroid Build Coastguard Worker For full details, see the section on [CCD Open Without Booting the Device]. 268*4f2df630SAndroid Build Coastguard Worker 269*4f2df630SAndroid Build Coastguard Worker## Configuring CCD Capability Settings 270*4f2df630SAndroid Build Coastguard Worker 271*4f2df630SAndroid Build Coastguard WorkerCCD capabilities allow you to configure CCD to restrict or open the device as 272*4f2df630SAndroid Build Coastguard Workermuch as you want. You can use the `ccd` command on the GSC console to check and 273*4f2df630SAndroid Build Coastguard Workermodify the capabilities, but CCD has to be [`Open`] to change the capabilities. 274*4f2df630SAndroid Build Coastguard Worker 275*4f2df630SAndroid Build Coastguard WorkerSetting capabilities you want to use to [`Always`] will make them accessible 276*4f2df630SAndroid Build Coastguard Workereven if CCD loses the [`Open`] state, which happens when GSC reboots or the 277*4f2df630SAndroid Build Coastguard Workerdevice loses power. 278*4f2df630SAndroid Build Coastguard Worker 279*4f2df630SAndroid Build Coastguard WorkerBasic CCD functionality is covered by `UartGscTxECRx`, `UartGscRxECTx`, 280*4f2df630SAndroid Build Coastguard Worker`UartGscTxAPRx`, `UartGscRxAPTx`, [`FlashAP`], [`FlashEC`], [`OverrideWP`], and 281*4f2df630SAndroid Build Coastguard Worker`GscFullConsole`. 282*4f2df630SAndroid Build Coastguard Worker 283*4f2df630SAndroid Build Coastguard Worker``` 284*4f2df630SAndroid Build Coastguard Worker(gsc) > ccd set $CAPABILITY $REQUIREMENT 285*4f2df630SAndroid Build Coastguard Worker``` 286*4f2df630SAndroid Build Coastguard Worker 287*4f2df630SAndroid Build Coastguard Worker### Examples 288*4f2df630SAndroid Build Coastguard Worker 289*4f2df630SAndroid Build Coastguard Worker#### EC Console 290*4f2df630SAndroid Build Coastguard Worker 291*4f2df630SAndroid Build Coastguard WorkerIf the EC console needs to be read-write even when CCD is [`Locked`] set the 292*4f2df630SAndroid Build Coastguard Workercapability to [`Always`]: 293*4f2df630SAndroid Build Coastguard Worker 294*4f2df630SAndroid Build Coastguard Worker``` 295*4f2df630SAndroid Build Coastguard Worker(gsc) > ccd set UartGscTxECRx Always 296*4f2df630SAndroid Build Coastguard Worker``` 297*4f2df630SAndroid Build Coastguard Worker 298*4f2df630SAndroid Build Coastguard Worker#### Restrict Consoles 299*4f2df630SAndroid Build Coastguard Worker 300*4f2df630SAndroid Build Coastguard WorkerIf you want to restrict capabilities more than [`Always`], you can set them to 301*4f2df630SAndroid Build Coastguard Worker[`IfOpened`], which will make it so that it is only accessible when CCD is 302*4f2df630SAndroid Build Coastguard Worker[`Open`]ed, not [`Lock`]ed: 303*4f2df630SAndroid Build Coastguard Worker 304*4f2df630SAndroid Build Coastguard Worker##### Restrict EC 305*4f2df630SAndroid Build Coastguard Worker 306*4f2df630SAndroid Build Coastguard Worker``` 307*4f2df630SAndroid Build Coastguard Worker(gsc) > ccd set UartGscTxECRx IfOpened 308*4f2df630SAndroid Build Coastguard Worker(gsc) > ccd set UartGscRxECTx IfOpened 309*4f2df630SAndroid Build Coastguard Worker``` 310*4f2df630SAndroid Build Coastguard Worker 311*4f2df630SAndroid Build Coastguard Worker##### Restrict AP 312*4f2df630SAndroid Build Coastguard Worker 313*4f2df630SAndroid Build Coastguard Worker``` 314*4f2df630SAndroid Build Coastguard Worker(gsc) > ccd set UartGscTxAPRx IfOpened 315*4f2df630SAndroid Build Coastguard Worker(gsc) > ccd set UartGscRxAPTx IfOpened 316*4f2df630SAndroid Build Coastguard Worker``` 317*4f2df630SAndroid Build Coastguard Worker 318*4f2df630SAndroid Build Coastguard Worker#### Most Accessible 319*4f2df630SAndroid Build Coastguard Worker 320*4f2df630SAndroid Build Coastguard WorkerIf you want things as accessible as possible and want all capabilities to be 321*4f2df630SAndroid Build Coastguard Worker[`Always`], you can run 322*4f2df630SAndroid Build Coastguard Worker 323*4f2df630SAndroid Build Coastguard Worker``` 324*4f2df630SAndroid Build Coastguard Worker(gsc) > ccd reset factory 325*4f2df630SAndroid Build Coastguard Worker``` 326*4f2df630SAndroid Build Coastguard Worker 327*4f2df630SAndroid Build Coastguard WorkerThis will also permanently disable write protect. To reset write protect run 328*4f2df630SAndroid Build Coastguard Worker 329*4f2df630SAndroid Build Coastguard Worker``` 330*4f2df630SAndroid Build Coastguard Worker(gsc) > wp follow_batt_pres atboot 331*4f2df630SAndroid Build Coastguard Worker``` 332*4f2df630SAndroid Build Coastguard Worker 333*4f2df630SAndroid Build Coastguard WorkerTo reset capabilities to Default run 334*4f2df630SAndroid Build Coastguard Worker 335*4f2df630SAndroid Build Coastguard Worker``` 336*4f2df630SAndroid Build Coastguard Worker(gsc) > ccd reset 337*4f2df630SAndroid Build Coastguard Worker``` 338*4f2df630SAndroid Build Coastguard Worker 339*4f2df630SAndroid Build Coastguard Worker## Flashing EC {#flashec} 340*4f2df630SAndroid Build Coastguard Worker 341*4f2df630SAndroid Build Coastguard WorkerFlashing the EC is restricted by the `FlashEC` capability. 