| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't allow ENTER from a USB keyboard as the confirmation
in the switch from normal to developer mode.
For devices that have a physical recovery button, we require
a recovery button press instead. For other devices, we
require that ENTER be pressed on the internal keyboard.
This prevents an "evil keyboard" attack in which a USB keyboard
(or other USB device pretending to be a keyboard) sends a
control-D/ENTER sequence shortly after every boot (followed
by more evil keys). In that situation, when users power-on in
recovery mode, they will be forced to dev mode even if it
was not their intention. Further attacks are easy at
that point.
TESTING. On a panther device:
1. powered on with recovery button pressed -> booted in recovery mode
2. pressed control-D on external USB keyboard -> got to ToDev? screen
3. pressed ENTER -> system beeped
4. pressed recovery button -> system rebooted in DEV mode
... all as expected
Also:
1. powered on with recovery button pressed and HELD recovery button
2. pressed control-D -> system beeped
BUG=chrome-os-partner:21729
TEST=manual (see commit message)
BRANCH=none
CQ-DEPEND=CL:182420,CL:182946,CL:182357
Change-Id: Ib986d00d4567c2d447f8bbff0e5ccfec94596aa7
Reviewed-on: https://chromium-review.googlesource.com/183053
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Commit-Queue: Luigi Semenzato <semenzato@chromium.org>
Tested-by: Luigi Semenzato <semenzato@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is some inherent latency between the time the USB root hub is
initialized and the time USB devices are detected. This can lead to a
situation where USB media is attached, yet not found when we do our
initial device poll. The device may be detected in subsequent polls, so
the media can be booted and no 'remove' screen will be displayed.
With this change, if no media to remove is initially found, a second
poll will be made after a 500ms delay. This will be enough time for USB
devices to be correctly detected in our test cases.
Also, it is necessary to change the unit test due to the fact that we
now call VbExDiskGetInfo twice before actually displaying any screen.
TEST=Manual on Monroe. Insert USB media and trigger recovery boot.
Verify 'remove' screen is seen, 'insert' screen is seen after removing
media, and system boots after re-inserting media. Also passes
vboot_reference unit tests.
BUG=chrome-os-partner:23840
BRANCH=Panther, Monroe
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: Ia902c3a126588cd7ea618f2dbbca6b38d35d6ea0
Previous-Reviewed-on: https://chromium-review.googlesource.com/179757
(cherry picked from commit 04171532583052935121a3e33550cc39ef2625ec)
Reviewed-on: https://chromium-review.googlesource.com/180542
Commit-Queue: Mohammed Habibulla <moch@google.com>
Tested-by: Mohammed Habibulla <moch@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a VB_MAX_STRING_PROPERTY for callers that don't
want to guess at how big to make their buffers.
Additionally, it changes the size parameter to VbGetPropertyString()
from int to size_t.
BUG=None
TEST=compile the code
BRANCH=none
Change-Id: I22809d48e13b535593cb22a56444e2dcb27791a5
Reviewed-on: https://chromium-review.googlesource.com/175039
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Richard Barnette <jrbarnette@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Richard Barnette <jrbarnette@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=None
TEST=build update_engine with a change that uses the header.
BRANCH=none
Change-Id: Icbfe9be615a4f7f4078a0a0cde64324908dea2a7
Reviewed-on: https://chromium-review.googlesource.com/174428
Commit-Queue: Richard Barnette <jrbarnette@chromium.org>
Tested-by: Richard Barnette <jrbarnette@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Querying "debug_build" allows the caller to determine whether the
image has requested debug, independent of the setting of the
dev_mode switch.
BUG=chromium:308678
BRANCH=none
TEST=use the new command option on both base and dev images
Change-Id: I369f26d75156f2e88d9f6f467efbf8f633e78bda
Reviewed-on: https://chromium-review.googlesource.com/174107
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Richard Barnette <jrbarnette@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Commit-Queue: Richard Barnette <jrbarnette@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In coreboot the architecture for our ARM platforms
is armv7. In order to have vboot_reference pick up the
right build parameters, map armv7 to arm.
BUG=none
BRANCH=none
TEST=lots more changes on coreboot needed for a reasonable
test. Right now coreboot compiles fine with ramstage
verification and this patch.
