| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of chromium:942901, physical dev switch functionality
is being deprecated.
After coreboot CL:1541323 is merged, VBSD_HONOR_VIRT_DEV_SWITCH
will no longer be used, and can be renamed.
BUG=b:124141368, b:124192753, chromium:942901
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
CQ-DEPEND=CL:1541323
BRANCH=none
Change-Id: I4f304565f581b21658771336c6f70f0edcfe0e29
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1526072
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of chromium:942901, physical dev switch functionality
is being deprecated.
After CL:1541322 is merged, VB2_CONTEXT_FORCE_DEVELOPER_MODE
will no longer be used, and can be renamed.
(See: src/security/vboot/vboot_logic.c)
BUG=b:124141368, b:124192753, chromium:942901
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
CQ-DEPEND=CL:1541322
BRANCH=none
Change-Id: I3a401a59dc80cb42617a8f3a485d303aa3484c92
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1526071
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In case jq does not find a node in the JSON file, it still returns
with exit code of 0, it just prints 'null' instead of the expected
node value.
This patch adds processing this error condition, which makes it easier
to troubleshoot the case of misconfigured Cr50 signing manifest.
BRANCH=none
BUG=b:74100307
TEST=tried using the script with a manifest which does not have the
node of board_id_flags defined. Observed error message of
...sign_cr50_firmware.sh: ERROR : bid_flags not found in...
instead of previous error reported as
...sign_cr50_firmware.sh: line 53: null: unbound variable
Change-Id: I70acff7a3331b01f0f964f2942bf2806a2af8691
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1537260
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of chromium:942901, physical dev switch functionality
is being deprecated.
BUG=chromiumos:942901
TEST=make clean && make runtests
BRANCH=none
Change-Id: I84d35a3eade6272896e7f9c3c43e87bba090f132
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1539435
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vboot_reference has a set of "external" functions which are
defined by the client and linked in at compile time.
Instead of creating a separate return code for each unimplemented
external function, group them all into one.
BUG=chromium:944804
TEST=make clean && make runtests
BRANCH=None
Change-Id: Ic3896572c71aabf99590758c7fc3848b61f9e078
Reviewed-on: https://chromium-review.googlesource.com/1539433
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vboot Makefile contains a target library called
libtinyvboot_host.a, and claims it is used by autoupdate
installer since it must sometimes be a 32-bit executable.
(See CL:44442.)
As far as I can tell, this lib is no longer used, and we can
safely remove it:
(1) I don't see any mention of this file in any repo's git
history:
$ repo list | sed -e 's@ :.*@@' | while read dir;
do ( cd $dir; out=`git --no-pager log --no-renames -p -Svboot_host |
grep tinyvboot_host`; [ -z "$out" ] || echo "$dir\n$out" ); done;
src/platform/vboot_reference
+TINYHOSTLIB = ${BUILD}/libtinyvboot_host.a
(2) The library doesn't get installed in vboot_reference's
ebuild.
BUG=b:124141368, chromium:440078
TEST=build vboot_reference
BRANCH=none
Change-Id: I0ff41f0596f911ac1d969bfabcdaab7fc2c883f7
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1535459
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of chromium:942901, physical dev switch functionality
is being deprecated.
VB2_CONTEXT_FORCE_DEVELOPER_MODE is for the express purpose
of enabling developer mode when the physical dev switch is
on. (See: coreboot's src/security/vboot/vboot_logic.c)
Remove the check of this context flag for deciding whether
developer mode is enabled.
In order to retain a path to developer mode on devices
with physical dev switch, this CL depends on
VBSD_HONOR_VIRT_DEV_SWITCH check being removed first
(see CL:1526070). (Alternately, we can wait for CB:31943
to be merged and pulled downstream.)
This constant will be marked as deprecated in a subsequent
CL, once the coreboot CL has been pulled downstream.
