| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CL:693008 changed check_ac_active so that we ask CR50 to verify EC
is in RO. While this is the right decision, on some platforms ECs
can't reset EC_IN_RW. This causes check_ec_active to set IN_RW
wrongly when EC is in RO after reboot.
This patch replaces VbExTrustEC with VbExEcRunningRW. If RW is
owned it may say it's in RO. Then, the software sync will proceed
and flash RW while the EC is running RW copy.
It also removes redundant checks for VbExTrustEC() when deciding
whether to allow developer mode to be enabled from the INSERT
screen. The INSERT screen can only be reached by manual recovery,
which resets the EC, we don't need to check again before going to
TODEV.
BUG=b:67976359
BRANCH=none
TEST=make runtests
Change-Id: Ide722146ca8683411dd9072a39387aa9531f6cfc
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/740878
(cherry picked from commit e5e03c6d50fd4c4a0cd95b68eeb52f0c8e98bfc6)
Reviewed-on: https://chromium-review.googlesource.com/747001
Reviewed-by: Scott Collyer <scollyer@chromium.org>
Commit-Queue: Aaron Durbin <adurbin@chromium.org>
Tested-by: Aaron Durbin <adurbin@chromium.org>
Trybot-Ready: Aaron Durbin <adurbin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is not necessary anymore and rendering is taken
care of in depthcharge.
BUG=b:35585623
BRANCH=None
TEST=reboot and scroll through menus and make sure that
rendering is still good.
Change-Id: I078751014c8f84fb2ee403b6895e9dfa58e758d6
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/731114
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's use the actual command/path used to call make_dev_ssd.sh,
instead of hard-coding './'.
BRANCH=none
BUG=none
TEST=/usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification
outputs a command that can just be copy-pasted:
sudo /usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification --partitions 4
(instead of:
sudo ./make_dev_ssd.sh --remove_rootfs_verification --partitions 4
)
Change-Id: I903f94acc1fb310926b149c1e79e4017bf513e27
Reviewed-on: https://chromium-review.googlesource.com/737810
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The signer has no concept of model and doesn't need to. From its
perspective, it is simply generating a signature block based on a set of
instructions.
Changing the comments and variable name to reflect this.
BUG=b:68141451
TEST=None
BRANCH=None
Change-Id: Ia2a3e4a5273a4bcd9c5645db2cf0db80af6c28cf
Reviewed-on: https://chromium-review.googlesource.com/733857
Commit-Ready: C Shapiro <shapiroc@google.com>
Tested-by: C Shapiro <shapiroc@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Print a debug error and beep when user tries to enable normal mode
when FORCE_DEV gbb flag is enabled.
BUG=b:67828898
BRANCH=None
TEST=Boot up with gbb flag 0x8 enabled. Select "Enabled OS
Verification" and select confirm. Should see error message
printed and a beep. Confirm switching to normal mode
screen will not appear.
Change-Id: Ic02558eb4a86555cebc9c1cd6972d0f0600b4ff1
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/730415
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If return value is not VBERROR_SUCCESS, return
with an error.
BUG=None
BRANCH=None
TEST=None
Change-Id: I1402277567b901701cdd68d74968e43e838c89da
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/707496
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Extend TlclGetVersion to return vendor specific data, if
requested.
2) Extend 'tpmc getver' to include vendor specific data.
BRANCH=none
BUG=chromium:771561
TEST=unit tests, running 'tpmc getver'
Change-Id: Ic04c242d4e6f33b45a80479be9ab9777b317ebe2
Reviewed-on: https://chromium-review.googlesource.com/706240
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The firmware updater relies on these, so include them.
BUG=chromium:772862
TEST=build works and futility_s includes new commands
BRANCH=None
Change-Id: I973e339d11df4d5b72f70d3a9e28916cca4ebbf6
Reviewed-on: https://chromium-review.googlesource.com/708236
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Depthcharge currently asks EC whether recovery was requested manually
or not without verifying EC is in RO or not. If EC-RW is compromised,
recovery switch state can be spoofed.
This patch makes Depthcharge check EC_IN_RW to determine whether EC
is in RO or not. Only if it's in RO and it says recovery button was
pressed at boot, we proceed to the recovery process.
