1*4f2df630SAndroid Build Coastguard Worker /* Copyright 2017 The ChromiumOS Authors 2*4f2df630SAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license that can be 3*4f2df630SAndroid Build Coastguard Worker * found in the LICENSE file. 4*4f2df630SAndroid Build Coastguard Worker * 5*4f2df630SAndroid Build Coastguard Worker * Case Closed Debugging configuration 6*4f2df630SAndroid Build Coastguard Worker */ 7*4f2df630SAndroid Build Coastguard Worker #ifndef __CROS_EC_CCD_CONFIG_H 8*4f2df630SAndroid Build Coastguard Worker #define __CROS_EC_CCD_CONFIG_H 9*4f2df630SAndroid Build Coastguard Worker 10*4f2df630SAndroid Build Coastguard Worker #include <stdint.h> 11*4f2df630SAndroid Build Coastguard Worker #include "common.h" 12*4f2df630SAndroid Build Coastguard Worker #include "compile_time_macros.h" 13*4f2df630SAndroid Build Coastguard Worker 14*4f2df630SAndroid Build Coastguard Worker /* Case-closed debugging state */ 15*4f2df630SAndroid Build Coastguard Worker enum ccd_state { 16*4f2df630SAndroid Build Coastguard Worker CCD_STATE_LOCKED = 0, 17*4f2df630SAndroid Build Coastguard Worker CCD_STATE_UNLOCKED, 18*4f2df630SAndroid Build Coastguard Worker CCD_STATE_OPENED, 19*4f2df630SAndroid Build Coastguard Worker 20*4f2df630SAndroid Build Coastguard Worker /* Number of CCD states */ 21*4f2df630SAndroid Build Coastguard Worker CCD_STATE_COUNT 22*4f2df630SAndroid Build Coastguard Worker }; 23*4f2df630SAndroid Build Coastguard Worker 24*4f2df630SAndroid Build Coastguard Worker /* Flags */ 25*4f2df630SAndroid Build Coastguard Worker enum ccd_flag { 26*4f2df630SAndroid Build Coastguard Worker /* Flags that can only be set internally; fill from bottom up */ 27*4f2df630SAndroid Build Coastguard Worker 28*4f2df630SAndroid Build Coastguard Worker /* 29*4f2df630SAndroid Build Coastguard Worker * Test lab mode is enabled. This MUST be in the first byte so that 30*4f2df630SAndroid Build Coastguard Worker * it's in a constant position across all versions of CCD config. 31*4f2df630SAndroid Build Coastguard Worker * 32*4f2df630SAndroid Build Coastguard Worker * Note: This is used internally by CCD config. Do NOT test this 33*4f2df630SAndroid Build Coastguard Worker * to control other things; use capabilities for those. 34*4f2df630SAndroid Build Coastguard Worker */ 35*4f2df630SAndroid Build Coastguard Worker CCD_FLAG_TEST_LAB = BIT(0), 36*4f2df630SAndroid Build Coastguard Worker 37*4f2df630SAndroid Build Coastguard Worker /* 38*4f2df630SAndroid Build Coastguard Worker * What state were we in when the password was set? 39*4f2df630SAndroid Build Coastguard Worker * (0=opened, 1=unlocked) 40*4f2df630SAndroid Build Coastguard Worker */ 41*4f2df630SAndroid Build Coastguard Worker CCD_FLAG_PASSWORD_SET_WHEN_UNLOCKED = BIT(1), 42*4f2df630SAndroid Build Coastguard Worker 43*4f2df630SAndroid Build Coastguard Worker /* 44*4f2df630SAndroid Build Coastguard Worker * Factory mode state 45*4f2df630SAndroid Build Coastguard Worker */ 46*4f2df630SAndroid Build Coastguard Worker CCD_FLAG_FACTORY_MODE_ENABLED = BIT(2), 47*4f2df630SAndroid Build Coastguard Worker 48*4f2df630SAndroid Build Coastguard Worker /* (flags in the middle are unused) */ 49*4f2df630SAndroid Build Coastguard Worker 50*4f2df630SAndroid Build Coastguard Worker /* 51*4f2df630SAndroid Build Coastguard Worker * Flags