342*4f2df630SAndroid Build Coastguard Worker 343*4f2df630SAndroid Build Coastguard WorkerThe steps to flash the EC differ based on the board being used, but the 344*4f2df630SAndroid Build Coastguard Worker[`flash_ec`] script will handle this for you. 345*4f2df630SAndroid Build Coastguard Worker 346*4f2df630SAndroid Build Coastguard Worker```bash 347*4f2df630SAndroid Build Coastguard Worker(chroot) $ sudo servod -b $BOARD 348*4f2df630SAndroid Build Coastguard Worker(chroot) $ ~/trunk/src/platform/ec/util/flash_ec -i $IMAGE -b $BOARD 349*4f2df630SAndroid Build Coastguard Worker``` 350*4f2df630SAndroid Build Coastguard Worker 351*4f2df630SAndroid Build Coastguard Worker## Flashing the AP {#flashap} 352*4f2df630SAndroid Build Coastguard Worker 353*4f2df630SAndroid Build Coastguard Worker*** note 354*4f2df630SAndroid Build Coastguard Worker**WARNING**: Before attempting to flash the AP firmware, start with the 355*4f2df630SAndroid Build Coastguard Worker[CCD Open] steps; if you flash broken firmware before opening CCD, you may make 356*4f2df630SAndroid Build Coastguard Workerit impossible to restore your device to a working state. 357*4f2df630SAndroid Build Coastguard Worker*** 358*4f2df630SAndroid Build Coastguard Worker 359*4f2df630SAndroid Build Coastguard WorkerFlashing the AP is restricted by the `FlashAP` capability. 360*4f2df630SAndroid Build Coastguard Worker 361*4f2df630SAndroid Build Coastguard Worker```bash 362*4f2df630SAndroid Build Coastguard Worker(chroot) $ sudo flashrom -p raiden_debug_spi:target=AP -w $IMAGE 363*4f2df630SAndroid Build Coastguard Worker``` 364*4f2df630SAndroid Build Coastguard Worker 365*4f2df630SAndroid Build Coastguard WorkerThis default flashing command takes a very long time to complete, there are ways 366*4f2df630SAndroid Build Coastguard Workerto [speed up the flashing process] by cutting some corners. 367*4f2df630SAndroid Build Coastguard Worker 368*4f2df630SAndroid Build Coastguard WorkerIf you have many CCD devices connected, you may want to use the GSC serial 369*4f2df630SAndroid Build Coastguard Workernumber: 370*4f2df630SAndroid Build Coastguard Worker 371*4f2df630SAndroid Build Coastguard Worker```bash 372*4f2df630SAndroid Build Coastguard Worker# For Cr50-based device 373*4f2df630SAndroid Build Coastguard Worker(chroot) $ lsusb -vd 18d1:5014 | grep iSerial 374*4f2df630SAndroid Build Coastguard Worker# For Tir50-based device 375*4f2df630SAndroid Build Coastguard Worker(chroot) $ lsusb -vd 18d1:504a | grep iSerial 376*4f2df630SAndroid Build Coastguard Worker``` 377*4f2df630SAndroid Build Coastguard Worker 378*4f2df630SAndroid Build Coastguard WorkerYou can then add the serial number to the [`flashrom`] command: 379*4f2df630SAndroid Build Coastguard Worker 380*4f2df630SAndroid Build Coastguard Worker```bash 381*4f2df630SAndroid Build Coastguard Worker(chroot) $ sudo flashrom -p raiden_debug_spi:target=AP,serial=$SERIAL -w $IMAGE 382*4f2df630SAndroid Build Coastguard Worker``` 383*4f2df630SAndroid Build Coastguard Worker 384*4f2df630SAndroid Build Coastguard Worker**If you don't see GSC print any messages when you're running the [`flashrom`] 385*4f2df630SAndroid Build Coastguard Workercommand and you have more than one GSC device connected to your workstation, you 386*4f2df630SAndroid Build Coastguard Workerprobably need to use the serial number.** 387*4f2df630SAndroid Build Coastguard Worker 388*4f2df630SAndroid Build Coastguard Worker### Special Cases {#flashap-special-cases} 389*4f2df630SAndroid Build Coastguard Worker 390*4f2df630SAndroid Build Coastguard WorkerGSC puts the device in reset to flash the AP. Due to hardware limitations GSC 391*4f2df630SAndroid Build Coastguard Workermay not be able to disable hardware write protect while the device is in reset. 392*4f2df630SAndroid Build Coastguard WorkerIf you want to reflash the AP RO firmware using CCD and your board has issues 393*4f2df630SAndroid Build Coastguard Workerdisabling hardware write protect, you may need to also disable software write 394*4f2df630SAndroid Build Coastguard Workerprotect. 