| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In old factory branch the compiler, dependency libraries and default
CFLAGS settings were different so we have to hack for FTW.
Also static build (futility_s) needs +static-libs to openssl so let's
disable that.
Also add libzip to tests.
BUG=b:119292628
TEST=emerge-$BOARD vboot_reference; sudo emerge vboot_reference
Change-Id: I43a29bb317d7af84013bbe734f7326a756688e9d
Reviewed-on: https://chromium-review.googlesource.com/c/1346590
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Trybot-Ready: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1588017
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1593206
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To simplify the migration plan, we want to support the legacy arguments
used by FAFT and factory test "UpdateFirmware":
--noupdate_ec => --host_only
--noupdate_pd => --host_only
--nocheck_keys => --force
--update_{main,ec,pd} => ignore
BUG=chromium:882445,b:118509893,b:130401936,chromium:953993,b:130115628
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I31652806085937fe5ca2f2facc7321021977cbb7
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1310253
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1577346
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1588019
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1593205
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Starting from GBB 1.2, a digest is stored in GBB and must be updated
whenever the HWID string is changed.
In shell script version of updater, the digest is automatically updated
when we do "futility gbb -s --hwid=XXX", but in native updater
implementation we only updated the HWID string and left digest
unchanged, this leaves devices generating wrong PCR1 values.
`cmd_gbb_utility` updates the digest by calling `update_hwid_digest`
using vboot1 structure, so we should introduce a new vboot2 friendly
function, `vb2_change_hwid`, which changes both HWID string and digest
at same time.
Note this has no impact for end user's devices with write protection
enabled. Only changes dogfood units AU results.
BUG=b:122248649
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=none
Change-Id: I6ad2754e6df3c9dd66d71c560a2afc26d14eae33
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1411949
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1588018
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1593204
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The factory branches may need to run firmware updater extracted from
newer release images which relies on 'futility update' to run.
This change collects all related changes:
85974d01 futility: Add 'Error' utility macro
eee33827 futility: Add 'update' command for updating firmware
22266d1f futility: cmd_update: Support loading image files by -i, -e, --pd_image
6d30a78a futility: cmd_update: Process FMAP and parse image version
035f0da2 futility: cmd_update: Access system firmware using external flashrom
039ad74d futility: cmd_update: Add '--emulate' option
e04be109 futility: cmd_update: Implement updater logic "FULL UPDATE".
0a368cac futility: cmd_update: Add "system property" and '--sys_props' to override
8017381e futility: cmd_update: Implement updater logic "RW UPDATE".
b77e2548 futility: cmd_update: Add 'mainfw_act' system property
6b1ead30 futility: cmd_update: Implement updater logic "TRY-RW" (--try)
eb0c9caf futility: cmd_update: Preserve image sections before update
9f27a900 futility: cmd_update: Check contents before starting to update
e25ffef4 futility: cmd_update: Use real system write protection status
f7b99d00 futility: cmd_update: Add vboot1 updater logic
b0f5a8f9 futility: cmd_update: Check platform compatibility before updating
c13d39fa futility: cmd_update: Check TPM key versions before updating
ede6a006 futility: cmd_update: Check RO and RW signing compatibility before updating
8b86ee5d futility: cmd_update: Add more legacy updater options
6a867bc4 futility: cmd_update: Correct updating logic for RW_LEGACY
27fc2478 futility: cmd_update: Preserve sections blocked by management engine
35c99021 futility: cmd_update: Revise debug and error message macro
b5a4e47c futility: cmd_update: Correctly handle error counter
50cf198c futility: cmd_update: Add new 'legacy' mode
da4e823f futility: cmd_update: Create and remove temporary files properly
1bb66a0c futility: cmd_update: Add --quirks for device-specific hacks
b4243c6b futility: cmd_update: Add quirk 'enlarge_image'
c3c9ae6a futility: cmd_update: Add quirk 'unlock_me_for_update'
382375b3 futility: cmd_update: Add quirk 'min_platform_version'
cabd2f8c futility: update: Fix update failure in factory mode due to wrong WP logic
ac8cb8dd futility: update: Add legacy option '--factory'
d6f7c16b futility: update: Skip TPM check if tpm_fwver is not valid.
