| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce a new vboot context flag VB2_CONTEXT_DISABLE_TPM to indicate
whether TPM should be disabled before jumping to kernel. This allows us
to move the vb2ex_tpm_set_mode(VB2_TPM_MODE_DISABLED) call from vboot to
depthcharge. See CL:3653659 for details.
BUG=b:223662000, b:232743820
TEST=make runtests
TEST=emerge-cherry depthcharge
BRANCH=cherry
Cq-Depend: chromium:3653659
Change-Id: Ie7bcc3c7bf01346a3bc1f9e14b30017a4c3148ac
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3653207
Reviewed-by: Julius Werner <jwerner@chromium.org>
(cherry picked from commit d14e1c4b4ec45c8d23adf88aaff460d758275d66)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3655399
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the API function crosid_get_firmware_manifest_key from libcrosid
instead of "mosys platform model" to get the firmware manifest key.
Note: this leaves inconsistent terminology around "model" and
"firmware manifest key", which is quite intentional at the moment,
since the model is still the firmware manifest key for the time
being. Should we decide to change that in the future, we can do
further renaming in futility.
BUG=b:213251232
BRANCH=none
TEST=chromeos-firmwareupdate on delbin
run recovery on delbin
Cq-Depend: chromium:3364974
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Change-Id: I306ae444849e327ba208f52e34b584b571ef6a3c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3368704
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use pkg-config to link with libcrosid when it's available.
Note that when futility is compiled from the coreboot tree, libcrosid
won't be available, at least at the moment, so expose -DUSE_CROSID to
the C code so we know when we have it available.
BUG=b:213251232
BRANCH=none
TEST=emerge-volteer -j vboot_reference
"lddtree /build/volteer/usr/bin/futility" lists libcrosid
Cq-Depend: chromium:3367251
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Change-Id: I8e69c5ce4570ac9df72440d0a34b6b03b5a36e77
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3368703
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't need the MOUNT_ENCRYPTED_KEY_PATH after we replaced the stale
TPM simulator with the driver-level TPM simulator.
It's time to remove it.
BUG=b:203195852, b:174807059
BRANCH=none
TEST=crossystem clear_tpm_owner_request=1
Signed-off-by: Yi Chou <yich@google.com>
Change-Id: I7c1c9c16697b1bbda9adea13448fdb9cffd9cc7b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3358669
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Leo Lai <cylai@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The crossystem command would have potential race conditions when we
calling this command in parallel. Add a flock should prevent this
issue.
BUG=b:172876417
BRANCH=none
TEST=Firing multiple crossystem commands, and check result
Signed-off-by: Yi Chou <yich@google.com>
Change-Id: Ia9f8a73d5fd762c79088f350ea05d0dd540f3fc3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3358668
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Leo Lai <cylai@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SERVOD_PORT and SERVOD_NAME environment variables are both used by
dut-control to identify the servod instance to use. If SERVOD_NAME is
set, query the servo serial number just like when SERVOD_PORT is set.
BUG=None
TEST=futility --servo -i with SERVOD_NAME set
BRANCH=None
Change-Id: I0c656e25d4f5da67570e3ff7d6cf28fdca5ec1cf
Signed-off-by: Sam McNally <sammc@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3367518
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
For DT, servo_type reports ccd_gsc instead of ccd_cr50. Treat ccd_gsc
the same as ccd_cr50.
BUG=None
TEST=futility update --servo -i
BRANCH=None
Change-Id: I27f5ea7ccc70fd1a247b844a9929aed7a133ebb3
Signed-off-by: Sam McNally <sammc@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3367517
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix flags missed in CL:3306615.
BUG=b:206031372
TEST=make runtests
TEST=sudo emerge-guybrush sys-boot/depthcharge
BRANCH=none
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: Idbb205bb9e14f44a10806785fb9f7b29572f0626
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3347667
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Jakub Czapiga <czapiga@google.com>
Commit-Queue: Jakub Czapiga <czapiga@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:207808292
BRANCH=none
TEST=`make`
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: I98f1a2566ef50b2c7b1376141bb2f1c096b710a6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3358664
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Nikolai Artemiev <nartemiev@google.com>
Commit-Queue: Nikolai Artemiev <nartemiev@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2lib used vb2_api_allow_recovery() to differentiate between manual and
non-manual recovery in 2kernel and UI related areas.