395*4f2df630SAndroid Build Coastguard Worker 396*4f2df630SAndroid Build Coastguard WorkerIf you suspect the board you are using has this issue, you can try this: 397*4f2df630SAndroid Build Coastguard Worker 398*4f2df630SAndroid Build Coastguard Worker1. Disable write protect using the GSC console command: 399*4f2df630SAndroid Build Coastguard Worker 400*4f2df630SAndroid Build Coastguard Worker ``` 401*4f2df630SAndroid Build Coastguard Worker (gsc) > wp disable 402*4f2df630SAndroid Build Coastguard Worker ``` 403*4f2df630SAndroid Build Coastguard Worker 404*4f2df630SAndroid Build Coastguard Worker2. Disable software write protect via CCD: 405*4f2df630SAndroid Build Coastguard Worker 406*4f2df630SAndroid Build Coastguard Worker ```bash 407*4f2df630SAndroid Build Coastguard Worker (chroot) $ sudo futility flash --wp-disable --servo 408*4f2df630SAndroid Build Coastguard Worker ``` 409*4f2df630SAndroid Build Coastguard Worker 410*4f2df630SAndroid Build Coastguard Worker## Control Hardware Write Protect {#hw-wp} 411*4f2df630SAndroid Build Coastguard Worker 412*4f2df630SAndroid Build Coastguard WorkerControl of hardware write protect is restricted by the `OverrideWP` capability. 413*4f2df630SAndroid Build Coastguard WorkerWhen the capability is allowed, the hardware write protect setting can be 414*4f2df630SAndroid Build Coastguard Workercontrolled with the `wp` command in the GSC console. Otherwise, the hardware 415*4f2df630SAndroid Build Coastguard Workerwrite protect is determined based on the presence of the battery. 416*4f2df630SAndroid Build Coastguard Worker 417*4f2df630SAndroid Build Coastguard WorkerHardware Write Protect Setting | Battery State | Hardware Write Protect State 418*4f2df630SAndroid Build Coastguard Worker------------------------------ | ------------------------------ | ---------------------------- 419*4f2df630SAndroid Build Coastguard Worker`follow_batt_pres` | Connected | Enabled 420*4f2df630SAndroid Build Coastguard Worker`follow_batt_pres` | Disconnected | Disabled 421*4f2df630SAndroid Build Coastguard Worker`follow_batt_pres` | N/A (Chromebox has no battery) | Write Protect Screw means Enabled 422*4f2df630SAndroid Build Coastguard Worker`enabled` | Any | Enabled 423*4f2df630SAndroid Build Coastguard Worker`disabled` | Any | Disabled 424*4f2df630SAndroid Build Coastguard Worker 425*4f2df630SAndroid Build Coastguard Worker### Write Protect Commands 426*4f2df630SAndroid Build Coastguard Worker 427*4f2df630SAndroid Build Coastguard Worker``` 428*4f2df630SAndroid Build Coastguard Worker(gsc) > wp [enable|disable|follow_batt_pres] 429*4f2df630SAndroid Build Coastguard Worker``` 430*4f2df630SAndroid Build Coastguard Worker 431*4f2df630SAndroid Build Coastguard WorkerThere are two write protect settings: the current setting and the `atboot` 432*4f2df630SAndroid Build Coastguard Workersetting. 433*4f2df630SAndroid Build Coastguard Worker 434*4f2df630SAndroid Build Coastguard WorkerThe `wp` command adjusts the current write protect setting that will last until 435*4f2df630SAndroid Build Coastguard WorkerGSC reboots or loses power. Note that GSC does not reboot when the rest of the 436*4f2df630SAndroid Build Coastguard Workersystem reboots. It will only reboot in the cases where the firmware is being 437*4f2df630SAndroid Build Coastguard Workerupdated, it crashes, the battery completely drains, the battery is removed, or 438*4f2df630SAndroid Build Coastguard Workerpower is otherwise lost. 439*4f2df630SAndroid Build Coastguard Worker 440*4f2df630SAndroid Build Coastguard WorkerThe `atboot` setting is the state of the write protect when GSC boots; it 441*4f2df630SAndroid Build Coastguard Workerdefaults to `follow_batt_pres`. 442*4f2df630SAndroid Build Coastguard Worker 443*4f2df630SAndroid Build Coastguard WorkerTo change the `atboot` setting, add the `atboot` arg to the end of the `wp` 444*4f2df630SAndroid Build Coastguard Workercommand: 445*4f2df630SAndroid Build Coastguard Worker 446*4f2df630SAndroid Build Coastguard Worker``` 447*4f2df630SAndroid Build Coastguard Worker(gsc) > wp [enable|disable|follow_batt_pres] atboot 448*4f2df630SAndroid Build Coastguard Worker``` 449*4f2df630SAndroid Build Coastguard Worker 450*4f2df630SAndroid Build Coastguard WorkerYou can query the write protect state with `gsctool`: 451*4f2df630SAndroid Build Coastguard Worker 452*4f2df630SAndroid Build Coastguard Worker```bash 453*4f2df630SAndroid Build Coastguard Worker(dut) $ gsctool -a -w 454*4f2df630SAndroid Build Coastguard Worker 455*4f2df630SAndroid Build Coastguard Worker... 