Change-Id: I64dad9be663b7bd7d80d138b3c49ae8f4699f01d
Reviewed-on: https://chromium-review.googlesource.com/170071
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Stefan Reinauer <reinauer@google.com>
Tested-by: Stefan Reinauer <reinauer@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add checks that the vboot library does not leak memory. This works by
tracking VbExMalloc() calls and making sure that they have an associated
VbExFree().
Adjust host_signature to use VbExFree() instead of free(), so that this
scheme works correctly for existing code.
BUG=chrome-os-partner:21115
BRANCH=pit
TEST=FEATURES=test emerge-peach_pit vboot_reference
Change-Id: I6ccccfbcc162fc43fb75862cd0eddad78ce8b18a
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/66175
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of memset(pointer, 0, sizeof(pointer)), we should use
"memset(pointer, 0, sizeof(*pointer))".
BRANCH=none
TEST=Built successfully
BUG=None
Change-Id: I72e224188ccede1a1f83efa7fa3138e4a0ecd3b3
Reviewed-on: https://chromium-review.googlesource.com/167880
Reviewed-by: Luis Lozano <llozano@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Han Shen <shenhan@google.com>
Commit-Queue: Han Shen <shenhan@google.com>
Tested-by: Han Shen <shenhan@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At present reading data from storage in Vboot is a little fragmented. For
the firmware image, we expect the boot loader to handle this. For the disk
we have a block-level API. For the GBB (which also sits in the firmware
image) we expect the entire thing to be read before Vboot is called.
Add the concept of a region, and an API to read from a region. At present,
and most pressing, is reading from a GBB region. In the future this could
be extended to other parts of the firmware or even the disk.
Move all access to the GBB into this API so that the boot loader can provide
either a GBB region in one large contiguous chunk, or a function to deal with
read requests from vboot.
The call to VbExRegionRead() is behind a flag since not all boot loaders
support it yet.
The main change for boot loaders which don't support this new API is that
vboot will do more behind the scenes. For example, it will allocate memory
for chunks of data that it reads from the GBB, rather than just accessing it
directly. This approach is considerably simpler than trying to pass char **
everywhere and have vboot decide whether something needs to be allocated or
not.
The tests are updated, mainly to include setting up a GBB structure
accessible from VbCommonParams, which is now required by the firmware and
kernel functions. In normal operation this is set up at the start of
VbLoadFIrmware() and VbSelectAndLoadKernel() but for tests which call
children of these functions directly, the GBB structure must be set up
manually by the test.
BUG=chrome-os-partner:21115
BRANCH=none
TEST=manual
FEATURES=test sudo -E emerge vboot_reference
Change-Id: If2b8bbe467fdbd643239d8d9b5d7aa98df4d286f
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Hendricks <dhendrix@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/63336
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/167361
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 1d3c804b6b9d2ffb6953a7ee98fabfd548915ad7.
This patch breaks cbuildbot on internal paladins bots.
Change-Id: Icf7f9d9bbb56b092035888eaa3e249ffd23fac16
(cherry picked from commit 3a60335ebb1530e5fd9d5da3bc6214949bc59caf)
Reviewed-on: https://chromium-review.googlesource.com/167451
Reviewed-by: Yoshiki Iguchi <yoshiki@chromium.org>
Commit-Queue: Yoshiki Iguchi <yoshiki@chromium.org>
Tested-by: Yoshiki Iguchi <yoshiki@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At present reading data from storage in Vboot is a little fragmented. For
the firmware image, we expect the boot loader to handle this. For the disk
we have a block-level API. For the GBB (which also sits in the firmware
image) we expect the entire thing to be read before Vboot is called.
Add the concept of a region, and an API to read from a region. At present,
and most pressing, is reading from a GBB region. In the future this could
be extended to other parts of the firmware or even the disk.
Move all access to the GBB into this API so that the boot loader can provide
either a GBB region in one large contiguous chunk, or a function to deal with
read requests from vboot.
The call to VbExRegionRead() is behind a flag since not all boot loaders
support it yet.
The main change for boot loaders which don't support this new API is that
vboot will do more behind the scenes. For example, it will allocate memory
for chunks of data that it reads from the GBB, rather than just accessing it
directly. This approach is considerably simpler than trying to pass char **
everywhere and have vboot decide whether something needs to be allocated or
not.