With introducing the ctx->boot_mode, we could decide if it is a manual
recovery or a broken screen (a.k.a non-manual recovery in the original
design) once in vb2api_fw_phase1 and use this boot mode instead for
further justifications.
Also deprecate the sd flag VB2_SD_FLAG_MANUAL_RECOVERY and use the boot
mode instead to determine if it is a manual recovery boot.
BUG=b:181931817
BRANCH=none
TEST=make clean && make runtests
TEST=emerge coreboot vboot_reference depthcharge
Cq-Depend: chromium:3282875
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: Ief4ff6cf82285c5857f0051c1f348ad0f269b4a8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3121926
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL is a minor fix of comments from CL:3168437.
Since we have more and more steps below vb2_check_recovery in 2api:
vb2api_fw_phase1, remove the text 'two' in the comments.
BUG=none
BRANCH=none
TEST=none
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: I2e13281adc127166954fde34a40f3a8b1d5d42ba
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3359103
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some users of futility do not need flashrom support such
as upstream coreboot. Allow for explicitly enabling the
paths.
BUG=b:203715651,b:209702505
BRANCH=none
TEST=builds
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: I61095bf91e3d01bd008d3b790478a590758e88cd
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3350299
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
Commit-Queue: Hsuan Ting Chen <roccochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
project-cheets-private CL: crrev/i/4381092
BUG=b:208763957
TEST=arc.AppLoadingPerf, etc.
BRANCH=none
Signed-off-by: Satoshi Niwa <niwa@google.com>
Cq-Depend: chrome-internal:4381092
Change-Id: I95fe539294793f6894a8e4cd8e2bde4bbcf43c04
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3351476
Reviewed-by: Ryo Hashimoto <hashimoto@chromium.org>
Tested-by: Satoshi Niwa <niwa@chromium.org>
Auto-Submit: Satoshi Niwa <niwa@chromium.org>
Commit-Queue: Satoshi Niwa <niwa@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Separate out all the flashrom worker code used in futility
to allow for later building a futility without flashrom
support.
BUG=b:203715651,b:209702505
BRANCH=none
TEST=builds
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: I938141056424f8f93a598bbb288ee7c8770edc95
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3350298
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In depthcharge, display availability is checked as part of performing
AUX FW update. In vboot tests, display availability is checked as part
of checking for the AUX FW update. Match the test behavior with the
implementation in depthcharge.
BUG=b:210127173
BRANCH=None
TEST=Ensure that all the tests passed successfully using the following
command:
cros_workon_make --board=dedede vboot_reference --test
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Change-Id: Ifc58f94bd64c3a90f80e40d97de8938a04dcba6f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3346284
Tested-by: Karthikeyan Ramasubramanian <kramasub@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Commit-Queue: Bob Moragues <moragues@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some platforms go through extra resets on cold boots. On an update scenario
involving GSC & PD firmware updates, this extra reset depletes the
fw_try_count of 6. This leads to device falling back to old FW slots.
Increase the fw_try_count to 8 to handle extra resets.
BUG=b:190207306
BRANCH=dedede, volteer
TEST=Build and boot to OS in Drawlat. Ensure that the AP + EC + ME + PD
FW updates are applied and the system was able to boot to OS
successfully - https://paste.googleplex.com/4966135716904960.
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Change-Id: I8bb5507d2351cf1511fda773876dedbe098b5c44
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3345900
Reviewed-by: Evan Green <evgreen@chromium.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: Karthikeyan Ramasubramanian <kramasub@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Bob Moragues <moragues@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In normal/secure mode, display is not always available. Hence aux
firmware updates request reboot to initialize the display so that slow
firmware update screen can be displayed. Since this error is not
handled, the concerned firmware slot is marked as failed. This leads to
devices in the field not picking FW updates and falling back to old FW
slot. Handle VB2_REQUEST* error codes, so that the device reboots to
initialize the display.
BUG=b:210127173
BRANCH=dedede, volteer, zork, trogdor, keeby
TEST=Build and boot to OS in Drawlat. Ensure that the AP + EC + ME + PD
FW updates are applied and the system was able to boot to OS
successfully - https://paste.googleplex.com/4966135716904960.
