| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For the record, zero is a valid GPIO port number. Unfortunately
firmware uses port zero to denote that a GPIO port is not exist.
So crossystem should not attempt to read GPIO port zero, but
return error instead.
Signed-off-by: Che-Liang Chiou <clchiou@chromium.org>
BUG=chrome-os-partner:11296
TEST=On Snow, run crossystem and see devsw_cur and recoverysw_cur
are "(error)"
Change-Id: I36f201dcd098ff787707b5a5c7c741859c1ebd82
Original-Change-Id: I70b15824f613df1e46bf152515ad4e9362c9f066
Reviewed-on: https://gerrit.chromium.org/gerrit/27269
Reviewed-by: Bernie Thompson <bhthompson@chromium.org>
Reviewed-by: Che-Liang Chiou <clchiou@chromium.org>
Tested-by: Katie Roberts-Hoffman <katierh@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 7ec59576f6f61effdc35482c8cfd4aa32b643b1a.
We would like to keep dev_cur and recovery_cur output "(error)" so that
factory process knows that firmware uses virtual switches.
I think this is strange, but this is how factory process works for now.
Signed-off-by: Che-Liang Chiou <clchiou@chromium.org>
BUG=chromium-os:10007
TEST=none
Change-Id: I370a3e9f5a8847916445348abb81f7c4bbf3d27f
Reviewed-on: https://gerrit.chromium.org/gerrit/26909
Commit-Ready: Che-Liang Chiou <clchiou@chromium.org>
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:11087
TEST=make sure it builds; APIs aren't used yet.
Change-Id: If86f3465a889b8fa87cf225d2b9876fe79311327
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/26875
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Nothing uses this yet; this is just a placeholder so the u-boot code
which sets the flag based on the FDT can go in.
BUG=chrome-os-partner:11087
TEST=if it builds it works
Change-Id: Ie04e3330bcda5c07d34a49391627316bd6232b5a
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/26874
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change exports gpio number if it can not be accessed. Ignore
the active_low checking for compatibility.
Signed-off-by: Rong Chang <rongchang@chromium.org>
BUG=chrome-os-partner:11029
TEST=manual
Run crossystem and check WP pin status
Change-Id: I0885ab21c6c6d614945e4fda49a373e8619772a9
Reviewed-on: https://gerrit.chromium.org/gerrit/26563
Commit-Ready: Tom Wai-Hong Tam <waihong@chromium.org>
Reviewed-by: Tom Wai-Hong Tam <waihong@chromium.org>
Tested-by: Tom Wai-Hong Tam <waihong@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As dev switch and recovery switch may be virtual, crossystem has to
distinguish virtual switches from physical ones.
Since to a virtual switch, its current value should always equal to its
boot value, return a boot value when asked for a current value.
Signed-off-by: Che-Liang Chiou <clchiou@chromium.org>
BUG=chrome-os-partner:10007
TEST=crossystem devsw_cur|recoverysw_cur show correct value on Snow
Change-Id: Ia73147ecd5528a3cc5276aff02a632ce4f52ea8b
Reviewed-on: https://gerrit.chromium.org/gerrit/26568
Commit-Ready: Che-Liang Chiou <clchiou@chromium.org>
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Reviewed-by: Tom Wai-Hong Tam <waihong@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Samsung want to know what memory type on the device. So this CL adds a
new field ddr_type to crossystem utility in order to query this info.
It is only available on ARM platform so far.
BUG=chrome-os-partner:10857
TEST=Built and boot on Snow successfuly. On userspace, query the field via:
localhost ~ # crossystem ddr_type
ddr3
Change-Id: I01d1dec412fe4052e1ea6cfe2e53830da97a710b
Signed-off-by: Tom Wai-Hong Tam <waihong@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/26411
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This would allow caller of VbInit know if vboot is on developer mode.
