| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:38139
BRANCH=none
TEST=make runtests
Change-Id: Idd1c275077a9a00cd2f7eab684238eb5b2d235dd
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/42015
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Both HOSTLIB and FWLIB depend on FWLIB_OBJS, and it's the OBJS which
need to override their CFLAGS. The way it was, depending on the order
of evaluation of HOSTLIB and FWLIB, the OBJS would get compiled with
different flags.
So 'make' worked, because it depended on fwlib before hostlib. But
'make runtests' failed, because it depended on hostlib but not fwlib.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: Id4e4cb4f7a58c7ab8d9fd00d91c4ab8f4518d4bc
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/42014
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:38139
BRANCH=none
TEST=make runtests
Change-Id: I5719c6b8aa1a23fc65bf38d7096320479152f0ca
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/41955
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No code changes, just reformat to kernel style
BUG=none
BRANCH=none
TEST=make runtests
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Change-Id: Icfcf54327c4da607392f1769fddcbc33f889395c
Reviewed-on: https://gerrit.chromium.org/gerrit/41954
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Randall Spangler <rspangler@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
EC verification is done via software sync; the EC doesn't do vboot on
its own.
BUG=chromium-os:38139
BRANCH=none
TEST=manual
make runtests
emerge-link vboot_reference chromeos-u-boot chromeos-bootimage
Change-Id: I6e5c0db8fc54b474f044d37c2603a9c116747a85
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/41953
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
No code changes, just reformat to kernel style
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: Ic75f40d6a7e862d51398b7e3bbd1a86fa8a1b33d
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/41952
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:38139
BRANCH=none
TEST=make runtests
Change-Id: I3d39feb712eb7e572f9c57f27449f19e8e809ed0
Reviewed-on: https://gerrit.chromium.org/gerrit/41896
Commit-Queue: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
No code changes, just reformat to kernel style
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: I9b07af36b915ead519a8908b3dc5b93aedc5d4be
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/41895
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:38139
BRANCH=none
TEST=make runtests
Change-Id: I21b62b5dd3fc6037f54f7c3bac768c2b67a4c12d
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/41859
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:38139
BRANCH=none
TEST=make runtests
Change-Id: I93aabedb99fdeba01954a4b59e3e089b4087380c
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/41850
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We should use only arm, x86, and x86_64; currently we also use i386 to
mean x86, and amd64 to mean x86_64.
BUG=chromium-os:26317
BRANCH=none
TEST=manual
sudo FEATURES=test emerge vboot_reference
FEATURES=test emerge-link vboot_reference chromeos-u-boot chromeos-installer
FEATURES=test emerge-daisy vboot_reference chromeos-u-boot chromeos-installer
FEATURES=test emerge-x86-alex vboot_reference chromeos-installer
make && make runtests (both inside and outside chroot)
Change-Id: I4fb64fafa9c48a76ded862e074776cab9ea54ab3
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/41838
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now 'COV=1 make' will make coverage automagically.
Coverage stats are reported separately for the firmware subdirectory,
for easier tracking.
BUG=chromium-os:38139
BRANCH=none
TEST='COV=1 make' then browse to build/coverage/index.html
Change-Id: Ie671a82b402beeb17882536f89b9230821fc4d13
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/41824
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
So they can run under qemu.
Also, mount /proc and /dev before running qemu in the chroot.
BUG=chromium-os:37916
BRANCH=none
TEST=manual
make runtests
sudo FEATURES=test emerge vboot_reference
FEATURES=test emerge-daisy vboot_reference
FEATURES=test emerge-link vboot_reference
Change-Id: I940ce370bd149621e666250b07cf9219f9e22bac
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/41786
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cleaning up the Makefile to add correct dependencies, avoid using variables
before they're fully defined (which required .SECONDEXPANSION to work
around), generally improve readability.
There are so many changes that there's no point in trying to compare old
vs new - just look at the final result. And this still isn't perfect, but
it's a big step forward.