BUG=b:124141368, b:124192753, chromium:942901
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
CQ-DEPEND=CL:1526070
BRANCH=none
Change-Id: I81b54b9e2b8d3c6f9c00b40dd0771cda0585037c
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1524757
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of chromium:942901, physical dev switch functionality
is being deprecated.
As such, we no longer need to specify the flag
VBSD_HONOR_VIRT_DEV_SWITCH -- the virtual dev switch should
always be honoured.
Additionally, there is no longer a need to check this flag
when looking up the value for crossystem devsw_cur.
This constant will be marked as deprecated in a subsequent
CL.
BUG=b:124141368, b:124192753, chromium:942901
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
BRANCH=none
Change-Id: Ib1ab86d79b039650136f1038c23175f5990895db
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1526070
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The original purpose of vb2_context is to provide one shared
state object through the entirety of one particular application.
Pull the creation of vb2_context up to a higher level in order to
work towards this goal.
BUG=b:124141368
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
CQ-DEPEND=CL:1517179
BRANCH=none
Change-Id: I7c454afddb2b525895d9945b081b14b29100892c
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1517061
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of chromium:942901, physical dev switch functionality
is being deprecated.
There is no longer any need to provide devsw_virtual flag
in crossystem.
BUG=b:124141368, b:124192753, chromium:942901
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
TEST=Check for references to devsw_virtual in code search
BRANCH=none
Change-Id: Id80ec1de8c43909ce2ff661744622d2ea36030a6
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1526069
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:128419534
TEST=make runmisctests
BRANCH=none
Change-Id: I1b3403cbe9ce93d9341c7ce32277d75462da894f
Signed-off-by: Mathew King <mathewk@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1521216
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:127843397
TEST=Tested set and confirm screens on local arcada device
BRANCH=none
Change-Id: Ifafba3fd32a79131cf1d2059ef2147c074f3a3b6
Reviewed-on: https://chromium-review.googlesource.com/1529751
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mathew King <mathewk@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When signing Cr50 images, Board ID flags and major version number
fields of the manifest must follow the following convention:
- even major version numbers indicate pre-pvt branch, Board ID flag
bit 0x10 must be set;
- odd major version numbers indicate mp branch, Board ID flag bit
0x10000 must be set;
BRANCH=none
BUG=b:74100307
TEST=extracted pre-pvt branch produced Cr50 tarball into /tmp/cr50.cp,
and ran the following command:
scripts/image_signing/sign_cr50_firmware.sh /tmp/cr50.cp tests/devkeys \
signed
observed successful completion. Modified
/tmp/cr50.cp/ec_RW-manifest-prod.json to set major version number
to 3 instead of 4 and tried again, got the following error, as
expected:
sign_cr50_firmware.sh: ERROR : Inconsistent manifest \
/tmp/cr50.cp/ec_RW-manifest-prod.json: major = "3", board_id_flags = "16"
Change-Id: Ic123df4396d7d497347de40a5ff448940c0b1982
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1321410
Reviewed-by: David Riley <davidriley@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes sure that Cr50 manifest included in the builder
produced tarball is stripped to remove the comments before it is given
to jq for processing.
Also a little clean up.
BRANCH=none
BUG=b:74100307
TEST=tested as described in the next patch.
Change-Id: I4852fea7c21752c45fcfe4cc60d45f264f142bab
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1529387
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds diagnostic mode. When enabled for a board (based on
defconfig in depthcharge) the user can press Ctrl-C or F12 at a recovery
mode screen, at which point an nv bit is set and the system reboots.
Upon reboot, if the nv bit is set then the user is prompted to confirm
launch of the diagnostic rom via the power button. If user confirms
then the diagnostic payload is verified and run (if verify fails or
payload doesn't run then a recovery reason is recorded and system
reboots to recovery mode). If the user does not confirm then the system
reboots.
