| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Function no longer needs the `params` argument. Use more
precise language, replacing the term "OS" with "kernel".
This CL is part of a series to merge vboot1 and vboot2.0
kernel verification code; see b/181739551.
BUG=b:181739551
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ie4162760744a6c341fee122c5be247d86bd49c05
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2741921
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reorder errors in enum vb2_ui_error to match the order in bmpblk. Also
rename VB2_UI_ERROR_EXTERNAL_BOOT_NOT_ENABLED to
VB2_UI_ERROR_EXTERNAL_BOOT_DISABLED for consistency with
VB2_UI_ERROR_ALTFW_DISABLED.
BUG=b:144969091
TEST=make runtests
TEST=emerge-asurada depthcharge
BRANCH=none
Cq-Depend: chromium:2682057
Change-Id: Id8859be3e451c077dd7689b51e98a410d5987874
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2746898
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename vboot_mode enum to better match vboot2 coding style.
Also add a test case for checking developer key hash while
in recovery mode.
This CL is part of a series to merge vboot1 and vboot2.0
kernel verification code; see b/181739551.
BUG=b:181739551
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I4ac141df17c5e53caebe605f0fb6a186130ed6d5
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2730357
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In CL:2716747, VB2_SCREEN_DEVELOPER_TO_NORM is pulled up to act
as the root screen in the case of dev boot being disallowed.
As such, the screen changes can be removed from
VB2_SCREEN_DEVELOPER_MODE init() and reinit() functions.
If the user does manage to get into the developer mode screen
while developer mode is disabled, rely on the individual checks
in these functions to prevent booting:
- vb2_ui_developer_mode_boot_internal_action
- vb2_ui_developer_mode_boot_external_action
- vb2_ui_developer_mode_boot_altfw_action
BUG=b:159579189, b:181087237
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ic72d30709baeac2fc7e681d973413e2e9c8b0483
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2730669
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the gsc signer reads the contents of the payload it finds
out if it is a cr50 or ti50 chip. We write the chip type to a
.rename file next to the bin (which has a @CHIP@ in the path) so
that the signer can rename the artifact for placement.
Signed-off-by: George Engelbrecht <engeg@google.com>
BRANCH=None
BUG=b:179964270
TEST=local signer
Change-Id: I0600cb60bb614111802119293ba0c63f2b61c231
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2728736
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: George Engelbrecht <engeg@google.com>
Tested-by: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for using HW hashing acceleration in kernel verification.
BUG=b:162551138
BRANCH=zork
TEST=CC=x86_64-pc-linux-gnu-clang make runtests
Signed-off-by: Kangheui Won <khwon@chromium.org>
Change-Id: Ia03ff7f49bd18393c0daeab72348414fa059e0cd
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2639456
Reviewed-by: Raul E Rangel <rrangel@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new log_page_update function to maintain the state of page up/down
buttons.
BUG=b:174127808
TEST=make clean && CC=x86_64-pc-linux-gnu-clang make runtests
BRANCH=none
Signed-off-by: Chung-Sheng Wu <chungsheng@google.com>
Change-Id: I6c396af3139229771557f017b816ea93aba27be2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2641979
Tested-by: Chung-Sheng Wu <chungsheng@chromium.org>
Commit-Queue: Chung-Sheng Wu <chungsheng@chromium.org>
Reviewed-by: Meng-Huan Yu <menghuan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In current codebase, VB2_REQUEST_UI_CONTINUE is for successful ui
function call, and VB2_SUCCESS is for breaking the main ui loop.
Replace most of the VB2_REQUEST_UI_CONTINUE with VB2_SUCCESS, and
replace those breaking requesting VB2_SUCCESS with VB2_REQUEST_UI_EXIT.
All the "VB2_REQUEST_UI_CONTINUE" and "VB2_REQUEST_UI_EXIT" are caught
in the ui loop. VB2_REQUEST_UI_CONTINUE does nothing while
VB2_REQUEST_UI_EXIT breaks the ui loop and return VB2_SUCCESS. Returning
VB2_SUCCESS and VB2_REQUEST_UI_CONTINUE to the ui loop now should do the
same thing, that is, continue process the ui.