456*4f2df630SAndroid Build Coastguard WorkerFlash WP: forced disabled <-- Current hardware write protect state 457*4f2df630SAndroid Build Coastguard Worker at boot: forced disabled <-- "atboot" hardware write protect state 458*4f2df630SAndroid Build Coastguard Worker 459*4f2df630SAndroid Build Coastguard Worker``` 460*4f2df630SAndroid Build Coastguard Worker 461*4f2df630SAndroid Build Coastguard Worker`gsctool -a -w` Status | Hardware Write Protect State 462*4f2df630SAndroid Build Coastguard Worker---------------------- | ------------------------------------ 463*4f2df630SAndroid Build Coastguard Worker`forced disabled` | Disabled 464*4f2df630SAndroid Build Coastguard Worker`forced enabled` | Enabled 465*4f2df630SAndroid Build Coastguard Worker`enabled` | Enabled, following battery presence 466*4f2df630SAndroid Build Coastguard Worker`disabled` | Disabled, following battery presence 467*4f2df630SAndroid Build Coastguard Worker 468*4f2df630SAndroid Build Coastguard Worker### Special Case Devices 469*4f2df630SAndroid Build Coastguard Worker 470*4f2df630SAndroid Build Coastguard WorkerBob devices have a write protect screw in addition to battery presence. The 471*4f2df630SAndroid Build Coastguard Workerwrite protect screw will force enable write protect until it's removed. If GSC 472*4f2df630SAndroid Build Coastguard Workeris set to `follow_batt_pres`, you need to remove the write protect screw and 473*4f2df630SAndroid Build Coastguard Workerdisconnect the battery to disable write protect. If you run `wp disable`, you 474*4f2df630SAndroid Build Coastguard Workerwill also need to remove the screw. 475*4f2df630SAndroid Build Coastguard Worker 476*4f2df630SAndroid Build Coastguard WorkerIf you are attempting to flash the AP, see the [Flashing the AP Special Cases] 477*4f2df630SAndroid Build Coastguard Workersection for additional steps you may have to take to disable write protection. 478*4f2df630SAndroid Build Coastguard Worker 479*4f2df630SAndroid Build Coastguard Worker## UART Rescue mode 480*4f2df630SAndroid Build Coastguard Worker 481*4f2df630SAndroid Build Coastguard Worker### Overview 482*4f2df630SAndroid Build Coastguard Worker 483*4f2df630SAndroid Build Coastguard WorkerUART Rescue Mode is a feature of the GSC RO firmware that supports programming 484*4f2df630SAndroid Build Coastguard Workerthe RW firmware using only the UART interface. This is used to recover a bad RW 485*4f2df630SAndroid Build Coastguard Workerfirmware update (which should be rare). 486*4f2df630SAndroid Build Coastguard Worker 487*4f2df630SAndroid Build Coastguard WorkerThis is also useful when bringing up new designs, as this allows to update GSC 488*4f2df630SAndroid Build Coastguard Workerimage even before USB CCD or TPM interfaces are operational. 489*4f2df630SAndroid Build Coastguard Worker 490*4f2df630SAndroid Build Coastguard WorkerUART rescue works on all existing devices, all it requires is that GSC console 491*4f2df630SAndroid Build Coastguard Workeris mapped to a `/dev/xxx` device on the workstation (the same device used to 492*4f2df630SAndroid Build Coastguard Workerattach a terminal to the console). 493*4f2df630SAndroid Build Coastguard Worker 494*4f2df630SAndroid Build Coastguard WorkerRescue works as follows: when the RO starts, after printing the regular banner 495*4f2df630SAndroid Build Coastguard Workeron the console it prints a magic string to the console and momentarily waits for 496*4f2df630SAndroid Build Coastguard Workerthe host to send a sync symbol, to indicate that an alternative RW will have to 497*4f2df630SAndroid Build Coastguard Workerbe loaded over UART. The RO also enters this mode if there is no valid RW to 498*4f2df630SAndroid Build Coastguard Workerrun. 499*4f2df630SAndroid Build Coastguard Worker 500*4f2df630SAndroid Build Coastguard WorkerWhen rescue mode is triggered, the RO is expecting the host to transfer a single 501*4f2df630SAndroid Build Coastguard WorkerRW image in hex format. 502*4f2df630SAndroid Build Coastguard Worker 503*4f2df630SAndroid Build Coastguard WorkerFollow the [brescue](./gsc_without_servod.md#gsc-rescue) procedure to perform a 504*4f2df630SAndroid Build Coastguard WorkerGSC rescue. 505*4f2df630SAndroid Build Coastguard Worker 506*4f2df630SAndroid Build Coastguard Worker## CCD Open Without Booting the Device {#ccd-open-no-boot} 507*4f2df630SAndroid Build Coastguard Worker 508*4f2df630SAndroid Build Coastguard WorkerIf you can’t boot your device, you won’t be able to enable [Developer Mode] to 509*4f2df630SAndroid Build Coastguard Workersend the open command from the AP. If you have enabled CCD on the device before, 510*4f2df630SAndroid Build Coastguard WorkerGSC may be configured in a way that you can still open GSC. 511*4f2df630SAndroid Build Coastguard Worker 512*4f2df630SAndroid Build Coastguard Worker### Option 1: Remove the battery 513*4f2df630SAndroid Build Coastguard Worker 514*4f2df630SAndroid Build Coastguard WorkerIf you can remove the battery, you can bypass the [Developer Mode] requirements. 