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Change-Id: I2b7bdd830a1141ee59e25204bf4f77adba58b679
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3344277
Tested-by: Karthikeyan Ramasubramanian <kramasub@chromium.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Evan Green <evgreen@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Bob Moragues <moragues@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are multiple flashrom calling wrapping code implementations
within vboot_ref. Work towards making a singular canonical
implementation.
BUG=b:207808292
BRANCH=none
TEST=`make`
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: I8e133a11b777b4e80bb4e43a64a5349956cef8eb
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3325329
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Nikolai Artemiev <nartemiev@google.com>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "RO_SECTION" FMAP area is a parent area that contains multiple
nested areas, including the "COREBOOT" area containing the actual RO
CBFS. On some platforms the "COREBOOT" area may be the first area in
"RO_SECTION", and therefore the start offsets would be equal and
`cbfstool -r RO_SECTION` would accidentally do the right thing -- but
this is not true for all platforms and may break elsewhere.
I don't know what this code does or how to test it but I assume fixing
this issue is a good thing.
BRANCH=None
BUG=None
TEST=None
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ica281af75299e06c36e2f0437d2b1fcc6c0731e8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3299058
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit f0ba3fe277fdc623565eab0725aed743e24a1a44.
Reason for revert: We can try another reland after the coreboot
CL https://review.coreboot.org/c/coreboot/+/58253 is
downstreamed and the guybrush psp_verstage.bin is signed again.
Original change's description:
> Revert "2api: Add vb2_boot_mode in vb2_context denoted the current boot mode"
>
> This reverts commit 2cf76574dbf57c70da3a835f2a45d5619dc058f5.
>
> Reason for revert: b:202258389
>
> Original change's description:
> > 2api: Add vb2_boot_mode in vb2_context denoted the current boot mode
> >
> > Add enum vb2_boot_mode which denotes the most relevant boot mode between
> > normal, manual recovery, broken recovery, diagnostic, and developer.
> >
> > The boot mode constant stores in vb2_context, is exposed externally, and
> > decided in vb2api_fw_phase1.
> >
> > Split out the logic of manual recovery and broken screen. (The broken
> > recovery is a recovery boot with !vb2api_allow_recovery)
> >
> > Add the fifth boot mode, diagnostic boot mode
> >
> > A boot could match more the one boot mode, this api will pick the most
> > relevant boot mode based on the following order:
> > 1. Manual recovery boot
> > 2. Broken recovery boot
> > 3. Diagnostics boot
> > 4. Developer boot
> > 5. Normal boot
> >
> > This constant is used in:
> > * lib/vboot_api_kernel.c: VbSelectAndLoadKernel()
> > * lib/vboot_kernel.c: replace the original vb2_boot_mode
> > * coreboot/bootmode for adding elogs
> >
> > Also bump the vb2sd minor version from 0 to 1.
> >
> > BUG=b:185551931, b:177196147, b:181931817
> > BRANCH=none
> > TEST=CC=x86_64-pc-linux-gnu-clang;
> > make clean && make runtests
> > TEST=emerge coreboot vboot_reference depthcharge
> >
> > Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
> > Change-Id: I421e4d51c261ba2bdec996a5fb2ebccb33513fa4
> > Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2944250
> > Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
>
> Bug: b:185551931, b:177196147, b:181931817
> Change-Id: Ic184a24f5b580bcaf40d75045476ae77c674dd3d
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3209725
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Commit-Queue: Bhanu Prakash Maiya <bhanumaiya@google.com>
Bug: b:185551931, b:177196147, b:181931817
Change-Id: Ie480bf76eb0164f6e498b72e0533cd5c5762d6f6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3274699
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
Tested-by: Hsuan Ting Chen <roccochen@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Hsuan Ting Chen <roccochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit b9644352d7717d4f564be90aac6c41bef583d930.
Reason for revert: We can try another reland after the coreboot
CL https://review.coreboot.org/c/coreboot/+/58253 is
downstreamed and the guybrush psp_verstage.bin is signed again.