VB2_REQUEST_UI_CONTINUE can be used to quickly return from ui functions
to the main UI loop, because it is not VB2_SUCCESS and makes VB2_TRY
return.
BRANCH=none
BUG=b:157625765
TEST=make clean && CC=x86_64-pc-linux-gnu-clang make runtests
Signed-off-by: Chung-Sheng Wu <chungsheng@google.com>
Change-Id: If1b54657d09198196f9c646b6b907b4fd8faadce
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2714502
Tested-by: Chung-Sheng Wu <chungsheng@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Chung-Sheng Wu <chungsheng@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename storage to storage health info to prevent confusing with storage
self-test.
BRANCH=none
BUG=b:173364332
TEST=make clean && CC=x86_64-pc-linux-gnu-clang make runtests
Cq-Depend: chromium:2709784
Signed-off-by: Chung-Sheng Wu <chungsheng@google.com>
Change-Id: I6c5e355e2062b8c371dbbeff8a5f1b9445bac9f0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2719252
Tested-by: Chung-Sheng Wu <chungsheng@chromium.org>
Commit-Queue: Chung-Sheng Wu <chungsheng@chromium.org>
Reviewed-by: Meng-Huan Yu <menghuan@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=None
BUG=None
TEST=None
Change-Id: I9eeb580f720ceb42a5950b1de7fbc961058f5970
Signed-off-by: Philip Chen <philipchen@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2739702
Tested-by: Philip Chen <philipchen@chromium.org>
Commit-Queue: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without returning, subsequent code may operate under the
assumption that the screen has *not* changed, leading to
unexpected behaviour. The user may also be able to select
otherwise disallowed menu items.
BUG=b:181087237, chromium:1181484
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I820e387417ad39e2f7bd47f65d08c387cf66d6e5
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2717449
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change UI root screen to DEVELOPER_TO_NORM if DEV_DISABLE_BOOT is set in
FWMP, and disable all dev-mode shortcuts except '\t'. This ensures
DEVELOPER_TO_NORM and VB2_SCREEN_DEBUG_INFO are the only two screens
accessible from the UI.
Also hide the "Cancel" menu item in DEVELOPER_TO_NORM.
BUG=b:159579189, chromium:1181484
TEST=make runtests
TEST=emerge-asurada depthcharge
BRANCH=none
Change-Id: Ifedb53ae2eb968b1118340aef30cda00b7925f03
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2716747
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After these functions are called, no assumptions may be made
about which screen is currently displayed, and thus execution
should return to ui_loop:
- vb2_ui_menu_select
- vb2_ui_screen_back
- vb2_ui_screen_change
When VB2_TRY() is wrapped around these functions, the result
should be returning immediately. No code following the functions
should be executed. Add unit test coverage for this.
BUG=b:157625765
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I4fc2a1eb59012eeefce34d25f010a49cb1d957de
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2721377
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Standardize on the term "altfw" (short form) and
"alternate bootloader" (long form) in both code and
documentation.
Remove the VbAltFwIndex_t enum, and replace with a
simple uint32_t.
Rename VbExLegacy to vb2ex_run_altfw, and move
to vboot2 namespace.
Rename crossystem param dev_boot_legacy to
dev_boot_altfw, but leave an alias.
Rename crossystem param dev_default_boot value
from legacy to altfw, but leave an alias.
BUG=b:179458327
TEST=make clean && make runtests
TEST=emerge vboot_reference and check output for:
crossystem dev_boot_legacy=0
crossystem dev_boot_altfw=0
crossystem dev_default_boot=legacy
crossystem dev_default_boot=altfw
BRANCH=none
Cq-Depend: chromium:2641196
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I289df63d992a3d9ae3845c59779ecbd115b18ee2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2641346
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After implemented the driver-level TPM2.0 simulator on VM boards, the
mount-encrypted would use the vTPM to encrypted the file system.
We would need to remove the TPM simulator NVChip when we want to
hard reset the TPM on VM.
And we don't need to remove the mount-encrypted key after we landed
the driver-level TPM simulator on all VM boards.
