summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* vboot2: Fail vb2_secdata_(get|set) when secdata was not initializedfirmware-kitty-5771.61.BJulius Werner2015-02-043-16/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds a check to vboot2 secdata accessor functions that returns an error if vb2_secdata_init() has not yet been called or failed for some reason. This avoids a problem where vboot may misinterpret random garbage (e.g. from transient read failures) as valid secdata in recovery mode and write it back to the TPM (bricking the device in a way that requires manual repair). Also removes VB2_ERROR_SECDATA_VERSION check. This check was not terribly useful since there should be no way a vboot2 device could ever have secdata version 1 (and if it did, it should still fail CRC checks). This error can trigger for cases when secdata contains random garbage (e.g. all zeroes) and prevent the much more appropriate VB2_ERROR_SECDATA_CRC error from even being checked for, which just creates confusion and makes it harder to determine the real problem. BRANCH=veyron BUG=chrome-os-partner:34871 TEST=Emulated TPM read errors by just manually memset()ing secdata to 0 in coreboot, verified that vboot does not write back to the TPM and the device will start working fine again once the disruption is removed. Change-Id: I76bcbdbcd8106a0d34717cc91a8f2d7cda303c3f Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/245981 Reviewed-by: Shawn N <shawnn@chromium.org> Commit-Queue: Shawn N <shawnn@chromium.org> Tested-by: Shawn N <shawnn@chromium.org>
* add vb2api_get_pcr_digestDaisuke Nojiri2015-02-039-215/+196
| | | | | | | | | | | | | | | this api allows firmware to get the digest indicating boot mode status. BUG=chromium:451609 TEST=VBOOT2=1 make run2tests BRANCH=tot Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Change-Id: Idca7bc5f6aed947689ad7cf219805aad35047c7d Reviewed-on: https://chromium-review.googlesource.com/244542 Reviewed-on: https://chromium-review.googlesource.com/245499 Commit-Queue: Shawn N <shawnn@chromium.org> Tested-by: Shawn N <shawnn@chromium.org>
* vboot2: Add sd->fw_version_secdata field to communicate to crossystemShawn Nematbakhsh2015-02-034-16/+15
| | | | | | | | | | | | | | | | | | | | | | Partial backport of Change-Id: I2a0c3e51b158a35ac129d2abce19b40c6c6381a6. This patchs adds a new vb2_shared_data field to store the current rollback prevention version number stored in secdata (TPM). This information needs to be retrieved from there by coreboot (current hack) or vboot2 kernel verification (bright shiny future) so it can be passed along to the operating system and user space. BRANCH=none BUG=chrome-os-partner:35941 TEST=Manual on Kitty. Boot in recovery mode, verify that fwver shows correct non-zero value. Change-Id: Ibc9ea75727689549c65e908504d62e90ae1da3c9 Reviewed-on: https://chromium-review.googlesource.com/245534 Tested-by: Shawn N <shawnn@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Commit-Queue: Shawn N <shawnn@chromium.org>
* vboot2: Fix saving the slot we tried back to nv storageRandall Spangler2014-12-182-0/+7
| | | | | | | | | | | | | | | | | | | | | Previously, we only kept that slot info in RAM. We read it from NV storage, but never wrote it back. Added a test to confirm proper behavior (and made sure it failed before patching 2misc.c with the fix). BUG=chrome-os-partner:32583 BRANCH=none TEST=VBOOT2=1 make runtests Change-Id: Ie12124d9cbe417914fbde14ea5086380d637240f Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/221214 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/231481 Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org> Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Shawn Nematbakhsh <shawnn@chromium.org>
* vb2: parse dev mode in phase1Aaron Durbin2014-11-173-32/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | The rest of the system software expects dev mode to be orthogonal to recovery mode. However, vb2_fw_phase1() was only checking recovery mode. The caller would then not call vb2_fw_phase2() which checked the developer mode settings. Fix this by doing the necessary steps in vb2_fw_phase1(). BUG=chrome-os-partner:33264 BRANCH=None TEST=None yet. Change-Id: I06da388c3ca33754ddb5937a2877fbc287946490 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/225906 Tested-by: Furquan Shaikh <furquan@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Benson Leung <bleung@chromium.org> Tested-by: Benson Leung <bleung@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/230078 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org> Tested-by: Daisuke Nojiri <dnojiri@chromium.org>