Original change's description:
> Revert "2lib/2api: Deprecate vb2ex_ec_trusted()"
>
> This reverts commit 7c73bb07fd3ca45ce650b993a9c6a5850ddb2707.
>
> Reason for revert: b:202258389
>
> Original change's description:
> > 2lib/2api: Deprecate vb2ex_ec_trusted()
> >
> > coreboot will support check the EC_IN_RW during verstage_main(), which
> > performs the equivalent tasks as vb2ex_ec_trusted().
> >
> > In the previous CL, we remove the check of vb2ex_ec_trusted(), so the
> > whole implementation of this function among vboot_reference and
> > depthcharge could be deprecated and removed.
> >
> > BUG=b:181931817
> > BRANCH=none
> > TEST=CC=x86_64-pc-linux-gnu-clang;
> > make clean && make runtests
> > TEST=emerge coreboot vboot_reference depthcharge
> >
> > Cq-Depend: chromium:3139956
> > Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
> > Change-Id: I4f592d7dec2480475762e1336791cbb34fa143ba
> > Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3139539
> > Reviewed-by: Julius Werner <jwerner@chromium.org>
> > Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
>
> Bug: b:181931817
> Change-Id: Ia127ce89b7f9413db9fd6ca4561ad06efb36d7e1
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3211006
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Commit-Queue: Bhanu Prakash Maiya <bhanumaiya@google.com>
Bug: b:181931817
Cq-Depend: chromium:3275254
Change-Id: I2c4db28b5800e5756f6f12b8bf69924f373a5c58
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3274698
Tested-by: Hsuan Ting Chen <roccochen@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Hsuan Ting Chen <roccochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 1269365169791c65a6bf6f364583209195874138.
Reason for revert: We can try another reland after the coreboot
CL https://review.coreboot.org/c/coreboot/+/58253 is
downstreamed and the guybrush psp_verstage.bin is signed again.
Original change's description:
> Revert "2lib: Use ctx flag VB2_CONTEXT_EC_TRUSTED instead of vb2ex_ec_trusted"
>
> This reverts commit 8aded7005e2830f54cf53b329946cbb1f11548f2.
>
> Reason for revert: b:202258389
>
> Original change's description:
> > 2lib: Use ctx flag VB2_CONTEXT_EC_TRUSTED instead of vb2ex_ec_trusted
> >
> > In vb2api_allow_recovery(), we need to check if EC is trusted for
> > booting into manual recovery mode. This was implemented by a function
> > vb2ex_ec_trusted() which defined in vboot_reference and implemented in
> > depthcharge by reading the corresponding EC_IN_RW GPIO flags.
> >
> > By introducing new boot mode architecture, coreboot will now calling
> > these functions to determine the current boot mode and support the
> > similar functionalities about checking if EC is trusted (i.e. EC is not
> > in RW).
> >
> > We leverages the existing ctx flag VB2_CONTEXT_EC_TRUSTED for fulfilling
> > this. This flag will be set at coreboot vboot_logic.c:verstage_main()
> > and can be used deciding the boot mode in vboot_reference:
> > vb2api_fw_phase1() and is cleared while EC jumps to RW (i.e.
> > 2ec_sync.c:sync_ec()).
> >
> > BRANCH=none
> > BUG=b:181931817
> > TEST=emerge-trogdor coreboot vboot_reference depthcharge
> >
> > Cq-Depend: chromium:3088889
> > Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
> > Change-Id: I50f35f48ce75e421094ea21e45c24b82e6e55a6c
> > Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3106329
> > Reviewed-by: Julius Werner <jwerner@chromium.org>
> > Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
>
> Bug: b:181931817
> Change-Id: I11ae3b2d71c040dfe45b34f74974845dafa92b42
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3211007
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Commit-Queue: Bhanu Prakash Maiya <bhanumaiya@google.com>
Bug: b:181931817
Cq-Depend: chromium:3284392
Change-Id: Ie7d87b6608631b03f31651eacf9b40f8f891da1a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3274604
Tested-by: Hsuan Ting Chen <roccochen@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Hsuan Ting Chen <roccochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a shortcut to enable and disable earlycon and serial console.
Earlycon requires to setup the correct parameter in stdout-path for
ARM/ARM64 or SPCR table for x86.
