Google is committed to advancing racial equity for Black communities. See how.

fuchsia.tpm.cr50

PROTOCOLS

Cr50

Defined in fuchsia.tpm.cr50/cr50.fidl

CcdGetInfo

Get information about the current state of case-closed debugging.

Request

<EMPTY>

Response

NameType
result Cr50_CcdGetInfo_Result

CcdLock

Lock case-closed debugging.

Request

<EMPTY>

Response

NameType
result Cr50_CcdLock_Result

CcdOpen

Put case-closed debugging into the OPEN state. See |CcdState| for a description of what each state means.

Request

NameType
password string[512]?

Response

NameType
result Cr50_CcdOpen_Result

CcdUnlock

Put case-closed debugging into the UNLOCKED state. See |CcdState| for a description of what each state means.

Request

NameType
password string[512]?

Response

NameType
result Cr50_CcdUnlock_Result

WpGetState

Get the current state of the AP BIOS flash write protect.

Request

<EMPTY>

Response

NameType
result Cr50_WpGetState_Result

PhysicalPresenceNotifier

Defined in fuchsia.tpm.cr50/cr50.fidl

Protocol used to notify client of a pending physical presence event. This protocol has no form of backpressure because it is not expected to generate a large number of messages. An unlock or open will usually result in less than 20 messages.

OnChange

Called when the PP check has changed state. If CLOSED is the first event sent, it means that no PP check was necessary (i.e. CCD is already open). However, if CLOSED isn't the first event sent, then CLOSED indicates that the PP check timed out.

Response

NameType
event PhysicalPresenceEvent

STRUCTS

CcdCapabilitySetting

Defined in fuchsia.tpm.cr50/cr50.fidl

FieldTypeDescriptionDefault
capability CcdCapability No default
current_state CcdCapabilityState No default
default_state CcdCapabilityState No default

CcdInfo

Defined in fuchsia.tpm.cr50/cr50.fidl

FieldTypeDescriptionDefault
capabilities vector<CcdCapabilitySetting>[32]

CCD capability settings.

No default
flags CcdFlags

CCD flags.

No default
state CcdState

Current CCD state, some bits configurable.

No default
indicator CcdIndicator

Indicates internal CCD state.

No default
force_disabled bool

True if CCD is forcibly disabled.

No default

Cr50_CcdGetInfo_Response

Defined in fuchsia.tpm.cr50/cr50.fidl

FieldTypeDescriptionDefault
rc Cr50Rc No default
info CcdInfo? No default

Cr50_CcdLock_Response

Defined in fuchsia.tpm.cr50/cr50.fidl

FieldTypeDescriptionDefault
rc Cr50Rc No default

Cr50_CcdOpen_Response resource

Defined in fuchsia.tpm.cr50/cr50.fidl

FieldTypeDescriptionDefault
rc Cr50Rc No default
presence_checker PhysicalPresenceNotifier? No default

Cr50_CcdUnlock_Response resource

Defined in fuchsia.tpm.cr50/cr50.fidl

FieldTypeDescriptionDefault
rc Cr50Rc No default
presence_checker PhysicalPresenceNotifier? No default

Cr50_WpGetState_Response

Defined in fuchsia.tpm.cr50/cr50.fidl

FieldTypeDescriptionDefault
rc Cr50Rc No default
state WpState No default

ENUMS

CcdCapability flexible

Type: uint32

Defined in fuchsia.tpm.cr50/cr50.fidl

Case-closed debugging capabilities.

NameValueDescription
GSC_RX_AP_TX 0

UART from AP.

GSC_TX_AP_RX 1

UART to AP.

GSC_RX_EC_TX 2

UART from EC.

GSC_TX_EC_RX 3

UART to EC.

AP_FLASH 4

Access to AP SPI flash.

EC_FLASH 5

Access to EC flash.

OVERRIDE_WP 6

Override WP (temporarily or at boot).

REBOOT_EC_AP 7

Reboot EC/AP.

GSC_FULL_CONSOLE 8

Allow access to full console.

UNLOCK_NO_REBOOT 9

Unlock/open CCD without AP reboot.

UNLOCK_NO_SHORT_PP 10

Unlock/open CCD without short physical presence check.

OPEN_NO_TPM_WIPE 11

Open CCD without TPM wipe.

OPEN_NO_LONG_PP 12

Open TPM without long physical presence check.

BATTERY_BYPASS_PP 13

Allow disconnecting the battery to bypass the physical presence check.

UNUSED 14

Unused.

I2C 15

Access I2C via USB.

FLASH_READ 16

Read-only access to hash or dump EC/AP flash.

OPEN_NO_DEV_MODE 17

Open CCD without developer mode enabled.

OPEN_FROM_USB 18

Open CCD from USB.

OVERRIDE_BATTERY_STATE 19

Override battery presence temporarily or at boot.

CcdCapabilityState flexible

Type: uint32

Defined in fuchsia.tpm.cr50/cr50.fidl

Represents the state of a CCD capability.

NameValueDescription
DEFAULT 0

Default value.

ALWAYS 1

Always available, even if locked.

UNLESS_LOCKED 2

Available unless locked. (i.e. in UNLOCKED or OPEN states).

IF_OPENED 3

Only available if opened.

CcdState flexible

Type: uint8

Defined in fuchsia.tpm.cr50/cr50.fidl

State of case-closed debugging features on this device.

NameValueDescription
LOCKED 0

Locked. CCD configuration is read-only. ALWAYS capabilities are available.