* futility: show vs verifyBill Richardson2014-11-066-23/+163
| | | | | | | | | | | | | | | | | | | | This adds a --strict mode to the show command, which requires that all signatures be valid in order to exit cleanly. It also creates a "verify" command, which is really just an alias for "show --strict". BUG=none BRANCH=ToT TEST=make runtests Signed-off-by: Bill Richardson <wfrichar@chromium.org> Change-Id: I1fed7db7fe7128191bcab0c615706ef4fe2709f5 Reviewed-on: https://chromium-review.googlesource.com/219732 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227884 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: Allow signing raw firmware blob and keyblocksBill Richardson2014-11-064-4/+328
| | | | | | | | | | | | | | | BUG=none BRANCH=ToT TEST=make runtests Signed-off-by: Bill Richardson <wfrichar@chromium.org> Change-Id: Ib1cf55301fd4c54e3280ef01b7d67a780e7e56fe Reviewed-on: https://chromium-review.googlesource.com/219731 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227883 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: Add support for [re]signing kernel partitionsBill Richardson2014-11-069-1141/+741
| | | | | | | | | | | | | | | | | | BUG=none BRANCH=ToT TEST=make runtests This also modifies the tests to compare the futility sign command results against the vbutil_kernel results. Signed-off-by: Bill Richardson <wfrichar@chromium.org> Change-Id: Ibc659f134cc83982e3f0c0bcc108cc0eddbe228e Reviewed-on: https://chromium-review.googlesource.com/219730 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227882 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: do traversal of a buffer, not a fileBill Richardson2014-11-064-34/+93
| | | | | | | | | | | | | | | | | | | | We have been traversing things by passing a file descriptor. Now the caller should mmap the file first. This will allow the caller to determine the file type before traversing into it, so we can check args. BUG=none BRANCH=ToT TEST=make runtests Signed-off-by: Bill Richardson <wfrichar@chromium.org> Change-Id: If69799bde0133689dc9fb5111e6ecb5ac61639c7 Reviewed-on: https://chromium-review.googlesource.com/219649 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227881 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: Prepare to handle kernel partitions & firmware blobsBill Richardson2014-11-064-52/+124
| | | | | | | | | | | | | | | | | | | | This adds new file types to prepare for signing kernel partitions and raw firmware blobs (FW_MAIN_A/B). BUG=none BRANCH=ToT TEST=make runtests No new functionality yet. Change-Id: Ic6b6b94bb99f00ab54609dfe1b753b53868abaca Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/219648 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227880 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: implement vbutil_kernel using buffers, not filesBill Richardson2014-11-069-596/+1958
| | | | | | | | | | | | | | | | | | | | | | The original vbutil_kernel command used file read and write to make changes. Futility prefers to use memory-mapped files. This rewrites cmd_vbutil_kernel.c to use that scheme. BUG=none BRANCH=ToT TEST=make runtests The original cmd_vbutil_kernel.c is renamed, and a test written to ensure that the refactored version produces identical results. Signed-off-by: Bill Richardson <wfrichar@chromium.org> Change-Id: Ic6c3e12429a5dcb271f8136a9edac70807d66120 Reviewed-on: https://chromium-review.googlesource.com/219647 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227879 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: allow dump_fmap to specify where to extract areaBill Richardson2014-11-063-7/+51
| | | | | | | | | | | | | | | | | | | | | | | Previously, you could extract FMAP areas like so: futility dump_fmap -x bios.bin FW_MAIN_A VBLOCK_A ... This lets you decide what to name each area as it's extracted: futility dump_fmap -x bios.bin FW_MAIN_A:/tmp/rw_a ../vblock BUG=none BRANCH=ToT TEST=make runtests Signed-off-by: Bill Richardson <wfrichar@chromium.org> Change-Id: If02b57e03294b0b0b1dbc216ef57afdd3bdf2960 Reviewed-on: https://chromium-review.googlesource.com/219646 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227878 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: clean up a few shared functionsBill Richardson2014-11-069-65/+61