BUG=b:124358784
BRANCH=None
TEST=Locally built and flashed using change that enabled feature for atlas
and set to use payload 2 (tianocore) rather than 5 (diagnostic). Confirmed
that Ctrl-C is functional or not based on defconfig and that Ctrl-C
sets NV bit and reboots. Confirmed that NV bit can be set and
queried via crossystem. Confirmed that during boot confirmation screen
appears or not based on NV bit. Confirmed that pressing power button
caused payload to be verified and run. Confirmed that non-matching hash
(build configured to use sha1 rather than sha256) caused payload to not
be run and system reboot to recovery. Confirmed that Esc or timeout
caused system to reboot.
CQ-DEPEND=CL:1471056
Change-Id: I8979d4eeb443bf64b727ee86a814c46d1d27ff37
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1470723
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change allocates a bit in the nvram that will be used
in a later change to tell the firmware whether to detour
to diagnostic mode during boot.
BUG=b:124358784
BRANCH=None
TEST=Local build and ran "make runtests". Verified with a later
change that the nvram bit takes effect as expected.
Change-Id: If2fd3f46da30fc7375d37b240e3e745819ae0632
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1504758
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vb2_run_altfw() can jump to run a legacy payload, so this change
adds a call to vb2_nv_commit() to commit any pending changes
to nvram before making the jump.
The call to commit requires a vb2_context, so the majority of this
change is to plumb this context through various functions.
BUG=b:124358784
BRANCH=None
TEST=local compile. Tested with a later change that helps confirm
that a pending nvram change is written before jumping.
Change-Id: Ib32980527aa07357d62dd695a6ff479e8c918cf8
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1504757
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds some #defines to assist with converting
between microseconds (usec), milliseconds (msec) and full
seconds.
BUG=b:124358784
BRANCH=None
TEST=Local build and also ran "make runtests"
Change-Id: I0fd43ccb42bbd42f9ed319a29eb4015b48c879bb
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1504756
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add vboot2 callback for tpm_set_mode.
This is mostly a cherry-pick of these:
https://chromium-review.googlesource.com/c/1354139
https://chromium-review.googlesource.com/c/1365293
The re-enable of the tpm is now performed by coreboot
so this version doesn't implement tpm_get_mode.
BUG=b:124358784
BRANCH=None
TEST=compile vboot_reference and depthcharge
CQ-DEPEND=CL:1471195
Change-Id: I4168b50650e22f35ad9c66d49f34b689c46a36e1
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1470962
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Keith Short <keithshort@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:128419017
TEST=Tested on arcada by forcing VbExSetVendorData to return an error
and verified that error message is shown
BRANCH=None
Change-Id: I9aa33f88fcb40c1f8d8c60848653654470ac1925
Signed-off-by: Mathew King <mathewk@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1521215
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The primary purpose of this change is to add a flag to VbExGetSwitches()
so the current user physical presence (via the status of the power button)
can be queried.
The flags have also been renamed from the historical _INIT_ use to
_SWITCH_ to reflect the current/actual API they're used with.
BUG=b:124358784
BRANCH=none
TEST=Locally built and flashed. Confirmed that the power button status
can be queried when the power button is disabled.
CQ-DEPEND=CL:1470273
Change-Id: I579ebe657ae35fb866eb30b466e8e8c16f54e584
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1471190
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove:
- VB2_DISABLE_DEVELOPER_MODE
- VB2_SD_DEV_MODE_ENABLED
(Both have been renamed.)
coreboot dependencies: CB:31297, CB:31298
BUG=b:124141368
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
BRANCH=none
Change-Id: Ic50e5e327e5b192af3aa103e4b36ff7ed8631c8f
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1506681
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Patrick Georgi <pgeorgi@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Not everyone uses /mnt/host/source as their development
environment. If running "make runtests" from a different
directory, test_show_contents.sh fails, reporting different
stdout for the various futility tests that it runs.
Update test_show_contents.sh to use relative test paths, and
update the expected output of futility runs.
Also fix consistency of quoted variables.
BUG=b:124141368
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
BRANCH=none
Change-Id: I35fd81734b6318a506613eb4f04bb7055709feef
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1517062
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DriveOpen mallocs a couple of buffers, but DriveClose only freed them if a
particular flag was passed causing GptSave to be called. Move the free calls
out of GptSave so that the buffers are always freed, and add DriveClose calls
to a couple of cgpt functions that are missing them.
