summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* sign_nv_cbootimage: Update script to match script from master branchfirmware-smaug-7900.Bfirmware-smaug-7132.BFurquan Shaikh2016-02-023-23/+263
| | | | | | | | | | | | | | | CQ-DEPEND=CL:325370, CL:325382 BUG=chrome-os-partner:43018 BRANCH=None TEST=Verified that signed image boots on dev-fused system. Change-Id: Ice6cfce11fbcababd896a17e9546bcbc75b4a970 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/325381 Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org>
* futility: add support for .pem with public keyVincent Palatin2015-10-208-21/+109
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for PEM file containing a RSA Public key in futility "show" and "create" commands. When "futility create" is given a PEM file with only a RSA public key, generate the proper .vbpubk2 rather than failing. BRANCH=smaug BUG=none TEST=make runtests and run manually futility show tests/testkeys/key_rsa4096.pub.pem futility show tests/testkeys/key_rsa4096.pem Reviewed-on: https://chromium-review.googlesource.com/306683 Commit-Ready: Vincent Palatin <vpalatin@chromium.org> Tested-by: Vincent Palatin <vpalatin@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org> (cherry picked from commit 27c90708e63f5f042aa52de6bc1b89c282ca8c4a) Change-Id: Idd82d88bd024e7af74046782dd374b9d8400bfb4 Reviewed-on: https://chromium-review.googlesource.com/307433 Reviewed-by: Vincent Palatin <vpalatin@chromium.org> Commit-Queue: Vincent Palatin <vpalatin@chromium.org> Tested-by: Vincent Palatin <vpalatin@chromium.org>
* futility: fix segfault on short filesVincent Palatin2015-10-203-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Verify the size of the buffer read from the file before trying to use 1KB of it for the new rwsig format detection. Add a new test case with a short file containing only 4 bytes of unknown data and run "futility show" on it. BRANCH=smaug BUG=none TEST=futility show foobar.pub.pem where foobar.pub.pem is a 451-byte file. check that "make runtests" passes with the fix and fails without it with the following message : test_file_types.sh ... failed FAIL: 13 / 14 passed Reviewed-on: https://chromium-review.googlesource.com/306682 Commit-Ready: Vincent Palatin <vpalatin@chromium.org> Tested-by: Vincent Palatin <vpalatin@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org> (cherry picked from commit 4d47243c9088ef295892fbc25b9c3622e43ad639) Change-Id: Ie0865733811cea93a75a35f8e5b2154d0134bd90 Reviewed-on: https://chromium-review.googlesource.com/307432 Reviewed-by: Vincent Palatin <vpalatin@chromium.org> Commit-Queue: Vincent Palatin <vpalatin@chromium.org> Tested-by: Vincent Palatin <vpalatin@chromium.org>
* futility: Revised support for RO+RW firmwareBill Richardson2015-10-206-179/+223
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The "rwsig" type is used for independent device firmware (not Chromebook BIOS) that need to verify themselves instead of using software sync. The expected use case is that a RO firmware contains a vb2_public_key struct along with an FMAP or other pointers to a slot for RW firmware. The RW firmware slot reserves room for a vb2_signature struct. This CL changes the args and behavior of the rwsig type, so that the RW firmware can be [re]signed independently of the rest of the image. BUG=chrome-os-partner:46254 BRANCH=smaug,ToT TEST=make runtests, manual Create a keypair: futility create --desc "Key One" tests/testkeys/key_rsa2048.pem foo Sign a RW binary and build a complete image out of the parts: futility sign --type rwsig --prikey foo.vbprik2 rw.bin sig.bin dd if=/dev/zero bs=65536 count=1 of=image.bin dd if=rw.bin of=image.bin conv=notrunc dd if=sig.bin bs=$((65536 - 1024)) seek=1 of=image.bin conv=notrunc Verify both the separate parts and the combined image: futility show --type rwsig --pubkey foo.vbpubk2 rw.bin sig.bin futility show --type rwsig --pubkey foo.vbpubk2 image.bin Re-sign the combined image with a different keypair: futility create --desc "Key Two" tests/testkeys/key_rsa1024.pem bar futility sign --type rwsig --prikey bar.vbprik2 image.bin Now the first key no longer verifies: futility show --type rwsig --pubkey foo.vbpubk2 image.bin But the second key does: futility show --type rwsig --pubkey bar.vbpubk2 image.bin Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/305980 Tested-by: Vincent Palatin <vpalatin@chromium.org> Reviewed-by: Vincent Palatin <vpalatin@chromium.org> (cherry picked from commit 02ac2885fd797fba7f12ef040f0eb041dda7af20) Change-Id: Ia4e9871ffde4720003d3c0acd89ef94fc8ba4776 Reviewed-on: https://chromium-review.googlesource.com/307431 Reviewed-by: Vincent Palatin <vpalatin@chromium.org> Commit-Queue: Vincent Palatin <vpalatin@chromium.org> Tested-by: Vincent Palatin <vpalatin@chromium.org>
* futility: Support for signing RO+RW firmwareBill Richardson2015-10-207-4/+282
