| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When doing a migration, try to guess at a smaller minimum size for the
initial filesystem so that systems with giant drives are not needlessly
penalized. Start with an even smaller initial filesystem size (16M).
Move debug time counters into the main .o file to avoid compiler
insanity when turning debug on and off.
BUG=chromium-os:22172
TEST=link build & boot, manual testing
Change-Id: I47c3ffb6e4cd88c4f0ead6fa21724704c7ed1630
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/25638
Reviewed-by: Elly Jones <ellyjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libraries go into $LDLIBS while linker flags go into $LDFLAGS.
Also make sure the utility subdir respects the env $LDFLAGS so that
we can do things like `make LDFLAGS=-static` and get static binaries.
BUG=None
TEST=`emerge vboot_reference` still works
TEST=`emerge-arm-generic vboot_reference` still works
Change-Id: I989a21bc559bc6d471bc33c057c708bda2eda67e
Reviewed-on: https://gerrit.chromium.org/gerrit/24728
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than use the host's pkg-config, we want to use the target's.
This way we query the right .pc files.
BUG=None
TEST=`emerge vboot_reference` still works
TEST=`emerge-arm-generic vboot_reference` still works
Change-Id: I083a987ee6c23716f8d79eb14e7c38c12e18b8f8
Reviewed-on: https://gerrit.chromium.org/gerrit/24727
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:31893
TEST=verified on images with/without payload verification enabled.
Change-Id: Ic1883aafcc2c48d9e7c5323d6dc7e21fb8f47585
Reviewed-on: https://gerrit.chromium.org/gerrit/25407
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The VbExTrustEC function should be implemented in the BIOS, not the vboot
library. Also, weak references don't seem to work with our linker, so we'll
have to just require it always.
BUG=chrome-os-partner:9953
TEST=none
This must go in with a simultaneous change to U-Boot. The only test is
whether or not everything continues to compile.
Change-Id: I8a5ccb167eec3bcacbe892cf0bdcfe550a1f57d6
Reviewed-on: https://gerrit.chromium.org/gerrit/25557
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
And enable dev_boot_usb by default.
And disable rollback checks.
The first flag is necessary for factory to build with keyboard
controlled dev mode. The other flags are really handy for development
on systems where you've defeated firmware WP and are installing custom
firmware.
BUG=chromium-os:31844
TEST=make && make runtests
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Change-Id: I9d837fee676cb0186ea98f13005ad60a9ab86393
Reviewed-on: https://gerrit.chromium.org/gerrit/25265
Tested-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Ready: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Check for ownership via Capabilities instead of Perm Flags. Clean up
missing "static" declarations, disable DEBUG-by-default, clean up spawner
reporting, explicitly check TPM_SUCCESS for Tlcl calls and document.
BUG=chromium-os:22172
TEST=x86-alex build & manual test
Change-Id: Ida6813307b7dfcecb8fb2e240ff88982db5430c5
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/25053
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since the "ownership" permament flag does not indicate if the TPM is
currently owned, the state of TPM Ownership must be read via a Capability
read of TPM_CAP_PROP_OWNER. This adds the "getownership" function.
BUG=chromium-os:22172
TEST=x86-alex build & manual test
Change-Id: I2fc9e933e891ba40190d008436b22496dced1c93
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/24784
Reviewed-by: Will Drewry <wad@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Confirmed via codesearch that these fields are not used outside of
vboot_reference itself, and the only use inside vboot_reference is one
test which checked that the test error generation itself worked.
BUG=chromium-os:31668
TEST=make && make runtests
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Change-Id: Ic393e126ca2853f7aaff19ffd6fcdbdb1c47689f
Reviewed-on: https://gerrit.chromium.org/gerrit/24895
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes build failure seen in u-boot for tegra2 seaboard:
.../vboot_fw.a(vboot_api_kernel.o): In function 'VbConfirmChangeDevMode':
(.text+0x84): undefined reference to 'SetVirtualDevMode'
BUG=None
TEST=`emerge-tegra2_seaboard chromeos-u-boot` works again
Change-Id: If374a78218fc8a7921ff8dddde163138969e0876
Reviewed-on: https://gerrit.chromium.org/gerrit/24948
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previous commit missed this file.
BUG=None
TEST=None
Change-Id: Id29e3291d4843f5ace71c2eedf7f91ee04df62d5
Reviewed-on: https://gerrit.chromium.org/gerrit/24944
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:9706
TEST=manual
Currently, Link is the only platform that enables this feature.