515*4f2df630SAndroid Build Coastguard Worker`ccd open` is allowed from the GSC console if the Chrome OS Firmware Management 516*4f2df630SAndroid Build Coastguard WorkerParameters (`FWMP`) do not disable CCD and the battery is disconnected. This is 517*4f2df630SAndroid Build Coastguard Workerthe most universal method and will work even if you haven’t enabled CCD before. 518*4f2df630SAndroid Build Coastguard Worker 519*4f2df630SAndroid Build Coastguard Worker1. Disconnect the battery 520*4f2df630SAndroid Build Coastguard Worker 521*4f2df630SAndroid Build Coastguard Worker1. Send `ccd open` from the GSC console. 522*4f2df630SAndroid Build Coastguard Worker 523*4f2df630SAndroid Build Coastguard Worker### Option 2: "OpenNoDevMode" and "OpenFromUSB" are set to Always 524*4f2df630SAndroid Build Coastguard Worker 525*4f2df630SAndroid Build Coastguard WorkerIf "OpenNoDevMode" and "OpenFromUSB" are set to Always, you will be able to open 526*4f2df630SAndroid Build Coastguard WorkerGSC from the GSC console without enabling [Developer Mode]: 527*4f2df630SAndroid Build Coastguard Worker 528*4f2df630SAndroid Build Coastguard Worker``` 529*4f2df630SAndroid Build Coastguard Worker(gsc) > ccd open 530*4f2df630SAndroid Build Coastguard Worker``` 531*4f2df630SAndroid Build Coastguard Worker 532*4f2df630SAndroid Build Coastguard WorkerYou will still need physical presence (i.e., press the power button) unless 533*4f2df630SAndroid Build Coastguard Worker`testlab` mode is also enabled: 534*4f2df630SAndroid Build Coastguard Worker 535*4f2df630SAndroid Build Coastguard Worker``` 536*4f2df630SAndroid Build Coastguard Worker(gsc) > ccd testlab 537*4f2df630SAndroid Build Coastguard Worker CCD test lab mode enabled 538*4f2df630SAndroid Build Coastguard Worker``` 539*4f2df630SAndroid Build Coastguard Worker 540*4f2df630SAndroid Build Coastguard Worker#### Enabling 541*4f2df630SAndroid Build Coastguard Worker 542*4f2df630SAndroid Build Coastguard WorkerIf CCD is [`Open`], you can enable these settings with: 543*4f2df630SAndroid Build Coastguard Worker 544*4f2df630SAndroid Build Coastguard Worker``` 545*4f2df630SAndroid Build Coastguard Worker(gsc) > ccd set OpenFromUSB Always 546*4f2df630SAndroid Build Coastguard Worker(gsc) > ccd set OpenNoDevMode Always 547*4f2df630SAndroid Build Coastguard Worker``` 548*4f2df630SAndroid Build Coastguard Worker 549*4f2df630SAndroid Build Coastguard Worker### Option 3: CCD Password is Set 550*4f2df630SAndroid Build Coastguard Worker 551*4f2df630SAndroid Build Coastguard WorkerIf the CCD password is set, you can open from the GSC console without 552*4f2df630SAndroid Build Coastguard Worker[Developer Mode]. 553*4f2df630SAndroid Build Coastguard Worker 554*4f2df630SAndroid Build Coastguard Worker``` 555*4f2df630SAndroid Build Coastguard Worker(gsc) > ccd open $PASSWORD 556*4f2df630SAndroid Build Coastguard Worker(gsc) > ccd unlock $PASSWORD 557*4f2df630SAndroid Build Coastguard Worker``` 558*4f2df630SAndroid Build Coastguard Worker 559*4f2df630SAndroid Build Coastguard WorkerAlternatively, you can use `gsctool`, entering the password when prompted: 560*4f2df630SAndroid Build Coastguard Worker 561*4f2df630SAndroid Build Coastguard Worker``` 562*4f2df630SAndroid Build Coastguard Worker(dut) $ gsctool -a -o 563*4f2df630SAndroid Build Coastguard Worker(dut) $ gsctool -a -u 564*4f2df630SAndroid Build Coastguard Worker``` 565*4f2df630SAndroid Build Coastguard Worker 566*4f2df630SAndroid Build Coastguard Worker#### Enabling 567*4f2df630SAndroid Build Coastguard Worker 568*4f2df630SAndroid Build Coastguard WorkerWhen CCD is [`Open`], run the `gsctool` command and enter the password when 569*4f2df630SAndroid Build Coastguard Workerprompted. 570*4f2df630SAndroid Build Coastguard Worker 571*4f2df630SAndroid Build Coastguard Worker```bash 572*4f2df630SAndroid Build Coastguard Worker(chroot) $ gsctool -a -P 573*4f2df630SAndroid Build Coastguard Worker``` 574*4f2df630SAndroid Build Coastguard Worker 575*4f2df630SAndroid Build Coastguard WorkerYou can use the CCD command on the GSC console to check if the password is set. 576*4f2df630SAndroid Build Coastguard Worker 577*4f2df630SAndroid Build Coastguard Worker``` 578*4f2df630SAndroid Build Coastguard Worker(gsc) > ccd 579*4f2df630SAndroid Build Coastguard Worker ... 580*4f2df630SAndroid Build Coastguard Worker Password: [none|set] 581*4f2df630SAndroid Build Coastguard Worker ... 