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the "rwsig" type, with initial support for RO+RW firmware images that need to verify themselves instead of using software sync. This uses our vb2 structs instead of raw binary blobs. That will help us locate, identify, and verify the keys and signatures in the signed firmware images. BUG=chrome-os-partner:46254 BRANCH=smaug,ToT TEST=make runtests I also hacked up a test board with the EC-side signature verification routines from a preliminary CL and tested this signing scheme with that. It works. Additional work is needed to make this seamless, but you can try it out like so: futility create ./tests/testkeys/key_rsa2048.pem foo futility sign --type rwsig --prikey foo.vbprik2 --pubkey foo.vbpubk2 ec.bin Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/305394 Reviewed-by: Randall Spangler <rspangler@chromium.org> (cherry picked from commit 7ed261297f7b730e9f545ba59cbe2ed216850e19) Change-Id: I16b48554f2066a0f5f3846e8c5cc18d8d01c5e97 Reviewed-on: https://chromium-review.googlesource.com/307430 Reviewed-by: Vincent Palatin <vpalatin@chromium.org> Commit-Queue: Vincent Palatin <vpalatin@chromium.org> Tested-by: Vincent Palatin <vpalatin@chromium.org>
* futility: Add show capability for usbpd1 imagesBill Richardson2015-10-206-39/+346
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The firmware for the USB Type-C power adapters uses raw binary blobs for the public keys and signatures instead of readily-identifiable structs. We've been able to sign these firmware images for some time, but verifying the result generally required testing them on hardware. This CL adds some futilty support for recognizing and verifying those images too. It just tries various sig and hash algorithms, until it finds a combination for which the image is self-consistent (where the pubkey blob verifies the signature blob). BUG=none BRANCH=none TEST=make runtests This change also adds additional tests for usbpd1 images. We ensure that we correctly recognize and verify an MP-signed firmware, plus test signing and verifying usbpd1 images using multiple signature and hash algorithms. Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/302415 Reviewed-by: Randall Spangler <rspangler@chromium.org> (cherry picked from commit 82db93d5fc924860e4f1fb4cf24f29b5b335a480) Change-Id: I1f77c9c8cae632a90db96dd37a005973a773c8ee Reviewed-on: https://chromium-review.googlesource.com/306799 Reviewed-by: Vincent Palatin <vpalatin@chromium.org> Commit-Queue: Vincent Palatin <vpalatin@chromium.org> Tested-by: Vincent Palatin <vpalatin@chromium.org>
* screen: Add a new screen for putting reboot to RO warning in firmwareFurquan Shaikh2015-10-141-0/+2
| | | | | | | | | | | | | | BUG=chrome-os-partner:46454 BRANCH=None TEST=Compiles successfully. Change-Id: I03f368d78a5f7a4da3118ebe50c420a81f48f71a Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/305249 Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org>
* vboot2: Fix issues with check_dev_switchFurquan Shaikh2015-09-212-12/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | check_dev_switch decides whether dev-mode is enabled based on GBB flags in case of TPM errors. However, the check for recovery is done after check_dev_switch is called. This leads to recovery mode equating to false always in check_dev_switch. Instead move the call to check_for_recovery before check_dev_switch. Update the unit tests accordingly. [Reference: Based on patchset # 2 : https://chromium-review.googlesource.com/#/c/300621/1..2] BUG=chrome-os-partner:45511 BRANCH=ryu TEST=make runtests Change-Id: Idd87f389e94f66a0d617c13386386061f86e45aa Signed-off-by: Randall Spangler <rspangler@chromium.org> Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/301442 Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Furquan Shaikh <furquan@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org>
* vboot2: tpm error doesn't block gbb dev flagRandall Spangler2015-09-182-51/+123
| | | | | | | | | | | | | | | | | | | | In recovery mode, the TPM may be bad / corrupt. This prevents access to the soft developer switch stored in secdata. But it should not prevent setting dev mode via GBB or context flags. Those flags may be set during manufacturing or testing, and override the contents of secdata anyway. BUG=chrome-os-partner:45511 BRANCH=ryu TEST=make runtests Change-Id: I242714528203cc7cf78a714c660b7f8bbd0e04d0 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/300731 Reviewed-by: Furquan Shaikh <furquan@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org>
* vboot2: Support reboot requested by secdataRandall Spangler2015-09-1813-4/+148