that can be set via ccd_set_flags(); fill from top down. 52*4f2df630SAndroid Build Coastguard Worker * 53*4f2df630SAndroid Build Coastguard Worker * Note: To use ccd_set_flags a flag has to be a part of k_public_flags 54*4f2df630SAndroid Build Coastguard Worker * in ccd_config.c. 55*4f2df630SAndroid Build Coastguard Worker */ 56*4f2df630SAndroid Build Coastguard Worker 57*4f2df630SAndroid Build Coastguard Worker /* Enable Rddkeepalive at boot */ 58*4f2df630SAndroid Build Coastguard Worker CCD_FLAG_RDDKEEPALIVE_AT_BOOT = BIT(19), 59*4f2df630SAndroid Build Coastguard Worker 60*4f2df630SAndroid Build Coastguard Worker /* Override BATT_PRES_L at boot */ 61*4f2df630SAndroid Build Coastguard Worker CCD_FLAG_OVERRIDE_BATT_AT_BOOT = BIT(20), 62*4f2df630SAndroid Build Coastguard Worker 63*4f2df630SAndroid Build Coastguard Worker /* 64*4f2df630SAndroid Build Coastguard Worker * If overriding BATT_PRES_L at boot, set it to what value 65*4f2df630SAndroid Build Coastguard Worker * (0=disconnect, 1=connected) 66*4f2df630SAndroid Build Coastguard Worker */ 67*4f2df630SAndroid Build Coastguard Worker CCD_FLAG_OVERRIDE_BATT_STATE_CONNECT = BIT(21), 68*4f2df630SAndroid Build Coastguard Worker 69*4f2df630SAndroid Build Coastguard Worker /* Override write protect at boot */ 70*4f2df630SAndroid Build Coastguard Worker CCD_FLAG_OVERRIDE_WP_AT_BOOT = BIT(22), 71*4f2df630SAndroid Build Coastguard Worker 72*4f2df630SAndroid Build Coastguard Worker /* 73*4f2df630SAndroid Build Coastguard Worker * If overriding WP at boot, set it to what value 74*4f2df630SAndroid Build Coastguard Worker * (0=disabled, 1=enabled) 75*4f2df630SAndroid Build Coastguard Worker */ 76*4f2df630SAndroid Build Coastguard Worker CCD_FLAG_OVERRIDE_WP_STATE_ENABLED = BIT(23), 77*4f2df630SAndroid Build Coastguard Worker }; 78*4f2df630SAndroid Build Coastguard Worker 79*4f2df630SAndroid Build Coastguard Worker /* Capabilities */ 80*4f2df630SAndroid Build Coastguard Worker enum ccd_capability { 81*4f2df630SAndroid Build Coastguard Worker /* UARTs to/from AP and EC */ 82*4f2df630SAndroid Build Coastguard Worker CCD_CAP_GSC_RX_AP_TX = 0, 83*4f2df630SAndroid Build Coastguard Worker CCD_CAP_GSC_TX_AP_RX = 1, 84*4f2df630SAndroid Build Coastguard Worker CCD_CAP_GSC_RX_EC_TX = 2, 85*4f2df630SAndroid Build Coastguard Worker CCD_CAP_GSC_TX_EC_RX = 3, 86*4f2df630SAndroid Build Coastguard Worker 87*4f2df630SAndroid Build Coastguard Worker /* Access to AP SPI flash */ 88*4f2df630SAndroid Build Coastguard Worker CCD_CAP_AP_FLASH = 4, 89*4f2df630SAndroid Build Coastguard Worker 90*4f2df630SAndroid Build Coastguard Worker /* Access to EC flash (SPI or internal) */ 91*4f2df630SAndroid Build Coastguard Worker CCD_CAP_EC_FLASH = 5, 92*4f2df630SAndroid Build Coastguard Worker 93*4f2df630SAndroid Build Coastguard Worker /* Override WP temporarily or at boot */ 94*4f2df630SAndroid Build Coastguard Worker CCD_CAP_OVERRIDE_WP = 6, 95*4f2df630SAndroid Build Coastguard Worker 96*4f2df630SAndroid Build Coastguard Worker /* Reboot EC or AP */ 97*4f2df630SAndroid Build Coastguard Worker CCD_CAP_REBOOT_EC_AP = 7, 98*4f2df630SAndroid Build Coastguard Worker 99*4f2df630SAndroid Build Coastguard Worker /* GSC restricted console commands */ 100*4f2df630SAndroid Build Coastguard Worker CCD_CAP_GSC_RESTRICTED_CONSOLE = 8, 101*4f2df630SAndroid