BUG=b:174807059
BRANCH=none
TEST=crossystem clear_tpm_owner_request=1
TEST=crossystem clear_tpm_owner_request // showing the right value
Cq-Depend: chromium:2576865, chromium:2638953
Signed-off-by: Yi Chou <yich@google.com>
Change-Id: Iba2c9b93ed9e558a9163542dfc1fbcb738c1d83d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2576867
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clang is complaining about missing prototypes e.g.
tests/vb2_preamble_fuzzer.c:43:13: error: no previous
prototype for function 'vb2_check_padding'
[-Werror,-Wmissing-prototypes]
Add the header "2rsa_private.h" to fix fuzzer builders.
BUG=chromium:1172055
TEST=tryjob
Signed-off-by: Manoj Gupta <manojgupta@google.com>
Change-Id: I9593e1f747939a38c33226f98570fa5423570362
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2658033
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Manoj Gupta <manojgupta@chromium.org>
Tested-by: Manoj Gupta <manojgupta@chromium.org>
Auto-Submit: Manoj Gupta <manojgupta@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement TlclExtend, which sends a TPM2_PCR_Extend command to extend
the indicated PCR.
BUG=b:174807059
BRANCH=none
TEST=After stopped trunksd run "tpmc pcrextend <index> <extend hex>" to
extend the PCR. Start trunksd and run "trunks_client --read_pcr
--index=<index>" would see the PCR value changed.
Disallow-Recycled-Builds: test-failures
Signed-off-by: Yi Chou <yich@google.com>
Change-Id: I5b11fcf7de83186a29e1abed43f443ac9ca426fb
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2632019
Reviewed-by: Leo Lai <cylai@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
s/@returns/@return/g for consistency.
BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: If5ef147761111294b0eca532e56e683fd787bee6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2641345
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, functions that need to be tested but not exposed
to vboot API were placed in vboot_test.h. Now, the approach
of placing them in a xyz_private.h header file is preferred.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I8be50d95c533b277b509aabb503ae05f69662a33
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2641344
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Function is only used in 2secdata_kernel.c. Convert to
a static function, and remove its header.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ib45abe68f0d4d025160c800c91dd2d2525dd1e3e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2641343
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No longer used with new vboot UI; remove.
(Missed this in the prior removal of legacy UI code.)
BUG=b:167643628, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I01383071dee6257921547302fe4a2977b3521195
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2641342
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move vb2ex_mtime stub from vboot_api_stub_init
into 2lib/2stub.c in vboot2 namespace.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ica27630090f854e1abc56acae0294b68deb74a0f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2635676
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Collect all auxfw and EC-related stubs in the vboot2
namespace within 2lib/2stub.c.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: If09a13df10aa78deee696f4422615b635238f3cf
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2635675
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Collect all UI-related stubs in the vboot2 namespace
within 2lib/2stub.c.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I64cb44f5e1db25b96a1a4a266b78f02e82110c5f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2635674
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As can be seen in <https://crrev.com/c/2325190>, flashrom can take a
"custom_rst=true" parameter. Flashrom passes this on to Cr50 and
tells it not to reset. Among other things, this can be useful to work
around hardware bugs where asserting reset puts us in a bad state.
Let's add a parameter to futility can specify this mode. We'll enable
this just for "--servo" mode of flashrom and not "--ccd" mode.
Presumably we want "--ccd" to remain simple / autoconfiguring and this
is a bit more of an advanced tweak.
BRANCH=None
BUG=b:177664356
TEST=Can flash coachz with futility
Change-Id: Iab188a92c4eae6373d38fe68ee4107f3e8aa5851
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Disallow-Recycled-Builds: test-failures
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2638108
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bob Moragues <moragues@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
grep returns exit code 1, if pattern was not found, and due to `set -e`
ensure_not_tainted_license.sh exits immediately with code 1. This change
fixes it.
This change also ensures that the correct code 1 is returned when the
pattern is found.