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a TPM goes from the disabled state to the enabled state, it must reboot after being enabled, before it can be initialized. In vboot1, TLCL was part of vboot and this was handled internally. In vboot2, the caller must set a context flag, so that vboot can decide whether to allow the reboot, or whether to go directly to recovery mode. This check is necessary to handle the following cases: 1) The device is booting normally, but the TPM needs a reboot. This should simply reboot, without going to recovery mode. 2) The device is booting in recovery mode, but the TPM needs a reboot. If this is the first time it asked us, allow the reboot. 3) The TPM asked for a reboot last time, so we did. And it's still asking. Don't reboot, because that runs the risk that whatever is wrong won't be fixed next boot either, and we'll get stuck in a reboot loop that will prevent recovery. Boot into recovery mode. Add a new NvStorage bit to track whether the TPM requested a reboot on the previous boot. That's better than what we did in vboot1, where we used a special recovery request. Vboot1 couldn't track getting stuck in a reboot loop in normal mode, only in recovery mode. The new code can catch both. BUG=chrome-os-partner:45462 BRANCH=ryu TEST=make runtests Change-Id: I2ee54af107275ccf64a6cb41132b7a0fc02bb983 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/300607 Reviewed-by: Furquan Shaikh <furquan@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org>
* tests: Fix tests for nvstorageFurquan Shaikh2015-09-092-8/+0
| | | | | | | | | | | | | | | | | With CL:293950 , fastboot_unlock_in_fw is not cleared when switching to normal-mode. Update the tests accordingly. BUG=None BRANCH=None TEST=make -j runtests successful. Change-Id: Ic8d5ec9d0283ed507b16479bb980385d4d844ebb Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/298173 Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org>
* tests: Update the tests for VbVerifyMemoryBootImageFurquan Shaikh2015-09-091-12/+35
| | | | | | | | | | | | | | | | | With CL:298090, signature for VbVerifyMemoryBootImage change. Fix the tests to reflect this. Add tests for integrity_check only set to 1. BUG=chrome-os-partner:44929 BRANCH=None TEST=make -j runtests successful. Change-Id: I096316c963eda2347593584cc1b435482e0e2e5c Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/298172 Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org>
* VerifyMemoryBootImage: Allow caller to request integrity_only checkFurquan Shaikh2015-09-082-9/+17
| | | | | | | | | | | | | | | | | | | | Currently, VerifyMemoryBootImage performs integrity-only check only if GBB flag is set to FULL_FASTBOOT_CAP. Allow caller to request an integrity-only check. This can be used by fastboot boot to request integrity-only check for images in unlocked mode. BUG=chrome-os-partner:44929 BRANCH=None TEST=Compiles successully and "fastboot boot" works in unlocked mode even for images with flag mismatch. Change-Id: Ib6e55c5c50eecdbea99f7cf67dc61711761c9ebb Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/298090 Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org>
* pkc_signing: Update key format and pkc signing scriptFurquan Shaikh2015-08-243-23/+33
| | | | | | | | | | | | | | | | CQ-DEPEND=CL:*227791 BUG=chrome-os-partner:43018 BRANCH=None TEST=Compiles successfully and signed image boots fine on fused and unfused devices. Change-Id: I06c6ce7d01b6710ae9ec32fc0e8e77630af50882 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/295250 Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Trybot-Ready: Furquan Shaikh <furquan@chromium.org>
* fastboot: add screen IDs for oem lock/unlockDaisuke Nojiri2015-08-191-0/+4
| | | | | | | | | | | BUG=chrome-os-partner:44256 BRANCH=smaug TEST=ran fastboot oem lock/unlock against smaug Change-Id: I8ae3a35c9ef70587388a3a4057c6ecf2511680cc Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/294178 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* recovery: Add recovery reason for fastboot mode requested inFurquan Shaikh2015-08-193-0/+7
| | | | | | | | | | | | | | | | user-mode. BUG=chrome-os-partner:42674 BRANCH=None TEST=Compiles successfully and behavior verified. Change-Id: I67ec056f28596dd0c0005a54e454abe1b4104cfb Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/294276 Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org>
* add screen ID for splash screenDaisuke Nojiri2015-08-181-0/+2
| | | | | | | | | | | BUG=b:22790856 BRANCH=smaug TEST=booted smaug in normal and developer mode Change-Id: I04a11873fd8cd9e75cb408094f45a6b69cbdef3e Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/294103 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* vbnv: Do not clear fastboot_unlock if dev-mode is not activeFurquan Shaikh2015-08-162-2/+0
