| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes cgpt aware of a special "IGNOREME" GPT header signature
string that may appear in either the primary or the secondary GPT and
cause cgpt (and other cgptlib clients) to completely ignore that GPT. It
will continue to function correctly for all other purposes (using the
data from the non-ignored GPT), but never write any data back to the
ignored GPT.
BRANCH=None
BUG=chrome-os-partner:52595
TEST=unit tests
Change-Id: I7e53542385ae9d8d24dc25b75e91f4ff4917f66f
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/340072
Reviewed-by: Nam Nguyen <namnguyen@google.com>
(cherry picked from commit 39910d062dffcd16683e0626dac1e7064991c7e5)
jwerner: Adapted to minor differences in gpt_misc.c
Reviewed-on: https://chromium-review.googlesource.com/340785
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The point of having two GPTs is to always have a known good one if one
of them gets corrupted. One of the most obvious ways that could happen
is if the write stopped half-way through (e.g. due to a crash or random
power loss).
Unfortunately, the way we currently save modified GPTs can leave both
copies invalid if we stop writing at just the wrong time. Since a GPT
header contains a checksum over the GPT entries, we need to write both
the header and entries for one GPT (and make sure they're synced to
disk) before we start writing the other.
BRANCH=None
BUG=chrome-os-partner:52595
TEST=None
Change-Id: I2d4b56bcfba9a94395af5896f274ebade9e39081
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/340071
Reviewed-by: Nam Nguyen <namnguyen@google.com>
(cherry picked from commit 5de0000ece70bf419130db9bdbaf444ffc98bf30)
Reviewed-on: https://chromium-review.googlesource.com/340784
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will allow the definition of CUSTOM_MUSIC from
the individual board ebuilds.
TEST=Define use flag and extra functions on a board, enjoy the custom tunes
BUG=chrome-os-partner:48657
BRANCH=master
Change-Id: I974f9cc51f9b25fb3dff063926e6ea01cf1e031b
Signed-off-by: Alexandru M Stan <amstan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/323833
Commit-Ready: Alexandru Stan <amstan@chromium.org>
Tested-by: Alexandru Stan <amstan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/321385
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rialto will soon need a longer dev mode delay, this variable would prevent it.
BUG=chrome-os-partner:48657
TEST=See follow up CLs
BRANCH=master
Change-Id: Ie5ada9c5441b5b042bd0801d66559ab715fbbf47
Signed-off-by: Alexandru M Stan <amstan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/323832
Commit-Ready: Alexandru Stan <amstan@chromium.org>
Tested-by: Alexandru Stan <amstan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/321384
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some Chrome OS devices do not allow to login even in developer mode,
as they do not have display/keyboard and sshd is not part of the
Chrome OS image. Even enabling developer mode on those devices is very
involved (requires taking the device apart and is guaranteed to take
long time).
We still want to allow the end user to control those devices in dev
mode. The solution is enabling the ability to boot from the USB stick
when the device transitions from normal to developer mode.
A simple way to do it is to set the NVRAM flag, which allows USB boot.
The flag is set on normal=>dev transition only, and only on those
devices where it is configured (as discovered by invoking
VbExGetSwitches with the appropriate parameters).
BRANCH=storm
BUG=chrome-os-partner:38303
TEST=tested with the corresponding depthcharge patches
Change-Id: I5fa58963256598cde3b534f5250101fba6042f8c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/264187
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/304118
Reviewed-by: Alexandru Stan <amstan@chromium.org>
Commit-Queue: David Hendricks <dhendrix@chromium.org>
Tested-by: David Hendricks <dhendrix@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch reintroduces a vb2_secdata->struct_version check similar to
the one that was removed in CL:244846. The CRC is not a reliable way to
detect zeroed buffers, so this check helps vboot fail earlier and more
clearly in certain situations.
BRANCH=kitty,smaug,storm,veyron
BUG=chrome-os-partner:40778
TEST=make runtests. Rebooted Jerry with 'mem w 0xff7601b0 0xfdb9', saw
that recovery reason was now 0x2b (VBNV_RECOVERY_VB2_SECDATA_INIT).