All other recovery requests including manual recovery requested by a
(compromised) host will end up with 'broken' screen.
BUG=b:66516882
BRANCH=none
TEST=Boot Fizz. make runtests.
Change-Id: I01d2df05fe22e79bbc949f5cb83db605147667b3
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/693008
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
power button press is not being handled in broken screen
(VB_SCREEN_OS_BROKEN) if the user wants to exit out of it.
BUG=none
BRANCH=none
TEST=verified power button key functionality in
broken screen in Soraka board
Change-Id: I64cbb79479e3e0579aeec4e87894441acf26c9fa
Signed-off-by: Divya Chellap <divya.chellappa@intel.com>
Reviewed-on: https://chromium-review.googlesource.com/674886
Commit-Ready: Divya Chellappa <divya.chellappa@intel.com>
Tested-by: Divya Chellappa <divya.chellappa@intel.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Subrata Banik <subrata.banik@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Staff decided to leverage the key format of Hammer therefore this
script calls Hammer's one to generate a key pair and renames them to
key_staff*.
BUG=b:66889892
TEST=Run this script in the chroot and verify the generated key pair.
BRANCH=None
Change-Id: I73162efaba47a8c08336805130ced0be25ab262a
Reviewed-on: https://chromium-review.googlesource.com/688522
Commit-Ready: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=None
TEST=ran against local devkeys
BRANCH=None
Change-Id: Ib1c88ae187f12aad4531e9c22da6cda2af1503e3
Reviewed-on: https://chromium-review.googlesource.com/691340
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=None
TEST=ran against local devkeys
BRANCH=None
Change-Id: I76470e18ea2e66f6abb5a912c4055fc245cedc8a
Reviewed-on: https://chromium-review.googlesource.com/691339
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Android master puts that file at a different location, so use similar
logic to official signing script.
TEST="sign_android_image.sh passed locally for both caroline (NYC) &
caroline-bertha (master)."
BUG=b:65610114
BRANCH=none
Change-Id: If33bfbcaa7e6cff95f26ff26a91735c87880f3db
Reviewed-on: https://chromium-review.googlesource.com/686046
Commit-Ready: Garfield Tan <xutan@chromium.org>
Tested-by: Garfield Tan <xutan@chromium.org>
Reviewed-by: Victor Hsieh <victorhsieh@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On AMD Stoney Ridge systems, the pinctrl (gpiochip) driver label is
"AMD0030".
Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
BUG=b:65597554
TEST=w/ coreboot patches:
https://review.coreboot.org/#/c/21684/
https://review.coreboot.org/#/c/21614/
TEST=crossystem wpsw_cur
=> 0
BRANCH=None
Change-Id: Iab0a1a28dd3e42d55cf3b18503e2df0de7b8ad11
Reviewed-on: https://chromium-review.googlesource.com/685945
Commit-Ready: Daniel Kurtz <djkurtz@chromium.org>
Tested-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the channel is missing or has whitespace, the test triggers
errors in the script because the test command has bad quoting.
BUG=None
TEST=script no longer fails on an empty lsb-release
BRANCH=None
Change-Id: Ic2e6ab91ca4ec10c298d122aee1f7f7236b52bf2
Reviewed-on: https://chromium-review.googlesource.com/680059
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows for quick local testing by creating a dummy rootfs.
BUG=chromium:714598
TEST=signing images still works
BRANCH=None
Change-Id: If252b119fd64686b46e9989d55bedbd1eec45700
Reviewed-on: https://chromium-review.googlesource.com/680039
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Nothing needs this, just something I noticed while debugging.
BUG=None
TEST=`ensure_sane_lsb-release.sh` no longer complains about comment lines
BRANCH=None
Change-Id: Ia39e6461db79a387cc59e5f88ec1216984bb4d28
Reviewed-on: https://chromium-review.googlesource.com/680058
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=None
TEST=ensure_sane_lsb-release.sh errors now include the full string
BRANCH=None
Change-Id: I460ec5e2127a57e7576214fe8fde9e511f940755
Reviewed-on: https://chromium-review.googlesource.com/680038
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:765499
TEST=unittests pass
BRANCH=None
Change-Id: I5c5118c44897d89e5116a9fce49bacbf16704dd8
Reviewed-on: https://chromium-review.googlesource.com/668658
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:381862
TEST=run against a loem.ini file with blank lines doesn't barf
BRANCH=None
Change-Id: Icf8f8a3ba518ca0f4e64e6eee9c694d47fa32362
Reviewed-on: https://chromium-review.googlesource.com/679754
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: C Shapiro <shapiroc@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Selecting cancel from DEV_MENU should not set the selected_idx
to loc. It should be set to power off.