| | | | | | | | | | | | | | | | | | | | The flag "fastboot_unlock_in_fw" decides whether device unlock is allowed in firmware. This flag is not related to dev_boot_* flags. If this flag is cleared every time dev mode is not active, then it will not be possible to unlock the device in firmware at all. BUG=None BRANCH=None TEST=Compiles successfully and "fastboot oem unlock" works in firmware with fastboot_unlock_in_fw flag set in VbNvStorage. Change-Id: I57ca21f335f9e6ead7997f2b13504402827aba08 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/293950 Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org>
* fastboot: add screen IDs for fastbootDaisuke Nojiri2015-08-141-0/+4
| | | | | | | | | | | | | This adds a screen id for fastboot menu and fastboot mode. BUG=chrome-os-partner:43444 BRANCH=smaug TEST=Booted to fastboot menu on Smaug Change-Id: If6d8a98f9066a7c1f2202379b1569c493006b9ee Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/293594 Reviewed-by: Furquan Shaikh <furquan@chromium.org>
* crossystem: Allow fastboot_unlock_in_fwFurquan Shaikh2015-08-111-0/+1
| | | | | | | | | | | | | | BUG=None BRANCH=None TEST=Compiles successfully Change-Id: Ic5cfd477272a2f8badfacafddbab6dbd0f399ae1 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/292504 Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org>
* image_signing: Add tool for pkc_signing required on smaugFurquan Shaikh2015-08-052-1/+39
| | | | | | | | | | | | | | | CQ-DEPEND=CL:*225267 BUG=chrome-os-partner:43572 BRANCH=None TEST=sudo emerge vboot_reference installs nv_pkc_signing.sh in /usr/bin Change-Id: I2b3803197c13f62ffe4e1d85de1c1ad5a72ef955 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/290473 Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Stefan Reinauer <reinauer@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org>
* devkeys: Add nv_pkc private key required by nv_tegrasignFurquan Shaikh2015-08-051-0/+2
| | | | | | | | | | | | | | BUG=chrome-os-partner:43572 BRANCH=None TEST=emerge-smaug vboot_reference installs nv_pkc.privk Change-Id: I367c0daf85a2a0870f624ab8bf26dbdce4cdab1d Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/290472 Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Stefan Reinauer <reinauer@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org>
* VbNvStorage: Add flags for misc settingsFurquan Shaikh2015-08-018-15/+42
| | | | | | | | | | | | | | | | | | | | | | 1. Change offset 8 to hold all misc settings (fastboot, boot_on_ac detect) instead of only fastboot settings. 2. Add flag to hold state of boot_on_ac_detect (If set to 1, AP should start booting as soon as AC is connected in off-state). BUG=chrome-os-partner:41680 BRANCH=None TEST=Compiles successfully. make runtests successful. Change-Id: I64b3fc69bd52cbcaf5899c953ccafa2e81b5b8a5 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/289900 Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Vincent Palatin <vpalatin@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/290094 Reviewed-by: Furquan Shaikh <furquan@chromium.org>
* futility: Compute / verify root key hashRandall Spangler2015-07-235-2/+226
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ryu will store a hash of the GBB root key in a struct inside its boot block. Add a vb2_ryu_root_key_hash struct for that. If 'futility gbb_utility' is used to set the root key, also look for a root key hash struct and fill it in. No error if not found, because this needs to work on other platforms where the struct is not present. This way, we don't need to change the signing scripts. Added a --roothash option which can be used to check if the root key hash is found, and if so, whether it's empty, valid, or invalid. BUG=chromium:511405 BRANCH=ryu TEST=manual Take any existing image.bin. cp image.bin image.orig gbb_utility --roothash image.bin - ryu root hash not found Extract the root key gbb_utility -k rootkey.bin image.bin - exported root_key to file: rootkey.bin Now, append a blank ryu root hash struct to it echo '0000000: 5274 4b79 4861 7368 0100 0000 3000 0000' | xxd -r >> image.bin echo '0000000: 0000 0000 0000 0000 0000 0000 0000 0000' | xxd -r >> image.bin echo '0000000: 0000 0000 0000 0000 0000 0000 0000 0000' | xxd -r >> image.bin Nothing is set yet gbb_utility --roothash image.bin - ryu root hash is unset Setting the root key also sets the root hash gbb_utility -s -k rootkey.bin image.bin - import root_key from rootkey.bin: success - calculate ryu root hash: success successfully saved new image to: image.bin See, it verifies gbb_utility --roothash image.bin - ryu root hash verified Now, append a bad ryu root hash struct to it cp image.orig image.bin echo '0000000: 5274 4b79 4861 7368 0100 0000 3000 0000' | xxd -r >> image.bin echo '0000000: 0001 0000 0000 0000 0000 0000 0000 0000' | xxd -r >> image.bin echo '0000000: 0000 0000 0000 0000 0000 0000 0000 0000' | xxd -r >> image.bin See, it fails gbb_utility --roothash image.bin - ryu root hash does not verify Make sure the library doesn't contain the magic string strings `which futility` | grep RtKyHash (should be no output) Change-Id: Ib46f93cac0f2b532bada4b187ae48efcf4926702 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/286237 Reviewed-by: Furquan Shaikh <furquan@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/287619 Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org>