BUG=chromium:940543
TEST=precq passes, manual testing with cgpt/valgrind shows that memory leaks
for cgpt find, show are fixed.
BRANCH=none
Change-Id: I58aeddfa6b8b4715ba4f8e064e95a660371a01c9
Reviewed-on: https://chromium-review.googlesource.com/1516413
Commit-Ready: Fletcher Woodruff <fletcherw@chromium.org>
Tested-by: Fletcher Woodruff <fletcherw@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is largely a cherry-pick of CL:1133598
- Externalize vb2_digest_buffer function to vb2api_digest_buffer.
- Change VbExLegacy()'s altfw_num parameter from int to enum so
caller can specify which specific payload to run.
BUG=b:124358784
BRANCH=None
TEST=Local compile. Verified with subsequent change that legacy boot
still works and new functionality can opt-in to and utilize payload
verification.
CQ-DEPEND=CL:1471053
Change-Id: I9700c2e38c3cfa255eeff72ce416295af9d076fb
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1471051
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The comments said remount was avoided due to loop offset usage which,
while true, isn't the only reason. We can't remount rw without first
calling enable_rw_mount to clear the invalid bits in the fs header.
Update the comment to reflect that and switch to our mount helper as
it will call that for us.
BUG=chromium:938958
TEST=precq passes & signing unittests pass
BRANCH=None
Change-Id: I1063bc84befebddc942a3dec05e8f33ea834db30
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1522089
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Newer kernels seem to be buggy when using loop mounts with offsets.
Switch to using `losetup -P` everywhere as that doesn't seem to run
into the bug.
BUG=chromium:938958
TEST=precq passes & signing unittests pass
BRANCH=None
Change-Id: I3c35436708d0a4b2c5c1900406503e753f88a53c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1521065
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In CL:1495054 the updater has different logic when the firmware image
has FMAP_AREA_PRESERVE in FMAP flags. This needs to be verified in unit
test.
The new test tries to set 010=0x08 (FMAP_AREA_PRESERVE) in RO_VPD area flag
but not RW_VPD, with RO and RW VPD both being provisioned in source
(from) image. The legacy path would update both while the new path will
only update RO, so we can make sure the flag-based preservation is
working as expected.
BUG=chromium:936768
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I07d232444344397b80344ccc9b56f8af3256e043
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1514452
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When write protection is not enabled and updater sees TPM Anti-Rollback
failure, the log will only report TPM failure (example: crbug.com/937961).
This is hard to figure out if the failure was caused by re-key or other
reasons.
In try-rw and rw update, the updater will always check rootkey
compatibility before checking TPM anti-rollback, so we should do the
same thing on full update (RO+RW). With this change, the updater will
report key mismatch before failing with TPM anti-rollback.
BUG=chromium:937961
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I2f035450995387b198f990467e4f416e6c7b746e
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1514007
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We are recently seeing more and more issues that mosys on early build of
devices can't report model properly and caused recovery to fail.
For single-model manifest, the updater used to double check if "mosys
platform name" matches the single model name for unibuild devices
(non-empty signature_id); however this is not really necessary since we
have other platform checks and key checks.
Remove the check and always return the single model to simplify
development in early stage.
BUG=None
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I1bb901dc9661623cd1161dde6ee4573c5da958a7
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1513997
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
List two switches with their documentation in vb2_api.h:
- NEED_VB2_SHA_LIBRARY
- NEED_VB20_INTERNALS
BUG=b:124141368, b:124192753
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
BRANCH=none
Change-Id: I91798f9211ddb09fa57cc958f6c9a662b9d41192
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1480751
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
coreboot uses the C preprocessor on its linker scripts to
allow evaluation of macros when defining memory layout.
Move constants from 2api.h to an independent file in order
to allow for coreboot to use these constants in its memlayout
file, without needing to include the entire vboot API.