BRANCH=none
BUG=b:168171144
TEST=./make_dev_ssd.sh -i $image --enable_earlycon (--disable_console)
Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
Change-Id: Ifc39c825bf0830bca9d72668b8451aff64708071
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2423643
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since all the functions that use these two enums are already removed,
these enums can be deleted as well.
BUG=b:172339016
TEST=DEBUG=1 make -j test_setup && make -j runtests
BRANCH=none
Cq-Depend: chromium:3142709
Signed-off-by: edisonhello <edisonhello@google.com>
Change-Id: I1de42569e0f030b612ec3c6d00575a7efdcfdab9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3144447
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After UI code is centralized, these functions are not used in vboot
anymore. Remove these two functions.
BUG=b:172339016
TEST=DEBUG=1 make -j test_setup && make -j runtests
BRANCH=none
Cq-Depend: chromium:3142705
Signed-off-by: edisonhello <edisonhello@google.com>
Change-Id: If773de4bbe835cb75f76c501429f305ef8d4fec4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3144446
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Until now some variables had to be unset or set to NULL to disable their
respective features. This patch makes it possible to disable variables
by passing zero as a value.
BUG=b:206031372
TEST=make runtests
TEST=sudo emerge-guybrush sys-boot/depthcharge
BRANCH=none
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: I1c254ac8ea3237615a20334ba6a66c09a4abd791
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3306615
Tested-by: Jakub Czapiga <czapiga@google.com>
Auto-Submit: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Jakub Czapiga <czapiga@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DETACHABLE and PHYSICAL_PRESENCE_KEYBOARD are unused in the code and can
be removed from the Makefile.
BUG=b:206031372
TEST=make runtests
BRANCH=none
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: I6d91f8bfa8342c95959014c3a0efcccf02f1d915
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3306614
Tested-by: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Jakub Czapiga <czapiga@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch extends create_new_keys.sh to generate two additional key
pairs to use for AP RO verification signing. Both new pairs are
RSA4096/SHA256.
The script was ran to generate a new set of keys and the produced AP
RO verification key pairs were copied into tests/devkeys.
BRANCH=none
BUG=b:141191727
TEST=re-signed guybrush AP firmware image following the process
described in cmd_gscvd.c comments, created a Cr50 image
incorporating the new root public key hash, updated the DUT AP
and Cr50 firmware and observed successful AP RO validation.
Change-Id: I03cba1446fc5ffdfef662c5ce1ea3e61950477d4
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3297447
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unfortunately, CL:3168437 introduced a new problem when booting with a
broken TPM: secdata accessors no longer return failure but instead just
abort when booting in normal mode and continue when we're in recovery
mode. The problem is that when accessing secdata very early in
vb2api_fw_phase1(), we have not decided whether we're booting in
recovery mode yet. If vb2_secdata_firmware_init() fails, we will call
vb2api_fail() and then continue knowing that vb2_check_recovery() will
later see the recovery reason in NVRAM and decide to boot directly into
recovery from here. But if the code in-between accesses secdata, the
VB2_CONTEXT_RECOVERY_MODE flag is technically not yet set, so our
secdata accessor thinks we are booting in normal mode and something
terrible happened (because it shouldn't be possible to boot in normal
mode when secdata_init failed), so it aborts.
In order to try to solve this problem in a more general way, introduce a
new VB2_SD_STATUS_RECOVERY_DECIDED status flag that gets set once we
reach the point where we have conclusively decided whether we are
booting into recovery mode and set the appropriate context flags. Any
code using VB2_REC_OR_DIE() before that point will play it safe and
assume that we may still go into recovery mode, so we shouldn't abort.
BRANCH=none
BUG=none
TEST=none
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ic3daa8dac932286257cbceebfff8712d25c3a97a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3301540
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This utility is used in key generation, so it really belongs in the SDK.
However, some autotests currently also want to generate keys on the DUT.
So let's just install it to both.
BUG=b:207452735
TEST=FEATURES=test emerge-dedede vboot_reference
TEST=sudo emerge vboot_reference && which dumpRSAPublicKey
BRANCH=none
Change-Id: Ic2395a10557773acffa22ea3c9a1e01cf581053b
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3299839
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current rules for 'utils_install_sdk' and 'utils_install_board'
individually install the required list of binaries and scripts. When
there are overlapping files in 'UTIL_NAMES_SDK' and 'UTIL_NAMES_BOARD',
the second executed rule will fail with duplicate installation.