Change-Id: Ic4376d127e6d14d4ef9c2f53c83090040ca4cb68
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/274138
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit 7e21698e42dba31cc3e3c6b58a31bd050d3698ac)
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/274547
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vboot1 kept track of an internal "LoadFirmware() check" value for both
firmware slots and encoded the value for the slot that managed to go
further in the verification flow into a special range of recovery
reasons. vboot2 instead uses the generic "invalid RW" reason for all
firmware verification failures and communicates further information
through the subcode.
While the subcode may be good enough for developers, it's difficult to
communicate failure reasons to "normal" users (like non-firmware
developers) on the TAB screen. Currently we just display a couple of
numbers that people won't know how to interpret and "RW firmware failed
signature check" for any verification error (including rollback, which
might be the most commonly encountered in practice).
Since our recovery reason space is big enough (and we don't reuse old
numbers anyway), we might as well reuse the more precise numbers (and
strings) from vboot1 to communicate the failure reason, even if we don't
implement its "which slot came further" algorithm. This patch translates
the most common/useful VBSD_LF_CHECK numbers into plain VB2_RECOVERY
reasons and uses them where appropriate.
CQ-DEPEND=CL:248400
BRANCH=veyron
BUG=None
TEST=make runtests VBOOT2=1
test_that my_jerry firmware_CorruptBothFwSigAB
firmware_CorruptBothFwBodyAB firmware_RollbackFirmware
(Confirmed that matched recovery reasons are the more precise ones in
the 0x10-0x1F range.)
Change-Id: I51ecf1b820d1faa40405cb84377380d6f3f6ca1d
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/248392
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
(cherry picked from commit 187f069f8999d879193d380f374a890c114ad98d)
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/248991
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vboot2 added a few new recovery reasons (and abolished many old ones).
In the current vboot2/vboot1 hybrid architecture used on Veyron, the
vboot1 kernel verification part controls the status display when
pressing the TAB key, which may try to show recovery reasons set by the
vboot2 firmware verification part. These currently result in the not
very helpful "We have no idea what this means", so lets hack a few more
strings into vboot1 which will be otherwise harmless. Also add the
recovery_subcode field to the display, which is used much more
extensively by vboot2 and often very useful in firguring out what really
went wrong.
BRANCH=veyron
BUG=None
TEST=Manually set a few recovery reasons and subcodes through crossystem
and made sure they get displayed correctly on my Jerry.
Change-Id: I3f3e6c6ae6e7981337841c0c5e3cd767628472c3
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/248391
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit dc8ec103c0d0d2a4e930153a4b19c43b51d74b5d)
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/248990
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a check to vboot2 secdata accessor functions that
returns an error if vb2_secdata_init() has not yet been called or
failed for some reason. This avoids a problem where vboot may
misinterpret random garbage (e.g. from transient read failures) as
valid secdata in recovery mode and write it back to the TPM (bricking
the device in a way that requires manual repair).
Also removes VB2_ERROR_SECDATA_VERSION check. This check was not
terribly useful since there should be no way a vboot2 device could ever
have secdata version 1 (and if it did, it should still fail CRC checks).
This error can trigger for cases when secdata contains random garbage
(e.g. all zeroes) and prevent the much more appropriate
VB2_ERROR_SECDATA_CRC error from even being checked for, which just
creates confusion and makes it harder to determine the real problem.
BRANCH=veyron
BUG=chrome-os-partner:34871
TEST=Emulated TPM read errors by just manually memset()ing secdata to 0
in coreboot, verified that vboot does not write back to the TPM and the
device will start working fine again once the disruption is removed.
Change-Id: I76bcbdbcd8106a0d34717cc91a8f2d7cda303c3f
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/244846
(cherry picked from commit b550fb180487f161b3f704056f6e05a9cce9d308)
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/247143
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patchs adds a new vb2_shared_data field to store the current
rollback prevention version number stored in secdata (TPM). This
information needs to be retrieved from there by coreboot (current
hack) or vboot2 kernel verification (bright shiny future) so it can be
passed along to the operating system and user space.