Note this commit creates two new header files:
- firmware/2lib/include/2constants.h: contains the constants
- firmware/include/vb2_constants.h: externally importable header
Also, rename VB2_WORKBUF_RECOMMENDED_SIZE to
VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE for clarity.
BUG=b:124141368, b:124192753
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
BRANCH=none
Change-Id: Id17c6955b67e51cb048b10b4be0901c0e9110a1f
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1504490
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
VbExDisplayDebugInfo() was invented for the TAB display that dumps a
whole lot of possibly interesting debug data to the screen. Since some
debug data is only available to the calling firmware, the convention has
always been that the calling firmware is supposed to append any of its
own debug data it thinks may be relevant to the output.
Later, the function was reused to print small info messages that give
the user a hint what went wrong when a Ctrl+U or Ctrl+L fails
(unlocalized, of course, but better than nothing). The calling firmware
is not aware of this new use case, so every time vboot prints a
"WARNING: Ctrl+L not enabled" sort of message on the screen, depthcharge
also dumps the firmware IDs and TPM state below it.
This patch introduces a new parameter to the function to make the two
differing use cases clear to the calling firmware.
CQ-DEPEND=CL:1496903
BRANCH=None
BUG=None
TEST=with other patches
Change-Id: I52a1e764189508130fea562ad6d53bcefb1fce64
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1497038
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
VbExDisplayScreen/Menu() can fail for many reasons... most often because
some asset that was part of the intended screen couldn't be found. Most
of the errors are permanent and will not get better by trying again.
The respective vboot wrapper functions track the last screen change that
was requested so that we don't keep drawing the same screen over and
over again for every keyboard poll. The current code does not update
this tracking when there was an error during drawing, but the benefit of
this is questionable... those errors usually mean that some part wasn't
drawn correctly, but they don't mean "please keep trying". This problem
is currently worked around in depthcharge by just always passing
VBERROR_SUCCESS even if the underlying screen drawing calls failed, but
it seems cleaner not to hide this error from vboot and instead make
vboot deal with it better.
BRANCH=None
BUG=None
TEST=Navigated through some menus both with and without bitmaps in CBFS.
Change-Id: I3d86a5150fddce9fab18189b2b706960d429b2b7
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1497037
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Mathew King <mathewk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Unibuild, the white label models may use (per model) PreMP key for
devices without VPD 'whitelabel_tag' - this helps dogfooders and lab
machines to run and update properly.
BUG=b:126800200
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=none
Change-Id: I7249e3fb1a2b7ab8ed281d2aa317aee6cde8f8db
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1501614
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Futility has two debug facilities: the Debug() function that can be
enabled by passing --debug on the command line, and the VB2_DEBUG()
macro (mostly in common code from the firmware/ directory that it
includes) which can only be enabled by passing DEBUG=1 at build time.
This is confusing and inconvenient, since you don't always want to
rebuild futility whenever you need that extra debug output and it's not
very obvious that you can get even more debugging beyond just passing
--debug.
This patch resolves the inconsistency by merging both facilities
together into a single VB2_DEBUG() that is output when passing --debug.
In order to make this work, we'll have to move the VBOOT_DEBUG #define
so that it only affects the stub implementation of vb2ex_printf(), and
any caller overriding the stub is in charge of their own destiny. This
should be okay since callers can still individually implement debugging
policy in their versions of vb2ex_printf() if they want to. (This may
have been useful to cut down the binary space for debugging strings, but
our firmware has always been unconditionally enabling VBOOT_DEBUG in the
past years, so that doesn't seem to be very important in practice.)
BRANCH=None
BUG=None
TEST=Ran futility --debug show, noticed I got all the extra keyblock
verification debug output I always wanted.
Change-Id: I9a5c205fc3673941b50f03f2a967b1be110a1555
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1504140
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many projects started their initial builds without knowing that some
sections must be preserved when being updated. This may be solved by
adding section name to 'preserved' list in firmware updater (for
instance, CL:1239797), or include that section as sub area of
{RO,RW}_PRESERVE.