f6198074 futility: update: Preserve new sections: RO_PRESERVE and RW_PRESERVE
f67b991a futility: update: Preserve RO_FSG
ee96e741 futility: update: Preserve RW_ELOG
b07165b5 futility: update: Allow tpm_fwver=0 and allow --force to waive TPM check
5a5be0c7 futility: update: Revise error messages
ba73f35e futility: update: Refactor 'emulation' (--emulate).
eb166257 futility: update: Add --programmer to override flashrom programmer for servo
5fa5e3b9 futility: update: Refactor: move updater logic to 'updater.c'
243e2115 futility: updater: Refactor: move command line processing to cmd_update.c
e7bcda54 futility: updater: Refactor: localize temp files management
8810b089 futility: updater: Refactor: move quirks to 'updater_quirks.c'
a1bfb650 futility: updater: Add default quirks
a2b9e356 futility: updater: Add quirk 'daisy_snow_dual_model' for daisy_snow
ba30c93b futility: updater: Preserve SMMSTORE and add quirk 'eve_smm_store'
38d06701 futility: updater: Support reading main image from stdin
f1609b8c futility: updater: Revise verbosity and error messages
fabf760f futility: updater: Add ASPRINTF macro
7aa34302 futility: updater: Refactor function names
077026fd futility: updater: Add '--archive' to read from an archive or directory
f7c44a32 futility: updater: Refactor how arguments were configured
1847ba4f futility: updater: Add --manifest to scan and print archive info
a71e0ccd futility: updater: Allow patching rootkey and vblock files
2ae23df7 futility: updater: Change default model name to FWID platform name
3d615c91 futility: updater: Do not preserve GBB flags in --factory mode.
10b3d4ed futility: updater: Add '--model' and select images by system model
622c35aa futility: updater: Support white label from VPD and --signature_id
c6781206 futility: updater: Support --mode=output and --output_dir
fb947ae0 futility: update: Add `--host_only` argument
67d66f18 futility: updater: Support --repack and --unpack
1f489393 futility: updater: Fix model detection error
BUG=chromium:882445
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I6c14133f59561a422a190b17fa8ff7e79c45d953
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1348510
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1588016
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1593203
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that we have support for the IGNOREME signature in cgpt, we need a
way to set it on an existing disk. The easiest option is to shoehorn
this into the cgpt legacy command, because that's already made to modify
GPT header signatures (really, it would be nice to rename it to cgpt
signature or something, but let's not break existing uses for now).
BRANCH=None
BUG=chrome-os-partner:52595
TEST=unit tests
Change-Id: If2835fec28a9c39373abd050e2e057f73e5ec700
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/340073
Reviewed-by: Nam Nguyen <namnguyen@google.com>
(cherry picked from commit 44877dbd76890cc11520aba6eec1e1aa82f99f5d)
Reviewed-on: https://chromium-review.googlesource.com/398909
Commit-Queue: Shunqian Zheng <zhengsq@rock-chips.com>
Tested-by: Shunqian Zheng <zhengsq@rock-chips.com>
Reviewed-by: Philip Chen <philipchen@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes cgpt aware of a special "IGNOREME" GPT header signature
string that may appear in either the primary or the secondary GPT and
cause cgpt (and other cgptlib clients) to completely ignore that GPT. It
will continue to function correctly for all other purposes (using the
data from the non-ignored GPT), but never write any data back to the
ignored GPT.
BRANCH=None
BUG=chrome-os-partner:52595
TEST=unit tests
Change-Id: I7e53542385ae9d8d24dc25b75e91f4ff4917f66f
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/340072
Reviewed-by: Nam Nguyen <namnguyen@google.com>
(cherry picked from commit fd6da8626f1a7374c3d0f2dd8deb389d69e8ae07)
Reviewed-on: https://chromium-review.googlesource.com/398908
Commit-Queue: Shunqian Zheng <zhengsq@rock-chips.com>
Tested-by: Shunqian Zheng <zhengsq@rock-chips.com>
Reviewed-by: Philip Chen <philipchen@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The point of having two GPTs is to always have a known good one if one
of them gets corrupted. One of the most obvious ways that could happen
is if the write stopped half-way through (e.g. due to a crash or random
power loss).