582*4f2df630SAndroid Build Coastguard Worker``` 583*4f2df630SAndroid Build Coastguard Worker 584*4f2df630SAndroid Build Coastguard Worker#### Disabling 585*4f2df630SAndroid Build Coastguard Worker 586*4f2df630SAndroid Build Coastguard WorkerWhen CCD is [`Open`], you can use `gsctool` to clear the password: 587*4f2df630SAndroid Build Coastguard Worker 588*4f2df630SAndroid Build Coastguard Worker```bash 589*4f2df630SAndroid Build Coastguard Worker(dut) $ gsctool -a -P clear:$PASSWORD 590*4f2df630SAndroid Build Coastguard Worker``` 591*4f2df630SAndroid Build Coastguard Worker 592*4f2df630SAndroid Build Coastguard WorkerAlternatively, you can use the GSC console to clear the password and reset CCD 593*4f2df630SAndroid Build Coastguard Workercapabilities to their default values: 594*4f2df630SAndroid Build Coastguard Worker 595*4f2df630SAndroid Build Coastguard Worker``` 596*4f2df630SAndroid Build Coastguard Worker(gsc) > ccd reset 597*4f2df630SAndroid Build Coastguard Worker``` 598*4f2df630SAndroid Build Coastguard Worker 599*4f2df630SAndroid Build Coastguard Worker## Troubleshooting 600*4f2df630SAndroid Build Coastguard Worker 601*4f2df630SAndroid Build Coastguard Worker### rddkeepalive 602*4f2df630SAndroid Build Coastguard Worker 603*4f2df630SAndroid Build Coastguard WorkerGSC only enables CCD when it detects a debug accessory is connected (e.g., 604*4f2df630SAndroid Build Coastguard Worker[Suzy-Q] or [Type-C Servo v4]). It detects the cable based on the voltages on 605*4f2df630SAndroid Build Coastguard Workerthe CC lines. If you are flashing the EC and AP or working with unstable 606*4f2df630SAndroid Build Coastguard Workerhardware, these CC voltages may become unreliable for detecting a debug 607*4f2df630SAndroid Build Coastguard Workeraccessory. 608*4f2df630SAndroid Build Coastguard Worker 609*4f2df630SAndroid Build Coastguard WorkerTo work around this, you can force GSC to always assume that a debug cable is 610*4f2df630SAndroid Build Coastguard Workerdetected: 611*4f2df630SAndroid Build Coastguard Worker 612*4f2df630SAndroid Build Coastguard Worker``` 613*4f2df630SAndroid Build Coastguard Worker(gsc) > rddkeepalive enable 614*4f2df630SAndroid Build Coastguard Worker``` 615*4f2df630SAndroid Build Coastguard Worker 616*4f2df630SAndroid Build Coastguard Worker*** note 617*4f2df630SAndroid Build Coastguard Worker**NOTE**: Enabling `rddkeepalive` does increase power consumption. 618*4f2df630SAndroid Build Coastguard Worker*** 619*4f2df630SAndroid Build Coastguard Worker 620*4f2df630SAndroid Build Coastguard WorkerTo disable: 621*4f2df630SAndroid Build Coastguard Worker 622*4f2df630SAndroid Build Coastguard Worker``` 623*4f2df630SAndroid Build Coastguard Worker(gsc) > rddkeepalive disable 624*4f2df630SAndroid Build Coastguard Worker``` 625*4f2df630SAndroid Build Coastguard Worker 626*4f2df630SAndroid Build Coastguard Worker### Updating GSC {#updating-cr50} 627*4f2df630SAndroid Build Coastguard Worker 628*4f2df630SAndroid Build Coastguard WorkerProduction (`MP`) versions of Cr50 firmware use a [minor version][semver] of 629*4f2df630SAndroid Build Coastguard Worker`3`: `0.3.x`. Production firmware versions `0.3.9` or newer support CCD. 630*4f2df630SAndroid Build Coastguard Worker 631*4f2df630SAndroid Build Coastguard WorkerProduction (`MP`) versions of Ti50 firmware use a [minor version][semver] of 632*4f2df630SAndroid Build Coastguard Worker`23`: `0.23.x`. 633*4f2df630SAndroid Build Coastguard Worker 634*4f2df630SAndroid Build Coastguard WorkerDevelopment (`PrePVT`) versions of Cr50 firmware use a minor version of `4`: 635*4f2df630SAndroid Build Coastguard Worker`0.4.x`. Development firmware versions `0.4.9` or newer support CCD. 636*4f2df630SAndroid Build Coastguard Worker 637*4f2df630SAndroid Build Coastguard WorkerDevelopment (`PrePVT`) versions of Ti50 firmware use a minor version of `24`: 638*4f2df630SAndroid Build Coastguard Worker`0.24.x`. 639*4f2df630SAndroid Build Coastguard Worker 640*4f2df630SAndroid Build Coastguard WorkerThere aren't many differences between the MP and PrePVT versions of images, but 641*4f2df630SAndroid Build Coastguard Workerit is a little easier to CCD [`Open`] PrePVT images. You can't run PrePVT images 642*4f2df630SAndroid Build Coastguard Workeron MP devices, so if you're trying to update to PrePVT and it fails try using 643*4f2df630SAndroid Build Coastguard Workerthe MP image. 644*4f2df630SAndroid Build Coastguard Worker 645*4f2df630SAndroid Build Coastguard Worker1. Flash a test image newer than M66. 646*4f2df630SAndroid Build Coastguard Worker 647*4f2df630SAndroid Build Coastguard Worker1. Enable [Developer Mode] and connect a debug cable ([`Suzy-Q`] or [`Type-C 648*4f2df630SAndroid Build Coastguard Worker Servo v4`]). 649*4f2df630SAndroid Build Coastguard Worker 650*4f2df630SAndroid Build Coastguard Worker1. Check the running GSC version with `gsctool`: 651*4f2df630SAndroid Build Coastguard Worker 652*4f2df630SAndroid Build Coastguard Worker```bash 653*4f2df630SAndroid Build Coastguard Worker(dut) $ sudo gsctool -a -f 654*4f2df630SAndroid Build Coastguard Worker 655*4f2df630SAndroid Build Coastguard Worker... 