| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:257997543
TEST=none
Change-Id: I117f12872c91135ab7902b9e63ce5af5f79e7f15
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4103620
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: I55e7afbd9e5121f5e274723b55251fa24cd1e80a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4083154
Reviewed-by: Andrew Luo <aluo@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Labstation images don't have cros_build_lib, so flash_cr50 can't run on
them. Replace cros_build_lib, so flash_cr50 can run on labstations.
BUG=none
TEST=run on labstation
Change-Id: I6cab324952ef1b2f4a87b22ebd55f5a9cbaf7798
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4083152
Reviewed-by: Andrew Luo <aluo@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for using brescue to update gsc over uart. Ti50 images have
a different format, so the rw_hex support flash_cr50.py support doesn't
work. brescue already has support for ti50 images. Use that instead of
replicating the brescue logic.
BUG=b:260764993
TEST=./util/flash_cr50.py -r pch_disable -p 9999 -i
/opt/google/cr50/firmware/cr50.bin.prod -c brescue
Change-Id: Iec4ada15bb5a7913ab0e476a6ffe4f4334ed4d9f
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4083151
Reviewed-by: Andrew Luo <aluo@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:257997543
TEST=none
Change-Id: I9b76a48f6b67ed2b5b6a95d24bfe2f742b799344
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4066235
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The watchdog ccd name changed from ccd to ccd_cr50. Modify flash_cr50 to
support both.
BUG=none
TEST=update hdctools and use flash_cr50
Change-Id: Ieafeac1275c582ec86a94a05cc7a31c216e3420b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4024801
Reviewed-by: Ziting Shen <zitingshen@google.com>
Commit-Queue: Ziting Shen <zitingshen@google.com>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:257997543
TEST=none
Change-Id: Ic853b1142a1d1255d26ef0795475020cdd3138ec
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4009998
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to match the copy in ToT EC repo.
BUG=b:227228605
TEST=script works with python3
Signed-off-by: Edward Hill <ecgh@chromium.org>
Change-Id: Idd4ff156f980d1edaaf4f98d468e3cffbe7ae771
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3989665
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The script has been reworked to support multiple versions of GSC and
has been moved into the Ti50 tree.
BUG=None
TEST=None
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I4ff086b73796bad09a7b572aa68566470582c28b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3936350
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:243160187
TEST=none
Change-Id: Ib3fa73f9344f4342777a4f100bd28ee874f422dc
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3922444
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: I61b0b0106a43f723ec3bc805eb190aef00bbd05b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3894391
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The main fixes that were needed were:
* Use utf-8 encoding from git subprocess.
* Don't use 'is' to compare string equality (Python does not guarantee
interning of strings). For the parser state, the string comparison
was removed by changing this to an Enum, since we have Python 3
anyway.
BUG=chromium:1031705
TEST=create commit with invalid config options and run script, notice
the script points them out and exits 1, then test without that
commit, no output and exit 0.
Change-Id: I1113e063f747f0207c4b59a74f4e4a06bbcd5fcd
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2068520
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
(cherry picked from commit a9666e310606cbd1a54d32fa0cb200f16cf1d451)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3858397
Tested-by: Mary Ruthven <mruthven@chromium.org>
Auto-Submit: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This utility currently uses the outdated servo controls `servo_v4_type`
and `servo_v4_role`. These were replaced with `root.dut_connection_type`
and `servo_pd_role` respectively. This commit updates this utility to
use the updated controls
BUG=none
TEST=Flash Cr50 FW on a DeWatt device
Signed-off-by: Robert Zieba <robertzieba@google.com>
Change-Id: Ic24215725a09ce464c39fa1ffc8c2b3965a9738f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3811889
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:235079109
TEST=none
Change-Id: Ia0892309b9586737b518d9b037b083e0b3231b34
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3691319
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the dump_fmap flashrom output to calculate the offset and size. All
of the information is included on one line.
BUG=none
TEST=ap_ro_hash.py -v GBB True
Change-Id: I160173caaaf540c20786e892d244ee8a941833b6
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3654254
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a range is too big, break it up into smaller blocks that GSC can
handle.
BUG=none
TEST=run `ap_ro_hash.py COREBOOT` on volteer.
Change-Id: I094c2eb725af07e21b3e249336cb7b556761b50c
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3644691
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use mp, prepvt, and tot as the bcmp input. Convert those to the correct
tpm2 and cr50 branch names.
BUG=none
TEST=./util/bcmp.sh mp ; ./util/bcmp.sh tot ; ./util/bcmp.sh prepvt ;
verify the tpm2 and cr50 branch names are correct.
Change-Id: I0d1c237fd4322a102b939a7c16f10f991bf408fb
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3615476
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:229877169
TEST=none
Change-Id: I9b1e04f5487662816401129adb593b7f1c0e259b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3628135
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Print the calculated digest, so we can use it for debugging.