BUG=chromium-os:37062
BRANCH=none
TEST=manual
All these should continue to work:
make && make runtests
sudo emerge vboot_reference
emerge-$BOARD vboot_reference
Change-Id: Ic05a19231155d7e6427732e41d1682012d2dcdca
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/41768
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This can trigger the sync mechanism earlier so that the kernel has enough
time to schedule a real disk sync before system reboots.
We sent this in CL 41269, however it is reverted because the sync() and
syncfs() make test cases timeout (tons of disk access). So we only sync
file itself in this CL and leave the whoe system sync outside cgpt.
BUG=chromium-os:35992
TEST=make && make runtests ; and trybot
BRANCH=none
Change-Id: I9c6b602220131f1f011e7865788a122d4c379e73
Reviewed-on: https://gerrit.chromium.org/gerrit/41345
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Yung-Chieh Lo <yjlou@chromium.org>
Tested-by: Yung-Chieh Lo <yjlou@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changed the manipulation of the device mapper arguments in the
command line to handle bootcache. Had to maintain backwards
compatibility with older versions because the signer is used
with older images.
BUG=chromium-os:37114, 37061
TEST=On a parrot with dev signed keys, signed and installed an R-23 image (2913),
a image with bootcache disabled and an image with bootcache enabled.
BRANCH=none
Change-Id: I59c46ccc3ff8b89ae9c4515f020ea9fbe6d96c7c
Reviewed-on: https://gerrit.chromium.org/gerrit/40052
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Paul Taysom <taysom@chromium.org>
Tested-by: Paul Taysom <taysom@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Export the NVRAM contents to tmpfs (/tmp) for use during boot without
incurring the cost of repeated trips through the TPM.
Signed-off-by: Will Drewry <wad@chromium.org>
BUG=chromium-os:37367
TEST=builds, boots, emits lockbox.nvram which validates using in-progress lockbox-cache
BRANCH=none
Change-Id: I8b1103f4bd22bd75e98a7617a571bdb3a06d2914
Reviewed-on: https://gerrit.chromium.org/gerrit/41433
Reviewed-by: Kees Cook <keescook@chromium.org>
Commit-Queue: Will Drewry <wad@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Che-Liang Chiou noticed this structure was misnamed. Luckily, they have
the same offsets to the useful fields.
BUG=None
TEST=link build, manual verification
BRANCH=None
Change-Id: I40abd21f053f19758e47c7775333208ad1c3c33d
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/41482
Reviewed-by: Che-Liang Chiou <clchiou@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:26317
BRANCH=none
TEST=manual
sudo FEATURES=test emerge vboot_reference
FEATURES=test emerge-link vboot_reference chromeos-u-boot chromeos-installer
FEATURES=test emerge-daisy vboot_reference chromeos-u-boot chromeos-installer
make && make runtests (both inside and outside chroot)
Change-Id: Ie829e375736ce0df46ddd5a3345efb0ca7e33aba
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/41317
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit f3613b60c7374dfcf54c922d46c7da8feeb22000.
That commit attempts to solve a disk-syncing problem by forcing numerous
sync() calls inside cgpt. However, it's too much of a sledgehammer approach.
Some subset of buildbots now run a short test suite when compiling
vboot_reference. On my z620, commit f3613b60c737 increases the time to run
"make runcgpttests" from 1.6 seconds to over eight minutes.
We need a different solution to this problem.
BUG=chromium-os:35992
TEST=manual
BRANCH=none
To test:
cd vboot_reference
make && make runtests
Change-Id: I0489906103dbc93edf201570bd9158621c651d54
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/41306
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:26317
BRANCH=none
TEST=make && make runtests
Change-Id: I420e81a9f9cb1333c233abedfad5cae8984f11b7
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/41233
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This can trigger the sync mechanism earlier so that the kernel has enough
time to schedule a real disk sync before system reboots.
