Add optional EC security state and documentation

src/board/system76/common/common.mk

@@ -22,6 +22,7 @@ board-common-y += power.c
 board-common-y += ps2.c
 board-common-y += pwm.c
 board-common-y += scratch.c
+board-common-$(CONFIG_SECURITY) += security.c
 board-common-y += smbus.c
 board-common-y += smfi.c
 board-common-y += stdio.c
@@ -42,6 +43,10 @@ CFLAGS+=-DLEVEL=4
 # Uncomment to enable I2C debug on 0x76
 #CFLAGS+=-DI2C_DEBUGGER=0x76
 
+ifeq ($(CONFIG_SECURITY),y)
+CFLAGS+=-DCONFIG_SECURITY=1
+endif
+
 # Set external programmer
 PROGRAMMER=$(wildcard /dev/serial/by-id/usb-Arduino*)
 

src/board/system76/common/include/board/security.h

@@ -0,0 +1,13 @@
+// SPDX-License-Identifier: GPL-3.0-only
+
+#ifndef _BOARD_SECURITY_H
+#define _BOARD_SECURITY_H
+
+#include <stdbool.h>
+#include <common/command.h>
+
+enum SecurityState security_get(void);
+bool security_set(enum SecurityState state);
+bool security_power(void);
+
+#endif // _BOARD_SECURITY_H

src/board/system76/common/power.c

@@ -22,6 +22,10 @@
 #include <board/espi.h>
 #endif
 
+#if CONFIG_SECURITY
+#include <board/security.h>
+#endif // CONFIG_SECURITY
+
 #define GPIO_SET_DEBUG(G, V) \
     { \
         DEBUG("%s = %s\n", #G, V ? "true" : "false"); \
@@ -532,6 +536,13 @@ void power_event(void) {
         // Disable S5 power plane if not needed
         if (power_state == POWER_STATE_S5) {
             power_off();
+
+#if CONFIG_SECURITY
+            // Handle security state changes if necessary
+            if (security_power()) {
+                power_on();
+            }
+#endif // CONFIG_SECURITY
         }
     }
 

src/board/system76/common/security.c

@@ -0,0 +1,41 @@
+// SPDX-License-Identifier: GPL-3.0-only
+
+#include <board/gpio.h>
+#include <board/security.h>
+
+static enum SecurityState security_state = SECURITY_STATE_LOCK;
+
+enum SecurityState security_get(void) {
+    return security_state;
+}
+
+bool security_set(enum SecurityState state) {
+    switch (state) {
+    // Allow perpare states to be set
+    case SECURITY_STATE_PREPARE_LOCK:
+    case SECURITY_STATE_PREPARE_UNLOCK:
+        security_state = state;
+        return true;
+    // Any other states will be ignored
+    default:
+        return false;
+    }
+}
+
+bool security_power(void) {
+    switch (security_state) {
+    // Apply lock state and power on
+    case SECURITY_STATE_PREPARE_LOCK:
+        gpio_set(&ME_WE, false);
+        security_state = SECURITY_STATE_LOCK;
+        return true;
+    // Apply unlock state and power on
+    case SECURITY_STATE_PREPARE_UNLOCK:
+        gpio_set(&ME_WE, true);
+        security_state = SECURITY_STATE_UNLOCK;
+        return true;
+    // Any other states will be ignored
+    default:
+        return false;
+    }
+}

src/board/system76/common/smfi.c

@@ -17,11 +17,16 @@
 #include <stdio.h>
 #include <string.h>
 
-#ifndef __SCRATCH__
+#if !defined(__SCRATCH__)
 #include <board/scratch.h>
 #include <board/kbled.h>
 #include <board/kbscan.h>
-#endif
+
+#if CONFIG_SECURITY
+#include <board/security.h>
+#endif // CONFIG_SECURITY
+
+#endif // !defined(__SCRATCH__)
 #include <board/smfi.h>
 #include <common/command.h>
 #include <common/macro.h>
@@ -242,6 +247,23 @@ static enum Result cmd_matrix_get(void) {
     }
     return RES_OK;
 }
+
+#if CONFIG_SECURITY
+static enum Result cmd_security_get(void) {
+    smfi_cmd[SMFI_CMD_DATA] = security_get();
+    return RES_OK;
+}
+
+static enum Result cmd_security_set(void) {
+    enum SecurityState state = smfi_cmd[SMFI_CMD_DATA];
+    if (security_set(state)) {
+        return RES_OK;
+    } else {
+        return RES_ERR;
+    }
+}
+#endif // CONFIG_SECURITY
+
 #endif // !defined(__SCRATCH__)
 
 #if defined(__SCRATCH__)
@@ -286,6 +308,14 @@ static enum Result cmd_spi(void) {
 #if defined(__SCRATCH__)
     return cmd_spi_scratch();
 #else // defined(__SCRATCH__)
+
+#if CONFIG_SECURITY
+    if (security_get() != SECURITY_STATE_UNLOCK) {
+        // EC must be unlocked to allow flashing
+        return RES_ERR;
+    }
+#endif // CONFIG_SECURITY
+
     if (smfi_cmd[SMFI_CMD_DATA] & CMD_SPI_FLAG_SCRATCH) {
         scratch_trampoline();
     }
@@ -296,6 +326,17 @@ static enum Result cmd_spi(void) {
 }
 
 static enum Result cmd_reset(void) {
+#if !defined(__SCRATCH__)
+
+#if CONFIG_SECURITY
+    if (security_get() != SECURITY_STATE_UNLOCK) {
+        // EC must be unlocked to allow watchdog reset
+        return RES_ERR;
+    }
+#endif // CONFIG_SECURITY
+
+#endif // !defined(__SCRATCH__)
+
     // Attempt to trigger watchdog reset
     ETWCFG |= BIT(5);
     EWDKEYR = 0;
@@ -370,6 +411,16 @@ void smfi_event(void) {
         case CMD_MATRIX_GET:
             smfi_cmd[SMFI_CMD_RES] = cmd_matrix_get();
             break;
+
+#if CONFIG_SECURITY
+        case CMD_SECURITY_GET:
+            smfi_cmd[SMFI_CMD_RES] = cmd_security_get();
+            break;
+        case CMD_SECURITY_SET:
+            smfi_cmd[SMFI_CMD_RES] = cmd_security_set();
+            break;
+#endif // CONFIG_SECURITY
+
 #endif // !defined(__SCRATCH__)
         case CMD_SPI:
             smfi_cmd[SMFI_CMD_RES] = cmd_spi();

src/common/include/common/command.h

@@ -46,6 +46,10 @@ enum Command {
     CMD_LED_SAVE = 18,
     // Enable/disable no input mode
     CMD_SET_NO_INPUT = 19,
+    // Get security state
+    CMD_SECURITY_GET = 20,
+    // Set security state
+    CMD_SECURITY_SET = 21,
     //TODO
 };
 
@@ -70,4 +74,15 @@ enum CommandSpiFlag {
 
 #define CMD_LED_INDEX_ALL 0xFF
 
+enum SecurityState {
+    // Default value, flashing is prevented, cannot be set with CMD_SECURITY_SET
+    SECURITY_STATE_LOCK = 0,
+    // Flashing is allowed, cannot be set with CMD_SECURITY_SET
+    SECURITY_STATE_UNLOCK = 1,
+    // Flashing will be prevented on the next reboot
+    SECURITY_STATE_PREPARE_LOCK = 2,
+    // Flashing will be allowed on the next reboot
+    SECURITY_STATE_PREPARE_UNLOCK = 3,
+};
+
 #endif // _COMMON_COMMAND_H