Build Coastguard Worker 102*4f2df630SAndroid Build Coastguard Worker /* Allow ccd-unlock or ccd-open without AP reboot */ 103*4f2df630SAndroid Build Coastguard Worker CCD_CAP_UNLOCK_WITHOUT_AP_REBOOT = 9, 104*4f2df630SAndroid Build Coastguard Worker 105*4f2df630SAndroid Build Coastguard Worker /* Allow ccd-unlock or ccd-open without short physical presence */ 106*4f2df630SAndroid Build Coastguard Worker CCD_CAP_UNLOCK_WITHOUT_SHORT_PP = 10, 107*4f2df630SAndroid Build Coastguard Worker 108*4f2df630SAndroid Build Coastguard Worker /* Allow ccd-open without wiping TPM data */ 109*4f2df630SAndroid Build Coastguard Worker CCD_CAP_OPEN_WITHOUT_TPM_WIPE = 11, 110*4f2df630SAndroid Build Coastguard Worker 111*4f2df630SAndroid Build Coastguard Worker /* Allow ccd-open without long physical presence */ 112*4f2df630SAndroid Build Coastguard Worker CCD_CAP_OPEN_WITHOUT_LONG_PP = 12, 113*4f2df630SAndroid Build Coastguard Worker 114*4f2df630SAndroid Build Coastguard Worker /* Allow removing the battery to bypass physical presence requirement */ 115*4f2df630SAndroid Build Coastguard Worker CCD_CAP_REMOVE_BATTERY_BYPASSES_PP = 13, 116*4f2df630SAndroid Build Coastguard Worker 117*4f2df630SAndroid Build Coastguard Worker /* This was UpdateNoTPMWipe which didn't do anything. */ 118*4f2df630SAndroid Build Coastguard Worker CCD_CAP_UNUSED = 14, 119*4f2df630SAndroid Build Coastguard Worker 120*4f2df630SAndroid Build Coastguard Worker /* Access to I2C via USB */ 121*4f2df630SAndroid Build Coastguard Worker CCD_CAP_I2C = 15, 122*4f2df630SAndroid Build Coastguard Worker 123*4f2df630SAndroid Build Coastguard Worker /* Read-only access to hash or dump EC or AP flash */ 124*4f2df630SAndroid Build Coastguard Worker CCD_CAP_FLASH_READ = 16, 125*4f2df630SAndroid Build Coastguard Worker 126*4f2df630SAndroid Build Coastguard Worker /* Allow ccd open without dev mode enabled */ 127*4f2df630SAndroid Build Coastguard Worker CCD_CAP_OPEN_WITHOUT_DEV_MODE = 17, 128*4f2df630SAndroid Build Coastguard Worker 129*4f2df630SAndroid Build Coastguard Worker /* Allow ccd open from usb */ 130*4f2df630SAndroid Build Coastguard Worker CCD_CAP_OPEN_FROM_USB = 18, 131*4f2df630SAndroid Build Coastguard Worker 132*4f2df630SAndroid Build Coastguard Worker /* Override battery presence temporarily or at boot */ 133*4f2df630SAndroid Build Coastguard Worker CCD_CAP_OVERRIDE_BATT_STATE = 19, 134*4f2df630SAndroid Build Coastguard Worker 135*4f2df630SAndroid Build Coastguard Worker /* Allow AP RO verification check vendor command from the AP. */ 136*4f2df630SAndroid Build Coastguard Worker CCD_CAP_AP_RO_CHECK_VC = 20, 137*4f2df630SAndroid Build Coastguard Worker 138*4f2df630SAndroid Build Coastguard Worker /* Number of currently defined capabilities */ 139*4f2df630SAndroid Build Coastguard Worker CCD_CAP_COUNT 140*4f2df630SAndroid Build Coastguard Worker }; 141*4f2df630SAndroid Build Coastguard Worker 142*4f2df630SAndroid Build Coastguard Worker /* Capability states */ 143*4f2df630SAndroid Build Coastguard Worker enum ccd_capability_state { 144*4f2df630SAndroid Build Coastguard Worker /* Default value */ 145*4f2df630SAndroid Build Coastguard Worker CCD_CAP_STATE_DEFAULT = 0, 146*4f2df630SAndroid Build Coastguard Worker 147*4f2df630SAndroid Build Coastguard Worker /* Always available (state >= CCD_STATE_LOCKED) */ 148*4f2df630SAndroid Build Coastguard Worker CCD_CAP_STATE_ALWAYS = 1, 149*4f2df630SAndroid Build Coastguard Worker 150*4f2df630SAndroid Build Coastguard Worker /* Unless locked (state >= CCD_STATE_UNLOCKED) */ 151*4f2df630SAndroid Build Coastguard Worker CCD_CAP_STATE_UNLESS_LOCKED = 2, 152*4f2df630SAndroid Build Coastguard Worker 153*4f2df630SAndroid Build Coastguard Worker /* Only if opened (state >= CCD_STATE_OPENED) */ 154*4f2df630SAndroid Build Coastguard Worker CCD_CAP_STATE_IF_OPENED = 3, 155*4f2df630SAndroid Build Coastguard Worker 156*4f2df630SAndroid Build Coastguard Worker /* Number of capability states */ 157*4f2df630SAndroid Build Coastguard Worker CCD_CAP_STATE_COUNT 158*4f2df630SAndroid Build Coastguard Worker }; 159*4f2df630SAndroid Build Coastguard Worker 160*4f2df630SAndroid Build Coastguard Worker struct ccd_capability_info { 161*4f2df630SAndroid Build Coastguard Worker /* Capability name */ 162*4f2df630SAndroid Build Coastguard Worker const char *name; 163*4f2df630SAndroid Build Coastguard Worker 164*4f2df630SAndroid Build Coastguard Worker /* Default state, if config set to CCD_CAP_STATE_DEFAULT */ 165*4f2df630SAndroid Build Coastguard Worker enum ccd_capability_state default_state; 166*4f2df630SAndroid Build Coastguard Worker }; 167*4f2df630SAndroid Build Coastguard Worker 168*4f2df630SAndroid Build Coastguard Worker #ifdef CONFIG_CCD_OPEN_PREPVT 169*4f2df630SAndroid Build Coastguard Worker /* In prepvt images always allow ccd open from the console without dev mode */ 170*4f2df630SAndroid Build Coastguard Worker #define CCD_CAP_STATE_OPEN_REQ CCD_CAP_STATE_ALWAYS 171*4f2df630SAndroid Build Coastguard Worker #else 172*4f2df630SAndroid Build Coastguard Worker /* In prod images restrict how ccd can be opened */ 173*4f2df630SAndroid Build Coastguard Worker #define CCD_CAP_STATE_OPEN_REQ CCD_CAP_STATE_IF_OPENED 174*4f2df630SAndroid Build Coastguard Worker #endif 175*4f2df630SAndroid Build Coastguard Worker 176*4f2df630SAndroid Build Coastguard Worker #define CAP_INFO_DATA { \ 177*4f2df630SAndroid Build Coastguard Worker {"UartGscRxAPTx", CCD_CAP_STATE_ALWAYS}, \ 178*4f2df630SAndroid Build Coastguard Worker {"UartGscTxAPRx", CCD_CAP_STATE_ALWAYS}, \ 179*4f2df630SAndroid Build Coastguard Worker {"UartGscRxECTx", CCD_CAP_STATE_ALWAYS}, \ 180*4f2df630SAndroid Build Coastguard Worker {"UartGscTxECRx", CCD_CAP_STATE_IF_OPENED}, \ 181*4f2df630SAndroid Build Coastguard Worker \ 182*4f2df630SAndroid Build Coastguard Worker {"FlashAP", CCD_CAP_STATE_IF_OPENED}, \ 183*4f2df630SAndroid Build Coastguard Worker {"FlashEC", CCD_CAP_STATE_IF_OPENED}, \ 184*4f2df630SAndroid Build Coastguard Worker {"OverrideWP", CCD_CAP_STATE_IF_OPENED}, \ 185*4f2df630SAndroid Build Coastguard Worker {"RebootECAP", CCD_CAP_STATE_IF_OPENED}, \ 186*4f2df630SAndroid Build Coastguard Worker \ 187*4f2df630SAndroid Build Coastguard Worker {"GscFullConsole", CCD_CAP_STATE_IF_OPENED}, \ 188*4f2df630SAndroid Build Coastguard Worker {"UnlockNoReboot", CCD_CAP_STATE_ALWAYS}, \ 189*4f2df630SAndroid Build Coastguard Worker {"UnlockNoShortPP", CCD_CAP_STATE_ALWAYS}, \ 190*4f2df630SAndroid Build Coastguard Worker {"OpenNoTPMWipe", CCD_CAP_STATE_IF_OPENED}, \ 191*4f2df630SAndroid Build Coastguard Worker \ 192*4f2df630SAndroid Build Coastguard Worker {"OpenNoLongPP", CCD_CAP_STATE_IF_OPENED}, \ 193*4f2df630SAndroid Build Coastguard Worker {"BatteryBypassPP", CCD_CAP_STATE_ALWAYS}, \ 194*4f2df630SAndroid Build Coastguard Worker {"Unused", CCD_CAP_STATE_ALWAYS}, \ 195*4f2df630SAndroid Build Coastguard Worker {"I2C", CCD_CAP_STATE_IF_OPENED}, \ 196*4f2df630SAndroid Build Coastguard Worker {"FlashRead", CCD_CAP_STATE_ALWAYS}, \ 197*4f2df630SAndroid Build Coastguard Worker {"OpenNoDevMode", CCD_CAP_STATE_OPEN_REQ}, \ 198*4f2df630SAndroid Build Coastguard Worker {"OpenFromUSB", CCD_CAP_STATE_OPEN_REQ}, \ 199*4f2df630SAndroid Build Coastguard Worker {"OverrideBatt", CCD_CAP_STATE_IF_OPENED}, \ 200*4f2df630SAndroid Build Coastguard Worker {"APROCheckVC", CCD_CAP_STATE_IF_OPENED}, \ 201*4f2df630SAndroid Build Coastguard Worker } 202*4f2df630SAndroid Build Coastguard Worker 203*4f2df630SAndroid Build Coastguard Worker #define CCD_STATE_NAMES { "Locked", "Unlocked", "Opened" } 204*4f2df630SAndroid Build Coastguard Worker #define CCD_CAP_STATE_NAMES { "Never", "Always", "UnlessLocked", "IfOpened" } 205*4f2df630SAndroid Build Coastguard Worker 206*4f2df630SAndroid Build Coastguard Worker /* Macros regarding ccd_capabilities */ 207*4f2df630SAndroid Build Coastguard Worker #define CCD_CAP_BITS 2 208*4f2df630SAndroid Build Coastguard Worker #define CCD_CAP_BITMASK (BIT(CCD_CAP_BITS) - 1) 209*4f2df630SAndroid Build Coastguard Worker #define CCD_CAPS_PER_BYTE (8 / CCD_CAP_BITS) 210*4f2df630SAndroid Build Coastguard Worker 211*4f2df630SAndroid Build Coastguard Worker /* 212*4f2df630SAndroid Build Coastguard Worker * Subcommand code, used to pass different CCD commands using the same TPM 213*4f2df630SAndroid Build Coastguard Worker * vendor command. 214*4f2df630SAndroid Build Coastguard Worker */ 215*4f2df630SAndroid Build Coastguard Worker enum ccd_vendor_subcommands { 216*4f2df630SAndroid Build Coastguard Worker CCDV_PASSWORD = 0, 217*4f2df630SAndroid Build Coastguard Worker CCDV_OPEN = 1, 218*4f2df630SAndroid Build Coastguard Worker CCDV_UNLOCK = 2, 219*4f2df630SAndroid Build Coastguard Worker CCDV_LOCK = 3, 220*4f2df630SAndroid Build Coastguard Worker CCDV_PP_POLL_UNLOCK = 4, 221*4f2df630SAndroid Build Coastguard Worker CCDV_PP_POLL_OPEN = 5, 222*4f2df630SAndroid Build Coastguard Worker CCDV_GET_INFO = 6, 223*4f2df630SAndroid Build Coastguard Worker CCDV_PP_POLL_SET_CAPABILITY = 7, 224*4f2df630SAndroid Build Coastguard Worker CCDV_PP_POLL_WP_DISABLE = 8, 225*4f2df630SAndroid Build Coastguard Worker }; 226*4f2df630SAndroid Build Coastguard Worker 227*4f2df630SAndroid Build Coastguard Worker enum ccd_pp_state { 228*4f2df630SAndroid Build Coastguard Worker CCD_PP_CLOSED = 0, 229*4f2df630SAndroid Build Coastguard Worker CCD_PP_AWAITING_PRESS = 1, 230*4f2df630SAndroid Build Coastguard Worker CCD_PP_BETWEEN_PRESSES = 2, 231*4f2df630SAndroid Build Coastguard Worker CCD_PP_DONE = 3 232*4f2df630SAndroid Build Coastguard Worker }; 233*4f2df630SAndroid Build Coastguard Worker 234*4f2df630SAndroid Build Coastguard Worker /* Structure to communicate information about CCD state. */ 235*4f2df630SAndroid Build Coastguard Worker #define CCD_CAPS_WORDS ((CCD_CAP_COUNT * 2 + 31)/32) 236*4f2df630SAndroid Build Coastguard Worker struct ccd_info_response { 237*4f2df630SAndroid Build Coastguard Worker uint32_t ccd_caps_current[CCD_CAPS_WORDS]; 238*4f2df630SAndroid Build Coastguard Worker uint32_t ccd_caps_defaults[CCD_CAPS_WORDS]; 239*4f2df630SAndroid Build Coastguard Worker uint32_t ccd_flags; 240*4f2df630SAndroid Build Coastguard Worker uint8_t ccd_state; 241*4f2df630SAndroid Build Coastguard Worker uint8_t ccd_force_disabled; 242*4f2df630SAndroid Build Coastguard Worker /* 243*4f2df630SAndroid Build Coastguard Worker * A bitmap indicating ccd internal state. 