BUG=none
TEST=./ap_ro_hash.py -v True GBB prints a digest that matches the
digest from the trunks_send command and the one saved in cr50.
Change-Id: I686dac5248782ea68d7bab98c2554940cc0b74b3
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3624499
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:229877169
TEST=none
Change-Id: I492616346f21b824915fba33c66ad296507bcaf7
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3611617
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's allow wider major version range, expanding it from 0..2 to 0..4.
BUG=b:183016758
TEST=successfully generated hashes for cr50_v3... images.
Change-Id: I8f9e8119b4a31753932065234505cd5d22df91a4
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3582971
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adding the encrypted cryptolib header to the RO created another match
for the header magic pattern of 'fd ff ff ff'.
One of the distinct properties of the fake header is filling up the
signature field with 0x53 bytes, let's use this to filter out the fake
header when looking for the RW.
BUG=b:217564005,b:228839885
TEST=successfully processed Ti50 image with HW cryptolib included.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I83e4f7ad90ba1030ec4134db00485f10dc2fcdee
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3561025
Reviewed-by: Andrew Luo <aluo@chromium.org>
Reviewed-by: Edward Hill <ecgh@chromium.org>
Commit-Queue: Edward Hill <ecgh@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:222132584
TEST=none
Change-Id: I2a231373f992fdb21ae6eeb440e2e7243adbe481
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3498710
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Boards like zork can reset cr50 with pch_disable, but don't have the
cr50_reset_odl overlay in their hdctools overlay. Add support for trying
to use that control to reset cr50. Allow people to use that signal if
they want. Worst case is it won't reset cr50.
BUG=none
TEST=./util/flash_cr50.py -i $IMG -p 9999 -c cr50-rescue -r pch_disable
Change-Id: I0843fc6d93bedaa32f491389badc7f1836e3402d
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3465528
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Commit-Queue: Aseda Aboagye <aaboagye@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: I329192d5b4d383d72b90bc90c46589b156f5391b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3456709
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. ECDSA pair-wise consistency test failure wasn't updating FIPS status.
Added new failure bit FIPS_FATAL_ECDSA_PWCT.
2. ECDSA KAT was only simulating error in verify, but not in sign.
Split 'fips ecdsa' into 'fips ecver' and 'fips ecsign'.
3. Added a way to introduce self-integrity error by not updating FIPS
module digest with 'FIPS_BREAK=1' during build.
4. Added reporting of FIPS module digest.
BUG=b:134594373
TEST=make CRYPTO_TEST=1;
in ccd test:
fips pwct; tpm_test.py should fail; fips should print error.
-
fips ecver; fips test reports ECDSA error
fips ecsign; fips test reports ECDSA error
-
FIPS module digest is printed
-
FIPS_BREAK=1 make CRYPTO_TEST=1 produce build with zero digest
reporint FIPS self-integrity error.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ib0a92c118f07a76e4b52eaf9b011ff4f73a02c61
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3425998
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: Ide0ac9a563e4a1dbbf2ae209f5807e82db2e20c5
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3415374
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:214266426
TEST=RESCUE=../cr50-utils/software/tools/SPI/rescue EARLY=1 \
TEST= util/brescue.sh ti50.bin /dev/ttyUSB5
TEST=util/brescue.sh ti50.bin /dev/ttyUSB5
Change-Id: I427b9c16896ddf9f12cf78f185e7718e23786648
Signed-off-by: Andrew Luo <aluo@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3388229
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Andrew Luo <aluo@chromium.org>
Tested-by: Andrew Luo <aluo@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: I37e1ce5ca998c08d328a663ac18050755400a0eb
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3381053
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: I926e6ec710dc63ad1f5ec25637e1792f0363b736
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3366873
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The markdown document describes the use of the scripts and provides
instructions on connecting to GSC and controlling it using Servo Micro
or C2D2 with very low overhead.
BUG=none
TEST=verified instructions by running the commands successfully.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I268ffa364d4230d72dcd529c1102cb422b980e1e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3352888
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The script builds a Cr50 image from scratch, then by examining the
contents of builed/cr50/RW the script figures out the source files
which were used to build the image and then compares all source files
with a different git branch.
The branch to compare with by default is
cros/firmware-cr50-stab-14294.B, if the user wants to compare to a
different branch, the name of the branch can be passed as command line
parameter.
The Cr50 tree branch names in firmware branches are modified by
addition of the '-cr50_stab' suffix, the script tries adding the
suffix if the branch to compare to does not exist in the Cr50 tree.
Two git trees are examined, Cr50 and tpm2. If the other branch does
not exist in either of the trees or building Cr50 image fails, the
script reports error and exits.
The result of running the script is a set of git diffs for files which
are different between branches.
BUG=b:200823466
TEST=ran the script to compare ToT and pre-pvt Cr50 branches, observed
sensible results.