However, there are problems in both solutions. For example, installing
an older image will run old updater, which will not preserve the new
names. Also, if there are multiple sections must be preserved (and not
contiguous - see CL:1493629) there will be problems. Additionally,
changing FMAP layout usually causes more problems.
As a result, adding the description in FMAP area would be the better
idea. A new FMAP_AREA_PRESERVE suggests firmware updater to preserve
a section if possible. In Coreboot, this can be easily set in *.fmd
using flag (PRESERVE). See https://review.coreboot.org/31709 for
example.
BUG=chromium:936768
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ie56f65dd418faa97ffb78b1acff613e7d7e268b8
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1495054
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In RO+RW update mode, we only check if the system will be doing re-key.
However, as Unibuild and White-label are becoming more popular today,
this may not be true when signer config has something wrong, or if the
patching of rootkey/vblock is broken.
As a result we should also check if the target image is looking good
before proceed to update in recovery mode.
BUG=b:126931606
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=none
Change-Id: I16c2f9b4fd886e15414de8fda7bd41813f3f8d83
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1496678
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many people seem to have problems doing things in the detachable UI on
early bring-up devices that don't yet support display output. This patch
is supposed to alleviate that problem by adding more log output so that
people can see on the UART which menu option they have selected (with
actual text rather than just screen and menu item indices).
While we're at it, let's also dump the TAB output to the console so that
it's easier to retrieve that information without a display as well.
BRANCH=None
BUG=chromium:924446
TEST=None, because make runtests is broken and nobody seems to care.
Change-Id: If9350255a68821b7e232726ba56d001571d52cd4
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1436494
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On a full firmware update we need to preserve these regions:
SI_GBE contains the unique MAC address for the system
SI_PDR contains data from the factory and diagnostics
BUG=b:126637087
BRANCH=none
TEST=futility update image-sarien.bin
Change-Id: I2981c8cc478617029934ef3fbdb1c446c858fad8
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1493629
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The computation to determine the number of table entries was incorrect
due to sizeof(TPM_FAMILY_TABLE_ENTRY) producing a wrong value for the
size of a single entry. TPM_FAMILY_TABLE_ENTRY actually doesn't match
the encoding of the entries in the TPM's response due to alignment.
Fix this by using a constant that reflects the correct entry size.
Relatedly, I found that ReadDelegationFamilyTableTest would have
caught the bug, but was actually not being invoked. Fix this as well.
BUG=chromium:934193
TEST=Unit tests, manual per instructions in bug.
BRANCH=none
Change-Id: Ic72ad110dc0dbf15cc3cc25b438c4bc2bd2d6015
Reviewed-on: https://chromium-review.googlesource.com/1480519
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Tested-by: Andreea-Elena Costinas <acostinas@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There's already a local |output| variable that we clobbered.
BUG=chromium:935628
TEST=cros-signing/signer/signing_unittest.py passes
BRANCH=none
Change-Id: Idde2aa35053ff6bc149f3f4d1df784e25b4fcdc5
Reviewed-on: https://chromium-review.googlesource.com/c/1490651
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Openssl output format changed, use futility for key_size.
BUG=chromium:935628
TEST=None
BRANCH=none
Change-Id: I1329fa8cd1a79943dbcd8be19d56680ae22376f1
Reviewed-on: https://chromium-review.googlesource.com/c/1489452
Tested-by: LaMont Jones <lamontjones@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:124297157
TEST=make runtest
test on device
BRANCH=none
CQ-DEPEND=CL:1466822
Change-Id: Ic3b1b502b1aff14a795397da3024f8a12eb04775
Reviewed-on: https://chromium-review.googlesource.com/1466290
Commit-Ready: Mathew King <mathewk@chromium.org>
Tested-by: Mathew King <mathewk@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Mathew King <mathewk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:933391
TEST=make runtests
Test ctrl+d, ctrl+u, and ctrl+l on device
BRANCH=none
Change-Id: Icf8699e5facac44a074cfd47e796b9957fd6b714
Reviewed-on: https://chromium-review.googlesource.com/1475781
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mathew King <mathewk@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Mathew King <mathewk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename VB2_DISABLE_DEVELOPER_MODE to VB2_CONTEXT_DISABLE_DEVELOPER_MODE.