Signed-off-by: Che-Liang Chiou <clchiou@chromium.org>
BUG=chrome-os-partner:10947
TEST=Snow U-Boot successfully read the correct value of the flag
Change-Id: If1d88975892045467f5ab9d00b00ed53765b83f1
Reviewed-on: https://gerrit.chromium.org/gerrit/26557
Reviewed-by: Tom Wai-Hong Tam <waihong@chromium.org>
Commit-Ready: Che-Liang Chiou <clchiou@chromium.org>
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 552ae43be041331147c5d2aa3897db7a1011637d.
vboot should set up dev switch value in output flag of VbInit, instead
of exposing TPM getter to U-Boot.
BUG=chrome-os-partner:10947
TEST=build okay for Snow and Alex
Change-Id: Iee884dbf758fef0cacfed6bcbab373ab5ec5aa25
Reviewed-on: https://gerrit.chromium.org/gerrit/26556
Reviewed-by: Tom Wai-Hong Tam <waihong@chromium.org>
Commit-Ready: Che-Liang Chiou <clchiou@chromium.org>
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Firmware needs to be able to read virtual dev switch to set up device
tree blob which is passed to kernel and eventually read by crossystem.
Signed-off-by: Che-Liang Chiou <clchiou@chromium.org>
BUG=chrome-os-partner:10947
TEST=With this change, U-Boot can read virtual dev switch.
Change-Id: Ifac2ec3d39b8e9c1100031fdef085c28bb8b37c7
Reviewed-on: https://gerrit.chromium.org/gerrit/26394
Reviewed-by: Simon Glass <sjg@chromium.org>
Commit-Ready: Che-Liang Chiou <clchiou@chromium.org>
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A simple script to help setting GBB flags on-the-fly, with help information for
flag value meanings.
BUG=chrome-os-partner:10389
TEST=./set_gbb_flags.sh 0x20
./set_gbb_flags.sh 0x0
Change-Id: Ic624f76c0897a1cbda876f3073b36f7c6425b5d4
Reviewed-on: https://gerrit.chromium.org/gerrit/26224
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For fastest boot, we don't want to load the VGA Option ROM every time, but
only when we need it. Coreboot does that loading, but it can't always know
when it's needed (with keyboard-based dev-mode, coreboot can't tell if we're
in dev-mode or not). By the time we get to U-Boot, it's too late, so we need
two extra bits - one for vboot to tell coreboot to load the Option ROM and
another for coreboot to let vboot know it's been done.
BUG=chrome-os-partner:8789
TEST=manual
The only visible change is that crossystem will now have an "oprom_needed"
flag that can be set or cleared. Nothing actually pays attention to it yet,
though.
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: I521a6afdfb8ea17a8148b32eeb858844c981de9c
Reviewed-on: https://gerrit.chromium.org/gerrit/26272
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Current code only does basic check on parameters, but doesn't validate
if it can pass the CheckEntries(). So a user can accidentally break
the cgpt table by:
cgpt add /dev/sda -i 6 -s 0 # 0 sector is not allowed for a partition.
cgpt show /dev/sda
... INVALID_ENTRIES ...
This CL checks the new entry before we write it to disk. If new entry is
not good, we return fail.
Signed-off-by: Louis Yung-Chieh Lo <yjlou@chromium.org>
BUG=None
TEST=tested on link.
% cgpt add /dev/sda -i 6 -s 0
ERROR: cgpt add: A given parameter is not allowed.
% cgpt show /dev/sda
(no error, and partition 6 is still good)
Change-Id: Iee0ad24f73ca12028c0b8a0a5490b67c815488cf
Reviewed-on: https://gerrit.chromium.org/gerrit/25914
Commit-Ready: Yung-Chieh Lo <yjlou%chromium.org@gtempaccount.com>
Reviewed-by: Yung-Chieh Lo <yjlou%chromium.org@gtempaccount.com>
Tested-by: Yung-Chieh Lo <yjlou%chromium.org@gtempaccount.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The debug mode is used to dump GPT headers and entries no matter the
they are valid or not.
BUG=chromium-os:32142
TEST=tested in chroot with the bad secondary entries.
% cgpt show /dev/sda -d
...
976773135 32 INVALID Sec GPT table
282624 968101888 1 Label: "STATE"
Type: Linux data
...
1 1 INVALID Sec GPT header
Sig: [EFI PART]
Rev: 0x00010000
...