| | | | | | | | | | | | | | | | | | | Move the Debug() function into a common place instead of several copies in different files, rename shared functions to start with "futil_" BUG=none BRANCH=ToT TEST=make runtests Signed-off-by: Bill Richardson <wfrichar@chromium.org> Change-Id: I6b844553dff95c24894dae611102716a8da5312d Reviewed-on: https://chromium-review.googlesource.com/219645 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227877 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* vboot2: Fix potential null pointer dereferenceRandall Spangler2014-11-061-1/+2
| | | | | | | | | | | | | | | | | | | If key is null in vb2_verify_digest(), we could attempt to dereference it. In practice it never is, but for safety's sake we should avoid the reference. BUG=chrome-os-partner:32235 BRANCH=none TEST=VBOOT2=1 make runtests Change-Id: I5a817e432922ea4c3b439b696cd2f8d988d0fecc Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/219574 Reviewed-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227876 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: Improve help messagesBill Richardson2014-11-0620-424/+480
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This provides help messages for the futility commands similar to the way git does. These show the available commands: futility futility help futility --help While these show help for a specific command: futility help COMMAND futility --help COMMAND futility COMMAND --help BUG=none BRANCH=ToT TEST=manual make runtests And manually look at help messages for each command. Change-Id: I1126471e242784c6ca7a2f11694fa7c505d833e8 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/219528 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227875 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* Re-add dumpRSAPublicKey utilityDuncan Laurie2014-11-061-1/+1
| | | | | | | | | | | | | | | | | | This utility is used by firmware tests and having it missing is causing subtle FAFT test failures that are frustratingly difficult to track down. BUG=chrome-os-partner:38032 BRANCH=none TEST=successful run of firmware_UpdateKernelDataKeyVersion Change-Id: I4dcf277ce2678001f6e68d89781b6166042ea96e Signed-off-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/219079 Reviewed-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227874 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* cleanup: DESTDIR refers to the install root, not the bin/Bill Richardson2014-11-063-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | This doesn't have any visible effect. It just brings the meaning of the where-do-I-put-this variable more in line with common convention. BRANCH=ToT BUG=none CQ-DEPEND=CL:217940 TEST=lots... make runtests make DESTDIR=BAR install make MINIMAL=1 DESTDIR=FOO install emerge-$BOARD vboot_reference sudo emerge vboot_reference trybots: link-tot-paladin, daisy_spring-paladin Change-Id: I8d72664da07535f663d8b2f13c872eece37978b9 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/217930 Reviewed-by: Mike Frysinger <vapier@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227873 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* cleanup: remove a couple of unused functions and filesBill Richardson2014-11-066-1002/+80
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | scripts/sign_data.sh is just a wrapper to do this: ./signature_digest_utility $1 $3 \ | openssl rsautl -sign -pkcs -inkey $2 AFAICT, that script is only invoked by the SignatureFile() function in host/lib/file_keys.c, which is not referenced by anything. I think I can remove both of those things. Also remove utility/gbb_utility.cc, which should have been done long ago in commit 6f39615. BUG=none BRANCH=ToT TEST=make runalltests Also ran it on daisy_spring-paladin and link-tot-paladin. Change-Id: I16de5022765806f11bf6144d7ffd8cc849578a68 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/216719 Reviewed-by: Mike Frysinger <vapier@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227872 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: stop using the symlink names in utility scriptsBill Richardson2014-11-0613-65/+76
| | | | | | | | | | | | | | | | | | | | | | | | | | We still create the symlinks (FOO -> futility), but this change invokes those built-in functions with "futility FOO ..." instead of using the FOO symlink. Note that the scripts/ directory is unchanged. That's a separate CL, since we don't have tests for that. BUG=chromium:231547 BRANCH=ToT TEST=make runtests In addition to running "make runtests", I temporarily modified the Makefile to avoid creating the symlinks at all. The tests still passed. Change-Id: I96863259b9df02a3611f759a7509bf4090ae03e8 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/216717 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227871 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: make resign_firmwarefd.sh simply invoke futilityBill Richardson2014-11-064-213/+34