244*4f2df630SAndroid Build Coastguard Worker * See "enum ccd_indicator_bits" below. 245*4f2df630SAndroid Build Coastguard Worker */ 246*4f2df630SAndroid Build Coastguard Worker uint8_t ccd_indicator_bitmap; 247*4f2df630SAndroid Build Coastguard Worker } __packed; 248*4f2df630SAndroid Build Coastguard Worker 249*4f2df630SAndroid Build Coastguard Worker enum ccd_indicator_bits { 250*4f2df630SAndroid Build Coastguard Worker /* Indicates there is a CCD password */ 251*4f2df630SAndroid Build Coastguard Worker CCD_INDICATOR_BIT_HAS_PASSWORD = BIT(0), 252*4f2df630SAndroid Build Coastguard Worker 253*4f2df630SAndroid Build Coastguard Worker /* Indicates all CCD capabilities are in CCD_CAP_STATE_DEFAULT state */ 254*4f2df630SAndroid Build Coastguard Worker CCD_INDICATOR_BIT_ALL_CAPS_DEFAULT = BIT(1), 255*4f2df630SAndroid Build Coastguard Worker 256*4f2df630SAndroid Build Coastguard Worker /* Indicates device is in initial factory mode (only applies to TI50) */ 257*4f2df630SAndroid Build Coastguard Worker CCD_INDICATOR_BIT_INITIAL_FACTORY_MODE = BIT(2), 258*4f2df630SAndroid Build Coastguard Worker }; 259*4f2df630SAndroid Build Coastguard Worker 260*4f2df630SAndroid Build Coastguard Worker /** 261*4f2df630SAndroid Build Coastguard Worker * Initialize CCD configuration at boot. 262*4f2df630SAndroid Build Coastguard Worker * 263*4f2df630SAndroid Build Coastguard Worker * This must be called before any command which gets/sets the configuration. 264*4f2df630SAndroid Build Coastguard Worker * 265*4f2df630SAndroid Build Coastguard Worker * @param state Initial case-closed debugging state. This should be 266*4f2df630SAndroid Build Coastguard Worker * CCD_STATE_LOCKED unless this is a debug build, or if 267*4f2df630SAndroid Build Coastguard Worker * a previous value is being restored after a low-power 268*4f2df630SAndroid Build Coastguard Worker * resume. 269*4f2df630SAndroid Build Coastguard Worker */ 270*4f2df630SAndroid Build Coastguard Worker void ccd_config_init(enum ccd_state state); 271*4f2df630SAndroid Build Coastguard Worker 272*4f2df630SAndroid Build Coastguard Worker /** 273*4f2df630SAndroid Build Coastguard Worker * Get a single CCD flag. 274*4f2df630SAndroid Build Coastguard Worker * 275*4f2df630SAndroid Build Coastguard Worker * @param flag Flag to get 276*4f2df630SAndroid Build Coastguard Worker * @return 1 if flag is set, 0 if flag is clear 277*4f2df630SAndroid Build Coastguard Worker */ 278*4f2df630SAndroid Build Coastguard Worker int ccd_get_flag(enum ccd_flag flag); 279*4f2df630SAndroid Build Coastguard Worker 280*4f2df630SAndroid Build Coastguard Worker /** 281*4f2df630SAndroid Build Coastguard Worker * Set a single CCD flag. 282*4f2df630SAndroid Build Coastguard Worker * 283*4f2df630SAndroid Build Coastguard Worker * @param flag Flag to set 284*4f2df630SAndroid Build Coastguard Worker * @param value New value for flag (0=clear, non-zero=set) 285*4f2df630SAndroid Build Coastguard Worker * @return EC_SUCCESS or non-zero error code. 286*4f2df630SAndroid Build Coastguard Worker */ 287*4f2df630SAndroid Build Coastguard Worker int ccd_set_flag(enum ccd_flag flag, int value); 288*4f2df630SAndroid Build Coastguard Worker 289*4f2df630SAndroid Build Coastguard Worker /** 290*4f2df630SAndroid Build Coastguard Worker * Check if a CCD capability is enabled in the current CCD mode. 291*4f2df630SAndroid Build Coastguard Worker * 292*4f2df630SAndroid Build Coastguard Worker * @param cap Capability to check 293*4f2df630SAndroid Build Coastguard Worker * @return 1 if capability is enabled, 0 if disabled 294*4f2df630SAndroid Build Coastguard Worker */ 295*4f2df630SAndroid Build Coastguard Worker int ccd_is_cap_enabled(enum ccd_capability cap); 296*4f2df630SAndroid Build Coastguard Worker 297*4f2df630SAndroid Build Coastguard Worker /** 298*4f2df630SAndroid Build Coastguard Worker * Get the current CCD state. 299*4f2df630SAndroid Build Coastguard Worker * 300*4f2df630SAndroid Build Coastguard Worker * This is intended for use by the board if it needs to back up the CCD state 301*4f2df630SAndroid Build Coastguard Worker * across low-power states and then restore it when calling ccd_config_init(). 302*4f2df630SAndroid Build Coastguard Worker * Do NOT use this to gate debug capabilities; use ccd_is_cap_enabled() or 303*4f2df630SAndroid Build Coastguard Worker * ccd_get_flag() instead. 304*4f2df630SAndroid Build Coastguard Worker * 305*4f2df630SAndroid Build Coastguard Worker * @return The current CCD state. 306*4f2df630SAndroid Build Coastguard Worker */ 307*4f2df630SAndroid Build Coastguard Worker enum ccd_state ccd_get_state(void); 308*4f2df630SAndroid Build Coastguard Worker 309*4f2df630SAndroid Build Coastguard Worker /** 310*4f2df630SAndroid Build Coastguard Worker * Force CCD disabled. 311*4f2df630SAndroid Build Coastguard Worker * 312*4f2df630SAndroid Build Coastguard Worker * This should be called if security checks fail and for some reason the board 313*4f2df630SAndroid Build Coastguard Worker * can't immediately reboot. It locks CCD and disables all CCD capabilities 314*4f2df630SAndroid Build Coastguard Worker * until reboot. 315*4f2df630SAndroid Build Coastguard Worker */ 316*4f2df630SAndroid Build Coastguard Worker void ccd_disable(void); 317*4f2df630SAndroid Build Coastguard Worker 318*4f2df630SAndroid Build Coastguard Worker /** 319*4f2df630SAndroid Build Coastguard Worker * Get the factory mode state. 320*4f2df630SAndroid Build Coastguard Worker * 321*4f2df630SAndroid Build Coastguard Worker * @return 0 if factory mode is disabled, !=0 if factory mode is enabled. 322*4f2df630SAndroid Build Coastguard Worker */ 323*4f2df630SAndroid Build Coastguard Worker int ccd_get_factory_mode(void); 324*4f2df630SAndroid Build Coastguard Worker 325*4f2df630SAndroid Build Coastguard Worker /* Flags for ccd_reset_config() */ 326*4f2df630SAndroid Build Coastguard Worker enum ccd_reset_config_flags { 327*4f2df630SAndroid Build Coastguard Worker /* Also reset test lab flag */ 328*4f2df630SAndroid Build Coastguard Worker CCD_RESET_TEST_LAB = BIT(0), 329*4f2df630SAndroid Build Coastguard Worker 330*4f2df630SAndroid Build Coastguard Worker /* Only reset Always/UnlessLocked settings */ 331*4f2df630SAndroid