BUG=b:35585623
BRANCH=None
TEST=go to DEV_MENU, hit cancel and make sure that power off is
selected item
Change-Id: I8cae397c7174b5bd52a3a27736cd3d5a57412e63
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/667933
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:65546569
BRANCH=None
TEST=Boot into recovery, selection Disabled OS Verification.
Ensure that in next menu, Cancel is selected.
Also, setting default for TO_NORM menu to Confirm.
Change-Id: Ibf72ec15aa38b1b815be97a08cfe7c9ee2615390
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/665356
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add in check at TO_DEV menu screen to make sure that the navigation
keys (up/down, volup/voldown) are trusted. Beep when user tries to
use unstrusted keys (usb keyboard) in the TO_DEV menu so that the user
knows they're doing something wrong. USB keyboard return key will
still work in the TO_DEV menu.
BUG=b:65546569
BRANCH=None
TEST=test out using up/down keys in TO_DEV menu and make sure that
they are disabled and hear beeps.
Change-Id: Ifc7183c7ca35efaf079abb196a90ab7305380642
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/665355
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The auto update process (especially firmware updater) needs static vboot
utilitys but normal OS images, including recovery images, don't need
that. We should build both dynamic and static binaries at the same time
for images to choose what they need.
Currently only `crossystem` will build static version. And after this
change is merged:
(cd /build/reef/usr/bin; file crossystem*)
crossystem: ELF 64-bit LSB shared object
crossystem_s: ELF 64-bit LSB executable
(cd /build/reef/usr/bin; du -sh crossystem*)
40K crossystem
808K crossystem_s
BUG=chromium:764753,chromium:765499
TEST=emerge-reef vboot_reference
BRANCH=None
Change-Id: Ibd66c87bb44c5593767aeb710240e0165103f016
Reviewed-on: https://chromium-review.googlesource.com/668274
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:65595963
BRANCH=None
TEST=enabled Dev mode, reboot, select developer options &
make sure Network Boot doesn't appear in menu.
Change-Id: I30953d037740259b06011ecb141d508db114b79e
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/664298
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:64400325
BRANCH=None
TEST=boot up into recovery, press power button
ensure device shuts down.
Change-Id: Ia8e6e91921e81692a2e57b1f77163c656b56ea85
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/646488
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This feature was originally implemented before go/cros-unibuild-signing.
It only provided basis support to continue testing unibuilds, but didn't
deal with the actual required model specific cases.
Unibuilds have already been migrated away from this, so this feature is
now obsolete.
BUG=None
TEST=~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery ../build/images/coral/latest/recovery_image.bin
../platform/vboot_reference/tests/devkeys
BRANCH=None
Change-Id: I58b569b97f0bf42a927a851e7bc0559cb1e26200
Reviewed-on: https://chromium-review.googlesource.com/660805
Commit-Ready: C Shapiro <shapiroc@google.com>
Tested-by: C Shapiro <shapiroc@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes futility write out a EC_RW image to the filesystem.
It also allows the command to run without '--prikey' option. When a
private key isn't provided, the command copies the previous signature.
This can be used to extract EC_RW without changing the key or the
signature. Since data only mode doesn't have a previous signature,
the command returns error if '--prikey' isn't specified (as done
before).
BUG=b:65027647
BRANCH=none
TEST=Run futility as follows
futility sign --type rwsig ec.RW.flat ec.RW.sig (Missing key error, expected)
futility sign --type rwsig ec.bin (EC_RW.bin is produced)
futility sign --type rwsig EC_RW.bin
futility sign --type rwsig --prikey key.vbprik2 ec.RW.flat ec.RW.sig
futility sign --type rwsig --prikey key.vbprik2 ec.bin (EC_RW.bin is produced)
futility sign --type rwsig --prikey key.vbprik2 EC_RW.bin
make runfutiltests
Change-Id: I8c1e0cef147967cfd6d28aa7272b88c03e109e0d
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/647804
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Chromebox ECs perform EFS: verifying firmware before the AP boots.