BUG=chromium-os:35992
TEST=compile only
BRANCH=none
Change-Id: I505fdf45d95a52c9eca7687ecd6fb9f6be8cc5f1
Reviewed-on: https://gerrit.chromium.org/gerrit/41269
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: Yung-Chieh Lo <yjlou@chromium.org>
Commit-Queue: Yung-Chieh Lo <yjlou@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously we've been using manual cp and chmod operations to implement
"make install". This switches to using the install utility instead, which
can handle permissions and so forth.
This also tweaks the DESTDIR slightly to prepare the way for futility.
BUG=chromium-os:26317
BRANCH=none
TEST=manual
Run
sudo emerge vboot_reference
Shouldn't see any difference.
Change-Id: I667ddbb9de3ab7713921ddd734d1fbcbe3b936b1
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/41228
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have a bunch of manual dependency targets. They need to be marked as
.PHONY so that they'll always work.
Also made the spacing around the ':' more consistent so it's easier to find
specific instances.
BUG=chromium-os:26317
BRANCH=none
TEST=manual
sudo emerge vboot_reference
emerge-link vboot_reference chromeos-u-boot chromeos-installer
emerge-daisy vboot_reference chromeos-u-boot chromeos-installer
Change-Id: I00a1b8abcd588bdbab33b172c64a4b305b6d7237
Reviewed-on: https://gerrit.chromium.org/gerrit/41185
Commit-Queue: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is immediately needed to debug a Parrot TPM problems, but
we've had similar situation in the past and probably will again
in the future.
BUG=chromium-os:37819
TEST=manually tested with a couple of different packets, and error inputs
BRANCH=none
Change-Id: Id7f66bdbdfe5887fa49cd62af4a9b807fa3d9a89
Reviewed-on: https://gerrit.chromium.org/gerrit/41166
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Luigi Semenzato <semenzato@chromium.org>
Tested-by: Luigi Semenzato <semenzato@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:26317
BRANCH=none
TEST=manual
sudo emerge vboot_reference
emerge-link vboot_reference chromeos-u-boot chromeos-installer
emerge-daisy vboot_reference chromeos-u-boot chromeos-installer
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Change-Id: I8c55ca40f3f0cacf08530ab63c886fe351bcee8e
Reviewed-on: https://gerrit.chromium.org/gerrit/41152
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a necessary precursor to getting coverage working.
BUG=chromium-os:26317
BRANCH=none
TEST=manual
sudo emerge vboot_reference
emerge-link vboot_reference chromeos-u-boot
emerge-daisy vboot_reference chromeos-u-boot
Change-Id: Ibed91c64a5ca5fa486169d64fb01a9e868ce27e5
Signed-off-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 13ed1f4812f810ee0a47b946ad990f1fa93f366c)
Reviewed-on: https://gerrit.chromium.org/gerrit/40906
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=none
BRANCH=none
TEST=manual: MOCK_TPM=1 emerge vboot_reference
Change-Id: I81ae9bb646b1a1186629e1a3ba8317efe8397faf
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/41131
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix suggested by the OpenSUSE friends:
https://build.opensuse.org/package/view_file?expand=1&file=fix-tlcl-generator.patch&package=vboot&project=devel%3AFactory%3AARM%3AContrib%3AChromebook
for this bug:
http://paste.opensuse.org/86254908
BUG=chromium-os:37707
TEST=emerge-daisy vboot_reference
BRANCH=none
Change-Id: I61c116152fab7b997a84f44da89c93b89659e852
Reviewed-on: https://gerrit.chromium.org/gerrit/40902
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Luigi Semenzato <semenzato@chromium.org>
Commit-Queue: Luigi Semenzato <semenzato@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reduces 'make runtests' from ~90 sec on a z620 to ~8 sec, which
is short enough we can run it as part of the continuous build.