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Change-Id: Ic044c2d23758eed1a5573385e903e59ed4328635
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3297446
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: I3ddfcb55cfe7fcf941a23575d167ad8bd1ccedc0
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3352184
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: I5f6e29b470afd087aef7c9e11720f87f3663999c
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3345283
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: I1fd5721c8f06d04322668ab0fb73c7375521727a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3336198
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cr50 uses local implementation of crypto, no need to keep track of the
third_party tree.
BUG=None
TEST=built cr50 image and ran it, verified that cryptoc is not
included in the version string any more.
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Change-Id: Ic016492ffc203a704d9ad252a4a05cc16074863f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3318734
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:207143125
TEST=make buildall -j
Change-Id: Ib31feddde38061df787ec78b7a2131f00b4cc634
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3291134
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:173227629
TEST=make buildall -j
Change-Id: Iaf8028984cc58cc4108907fdba4ea4b38c43cf70
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3293250
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:203205487
TEST=none
Change-Id: I90ef2a52a40ceef6de930df2acb635cdc0b3d014
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3227259
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Script inserting FIPS checksum into the image uses the dd utility
which generates stderr output even when there is no errors.
This patch adds code which captures the dd stderr output and prints it
out only if there is an actual error. stdout output of the script is
suppressed unless make was invoked with V=1.
Also made a few modifications as requested by shellcheck.
BUG=none
TEST=make output does not have extra lines.
built and ran a Cr50 image, it reports successful FIPS integrity
self check.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I9121bc5a9a40633b9a3d18ea5766bc1ed274a9c2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3210946
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace all usages of chromite.lib.cros_logging with the stdlib logging
module.
BUG=b:191490453
TEST=None
BRANCH=None
Signed-off-by: Chris McDonald <cjmcdonald@chromium.org>
Change-Id: I661a620fb514b2b53b6e6c5d76c90cca0280959c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3162336
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-by: Alex Klein <saklein@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Inject the fips fingerprint into the cr50 image, so it can verify the
fips module before starting to execute it. This change adds a script to
calculate the checksum and inject it into a elf file before signing.
If CONFIG_FIPS_CHECKSUM is defined, generate an elf file with the fips
checksum and use that to create signed images and hex files.
The build process doesn't change for RO artifacts. Nothing changes if
CONFIG_FIPS_CHECKSUM isn't defined.
The new chain for RW is
ec.RW.elf -> ec.RW.elf.fips -> ec.RW.flat
ec.RW.elf.fips is generated with util/inject_fips_fingerprint.sh.
util/inject_fips_fingerprint.sh calculates the fips module fingerprint,
copies ec.RW.elf to ec.RW.elf.fips, and then injects the fingerprint
into ec.RW.elf.fips.
util/signer/bs will be modified to use ec.RW.elf.fips if it exists in a
followup CL.
BUG=none
TEST=manual
# Verify cr50 is the only board that creates the fips artifacts
make buildall -j
objdump the text.fips_checksum section of ec.RW.elf and
ec.RW_B.elf. Make sure they match ec.RW.fips.checksum and
ec.RW_B.fips.checksum
# Verify cr50 can update to image signed with devid and that
# image shows Stored hash that matches the computed one.
H1_DEVIDS="${DEVID}" make -j BOARD=cr50 CR50_DEV=1
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Change-Id: Iab857ec1b7e3ae0d23681a25467e26286bd68210
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3078053
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:194901448
TEST=none
Change-Id: Ia16d194f042ab44a36e00668f699dfab4df8a536
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3114224
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use 6 as the major version in util/signer/ec_RW-manifest-prod.json to
reduce merge conflicts in the branches
This has no real effect since we don't prod sign TOT images.
BUG=none
TEST=none
Change-Id: I1300a4080ea4a5fee3115f1e32736985789d9c11
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3114223
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:194901448
TEST=none
Change-Id: I9d4d5133d26ac528b2ecf5e1b0f4be20a47badb8
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3072819
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:192269002
TEST=none
Change-Id: Ied092d9dd0a909aae116f440fa545ee43ec4c6ed
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3002844
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Porting consisted of running 2to3 and then modifying the Tee::write()
function by hand.
BUG=none
TEST='make -j buildall' does not throw Python2 warnings any more and
still succeeds.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I6762bfc176ef749dccba7572db171dd2f83aaebc
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2973575
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If cr50 is open, flash_cr50 can just run 'reboot' on the cr50 console to
reboot cr50. Add support for doing that.
BUG=none
TEST=flash_cr50.py -p 9999 -i $IMG -c cr50-rescue -r console_reboot
Change-Id: Ibe0d7f98c64faf7f0ac35b04dfad89ad58333cac
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2945957
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:188846962
TEST=run on hatch
Change-Id: I1d9ea6048cec240c830dcd5d56c41b5cbfd622a1
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2911495
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:187083680
TEST=none
Change-Id: I76ad8b29b32007fde0e8a6b527f08fa2333e801a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2897918
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
|