Unfortunately, the way we currently save modified GPTs can leave both
copies invalid if we stop writing at just the wrong time. Since a GPT
header contains a checksum over the GPT entries, we need to write both
the header and entries for one GPT (and make sure they're synced to
disk) before we start writing the other.
BRANCH=None
BUG=chrome-os-partner:52595
TEST=None
Change-Id: I2d4b56bcfba9a94395af5896f274ebade9e39081
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/340071
Reviewed-by: Nam Nguyen <namnguyen@google.com>
(cherry picked from commit 5de0000ece70bf419130db9bdbaf444ffc98bf30)
Reviewed-on: https://chromium-review.googlesource.com/398666
Commit-Queue: Shunqian Zheng <zhengsq@rock-chips.com>
Tested-by: Shunqian Zheng <zhengsq@rock-chips.com>
Reviewed-by: Philip Chen <philipchen@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The firmware for the USB Type-C power adapters uses raw binary
blobs for the public keys and signatures instead of
readily-identifiable structs. We've been able to sign these
firmware images for some time, but verifying the result generally
required testing them on hardware.
This CL adds some futilty support for recognizing and verifying
those images too. It just tries various sig and hash algorithms,
until it finds a combination for which the image is
self-consistent (where the pubkey blob verifies the signature
blob).
BUG=none
BRANCH=none
TEST=make runtests
This change also adds additional tests for usbpd1 images. We
ensure that we correctly recognize and verify an MP-signed
firmware, plus test signing and verifying usbpd1 images using
multiple signature and hash algorithms.
Change-Id: I4fbe8b37a694992f635d5469ae1c2449b1610dfd
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/302415
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is to allow external entities using vboot library
(e.g. depthcharge) to utilize these operator functions to perform get
/ set operations on GPT entry.
BUG=chrome-os-partner:45670
BRANCH=None
TEST=Compiles successfully "sudo emerge vboot_reference" "emerge-smaug
vboot_reference". "make -j runtests" successful.
Change-Id: I9e34a2a7afeae6293a78424794797d5755950888
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/301475
Commit-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In recovery mode, the TPM may be bad / corrupt. This prevents access to
the soft developer switch stored in secdata. But it should not prevent
setting dev mode via GBB or context flags. Those flags may be set
during manufacturing or testing, and override the contents of secdata
anyway.
BUG=chrome-os-partner:45511
BRANCH=ryu
TEST=make runtests
Change-Id: I242714528203cc7cf78a714c660b7f8bbd0e04d0
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/300621
Commit-Ready: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=None
BUG=chrome-os-partner:44227
TEST='sign_official_build.sh recovery_kernel boot.img keys
boot.img.recovery-signed' works fine and able to boot in locked recovery mode
using fastboot boot.
Change-Id: Iabde28bb2068b8294fc3d03f2f771c63368ecbb5
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/300250
Commit-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a TPM goes from the disabled state to the enabled state, it must
reboot after being enabled, before it can be initialized. In vboot1,
TLCL was part of vboot and this was handled internally. In vboot2, the
caller must set a context flag, so that vboot can decide whether to
allow the reboot, or whether to go directly to recovery mode. This
check is necessary to handle the following cases:
1) The device is booting normally, but the TPM needs a reboot. This
should simply reboot, without going to recovery mode.
2) The device is booting in recovery mode, but the TPM needs a reboot.
If this is the first time it asked us, allow the reboot.
3) The TPM asked for a reboot last time, so we did. And it's still
asking. Don't reboot, because that runs the risk that whatever is wrong
won't be fixed next boot either, and we'll get stuck in a reboot loop
that will prevent recovery. Boot into recovery mode.