Instead of having a single phony target that installs all the files,
define a rule 'util_install-<FILE>' for each file to ensure that each
one will be installed at most once.
BUG=b:207452735
TEST=make runtests
TEST=emerge-dedede vboot_reference
TEST=FEATURES=test emerge-dedede vboot_reference
TEST=sudo emerge vboot_reference
BRANCH=none
Change-Id: I24c23a61c4ff7de851bf11541bc46c963bf35c22
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3299836
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
writeprotect still requires sub-processing flashrom as
libflashrom currently lacks a API to perform this task.
Therefore simplify the remaining sub-process logic for
just this purpose.
BUG=b:203715651
BRANCH=none
TEST=cros deploy to nocturne and ran:
`/usr/sbin/chromeos-firmwareupdate --mode=recovery --wp=1`.
&& `$ cros_run_unit_tests --board nocturne --packages vboot_reference`.
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: I11c0f89997e3f47e97444cc8186823fa536b8d5d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3233704
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Nikolai Artemiev <nartemiev@google.com>
Reviewed-by: Sam McNally <sammc@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also drop colour support at reviewers request.
BUG=b:203715651
BRANCH=none
TEST=cros deploy to nocturne and ran:
`/usr/sbin/chromeos-firmwareupdate --mode=recovery --wp=1`.
&& `$ cros_run_unit_tests --board nocturne --packages vboot_reference`.
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: Ie1d1b1e8e304d21ac1df741a3b789cb49ede3556
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3244680
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Sam McNally <sammc@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BOOT_EXTERNAL_ON_DEV was not used anymore, so it was removed from the
Makefile and source code.
BUG=b:206031372
BRANCH=none
TEST=make runtests
TEST=emerge-guybrush depthcharge
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: I463a77f2de8f59954704495708025321ca1571d8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3289345
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Jakub Czapiga <czapiga@google.com>
Commit-Queue: Jakub Czapiga <czapiga@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use libflashrom API over sub-processing the flashrom CLI.
Squash in,
Use buffer instead of temp file in load_system_firmware().
BUG=b:203715651
BRANCH=none
TEST=cros deploy to nocturne and ran:
`/usr/sbin/chromeos-firmwareupdate --mode=recovery --wp=1`.
&& `$ cros_run_unit_tests --board nocturne --packages vboot_reference`.
Cq-Depend: chromium:3295109
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: Ib78f7aa6606adb8d5ce72282c55b8e3b9e3b3cde
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3247853
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Sam McNally <sammc@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Possible fix for flashrom trying to write whole flash.
BUG=b:207359246
BRANCH=none
TEST=builds
Signed-off-by: Nikolai Artemiev <nartemiev@google.com>
Change-Id: I69f40a46d3004a2cb4c675ff79854287f7f50766
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3295638
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow for specifying the 'dummy' programmer within tests over
directly using the host native programmer by ignoring the
specified programmer in the case of output mode for the
purpose of checking whether EC/PD images are being used.
BUG=b:203715651
BRANCH=none
TEST=builds
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: I8d3910569eed4ba9259012dbc05028d9f8dba8a3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3295888
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Sam McNally <sammc@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix updater_apply_white_label() to not assume "<none>" is
a valid file path. Also remove a redundant duplication of
a error branch.
BUG=b:203715651
BRANCH=none
TEST=builds
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: I373d6fac4210e2055f9717e2266e9e2820c40f45
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3295886
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Sam McNally <sammc@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use libflashrom API over sub-processing the flashrom CLI.
Squash in,
vboot_reference/futility: Use image layout as fallback
Use the layout encoding within the image as the fallback if
we cannot read it from ROM. Also cleanup error paths while
here.
BUG=b:203715651
BRANCH=none
TEST=cros deploy to nocturne and ran:
`/usr/sbin/chromeos-firmwareupdate --mode=recovery --wp=1`.
&& `$ cros_run_unit_tests --board nocturne --packages vboot_reference`.