BUG=chromium:1163996
TEST=N/A
BRANCH=none
Signed-off-by: Sergey Frolov <sfrolov@google.com>
Change-Id: Idd33cec8795420ca1aab9ab1490a338a04d20257
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2638856
Tested-by: George Engelbrecht <engeg@google.com>
Commit-Queue: George Engelbrecht <engeg@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Function stubs in vboot2 namespace are all marked with
__attribute__((weak)) tags, whereas those in vboot1
are not. Add the tag to stubs in vboot1 for consistency.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I8e54ef82882bd80720f810c17f41e902af244ead
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2635673
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lib20/packed_key.c functions are currently called throughout
2lib namespace, so move to 2lib/2packed_key.c.
Move function declarations from vb2_common.h to 2packed_key.h,
and include 2packed_key.h from 2common.h.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I151b2d41cbbfa1bfd03de301bd4ee69c49e81f3b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2635220
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lib20/misc.c contains only functions related to firmware
verification, which are currently called from 2lib/2api.c,
so move this to 2lib/2firmware.c.
Move its unit test file accordingly.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ibaeea168ed5055d47d4be86f5b3bb0f803f97dad
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2635219
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes ensure_not_tainted_license.sh only emit a warning if
license file is not found, as opposed to failing.
BUG=chromium:1163996
TEST=N/A
BRANCH=none
Change-Id: I14103bc520efabf3e0c1424e8a5cae259d42c966
Signed-off-by: Sergey Frolov <sfrolov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2632876
Commit-Queue: George Engelbrecht <engeg@google.com>
Reviewed-by: George Engelbrecht <engeg@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clean up the diag request flag to avoid potential reboot loop if somehow
a forced reboot occurs.
BRANCH=puff,zork,volteer,trogdor,dedede
BUG=b:177303714
TEST=CQ
TEST=FEATURES=test P2_TEST_FILTER='*' emerge-zork vboot_reference
TEST=boot to minidiag and then do hardware reset, then expect boot to
OS instead of boot to minidiag again.
Signed-off-by: Meng-Huan Yu <menghuan@chromium.org>
Change-Id: I24815d512ca42b78dc42cafaebc666e6a53db793
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2624110
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL enabled the pre-boot diagolostic tools entry in recovery mode.
BRANCH=none
BUG=b:176947486
TEST=CQ
TEST=FEATURES=test P2_TEST_FILTER='*' emerge-zork vboot_reference
TEST=manually build, flash FW to device, and confirm minidiag works
Signed-off-by: Meng-Huan Yu <menghuan@chromium.org>
Change-Id: I8500cbaaa4e8d0f1aa668d56d38095ecdcf50aaf
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2617391
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a part of the work to ensure that tainted images are never
signed with MP keys. A special tainted tag was added to the license file by
https://chromium-review.googlesource.com/c/chromiumos/chromite/+/2560225
and in ensure_not_tainted.sh we detect the presence of this tag.
This script has been manually tested on tainted and non-tainted images.
BUG=chromium:1059363
TEST=manual
BRANCH=none
Change-Id: I17ca27bb7895f268a79cca3ad948808f0f96b8c7
Signed-off-by: Sergey Frolov <sfrolov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2607414
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Allen Webb <allenwebb@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit bc2317695965bb92b8809d9c06327adedcb0653c.
The reason for revert is that the signer needs to know the generated
file name, and in case vboot reference alters the name the signer
remains unaware of the change and is still looking for the file named
@CHIP@...
Some other means of figuring out the file name will be required, let's
stick with the @CHIP@ prefix for now.
BRANCH=none
BUG=b:173049030
TEST=none
Change-Id: I23ea65314d49e86fc4edb015e89b6076f87a54dd
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2605238
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: George Engelbrecht <engeg@google.com>
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When processing Gsc image singing request the signing server is not
aware of which chip the image is being signed for, the output file
name includes the string @CHIP@ and it is the responsibility of the
actual signing scripts to figure out if the image is for Cr50 or Ti50.
The destination image type is determined based no the signing manifest
contents, this patch add code to replace @CHIP@ with the actual image
type.
BRANCH=none
BUG=b:173049030
TEST=invoked the script to sign a Ti50 image locally, verified that
the produced signed image file had the expected name.
Change-Id: Ib1534ce50e0a44d0ec014e8dbee4e4d85c2082c9
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2596695
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ClusterFuzz still managed to find cases where we try to CRC a GPT
entries buffer that wasn't initialized. Not that that's really an issue
or anything... but this patch should shut it up.