Add a new NvStorage bit to track whether the TPM requested a reboot on
the previous boot. That's better than what we did in vboot1, where we
used a special recovery request. Vboot1 couldn't track getting stuck in
a reboot loop in normal mode, only in recovery mode. The new code can
catch both.
BUG=chrome-os-partner:45462
BRANCH=ryu
TEST=make runtests
Change-Id: I2ee54af107275ccf64a6cb41132b7a0fc02bb983
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/300572
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(resubmit)
Previously crossystem assumed that mosys was located
in /usr/sbin. In Android mosys is currently located
in /system/bin. Using fixed paths as opposed to
'which' to prevent attacks where attacker could insert
mosys in PATH.
difference from previous commit:
Removed the allocation of duplicate arrays. Kept
with simplicity of original version, just returning
correct constant depending on detected platform.
BUG=chromium:527484
BRANCH=none
TEST=ran crossystem, crossystem fw_try_count/
fw_try_next, crossystem fw_try_count/fw_try_next=x
on smaug and daisy.
Change-Id: I923206db1411a9a35c9c8e3f9ede5016f49b5f26
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/299801
Reviewed-by: danny chan <dchan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Often the partitions we extract have extra space in them, but the dd
utility will still write out the excess zeros. That can mean we write
out hundreds of megs of data which could otherwise be skipped. We thus
waste a good amount of I/O and storage.
For now, only use this flag when extracting a partition to a new file
as this should be safe (there's no pre-existing data to clobber/merge).
BUG=chromium:530730
TEST=`./signing_unittests.py` passes
BRANCH=None
Change-Id: Ic32665cf7c38fc0a5efc3f8b227fa8ff408ca9e3
Reviewed-on: https://chromium-review.googlesource.com/299450
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This should speed up the copies significantly by using less disk
storage & I/O when the unpacked file is not sparse already. This
option has been in cp for a long time, and works in Ubuntu Precise
(coreutils-8.13) & Trusty (coreutils-8.21).
BUG=chromium:530730
TEST=`./signing_unittests.py` passes
BRANCH=None
Change-Id: I82192455a623eabf96abf4f25296f3dc0c129ca2
Reviewed-on: https://chromium-review.googlesource.com/299440
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
Reviewed-by: Amey Deshpande <ameyd@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than use the existence of the output as a marker for running the
gbb step, key off the loem index. We want to run it the first time and
not bother after that.
BUG=chrome-os-partner:44227
BRANCH=None
TEST=signer can still sign loem keysets
Change-Id: I26e9ccaf1333f769d6993a8e0d84c63644bb2597
Reviewed-on: https://chromium-review.googlesource.com/298980
Reviewed-by: David Riley <davidriley@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signing test of firmware for non-t210 targets fails when PKC
keys are present so separate devkeys into two keysets where only
one has the PKC key.
BUG=chrome-os-partner:44227
TEST=sign_official_build.sh nv_lp0_firmware tegra_lp0_resume.fw tests/devkeys-pkc tegra_lp0_resume.fw.signed versions.default
BRANCH=signer
Change-Id: Ie0670638d30d17692f1113b5a9f0309ea610d72a
Signed-off-by: David Riley <davidriley@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/298091
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "function" keyword is not portable -- use the normal function style.
The awk command uses a non-portable regex (the word anchor \>). Rework
it to avoid regexes entirely.
BUG=chromium:475101
TEST=keyset_version_check.sh works on a POSIX system
BRANCH=None
Change-Id: I5446f63aa9181d06da1898aafb8fab17f5042989
Reviewed-on: https://chromium-review.googlesource.com/296562
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signer was calling sign_official_build.sh in a manner that wasn't
being accepted correctly. Also add test keys from firmware branch.
BUG=chrome-os-partner:44227
TEST=sign_official_build.sh nv_lp0_firmware tegra_lp0_resume.fw tests/devkeys tegra_lp0_resume.fw.signed versions.default
BRANCH=signer
Change-Id: Icd298ac75e3da746220826dc2fb9cc2466e41f1d
Signed-off-by: David Riley <davidriley@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/297802
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new nvidia logic expects to have the "real" output filename and not
yet another temp path. Since sign_firmware.sh supports being passed in
the input as the output and doing in-place signing, just document it and
update the callers.