* crossystem: Add Skylake PCH GPIO controller IDDuncan Laurie2015-07-231-0/+1
| | | | | | | | | | | | | | | | | | | | Add the GPIO controller ID that is used in the Skylake PCH so it can properly export and use GPIOs that are exported in VBNV for write protect. BUG=chrome-os-partner:42560 BRANCH=none TEST=verify crossystem output with and without WP enabled Change-Id: Ic85c202bd0ca15c154c10481926ef18bafe3fac5 Signed-off-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/286827 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/287618 Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Furquan Shaikh <furquan@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org>
* image_signing: Add more description to set_gbb_flags.Hung-Te Lin2015-07-231-12/+15
| | | | | | | | | | | | | | | | | | | There are two new GBB flags added (lid/fastboot) and we should update the description in set_gbb_flags. BRANCH=none BUG=none TEST=emerge-link vboot_reference Change-Id: I0d16df03e9427ec1c8780fbb6be10c31eed9bf9e Signed-off-by: Hung-Te Lin <hungte@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/286052 Reviewed-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/287617 Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Furquan Shaikh <furquan@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org>
* crossystem: Add skylake platform IDsDuncan Laurie2015-07-231-0/+2
| | | | | | | | | | | | | | | | | | | Add the skylake-u and skylake-y vendor/device IDs so it can be reported by crossystem. BUG=chrome-os-partner:42560 BRANCH=none TEST=run "crossystem platform_family" on glados Change-Id: I5f9b92d404166e56d77cf8b0cd627a3a0b63bedf Signed-off-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/286921 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/287616 Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Furquan Shaikh <furquan@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org>
* crossytem:Fix the write protect line gpio valueJohn Zhao2015-07-141-24/+72
| | | | | | | | | | | | | | | | | | | | | | | | | For crossystem to work correctly on Strago/Cyan, add Braswell string and correct GPIO offset calculations. In Braswell, write protect line is MF_ISH_GPIO_4 as encoded as 0x10016 where the GPEAST offset (COMMUNITY_OFFSET_GPEAT) is 0x10000 BUG=chrome-os-partner:40835 BRANCH=None TEST=test_that -b <strago/cyan> <IP> platform_Crossystem Change-Id: I365f3d6ca9f3ac7ef50abb9b2ba13f184d39c100 Signed-off-by: John Zhao <john.zhao@intel.com> Signed-off-by: Arindam Roy <arindam.roy@intel.com> Reviewed-on: https://chromium-review.googlesource.com/274841 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Commit-Queue: Bernie Thompson <bhthompson@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/285256 Reviewed-by: Furquan Shaikh <furquan@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org>
* crossystem: Revise description of sw_wpsw_boot.Hung-Te Lin2015-07-141-1/+1
| | | | | | | | | | | | | | | | | | | | | The sw_wpsw_boot was made for some feature that was almost never completed, and only makes sense on Baytrail platforms. To prevent confusion we should address that in the crossystem description. BRANCH=none BUG=chromium:508269 TEST=make test Change-Id: I1fbc7a0e9e8c1f8503ae8ae9dfb6e80c8da892e3 Reviewed-on: https://chromium-review.googlesource.com/284425 Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org> Commit-Queue: Hung-Te Lin <hungte@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/285255 Reviewed-by: Furquan Shaikh <furquan@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org>
* crossystem: Add check for "mkbp" backDavid Hendricks2015-07-071-2/+4
| | | | | | | | | | | | | | | | | | | | | | | We may have been over-zealous earlier when trying to eliminate references to mkbp. Since crossystem runs on all ChromeOS devices, this re-adds "mkbp" back to mitigate the risk of encountering problems on systems running newer versions of ChromeOS but with older firmware. BUG=chrome-os-partner:21097 BRANCH=none TEST=Compiled for veyron_brain Change-Id: Ia0086687fbc3a1195b062367ccb6ee5c41acd026 Signed-off-by: David Hendricks <dhendrix@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/282602 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/283568 Reviewed-by: Furquan Shaikh <furquan@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org>