BUG=chromium-os:26317
BRANCH=none
TEST=make && time make runtests && time make runlongtests
Change-Id: I8165efaf8b8290ca3c8f8da73e3f8a54c2bc19f9
Reviewed-on: https://gerrit.chromium.org/gerrit/40374
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Randall Spangler <rspangler@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The SH512 code gets quite large when unrolled, about 20KB larger on x86.
This is a net loss on machines with slow SPI. Split this out into a
separate knob, and don't enable it on any architecture for now.
Also swap the code around so that we do #ifdef...#else...#endif instead
of #ifndef...#else...#endif.
BUG=chrome-os-partner:13961
BRANCH=none
TEST=manual
build and boot to kernel on link
U-Boot image size before this change:
text data bss dec hex filename
319403 8260 83988 411651 64803 u-boot
after:
293227 8260 85492 386979 5e7a3 u-boot
This is a saving of about 25KB.
Signed-off-by: Simon Glass <sjg@chromium.org>
Change-Id: I9fa7ea8eba6691d8a06df9374950303e6f2ce2fd
Reviewed-on: https://gerrit.chromium.org/gerrit/40155
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When V=1, the full command lines are printed. When V is not 1, then only a
small summary line is printed which shows what commands are being executed.
The command lines themselves are usually quite long and are overwhelming to
see fly by on the console. Abbreviated command lines are easier to read and
don't fill up your console so quickly.
This change is primarily targeted at vboot_fw.a and probably excludes some
things which could also be converted. The indentation between the action
string (OBJCOPY, CC, etc.) and the target is three spaces longer than "normal",
aka what's used in depthcharge, so that when this make is run from the other,
you can tell the difference between the commands run by each.
BUG=chrome-os-partner:8339
TEST=Built with and without V=1 and saw and did not see the full command
lines, respectively.
BRANCH=None
Change-Id: Ibee244c24dc44b8da109b8c23ac7273174836bb9
Signed-off-by: Gabe Black <gabeblack@google.com>
Reviewed-on: https://gerrit.chromium.org/gerrit/40011
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Che-Liang Chiou <clchiou@chromium.org>
Commit-Queue: Gabe Black <gabeblack@chromium.org>
Tested-by: Gabe Black <gabeblack@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a system key is available (could read TPM NVRAM), but the "finalization
needed" file exists, it means that we are in the situation where either
cryptohome was interrupted, or the TPM was temporarily unavailable at an
earlier boot. In this case, it is up to mount-encrypted to perform the
finalization. Before, we were making the very bad assumption that the
keyfile was valid if a system key was found, meaning we would delete the
"finalization needed" file, leaving us with no way to find the encryption
key leading to an OOBE on the next boot.
BUG=chrome-os-partner:15960
TEST=daisy build, manual testing
BRANCH=None
Change-Id: Ifb6d74d8a38100e00d9a4597c25a71a6c33f806c
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/39883
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This just adds a one-byte field in the nvstorage region for use in debugging
hard-to-catch errors. There's no official meaning or expectation for this
field. It's just a handy place to emit some information.
BUG=chrome-os-partner:11534
BRANCH=parrot
TEST=manual
Just change the value and ensure that it persists across a (working) reboot.
It's only updated at specific points under very exacting error conditions,
so all we really want to test is that it works as a place to store some
extra info.
crossystem recovery_subcode
crossystem recovery_subcode=14
reboot
crossystem recovery_subcode
The recovery_subcode byte is at index [6] of the VbNv.raw bytes that appear
when you press TAB, so you can find it there too:
VbNv.raw: 60 20 00 00 00 00 0e 00 00 00 00 00 00 00 00 65
Decimal 14 == 0x0e
Change-Id: I1930b8f81a03ab838dbee99a8d72c35a444efdfd
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/39803
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For debugging purposes, we like to see the kernel command line that a
particular kernel is using. We have all the tools to do this already,
but not easy to leverage (you have to manually extract/etc...). So
add a "dump_config" helper to help people out.
Further, the existing argc processing is incomplete and not terribly
friendly. Add some useful error messages explaining why we quit.