The tests are updated, mainly to include setting up a GBB structure
accessible from VbCommonParams, which is now required by the firmware and
kernel functions. In normal operation this is set up at the start of
VbLoadFIrmware() and VbSelectAndLoadKernel() but for tests which call
children of these functions directly, the GBB structure must be set up
manually by the test.
BUG=chrome-os-partner:21115
BRANCH=none
TEST=manual
FEATURES=test sudo -E emerge vboot_reference
Change-Id: I2c19e9dc2ed602d0642bbf4f7d27f79fe9fad873
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/63336
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In case of a TPM error, tpmc returns the TPM error code, which can
be greater than 255. In that case the error code is truncated.
Some error codes, such as TPM_E_RETRY, end with a zero byte,
resulting in a successful exit code. This is despicable.
BUG=chromium:234357
TEST=tested with exit codes < 255. Too hard to generate the others.
BRANCH=none
Change-Id: I891a5c0659c06aac778449e2a0a935c5f82ccdb8
Reviewed-on: https://chromium-review.googlesource.com/66885
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Commit-Queue: Luigi Semenzato <semenzato@chromium.org>
Tested-by: Luigi Semenzato <semenzato@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit e4759b782dff166600dbbfac884462babb433fac.
The DEBUG flags changed something in futility's section layout and caused its
command searching mechanism to fail (we can verify that by running "dump_fmap"
command).
BUG=chromium:279645
TEST=emerge-link vboot_reference; /build/link/usr/bin/dump_fmap # success
BRANCH=none
Change-Id: Ie42a33aed3fdc0443f2a758e1216d86aea5c326d
Reviewed-on: https://chromium-review.googlesource.com/67015
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A few places in the code through up warnings when building with strict
compiler flags. Correct these.
BUG=chrome-os-partner:21115
BRANCH=pit
TEST=manual
Build with:
FEATURES=test emerge-peach_pit vboot_reference
and see that iot now succeeds. Warnings include:
host/arch/arm/lib/crossystem_arch.c: In function 'ReadFdtValue':
host/arch/arm/lib/crossystem_arch.c:93:8: error: ignoring return value of 'fread', declared with attribute warn_unused_result [-Werror=unused-result]
Change-Id: I765723636e5f8979b794925c7b610081b2849026
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/66174
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At present the kernel tests produce valgrind errors since the GPT data is
sometimes accessed before it is read. This is unnecessary, so update the
code to avoid this.
BUG=chrome-os-partner:21115
BRANCH=pit
TEST=manual
valgrind --leak-check=full ./build/tests/vboot_kernel_tests
See that we no longer get valgrind errors.
Change-Id: I9e9660e38a62a735cf01a37c2d81ddb5ab8b1528
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/66173
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is still useful to build natively with debugging, particularly when
improving test code, so add this to the compiler flags in this case.
BUG=chrome-os-partner:21115
BRANCH=pit
TEST=manual
'make DEBUG=1' in the vboot directory within the chroot. See that the test
executables are now build with debugging info and gdb has line number
information.
Change-Id: Icaedae67151883673525930e25cf8b1f30654339
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/66172
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some functions of vboot are disabled for sandbox because sandbox could not
support them. This has changed, so remove the sandbox #ifdefs in the code.
Some printf() strings cause warnings on sandbox - mostly that uin64_t is
not 'long long' on a 64-bit machine. The existing format strings in U-Boot
do not seem to take account of this, so add casts to remove the warnings.
Also add a few more debug strings to make it easier to see what is happening
in the vboot flow.
BUG=chrome-os-partner:21115
BRANCH=pit
TEST=manual
crosfw -b sandbox -V
See there are no warnings.
Change-Id: I86f90a693e4bd23fcacf6d48297dd32229348dd4
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/65621
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "-p internal:bus=*" is now deprecated by "-p {host,ec}" because we may have
EC on SPI bus.
BUG=none
TEST=manually executed dev_debug_vboot and see correct output.
BRANCH=none
Change-Id: I6363c09c2ebf57812bf35b7db220303a2786db20
Reviewed-on: https://gerrit.chromium.org/gerrit/66321
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Yung-Chieh Lo <yjlou@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This tells the boot loader the number of firmware types that are supported,
so that it can declare arrays of that size.