| | | | | | | | | | | | | | | | | | | | | | | | | Since all of the functionality of the resign_firmwarefd.sh script is built in to futility, let's just make that script invoke futility to do the work. We'll come back and remove the script entirely, once all outside references to it have been changed to do the right thing. BUG=chromium:224734 BRANCH=ToT TEST=make runtests Also tested by editing tests/futility/test_resign_firmware.sh to invoke the resign_firmwarefd.sh script instead of futility. Everything passed. Signed-off-by: Bill Richardson <wfrichar@chromium.org> Change-Id: Id068e551067a956cd7ddc3f9b9e23488261d8d94 Reviewed-on: https://chromium-review.googlesource.com/216716 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227870 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: slight tweak to the logging implementationBill Richardson2014-11-062-25/+61
| | | | | | | | | | | | | | | | | | | Just reporting that the parent process is "/bin/bash" doesn't help much. Let's also report the cmdline args given to the parent and the cwd. This will help us identify which shell script is calling futility with the wrong args. BUG=chromium:231547 BRANCH=ToT TEST=make runtests Signed-off-by: Bill Richardson <wfrichar@chromium.org> Change-Id: I800995ff269ab8d8c56cad8827d8de48a53cd150 Reviewed-on: https://chromium-review.googlesource.com/216715 Reviewed-on: https://chromium-review.googlesource.com/227869 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: preserve preamble flags when resigning BIOS imagesBill Richardson2014-11-063-13/+54
| | | | | | | | | | | | | | | | | | | | | | If we're re-signing a valid BIOS image, we want to be sure that we preserve the original firmware preamble flags (RO_NORMAL and so forth) if the --flags option does not specifically override it. This change adds a test for that case, and makes it happen. BUG=chromium:224734 BRANCH=ToT TEST=make runtests Signed-off-by: Bill Richardson <wfrichar@chromium.org> Change-Id: I8cbde66abaf96ec82adf0205bedf57b1fd1b82a1 Reviewed-on: https://chromium-review.googlesource.com/216714 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227868 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: Wipe GBB data before writing new values.Hung-Te Lin2014-11-061-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | The previous version of gbb_utility always zeros data before writing new values and we should keep this behavior, to simplify firmware hash calculation and potential security concern. BRANCH=none BUG=chromium:413066 TEST=emerge gbb_utility; factory/bin/gooftool get_firmware_hash bios.bin Original-Change-Id: Ic97a118cefc9698d52d9370b627670ff103d5e23 Change-Id: If38e15f35ee491cc80f96b360c63ee25f71c1854 Reviewed-on: https://chromium-review.googlesource.com/217700 Reviewed-by: Hung-Te Lin <hungte@chromium.org> Commit-Queue: Hung-Te Lin <hungte@chromium.org> Tested-by: Hung-Te Lin <hungte@chromium.org> (cherry picked from commit 3c8d29c204c6feb91ad951e2e1c5190d4ca98a13) Reviewed-on: https://chromium-review.googlesource.com/217711 Commit-Queue: Bill Richardson <wfrichar@chromium.org> Tested-by: Bill Richardson <wfrichar@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227867 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* Remove unused include path.Alex Deymo2014-11-061-2/+0
| | | | | | | | | | | | | | | | | | | | This path doesn't exists in the repo so this patch removes it from the Makefile: firmware/arch/${FIRMWARE_ARCH}/include BUG=None BRANCH=None TEST=./emerge_test Change-Id: I8b5461ee0ddfa0aa8d31bc6d2b981912a9ccde58 Reviewed-on: https://chromium-review.googlesource.com/214392 Reviewed-by: Bill Richardson <wfrichar@chromium.org> Commit-Queue: Alex Deymo <deymo@chromium.org> Tested-by: Alex Deymo <deymo@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227866 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: sign command works on unsigned imagesBill Richardson2014-11-063-4/+58
