| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In auto update and recovery, the firmware updater was executed with both
stdout and stderr logged. However, the logs usually comes with all stderr
first then all stdout. This makes it harder to debug because the
messages logged in out of order.
TO solve that, few macros are introduced:
INFO: for useful information.
STATUS: the most common information, usually comes with a prefix code.
And all messages should now go to stderr except the final execution
result (and those output commands, for example --manifest).
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
CQ-DEPEND=CL:1345250
BRANCH=None
Change-Id: Ie0dc6594ece10e7e15caf9c36353e2b3ec8754c5
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1345611
Reviewed-by: Youcheng Syu <youcheng@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1694203
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2306633
Reviewed-by: Cheng-Han Yang <chenghan@chromium.org>
Commit-Queue: Cheng-Han Yang <chenghan@chromium.org>
Tested-by: Cheng-Han Yang <chenghan@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For dogfood devices, we usually will only re-key from DEV to PreMP, and then
PreMP to MP. It was found that for retail devices, if WP was disabled
(unintended), user may accidentally re-key to DEV keys if they (1)
recover with a DEV-signed image, or (2) received an AU that didn't have
right signing keys.
As a result, we want to make it harder when recovering to DEV keys.
BUG=chromium:894324
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Id3f7788e6c86d12b6e37b77818a1b4c2ceda1e2f
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1312596
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2306632
Reviewed-by: Cheng-Han Yang <chenghan@chromium.org>
Commit-Queue: Cheng-Han Yang <chenghan@chromium.org>
Tested-by: Cheng-Han Yang <chenghan@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Unibuild, the white label models may use (per model) PreMP key for
devices without VPD 'whitelabel_tag' - this helps dogfooders and lab
machines to run and update properly.
BUG=b:126800200
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=none
Change-Id: I7249e3fb1a2b7ab8ed281d2aa317aee6cde8f8db
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1501614
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
(cherry picked from commit 9c064133217de36332d184e92d20f467967e4e76)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1978122
Reviewed-by: Paul Ma <magf@bitland.corp-partner.google.com>
Reviewed-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
(cherry picked from commit ded374215783ba3cd12b0d4001e49b27b409ceaa)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2301631
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Starting from GBB 1.2, a digest is stored in GBB and must be updated
whenever the HWID string is changed.
In shell script version of updater, the digest is automatically updated
when we do "futility gbb -s --hwid=XXX", but in native updater
implementation we only updated the HWID string and left digest
unchanged, this leaves devices generating wrong PCR1 values.
`cmd_gbb_utility` updates the digest by calling `update_hwid_digest`
using vboot1 structure, so we should introduce a new vboot2 friendly
function, `vb2_change_hwid`, which changes both HWID string and digest
at same time.
Note this has no impact for end user's devices with write protection
enabled. Only changes dogfood units AU results.
BUG=b:122248649
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=none
Change-Id: I6ad2754e6df3c9dd66d71c560a2afc26d14eae33
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1411937
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In mosys, $(mosys platform name) currently returns the board (family) name
while the real model name needs $(mosys platform model).
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ie3355ca94d577e88a2140567b9284da40c0b39c5
Reviewed-on: https://chromium-review.googlesource.com/1301013
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit b01c83f68118c6d026c31a80aae99b329cb0df4f)
Reviewed-on: https://chromium-review.googlesource.com/c/1317048
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
Trybot-Ready: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `programmer` cannot be decided in `load_firmware_image` and is always
specified (and managed) by an outer context, and should be preserved
even when we call `free_firmware_image`.
This helps reloading or removing loaded images at runtime.
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I22f698d4a7118197379e11556b18f70ecd023ca2
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1295209
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1296947
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The legacy firmware updater can update explicitly only some type of
images by using `--[no]update_main`, `--[no]update_ec`,
`--[no]update_pd`.
Since software sync is introduced, usually it does not make sense to
only update EC or PD; instead the real request is to "ignore provided EC
and PD images and update only host".
The new `--host_only` argument provides an easy way to ignore images in
command line (`--ec_image`, `--pd_image`) and archives (`ec.bin`,
`pd.bin`).
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Idf403680880cd58a00867172ccec97fd60c1b826
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1295210
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1296946
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For backward compatibility, we need to support the 'output' mode in legacy
firmware updater. The output must select right files according to system
model, and apply all white label transform if needed.