BUG=chrome-os-partner:21115
BRANCH=pit
TEST=manual
Build for pit, link, daisy
Change-Id: Ib10e559af29b8dfe78268eb6e0465a245427313e
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/66095
Reviewed-by: Che-Liang Chiou <clchiou@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In many cases format strings in vboot_reference do not match their
parameters, which causes all kind of ugly results when examining debug
output.
Enforce proper format verification.
CQ-DEPEND=CL:65396
BRANCH=pit
BUG=none
TEST=manual
. compiled cleanly in vboot_reference, observed debug printouts
making sense.
Change-Id: I58d5ba1f9097ef9922fbaeb7a9946aadf5eb8617
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/65394
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These function prototypes changed recently and the mocked driver is not
building any longer.
BUG=none
BRANCH=none
TEST=successful build with MOCK_TPM=1
Change-Id: Iaaf2d2c2883add7a478d7ee887b06e45c65e1bb2
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/65338
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a helper script intended for the signing servers to use to strip
out the /boot directory from images just before signing.
BUG=chromium:210352
TEST=Manually used to strip and image and validated the results.
BRANCH=None
Change-Id: I814522284143d8f90651e13000d428718aeca1e4
Reviewed-on: https://gerrit.chromium.org/gerrit/60828
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Don Garrett <dgarrett@chromium.org>
Tested-by: Don Garrett <dgarrett@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In several places the existing code assumes LBA, but was improperly converted
to use byte offsets, so multiply by the sector size to correct it and maintain
the same interface between MTD & GPT.
Also, since we will need to cgpt create on /dev/fts, which isn't a stat()able
device, allow providing the disk size on the commandline.
BRANCH=none
BUG=chromium:221745
TEST=make runtests; cgpt create -s 12345 on MTD image
Change-Id: Icc89a4505aba9a3dfc39b176a372f6e12d106aed
Reviewed-on: https://gerrit.chromium.org/gerrit/62675
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add labels to MTD partitions and clean up some of the show code, adding more
info on the MTD prints and eliminating duplicated code.
BRANCH=none
TEST=make runtests & manual cgpt add -l "label"; cgpt show to verify labels
BUG=none
Change-Id: I59736128f394c2aca937a3a0bb5fc5d42b0149a9
Reviewed-on: https://gerrit.chromium.org/gerrit/63367
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
firmware/lib/flash_ts.c: In function 'flash_ts_find_writeable_spot':
firmware/lib/flash_ts.c:180:5: error:
implicit declaration of function 'VbExDebug' [-Werror=implicit-function-declaration]
cc1: all warnings being treated as errors
BUG=None
TEST=`make` works
TEST=`make DEBUG=1` works
BRANCH=none
Change-Id: Id529ca885828ca38d5230f41f81d4b87395c5e65
Reviewed-on: https://gerrit.chromium.org/gerrit/59654
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's extremely helpful to know what a device's gbb flags are when
running vboot. It aids in debugging issues by providing more
information and context.
BUG=None
BRANCH=None
TEST=Built and booted. Checked log.
Change-Id: I663de6f617f0e8c74e2b2f3b7a2be63f4a9c020a
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/63489
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On MTD devices, don't always enable MTD mode - the installer needs to
be able to access both the GPT disk and the MTD disk, so only
enable it if we install to /dev/fts
BRANCH=none
BUG=chromium:221745
TEST=make runtests
Change-Id: I7688e6bc758ef47cfb9d468c1224ef43b2043d02
Reviewed-on: https://gerrit.chromium.org/gerrit/62662
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed sign_official_build.sh to work with PARTUUID in the linux format,
PARTUUID=%U/PARTNROFF=1. Had to handle the '/'.
Also fixed a misspelled variable name, devcie -> device. It worked
before because a NULL string generated the right results in the
current configuration.