To enter dev-mode:
Boot into recovery mode using the magic key chord. At the Insert screen,
press Ctrl-D. You'll be asked if you want to enter developer mode. If you
then press ENTER, it will reboot with dev-mode enabled. If you press SPACE
or ESC, it will return to the Insert screen.
If you enter recovery mode through any other means, or if dev-mode is
already enabled, pressing Ctrl-D at the Insert screen will have no effect.
To return to normal mode:
Reboot. At the Dev screen, press ENTER or SPACE. It will reboot to
recovery mode and ask you if you want to return to normal mode. If you
press ESC or power off, you'll still be in dev-mode. Press ENTER or SPACE,
and it will reboot into normal mode (of course, if you've messed up your
images while in dev-mode, you'll just come right back to recovery mode
again).
You can also request a direct return to normal mode by running
crossystem disable_dev_request=1
and rebooting.
Change-Id: I435905855a6c39932ee466cc046bdc4c4c860f98
Reviewed-on: https://gerrit.chromium.org/gerrit/24160
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The original sources have been lost. These were obtained by unpacking the
binary.
BUG=none
TEST=none
Change-Id: I8042a3abf586551bc2a855d3fd9d7d6ae1aae2d9
Reviewed-on: https://gerrit.chromium.org/gerrit/24710
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Ready: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When testing mount-encrypted, allow for the "MOUNT_ENCRYPTED_ROOT"
environment variable to define the root directory of all the internal
mount paths. By default, it remains "/". This changes all the formerly
static globals to dynamic.
Add support for environment variable "MOUNT_ENCRYPTED_FSCK" which
causes a fsck during the "umount" phase.
Improve loopback name handling and add debugging.
Rename "device" command to "info", add path details.
BUG=chromium-os:22172
TEST=x86-alex build, manual testing
Change-Id: Icf89a0a5283d38e098fa8e1d92a84b1cccacb4db
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/23580
Reviewed-by: Will Drewry <wad@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes it easy to integrate firmware signing into the signer
since we can reuse the base signing script.
BUG=chromium-os:10094
TEST=try signing both firmware and normal images.
Change-Id: I8beb598e267de33a2c3468dcf8d7c4b74d4de9fd
Reviewed-on: https://gerrit.chromium.org/gerrit/24654
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Align_rootfs was written to auto-fetch the previous release of a given
image, but that logic has bit-rotted. This CL is a quick hack to use
--src_image instead.
BUG=chromium-os:31124
TEST=Hand ran.
Change-Id: I530c6f82c42993648cecb5d59172010d61dd1603
Reviewed-on: https://gerrit.chromium.org/gerrit/23168
Commit-Ready: Don Garrett <dgarrett@chromium.org>
Reviewed-by: Don Garrett <dgarrett@chromium.org>
Tested-by: Don Garrett <dgarrett@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This just creates the bit. It doesn't actually do anything yet.
BUG=chrome-os-partner:9980
TEST=manual
crossystem disable_dev_request=1
crossystem
crossystem disable_dev_request=0
crossystem
Change-Id: I0e92a6b5ef5074ee5eae2d6d469c1c9826faecb3
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/23752
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:9706
TEST=none
No test yet. The entire boot/dev-mode/recovery flow depends on this working.
This is only part of the process, which will eventually be tested through
FAFT.
Change-Id: Iea6eaf59d4f349590cf9b920e4effb6a2641b2dc
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/23657
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When linking tools that need OpenSSL functions on the target, the
resolution of SHA* functions was being redirected to the firmware
cryptolib instead of the OpenSSL implementations, which was causing
OpenSSL calls to crash. This renames the internal implementations
to avoid the collision.
BUG=None
TEST=make runtests passes, mount-encrypted runs on target again.
Change-Id: Ica4fb04faf203ae3b4118c540f18d40239753810
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/23305
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If VbInit() is instructed to look at a virtual dev-mode switch, then it will
use value contained in the TPM's firmware space instead of a hardware GPIO
to determine if developer mode is enabled.
This change just makes it look. It doesn't provide a way to actually set
the value in the TPM. VbInit() isn't being told to look yet, either. Those
changes are coming.
BUG=chrome-os-partner:9706
TEST=none
The usual sanity-check applies:
make
make runtests
But to actually test that this stuff is working IRL requires special tweaks
to other components and monitoring the serial debug output from both EC and
CPU. We'll save the hands-on tests for when it's all done.
Change-Id: Ie485ad2180224e192238bf2a5dbf95bbcb9130f9
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/23067
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When shutting the system down, mount-encrypted can be used to clean up
all its bind mounts and devices.