656*4f2df630SAndroid Build Coastguard WorkerRW 0.4.26 <-- The "RW" version is the one to check 657*4f2df630SAndroid Build Coastguard Worker``` 658*4f2df630SAndroid Build Coastguard Worker 659*4f2df630SAndroid Build Coastguard Worker1. Update GSC using the firmware in the OS image: 660*4f2df630SAndroid Build Coastguard Worker 661*4f2df630SAndroid Build Coastguard Worker*Production (MP) image*: 662*4f2df630SAndroid Build Coastguard Worker 663*4f2df630SAndroid Build Coastguard Worker```bash 664*4f2df630SAndroid Build Coastguard Worker(dut) $ sudo gsctool -a /opt/google/cr50/firmware/cr50.bin.prod 665*4f2df630SAndroid Build Coastguard Worker(dut) $ sudo gsctool -a /opt/google/ti50/firmware/ti50.bin.prod 666*4f2df630SAndroid Build Coastguard Worker``` 667*4f2df630SAndroid Build Coastguard Worker 668*4f2df630SAndroid Build Coastguard Worker*Development (PrePVT) image*: 669*4f2df630SAndroid Build Coastguard Worker 670*4f2df630SAndroid Build Coastguard Worker```bash 671*4f2df630SAndroid Build Coastguard Worker(dut) $ sudo gsctool -a /opt/google/cr50/firmware/cr50.bin.prepvt 672*4f2df630SAndroid Build Coastguard Worker(dut) $ sudo gsctool -a /opt/google/ti50/firmware/ti50.bin.prepvt 673*4f2df630SAndroid Build Coastguard Worker``` 674*4f2df630SAndroid Build Coastguard Worker 675*4f2df630SAndroid Build Coastguard Worker1. Check the GSC version again to make sure it's either `0.3.X` or `0.4.X`, or 676*4f2df630SAndroid Build Coastguard Worker check the Ti50 version again to make sure it's either `0.23.X` or `0.24.X`. 677*4f2df630SAndroid Build Coastguard Worker 678*4f2df630SAndroid Build Coastguard Worker### Speed up Flashing the AP {#speed-up-ap-flash} 679*4f2df630SAndroid Build Coastguard Worker 680*4f2df630SAndroid Build Coastguard WorkerIn the [default AP flashing steps][flashap] [`flashrom`] reads the entire flash 681*4f2df630SAndroid Build Coastguard Workercontents and only erases and programs the pages that have to be modified. 682*4f2df630SAndroid Build Coastguard WorkerHowever, when GSC controls the SPI bus, it can only run at 1.5 MHz, versus the 683*4f2df630SAndroid Build Coastguard Worker50 MHz that the AP normally runs it at. 684*4f2df630SAndroid Build Coastguard Worker 685*4f2df630SAndroid Build Coastguard WorkerWe can take advantage of the fact that Chrome OS device AP firmware is split 686*4f2df630SAndroid Build Coastguard Workerinto sections, only a few of which are essential for maintaining the device 687*4f2df630SAndroid Build Coastguard Workeridentity and for booting the device in recovery mode to program faster by only 688*4f2df630SAndroid Build Coastguard Workerreading and writing sections we care about: 689*4f2df630SAndroid Build Coastguard Worker 690*4f2df630SAndroid Build Coastguard Worker```bash 691*4f2df630SAndroid Build Coastguard Worker# This will save device flash map and VPD sections in 692*4f2df630SAndroid Build Coastguard Worker# /tmp/bios.essentials.bin. VPD sections contain information like device 693*4f2df630SAndroid Build Coastguard Worker# firmware ID, WiFi calibration, enrollment status, etc. Use the below command 694*4f2df630SAndroid Build Coastguard Worker# only if you need to preserve the DUT's identity, no need to run it in case 695*4f2df630SAndroid Build Coastguard Worker# the DUT flash is not programmed at all, or you do not care about preserving 696*4f2df630SAndroid Build Coastguard Worker# the device identity. 697*4f2df630SAndroid Build Coastguard Workersudo flashrom -p raiden_debug_spi:target=AP -i FMAP -i RO_VPD -i RW_VPD -r /tmp/bios.essentials.bin 698*4f2df630SAndroid Build Coastguard Worker 699*4f2df630SAndroid Build Coastguard Worker# This command will erase the entire flash chip in one shot, the fastest 700*4f2df630SAndroid Build Coastguard Worker# possible way to erase. 701*4f2df630SAndroid Build Coastguard Workersudo flashrom -p raiden_debug_spi:target=AP -E 702*4f2df630SAndroid Build Coastguard Worker 703*4f2df630SAndroid Build Coastguard Worker# This command will program essential flash sections necessary for the 704*4f2df630SAndroid Build Coastguard Worker# Chrome OS device to boot in recovery mode. Note that the SI_ALL section is 705*4f2df630SAndroid Build Coastguard Worker# not always present in the flash image, do not include it if it is not in 706*4f2df630SAndroid Build Coastguard Worker# dump_fmap output. 