This patch adds support for EC EFS.
EC EFS uses two slots: one is active slot and one is used for update.
AP is agnostic about which slot is active and which slot is for
update. Instead, AP recognizes one slot as 'active' and the other
as 'update' (or non active) slot.
After update is successful, AP issues a cold reboot command to
activate the new slot.
BUG=b:65028930,b:65264494
BRANCH=none
CQ-DEPEND=CL:616248
TEST=buildall. On Fizz, verify:
1. RW_B is old and updated by soft sync. RW_B is activated and
executed after reboot. System continues to boot to OS.
2. RW_A is old and updated by soft sync. RW_A is activated and
executed after reboot. System continues to boot to OS.
Change-Id: I6ca7686eb28b0b548785cf2c02eca1b67018f469
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/616346
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch updates the help text for futility sign --type rwsig
command. The change describes what FMAP regions are required. It
also names each mode (data only, data+signature, key+data+signature)
and explains how each mode is selected.
BUG=b:65027647
BRANCH=none
TEST=Run futility help sign rwsig
Change-Id: Ib43f5396ce4f1319f4825ef85d412483bd92d18f
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/646377
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For model specific signatures, the root key needs to be copied also for
the development case where the root key can be flashed into the RO
block.
BUG=b:65367246
TEST=./build_image --board=coral dev \
&& ./mod_image_for_recovery.sh --board=coral \
&& ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh \
recovery ../build/images/coral/latest/recovery_image.bin \
../platform/vboot_reference/tests/devkeys
BRANCH=None
Change-Id: I116850881d3c183b20e7d75e40deb13122f40c7a
Reviewed-on: https://chromium-review.googlesource.com/650546
Commit-Ready: C Shapiro <shapiroc@google.com>
Tested-by: C Shapiro <shapiroc@google.com>
Reviewed-by: C Shapiro <shapiroc@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The grep pattern was too lenient and allowed for matches with the same
shared root key id. E.g. NASHER also matched NASHER360
This changes the pattern to match exactly to the end of the line.
BUG=b:65284008
TEST=grep -E "[0-9]+ = NASHER$" ~/tmp/loem.ini with actual loem.ini
that will exist on the signers
BRANCH=None
Change-Id: I80a870cd512825d30c7a39e4ac6f3cffc9ea808d
Reviewed-on: https://chromium-review.googlesource.com/647800
Commit-Ready: C Shapiro <shapiroc@google.com>
Tested-by: C Shapiro <shapiroc@google.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: YH Lin <yueherngl@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds detection for the i686 arch and replaces it with x86, allowing
it to build.
BRANCH=none
BUG=none
TEST=Build host_stuff on an i686 machine
Change-Id: Idab7c762a7fbb97ec5318b9aa860756b4dd0bc25
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
Reviewed-on: https://chromium-review.googlesource.com/645086
Commit-Ready: Patrick Georgi <pgeorgi@chromium.org>
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Patrick Georgi <pgeorgi@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
updater4.sh uses the /keyset subdir from the firmware updater shellball
to indicate if it should use model specific keys or not. This won't
work for any case where the signers haven't been updated with model
specific keys yet.
Changed the output for unibuilds to be consistent with non-uni builds
where the /keyset subdir won't be created if loem.ini doesn't exist on
the signer.
BUG=b:65128657
TEST=crrev.com/c/626718 and crrev.com/c/636344 test cases, which cover
both the shared and non-shared key use cases
BRANCH=None
Change-Id: I38db1385fa99ac4a9843a750c336c58b74b127b4
Reviewed-on: https://chromium-review.googlesource.com/642031
Commit-Ready: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
Tested-by: C Shapiro <shapiroc@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=none
BUG=b:64854892
TEST=make runlongtests
Change-Id: I22d0c6e55afde6ece9535591f94ec07280ae2b12
Reviewed-on: https://chromium-review.googlesource.com/633966
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updated the current coral config to use the fake keys from the loemkeys
dev keyset (ACME) and then tested/debugged this flow based on that
config.