BUG=None
TEST=x86-alex build, manual testing
Change-Id: I025ce8c16c55f8556d7fff45eb6ac2b7a835101a
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/21913
Reviewed-by: Elly Jones <ellyjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:9707
TEST=manual
make
make runtests
You can also test it by clearing the TPM, then manually looking at the TPM
regions. In dev-mode, clear the regions and you'll see something like this:
localhost ~ # tpmc read 1007 a
1 0 0 0 0 0 0 0 0 0
localhost ~ # tpmc read 1008 d
1 4c 57 52 47 0 0 0 0 0 0 0 0
localhost ~ #
Go back to normal mode and reboot, and you'll see something like this:
localhost ~ # tpmc read 1007 a
2 0 1 0 1 0 0 0 0 4f
localhost ~ # tpmc read 1008 d
2 4c 57 52 47 1 0 1 0 0 0 0 55
localhost ~ #
The important things are that the first number is now 2, instead of 1, and
the last number is not zero (it's a checksum, so it'll vary depending on the
other numbers, which will themselves vary according to the firmware and
kernel versions).
Change-Id: Ia4040311c2a4b2819792549b883377c8b6b89d48
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/22856
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most packages have upgraded by now. Do vboot_reference too.
BUG=None
TEST=`emerge-x86-alex vboot_reference` works
Change-Id: Ica1996ba3c242dca2d4e7edf643a79a41c603f0c
Reviewed-on: https://gerrit.chromium.org/gerrit/22529
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows it to compile without switching to a private libgcc.
BUG=chromium-os:30807
TEST=While making sure u-boot, vboot_reference and
vboot_reference-firmware were cros_workoned and grabbing
the associated U-Boot change (I3cdc86ee2846814a6522c7874e5b438be94164ab),
I did:
1. emerge-daisy chromeos-u-boot vboot_reference vboot_reference-firmware
2. cros_bundle_firmware --add-config-int load_env 1 \
-d exynos5250-daisy -b daisy -o /tmp/uboot.bin
3. sudo dd if=/tmp/uboot.bin of=${SDCARD} bs=512 seek=1
...and then booted that.
Change-Id: I49d567e51d95c77f0e0fef8ec0f678e51b5ab77f
Reviewed-on: https://gerrit.chromium.org/gerrit/22479
Tested-by: Doug Anderson <dianders@chromium.org>
Reviewed-by: Terry Lambert <tlambert@chromium.org>
Tested-by: Terry Lambert <tlambert@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Commit-Ready: Doug Anderson <dianders@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When I build without this fix, I get errors like this:
armv7a-cros-linux-gnueabi-strip:....libcgpt-cc.a(CgptManager.cc):
Unable to recognise the format of file: File format not recognized
The .a file shouldn't have .cc files in it anyway.
The error appears to have been introduced in:
https://gerrit.chromium.org/gerrit/16433
I'm not sure why it wasn't noticed until now, but perhaps the
new toolchain is just pickier.
BUG=None
TEST=emerge-daisy vboot_reference works
TEST=With future hardfp change, can boot U-Boot compiled with new
toolchain.
Change-Id: I33f15fb38d7e236000845d0a864c1e86469f32c7
Reviewed-on: https://gerrit.chromium.org/gerrit/22476
Tested-by: Doug Anderson <dianders@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Doug Anderson <dianders@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This macro is only defined by the EC firmware build process, and is used to
cut down the amount of compiled code. A future CL will refactor the library
to make this unnecessary.
BUG=chrome-os-partner:7459
TEST=manual
make
make runtests
Change-Id: I41d0b4b282ec7147e8d6f508531af32e74f2d19e
Reviewed-on: https://gerrit.chromium.org/gerrit/22313
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: I17f1cff7d6f750dfd862d71941c6b8cfec57b6bf
Reviewed-on: https://gerrit.chromium.org/gerrit/22312
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is just to pave the way for better use of vboot by the EC.
BUG=chrome-os-partner:7459
TEST=manual
make
make runtests
Change-Id: I2e68371039bfc1b492245db12facf0c5ad592824
Reviewed-on: https://gerrit.chromium.org/gerrit/22301
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:7459
TEST=none
Change-Id: I3664ad9db4a4e0cecd38443bf01f99531ba80972
Reviewed-on: https://gerrit.chromium.org/gerrit/22183
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of taking images apart, signing bits, and reassembling them, this
just operates on the entire image at once. The image can be built without
regard to the signing process, and then the signing can be done in one step
afterwards.
BUG=chrome-os-partner:7459
TEST=none
No test at the moment, since we don't have the rest of the vboot stuff
working yet.