BUG=chromium:224066
TEST=~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh recovery /home/taysom/trunk/src/build/images/$B/latest/recovery_image.bin /home/taysom/trunk/src/platform/vboot_reference/tests/devkeys /tmp/taysom.bin
BRANCH=none
Change-Id: Id201885a63c6eba4cdb7c9216c0d3d35e6d3f0c4
Reviewed-on: https://gerrit.chromium.org/gerrit/61889
Tested-by: Paul Taysom <taysom@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Paul Taysom <taysom@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SetupTPM no longer uses recovery_mode parameter for anything other than
a debug print. This change moves the debug print to a caller function,
then removes recovery_mode from SetupTPM and some caller functions that
no longer have a use for it.
BUG=chrome-os-partner:20913.
TEST=Manual. Boot factory install shim in recovery mode and verify TPM
clear operations succeed. Boot in dev mode and verify "Lock physical
presence" print on UART.
BRANCH=None.
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: I2f671f6680a6e67cf722855e659e99752bc0783c
Reviewed-on: https://gerrit.chromium.org/gerrit/62916
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RollbackKernelLock previously checked a global to determine recovery
mode state. Since we have two copies of vboot_reference in firmware
(in coreboot and depthcharge), this creates a problem with
synchronization. Remove the global entirely and instead pass the
recovery state to RollbackKernelLock.
BUG=chrome-os-partner:20913.
TEST=Manual. Boot factory install shim in recovery mode and verify TPM
clear operations succeed. Boot in dev mode and verify "Lock physical
presence" print on UART.
BRANCH=FalcoPeppy.
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: I4e751d4a9ca60cd57c5c662ce86eba595fb22ba2
Reviewed-on: https://gerrit.chromium.org/gerrit/62874
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
So the quick & dirty hack is to just modify the cgpt command to be
cgpt -N=<MTD magic> <rest of the commands>
There are a couple limitations of the MTD command versions that will cause
them to always fail, so they're skipped if the second argument is empty - boot,
adding unknown GUIDs and more than 15 partitions.
BUG=chromium:221745
TEST=MTD version of run_cgpt_tests.sh passes
BRANCH=none
Original-Change-Id: Ida0debdefdc736f38e616801f6a40e67d393f405
Reviewed-on: https://gerrit.chromium.org/gerrit/47177
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
(cherry picked from commit 53fd488fc772e2ed964331fe98eaa21d2a1e471b)
Change-Id: Id7af245cc0e8c2dc00fe9ceab9ce0be0e47882ec
Reviewed-on: https://gerrit.chromium.org/gerrit/49796
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:252331
TEST='make runtests' still passes
BRANCH=none
Change-Id: I1deb70766b811b070f0f412cb5cfa583250dd687
Reviewed-on: https://gerrit.chromium.org/gerrit/61328
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
Reviewed-by: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems likely that this is causing the reported autoupdate failure,
although it will take a bit of time to understand the mechanism. For
now, a revert seems safest.
BUG=chromium:20939
BRANCH=none
TEST=none
This revert should be safe since it takes us back to the previous behavior.
I will work on repeating the problem and diagnosing it properly.
This reverts commit c1bbc75e3ba77019c62eda69db556109faeba607.
Change-Id: I303fcbf45d835639b6d5a7f5f6423d0c18890ddf
Reviewed-on: https://gerrit.chromium.org/gerrit/62004
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New ARM boards use an FDTMAP, which is basically just an FDT. This means
that we don't have two potentially conflicting flash maps in the image.
Flashrom supports this without issue, but the firmware signer needs
dump_fmap to support it also.
It would be nice if we had libfmap implementing all this, but this is
apparently a long-running clean-up task. So the next best thing is to
deal with the flashmap in one program - i.e. flashrom.
So support FDTMAP in futility by redirecting 'dump_fmap -x' to flashrom.
BUG=chromium:256912
BRANCH=none
TEST=manual
With the flashrom -x option added, run this:
sudo futility dump_fmap -x /build/peach_pit/firmware/image-peach-pit.bin
gbb_utility --rootkey=rootkey.bin GBB
See that the various chunks of data from the image are output and that
gbb_utility completes without error.
Change-Id: Id8b2c774a16bdd07968765be5e6609b1b0661a0f
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/60862
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per the discussion on issue 221745 we will be using 64-bit byte offsets
for the MTD partition table and converting to/from sectors internally in cgpt.
Existing interfaces do not change, eg sizes are still reported in sectors, only
the on-disk representation is affected.