Flag name should be consistent with others in vb2_context_flags.
VB2_DISABLE_DEVELOPER_MODE should be removed in subsequent CL.
BUG=b:124141368
TEST=Build locally
BRANCH=none
Change-Id: I42260205e9e27b4bd382cdf69962917d41ca882a
Reviewed-on: https://chromium-review.googlesource.com/1460645
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename VB2_SD_DEV_MODE_ENABLED to VB2_SD_FLAG_DEV_MODE_ENABLED.
Flag name should be consistent with others in vb2_shared_data_flags.
VB2_SD_DEV_MODE_ENABLED should be removed in subsequent CL.
BUG=b:124141368
TEST=Build locally
BRANCH=none
Change-Id: I301a43ac6bc7c825a7cb9f9b47f57ed330ba2294
Reviewed-on: https://chromium-review.googlesource.com/1460644
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Tested-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many firmware developers will try to flash a local built firmware (i.e,
DEV key signed) on a MP device (with write protection enabled).
The updater used to provide feedback like:
ERROR: verify_keyblock: Failed verifying key block.
INFO: Current (RO) firmware image has root key: ade780ffd0...732867181bae
WARNING: Target (RW) image is signed by rootkey: b11d74edd2...e1135b49e7f0.
ERROR: RW not signed by same RO root key
>> FAILED: Firmware updater aborted.
This is correctly identifying the root cause, but not helpful for
developers to figure out what to do, and may be confused with the DEV
re-key safety check (which needs --force).
Also, when developers try to do "--mode=factory --force", the message
was:
updater_setup_config: Factory mode needs WP disabled.
Where the 'WP' is again not clear enough.
With this change, we're improving the error messages so that:
- Being consistent on 'root key' instead of 'rootkey'.
- Being consistent for having period for error messages, except those
ended with root key hash (for easier copy-paste).
- Say 'Write Protection' instead of 'WP'.
- When re-keying with WP enabled, print a better hint:
"To change keys in RO area, you have to first remove write protection
(https://goo.gl/ces83U)."
BUG=None
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=none
Change-Id: Ia74d7b113766d09428a4d0897918b4f17b4afae7
Reviewed-on: https://chromium-review.googlesource.com/1465709
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Matthew Blecker <matthewb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cgpt's C/C++ bindings use non-const char* parameters leading to
compiler errors if a user attempts to pass a const char* parameter
rather than creating an unnecessary mutable copy.
Since the code doesn't need to modify the parameters, change them to
const char* to make the library easier to use.
BUG=none
TEST=builds and test cgpt cli tool on-device.
CQ-DEPEND=CL:1460081
BRANCH=none
Change-Id: I6552db159e3dc4d9d07bb889a3f1e4e890b33cb0
Reviewed-on: https://chromium-review.googlesource.com/1459848
Commit-Ready: Fletcher Woodruff <fletcherw@chromium.org>
Tested-by: Fletcher Woodruff <fletcherw@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We've dropped the chromeos_arm driver on recent kernels. Now, if you
name the GPIO as RECOVERY_SW_L (e.g., in the Device Tree), crossystem
can pick it up directly.
BRANCH=none
BUG=chromium:897992, b:116761006
TEST=crossystem recoverysw_cur on ARM with 4.14+ (without chromeos_arm
driver)
Change-Id: I20fb1aa310268a60070bd6c8914c4d58e5760cf8
Reviewed-on: https://chromium-review.googlesource.com/1448395
Commit-Ready: Brian Norris <briannorris@chromium.org>
Tested-by: SANTHOSH JANARDHANA HASSAN <sahassan@google.com>
Tested-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
|
