| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To simplify the migration plan, we want to support the legacy arguments
used by FAFT and factory test "UpdateFirmware":
--noupdate_ec => --host_only
--noupdate_pd => --host_only
--nocheck_keys => --force
--update_{main,ec,pd} => ignore
BUG=chromium:882445,b:118509893,b:130401936,chromium:953993,b:130115628
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I31652806085937fe5ca2f2facc7321021977cbb7
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1310253
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1577345
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
`fts` in old branches cannot use 64 bit file offset.
BUG=chromium:923934
TEST=emerge-gru vboot_reference
Change-Id: I0184847b19e470c86aac9a7cbb2d7b1f3cbf653d
Reviewed-on: https://chromium-review.googlesource.com/c/1426260
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Trybot-Ready: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The factory branch seem to not always include vb2 structures
so we have to declare directly in futility.h.
BUG=chromium:923331
TEST=make futil -j
Change-Id: I4b4073244b034426544d8f4f1dd79a0c8c36b7e7
Reviewed-on: https://chromium-review.googlesource.com/c/1421579
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Trybot-Ready: Hung-Te Lin <hungte@chromium.org>
(cherry picked from commit b861c14e3f19d712f76093309071873a5bef08b3)
Reviewed-on: https://chromium-review.googlesource.com/c/1421585
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Starting from GBB 1.2, a digest is stored in GBB and must be updated
whenever the HWID string is changed.
In shell script version of updater, the digest is automatically updated
when we do "futility gbb -s --hwid=XXX", but in native updater
implementation we only updated the HWID string and left digest
unchanged, this leaves devices generating wrong PCR1 values.
`cmd_gbb_utility` updates the digest by calling `update_hwid_digest`
using vboot1 structure, so we should introduce a new vboot2 friendly
function, `vb2_change_hwid`, which changes both HWID string and digest
at same time.
Note this has no impact for end user's devices with write protection
enabled. Only changes dogfood units AU results.
BUG=b:122248649
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=none
Change-Id: I6ad2754e6df3c9dd66d71c560a2afc26d14eae33
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1411948
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The factory branches may need to run firmware updater extracted from
newer release images which relies on 'futility update' to run.
This change collects all related changes:
6b231132 Makefile: Build utils for both dynamic and static version.
319f269b futility_s: add vbutil_firmware & vbutil_key
5c01f864 Makefile: Build futility without utillib to extend arch support
a6f548d1 Makefile: Add pthread library to the futility static build
bb351eff Revert "Makefile: Build futility without utillib to extend arch support"
b31e5f09 futility: Add 'Error' utility macro
eee33827 futility: Add 'update' command for updating firmware
22266d1f futility: cmd_update: Support loading image files by -i, -e, --pd_image
6d30a78a futility: cmd_update: Process FMAP and parse image version
035f0da2 futility: cmd_update: Access system firmware using external flashrom
039ad74d futility: cmd_update: Add '--emulate' option
e04be109 futility: cmd_update: Implement updater logic "FULL UPDATE".
0a368cac futility: cmd_update: Add "system property" and '--sys_props' to override
8017381e futility: cmd_update: Implement updater logic "RW UPDATE".
b77e2548 futility: cmd_update: Add 'mainfw_act' system property
6b1ead30 futility: cmd_update: Implement updater logic "TRY-RW" (--try)
eb0c9caf futility: cmd_update: Preserve image sections before update
9f27a900 futility: cmd_update: Check contents before starting to update
e25ffef4 futility: cmd_update: Use real system write protection status
f7b99d00 futility: cmd_update: Add vboot1 updater logic
b0f5a8f9 futility: cmd_update: Check platform compatibility before updating
c13d39fa futility: cmd_update: Check TPM key versions before updating
ede6a006 futility: cmd_update: Check RO and RW signing compatibility before updating
8b86ee5d futility: cmd_update: Add more legacy updater options
6a867bc4 futility: cmd_update: Correct updating logic for RW_LEGACY
27fc2478 futility: cmd_update: Preserve sections blocked by management engine
35c99021 futility: cmd_update: Revise debug and error message macro
86162304 futility: drop static build
b5a4e47c futility: cmd_update: Correctly handle error counter
50cf198c futility: cmd_update: Add new 'legacy' mode
da4e823f futility: cmd_update: Create and remove temporary files properly
1bb66a0c futility: cmd_update: Add --quirks for device-specific hacks
b4243c6b futility: cmd_update: Add quirk 'enlarge_image'
c3c9ae6a futility: cmd_update: Add quirk 'unlock_me_for_update'
382375b3 futility: cmd_update: Add quirk 'min_platform_version'
cabd2f8c futility: update: Fix update failure in factory mode due to wrong WP logic
ac8cb8dd futility: update: Add legacy option '--factory'
79bdb0cc futility: Remove FUTIL_STATIC build rules
d6f7c16b futility: update: Skip TPM check if tpm_fwver is not valid.