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ib433647317fa97387aa4a7f8f2101b47e6ca2123
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1282084
Reviewed-on: https://chromium-review.googlesource.com/c/1296945
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For white label devices, we have to select and patch key files (root key
and vblock) by VPD (`whitelabel_tag` or `customization_id`). The white
label tag VPD will be processed and converted to a "signature ID" for
key selection.
To support that, updater has to fetch current (system) image if the
matched model is following white label (so we can read VPD from it).
For developers who want to load and use particular files, they can use
--signature_id to override VPD values.
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I3630bae28d1a8493b56d0e5efd29f3c61a470379
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1278420
Reviewed-on: https://chromium-review.googlesource.com/c/1296944
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For devices using Unified Build, we have to select and load images from
archive by model configuration (setvars.sh). The system model can be
retrieved by $(mosys platform model), but for developers who want to
simulate or get images for particular platform, a command line argument
--model is needed.
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I8f4a6735b34bc694a05808b001c7309623b2afa3
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1278419
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1296943
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In RMA or factory reinstall flow, we will want to make sure device will
next boot into developer mode, which was usually enforced by GBB flags.
In updater4, this is done by updater using flags defined in target
image. We should keep same behavior.
BUG=b:117866155
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Idb6337d453d606dbf88b2a2b82961f21125b7fef
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1288211
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1296942
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For devices not using Unified Build, the firmware updater may contain a
single set of firmware images. To make the manifest more consistent for
both cases (Unified Build or not), we want to change to model name to
be the platform name from FWID if available.
This does not make sense because for these devices, usually platform =
board = model, and it helps to make sure programs parsing manifest won't
try to use the hard coded name 'default' (which does not always work in
Unified Build).
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I6d56336f3b30981e3e936fa63dec7dd45d74b31a
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1278418
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1296941
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For white label projects, the firmware updater has to select correct
root key and corresponding vblock files per different LOEM. In Unified
build, multiple models may share same firmware base image, with
different key files (per OEM). As a result, we have to apply the key
files before using the firmware image files.
This change adds the "patch" information when building manifest, and
prints the correct key hash in `--manifest` mode.
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ib5e31af5262a0989a5a474d0683c83121f24cc78
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1270323
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The firmware updater packages used to rely on a pre-generated VERSION
file to report what files were included and their image versions. Its
format was hard to parse, and may be out-dated if people repack without
updating VERSION file.
The firmware updater today has the ability to read and parse version,
key hash, ... etc everything we need, so it seems more reasonable to
just let firmware updater scan updater package and print the information
in JSON format, so it will be very easy to fetch latest information.
To make sure the output is purely JSON, the start and end messages are
now sent to stderr instead of stdout.
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ifa468fbb3adf798c7931f015258e6c6ce93de993
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1260804
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We are going to have more command line arguments that must be passed to
updater_setup_config, and it is better to manage so many variables in a
struct.
Also, revised the order or argument processing so that simple settings
are now processed first, then complicated ones or those with dependency.
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I03ac036d26e49cdf924c03d6e86a272ce89fc2aa
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1265575
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A firmware update is usually released as a package with multiple images,
instructions, signed vblocks and other files. To work with that, a new
argument '--archive' is added.
The --archive accepts a directory or file, and will determine the
correct driver automatically. For resources (for example --image) in
relative path, updater should find files from archive.
Note in current implementation, only ZIP is supported for file type
drivers (and need the system to have libzip already installed).
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I6a91cbe73fb4ee203c5fa4607f6651a39ba854d5
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1253229
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No real function changes.
For incoming changes, we want to rename the shared functions to make it more
clear (and more consistent) in hot it was used, including:
- load_image: should be load_firmware_image(image, filename)
- free_image: should be free_firmware_image
- reload_image: should be reload_firmware_image
- load_system_image: should be load_system_firmware
- create_temp_file: should be updater_create_temp_file to make it more clear
it is created for updater (and deleted when updater has finished)
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I120e30b5a4c40ccce03e5f361734f2583476703a
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1270322
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When calling `asprintf`, if the return value is negative value then the
strp parameter is not allocated. Updater will need to call asprintf very
often in future, and we should abort immediately if asprintf can't
allocate buffer, since that implies either we are running out of memory,
or the system has gone very wrong.
Instead of writing if (asprintf(...) < 0) { ERROR(); return...}
everywhere, it seems easier to just add a macro and abort as exit(1).
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I8ea5f6c22dcc8225bc53fbd54b4b41a928f84910
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1260803
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ignore a power button push until after we have seen it released,
to avoid shutting down immediately if the power button is held
down on startup.