| | | | | | | | | | | | | | | | | | | | | | | This allows the sign command to work on BIOS images with invalid VBLOCK areas. When re-signing an existing image, the length of the firmware body is part of the firmware preamble in the VBLOCK areas. If those are invalid, the BIOS can still be signed, but it will have to sign the entire FW_MAIN area. That's a little slower to verify, so we'd prefer not to do that, but it works. BUG=chromium:224734 BRANCH=ToT TEST=make runtests Signed-off-by: Bill Richardson <wfrichar@chromium.org> Change-Id: If58b5c86c5df12f004eabff72c22bfb1e84de7fd Reviewed-on: https://chromium-review.googlesource.com/216229 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227865 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: add load_fmap command, useful for testsBill Richardson2014-11-064-0/+247
| | | | | | | | | | | | | | | | | | | | This adds a "load_fmap" command, which is pretty much the opposite of the "dump_fmap -x" command. It allows you to replace the content of any FMAP areas with new stuff, without mucking around with dd. There's a test for it, too. BUG=chromium:224734 BRANCH=ToT TEST=make runtests Signed-off-by: Bill Richardson <wfrichar@chromium.org> Change-Id: I5a9ab249c9e63a9bb1a9b26feeb3ed757cd294f1 Reviewed-on: https://chromium-review.googlesource.com/216228 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227864 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: add "sign" command to resign firmware imagesBill Richardson2014-11-069-52/+658
| | | | | | | | | | | | | | | | | | | The "sign" command can perform the same operation as the old resign_firmwarefd.sh script, only about 20 times faster. The test for that will use the new command instead. BUG=chromium:224734 BRANCH=ToT TEST=make runtests Change-Id: Ie7f7a0ab6fc00d7e06cb263733bf6e7246fdb023 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/216227 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227863 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: Add a test for the resign_firmwarefd.sh scriptBill Richardson2014-11-0613-3/+8137
| | | | | | | | | | | | | | | | | | | | | This resigns official MP-signed BIOS images, because that's the best way to ensure we remain compatible forever. The resign_firmwarefd.sh script is invoked make_dev_firmware.sh, which is used for development and bringup. BUG=chromium:224734 BRANCH=ToT TEST=make runtests No new functionality, only a new test. Change-Id: I4bf9cdd8321d126e1c1a45fc198ef46b0eeb5c36 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/216226 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227862 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: the show command can traverse all file typesBill Richardson2014-11-0610-50/+989
| | | | | | | | | | | | | | | | | | | | | | It doesn't yet handle block devices, but it can display normal files containing a entire BIOS image, a GBB, a VBLOCK, a .vbpubk, a .vblock, and a firmware preamble (VbFirmwarePreambleHeader). The command-line options are not well-documented. BUG=chromium:224734 BRANCH=ToT TEST=make runtests Change-Id: I181f6331ae23599302bbaee3f270e8af9586cf06 Reviewed-on: https://chromium-review.googlesource.com/216032 Commit-Queue: Bill Richardson <wfrichar@chromium.org> Tested-by: Bill Richardson <wfrichar@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227861 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* vboot: Notify EC of current boot modeSheng-Liang Song2014-11-064-0/+32
| | | | | | | | | | | | | | | | | | | | | | | | Notify EC of boot mode, i.e. normal, developer or recovery. This is necessary for battery firmware updates. BUG=chrome-os-partner:24741 CQ-DEPEND=CL:205323 CQ-DEPEND=CL:210033 CQ-DEPEND=CL:215720 BRANCH=ToT TEST=Verified on samus & glimmer. Passed runalltests. ~/trunk/src/platform/vboot_reference $ make runalltests -j Change-Id: I1613ede34b4a929d1e8114fb519861f349377e94 Signed-off-by: Sheng-Liang Song <ssl@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/210032 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227860 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* Remove futility linker script.Alex Deymo2014-11-064-30/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The futility.lds linker script was used to generate a table with all the symbols in a specific section called .futil_cmds listed in order under the symbol "futil_cmds". This allows the source files to define a command and let the linker figure out the list of compiled commands. Nevertheless, passing this linker script makes the linker leave a gap of about 2MiB in the output ELF file. Instead of mess up with linker scripts just to generate a table of commands, this patch generates such table in the Makefile looking at the included sources and compiling that table. The result is a futility binary of about 88 KiB instead of the 2.1 MiB required originally. This patch also adds sys-boot/chromeos-u-boot to