f6198074 futility: update: Preserve new sections: RO_PRESERVE and RW_PRESERVE
f67b991a futility: update: Preserve RO_FSG
ee96e741 futility: update: Preserve RW_ELOG
b07165b5 futility: update: Allow tpm_fwver=0 and allow --force to waive TPM check
5a5be0c7 futility: update: Revise error messages
ba73f35e futility: update: Refactor 'emulation' (--emulate).
eb166257 futility: update: Add --programmer to override flashrom programmer for servo
5fa5e3b9 futility: update: Refactor: move updater logic to 'updater.c'
243e2115 futility: updater: Refactor: move command line processing to cmd_update.c
e7bcda54 futility: updater: Refactor: localize temp files management
8810b089 futility: updater: Refactor: move quirks to 'updater_quirks.c'
a1bfb650 futility: updater: Add default quirks
a2b9e356 futility: updater: Add quirk 'daisy_snow_dual_model' for daisy_snow
ba30c93b futility: updater: Preserve SMMSTORE and add quirk 'eve_smm_store'
38d06701 futility: updater: Support reading main image from stdin
f1609b8c futility: updater: Revise verbosity and error messages
fabf760f futility: updater: Add ASPRINTF macro
7aa34302 futility: updater: Refactor function names
077026fd futility: updater: Add '--archive' to read from an archive or directory
f7c44a32 futility: updater: Refactor how arguments were configured
1847ba4f futility: updater: Add --manifest to scan and print archive info
a71e0ccd futility: updater: Allow patching rootkey and vblock files
2ae23df7 futility: updater: Change default model name to FWID platform name
3d615c91 futility: updater: Do not preserve GBB flags in --factory mode.
10b3d4ed futility: updater: Add '--model' and select images by system model
622c35aa futility: updater: Support white label from VPD and --signature_id
c6781206 futility: updater: Support --mode=output and --output_dir
fb947ae0 futility: update: Add `--host_only` argument
67d66f18 futility: updater: Support --repack and --unpack
1f489393 futility: updater: Fix model detection error
BUG=chromium:882445
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I6c14133f59561a422a190b17fa8ff7e79c45d953
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1317061
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When some of the space re-creation procedure failed, chromeos-tpm-recovery
should exit with non-zero value and not saying TPM is successfully recovered.
However, there are few known issues:
- 0x1009 is not needed in TPM2.
- The space is not created in TPM2.
- tlcl does not support define spaces with policies yet (crosbug.com/p/59594).
As a result, we want to return failure only if writing any of the two
spaces (0x1007, 0x1008) fails.
This change also revised chromeos-tpm-recovery so it won't exit with unbound
variable error due to early exit without having daemon_was_running variable.
BRANCH=None
BUG=chrome-os-partner:60099
TEST=For boards with TPM and TPM2, do:
build_image --board $BOARD factory_install;
Boot factory install shim, select 'I' and get TPM recovered.
Change-Id: I3f79b02cdf77ac61cf1361033c489604dcd603f2
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/412543
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit dfcacc87bec544ab7b4ed8645f65876b471a1cd3 which breaks tpm2 systems where backup space is not yet defined.
Change-Id: I2e6e24ac24faaa980aa2dfaae2d801141fc49013
Reviewed-on: https://chromium-review.googlesource.com/413147
Commit-Ready: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add command for printing TPM version: 1.2 or 2.0. The command works
even when trunksd/tcsd is running and /dev/tpm0 is busy, so it can
be used to first determine which TPM we are dealing with, and then
select the right name of the daemon to stop based on that.
BUG=none
BRANCH=none
TEST=run 'tpmc tpmver'
Change-Id: Ib8db81ff2af6dc6b0d5aecf30e2688a908b5c3d3
Reviewed-on: https://chromium-review.googlesource.com/410703
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most of the indexes used in practice, have AUTHREAD set with null
password authentication. The only index, for which READ_STCLEAR is
set and TlclReadLock() is called is the one used by mount-encrypted.