BUG=b:116819414,chromium:670492
BRANCH=grunt
TEST=manual:
1) Press and hold esc+refresh+power.
2) Depthcharge shows INSERT screen and does not power off.
3) Release esc+refresh+power.
4) Press and release power.
5) Depthcharge powers off.
TEST=test_that --fast -b grunt $grunt_ip firmware_ECLidShutdown
TEST=FEATURES=test emerge-grunt --nodeps vboot_reference
Change-Id: I7421a4b1a1b8a7894f0e7d1c7927ffc52d9faac0
Signed-off-by: Edward Hill <ecgh@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1256023
Reviewed-by: Raul E Rangel <rrangel@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We changed the verity kernel command line form before R16 was released
and included backwards compat support in the scripts for it. But all
the devices that were released for these old versions are EOL, and we
don't need to sign images that old anymore, so drop support.
BRANCH=None
BUG=chromium:891015
TEST=precq passes
Change-Id: I0e61c5d5cbeefb8ea0af955ead604a97fcb84bad
Reviewed-on: https://chromium-review.googlesource.com/1255344
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`futility` used to print debug messages to stdout, but there is a side
effect that stdout may be buffered and then flush later than stderr.
For example, when calling futility via ssh, we will see flashrom
messages before any of futility's own messages.
Also, many people want to get flashrom verbose messages (-V).
With this change, when calling ERROR and DEBUG, we will always output to
stderr. This also enables better parameter type checking.
`-d` and `-v` both contribute to verbosity, that will be converted to
-V's when calling flashrom.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I1d22a8054fc43cdc5e6c7415e131cc9826fbff0c
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1251145
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"Can we make futility support stdin like flashrom? I typically flash with:
ssh root@DUT flashrom -p host - < foo.bin"
Yes we can:
ssh root@DUT futility update -i - < foo.bin
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ib1ee5d4c882620e3b6f56fd5e4692b4829cf025a
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1251141
Reviewed-by: Raul E Rangel <rrangel@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'SMM store' must be preserved during firmware update. On newer systems,
this can be done by preserving FMAP section 'SMMSTORE' (CL:1221210).
For Eve, the SMM store did not have its own FMAP section and needs to be
reserved by explicit cbfstool calls.
BRANCH=None
BUG=b:70682365
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: Ica043f51de0170b5c40f61d059437b9572025e2e
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1250464
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The target AUE for daisy_snow is 74 or even longer, so we need to get a
better solution to get rid of script based updater customization (and the
painful EXTRA list in updater configuration).
The new quirk 'daisy_snow_dual_model' is assuming the input firmware image
has both daisy_snow x8 and x16 firmware packed into a single image
(because in vboot1, RW_A is identical to RW_B), and will modify A/B
contents according to target system.
BRANCH=None
BUG=chromium:881034
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
# Provide a fake mosys and output both MP / MPx16 to:
futility update -i bios-snow-2695.132.117-rw.bin \
--quirks daisy_snow_dual_model --emu emu.bin --sys_props 0,0x0000,0
Change-Id: I8af1b6c3117a703aed4da59902aaecb1009101f2
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1239798
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For people running updater directly without the packaged firmware
updater (chromeos-firmwareupdate), it is easier if we identify the
quirks inside updater itself instead of the wrapper script.
This change enables getting "default quirks" by target image RO version
so we won't need to pack firmware images first.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I179227f7a829577dc9fe5deb085fdee1a738c070
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1245663
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There will be more and more board-specific quirks in future and we want
to put them together into a special module.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I4fd2ff5e2b2e891cbd3da8c9393c6fbdf7024c75
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1245645
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The creation and deletion of temp files can be managed in same context
where updater config lives.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ic1745d27a071047d4882b21905bd11e15b5632cd
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1245644
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the do_update back to cmd_update with better initialization. The
update.c now has few APIs to invoke the firmware updater without relying
command line processing.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I99f792bf902ed72e487242ac8872aec384783555
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1245643
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It looks like cbfstool removing & inserting blobs into the bios, even
if the contents are the same, break the signatures run over the region.
Until we can figure out what's going on, avoid re-adding content that's
the same to keep the signatures valid.
BRANCH=None
BUG=chromium:889716
TEST=signing fizz image has valid vblock hashes
Change-Id: I00ba84cf22b6fffc594e60b78f91e7cb49c98f06
Reviewed-on: https://chromium-review.googlesource.com/1248201
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: C Shapiro <shapiroc@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The updater is getting more complicated and we may want to split into
few modules, for example "updater", "quirks", and "host".