707*4f2df630SAndroid Build Coastguard Workersudo flashrom -p raiden_debug_spi:target=AP -w image-atlas.bin -i FMAP -i WP_RO [-i SI_ALL] --noverify 708*4f2df630SAndroid Build Coastguard Worker 709*4f2df630SAndroid Build Coastguard Worker# This command will restore the previously preserved VPD sections of the 710*4f2df630SAndroid Build Coastguard Worker# flash, provided it was saved in the first step above. 711*4f2df630SAndroid Build Coastguard Workersudo flashrom -p raiden_debug_spi:target=AP -w /tmp/bios.essential.bin -i RO_VPD -i RW_VPD --noverify 712*4f2df630SAndroid Build Coastguard Worker``` 713*4f2df630SAndroid Build Coastguard Worker 714*4f2df630SAndroid Build Coastguard WorkerOnce flash is programmed, the device can be booted in recovery mode and start 715*4f2df630SAndroid Build Coastguard WorkerChrome OS from external storage, following the usual recovery procedure. Once 716*4f2df630SAndroid Build Coastguard WorkerChrome OS is installed, AP flash can be updated to include the rest of the image 717*4f2df630SAndroid Build Coastguard Workerby running [`flashrom`] or `futility` from the device bash prompt. 718*4f2df630SAndroid Build Coastguard Worker 719*4f2df630SAndroid Build Coastguard Worker[Case Closed Debugging]: ./case_closed_debugging.md 720*4f2df630SAndroid Build Coastguard Worker[chromeos-cr50 ebuild]: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/refs/heads/main/chromeos-base/chromeos-cr50/chromeos-cr50-0.0.1.ebuild 721*4f2df630SAndroid Build Coastguard Worker[chromeos-ti50 ebuild]: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/refs/heads/main/chromeos-base/chromeos-ti50/chromeos-ti50-0.0.1.ebuild 722*4f2df630SAndroid Build Coastguard Worker[Developer Mode]: https://chromium.googlesource.com/chromiumos/docs/+/main/developer_mode.md#dev-mode 723*4f2df630SAndroid Build Coastguard Worker[Recovery Mode]: https://chromium.googlesource.com/chromiumos/docs/+/main/debug_buttons.md 724*4f2df630SAndroid Build Coastguard Worker[Servo]: https://chromium.googlesource.com/chromiumos/third_party/hdctools/+/main/docs/servo.md 725*4f2df630SAndroid Build Coastguard Worker[`servod`]: https://chromium.googlesource.com/chromiumos/third_party/hdctools/+/main/docs/servo.md 726*4f2df630SAndroid Build Coastguard Worker[Type-C Servo v4]: https://chromium.googlesource.com/chromiumos/third_party/hdctools/+/main/docs/servo_v4.md 727*4f2df630SAndroid Build Coastguard Worker[update servo v4]: https://chromium.googlesource.com/chromiumos/third_party/hdctools/+/main/docs/servo_v4.md#updating-firmware 728*4f2df630SAndroid Build Coastguard Worker[Suzy-Q]: https://chromium.googlesource.com/chromiumos/third_party/hdctools/+/main/docs/ccd.md#SuzyQ-SuzyQable 729*4f2df630SAndroid Build Coastguard Worker[`hdctools`]: https://chromium.googlesource.com/chromiumos/third_party/hdctools/+/refs/heads/main/README.md 730*4f2df630SAndroid Build Coastguard Worker[`FlashAP`]: #flashap 731*4f2df630SAndroid Build Coastguard Worker[flashing the AP firmware]: #flashap 732*4f2df630SAndroid Build Coastguard Worker[flashap]: #flashap 733*4f2df630SAndroid Build Coastguard Worker[Flashing the AP Special Cases]: #flashap-special-cases 734*4f2df630SAndroid Build Coastguard Worker[`FlashEC`]: #flashec 735*4f2df630SAndroid Build Coastguard Worker[flashing the EC firmware]: #flashec 736*4f2df630SAndroid Build Coastguard Worker[`OverrideWP`]: #hw-wp 737*4f2df630SAndroid Build Coastguard Worker[`Always`]: #cap-priv 738*4f2df630SAndroid Build Coastguard Worker[`IfOpened`]: #cap-priv 739*4f2df630SAndroid Build Coastguard Worker[`Open`]: #cap-priv 740*4f2df630SAndroid Build Coastguard Worker[`Locked`]: #cap-priv 741*4f2df630SAndroid Build Coastguard Worker[`Unlocked`]: #cap-priv 742*4f2df630SAndroid Build Coastguard Worker[Updating Cr50]: #updating-cr50 743*4f2df630SAndroid Build Coastguard Worker[CCD Open Without Booting the Device]: #ccd-open-no-boot 744*4f2df630SAndroid Build Coastguard Worker[cap]: #cap 745*4f2df630SAndroid Build Coastguard Worker[consoles]: #consoles 746*4f2df630SAndroid Build Coastguard Worker[hw-wp]: #hw-wp 747*4f2df630SAndroid Build Coastguard Worker[`flash_ec`]: https://chromium.googlesource.com/chromiumos/platform/ec/+/main/util/flash_ec 748*4f2df630SAndroid Build Coastguard Worker[CCD Open]: #ccd-open 749*4f2df630SAndroid Build Coastguard Worker[`flashrom`]: https://chromium.googlesource.com/chromiumos/third_party/flashrom/+/main/README.chromiumos 750*4f2df630SAndroid Build Coastguard Worker[speed up the flashing process]: #speed-up-ap-flash 751*4f2df630SAndroid Build Coastguard Worker[this bug]: https://issuetracker.google.com/149420712 752*4f2df630SAndroid Build Coastguard Worker[semver]: https://semver.org/ 753*4f2df630SAndroid Build Coastguard Worker[`usb_console`]: https://chromium.googlesource.com/chromiumos/platform/ec/+/main/extra/usb_serial/console.py 754