Fixed issue where key_id wasn't eval'd in bash when it was passed to
grep because it has ' quotes around it.
BUG=b:64842314
TEST=~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery
../build/images/coral/R62-9877.0.2017_08_25_1030-a1/recovery_image.bin
../platform/vboot_reference/tests/loemkeys
coral_loem_signed_recovery.bin
BRANCH=None
Change-Id: I50a58e512e9a83dc2707951f12d709f9006d67ca
Reviewed-on: https://chromium-review.googlesource.com/636344
Commit-Ready: C Shapiro <shapiroc@google.com>
Tested-by: C Shapiro <shapiroc@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We would like to have different signature versions for hammer
(1=dev, 2=premp, 3=mp), so we should pass --version to futility.
The default version stays 1.
BRANCH=none
BUG=b:35587169
TEST=openssl genrsa -3 -out key_hammer.pem 2048
futility create --desc="Hammer fake MP key" key_hammer.pem key_hammer
echo firmware_version=2 > key_hammer.version
../vboot_reference/scripts/image_signing/sign_official_build.sh \
accessory_rwsig build/hammer/ec.bin . \
ec-signed.bin key_hammer.version
futility show ec-signed.bin => Version: 0x00000002
TEST=Without passing a version file, version is still 1.
../vboot_reference/scripts/image_signing/sign_official_build.sh \
accessory_rwsig build/hammer/ec.bin . ec-signed.bin
futility show ec-signed.bin => Version: 0x00000001
Change-Id: I0cd9133404fb0d827bd2f0d3bcc71d5dd274734d
Reviewed-on: https://chromium-review.googlesource.com/631757
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vb2_public_key_read_keyb cannot be used for VB2.1 public keys
(especially not for 2048 exponent 3 or F4, as their size is the
same so the algorithm cannot be guess).
Instead, do what futility/rwsig does and derive the public key from
the private RSA key.
BRANCH=none
BUG=b:64854892
TEST=make runlongtests
Change-Id: Ie81f40e6076cd0c234012b9af58e39425f8b717c
Signed-off-by: Nicolas Boichat <drinkcat@google.com>
Reviewed-on: https://chromium-review.googlesource.com/628177
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Caveh Jalali <caveh@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=none
BUG=b:64854892
TEST=make runlongtests
Change-Id: I827ce47b68339dc4df7f84b26a0b6643af27037b
Signed-off-by: Caveh Jalali <caveh@google.com>
Reviewed-on: https://chromium-review.googlesource.com/628176
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add tpm_lite library support for the IFX specific TPM_FieldUpgrade
subcommand "FieldUpgradeInfoRequest2". Expose this via tpmc so it can
be used from shell scripts.
BRANCH=none
BUG=chromium:728130
TEST=Builds and tpmc ifxfieldupgradeinfo prints plausible results.
Change-Id: Ie58ebccef7fe90f7fca65d7cd9c78e1f16f9f29a
Reviewed-on: https://chromium-review.googlesource.com/562772
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For design context, see go/cros-unibuild-signing
This adds support for multiple, shared firmware images from a unified
build that needs to be signed with different OEM specific keys.
It uses a signer_config.csv file (that is generated by pack_firmware.py)
to determine which images need to be signed with which keys.
BUG=b:64842314
TEST=./build_image --board=coral dev
&& ./mod_image_for_recovery.sh --board=coral
&& ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery ../build/images/coral/latest/recovery_image.bin
../platform/vboot_reference/tests/devkeys
BRANCH=None
Change-Id: Id3711bbe73dfe652184bc046b5f642c30b8d1627
Reviewed-on: https://chromium-review.googlesource.com/626718
Commit-Ready: C Shapiro <shapiroc@google.com>
Tested-by: C Shapiro <shapiroc@google.com>
Reviewed-by: C Shapiro <shapiroc@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When user first starts up recovery (3 finger salute), display
usb insert instructions and original insert graphic until user
starts pushing volume buttons. If the user pushes power button
during while the icon is displayed (no menu items), device will
shut down (this is to accomodate users that accidentally enter
the recovery screen and want to exit quickly). Upon user
pressing the volume buttons, the insert icon will disappear
and user will see the menu items and be able to scroll up/down.