The first step is to change cmd_update.c to updater.c (to preserve most
GIT history).
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Icae37db8720162130cf38767fec14a970cc9899d
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1245642
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many developers need to reflash or update firmware using servo, and the
firmware logic has been complicated enough that simply calling
'flashrom -w image.bin -p $SERVO' will usually destroy many important
settings, for example HWID, VPD, and other data provisioned in factory.
It should be more convenient if we can use 'futility update' against
servo. The '--programmer' provides first step - to override the flashrom
programmer so we can read and write via special programmer (like servo).
With this change, developers can reflash using:
futility -p $SERVO -i $IMAGE --force --wp 0
BRANCH=None
BUG=b:116326638
TEST=make futil; sudo tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: Iad4819ff8258086e1abb58fefd462d94050754d0
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1239817
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to support overriding programmer, we need to clean up the
'emulation' first.
The firmware_image.emulation was implemented as a flashrom emulate
programmer so we can emulate with calling flashrom in the very
beginning; and then replaced by native FMAP library because calling
flashrom add too much dependency and much slower in unit tests.
As a result, we can replace emulation to be the real file name being
emulated, and only keep that in the global config.
BRANCH=None
BUG=b:116326638
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: I5423e64d66be03a09ccfde29ecc3f4ef114c9453
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1239816
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Error messages should be printed using ERROR when being outside
the main updater function (do_update).
BRANCH=None
BUG=None
TEST=make futil; sudo tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: I037c99b6e4fbb6a05fd95d64a87d187d8531da39
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1245641
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By b/116298359#comment3, we know the tpm_fwver may be zero if the
firmware slot has been just created and no successful boots since last boot.
This is very common for factory and recovery so we should consider 0 as
"success".
There is still possible in early or proto builds, the device may have
vboot data structure changed so the updater calling vboot library cannot
get tpm_fwver properly. Also for people who wants to re-key their
devices with DEV firmware, we should allow waiving all TPM checks by
--force.
Also, in order to test that correctly, override_properties_from_list
should accept negative values to simulate failure in getting tpm_fwver
from VbGetSystemPropertyInt.
BRANCH=None
BUG=b:116298359
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: I09c91af36ceec340e393fb68999bea8d1907267d
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1239814
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a generic way of selecting an alternative bootloader to run from the
developer-mode menu. This enables keys 1-9 to select a particular numbered
bootloader.
Adjust VbExLegacy() to take a numeric parameter to signal which boot
loader to run.
CQ-DEPEND=CL:1228875
BUG=chromium:837018
BRANCH=none
TEST=FEATURES=test emerge-grunt --nodeps vboot_reference
Change-Id: I02eab1b87e21a6401ec42317c4c1fa1bd2767b53
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1060854
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:114610466
BRANCH=none
TEST=(1)Test cheza, whose storage has a block size of 4k:
$ make_dev_ssd.sh --remove_rootfs_verification --partitions 2
$ make_dev_ssd.sh --partitions 2 --save_config /tmp/foo_config
$ echo "console=ttyMSM0,115200n8" >> /tmp/foo_config.2
$ make_dev_ssd.sh --partitions 2 --set_config /tmp/foo_config
Messages show kernel is successfully re-signed.
Reboot and then see kernel log printed.
Also, rootfs is modifiable.
(2)Do a similar test on scarlet, whose storage has a block size of 512B.
See the same result.
Change-Id: Ic5d7714e4f608c477f935d244cd5ad62eb38815a
Signed-off-by: Philip Chen <philipchen@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1240934
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Philip Chen <philipchen@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Evan Green <evgreen@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to drop armv7a-cros-linux-gnueabi toolchain, so we need
to use armv7a-cros-linux-gnueabihf-gcc instead.
BRANCH=None
BUG=chromium:711369
TEST=emerge-kevin vboot_reference
Change-Id: Ie6831079162916eb11e98da3aecdcd8c0bd0d82d
Reviewed-on: https://chromium-review.googlesource.com/1241856
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The eventlog is stored in RW_ELOG and should not be destroyed during firmware
update.
BUG=chromium:655423
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I0b4fe1e78ae2d499e985471f51cfa9eb983c8adc
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1242663
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cheza early proto devices have declared few sections that must be
preserved before RO_PRESERVE is introduced, so we want to temporarily
include them until the migration is completed.
BUG=b:116326638
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ie8f397c000839ccfd475eab1d248843b23320465
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1239797
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There may be more platforms that want to preserve some data in RO+RW
firmware update. To prevent adding a huge list, we want to add new
RO_PRESERVE and RW_PRESERVE so sections to be preserved can be simply
defined as sub section of these and no more changes in updater side.