BRANCH=veyron
BUG=chrome-os-partner:35941
TEST=make runtests. Booted Jerry in recovery mode (with corresponding
coreboot patch), ensured that crossystem tpm_fwver still shows the
correct value.
Change-Id: I2a0c3e51b158a35ac129d2abce19b40c6c6381a6
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/244601
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 21aedee1ceab57dcbe8506d10a132dffd3a1917b)
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/245531
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this api allows firmware to get the digest indicating boot mode status.
BUG=chromium:451609
TEST=VBOOT2=1 make run2tests
BRANCH=tot
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: Idca7bc5f6aed947689ad7cf219805aad35047c7e
Reviewed-on: https://chromium-review.googlesource.com/244542
(cherry picked from commit 62d482ecddf5735076a085859cf40fcfa24671ee)
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/245530
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch extends the vboot2 API by three callback functions that the
platform firmware may implement to offer hardware crypto engine support.
For now we only support this for hash algorithms, and we will only allow
it for firmware body hashes (not the keyblock or preamble which are too
small to matter execution-time-wise anyway). The API is similar to the
vb2api_*_hash() functions used to start body hashing in the first place,
but we still take this round trip through vboot to allow it to do
key/signature management and retain full control of the verification
process. We also add a new preamble flag to explicitly disable this
feature, so that we can later return to a solely software-based
verification path through a firmware update in case a hardware crypto
engine turns out to be insecure.
CQ-DEPEND=CL:242138
BRANCH=None
BUG=chrome-os-partner:32987
TEST='make runtests VBOOT2=1'. Manually booted on Pinky with and without
HW crypto support and with the preamble flag set to confirm expected
behavior. lib21/ parts untested except for compiling and new unit tests.
Change-Id: I17c7d02f392089875a5942a5aafcf6a657354863
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/236453
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/242124
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Handle GBB_FLAG_DISABLE_LID_SHUTDOWN to disable lid-triggered system
shutdown.
BUG=chromium:434462
BRANCH=Auron
TEST=Manual on Auron, with corresponding depthcharge change. Set GBB
flag 0x1000 and disable powerd launch on boot. Close lid and issue
'reboot' command over ssh. Verify system reboots successfully into OS.
Change-Id: Id2731508296a5ba9229f969f8224565d64f3d4a3
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/234995
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 5d652cdffa70dc772e80548a760e1f0d67de273f)
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/237029
Reviewed-by: David Hendricks <dhendrix@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As pointed out by Daniel in CL:234996, the half_size_sectors should have
been checked in both places.
This CL reworks that part of the code to read easier.
BUG=none
BRANCH=none
TEST=unittest
Change-Id: I8faea3b094c375e4fd1a604a8fe759af88943fdf
Reviewed-on: https://chromium-review.googlesource.com/235792
Reviewed-by: Daniel Ehrenberg <dehrenberg@chromium.org>
Tested-by: Nam Nguyen <namnguyen@chromium.org>
Commit-Queue: Nam Nguyen <namnguyen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch reinstates the external GPT support which was previously
committed and reverted. Improvements since last time include:
- Cleaned-up internal interface based on code review
- Function correctly on legacy bootloaders (e.g., depthcharge before
NAND-related patches are added)
- Better comments
- Treat new field values = 0 -> not use new feature
- Tests are added to ensure external GPT flag is passed down properly
The original commit had change-id
I5a77e417aea8ee9442d18c200d1b073aa5375ecf
Its commit message is reproduced below, and then an additional test.
----
To support an external GPT, disks have two new attributes:
- A binary flag indicating whether the GPT is in the same address
space as the payloads or a separate one.
- The number of sectors of the streaming portion of storage, as
opposed to the portion containing the GPT.
These have been added elsewhere to GptData (in cgptlib) and BlockDev
(in depthcharge). This patch adds the plumbing between those, including
in the DiskInfo interface between the firmware and vboot.