BUG=b:64400325
BRANCH=None
TEST=boot into recovery. Make sure graphic shown until start
pushing volume buttons.
Change-Id: I4a5001271a0b84d1237d4bbc6a098afa10cb9372
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/617600
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
call VbExUpdateAuxFw() uncontidionally, instead of when we know we
need to do an update. Vb*AuxFw() already maintains state, so this
doesn't change when we (attempt) to update firmware.
however, this does allow us to iterate over all firmware drivers to
call their .protect() method. previously, we would only call
.protect() after an actual firmware update.
updated unit tests to match the new logic.
BRANCH=none
BUG=b:35585700
TEST=verified i2c tunnels are protected on reef using
ectool i2cprotect N status.
Change-Id: I9244db28ed181f568d117092307293202257735b
Signed-off-by: Caveh Jalali <caveh@google.com>
Reviewed-on: https://chromium-review.googlesource.com/620281
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vb2_update_selection considered only KEY_UP and KEY_DOWN inputs to
update the selection. This resulted in volume buttons not working on
firmware screen to update the selection. Add volume buttons as valid
inputs in vb2_update_selection.
BUG=b:64839396
BRANCH=None
TEST=Verified that volume buttons work on firmware screen.
Change-Id: I08bfa91eafb170fb450649a2abaafe7f4d58e17b
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/621787
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Shelley Chen <shchen@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When DUT is already in dev mode, don't let user select the "Enable
Developer Mode" selection in the menu. Add disabled_idx_mask to
VbExDisplayMenu API to allow for disabling of menu items in the future
if needed.
BUG=b:63078243, b:35585623
BRANCH=None
TEST=reboot into recovery with DUT already in dev mode. Make sure
can't scroll to "Enable Developer Mode: entry.
reboot into recovery with DUT in normal mode. Make sure
"Enable Developer Mode" entry is selectable.
CQ-DEPEND=CL:565335
Change-Id: Ic71fe6aa2e41337787a0c2278f729356edb155fd
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/598430
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This converts the script in one commit as nothing uses it directly,
so the chances of it breaking overall build is low.
- Convert to common.sh for more helpers
- Convert echo to info
- Convert to loopback devices to speed things up
- Fix quoting in a few places
- Drop cgpt usage since we use loopback partitions everywhere now
BRANCH=None
BUG=chromium:714598
TEST=running on an image still works
Change-Id: I6608db77792502f35522a6f793ccd800fdd6af4e
Reviewed-on: https://chromium-review.googlesource.com/505482
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The prioritize cmd expected primary gpt header and entries are valid.
Add a validity check to guarantee that.
BUG=b:35585016
TEST=Check on bob, the secondary gpt still valid after these commands:
dd if=/dev/zero of=/dev/mmcblk0 bs=512 count=64
cgpt prioritize /dev/mmcblk0
Change-Id: I853e25211a46fa3ce93cef1e5169b93b0a6430a9
Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com>
Reviewed-on: https://chromium-review.googlesource.com/604814
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
loader updates
This is the last place that uses grab_kernel_config. Convert it over
to accessing the kernel directly via loopbacks and delete the helper
function entirely. This avoids unnecessary copies and prevents any
more code from using it.
BRANCH=None
BUG=chromium:714598
TEST=dump_config still works
Change-Id: I16aa2c2568d15c43bb20b9d5dc18060915047506
Reviewed-on: https://chromium-review.googlesource.com/505481
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set current selection to power off after exiting the languages menu.
Previously, we were just defaulting to selecting the 0 index. However,
this won't work anymore if we hide the "Enable Developer Mode" entry
in the recovery menu due to that entry being at the 0th index.
BUG=b:63078243, b:35585623
BRANCH=None
TEST=Boot into recovery when machine in normal mode.
Select languages menu, make language selection and make sure
that when return to recovery menu, power off item is selected.
Change-Id: I479c2270ca99197fd8c44386ab1ca4526ae7d64a
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/565527
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|