BUG=chrome-os-partner:44227
BRANCH=None
TEST=signer outputs pubkey.sha to the same location as the output firmware
Change-Id: Iadc5dc5aaace6be9e22ff2c55bfbc58b7e1b3ef0
Reviewed-on: https://chromium-review.googlesource.com/296574
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:44227
BRANCH=None
TEST=unittests run fine.
Change-Id: I7d623a22d73a1749ebebd323fe09cbbeb8cbd61e
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/296429
Commit-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If nv_pkc.pem file is present for a device, use nv_pkc_signing for
adding PKC signature in the firmware image.
BUG=chrome-os-partner:44227
BRANCH=None
TEST=unittests run fine. verified image boots on fused system.
Change-Id: I9b2f48da55137a0e4a75f23d16d3779be1aa94c8
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/296452
Commit-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update VBOOT2 to add work buffer too small error message.
BRANCH=none
BUG=None
TEST=Build and run on kunimitsu
Change-Id: Icb4b873e0c350a5667948e106c111356acab6a82
Signed-off-by: Lee Leahy <Leroy.P.Leahy@intel.com>
Reviewed-on: https://chromium-review.googlesource.com/295753
Commit-Ready: Leroy P Leahy <leroy.p.leahy@intel.com>
Tested-by: Leroy P Leahy <leroy.p.leahy@intel.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 26825b53dc914e4599767ae1e78fe731840027c1.
This looks like it breaks ARM systems by causing crossystem to crash freeing stuff.
BUG=chromium:523189
Change-Id: Ic1e1594519354e7b80424f5c66dc9bdb2605ec73
Reviewed-on: https://chromium-review.googlesource.com/295215
Reviewed-by: Eric Caruso <ejcaruso@chromium.org>
Commit-Queue: Eric Caruso <ejcaruso@chromium.org>
Tested-by: Eric Caruso <ejcaruso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=signer
BUG=chrome-os-partner:44227
TEST='sign_official_build.sh kernel boot_devsigned.img keys boot_resigned.img'
Change-Id: I805231ef4bd4ed86b35c0d7ca2d3fe1e704caabc
Signed-off-by: David Riley <davidriley@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/294954
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously crossystem assumed that mosys was located
in /usr/sbin. In Android mosys is currently located
in /system/bin. Using fixed paths as opposed to
'which' to prevent attacks where attacker could insert
mosys in PATH.
BUG=none
BRANCH=none
TEST=ran crossystem, crossystem fw_try_count/
fw_try_next, crossystem fw_try_count/fw_try_next=x
on link and smaug.
Change-Id: I9604f008d457147188dc852c173d5a184163b339
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/292314
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=signer
BUG=chromium:512940
TEST=Tested with the following command:
$ ./sign_official_build.sh base chromiumos_base_image.bin ../../tests/devkeys \
chromiumos_base_image_signed.bin ../../tests/devkeys/key.versions
Change-Id: Ife2284a6ca82f4306ca26278159859928c0ff2b5
Reviewed-on: https://chromium-review.googlesource.com/293636
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Amey Deshpande <ameyd@google.com>
Commit-Queue: Amey Deshpande <ameyd@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is useful for testing different configurations without repeatedly
reflashing the firmware, e.g.
# stop tcsd
# tpmc pcr 0
0000000000000000000000000000000000000000
# tpmc pcrextend 0 c42ac1c46f1d4e211c735cc7dfad4ff8391110e9
# tpmc pcr 0
865aedd337518e56f648440b81b4cbd9359fdff3
<reboot and try another value>
BUG=none
BRANCH=none
TEST=manual
Change-Id: Ie5814ca2a3a5cf5a0eaf0ffee0385315db09bf25
Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/289009
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Change offset 8 to hold all misc settings (fastboot, boot_on_ac
detect) instead of only fastboot settings.