It has AUTHREAD with empty password and should be lockable after
platform hierarchy is disabled. So, use null password authorization
instead of platform authorization in TlclReadLock().
BUG=chrome-os-partner:54708
BRANCH=none
TEST=Start with OOBE, corporate enroll, reboot, verify that the system
doesn't go back to OOBE. Check mount-encrypted.log on start: it
should contain "Read-locking NVRAM area succeeded".
Change-Id: Iaac78ba4dd048edac992adfab6fb94b69b2e989a
Reviewed-on: https://chromium-review.googlesource.com/410780
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that LoadKernel() uses a stream API for its partition data, it
doesn't care about those fields. They're blindly passed to
cgptlib_internal, which does similar checks in CheckParameters() and
CheckHeader(). So, don't duplicate the checks.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I72375496e5df7b7c17df25d358f2555fe41fe520
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/407053
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LoadKernel() was a big function which did everything from looping over
partitions on a drive to loading the data within them to calling the
low-level verification functions on that data. Split it apart into more
manageable chunks. This also reduces indentation of the inner parts of
the code, whic increases readability.
No outwardly-visible functionality changes.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: Iea79e70163f5d9f1a9d0d897e4a9bacc925a742d
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/404919
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When some of the space re-creation procedure failed,
chromeos-tpm-recovery should exit with non-zero value and not saying TPM
is successfully recovered.
BRANCH=None
BUG=None
TEST=manually: chromeos-tpm-recovery
Change-Id: Id898c11adacd0ab38de2481cace23ca37deaec9c
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/410467
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is no direct concept of physical presence in TPM2, the platform
hierarchy could be used to manage access to various NVRAM spaces
instead. The kernel NVRAM space does not have to be explicitly locked,
disabling platform hierarchy is enough to prevent writes into this
space.
BRANCH=none
BUG=chrome-os-partner:59651
TEST=verified that the system boots fine in both normal and recovery
modes; using tpmc confirmed that the kernel space is readable in
both and writeable only in recovery mode.
Change-Id: I3cd8344ad897d061f6b07424f1589a7b547a161f
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/410127
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This functionality allows factory to ensure that the recovery MRC cache
trained during finalization has the right signature and the checksum on
the data can be verified.
BUG=chrome-os-partner:59661
BRANCH=None
TEST=Verified checksum on recovery mrc cache.
Change-Id: Ic5bd9910b4542037ad86f6fb7a7d83b97be5c792
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/409680
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement TlclGetPermissions, which sends a TPM2_NV_ReadPublic command
and returns the attributes of the NV Index (TPM2 Spec, Part 3, Section 31.6).
BUG=chrome-os-partner:58873
BUG=chrome-os-partner:55210
BRANCH=none
TEST=Run "tpmc def" with various permissions to define new indexes,
verify that "tpmc getp" returns matching permissions for them.
Change-Id: I2ad7163332ae8793cd717875645f19baef513b26
Reviewed-on: https://chromium-review.googlesource.com/409618
Commit-Ready: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some tpm command wrappers ignore TPM return code, they should not
report success in case TPM operation failed.
BRANCH=none
BUG=chrome-os-partner:55668
TEST=verified that tpmc on reef does not silently ignore tpm write
errors any more.
Change-Id: Id8955e3757948a3fd0972f88b569fb8828be7715
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/406516
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Callers of VbExTpmSendReceive often use the same buffer for
TPM command and response. So, debug-print the command before
sending to avoid it being overwritten with the response before
printing.
2) VbExTpmSendReceive only prints execution time in debug mode.
Execute gettimeofday() only when debug mode is enabled.
3) Avoid printing "DEBUG: " prefix before every byte in the
command/response.
BUG=none
BRANCH=none
TEST=emerge-$BOARD vboot_reference with and without DEBUG=1,
run tpmc commands, check the output.
Change-Id: I1bfe9a21e1a78227996eb7310a3584a9e5b73a87
Reviewed-on: https://chromium-review.googlesource.com/409613
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We build all firmware with depthcharge now, and all with the same
"unified" configuration, so there's no need for these qualifiers.