the list of ebuilds tested by emerge_test.sh. BUG=chromium:408926 BRANCH=None TEST=BOARD=link ./emerge_test.sh TEST=BOARD=daisy_spring ./emerge_test.sh TEST=`readelf -S futility` shows no gap. TEST=/usr/bin/futility shows no difference in the help output. Change-Id: I9c0febc76140b404d48aa13e7f948e8ea77a41b5 Reviewed-on: https://chromium-review.googlesource.com/215496 Tested-by: Alex Deymo <deymo@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org> Commit-Queue: Alex Deymo <deymo@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227859 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* vboot: Add system-level test for LoadKernel()Randall Spangler2014-11-063-1/+217
| | | | | | | | | | | | | | | | | | | | | This creates a disk image and verifies a kernel can be loaded from it. It is roughly analogous to vb2_firmware_tests.sh, but at the kernel step instead of the firmware step. This will get more interesting in the near future, with the upcoming addition of a streaming API to read the kernel. BUG=chromium:408265 BRANCH=none TEST=make runtests Change-Id: Icc9e6d0e318c4bd38fc9ab1ad704da99232822e1 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/214508 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227858 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* vboot_reference: Rename *_SECTOR to *_SECTORSNam T. Nguyen2014-11-067-36/+36
| | | | | | | | | | | | | | | | | | | | This CL renames GPT_PMBR_SECTOR to GPT_PMBR_SECTORS and GPT_HEADER_SECTOR to GPT_HEADER_SECTORS to better indicate that these are constants for sizes, not location. BRANCH=None BUG=None TEST=unittest Change-Id: I26ed6d45d77dcb1eb714135edbb9e4124b54e953 Reviewed-on: https://chromium-review.googlesource.com/214830 Reviewed-by: Bill Richardson <wfrichar@chromium.org> Tested-by: Nam Nguyen <namnguyen@chromium.org> Commit-Queue: Nam Nguyen <namnguyen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227857 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* cleanup: add some easier-to-use FMAP parsing functions.Bill Richardson2014-11-063-41/+53
| | | | | | | | | | | | | | | | | | | | The functions that look for the FMAP and its entries should return more useful values. BUG=none BRANCH=ToT TEST=make runtests No functional changes. Change-Id: I4b62ea0de972bceb3d58f4ee8eb82ad065ddcbae Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/214630 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227856 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: add separate check function for VPbublicKeyBill Richardson2014-11-062-25/+33
| | | | | | | | | | | | | | | | | | | Provide a PublicKeyLooksOkay() function to sanity-check VbPublicKey structs. This was just part of PublicKeyRead(), but I want to separate the reading from the checking. BUG=chromium:224734 BRANCH=ToT TEST=make runtests Change-Id: I1dd808e623e2a7fdc2789e02305619111a7b01e6 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/214621 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227855 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* Add 'tags' target to MakefileBill Richardson2014-11-061-1/+8
| | | | | | | | | | | | | | | | | | | Handy for quick code searches. BUG=none BRANCH=ToT TEST=manual make tags Change-Id: Icc21769a168d1760f4f21802e1183a519cfeb019 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/214620 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227854 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* cleanup: remove ancient tests that haven't been run in yearsBill Richardson2014-11-0616-2379/+3
| | | | | | | | | | | | | | | | | | | There are a number of tests that haven't even been compiled in a LOOOONG time. Let's get them out of the way. We can always put them back later. I'm adding a comment to this CL in the Makefile. BUG=none BRANCH=ToT TEST=make runalltests Change-Id: Id2d9f0b71fc40e4a260f54cf919c6af5e0ff85c5 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/214610 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227853 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* Add broadwell PCI ID for platform family lookup tableDuncan Laurie2014-11-061-0/+1
| | | | | | | | | | | | | | | | | | | Currently broadwell systems are returning (error) for this lookup. BUG=chrome-os-partner:28234 BRANCH=none TEST=test crossystem output: > crossystem platform_family Broadwell Change-Id: I204dd47e62683d5e81e16ddb9c3ea96034fb22a5 Signed-off-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/214862 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227852 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* Development script for testing changes locally.Alex Deymo2014-11-061-0/+59