2. Add flag to hold state of boot_on_ac_detect (If set to 1, AP should
start booting as soon as AC is connected in off-state).
BUG=chrome-os-partner:41680
BRANCH=None
TEST=Compiles successfully. make runtests successful.
Change-Id: I64b3fc69bd52cbcaf5899c953ccafa2e81b5b8a5
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/289900
Trybot-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Furquan Shaikh <furquan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ryu will store a hash of the GBB root key in a struct inside its boot
block. Add a vb2_ryu_root_key_hash struct for that.
If 'futility gbb_utility' is used to set the root key, also look for a
root key hash struct and fill it in. No error if not found, because
this needs to work on other platforms where the struct is not present.
This way, we don't need to change the signing scripts.
Added a --roothash option which can be used to check if the root key
hash is found, and if so, whether it's empty, valid, or invalid.
BUG=chromium:511405
BRANCH=ryu
TEST=manual
Take any existing image.bin.
cp image.bin image.orig
gbb_utility --roothash image.bin
- ryu root hash not found
Extract the root key
gbb_utility -k rootkey.bin image.bin
- exported root_key to file: rootkey.bin
Now, append a blank ryu root hash struct to it
echo '0000000: 5274 4b79 4861 7368 0100 0000 3000 0000' | xxd -r >> image.bin
echo '0000000: 0000 0000 0000 0000 0000 0000 0000 0000' | xxd -r >> image.bin
echo '0000000: 0000 0000 0000 0000 0000 0000 0000 0000' | xxd -r >> image.bin
Nothing is set yet
gbb_utility --roothash image.bin
- ryu root hash is unset
Setting the root key also sets the root hash
gbb_utility -s -k rootkey.bin image.bin
- import root_key from rootkey.bin: success
- calculate ryu root hash: success
successfully saved new image to: image.bin
See, it verifies
gbb_utility --roothash image.bin
- ryu root hash verified
Now, append a bad ryu root hash struct to it
cp image.orig image.bin
echo '0000000: 5274 4b79 4861 7368 0100 0000 3000 0000' | xxd -r >> image.bin
echo '0000000: 0001 0000 0000 0000 0000 0000 0000 0000' | xxd -r >> image.bin
echo '0000000: 0000 0000 0000 0000 0000 0000 0000 0000' | xxd -r >> image.bin
See, it fails
gbb_utility --roothash image.bin
- ryu root hash does not verify
Make sure the library doesn't contain the magic string
strings `which futility` | grep RtKyHash
(should be no output)
Change-Id: Ib46f93cac0f2b532bada4b187ae48efcf4926702
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/286237
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the GPIO controller ID that is used in the Skylake PCH
so it can properly export and use GPIOs that are exported
in VBNV for write protect.
BUG=chrome-os-partner:42560
BRANCH=none
TEST=verify crossystem output with and without WP enabled
Change-Id: Ic85c202bd0ca15c154c10481926ef18bafe3fac5
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/286827
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are two new GBB flags added (lid/fastboot) and we should update the
description in set_gbb_flags.
BRANCH=none
BUG=none
TEST=emerge-link vboot_reference
Change-Id: I0d16df03e9427ec1c8780fbb6be10c31eed9bf9e
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/286052
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the skylake-u and skylake-y vendor/device IDs so it can be
reported by crossystem.
BUG=chrome-os-partner:42560
BRANCH=none
TEST=run "crossystem platform_family" on glados
Change-Id: I5f9b92d404166e56d77cf8b0cd627a3a0b63bedf
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/286921
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For crossystem to work correctly on Strago/Cyan,
add Braswell string and correct GPIO offset
calculations.
In Braswell, write protect line is MF_ISH_GPIO_4
as encoded as 0x10016 where the GPEAST offset
(COMMUNITY_OFFSET_GPEAT) is 0x10000
BUG=chrome-os-partner:40835
BRANCH=None
TEST=test_that -b <strago/cyan> <IP> platform_Crossystem
Change-Id: I365f3d6ca9f3ac7ef50abb9b2ba13f184d39c100
Signed-off-by: John Zhao <john.zhao@intel.com>
Signed-off-by: Arindam Roy <arindam.roy@intel.com>
Reviewed-on: https://chromium-review.googlesource.com/274841
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Commit-Queue: Bernie Thompson <bhthompson@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sw_wpsw_boot was made for some feature that was almost never completed, and
only makes sense on Baytrail platforms. To prevent confusion we should address
that in the crossystem description.