BUG=chromium:425677
BRANCH=none
TEST=Interactively wrote the GPT with cgpt and observed the following
boot with depthcharge to read the GPT from SPI and then read from
the proper locations in NAND flash.
TEST=make runalltests passes.
TEST=boots from USB with depthcharge from HEAD.
Change-Id: Ia7956517a7b9da0301f01fac5a10204f6d78cf4f
Signed-off-by: Dan Ehrenberg <dehrenberg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/234640
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The standard says that entries table must be at least 16384 bytes. On
some of our devices, the NOR section is only 8 KiB and used to store
both primary and secondary tables. On this device, we can only store 24
entries.
Therefore, this CL adds support for non-standard entry table. It adjusts
the MIN_NUMBER_OF_ENTRIES to 16, and replaces GPT_ENTRIES_SECTORS with
CalculateEntriesSectors.
BUG=chromium:441812
BRANCH=none
TEST=unittest
Change-Id: I6b85b35ce5612c7abb22142f8252bd0d45b676c5
Reviewed-on: https://chromium-review.googlesource.com/234996
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Nam Nguyen <namnguyen@chromium.org>
Tested-by: Nam Nguyen <namnguyen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Over in depthcharge, IsEntryUnused will be useful for presenting the
partition table to the kernel. This patch moves that function to
gpt_misc.[ch] for export to depthcharge.
TEST=Booted a kernel on NAND with all this compiled in
TEST=make runtests passed
BRANCH=none
BUG=none
Signed-off-by: Dan Ehrenberg <dehrenberg@google.com>
Change-Id: I56445d1a420fec4d8385ddffc5469b7d77eab576
Reviewed-on: https://chromium-review.googlesource.com/231455
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Daniel Ehrenberg <dehrenberg@chromium.org>
Tested-by: Daniel Ehrenberg <dehrenberg@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Rename drive_sectors to streaming_drive_sectors, to contrast with
gpt_drive_sectors
- Replace stored_on_device field with flags field for future
extensibility
BUG=chromium:433433
TEST=make runtests
BRANCH=none
Change-Id: I785a3b735b8eb96f647a334659329db3ee43eb80
Signed-off-by: Dan Ehrenberg <dehrenberg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/234283
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The dev_debug_vboot program can sometimes interfere with
automated firmware testing because it takes too long to read the
BIOS flash. Limiting the sections of flash that are read may
help, but in some cases skipping this program entirely may be
better.
This CL does three things:
1. dev_debug_vboot will read only some sections of the BIOS
flash, falling back to reading the whole thing only if it
fails at that.
2. dev_debug_vboot will source /etc/default/vboot_reference if it
exists. Putting DEV_DEBUG_FORCE=1 in that file will prevent
dev_debug_vboot from reading the flash at all unless it's
invoked with --force option.
3. The Makefile will create the /etc/default/vboot_reference file
in the install directory, setting DEV_DEBUG_FORCE to the value
in effect at build time. This will let a future CL change the
default behavior for each target.
BUG=chromium:438854
BRANCH=none
TEST=manual
Built and tested on Samus. /etc/default/vboot_reference was
present, containing "DEV_DEBUG_FORCE=". The dev_debug_vboot
script ran normally.
Manually changing /etc/default/vboot_reference to contain
"DEV_DEBUG_FORCE=1" and rebooting caused dev_debug_vboot to stop
before reading the BIOS flash.
I also manually forced various flashrom invocations to fail to
test each part of the new flow.
Change-Id: Ib319dd16b9026162d01f435f15570ec8ba99c512
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/233228
Reviewed-by: David Hendricks <dhendrix@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that lib20 and lib21 are distinct, they can have overlapping
struct names. This will be cleaner in the long run, since vboot 2.0
(lib20) is just a temporary stepping stone to vboot 2.1 (lib21). It
would be a shame to need to carry around the overhead of that extra
digit forever.
No functional changes, just a lot of renaming.