* crossystem: Check for "cros-ec" instead of "mkbp" for *NvStorageDavid Hendricks2015-06-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | This changes the string we look for in the devicetree on ARM platforms to look for "cros-ec" (DT uses dashes instead of underscores) instead of "mkbp". BUG=chrome-os-partner:21097 CQ-DEPEND=CL:273347 BRANCH=none TEST=with depthcharge patch applied, ran crossystem on newly booted system and saw VBNV-related variables turn out the same. Signed-off-by: David Hendricks <dhendrix@chromium.org> Change-Id: Iac43f5381327eb878a8d0db606b78bb7bdce816f Reviewed-on: https://chromium-review.googlesource.com/273391 Commit-Queue: Stefan Reinauer <reinauer@chromium.org> Tested-by: Stefan Reinauer <reinauer@chromium.org> Reviewed-by: Stefan Reinauer <reinauer@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/282140 Reviewed-by: Furquan Shaikh <furquan@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org>
* recovery: Add recovery reason for fastboot mode requested in fwFurquan Shaikh2015-06-243-0/+7
| | | | | | | | | | | | | | | | | BUG=chrome-os-partner:40196 BRANCH=None TEST=Compiles successfully Change-Id: Ic69834f2e23926e618349b5a56db549a290cd0c2 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/280922 Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> (cherry picked from commit f843871cd5cc071ce1f6c15e8f1fd8036edc423b) Reviewed-on: https://chromium-review.googlesource.com/281385 Reviewed-by: Furquan Shaikh <furquan@chromium.org>
* cgpt repair: fix segfault which occurs when one of the headers is badAndrey Ulanov2015-06-224-2/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When one of GPT headers is invalid the corresponding partition table is not loaded and corresponding pointers in GptData are NULL. GptRepair will try to memcpy one entries table to another which results in SIGSEGV. This change fixes it by freeing and then reallocating bad copy of partition table. This potentially fixes problems which would occur if two tables have different size. Change that initially introduced this problem by not always allocating secondary_entries: https://chromium-review.googlesource.com/223800 TEST="cgpt repair" works where it previously didn't TEST=make runtests BUG=brillo:1203 BRANCH=none Change-Id: Ibb2fcf33faa5ba157b0865d04c90ee3f26eee113 Reviewed-on: https://chromium-review.googlesource.com/276766 Reviewed-by: Randall Spangler <rspangler@chromium.org> Commit-Queue: Andrey Ulanov <andreyu@google.com> Tested-by: Andrey Ulanov <andreyu@google.com> Reviewed-on: https://chromium-review.googlesource.com/280983 Reviewed-by: Furquan Shaikh <furquan@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org>
* vboot_reference: fix unittest when building with clang.Yunlian Jiang2015-06-223-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | When linking vboot_api_kernel4_tests, there are two VbBootNormal() available, the gcc chooses the one in vboot_api_kernel4_tests.c and the test passes, the clang chooses the one in vboot_api_kernel.c and make the unittest fail. This CL makes the one in vboot_api_kernel.c a weak symbol so that clang can choose the one in vboot_api_kernel4_tests.c BUG=chromium:498469 BRANCH=none TEST=CC=x86_64-cros-linux-gnu-clang FEATURES='test' emerge-amd64-generic vboot_reference Change-Id: Ibcb78ee055fc9485dbc2bcc1d1cf98144a1a3b64 Reviewed-on: https://chromium-review.googlesource.com/276504 Reviewed-by: Randall Spangler <rspangler@chromium.org> Commit-Queue: Yunlian Jiang <yunlian@chromium.org> Tested-by: Yunlian Jiang <yunlian@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/280982 Reviewed-by: Furquan Shaikh <furquan@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org>
* vboot2: Add 2.0 api layer to verify kernel partitionRandall Spangler2015-06-227-2/+878
| | | | | | | | | | | | | | | | | | | | | | | | This allows the caller to load the kernel partition and then pass it to vboot for verification, rather than having vboot assume the kernel partitions are all on a block storage device. Next up, APIs for the caller to parse partition information from a GPT (yes, that's cgptlib, but we'll make it more easily callable by depthcharge). BUG=chromium:487699 BRANCH=none TEST=make -j runtests Change-Id: I388085c7023f4c76d416f37df0607019bea844ac Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/275646 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/280981 Reviewed-by: Furquan Shaikh <furquan@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org>
* recovery: Add recovery reasons for BCBFurquan Shaikh2015-06-053-0/+14
| | | | | | | | | | | | | | | | | | | | | BCB is bootloader control block. Add reasons specific to BCB: 1. In case of any error reading/writing BCB (internal FW error) 2. User-mode requested recovery via BCB (user-mode requested) BUG=chrome-os-partner:40960 BRANCH=None TEST=Compiles successfully Change-Id: I0ac362ba7267a08313cb3077be686aa73367e53b Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/275222 Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/275406 Reviewed-by: Furquan Shaikh <furquan@chromium.org>