Change-Id: Ie54068353b87c9f15915ffb51b8de688e0367975
Signed-off-by: Louis Yung-Chieh Lo <yjlou@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/26091
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Yung-Chieh Lo <yjlou%chromium.org@gtempaccount.com>
Commit-Ready: Yung-Chieh Lo <yjlou%chromium.org@gtempaccount.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:10872
TEST=run crossystem on snow, check output
Change-Id: I413cbd86833fc8abff9afbf12a85abe53b586af4
Reviewed-on: https://gerrit.chromium.org/gerrit/26090
Reviewed-by: Bernie Thompson <bhthompson@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Olof Johansson <olofj@chromium.org>
Tested-by: Olof Johansson <olofj@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When doing a migration, try to guess at a smaller minimum size for the
initial filesystem so that systems with giant drives are not needlessly
penalized. Start with an even smaller initial filesystem size (16M).
Move debug time counters into the main .o file to avoid compiler
insanity when turning debug on and off.
BUG=chromium-os:22172
TEST=link build & boot, manual testing
Change-Id: I47c3ffb6e4cd88c4f0ead6fa21724704c7ed1630
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/25638
Reviewed-by: Elly Jones <ellyjones@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libraries go into $LDLIBS while linker flags go into $LDFLAGS.
Also make sure the utility subdir respects the env $LDFLAGS so that
we can do things like `make LDFLAGS=-static` and get static binaries.
BUG=None
TEST=`emerge vboot_reference` still works
TEST=`emerge-arm-generic vboot_reference` still works
Change-Id: I989a21bc559bc6d471bc33c057c708bda2eda67e
Reviewed-on: https://gerrit.chromium.org/gerrit/24728
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than use the host's pkg-config, we want to use the target's.
This way we query the right .pc files.
BUG=None
TEST=`emerge vboot_reference` still works
TEST=`emerge-arm-generic vboot_reference` still works
Change-Id: I083a987ee6c23716f8d79eb14e7c38c12e18b8f8
Reviewed-on: https://gerrit.chromium.org/gerrit/24727
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:31893
TEST=verified on images with/without payload verification enabled.
Change-Id: Ic1883aafcc2c48d9e7c5323d6dc7e21fb8f47585
Reviewed-on: https://gerrit.chromium.org/gerrit/25407
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The VbExTrustEC function should be implemented in the BIOS, not the vboot
library. Also, weak references don't seem to work with our linker, so we'll
have to just require it always.
BUG=chrome-os-partner:9953
TEST=none
This must go in with a simultaneous change to U-Boot. The only test is
whether or not everything continues to compile.
Change-Id: I8a5ccb167eec3bcacbe892cf0bdcfe550a1f57d6
Reviewed-on: https://gerrit.chromium.org/gerrit/25557
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
And enable dev_boot_usb by default.
And disable rollback checks.
The first flag is necessary for factory to build with keyboard
controlled dev mode. The other flags are really handy for development
on systems where you've defeated firmware WP and are installing custom
firmware.
BUG=chromium-os:31844
TEST=make && make runtests
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Change-Id: I9d837fee676cb0186ea98f13005ad60a9ab86393
Reviewed-on: https://gerrit.chromium.org/gerrit/25265
Tested-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Ready: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Check for ownership via Capabilities instead of Perm Flags. Clean up
missing "static" declarations, disable DEBUG-by-default, clean up spawner
reporting, explicitly check TPM_SUCCESS for Tlcl calls and document.
BUG=chromium-os:22172
TEST=x86-alex build & manual test
Change-Id: Ida6813307b7dfcecb8fb2e240ff88982db5430c5
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/25053
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since the "ownership" permament flag does not indicate if the TPM is
currently owned, the state of TPM Ownership must be read via a Capability
read of TPM_CAP_PROP_OWNER. This adds the "getownership" function.
BUG=chromium-os:22172
TEST=x86-alex build & manual test
Change-Id: I2fc9e933e891ba40190d008436b22496dced1c93
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/24784
Reviewed-by: Will Drewry <wad@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Confirmed via codesearch that these fields are not used outside of
vboot_reference itself, and the only use inside vboot_reference is one
test which checked that the test error generation itself worked.