BUG=chromium:423882
BRANCH=none
TEST=make runtests && VBOOT2=1 make runtests (works with/withoug VBOOT2 flag)
And compile firmware for veyron_pinky
Change-Id: I25f348fd31e32d08ca576836dfdd1278828765a1
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/233183
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is part 4 of a series of changes to rearrange the vboot2 library
so that it's possible to start using the new-style data structs. This
change moves knowledge of the old vboot1 data structs into lib20; 2lib
now contains only code which is common to both vboot2.x libraries
(that is, code which is data structure version agnostic).
No functional changes; just rearranging code and tests.
BUG=chromium:423882
BRANCH=none
TEST=make runtests && VBOOT2=1 make runtests (works with/withoug VBOOT2 flag)
And compile firmware for veyron_pinky
CQ-DEPEND=CL:233051
Change-Id: I8f9e67157575e5be14952ef4809c3dfafd92596d
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/233021
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is what other firmware should include. Other firmware must NOT
attempt to include headers from deeper inside the vboot2
implementation; that will likely break as vboot2 is refactored.
BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests
Change-Id: I63638b03bb108296fa5069e7cc32ee9e25183846
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/233050
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When re-signing a kernel partition and writing the result into a
new file, make sure we only emit the vblock and kernel blob
instead of creating a new file that's the size of the entire
partition.
Also add a test for that.
BUG=chromium:418647
BRANCH=none
TEST=make runtests
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: I2c42aec6816e7e7abbeed360089c9b51fdcfe786
Reviewed-on: https://chromium-review.googlesource.com/233039
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When modifying a kernel partition in-place, make sure we only
sign enough bytes to cover the kernel blob, not the entire
partition.
Also added a test for that case.
BUG=chromium:418647
BRANCH=none
TEST=make runtests
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: Id89ff3845fe5178ee13f431d99868821fcad3248
Reviewed-on: https://chromium-review.googlesource.com/233038
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Also added a test for it.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: I108c75d114400e664f0ad1f29038a94cb1effd54
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/233037
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Code which compiles against fwlib2 no longer knows or cares about the
new data structures. This should shrink fwlib2 a bit. This is part 3
of 4 changes which split vboot 2.0 struct handling (old vboot1
structs) from vboot 2.1 struct handling (new style structs).
No functional changes; just shuffling around code.
BUG=chromium:423882
BRANCH=none
TEST=make runtests && VBOOT2=1 make runtests (works with/withoug VBOOT2 flag)
And compile firmware for veyron_pinky.
Change-Id: Ibccd7d1974e07f38b90c19c924ef3b1ffcb77d62
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/233020
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At one point I thought I'd be able to support both vboot1 and vboot2.1
data structures and dynamically determine which verification path to
run. But space limitations on current platforms (e.g. pinky) mean
that's not feasible. Remove this vestigal support, so that it's
easier to make a clean break to the new data structures on appropriate
platforms.
BUG=chromium:423882
BRANCH=none
TEST=make runtests && VBOOT2=1 make runtests (works with/withoug VBOOT2 flag)
And build firmware for veyron_pinky.
Change-Id: I9887e0c54114c475df81d5a2b701b9b52e95b017
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/232979
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is part 1 of a series of 4 changes which rearrange the vboot2
files and unit tests so that we can more cleanly switch over from
old-style structs to new-style structs.
No functional changes, just shuffling around code.
BUG=chromium:423882
BRANCH=none
TEST=make runtests && VBOOT2=1 make runtests (works with/withoug VBOOT2 flag)
And build firmware for veyron_pinky.
Change-Id: I170d737bf151a6bafe61cde23b3d2f7a3fae43ce
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/232978
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signing is now simple enough (thanks to full utility lib support for
vboot2 data structs) that we don't need the vb2_convert_structs module
anymore. Also, use the utility lib function to create a firmware
preamble, rather than duplicating that code in the fwlib unit tests.
BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests, and build firmware for veyron_pinky
Change-Id: I1db402a08621f79274d2a69095aebc3e84f4328d
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/232755
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most importantly, make a vboot 2.0 utility library, rather than just
tossing all the vboot2 files into the main utility library. This will
allow creation of a vboot 2.1 library with overlapping symbol names.