Change-Id: Icbde9cbb89d0ef85c0f6b8ac0637e0a51a894199
Reviewed-on: https://gerrit.chromium.org/gerrit/22116
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This just adds the vbutil_ec tool (and a simple test of the library
functions related to it).
BUG=chrome-os-partner:7459, chromium-os:27142
TEST=manual
make
make runtests
Change-Id: I2a2c4e7cfb8ac6ce2229c5de4252a5cc89321fa5
Reviewed-on: https://gerrit.chromium.org/gerrit/21868
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: Ib9781238274285f73d00d8fca4ecda28fc2c6678
Reviewed-on: https://gerrit.chromium.org/gerrit/21748
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:12430
TEST=manual
Running "make; make runtests" in src/platform/vboot_refererence will test
this change. Tests for use on a Chromebook are described in the bug report,
but will require a USB or SD card that has a physical write-protect switch.
Change-Id: I16a67bad3b59bec0981f4064f51fb1a29da65a90
Reviewed-on: https://gerrit.chromium.org/gerrit/21474
Tested-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Richard Barnette <jrbarnette@chromium.org>
Reviewed-by: Che-Liang Chiou <clchiou@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The retry logic has brought down the number of flakes significantly (from
multiple errors a day to ~one every other day). But let's up the retry
count, and have it sleep longer after each failure, so hopefully we can
bring down the flake count even further.
BUG=chrome-os-partner:8156
TEST=`./signing_poller.py -s` signs local images fine
Change-Id: I98bc947836514d8b931568f87f7f9a373f771b79
Reviewed-on: https://gerrit.chromium.org/gerrit/21468
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The kernels we are running the signers on flake out from time to time
when mounting the loop back images. Have the mount code detect this
edge case and automatically retry when the flake hits.
BUG=chrome-os-partner:8156
TEST=`./signing_poller.py -s` signs local images fine
Change-Id: Iaa08445904aa26f0aa7240504f6c7a96e6ef3bbb
Reviewed-on: https://gerrit.chromium.org/gerrit/21055
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Omit this check because this check is not really necessary and it is
dealing more harms than goods to ARM boards.
While body load address is configurable, it is not quite possible to fix
all the build scripts and runtime scripts to carry this address; so in
reality all scripts use the default body load address.
The problem is, this default address is not friendly to ARM boards, and
it virtually makes this check fails on ARM boards.
BUG=chromium-os:28077
TEST=emerge-{daisy,x86-alex} vboot_reference
TEST=load_kernel_test -b 1 chromiumos_image.bin
TEST=run verified boot on Daisy
Change-Id: I1a1cc0aedf254e2a2b680046812ab7154f26dea7
Reviewed-on: https://gerrit.chromium.org/gerrit/20947
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Che-Liang Chiou <clchiou@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need to be able to tell when a ChromeOS machine was brought up
using netboot. This condition will be communicated from firmware using
the BINF.3 ACPI object (upcoming u-boot change).
BUG=chrome-os-partner:7952
TEST=manual
. boot a ChromeOS machine using the updated firmware and examine the
main firmware type reported by crossystem:
localhost ~ # echo $(/var/crossystem mainfw_type)
netboot
Change-Id: I35b10f41eb1f928a122c384d0179c9027f263acd
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/20707
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix migration of mounts that are over-mounted.
BUG=chromium-os:22172
TEST=lumpy build & manual testing
Change-Id: I005edc6fe789a3e0585ffdcaa45ef5a136318ee3
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/19673
Reviewed-by: Elly Jones <ellyjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, 'cros_debug' would ignore the kernel command line if
the system was booted in recovery mode. The check provided no
particular security benefit; it served only to complicate the work
of developers who wanted to boot debug images over USB with dev-key
signed firmware.
BUG=chromium-os:19236
TEST=Test 'crossystem cros_debug' on a system in the cited use case
Change-Id: Ie664c50984411340a10896137022d7d4ff503d0a
Reviewed-on: https://gerrit.chromium.org/gerrit/6663
Commit-Ready: Richard Barnette <jrbarnette@chromium.org>
Tested-by: Richard Barnette <jrbarnette@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also remove the default checked in key.versions.
BUG=none
TEST='rm key.versions && ./create_new_keys.sh; ./create_new_keys.sh'
Change-Id: Ia46d411904cb67bcefdbf73524f506e5b2336875
Reviewed-on: https://gerrit.chromium.org/gerrit/20253
Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The common code takes care of cleaning up temporary files for us if we
use the right helpers. These scripts don't though, so the temp files
end up not getting cleaned and over time, /tmp/ files up with crap.