| | | | | | | | | | | | | | | | | | | | | Several ebuilds depend on vboot_reference, either by checking out the vboot_reference repo and building it or by using the installed libs during build time. To simplify catching problems in other ebuilds while changing code in vboot_reference, this patch adds a new script that tries to emerge all the affected ebuilds. BUG=None BRANCH=None TEST=`../platform/vboot_reference/emerge_test.sh` inside and outside the chroot Change-Id: I0e9e61c35cbb191e0dafa5f8fa1e74d80bb7f8d4 Reviewed-on: https://chromium-review.googlesource.com/214635 Tested-by: Alex Deymo <deymo@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227851 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* vboot: cgpt: Refer to partition entries by entries_lba.Nam T. Nguyen2014-11-069-46/+95
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This CL accesses the partition entry array through its header's entries_lba value. Previously, we assume the primary entry array lies on third sector, and the secondary array lies (1 + 32) sectors from disk end. This assumption was fine, even Wikipedia assumed the same. But in order for us to support writing boot code to the third sector (as required by some Freescale board), the primary entry array must be moved to another location. Therefore, we must use "entries_lba" to locate the arrays from now on. BRANCH=none BUG=chromium:406432 TEST=unittest TEST=`cgpt create -p` and then `cgpt show`. Make sure the table header and entries are properly moved. Change-Id: Ia9008b0bb204f290b1f6240df562ce7d3a9bbff2 Reviewed-on: https://chromium-review.googlesource.com/213861 Reviewed-by: Bill Richardson <wfrichar@chromium.org> Tested-by: Bill Richardson <wfrichar@chromium.org> Commit-Queue: Nam Nguyen <namnguyen@chromium.org> Tested-by: Nam Nguyen <namnguyen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227850 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* Fix include quotes.Alex Deymo2014-11-063-8/+9
| | | | | | | | | | | | | | | | | | | System libraries such as string.h and errno.h should be included with <> instead of "" to avoid including them from the local directory. BRANCH=None BUG=None TEST=FEATURES="test" emerge-link vboot_reference Change-Id: I6734e14223fdad9060c6518790f52f1bcfcdf8e0 Reviewed-on: https://chromium-review.googlesource.com/214058 Commit-Queue: Alex Deymo <deymo@chromium.org> Tested-by: Alex Deymo <deymo@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227849 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* keygeneration: Add a script to sanity check versions for a keysetGaurav Shah2014-11-061-0/+87
| | | | | | | | | | | | | | | | | | | | Add a script that runs sanity checks on the versions in a keyset. In particular, tests whether the actual key versions match those in key.versions. Also runs consistency checks (for example: firmware version should match kernel subkey version). BUG=none TEST=run on all of our keysets BRANCH=none Change-Id: I5b509ba33127364f6b63252ad167646eb7dce710 Reviewed-on: https://chromium-review.googlesource.com/190790 Reviewed-by: Mike Frysinger <vapier@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227848 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* vboot2: Move vb2_verify_fw inside of futilityRandall Spangler2014-11-064-23/+17
| | | | | | | | | | | | | | | | | | | | | | | | | Update the unit tests which use it to use futility. No functional changes to it, just relocation. Remove the futility test which checks the exact list of supported commands. This doesn't have a good way of handling conditionally-compiled commands, and will be even harder to maintain as we add more commands in the future. Presence of sub-commands is still ensured by the other tests which use them (such as vb2_firmware_tests.sh) BUG=chromium:231547 BRANCH=none TEST=make runtests && VBOOT2=1 make runtests Change-Id: Idddb639276e4c6449d023d40ac7977123113bd28 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/213191 Reviewed-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227847 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: Reformat to use kernel coding styleBill Richardson2014-11-0612-3271/+3372
