Introduce ability to change the kernel command line.

After this change vbutil_kernel allows to repack an existing signed ChromeOS kernel such that the kernel command line is changed on operator's request. The new command line parameter is --verbose which causes --verify to print out current contents of the kernel command line. Some refactoring and cleaning were also done: - provide a macro to access command line buffer inside a kernel blob - ReadConfigFile() a new wrapper to preprocess the config file. - keep the key_block and preamble in the blob when unpacking an existing signed kernel for --repack and --verify. - make --pack expect at least one of the two: --config or --keyblock, thus allowing to change the command line without replacing anything else in the signed kernel image. - refactor Verify() to use OldBlob() to preprocess the image. The top level Makefile was changed to allow compiling for debugging. Build with DEBUG=1 in the make command line to enable gdb debugging and debug printouts. Build with DISABLE_NDEBUG=1 in the make command line to enable cryptolib debug outputs. BUG=http://code.google.com/p/chromium-os/issues/detail?id=4814 TEST=see below 1. Observe that all unit tests still pass by running (vboot_reference $) RUNTESTS=1 make 2. On a working DVT system copy the running kernel into a file using dd if=/dev/sda2 of=/tmp/dev.kernel and transfer the file to the host into /tmp/try/dev.kernel Then create the new config file in /tmp/try/new.conf.txt and run the following commands: vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv (vboot_reference $) ./build/utility/vbutil_kernel --verify /tmp/try/dev.kernel --signpubkey tests/devkeys/kernel_subkey.vbpubk --verbose Key block: Size: 0x4b8 Data key algorithm: 4 RSA2048 SHA256 Data key version: 1 Flags: 7 Preamble: Size: 0xfb48 Header version: 2.0 Kernel version: 1 Body load address: 0x100000 Body size: 0x302000 Bootloader address: 0x3fe000 Bootloader size: 0x4000 Body verification succeeded. Config: earlyprintk=serial,ttyS0,115200 console=ttyS0,115200 init=/sbin/init add_efi_memmap boot=local rootwait ro noresume noswap i915.modeset=1 loglevel=7 cros_secure root=/dev/sd%D%P dm_verity.error_behavior=2 dm_verity.max_bios=1024 dm="0 2097152 verity ROOT_DEV HASH_DEV 2097152 1 sha1 a7fbd641ba25488509987959d5756d802790ef8f" noinitrd (vboot_reference $) ./build/utility/vbutil_kernel --repack /tmp/try/dev.kernel.repacked --signprivate tests/devkeys/kernel_data_key.vbprivk --oldblob /tmp/try/dev.kernel --config /tmp/try/new.conf.txt (vboot_reference $) ./build/utility/vbutil_kernel --verify /tmp/try/dev.kernel.repacked --signpubkey tests/devkeys/kernel_subkey.vbpubk --verbose Key block: Size: 0x4b8 Data key algorithm: 4 RSA2048 SHA256 Data key version: 1 Flags: 7 Preamble: Size: 0xfb48 Header version: 2.0 Kernel version: 1 Body load address: 0x100000 Body size: 0x302000 Bootloader address: 0x3fe000 Bootloader size: 0x4000 Body verification succeeded. Config: console=tty2 init=/sbin/init add_efi_memmap boot=local rootwait ro noresume noswap i915.modeset=1 loglevel=7 cros_secure root=/dev/sd%D%P dm_verity.error_behavior=2 dm_verity.max_bios=1024 dm="0 2097152 verity ROOT_DEV HASH_DEV 2097152 1 sha1 ff06384015a7726baff719ee68eab312b1d45570" noinitrd (vboot_reference $) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Observe the chanegd command line printed by --verify --verbose. Then transfer the new kernel image back to the DVT system, dd it into /dev/sda2 and restart the DVT system. Observe kernel startup messages dumped on the screen (due to the changed kernel command line). Then examine /proc/cmdline to verify that the command line indeed matches the contents of /tmp/try/new.conf.txt on the host. 3. Build the code with (vboot_reference$) DEBUG=1 make observe that debug information is visible by gdb. Build the code with (vboot_reference$) DISABLE_DEBUG=1 make and observe that -DNDEBUG is dropped from the compiler invocation line. Review URL: http://codereview.chromium.org/3004001
author: vbendeb <vbendeb@chromium.org> 2010-07-15 15:09:47 -0700
committer: vbendeb <vbendeb@chromium.org> 2010-07-15 15:09:47 -0700
commit: b2b0fcc0f62fadce6f854bf14826a9778c0f7632 (patch)
tree: 52aac0157b4692eb115d27b353a854aa32a18131 /Makefile
parent: 536eaaaee738b660652906848ba37474a1a4219a (diff)
download: vboot-b2b0fcc0f62fadce6f854bf14826a9778c0f7632.tar.gz
1 files changed, 10 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index d7311271..9f12daa4 100644
--- a/Makefile
+++ b/Makefile
@@ -4,7 +4,16 @@
 
 export CC ?= gcc
 export CXX ?= g++
-export CFLAGS = -Wall -DNDEBUG -O3 -Werror -DCHROMEOS_ENVIRONMENT
+export CFLAGS = -Wall -Werror -DCHROMEOS_ENVIRONMENT
+ifeq (${DEBUG},)
+CFLAGS += -O3
+else
+CFLAGS += -O0 -g -DVBOOT_DEBUG
+endif
+ifeq (${DISABLE_NDEBUG},)
+CFLAGS += -DNDEBUG
+endif
+
 export TOP = $(shell pwd)
 export FWDIR=$(TOP)/firmware
 export HOSTDIR=$(TOP)/host
author	vbendeb <vbendeb@chromium.org>	2010-07-15 15:09:47 -0700
committer	vbendeb <vbendeb@chromium.org>	2010-07-15 15:09:47 -0700
commit	b2b0fcc0f62fadce6f854bf14826a9778c0f7632 (patch)
tree	52aac0157b4692eb115d27b353a854aa32a18131 /Makefile
parent	536eaaaee738b660652906848ba37474a1a4219a (diff)
download	vboot-b2b0fcc0f62fadce6f854bf14826a9778c0f7632.tar.gz