GSC: Difference between revisions
Created page with "GSC (Google Security Chip) is a custom chip created by Google for security use on chromebooks and pixel phones. It is marketed as the "Titan Chip". The design is proprietary but we know it uses risc-v cores (source?). This page will only cover usage in chromebooks. == Firmware == There are two versions of the firmware, corresponding to two versions of the GSC. The first generation GSC (H1) uses the Cr50 firmware. It is based on cros ec and is partially open source. Cert..." |
No edit summary |
||
| Line 5: | Line 5: | ||
The second generation GSC (D2) uses the Ti50 firmware. It shares some parts in common with Cr50, but appears to use some rust code as well (source?). | The second generation GSC (D2) uses the Ti50 firmware. It shares some parts in common with Cr50, but appears to use some rust code as well (source?). | ||
== CCD == | |||
Perhaps the most useful function of the GSC is case-closed debugging (CCD). CCD allows you to get access to 3-4 uarts, and flash the main firmware, along with the ec firmware. To get access to CCD, you need a "SuzyQ" cable. This special usb cable has a type c connector on one end and a type a connector on the other. The type c connector goes into the chromebook's debug usb-c port and tells the GSC to enable debug mode. The GSC will act as a usb device which the host can talk to use the custom "raiden" protocol. | |||
=== UART === | |||
The usb_serial_simple driver on linux will automatically create 3-4 ttyUSB* devices for uart access. The first will be for GSC uart, the second for AP uart, and the third one is EC uart. On Ti50, an additional 4th char dev will give FPMCU uart. | |||
=== SPI === | |||
Using flashrom, one can flash the main AP SPI flash (and the EC SPI flash on select platforms) over CCD. To do so, add `-p raiden_debug_spi:target=AP` to the flashrom command to select the raiden programmer. The AP target will flash the main AP SPI flash. On boards with a dedicated EC SPI (only older ones), you can use the EC target as well. Newer ECs with embedded flash can be programmed with google's flash_ec script in cros_sdk (TODO: Add instructions to flash without cros_sdk). | |||
Revision as of 16:15, 5 September 2025
GSC (Google Security Chip) is a custom chip created by Google for security use on chromebooks and pixel phones. It is marketed as the "Titan Chip". The design is proprietary but we know it uses risc-v cores (source?). This page will only cover usage in chromebooks.
Firmware
There are two versions of the firmware, corresponding to two versions of the GSC. The first generation GSC (H1) uses the Cr50 firmware. It is based on cros ec and is partially open source. Certain components of the firmware are only available internally at google.
The second generation GSC (D2) uses the Ti50 firmware. It shares some parts in common with Cr50, but appears to use some rust code as well (source?).
CCD
Perhaps the most useful function of the GSC is case-closed debugging (CCD). CCD allows you to get access to 3-4 uarts, and flash the main firmware, along with the ec firmware. To get access to CCD, you need a "SuzyQ" cable. This special usb cable has a type c connector on one end and a type a connector on the other. The type c connector goes into the chromebook's debug usb-c port and tells the GSC to enable debug mode. The GSC will act as a usb device which the host can talk to use the custom "raiden" protocol.
UART
The usb_serial_simple driver on linux will automatically create 3-4 ttyUSB* devices for uart access. The first will be for GSC uart, the second for AP uart, and the third one is EC uart. On Ti50, an additional 4th char dev will give FPMCU uart.
SPI
Using flashrom, one can flash the main AP SPI flash (and the EC SPI flash on select platforms) over CCD. To do so, add `-p raiden_debug_spi:target=AP` to the flashrom command to select the raiden programmer. The AP target will flash the main AP SPI flash. On boards with a dedicated EC SPI (only older ones), you can use the EC target as well. Newer ECs with embedded flash can be programmed with google's flash_ec script in cros_sdk (TODO: Add instructions to flash without cros_sdk).