* vboot2: Add routines to load kernel preambleRandall Spangler2015-06-056-11/+254
| | | | | | | | | | | | | | | | | | | The kernel data itself will be read and verified by a subsequent change. BUG=chromium:487699 BRANCH=none TEST=make -j runtests Change-Id: Ife4f8250493ec6457f91fda57ae8d4d7bf18ec89 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/274038 Reviewed-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/275405 Reviewed-by: Furquan Shaikh <furquan@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org>
* cgpt: Add a callback to allow override of GPT entry priorityFurquan Shaikh2015-06-055-0/+105
| | | | | | | | | | | | | | | | | | | | | | | | This can be used by implementations that want to request vboot to favor a particular kernel entry for booting without affecting the checks for rollback protection and image verification. CQ-DEPEND=CL:274716, CL:274932, CL:275171 BUG=None BRANCH=None TEST=Compiles successfully. make -j runtests successful. Change-Id: I6a4600020354f5d4118c17f083c353c2585c4181 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/274558 Reviewed-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Stefan Reinauer <reinauer@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Commit-Queue: Nicolas Boichat <drinkcat@chromium.org> Trybot-Ready: Nicolas Boichat <drinkcat@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/275404 Commit-Queue: Furquan Shaikh <furquan@chromium.org> Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org>
* vboot_api_kernel: Do not pre-populate variables inFurquan Shaikh2015-06-041-4/+3
| | | | | | | | | | | | | | | | | | | | | | VbVerifyMemoryBootImage Do not use values from the header or preamble until it is known to be good. BUG=None BRANCH=None TEST=Compiles successfully and VbVerifyMemoryBootImage returns early for images with bad values in header. Change-Id: Ic026f49292a139e0a04c2556ca9fa62ff277b18f Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/274141 Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/275207 Reviewed-by: Furquan Shaikh <furquan@chromium.org>
* vboot2: secdata: Check struct_version on initializationJulius Werner2015-06-043-2/+10
| | | | | | | | | | | | | | | | | | | | | | | This patch reintroduces a vb2_secdata->struct_version check similar to the one that was removed in CL:244846. The CRC is not a reliable way to detect zeroed buffers, so this check helps vboot fail earlier and more clearly in certain situations. BRANCH=kitty,smaug,storm,veyron BUG=chrome-os-partner:40778 TEST=make runtests. Rebooted Jerry with 'mem w 0xff7601b0 0xfdb9', saw that recovery reason was now 0x2b (VBNV_RECOVERY_VB2_SECDATA_INIT). Change-Id: Ic4376d127e6d14d4ef9c2f53c83090040ca4cb68 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/274138 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/275206 Reviewed-by: Furquan Shaikh <furquan@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org>
* fastboot: Add routines for unlock and lock devicestabilize-7131.BFurquan Shaikh2015-05-294-0/+124
| | | | | | | | | | | | | | | | | | | | | | | Add support for functions to request unlock and lock of devices in response to fastboot oem unlock/lock commands. Unlock operation is equivalent to enabling dev mode and lock operation is equivalent to leaving dev mode. It is the responsibility of the caller to ensure that user confirmation is obtained before unlock/lock operations. BUG=chrome-os-partner:40196 BRANCH=None TEST=Compiles successfully and fastboot lock/unlock operations work as expected on smaug. Added tests to ensure lock/unlock operations are covered. Verified using make -j runtests. Change-Id: Ibafe75abdd1202473009208a414f3996d537db4f Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/273182 Reviewed-by: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Trybot-Ready: Furquan Shaikh <furquan@chromium.org>
* fastboot: Add fastboot related flags to vb2Furquan Shaikh2015-05-296-2/+42
| | | | | | | | | | | | | | BUG=chrome-os-partner:40196 BRANCH=None TEST=Compiles successfully. Change-Id: I4305436b2ae46254e4e8b12039ffed95634d62c2 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/273181 Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Trybot-Ready: Furquan Shaikh <furquan@chromium.org>
* fastboot: Add fastboot related flags to nvstorageFurquan Shaikh2015-05-297-0/+38
| | | | | | | | | | | | | | | | Use unused offset 8 for fastboot related flags. BUG=chrome-os-partner:40196 BRANCH=None TEST=Compiles successfully. Change-Id: I6df0985924ba80cdcb68bb6b7658bf962f01287f Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/273180 Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Trybot-Ready: Furquan Shaikh <furquan@chromium.org>
* Provide a way to disable counting failed bootsPatrick Georgi2015-05-289-6/+79