| | | | | | | | | | | | | | | | | | This just reformats the futility sources to conform to the Linux kernel coding style. No functional changes. BUG=chromium:224734 BRANCH=ToT TEST=make runtests Change-Id: I82df07dd3f8be2ad2f3df24cebe00a9a378b13f4 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/213915 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227846 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* make_dev_ssd: Allow chromeos-install to run on a modified image.Hung-Te Lin2014-11-061-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | chromeos-install always expects DM verity information from install source, because even when --noenable_rootfs_verification is applied, the output image will still include DM verity in kernel command line (just not enabled). To support developers installing a modified image (by --remove_rootfs_verification), we have to change the command line to keep DM verity data, just like how --noenable_rootfs_verification is done. BRANCH=none BUG=none TEST=make_dev_ssd.sh --noenable_rootfs_verification; reboot; chromeos-install # success. Change-Id: I3b2c8cbf1b89086ed91b5549c7147cd940fbda14 Reviewed-on: https://chromium-review.googlesource.com/207321 Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Gaurav Shah <gauravsh@chromium.org> Commit-Queue: Hung-Te Lin <hungte@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227845 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: add --arch=aarch64Benson Leung2014-11-061-1/+2
| | | | | | | | | | | | | | | | | | | | | | Add support for the 64bit arm architecture, which update_kernel.sh passes in as "aarch64" Signed-off-by: Benson Leung <bleung@chromium.org> BUG=chrome-os-partner:31525 TEST=run vbutil_kernel --arch=aarch64 Check that it no longer complains about "Unknown architecture string: aarch64" BRANCH=none Change-Id: Iccd925e05baffb1953b229fc4150ca179d1d1e1c Reviewed-on: https://chromium-review.googlesource.com/213706 Reviewed-by: David Riley <davidriley@chromium.org> Tested-by: Benson Leung <bleung@chromium.org> Commit-Queue: Benson Leung <bleung@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227844 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* futility: add more static/const markingsMike Frysinger2014-11-069-23/+23
| | | | | | | | | | | | | | | | | BUG=chromium:404643 TEST=pre-cq passes (runs unittests) BRANCH=None Change-Id: I3c3a9ee7192305dfa72333c0b6a77653b7188869 Reviewed-on: https://chromium-review.googlesource.com/212877 Reviewed-by: Bill Richardson <wfrichar@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Mike Frysinger <vapier@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227843 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* Add GBB flag to disable PD software syncDuncan Laurie2014-11-064-4/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | In order to disable PD software sync but still do EC software sync it is useful to have a separate GBB flag for it. This will allow me to release a Samus P2B firmware image that will update the EC but not the PD, since the PD FW that comes on P2B devices cannot be updated with software sync. BUG=chrome-os-partner:30079 BRANCH=None TEST=flash BIOS with updated EC+PD: 1) no GBB flags to override behavior updates both EC and PD 2) GBB flag to disable EC software sync disables both EC and PD update 3) GBB flag to disable PD software sync disables only PD update Change-Id: I49ffb59238bee4a2dd66b24f2516e3ce46ea06cd Signed-off-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/211910 Reviewed-by: Bill Richardson <wfrichar@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227842 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* Call software sync a second time for PD, if necessaryRandall Spangler2014-11-062-1/+13
| | | | | | | | | | | | | | | | | | | | | If a device has both an EC and a separate PD chip, call software sync for each chip. BUG=chrome-os-partner:30079 BRANCH=none TEST=Flash image.bin with new AP+EC+PD firmware, reboot. See EC and PD both update and jump to RW. On next cold boot, they jump to RW without again updating. CQ-DEPEND=CL:210520 Change-Id: Ie445336ade46f0009c040afc14b3f40452caf27b Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/210536 Reviewed-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227841 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
* Update vbutil_what_keys with more sha1sumsBill Richardson2014-11-061-116/+272
| | | | | | | | | | | | | | | | | BUG=none BRANCH=ToT TEST=manual Run vbutil_what_keys on some BIOS and disk images. Change-Id: Ib757b63fa79913920da25c08b1994273fd77e53f Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/210692 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/227840 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
View Lorry Controller Status