BUG=chromium-os:31668
TEST=make && make runtests
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Change-Id: Ic393e126ca2853f7aaff19ffd6fcdbdb1c47689f
Reviewed-on: https://gerrit.chromium.org/gerrit/24895
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes build failure seen in u-boot for tegra2 seaboard:
.../vboot_fw.a(vboot_api_kernel.o): In function 'VbConfirmChangeDevMode':
(.text+0x84): undefined reference to 'SetVirtualDevMode'
BUG=None
TEST=`emerge-tegra2_seaboard chromeos-u-boot` works again
Change-Id: If374a78218fc8a7921ff8dddde163138969e0876
Reviewed-on: https://gerrit.chromium.org/gerrit/24948
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Previous commit missed this file.
BUG=None
TEST=None
Change-Id: Id29e3291d4843f5ace71c2eedf7f91ee04df62d5
Reviewed-on: https://gerrit.chromium.org/gerrit/24944
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:9706
TEST=manual
Currently, Link is the only platform that enables this feature.
To enter dev-mode:
Boot into recovery mode using the magic key chord. At the Insert screen,
press Ctrl-D. You'll be asked if you want to enter developer mode. If you
then press ENTER, it will reboot with dev-mode enabled. If you press SPACE
or ESC, it will return to the Insert screen.
If you enter recovery mode through any other means, or if dev-mode is
already enabled, pressing Ctrl-D at the Insert screen will have no effect.
To return to normal mode:
Reboot. At the Dev screen, press ENTER or SPACE. It will reboot to
recovery mode and ask you if you want to return to normal mode. If you
press ESC or power off, you'll still be in dev-mode. Press ENTER or SPACE,
and it will reboot into normal mode (of course, if you've messed up your
images while in dev-mode, you'll just come right back to recovery mode
again).
You can also request a direct return to normal mode by running
crossystem disable_dev_request=1
and rebooting.
Change-Id: I435905855a6c39932ee466cc046bdc4c4c860f98
Reviewed-on: https://gerrit.chromium.org/gerrit/24160
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The original sources have been lost. These were obtained by unpacking the
binary.
BUG=none
TEST=none
Change-Id: I8042a3abf586551bc2a855d3fd9d7d6ae1aae2d9
Reviewed-on: https://gerrit.chromium.org/gerrit/24710
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Ready: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When testing mount-encrypted, allow for the "MOUNT_ENCRYPTED_ROOT"
environment variable to define the root directory of all the internal
mount paths. By default, it remains "/". This changes all the formerly
static globals to dynamic.
Add support for environment variable "MOUNT_ENCRYPTED_FSCK" which
causes a fsck during the "umount" phase.
Improve loopback name handling and add debugging.
Rename "device" command to "info", add path details.
BUG=chromium-os:22172
TEST=x86-alex build, manual testing
Change-Id: Icf89a0a5283d38e098fa8e1d92a84b1cccacb4db
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/23580
Reviewed-by: Will Drewry <wad@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes it easy to integrate firmware signing into the signer
since we can reuse the base signing script.
BUG=chromium-os:10094
TEST=try signing both firmware and normal images.
Change-Id: I8beb598e267de33a2c3468dcf8d7c4b74d4de9fd
Reviewed-on: https://gerrit.chromium.org/gerrit/24654
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Align_rootfs was written to auto-fetch the previous release of a given
image, but that logic has bit-rotted. This CL is a quick hack to use
--src_image instead.
BUG=chromium-os:31124
TEST=Hand ran.
Change-Id: I530c6f82c42993648cecb5d59172010d61dd1603
Reviewed-on: https://gerrit.chromium.org/gerrit/23168
Commit-Ready: Don Garrett <dgarrett@chromium.org>
Reviewed-by: Don Garrett <dgarrett@chromium.org>
Tested-by: Don Garrett <dgarrett@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This just creates the bit. It doesn't actually do anything yet.