| | | | | | | | | | | | | | | | | | | | | | | When the lid is closed and external power is applied the system may boot and shut down faster than required for the OS to determine that things were alright. In timed charging setups this led to systems ending up to consider the current version broken because it "failed" repeatedly. Remain generic about the reason for not counting boots since there may be more situations in which we want to handle the situation optimistically. BRANCH=none BUG=chromium:446945 TEST=none Change-Id: Iea350e3c98d5c00156da682e52c90a882ba017c0 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/249150 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* fastboot: Add routine for verifying kernel image loaded in memoryFurquan Shaikh2015-05-274-0/+440
| | | | | | | | | | | | | | | | | | | | | | | | | | This API allows fastboot boot from memory command to verify that the image loaded in memory is signed properly using recovery keys. Thus, only officially signed recovery images can be booted using fastboot boot command in recovery mode. However, if GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP is set, then this routine will not perform any check and return okay for any image sent by fastboot boot. BUG=chrome-os-partner:40196 BRANCH=None TEST=Compiles successfully. With GBB override for FASTBOOT_FULL_CAP set any signed image is allowed to boot. With FASTBOOT_FULL_CAP not set, then only officially signed image is allowed to boot. (make -j runtests successful) Change-Id: I78028853bd1ad09d3c610a687f327560557d5681 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/272696 Reviewed-by: Randall Spangler <rspangler@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org>
* sign_official_build: preserve /boot for legacy BIOSAmey Deshpande2015-05-221-1/+7
| | | | | | | | | | | | | | | | | | | | | This patch checks for 'cros_legacy' in the kernel config, and skips running strip_boot_from_image.sh if present. This is because 'cros_installer postinst' on legacy BIOS relies on presence of /boot in rootfs. BRANCH=signer BUG=b:20947354 TEST=Ran the script with devkeys, and checked presence of /boot in the signed .bin file by mounting locally $ ./sign_official_build.sh ssd chromiumos_image.bin ../../tests/devkeys \ chromiumos_image_signed.bin ../../tests/devkeys/key.versions Change-Id: Ieb919067b353839019bc1c561d7bb66bebac1040 Reviewed-on: https://chromium-review.googlesource.com/272742 Tested-by: Amey Deshpande <ameyd@google.com> Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Amey Deshpande <ameyd@google.com>
* vboot2: Add routines to load and verify kernel keyblockRandall Spangler2015-05-228-3/+717
| | | | | | | | | | | | | | These are slightly more complex than the firmware versions, because they need to deal with developer-signed keyblocks and keyblock flags. BUG=chromium:487699 BRANCH=none TEST=make -j runtests Change-Id: I682c14ddfe729984f2629dfbe66750e5cd5ab75e Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/272541 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
* vboot2: Split keyblock checking and signature validationRandall Spangler2015-05-227-71/+176
| | | | | | | | | | | | | | | | | | | | | This is necessary for the next change, which adds keyblock hash checking. Also clean up some other assorted comments, and move the diagnostic check of root key to see if it's the checked-in one earlier in firmware preamble validation so it's closer to where the root key is loaded. No functional or higher-level API changes; just shuffling around code under the covers. BUG=chromium:487699 BRANCH=none TEST=make -j runtests Change-Id: Ibc3960a4d882dc2ad8684e235db4b9d066eac080 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/272223 Reviewed-by: Bill Richardson <wfrichar@chromium.org>
* vboot2: Add routine to verify kernel preambleRandall Spangler2015-05-216-3/+402
| | | | | | | | | | | | | | | | | This also checks that the bootloader and vmlinuz headers, if present, are within the signed part of the kernel blob; the vboot1 routines didn't do that. That wasn't harmful at firmware boot time because the vboot1 routines would only load as much data as was signed, but in vboot2 loading the kernel data is the responsibility of the caller so we need to check. BUG=chromium:487699 BRANCH=none TEST=make -j runtests Change-Id: I73eb4831e5d3d7a642b6cb85cb55857d87fcc0af Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/270797
* GBB: Add missing flag LID_SHUTDOWN to vb2_gbb_flag structurestabilize-7077.134.Bstabilize-7077.123.Bstabilize-7077.122.Bstabilize-7077.111.Brelease-R44-7077.Bfactory-test-7077.114.Bfactory-arkham-7077.113.BFurquan Shaikh2015-05-161-0/+3
| | | | | | | | | | | | | | BUG=None BRANCH=None TEST=Compiles successfully Change-Id: I80a501efc3940ca5657dc143c0ab3c6b020dc1e0 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/271620 Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org>
View Lorry Controller Status