Cq-Depend: chromium:3249690, chromium:3281062, chromium:3288610
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: I892aec510d8023abd42a07cbb036be79bc8b4498
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3247852
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Sam McNally <sammc@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The reven board's first stage bootloader (bootia32.efi/bootx64.efi) is
signed by Microsoft so that it can boot with the default UEFI Secure
Boot keys. These two files should not be modified by the signing
scripts.
Implement this by adding a third argument to sign_uefi.sh,
"efi_glob". This argument is set to "*.efi" by default, maintaining the
existing behavior. If the key dir matches "*Reven*", the glob is changed
to "grub*.efi".
Tested by running sign_official_build.sh on a reven base image, once
with a keys dir matching "*Reven*", once with it not matching. When the
keys dir matches Reven, grub*.efi is signed but boot*.efi is not. When
the keys dir does not match Reven, both grub*.efi and boot*.efi are
signed:
Matching "*Reven*":
platform/vboot_reference/scripts/image_signing/sign_official_build.sh \
base build/images/reven/latest/chromiumos_base_image.bin \
platform/vboot_reference/tests/Reven \
build/images/reven/latest/chromiumos_base_image.bin.signed
Not matching:
platform/vboot_reference/scripts/image_signing/sign_official_build.sh \
base build/images/reven/latest/chromiumos_base_image.bin \
platform/vboot_reference/tests/devkeys \
build/images/reven/latest/chromiumos_base_image.bin.signed
BUG=b:205145491
TEST=Build a reven base image and test as described above
BRANCH=none
Change-Id: Iec2800c276ca82bfd6e5b465ff821b11e0b0bb08
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3262479
Reviewed-by: Joseph Sussman <josephsussman@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove function VbExIsShutdownRequested, since this function is not used
in vboot anymore after UI code is centralized.
Remove VB_SHUTDOWN_* macros since they are not used in vboot now. These
macros will be added in depthcharge in the dependent CL.
BUG=b:172339016
TEST=DEBUG=1 make -j test_setup && make -j runtests
BRANCH=none
Cq-Depend: chromium:3142698
Signed-off-by: edisonhello <edisonhello@google.com>
Change-Id: I024b34212a5c9e42b880d51d21c7a90a6170b3c3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3143814
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new error type VB2_UI_ERROR_MINIOS_BOOT_FAILED for MiniOS boot
failure.
BUG=b:200750322
TEST=emerge-cherry depthcharge
BRANCH=none
Change-Id: Ia567c9ec735e7aae830ad311b2261e01fed53876
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3249590
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
Reviewed-by: Jae Hoon Kim <kimjae@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the context of device mapper (dm), use "mapped device".
BUG=b:179221734
TEST=make runtests
BRANCH=none
Change-Id: I9245d8482e59db93bfe6cdcaafa503038ae5c9e3
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3246662
Reviewed-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is in prep for removing the need for temp files.
V.2:
Move validation into parse_firmware_image()
BUG=b:203715651
BRANCH=none
TEST=cros deploy to nocturne and ran:
`/usr/sbin/chromeos-firmware --mode=recovery`.
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: Id61fcb0f53546a78085e0a367c21780c5885bc51
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3244679
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Sam McNally <sammc@chromium.org>
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Sam McNally <sammc@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=None
BRANCH=None
TEST=None
Change-Id: Id8d14bf0c878ead1b18d27488db0cfa5223652ad
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3238231
Tested-by: Furquan Shaikh <furquan@chromium.org>
Auto-Submit: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Dossym Nurmukhanov <dossym@chromium.org>
Commit-Queue: Dossym Nurmukhanov <dossym@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The strings in these variables usually don't contain any spaces, but on
some non-Google boards (e.g. Intel RVP) they do, so let's follow the
usual shell style and quote all the things.
BRANCH=none
BUG=b:202870010
TEST=None
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I90fac5c605c38eec704df0241d822a19210bfdf9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3221956
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The help text of the new subcommand is as follows:
-------
This utility creates an RO verification space in the Chrome OS AP
firmware image or allows to validate a previously prepared image
containing the RO verification space.