BUG=chrome-os-partner:9980
TEST=manual
crossystem disable_dev_request=1
crossystem
crossystem disable_dev_request=0
crossystem
Change-Id: I0e92a6b5ef5074ee5eae2d6d469c1c9826faecb3
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/23752
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:9706
TEST=none
No test yet. The entire boot/dev-mode/recovery flow depends on this working.
This is only part of the process, which will eventually be tested through
FAFT.
Change-Id: Iea6eaf59d4f349590cf9b920e4effb6a2641b2dc
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/23657
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When linking tools that need OpenSSL functions on the target, the
resolution of SHA* functions was being redirected to the firmware
cryptolib instead of the OpenSSL implementations, which was causing
OpenSSL calls to crash. This renames the internal implementations
to avoid the collision.
BUG=None
TEST=make runtests passes, mount-encrypted runs on target again.
Change-Id: Ica4fb04faf203ae3b4118c540f18d40239753810
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/23305
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If VbInit() is instructed to look at a virtual dev-mode switch, then it will
use value contained in the TPM's firmware space instead of a hardware GPIO
to determine if developer mode is enabled.
This change just makes it look. It doesn't provide a way to actually set
the value in the TPM. VbInit() isn't being told to look yet, either. Those
changes are coming.
BUG=chrome-os-partner:9706
TEST=none
The usual sanity-check applies:
make
make runtests
But to actually test that this stuff is working IRL requires special tweaks
to other components and monitoring the serial debug output from both EC and
CPU. We'll save the hands-on tests for when it's all done.
Change-Id: Ie485ad2180224e192238bf2a5dbf95bbcb9130f9
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/23067
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When shutting the system down, mount-encrypted can be used to clean up
all its bind mounts and devices.
BUG=None
TEST=x86-alex build, manual testing
Change-Id: I025ce8c16c55f8556d7fff45eb6ac2b7a835101a
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/21913
Reviewed-by: Elly Jones <ellyjones@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:9707
TEST=manual
make
make runtests
You can also test it by clearing the TPM, then manually looking at the TPM
regions. In dev-mode, clear the regions and you'll see something like this:
localhost ~ # tpmc read 1007 a
1 0 0 0 0 0 0 0 0 0
localhost ~ # tpmc read 1008 d
1 4c 57 52 47 0 0 0 0 0 0 0 0
localhost ~ #
Go back to normal mode and reboot, and you'll see something like this:
localhost ~ # tpmc read 1007 a
2 0 1 0 1 0 0 0 0 4f
localhost ~ # tpmc read 1008 d
2 4c 57 52 47 1 0 1 0 0 0 0 55
localhost ~ #
The important things are that the first number is now 2, instead of 1, and
the last number is not zero (it's a checksum, so it'll vary depending on the
other numbers, which will themselves vary according to the firmware and
kernel versions).
Change-Id: Ia4040311c2a4b2819792549b883377c8b6b89d48
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/22856
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Most packages have upgraded by now. Do vboot_reference too.
BUG=None
TEST=`emerge-x86-alex vboot_reference` works
Change-Id: Ica1996ba3c242dca2d4e7edf643a79a41c603f0c
Reviewed-on: https://gerrit.chromium.org/gerrit/22529
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows it to compile without switching to a private libgcc.
BUG=chromium-os:30807
TEST=While making sure u-boot, vboot_reference and
vboot_reference-firmware were cros_workoned and grabbing
the associated U-Boot change (I3cdc86ee2846814a6522c7874e5b438be94164ab),
I did:
1. emerge-daisy chromeos-u-boot vboot_reference vboot_reference-firmware
2. cros_bundle_firmware --add-config-int load_env 1 \
-d exynos5250-daisy -b daisy -o /tmp/uboot.bin
3. sudo dd if=/tmp/uboot.bin of=${SDCARD} bs=512 seek=1
...and then booted that.
Change-Id: I49d567e51d95c77f0e0fef8ec0f678e51b5ab77f
Reviewed-on: https://gerrit.chromium.org/gerrit/22479
Tested-by: Doug Anderson <dianders@chromium.org>
Reviewed-by: Terry Lambert <tlambert@chromium.org>
Tested-by: Terry Lambert <tlambert@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Commit-Ready: Doug Anderson <dianders@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When I build without this fix, I get errors like this:
armv7a-cros-linux-gnueabi-strip:....libcgpt-cc.a(CgptManager.cc):
Unable to recognise the format of file: File format not recognized
The .a file shouldn't have .cc files in it anyway.