BUG=chromium:595715
BRANCH=none
TEST=builds still pass
CQ-DEPEND=CL:406188
Change-Id: I6ab8a7849d81f7617d5cafb0b423b073e8029c90
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://chromium-review.googlesource.com/406169
Commit-Ready: Patrick Georgi <pgeorgi@chromium.org>
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement TlclDefineSpace, which sends a TPM2_NV_DefineSpace command
to define the attributes of an NV Index and cause the TPM to reserve
space to hold the data associated with the NV Index (TPM2 Spec, Part 2,
Section 31.3.1).
Also, update TlclWrite and TlclWriteLock calls to use the platform
authorization only for NV Indexes in TPM and Platform ranges, and
use empty password authorization otherwise. This allows (1) working with
the Off-Disk Early-Access Key Storage used by mount-encrypted through
Tlcl API; and (2) testing Tlcl NV define/write/write-lock operations
with platform hierarchy disabled.
BUG=chrome-os-partner:55210
BUG=chrome-os-partner:59361
BRANCH=none
TEST=After clearing the TPM owner run "tpmc def 0x800001 0x3 0x0" to
create a TPM index of size 3, which can be read and written to
with empty password. Verify that "tpmc write 0x800001 12 34 56"
succeeds and "tpmc read 0x800001 0x3" prints "12 34 56" as NVRAM
space contents.
Change-Id: I185cf8380ef1579d0e9e4d8cead5a30ceda3ead9
Reviewed-on: https://chromium-review.googlesource.com/405792
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:59355
BRANCH=None
TEST=make -j runtests
Change-Id: Ife661afea83f65ba262e50e9743a64628972d39e
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/408568
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:59355
BRANCH=None
TEST=make runtests
Change-Id: Ia86922f2c1940c8b46eb938f208fb4afe4ebc175
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/408656
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This script runs when the target is booted in recovery mode. It
reinitializes the TPM and sets the predefined NVRAM spaces to the
default values.
The precence of the /etc/init/trunksd.init file is used to derermine
if the target is runnig TPM 1.x or 2.x.
The major difference between TPM 1.2 and TPM 2.0 modes is that the TPM
2.0 supporting routines do not yet allow to define NVRAM spaces. This
capability will be added later.
BRANCH=none
BUG=chrome-os-partner:59361, chrome-os-partner:55210
TEST=verified that running chromeos-TPM-recovery on a device booted in
recovery mode properly reinitializes TPM on both reef (TPM2.0)
and kevin (TPM1.2). The previously failing on reef autotest
firmware_UpdateFirmwareDataKeyVersion is now passing.
Change-Id: I58e4ceeb1ba27544b7ebfb045d2d2fc5477ecf43
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/407796
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This new recovery reason will instruct the calling firmware in
vboot_select_and_load_kernel to reboot the device (under the assumption
that training of memory has already been performed by the firmware). On
seeing the return code VBERROR_REBOOT_REQUESTED, calling firmware should
perform a reboot.
BUG=chrome-os-partner:59352
BRANCH=None
TEST=make -j runtests successful
Change-Id: I110a735e612665cb2378bd71ca01a111edaf58e3
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/407656
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, vb2_unpack_key() actually unpacked a key buffer. Callers
that had a vb2_packed_key had to typecast it back to a uint8_t buffer to
unpack it. Rename vb2_unpack_key() to vb2_unpack_key_buffer(), and make
vb2_unpack_key() unpack a vb2_packed_key.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge;
emerge-samus and boot it
Change-Id: I9ee38a819c59cc58a72ead78cf5ddf3d0f301ae7
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400906
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Originally, vboot1 code used VbExMalloc() and VbExFree() since it needed
to talk to EFI firmware that didn't have standard malloc() and free().
Now, coreboot and depthcharge implement them as wrappers around those
standard calls. vboot2 code already calls them directly, so let vboot1
code do that too.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I49ad0e32e38d278dc3589bfaf494bcf0e4b0a4bd
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400905
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that the vboot1 cryptolib code is gone, nothing uses stateful_util.
Remove it and its unit tests.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I75b6014be00c5266545db10e87c1d9485fd1444b
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400904
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At this point, all that's left are a few constants in the cryptolib
header files, and they're only used by host-side code. So move them to
a host-side header file and get rid of cryptolib.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I2235f0e84e13fef313afe54e749b73744b157884
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400903
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The old vboot1 cryptolib hard-coded many of its padding arrays in a
padding.c file. Use the equivalent vboot2 apis instead.