UNLOCKED 1

Unlocked:

  • Requires a short physical presence check.
  • CCD password can be changed (unless it was set with CCD open).
  • Limited access to CCD configuration (can toggle capabilities between ALWAYS and UNLESS_LOCKED, but cannot set flags or change OPEN capabilities).
OPEN 2

Opened. Full access to all CCD capabilities and configuration. Requires a long physical presence check.

Cr50Status flexible

Type: uint8

Defined in fuchsia.tpm.cr50/cr50.fidl

Vendor-specific TPM response codes.

NameValueDescription
SUCCESS 0

Command succeeded.

BOGUS_ARGS 1

Incorrect parameters.

READ_FLASH_FAIL 2

Failed while reading from flash.

WRITE_FLASH_FAIL 3

Failed while writing to flash.

REQUEST_TOO_BIG 4

Request or part of request too big.

RESPONSE_TOO_BIG 5

Response too big for the response buffer allocated by the TPM.

INTERNAL_ERROR 6

Unspecified internal error.

NOT_ALLOWED 7

Command not allowed in current state.

NO_SUCH_SUBCOMMAND 8

Command was given an unknown subcommand.

IN_PROGRESS 9

Command is in progress.

PASSWORD_REQUIRED 10

Password is required for this command.

NVMEM_LOCKED 11

Non-volatile memory was locked.

NO_SUCH_COMMAND 127

Unsupported command.

PhysicalPresenceState flexible

Type: uint32

Defined in fuchsia.tpm.cr50/cr50.fidl

NameValueDescription
CLOSED 0

Physical presence check timed out, or there isn't one currently running.

AWAITING_PRESS 1

TPM is ready to receive next press.

BETWEEN_PRESSES 2

TPM is waiting - not ready to receive a press yet.

DONE 3

Physical presence check succeeded and CCD is unlocked/open.

UNIONS

Cr50Rc flexible

Defined in fuchsia.tpm.cr50/cr50.fidl

Response code type for cr50 commands.

Ordinal
VariantTypeDescription
1 tpm fuchsia.tpm/TpmRc

TPM standard response code.

2 cr50 Cr50Status

Cr50 vendor response code.

Cr50_CcdGetInfo_Result strict

Defined in fuchsia.tpm.cr50/cr50.fidl

Ordinal
VariantTypeDescription
1 response Cr50_CcdGetInfo_Response
2 err zx/status

Cr50_CcdLock_Result strict

Defined in fuchsia.tpm.cr50/cr50.fidl

Ordinal
VariantTypeDescription
1 response Cr50_CcdLock_Response
2 err zx/status

Cr50_CcdOpen_Result strict resource

Defined in fuchsia.tpm.cr50/cr50.fidl

Ordinal
VariantTypeDescription
1 response Cr50_CcdOpen_Response
2 err zx/status

Cr50_CcdUnlock_Result strict resource

Defined in fuchsia.tpm.cr50/cr50.fidl

Ordinal
VariantTypeDescription
1 response Cr50_CcdUnlock_Response
2 err zx/status

Cr50_WpGetState_Result strict

Defined in fuchsia.tpm.cr50/cr50.fidl

Ordinal
VariantTypeDescription
1 response Cr50_WpGetState_Response
2 err zx/status

PhysicalPresenceEvent flexible

Defined in fuchsia.tpm.cr50/cr50.fidl

Union passed to OnChange() event handler of |PhysicalPresenceNotifier|.

Ordinal
VariantTypeDescription
1 err zx/status

An error occurred while polling the TPM.

2 state PhysicalPresenceState

Physical presence status.

BITS

CcdFlags flexible

Type: uint32

Defined in fuchsia.tpm.cr50/cr50.fidl

NameValueDescription
TEST_LAB 1

Test lab mode enabled. Read only.

PASSWORD_SET_WHEN_UNLOCKED 2

State when password was set (0 = open, 1 = unlocked). Read only.

FACTORY_MODE_ENABLED 4

Factory mode state. Read only.

RDDKEEPALIVE_AT_BOOT 32768

Enable Rddkeepalive at boot.

OVERRIDE_BATT_AT_BOOT 65536

Override battery presence at boot.

OVERRIDE_BATT_STATE_CONNECT 131072

If overriding battery presence, what state? (0 = disconnected, 1 = connected).

OVERRIDE_WP_AT_BOOT 262144

Override write protect at boot.

OVERRIDE_WP_STATE_ENABLED 524288

If override WP, what value should it have? (0 = disabled, 1 = enabled).

CcdIndicator flexible

Type: uint8

Defined in fuchsia.tpm.cr50/cr50.fidl

NameValueDescription
HAS_PASSWORD 1

1 if CCD has a password.

ALL_CAPS_DEFAULT 2

1 if all capabilities are default.

WpState flexible

Type: uint8

Defined in fuchsia.tpm.cr50/cr50.fidl

Write protect status field.

NameValueDescription
UPDATE 1

Appears to be unused.

ENABLE 2

If set, then WP is enabled.

FORCE 4

If set, then the current WP state is forced.

AT_BOOT_SET 8

If set, then WP state is overriden at boot. Otherwise WP is enabled if battery is present, disabled otherwise.

AT_BOOT_ENABLE 16

Determines state of WP at boot if AT_BOOT_SET is set.

CONSTANTS

NameValueTypeDescription
CCD_CAPABILITY_COUNT_MAX 32 uint32
CCD_PASSWORD_MAX 512 uint32