The error appears to have been introduced in:
https://gerrit.chromium.org/gerrit/16433
I'm not sure why it wasn't noticed until now, but perhaps the
new toolchain is just pickier.
BUG=None
TEST=emerge-daisy vboot_reference works
TEST=With future hardfp change, can boot U-Boot compiled with new
toolchain.
Change-Id: I33f15fb38d7e236000845d0a864c1e86469f32c7
Reviewed-on: https://gerrit.chromium.org/gerrit/22476
Tested-by: Doug Anderson <dianders@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Doug Anderson <dianders@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This macro is only defined by the EC firmware build process, and is used to
cut down the amount of compiled code. A future CL will refactor the library
to make this unnecessary.
BUG=chrome-os-partner:7459
TEST=manual
make
make runtests
Change-Id: I41d0b4b282ec7147e8d6f508531af32e74f2d19e
Reviewed-on: https://gerrit.chromium.org/gerrit/22313
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: I17f1cff7d6f750dfd862d71941c6b8cfec57b6bf
Reviewed-on: https://gerrit.chromium.org/gerrit/22312
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is just to pave the way for better use of vboot by the EC.
BUG=chrome-os-partner:7459
TEST=manual
make
make runtests
Change-Id: I2e68371039bfc1b492245db12facf0c5ad592824
Reviewed-on: https://gerrit.chromium.org/gerrit/22301
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:7459
TEST=none
Change-Id: I3664ad9db4a4e0cecd38443bf01f99531ba80972
Reviewed-on: https://gerrit.chromium.org/gerrit/22183
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of taking images apart, signing bits, and reassembling them, this
just operates on the entire image at once. The image can be built without
regard to the signing process, and then the signing can be done in one step
afterwards.
BUG=chrome-os-partner:7459
TEST=none
No test at the moment, since we don't have the rest of the vboot stuff
working yet.
Change-Id: Icbde9cbb89d0ef85c0f6b8ac0637e0a51a894199
Reviewed-on: https://gerrit.chromium.org/gerrit/22116
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This just adds the vbutil_ec tool (and a simple test of the library
functions related to it).
BUG=chrome-os-partner:7459, chromium-os:27142
TEST=manual
make
make runtests
Change-Id: I2a2c4e7cfb8ac6ce2229c5de4252a5cc89321fa5
Reviewed-on: https://gerrit.chromium.org/gerrit/21868
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: Ib9781238274285f73d00d8fca4ecda28fc2c6678
Reviewed-on: https://gerrit.chromium.org/gerrit/21748
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:12430
TEST=manual
Running "make; make runtests" in src/platform/vboot_refererence will test
this change. Tests for use on a Chromebook are described in the bug report,
but will require a USB or SD card that has a physical write-protect switch.
Change-Id: I16a67bad3b59bec0981f4064f51fb1a29da65a90
Reviewed-on: https://gerrit.chromium.org/gerrit/21474
Tested-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Richard Barnette <jrbarnette@chromium.org>
Reviewed-by: Che-Liang Chiou <clchiou@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The retry logic has brought down the number of flakes significantly (from
multiple errors a day to ~one every other day). But let's up the retry
count, and have it sleep longer after each failure, so hopefully we can
bring down the flake count even further.
BUG=chrome-os-partner:8156
TEST=`./signing_poller.py -s` signs local images fine
Change-Id: I98bc947836514d8b931568f87f7f9a373f771b79
Reviewed-on: https://gerrit.chromium.org/gerrit/21468
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The kernels we are running the signers on flake out from time to time
when mounting the loop back images. Have the mount code detect this
edge case and automatically retry when the flake hits.
BUG=chrome-os-partner:8156
TEST=`./signing_poller.py -s` signs local images fine
Change-Id: Iaa08445904aa26f0aa7240504f6c7a96e6ef3bbb
Reviewed-on: https://gerrit.chromium.org/gerrit/21055
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