BRANCH=none
BUG=chromium:1155876
TEST=none
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I3d0b4f34693d87b66513f398dd13441aba543c3a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2580110
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The major difference between Cr50 and Ti50 signing is that the RW
sections are represented differently: elf files in Cr50 case and ihex
files in Ti50 case.
Other differences include the produced signed final image size and the
offsets of the components in the final image.
The signing script is being updated to figure out all these
differences at run time. A new optional field is introduced in the
signing manifest, the 'generation'. If this field is absent or set to
'h' (for H1), the script proceeds with the Cr50 signing process. If
'generation' is set to 'd' (for D2), the script proceeds with the Ti50
signing process.
Instead of using fixed offsets into the final image, the base
addresses of the components in ihex format are used, the only fixed
value is the base address of the flash image in the chip address space
(0x40000 for H1 vs 0x80000 for D2).
To make this work for H1 the output format of the signed blob produced
by gsc-codesigner is changed from binary to ihex.
BRANCH=none
BUG=b:173049030
TEST=using this script and the signing_istructions.sh module produced
by the real Cr50 signer was able to produce functional images for
both Cr50 and Ti50.
Change-Id: I845be1101b09c9476fa27fbddb72607dc6cea901
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2570009
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the advent of D2 memory layout scheme it became impossible to
hardcode the base address of various components of the D2 firmware
image. Luckily, the components are represented as binary blobs in
Intel ihex format, which allows to retrieve the base address of the
component from the ihex records.
The address is composed of two elements: the segment base supplied in
the record type 02 or 04, and the record offset into the segment,
supplied in the data record of type 0.
The segment address is expressed as a 16 bit value, the actual value
shifted right either 4 bits (in case of record type 02) or 16 bits (in
case of record type 04). The data record offset is also a 16 bit
value.
The base address of the blob is calculated as
<segment address> + <first data record offset>
and is available from the first two records in the ihex module.
Detailed information of ihex file format can be found in
https://en.wikipedia.org/wiki/Intel_HEX .
BRANCH=none
BUG=b:173049030
TEST=with the next patch in the stack applied was able to successfully
build a multicomponent ti50 image.
Change-Id: I135c2f9960f1f218532c82bafd7acbe362414fc9
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2570008
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch does not yet provide the ability to sign Ti50 images, but
prepares the signing scripts for further modifications to support a
variety of security chip signing flows.
BRANCH=none
BUG=b:173049030
TEST=verified successful signing of a Cr50 image in a test signer
setup
also created a functional Cr50 image invoking
sign_official_build.sh by hand.
Change-Id: Ic103c9fdf7d1c4ea160c7f6849d5ae5a8303c343
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2537078
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some devices may have flashed firmware with different platform name in
their early stage (especially in the first build of leading devices),
so we do want to provide an explicit way (not just --force) to skip
checking platform name.
The change CL:2059621 does not help because the loaded system
firmware looks good.
This is implemented as a quirk so we can enable it using a CBFS quirk
file, making it easier to be deployed by auto update.
BRANCH=None
BUG=None
TEST=make runtests
Change-Id: I888d5848921d31c9b7cba1b96c42d38fda71927e
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2573999
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously we used a flag in preamble to prevent HW acceleration for SHA
hashing. However we started to use kernel TPM flag for RSA part since we
can use the flag in preamble only after we verified preamble.
No need to keep both for same objective, so deprecate old flag and
change code to use TPM flag.
BUG=b:166038345
BRANCH=zork
TEST=CC=x86_64-pc-linux-gnu-clang make runtests
TEST=boot Ezkinil, check HW acceleration is used for SHA
Signed-off-by: Kangheui Won <khwon@chromium.org>
Change-Id: I81b174dbe285fa3f68a22667b6af14a52b06b112
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2566866
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Initially vb2_hwcrypto_rsa_allowed were meant to only determine if we
can use rsa hardware acceleration. However we're planning to also use
this method for hashing, hence drop rsa from the name.