The common helper takes care of unmounting and removing, so converting
these files over should be safe.
BUG=None
TEST=`./signer/signer_poller.py -s` signs local images and leaves no /tmp/tmp.* junk
Change-Id: I87aa122895997a5ec0017665203fdc8d14e0ab2a
Reviewed-on: https://gerrit.chromium.org/gerrit/20329
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we try to run the signing_poller daemon as non-root, it fails to set
the channel. Detect if the lsb file is writable, and if not, switch to
using sudo on the fly.
BUG=None
TEST=`./signer/signing_poller.py` as non-root and setting the channel works
Change-Id: Iadb10ae68582edfb332f33d3b101c83949ee9502
Reviewed-on: https://gerrit.chromium.org/gerrit/20089
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:22007
TEST=`cat scripts/OWNERS` show signing people
Change-Id: I0e7e50d4ee6bd97ab651c851057d7ed1ee069155
Reviewed-on: https://gerrit.chromium.org/gerrit/20018
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Investigations in crosbug.com/26483 revealed a bug in loop device handling
if 'umount -d' was called on loop devices mounted using 'mount -o loop'.
This CL changes all invocations of umount to remove the -d option since they
are always in the context of a loop device creating using -o loop.
BUG=chrome-os-partner:8156
TEST=none
Change-Id: I96f30664c3f9148d3b57d430002512d8e94b66bc
Reviewed-on: https://gerrit.chromium.org/gerrit/19858
Reviewed-by: David James <davidjames@chromium.org>
Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default behavior of dump_kernel_config is changed from using
CROS_32BIT_ENTRY_ADDR to reading from kernel preamble. The main
motivation for this change is in preparation for ARM boards of which
kernel body load address cannot be CROS_32BIT_ENTRY_ADDR. Since we do
not want that all ARM calling sides of dump_kernel_config have to carry
the kloadaddr argument, it would be better to let dump_kernel_config
read this address from the kernel preamble by default.
BUG=chromium-os:28077
TEST=Run dump_kernel_config w/ and w/o this change
Change-Id: I5eddcc35e5970dfce02cc66208438c57351f1c81
Reviewed-on: https://gerrit.chromium.org/gerrit/19660
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Reviewed-by: Don Garrett <dgarrett@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Che-Liang Chiou <clchiou@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the filesystem resizing process starts, it has the TPM open,
which means it can collide with tcsd after the main process exits.
Additionally, improve the debugging around TPM usage for better timing
analysis.
BUG=None
TEST=lumpy build & manual testing
Change-Id: I7028131015fb972c99e8b3d035f58346f08fbd06
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/19535
Reviewed-by: Elly Jones <ellyjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the utility needed to mount the encrypted partition at boot
time, as defined by the design document:
https://docs.google.com/a/google.com/document/d/1VQTDXvNsEFcrUOmNC4OmCfJst49Pd_mxZ41nfKu5EPc/edit
This still needs Cryptohome support and chromeos_startup to switch to
using it.
BUG=chromium-os:22172
TEST=lumpy build & manual testing
Change-Id: Ib9f0b4e5ba1a8aeb4737d0c8ec72a8e0dee049da
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/16889
Reviewed-by: Elly Jones <ellyjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a filter in crossystem which makes sure that it accepts GPIO
information only from a subset of GPIO controllers. Panther Point
needs to be included in the list.
BUG=chrome-os-partner:8615
TEST=manual
. run the new crossystem on a Link
. modify write protect and and recovery (as it comes from servo-2)
pins' status
. observe the appropriate crossystem values change
Change-Id: I3ac269a9ea520f2c44ee090fe71ec8ad808692ba
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/18936
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This started out as a simple fix for a minor bug and turned into a nearly
complete rewrite. Now that it's done I'm not sure it really matters. This
version is a lot cleaner about handling command-line args, but isn't
otherwise noticeably better. Sigh.
BUG=none
TEST=manual
make
make runtests
Change-Id: I9c194e9c0e6418488635989ef666bc83c6e39816
Reviewed-on: https://gerrit.chromium.org/gerrit/18268
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need all the libraries to come after the objects, not before, otherwise
static and --as-needed linking fails when the linker drops the libraries.
BUG=None
TEST=`emerge vboot_reference` still works
Change-Id: Id98571a90115ab5ace68a0c795de86d7fe78f133
Reviewed-on: https://gerrit.chromium.org/gerrit/18290
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Jay Srinivasan <jaysri@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
|