Build Coastguard Worker CCD_RESET_UNLOCKED_ONLY = BIT(1), 332*4f2df630SAndroid Build Coastguard Worker 333*4f2df630SAndroid Build Coastguard Worker /* 334*4f2df630SAndroid Build Coastguard Worker * Do a factory reset to enable factory mode. Factory mode sets all ccd 335*4f2df630SAndroid Build Coastguard Worker * capabilities to always and disables write protect 336*4f2df630SAndroid Build Coastguard Worker */ 337*4f2df630SAndroid Build Coastguard Worker CCD_RESET_FACTORY = BIT(2) 338*4f2df630SAndroid Build Coastguard Worker }; 339*4f2df630SAndroid Build Coastguard Worker 340*4f2df630SAndroid Build Coastguard Worker /** 341*4f2df630SAndroid Build Coastguard Worker * Reset CCD config to the desired state. 342*4f2df630SAndroid Build Coastguard Worker * 343*4f2df630SAndroid Build Coastguard Worker * @param flags Reset flags (see enum ccd_reset_config_flags) 344*4f2df630SAndroid Build Coastguard Worker * @return EC_SUCCESS, or non-zero if error. 345*4f2df630SAndroid Build Coastguard Worker */ 346*4f2df630SAndroid Build Coastguard Worker int ccd_reset_config(unsigned int flags); 347*4f2df630SAndroid Build Coastguard Worker 348*4f2df630SAndroid Build Coastguard Worker /** 349*4f2df630SAndroid Build Coastguard Worker * Inform CCD about TPM reset so that the password management state machine 350*4f2df630SAndroid Build Coastguard Worker * can be restarted. 351*4f2df630SAndroid Build Coastguard Worker */ 352*4f2df630SAndroid Build Coastguard Worker void ccd_tpm_reset_callback(void); 353*4f2df630SAndroid Build Coastguard Worker 354*4f2df630SAndroid Build Coastguard Worker /** 355*4f2df630SAndroid Build Coastguard Worker * Return True if the ccd password is set. It is possible that a pending ccd 356*4f2df630SAndroid Build Coastguard Worker * change would set or clear the password, but we don't think this is a big 357*4f2df630SAndroid Build Coastguard Worker * issue or risk for now. 358*4f2df630SAndroid Build Coastguard Worker * 359*4f2df630SAndroid Build Coastguard Worker * @return 1 if password is set, 0 if it's not 360*4f2df630SAndroid Build Coastguard Worker */ 361*4f2df630SAndroid Build Coastguard Worker int ccd_has_password(void); 362*4f2df630SAndroid Build Coastguard Worker 363*4f2df630SAndroid Build Coastguard Worker /** 364*4f2df630SAndroid Build Coastguard Worker * Enter CCD factory mode. This will clear the TPM, update the ccd config, and 365*4f2df630SAndroid Build Coastguard Worker * then do a hard reboot if 'reset_required' is True. 366*4f2df630SAndroid Build Coastguard Worker */ 367*4f2df630SAndroid Build Coastguard Worker void enable_ccd_factory_mode(int reset_required); 368*4f2df630SAndroid Build Coastguard Worker 369*4f2df630SAndroid Build Coastguard Worker /* 370*4f2df630SAndroid Build Coastguard Worker * Enable factory mode but not necessarily rebooting the device. This will 371*4f2df630SAndroid Build Coastguard Worker * clear the TPM and disable flash write protection. Will trigger system reset 372*4f2df630SAndroid Build Coastguard Worker * only if 'reset_required' is True. 373*4f2df630SAndroid Build Coastguard Worker */ 374*4f2df630SAndroid Build Coastguard Worker void factory_enable(int reset_required); 375*4f2df630SAndroid Build Coastguard Worker 376*4f2df630SAndroid Build Coastguard Worker #endif /* __CROS_EC_CCD_CONFIG_H */ 377