BRANCH=none
BUG=chromium:508269
TEST=make test
Change-Id: I1fbc7a0e9e8c1f8503ae8ae9dfb6e80c8da892e3
Reviewed-on: https://chromium-review.googlesource.com/284425
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We may have been over-zealous earlier when trying to eliminate
references to mkbp. Since crossystem runs on all ChromeOS devices,
this re-adds "mkbp" back to mitigate the risk of encountering
problems on systems running newer versions of ChromeOS but with
older firmware.
BUG=chrome-os-partner:21097
BRANCH=none
TEST=Compiled for veyron_brain
Change-Id: Ia0086687fbc3a1195b062367ccb6ee5c41acd026
Signed-off-by: David Hendricks <dhendrix@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/282602
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This changes the string we look for in the devicetree on ARM
platforms to look for "cros-ec" (DT uses dashes instead of
underscores) instead of "mkbp".
BUG=chrome-os-partner:21097
CQ-DEPEND=CL:273347
BRANCH=none
TEST=with depthcharge patch applied, ran crossystem on newly
booted system and saw VBNV-related variables turn out the same.
Signed-off-by: David Hendricks <dhendrix@chromium.org>
Change-Id: Iac43f5381327eb878a8d0db606b78bb7bdce816f
Reviewed-on: https://chromium-review.googlesource.com/273391
Commit-Queue: Stefan Reinauer <reinauer@chromium.org>
Tested-by: Stefan Reinauer <reinauer@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:40196
BRANCH=None
TEST=Compiles successfully
Change-Id: Ic69834f2e23926e618349b5a56db549a290cd0c2
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/280922
Trybot-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Furquan Shaikh <furquan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When one of GPT headers is invalid the corresponding partition table
is not loaded and corresponding pointers in GptData are NULL.
GptRepair will try to memcpy one entries table to another which
results in SIGSEGV.
This change fixes it by freeing and then reallocating bad copy of
partition table. This potentially fixes problems which would occur
if two tables have different size.
Change that initially introduced this problem by not always allocating
secondary_entries:
https://chromium-review.googlesource.com/223800
TEST="cgpt repair" works where it previously didn't
TEST=make runtests
BUG=brillo:1203
BRANCH=none
Change-Id: Ibb2fcf33faa5ba157b0865d04c90ee3f26eee113
Reviewed-on: https://chromium-review.googlesource.com/276766
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Andrey Ulanov <andreyu@google.com>
Tested-by: Andrey Ulanov <andreyu@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When linking vboot_api_kernel4_tests, there are two VbBootNormal()
available, the gcc chooses the one in vboot_api_kernel4_tests.c and
the test passes, the clang chooses the one in vboot_api_kernel.c and
make the unittest fail. This CL makes the one in vboot_api_kernel.c
a weak symbol so that clang can choose the one in
vboot_api_kernel4_tests.c
BUG=chromium:498469
BRANCH=none
TEST=CC=x86_64-cros-linux-gnu-clang FEATURES='test'
emerge-amd64-generic vboot_reference
Change-Id: Ibcb78ee055fc9485dbc2bcc1d1cf98144a1a3b64
Reviewed-on: https://chromium-review.googlesource.com/276504
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Yunlian Jiang <yunlian@chromium.org>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows the caller to load the kernel partition and then pass it
to vboot for verification, rather than having vboot assume the kernel
partitions are all on a block storage device.
Next up, APIs for the caller to parse partition information from a GPT
(yes, that's cgptlib, but we'll make it more easily callable by
depthcharge).