This change is almost exclusively on the host and test side; the only
firmware impact is on a single line of debug output.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: If689ffd92f0255847bea2424950da4547b2c0df3
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400902
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The low-level verification functions' *_WORKBUF_BYTES constants assume
the work buffer is already aligned to VB2_WORKBUF_ALIGN. But malloc()
may return a less-aligned pointer, in which case vb2_workbuf_init()
aligns it (and loses a bit of space in the process). This can cause an
error "vb2_rsa_verify_digest: ERROR - vboot2 work buffer too small!".
High-level functions should be using the *_WORKBUF_RECOMMENDED_SIZE
constants for allocation, which have enough padding to compensate for
alignment problems.
BUG=chrome-os-partner:59306
BRANCH=none
TEST=make runtests; boot a recovery image on reef
Change-Id: I1055fa56072b3fe1cd07c5c090293635c42c77a2
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/406526
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes run_test_scripts.sh dump stderr to the terminal
so that the failed test can be debugged. This is necessary to
analyze a failing test on build servers.
BUG=none
BRANCH=none
TEST=sudo FEATURES=test emerge vboot_reference && FEATURES=test
USE=minimal emerge-samus vboot_reference && make runtests
Change-Id: Id9ae0fb174cfe382ec30a1175f54c0891543c46e
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/403428
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Another in a continued stream of refactoring. This change removes more
of the vb1 rsa library code and associated tests, in favor of their vb2
equivalents. This change touches only host-side code and its tests, not
firmware.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I1973bc2f03c60da62232e30bab0fa5fe791b6b34
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400901
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This removes old vboot1 functions in favor of the new vboot2 functions.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: Idc64f7714bbd9d4fa82d14b6b5d73d71c61de854
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400900
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The usage string wasn't appending a newline to the end which caused
weird output when shown. Add a proper usage() helper and extend the
output a bit to be more human friendly.
BUG=chromium:660209
TEST=`pad_digest_utility` is nice
BRANCH=None
Change-Id: I01c3c5372a4202bc6f5a9b2c5fe0e2a59c3ca5cf
Reviewed-on: https://chromium-review.googlesource.com/404768
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
No need to have two implementations of this now.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I18bac928eb09971c37f3e1d7cbfd2009999b1f31
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400899
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
No need to have two implementations of this now.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: Id3348eae80c5d85451981a44729164ff59f88648
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/399121
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Originally, we didn't trust the firmware to provide these functions from
a standard library. Now, with coreboot, we do.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I4e624c40085f2b665275a38624340b2f6aabcf11
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/399120
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
find: A p is added betwen device name and partition whenever the last
character of a device is a number, as written in disk_name() in kernel
block/partition-generic.c file.
debug_vboot: Add regex for nvme device.
BUG=chromium:655192
BRANCH=none
TEST=Check that when a machine boots from NVMe, chromeos-setgoodkernel
set "successful" field properly.
Run " dev_debug_vboot --cleanup", check the NVMe device kernel
partitions are verified.
Change-Id: I6a9342c95500fa582f51f06e48c1ff90684c2a27
Signed-off-by: Gwendal Grignou <gwendal@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/398338
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change fixes errors reported by coreboot toolchain.
BUG=chromium:649554
BRANCH=none
TEST=make runtests
Change-Id: Icd61899718af64b3d199fff37bbea2ccec6ab2cd
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400666
Commit-Ready: Dan Shi <dshi@google.com>
Reviewed-by: Martin Roth <martinroth@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes futility-bdb --create take --load_address parameter,
which sets the load address field in the BDB header.
BUG=chromium:649554
BRANCH=none
TEST=make runtests
$ futility bdb --resign test/futility/data/bin.bdb --data_version 2
then futility show --type bdb test/futility/data/bin.bdb
Change-Id: Ib4dec86c2a043e0989c91bbc01f39776e3630e4c
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/399594
Commit-Ready: Daisuke Nojiri <dnojiri@google.com>
Tested-by: Daisuke Nojiri <dnojiri@google.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes futility-bdb command take --data_version parameter.
BUG=chromium:649554
BRANCH=none
TEST=make runtests
$ futility bdb --resign test/futility/data/bin.bdb --data_version 2
then futility show --type bdb test/futility/data/bin.bdb
Change-Id: I567d5879555f4ae7382fc47ef79135e7a13b7600
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/399593
Commit-Ready: Daisuke Nojiri <dnojiri@google.com>
Tested-by: Daisuke Nojiri <dnojiri@google.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes futility show command dump more information
of the BDB header.