BRANCH=none
BUG=chromium:221745
TEST=unit tests pass
Change-Id: Id312d42783acfdabe6eb8aea11dcbd298e00a100
Reviewed-on: https://gerrit.chromium.org/gerrit/60919
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
Reviewed-by: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Additionally renames the new functions in add to be CamelCase style
BUG=chromium:221745
TEST=MTD version of run_cgpt_tests.sh passes
BRANCH=none
Original-Change-Id: Ic173f99d7ca4af025403ab11f37061c33c9d59ea
Reviewed-on: https://gerrit.chromium.org/gerrit/47173
Tested-by: Albert Chaulk <achaulk@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
(cherry picked from commit c3aad2fd06a21097cffd10ec5b168e728616b868)
Change-Id: Ib3bb947ffcd5c0f40398a27a721e392b895c9da0
Reviewed-on: https://gerrit.chromium.org/gerrit/49795
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If FW hash is invalid, it is possible for boot to continue as normal
because the shared recovery reason is not updated. Update the shared
recovery reason to ensure the bootloader knows to do a recovery boot.
This change affects only systems that do not support RO_NORMAL (ex.
Haswell systems).
BUG=chrome-os-partner:20518.
TEST=Run firmware_CorruptBothFwSigAB on Peppy, verify PASS.
BRANCH=None.
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: I3b311416bf8c504deb4154e5850d967253c9dc17
Reviewed-on: https://gerrit.chromium.org/gerrit/60148
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Commit-Queue: Shawn Nematbakhsh <shawnn@chromium.org>
Tested-by: Shawn Nematbakhsh <shawnn@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:221745
TEST=MTD version of run_cgpt_tests.sh passes
BRANCH=none
Change-Id: I8a5c1afab238eb10f38d865405ea2828715685d8
Original-Change-Id: I3d72fecbb3ef95252aa35d56885288340537b1c5
Reviewed-on: https://gerrit.chromium.org/gerrit/47175
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/49794
Reviewed-by: Albert Chaulk <achaulk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix some bugs in the cgpt implementation of the flash I/O functions & load
logic, it was validating too much at load time.
Implement the create command for MTD
BUG=chromium:221745
TEST=MTD version of run_cgpt_tests.sh passes
BRANCH=none
Original-Change-Id: I2f52637d82962f4d805aa827c5c37685f10e76ea
Reviewed-on: https://gerrit.chromium.org/gerrit/47172
Tested-by: Albert Chaulk <achaulk@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
(cherry picked from commit 931544744ba410dad267064b87d504b0b4c24772)
Change-Id: If9364155fb2c030645adc6ee6f3fbe5373bcc153
Reviewed-on: https://gerrit.chromium.org/gerrit/49793
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
Reviewed-by: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a partition isn't "defined", then don't declare its size as 1.
BUG=chromium:236941
TEST=`cbuildbot {x86,amd64,arm}-generic-full` pass
TEST=`cgpt show -i 100 -s chromiumos_image.bin` shows 0
BRANCH=none
Change-Id: I538546b6b37a9137958d6f926a58753cf52c946a
Reviewed-on: https://gerrit.chromium.org/gerrit/50074
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=none
BUG=none
TEST=manual
. observe proper function name reported in the debug output
Change-Id: I03f87f0f5816db73a105687cd1a67f21c891f677
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/59642
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Firmware images reading its own FMAP structure may have FMAP signature in code
and cause dump_fmap to parse incorrectly. Since currently there is only one
major version for FMAP (and the structure defined in fmap.h also applies only to
current version), we can improve that by checking major version number to skip
signatures in firmware code.
BUG=chromium:236347
TEST=emerge vboot_reference; dump_fmap /build/daisy/firmware/image.bin # success
BRANCH=none
Change-Id: I1d8f49bb88357e7a3a945fbdba9d9a7c4e177ac4
Reviewed-on: https://gerrit.chromium.org/gerrit/59362
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: David Hendricks <dhendrix@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Gabe Black <gabeblack@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enables MTD mode with a command line option of
-N=<write page bytes>,<write pages per erase block>,
<erase block offset to fts partition>,<erase block size of fts partition>
The problem is that we need to know exactly where the fts store partition is
and what the layout of the flash chip is in order to be able to use it
properly. This will vary per-device however, so for flexibility and testing
purposes, this command line option allows specification of arbitrary layouts.