BUG=chromium:487699
BRANCH=none
TEST=make -j runtests
Change-Id: I388085c7023f4c76d416f37df0607019bea844ac
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/275646
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BCB is bootloader control block. Add reasons specific to BCB:
1. In case of any error reading/writing BCB (internal FW error)
2. User-mode requested recovery via BCB (user-mode requested)
BUG=chrome-os-partner:40960
BRANCH=None
TEST=Compiles successfully
Change-Id: I0ac362ba7267a08313cb3077be686aa73367e53b
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/275222
Trybot-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Furquan Shaikh <furquan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The kernel data itself will be read and verified by a subsequent
change.
BUG=chromium:487699
BRANCH=none
TEST=make -j runtests
Change-Id: Ife4f8250493ec6457f91fda57ae8d4d7bf18ec89
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/274038
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This can be used by implementations that want to request vboot to
favor a particular kernel entry for booting without affecting the
checks for rollback protection and image verification.
CQ-DEPEND=CL:274716, CL:274932, CL:275171
BUG=None
BRANCH=None
TEST=Compiles successfully. make -j runtests successful.
Change-Id: I6a4600020354f5d4118c17f083c353c2585c4181
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/274558
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Commit-Queue: Nicolas Boichat <drinkcat@chromium.org>
Trybot-Ready: Nicolas Boichat <drinkcat@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
VbVerifyMemoryBootImage
Do not use values from the header or preamble until it is known to be
good.
BUG=None
BRANCH=None
TEST=Compiles successfully and VbVerifyMemoryBootImage returns early
for images with bad values in header.
Change-Id: Ic026f49292a139e0a04c2556ca9fa62ff277b18f
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/274141
Trybot-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Furquan Shaikh <furquan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch reintroduces a vb2_secdata->struct_version check similar to
the one that was removed in CL:244846. The CRC is not a reliable way to
detect zeroed buffers, so this check helps vboot fail earlier and more
clearly in certain situations.
BRANCH=kitty,smaug,storm,veyron
BUG=chrome-os-partner:40778
TEST=make runtests. Rebooted Jerry with 'mem w 0xff7601b0 0xfdb9', saw
that recovery reason was now 0x2b (VBNV_RECOVERY_VB2_SECDATA_INIT).
Change-Id: Ic4376d127e6d14d4ef9c2f53c83090040ca4cb68
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/274138
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for functions to request unlock and lock of devices in
response to fastboot oem unlock/lock commands. Unlock operation is
equivalent to enabling dev mode and lock operation is equivalent to
leaving dev mode. It is the responsibility of the caller to ensure
that user confirmation is obtained before unlock/lock operations.
BUG=chrome-os-partner:40196
BRANCH=None
TEST=Compiles successfully and fastboot lock/unlock operations work as
expected on smaug. Added tests to ensure lock/unlock operations are
covered. Verified using make -j runtests.
Change-Id: Ibafe75abdd1202473009208a414f3996d537db4f
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/273182
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Furquan Shaikh <furquan@chromium.org>
Trybot-Ready: Furquan Shaikh <furquan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:40196
BRANCH=None
TEST=Compiles successfully.
Change-Id: I4305436b2ae46254e4e8b12039ffed95634d62c2
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/273181
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Furquan Shaikh <furquan@chromium.org>
Trybot-Ready: Furquan Shaikh <furquan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use unused offset 8 for fastboot related flags.
BUG=chrome-os-partner:40196
BRANCH=None
TEST=Compiles successfully.
Change-Id: I6df0985924ba80cdcb68bb6b7658bf962f01287f
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/273180
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Furquan Shaikh <furquan@chromium.org>
Trybot-Ready: Furquan Shaikh <furquan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the lid is closed and external power is applied
the system may boot and shut down faster than required
for the OS to determine that things were alright.
In timed charging setups this led to systems ending up
to consider the current version broken because it "failed"
repeatedly.
Remain generic about the reason for not counting boots
since there may be more situations in which we want to
handle the situation optimistically.
BRANCH=none
BUG=chromium:446945
TEST=none
Change-Id: Iea350e3c98d5c00156da682e52c90a882ba017c0
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/249150
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|