BUG=chromium:649554
BRANCH=none
TEST=make runtests
$ futility show --type bdb ~/tmp/rotor/bin/coreboot.rom
Change-Id: I8a10ed03b673879ab80f777b34863e670d37cd8c
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/399061
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes futility show command dump information of the
signatures found in a BDB.
BUG=chromium:649554
BRANCH=none
TEST=make runtests
$ futility show --type bdb ~/tmp/rotor/bin/coreboot.rom
Change-Id: I168dcd5adf237ec9989f43e3834577257e9a10ff
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/399060
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes futility show command dump information of the keys
found in a BDB.
BUG=chromium:649554
BRANCH=none
TEST=make runtests. run futility show tests/futility/data/bdb.bin
Change-Id: I82bb3956b043adf1febe42941618608865525da2
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/399059
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes futility show command to dump data header information
in a BDB. # of hashes is used to verify 'futility bdb --add' can add a
hash in the unit test.
BUG=chromium:649554
BRANCH=none
TEST=make runtests. run futility show tests/futility/data/bdb.bin
BDB Header:
Struct Version: 0x1:0x0
BDB key digest: c7895611c24efb2249d97376189eeee07def6bcd8ab162a3850d279354f08ddf
size: 1176
Data Header:
Struct Version: 0x1:0x0
# of Hashes: 2
Hash Entry Size:56
Signed Size: 272
Description:
Hash #0:
Offset: 0x2
Size: 35
Partition: 3
Type: 1
Load Address: 0x4
Digest: 72bcf33f448465f035bd58e4b61501db925e67c89feb4a70cb909d8b425861f4
Hash #1:
Offset: 0x2
Size: 35
Partition: 3
Type: 1
Load Address: 0x4
Digest: 72bcf33f448465f035bd58e4b61501db925e67c89feb4a70cb909d8b425861f4
Change-Id: I88934b761236f36a5d607c96f6f2543a62e50b68
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/392949
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch makes futility show command print out hash information.
BUG=chromium:649555
BRANCH=none
TEST=make runtests. Ran futility show tests/futility/data/bdb.bin.
Change-Id: I4d0e933b7b9dca6548aa8488d9ca85b8692a5d49
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/392948
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vboot_reference originally used 2-space indentation, rather than
kernel-style tabs. This makes it painful to maintain given that newer
source files are kernel-style.
Re-indent the files that need it, and reflow comments.
No functionality changes.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: I7dabed41f69434b1988a52600c0cb1eac8c8d7e6
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/396488
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For a device with bootcache support (such as parrot), the kernel config
contains bootcache args (reference: device_map_args in
build_kernel_image.sh). When removing rootfs verification, bootcache
should be disabled, equivalently we should remove bootcache args.
BRANCH=vboot_reference
BUG=chromium:590606
TEST=tested on parrot device with ./build_image --board=parrot test.
After installing the image on device,
(1) run sudo /usr/share/vboot/bin/make_dev_ssd.sh
--remove_rootfs_verification
(2) reboot
The bootloop bug is fixed.
Change-Id: I56ca5f2d98e00e1117611959a67ce72338ec7377
Reviewed-on: https://chromium-review.googlesource.com/395386
Commit-Ready: Qiang Xu <warx@chromium.org>
Tested-by: Qiang Xu <warx@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Qiang Xu <warx@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
test_bdb.sh is failing because sp-rw.bin is missing. Adding sp-rw.bin.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: I7cb892077e424bdfa5f723051a7ebbbda04f14c2
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/396393
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bdb_get_hash_by_index returns a hash entry from a BDB using an index.
bdb_get_hash is also renamed to bdb_get_hash_by_type. bdb_get_hash
is deprecated. Callers are expected to call bdb_get_hash_by_index(buf, 0)
instead.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: Id99926123c0ac9094574eb057c63f79eceda2867
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/392947
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When --ignore_key_digest is specified, futility bdb --verify command
returns success even if the key digest didn't match. Warning message
will be printed to remind the digest wasn't checked.
BUG=chromium:649554
BRANCH=none
TEST=Tested as follows:
$ build/futility/futility bdb --verify tests/futility/data/bdb.bin \
--ignore_key_digest
BDB is valid. Key digest doesn't match but ignored.
$ echo $?
0
Change-Id: I996b0a4f7bbbcf546e2d958f28c5ee8fb251fb99
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/392946
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