BUG=chromium:221745
BRANCH=none
TEST=verified during development via prints
Original-Change-Id: I88640e777d5ccd4ffd3b39e1f131dc1d362c6b2c
Reviewed-on: https://gerrit.chromium.org/gerrit/46920
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
Reviewed-by: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
(cherry picked from commit 2b768f99d246823f3711bbe4cf50ea9ab4588a06)
Change-Id: I35591d4fbec13c3887beef11fdefc84fc90b8e05
Reviewed-on: https://gerrit.chromium.org/gerrit/49792
Reviewed-by: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is used on peach_pit.
BRANCH=none
BUG=none
TEST=manual
. on peach-pit:
localhost ~ # echo $(crossystem arch)
arm
localhost ~ #
Change-Id: Ia9a4ea2291d6b672fca1c9e1305961eedc4f60cf
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/59339
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide an MTD implementation of several common functions in cgpt_common.c
BUG=chromium:221745
BRANCH=none
TEST=none
Original-Change-Id: Ib3248c283ca31e33a91b9ea0c14b2f72ea7c5850
Reviewed-on: https://gerrit.chromium.org/gerrit/47029
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
(cherry picked from commit b0bd7e4cf8dd15cc3c371dac157093c7e7c7a874)
Change-Id: I243c2bf98a88d0019c332b274868459b5f1b8ea1
Reviewed-on: https://gerrit.chromium.org/gerrit/49791
Reviewed-by: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide implementations for "boot" and "legacy" that error out in MTD mode and
"repair" that is a no-op. Eventually if/when we add redundancy, repair will do
something, but boot/legacy never will.
BUG=chromium:221745
BRANCH=none
TEST=none
Original-Change-Id: Ie537f20d8dff9d14fb83d0431bd48453bff0217d
Reviewed-on: https://gerrit.chromium.org/gerrit/46883
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
Reviewed-by: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
(cherry picked from commit 00c4bc52e35c7c77ebe73322693a457b3dd072f9)
Change-Id: I90e6118114554a05245fb8cfcec9567c4705ea96
Reviewed-on: https://gerrit.chromium.org/gerrit/49790
Reviewed-by: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) GBB flag to skip EC software sync, so EC will be untouched. Needed
for EC development.
2) GBB flag to default to booting legacy at end of dev screen timeout.
Very handy for booting Ubuntu (or other OS).
Also added unit tests for the new flags.
BUG=chrome-os-partner:20111
BRANCH=none
TEST=make runtests
Change-Id: I9da87d87014881a1b1393b0b4a5acb921d080066
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/58270
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This means that in normal mode the system will boot all the way to the
OS before shutting down.
In developer or recovery modes, the BIOS screens will still check for
shutdown requested and shut down if so. This is necessary in
developer mode for security reasons, and because there's no guarantee
that a dev OS will still pay attention to the lid switch.
BUG=chrome-os-partner:17521
BRANCH=spring
TEST=make runtests; unit tests pass
Change-Id: I0698b659ad0febcf73043f1e8c5b98681c1bc5ba
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/58109
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Integrates the FTS driver into cgpt. This driver is binary-format compatible
with the linux driver for interoperabiilty. The cgpt changes load & store a
hex-encoded mtd partition table in the FTS; we need some sort of encoding
because FTS only stores NUL-terminated strings.
Currently, the mtd code paths aren't executed in cgpt, only in the tests. It's
also not hooked up to the vboot code yet, we will need to do that eventually.
BUG=chromium:221745
TEST=new unit test added
BRANCH=none
Change-Id: I94eb0389d29aca0beb9d9a644465c7d86161b3c2
Original-Change-Id: I9fe2fa91b666572563426adb8fa9d426f9b60bbf
Reviewed-on: https://gerrit.chromium.org/gerrit/46796
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
Reviewed-by: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/49789
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
0x8086,0x0a04 is Haswell ULT
0x8086,0x0c04 is Haswell Mobile
BUG=chrome-os-partner:19263
BRANCH=none
TEST=manual test on slippy hardware:
$ crossystem platform_family
Haswell
Change-Id: Ia885d0c8f0be2fb626257ca513f581df50259173
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/56075
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