BUG=None
TEST=`./sign_official_build.sh dump_config <bin>` works
TEST=`./sign_official_build.sh verify <bin>` works
TEST=`./sign_official_build.sh` shows usage
TEST=`./sign_official_build.sh recovery <bin>` shows usage
TEST=`./sign_official_build.sh recovery <bin> / /tmp/foo` tries to sign
BRANCH=None
Change-Id: I9f94250b8c299783bdcba704733974c6a5491101
Reviewed-on: https://gerrit.chromium.org/gerrit/39603
Reviewed-by: Paul Taysom <taysom@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure all Tlcl users benefit from the new retry logic.
BUG=None
TEST=daisy build, manual testing of racing tpmc loops
BRANCH=None
Change-Id: I8e9656a65b5d6b45694c1c8bceb95f54f7c751bb
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/39525
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Snow was built with overlapping regions in its FMAP, so when we use
dump_fmap -h to see what the layout is, it complains and dies. This change
lets it keep going if you give it multiple -h args. Nothing else is different.
BUG=none
BRANCH=none
TEST=manual
This complains and quits:
dump_fmap -h image-snow.bin
This complains and keeps going:
dump_fmap -hh image-snow.bin
Change-Id: Ia4592b9ba6963b8c5064dd6f51625e9495db2845
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/39551
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the TPM hits an error other than ENOENT during open(), retry for 5
seconds with 100ms polling delays. Also switch to on-demand opening
of TPM, so umount will not hit delays if tcsd keeps the TPM open at
shutdown time.
BUG=chrome-os-partner:15960
TEST=daisy build, mount ok with kernel patched to return EBUSY for a few
opens, platform_EncryptedStateful passes.
BRANCH=None
Change-Id: Ia597622bb54ccc4366be2a0c960c518406e6c0b2
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/39445
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If there were any errors communicating with the TPM at the OS layer
(open, read, write failures), the library would immediately exit, not
allowing the caller to make any decisions about how to handle it. This
introduces a way to initialize the library so that errors will get passed
back up to the caller instead of unceremoniously exiting.
Setting the environment variable "TPM_NO_EXIT=1" enables the feature. To
avoid needing to implement supporting functions in all backends, the
feature is currently limited to just the Tlcl stub implementation.
In the case of mount-encrypted, it can now survive the kernel returning
read/write failures. In the past it had only worked around having open
fail, but that has now been replaced with more sensible logic instead of
the environment variable trickiness.
BUG=chrome-os-partner:15960
TEST=daisy built with an always-failing kernel driver, u-boot builds too
BRANCH=None
Change-Id: Ic7b217017537980f9c239d678067398613045676
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/38791
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the case of the TPM getting into a permanent failure mode
(e.g. crosbug.com/p/15785), the entropy system was not trying harder to
get entropy (i.e. falling back to system RNG), and was just using
whatever happened to be on the stack.
This adds the system RNG to the fallback list:
- try TPM RNG
- try system RNG
- use uninitialized stack contents
The reason for the last one being used is so we can make sure we're
getting a system up. It is extremely unlikely for both the TPM and
the system RNGs to be broken and if they are, it's likely a relatively
permanent failure condition. If we abort in this state, we'll cause an
infinite repair loop which is a very bad user experience. Instead, get
the system up using terrible entropy so the conditions can be examined.
BUG=chrome-os-partner:15960
TEST=daisy build with instrumented kernel tpm driver to always fail
BRANCH=none
Change-Id: I92c454925a78bb0d94262cdb3914c1b72010450e
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/38751
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changed the pattern substitution to work with dm-[0-9]
BUG=chromium-os:25441
TEST=Turned off verity on stumpy both with and without bootcache
BRANCH=none
Change-Id: I519ad71879f2db847f450b869c8f7a67606f1e20
Reviewed-on: https://gerrit.chromium.org/gerrit/38691
Tested-by: Paul Taysom <taysom@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Paul Taysom <taysom@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are several places where the same recovery_reason was used to report
slightly different points of failure. Let's create some new codes instead.