Usage: futilitygscvd PARAMS <AP FIRMWARE FILE> [<root key hash>]
Creation of RO Verification space:
Required PARAMS:
-R|--ranges STRING Comma separated colon delimited
hex tuples <offset>:<size>, the
areas of the RO covered by the
signature
-r|--root_pub_key <file> The main public key, in .vbpubk
format, used to verify platform
key
-k|--keyblock <file> Signed platform public key in
.keyblock format, used for run
time RO verifcation
-p|--platform_priv <file> Private platform key in .vbprivk
format, used for signing RO
verification data
Optional PARAMS:
[--outfile] OUTFILE Output firmware image containing
RO verification information
Validation of RO Verification space:
The only required parameter is <AP FIRMWARE FILE>, if optional
<root key hash> is given, it is compared to the hash of the body
of the root key found in <AP_FIRMWARE_FILE>.
-h|--help Print this message
-------
When creating GVD section, the sha256 hash of the root public key
payload is printed on stdout, this is the hash to include in the GSC
image to for the root key verification.
Code converting ASCII hex string into binary is refactored into a misc
function.
BRANCH=none
BUG=b:141191727
TEST=testing included the following steps:
. modified guybrush coreboot to allocate an 8KB RO_GSCVD area in
FMAP and built a guybrush BIOS image
. filled GVD space as described in the source file comments
. verified the created space as described in the source file comments
. verified AP RO integrity on the GSC size using crrev.com/c/3172256
Change-Id: I51a80be5007a32d5286b93499f71da84f41b3d81
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3174570
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add new rule 'install_dut_test' to deploy dut-specific tests to the
device. Any tests included in the rule will be installed into
/usr/share/vboot/tests/.
Especially vb2_sha256_x86_tests uses sha-ni extension, which might not
be available on some platforms. So it needs to be deployed to the dut
and run there.
BUG=b:162551138
BRANCH=none
TEST=build with modified ebuild on hana & guybrush
Signed-off-by: Kangheui Won <khwon@chromium.org>
Change-Id: I9c6e00c8a9aca192ae283560383417c1215c221f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3141250
Reviewed-by: Raul E Rangel <rrangel@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To support booting from the non-active miniOS partition in recovery UI,
add minios_flags argument to VbTryLoadMiniOsKernel. Currently there is
only one flag: VB_MINIOS_FLAG_NON_ACTIVE. When it is set, we will
attempt to boot from the non-active partition only.
BUG=b:200750322
TEST=make runtests
BRANCH=none
Cq-Depend: chromium:3219727
Change-Id: I6221f10c09de2487e89e6113981bc9e9755d67f4
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3219901
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Jae Hoon Kim <kimjae@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 8aded7005e2830f54cf53b329946cbb1f11548f2.
Reason for revert: b:202258389
Original change's description:
> 2lib: Use ctx flag VB2_CONTEXT_EC_TRUSTED instead of vb2ex_ec_trusted
>
> In vb2api_allow_recovery(), we need to check if EC is trusted for
> booting into manual recovery mode. This was implemented by a function
> vb2ex_ec_trusted() which defined in vboot_reference and implemented in
> depthcharge by reading the corresponding EC_IN_RW GPIO flags.
>
> By introducing new boot mode architecture, coreboot will now calling
> these functions to determine the current boot mode and support the
> similar functionalities about checking if EC is trusted (i.e. EC is not
> in RW).
>
> We leverages the existing ctx flag VB2_CONTEXT_EC_TRUSTED for fulfilling
> this. This flag will be set at coreboot vboot_logic.c:verstage_main()
> and can be used deciding the boot mode in vboot_reference:
> vb2api_fw_phase1() and is cleared while EC jumps to RW (i.e.
> 2ec_sync.c:sync_ec()).
>
> BRANCH=none
> BUG=b:181931817
> TEST=emerge-trogdor coreboot vboot_reference depthcharge
>
> Cq-Depend: chromium:3088889
> Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
> Change-Id: I50f35f48ce75e421094ea21e45c24b82e6e55a6c
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3106329
> Reviewed-by: Julius Werner <jwerner@chromium.org>
> Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Bug: b:181931817
Change-Id: I11ae3b2d71c040dfe45b34f74974845dafa92b42
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3211007
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Bhanu Prakash Maiya <bhanumaiya@google.com>
|