RO_VPD, RW_VPD and RW_NVRAM are remain unchanged due to legacy.
BUG=b:116326638
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I669e61aa75ab292fcee1a7b056af0e4d5fb14a7b
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1239815
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ideally we should fail if `tpm_fwver` can't be retrieved, but if an user can
run the updater then his system is already up so it's more likely to be a
vboot library issue (especially in early proto devices) that the crossystem
values were not reported correctly.
As a result, it seems more reasonable to skip checking TPM anti-rollback if
`tpm_fwver` can't be retrieved.
BRANCH=None
BUG=b:115764295
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: I7b6bf72531edb334a465c730fe8b3fbafa469b3a
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1238099
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After CL:1210342, the 'futility_s' is no longer needed so we may drop
the related build rules. People who wants to build static version of
futility can do:
make STATIC=true futil
BUG=chromium:765499
TEST=precq passes; make futil; make clean; make STATIC=1 futil
BRANCH=none
Change-Id: I80e83a80eaa273f09288f850c59a52494dc5bec9
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1235795
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The '--factory' is an alias to '--mode=factory_install' and was widely used
in several documents. Also moved WP check to end of argument parsing so
'--mode=factory --wp=0' can set WP correctly.
BRANCH=None
BUG=b:115764295
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: I7987d77c577414efb03941442e3125f35ac5ad98
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1233373
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In --mode=factory, we should fail if write protection is enabled.
Also added an unit test for the case.
BRANCH=None
BUG=b:115764295
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: I6c693e470a034554b1f4a3cb16cfbf974ae6f54b
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1226587
Reviewed-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A bunch of the params have '(writable)' at the end of the description
to indicate it's a writable field. However, it's not listed on every
field. Rather than resync all of them, automate it. Throw in the
type for good measure.
The old display:
hwid = LUMPY # Hardware ID
dev_boot_usb = 1 # Enable developer mode boot from USB/SD (writable)
The new display:
hwid = LUMPY # [RO/str] Hardware ID
dev_boot_usb = 1 # [RW/int] Enable developer mode boot from USB/SD
BUG=None
TEST=`crossystem` output looks better
BRANCH=None
Change-Id: I953cf5cb78b52edeece4215c3249b79b26d36f26
Reviewed-on: https://chromium-review.googlesource.com/1224652
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
clear_tpm_owner_request is 23 chars now.
BUG=None
TEST=`crossystem` is aligned
BRANCH=None
Change-Id: I6d077b7311c74c51fd608281ad48b29fc6219937
Reviewed-on: https://chromium-review.googlesource.com/1218502
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A bunch of these fields are slightly missorted.
BUG=None
TEST=`crossystem` is sorted
BRANCH=None
Change-Id: I9e90343f5034e7a8a2d81c9b8eeb4b1d7286f157
Reviewed-on: https://chromium-review.googlesource.com/1218503
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All accessories leverage the key format of Hammer therefore this
script calls Hammer's one to generate a key pair and renames them.
The key name isn't referenced by the signer anymore, so we will
name them all "hammerlike".
BUG=chromium:859269
TEST=Run this script in the chroot.
BRANCH=None
Change-Id: Iba35b03e59216e96a99f8aa471b660f3805c1f23
Reviewed-on: https://chromium-review.googlesource.com/1205636
Commit-Ready: Nick Sanders <nsanders@chromium.org>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many device may have some minor difference in early builds, for example
(board id) rev 0 and rev 1 may have GPIO pins connected to different
components. Usually the firmware should read board identifier and do the
right mapping, but sometimes the firmware may be totally incompatible and
no way to workaround (for example even the CPU may be different).
The min_platform_version is introduced so we can prevent updating to
incompatible systems, by reading $(mosys platform version).
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I418fee1aad884551b38ac25c340b2797b8503596
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1198815
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On recent Intel platforms, flashing to SI_ME may get corrupted due to ME
execution in parallel. If we lock SI_ME immediately (by writing the new
SI_DESC), the device may fail to boot due to ME execution failure.
As a result, a quirk is added so the firmware updater will never lock
SI_ME. The Flash Master values are always unlocked when updating SI_ME,
and after system reboot, a board-postinst script should check ME status
and reflash SI_DESC only if SI_ME looks all good.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I584aa373797e2b4c2608f07aac21c16cdb34a5c4
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1198807
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