Remember that recovery mode is handled by RO firmware, so if an updated RW
firmware uses one of the new error codes, pressing TAB at the recovery
screen will say "We have no idea what this means". That's not a bug. This CL
deprecates the original codes, so the fact that the RO firmware doesn't
recognize it just means it's a new code reported by a new RW BIOS.
BUG=chromium-os:36562
TEST=manual
BRANCH=parrot
Run
make && make runtests
It should pass. You can test some of the error cases on actual hardware by
using
crossystem recovery_reason=86
reboot
and pressing TAB at the recovery screen. For that example you should see the
message
recovery_reason: 0x56 TPM lock error in rewritable firmare
Change-Id: I123c781e6c6f6fe0284c4fd49f5f5a855eece7df
Reviewed-on: https://gerrit.chromium.org/gerrit/38652
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
To help identify the specific failure conditions encountered when the
TPM goes weird, report them any time they are encountered.
BUG=chrome-os-partner:15960
TEST=daisy build, manual testing
BRANCH=none
Change-Id: I80b3bd23c88c19d807cbcafe8ea2736fe000e1d6
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/38468
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To handle a more diverse set of configurations, added
processing of regular expressions for the dm params.
BUG=chromium-os:36441
TEST=rand security_test_image for various configurations
BRANCH=none
Change-Id: I4d9e610586cc9f63d55397e60462600ed9b9651f
Reviewed-on: https://gerrit.chromium.org/gerrit/38202
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Paul Taysom <taysom@chromium.org>
Tested-by: Paul Taysom <taysom@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
BRANCH=none
Change-Id: I4a5ecedd4dd8e2ef866793edd825f4d5716402bf
Reviewed-on: https://gerrit.chromium.org/gerrit/38097
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using PT=18 provides better screen on scaled screens.
IPAPGothic does not look good after being scaled, so let's use Droid Sans
Fallback again.
BRANCH=none
BUG=none
TEST=make # pass
Change-Id: I59f3768a14055d8f135e15b85107406d5a2d4924
Reviewed-on: https://gerrit.chromium.org/gerrit/38016
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To simplify dependency (and prepare for building inside chroot), we need to get
rid of dependency for ImageMagick, which is now entirely replaceable by Python
Image Library.
BRANCH=none
BUG=none
TEST=make # pass
Change-Id: Ie3d3a4ac399b2fe58aa75f8e02e4475bcba21c51
Reviewed-on: https://gerrit.chromium.org/gerrit/37985
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:35909
TEST=None (need suggestions form semenzato)
BRANCH=none
Change-Id: Ife7c545a28fd70407ba2fe1a0a14e20df8e847f7
Reviewed-on: https://gerrit.chromium.org/gerrit/37020
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Tested-by: Paul Stewart <pstew@chromium.org>
Commit-Ready: Paul Stewart <pstew@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new flag, 0x100, to indicate FAFT key stroke overrides.
BUG=chrome-os-partner:14056
TEST=none
BRANCH=stout
Change-Id: I76b7f3f4c51abec5528047f690f20a09b257abc2
Signed-off-by: Marc Jones <marc.jones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/37074
Reviewed-by: Ronald G. Minnich <rminnich@chromium.org>
Reviewed-by: Gediminas Ramanauskas <gedis@chromium.org>
Tested-by: Gediminas Ramanauskas <gedis@chromium.org>
Commit-Ready: Marc Jones <marc.jones@se-eng.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Running ImageMagick + PIL is a redundant task; we should let PIL
do flatten, resize, and exporting to different format.
Before: real 11m54s, user 37m10s.
After: real 8m3s, user 16m33s.
BRANCH=none
BUG=none
TEST=make
Change-Id: I65f1e5b769161650310abca46851824755402d9b
Reviewed-on: https://gerrit.chromium.org/gerrit/37200
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
|