BUG=b:166038345
BRANCH=zork
TEST=CC=x86_64-pc-linux-gnu-clang make runtests
Signed-off-by: Kangheui Won <khwon@chromium.org>
Change-Id: I9efb05b3d035dcd584a47d006415ea87bf931ad6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2566865
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds extra verifications to many Android signer operation in order
to narrow down the problem when empty folders are removed from the disk.
BUG=chromium:1154734
TEST=Locally image signing passed. Emulated problem and it was detected.
BRANCH=none
Signed-off-by: Yury Khmel <khmel@google.com>
Change-Id: If8bb9fced290117766bfa9ff76a25fc86ed263dc
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2572240
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:146399181, b:167643628
TEST=make clean && make runtests
TEST=Build and flash to device
BRANCH=none
Cq-Depend: chromium:2512739
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ia8d95451d55142fbe9acaa6e49de9b5abe134083
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2512740
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to the gcc docs:
-fPIE
These options are similar to -fpic and -fPIC, but generated position
independent code can be only linked into executables
Example failure when linking against shared library:
FAILED: lib/libbrillo-core.so
x86_64-cros-linux-gnu-clang++ -shared -Wl,-O2 -Wl,--as-needed
-Wl,--gc-sections -Wl,--icf=all -Wl,-z,relro -Wl,-z,noexecstack
-Wl,-z,now -Wl,--as-needed --sysroot=/build/hatch -o
./lib/libbrillo-core.so -Wl,-soname=libbrillo-core.so
@lib/libbrillo-core.so.rsp
ld.lld: error: relocation R_X86_64_PC32 cannot be used against symbol
subprocess_stdin; recompile with -fPIC
>>> defined in
/build/hatch/usr/lib/../lib64/libvboot_host.a(subprocess.o)
>>> referenced by subprocess.c:278 (host/lib/subprocess.c:278)
>>> subprocess.o:(subprocess_run) in archive
/build/hatch/usr/lib/../lib64/libvboot_host.a
BRANCH=none
BUG=b:174578361
TEST=FEATURES="test" emerge-hatch vboot_reference
Change-Id: I5cda8dbe87d20d1b4b659459d861bc04f492e3e5
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2568259
Commit-Queue: Julius Werner <jwerner@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Call log_page_init(ui) to initialize button states in memory tests.
Add TODO comments for splitting out log_page_update().
BUG=b:173772273
BRANCH=zork
TEST=Build locally
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: Icc5504bfcbfefc264a01289cc7988e97064bc8fd
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2552308
Reviewed-by: Meng-Huan Yu <menghuan@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Test for warning flags that older gcc versions don't support
and only use them if supported.
BUG=none
TEST=vboot builds with gcc 4.9, ensured with manual tests that the
test_ccflag operator works correctly.
Change-Id: I14c8cbe9a687981f195d481f744db12d8877a3e0
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2550799
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Commit-Queue: Patrick Georgi <pgeorgi@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
They're not needed on the host (except for tests) and they trigger
a bug in GCC 4.9 (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=49132).
This way futility remains buildable with such an old host compiler,
even if firmware builds and serious work (with tests) needs a newer
compiler.
Error message averted (sample):
firmware/2lib/2ui_screens.c:17:32: error: initializer element is not constant
#define MENU_ITEMS(a) ((struct vb2_menu){ \
^
firmware/2lib/2ui_screens.c:1231:10: note: in expansion of macro 'MENU_ITEMS'
.menu = MENU_ITEMS(diagnostics_memory_items),
^
Change-Id: Ic5bd16e4d252df4297d57c5d41436f4322a1445c
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2553422
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Commit-Queue: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
gcc 4.9 doesn't know __has_attribute so don't expose it
for non-clang compilers
Change-Id: I991af712adbd56d64938a35b75b7de468154e3a6
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2553421
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Commit-Queue: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 6208b9aa9c4e8b7c9ff8063965c9f9aa519c1740.
Upstream coreboot has raised concerns that relying on GCC 7+ features
for host utilities is too restrictive, so revert this and go back to
customizing fallthrough annotations by compiler. Cleaned out some of the
C++-specific stuff because vboot isn't built with C++.
BRANCH=None
BUG=None
TEST=Built with clang and GCC.
Change-Id: I75d796d289b0a6c249fc8ac2dadb1453be468642
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2547821
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|