BUG=chromium:423882
BRANCH=none
TEST=make runtests && VBOOT2=1 make runtests (works with/withoug VBOOT2 flag)
And build firmware for veyron_pinky.
Change-Id: I514bda18cb0fa62bbc507251219b02054c447f3c
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/232753
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is cleaner than malloc() immediately followed by memset().
BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests
Change-Id: Iac32ca54ba18ef6722c6e9c58d521d5337a816b2
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/232770
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
And associated unit tests
BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests
Change-Id: I3bf6ff6c6e32dfd0dd737f9b04ff0546e9e0a463
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/231728
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also add vb2_common_desc() helper function to return the description
for an object starting with a common struct header.
And use the new host lib function to create the keyblock for verifying
the firmware lib.
Add tests for everything new.
BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests
Change-Id: I1fadb3e249e771a692cc69b23620c6ddd46a48ac
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/231721
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes the hacky conversion from old-style packed keys and
signatures, which existed only because at the time we didn't have the
ability in hostlib to create new-format key and signature structs
directly.
BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests
Change-Id: Id7cb3dfce740f2546464a4caae2629af864d7b45
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/231543
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The cros-compiler doesn't support backtrace(3) when linked
statically. Until that's fixed, just don't use it.
BUG=chromium:437107
BRANCH=ToT, samus
TEST=manual
FEATURES=test emerge-link vboot_reference
/build/link/usr/bin/futility_s gbb_utility -c 100,100,100,100 test.bin
/build/link/usr/bin/futility_s gbb_utility -s --hwid=HEY test.bin
Change-Id: I66b76fc8c0aa92f95976c5d5015f62730bb12064
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/232234
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Including signing with bare hashes, and signing an object with more
than one signature. With unit tests, even.
BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests
Change-Id: Iad0b9f9f6cca7129071aebf0cbc60c0daa94d382
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/231452
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
And use them in the other vboot2 unit tests.
BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests
Change-Id: I0c3590649a0acf792e41e295ca4279ccba17a41f
Reviewed-on: https://chromium-review.googlesource.com/231345
Tested-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
And unit tests for them.
BUG=chromium:423882
BRANCH=none
TEST=make runtests && VBOOT2=1 make runtests
Change-Id: I720bfb2537bae60f05b5ce28ab196a331a82eedf
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/230931
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
And unit tests for them.
Move roundup32() into hostlib.
Fix WriteFile() returning success even if it failed to write to the file.
BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests
Change-Id: I8a115335c088dc5c66c88423d1ccbda7eaca1996
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/230844
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
flash_ts driver (from Android) was pulled to support Sonic. But now we
go a different route, this CL is to drop the FTS code.
BUG=chromium:436597
BRANCH=none
TEST=unittest
Change-Id: I86d6273f9f5f642b504ccb6a76e005cda12d0e78
Reviewed-on: https://chromium-review.googlesource.com/231896
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Nam Nguyen <namnguyen@chromium.org>
Tested-by: Nam Nguyen <namnguyen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a new VbInit() flag which will indicate that it is
being called before option roms are loaded and can therefore respond
to the VbNv flag without needing an immediate reboot.
When the BIOS calls VbInit() in firmware it may not yet know if the
system is in developer mode if there is a virtual developer mode
switch, instead it relies on the VbNv flag that is prepared by VbInit().
So this new flag only affects VbInit() checks itself, the later checks
still do the right thing because OPROM_LOADED can be set based on the
VbNv value that is set by VbInit().
BUG=chrome-os-partner:32379
BRANCH=samus
TEST=pass FAFT tests on samus
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Change-Id: I7a12f3d318a04ff43ac1ddfc0ba8baa112253bad
Reviewed-on: https://chromium-review.googlesource.com/230885
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a GBB flag which can be used in VbExShutdownRequested
to ignore the state of the lid switch and enable factory to run
with the lid closed.
BUG=chromium:434462
BRANCH=samus
TEST=none in this commit, just adding a new unused flag
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Change-Id: Ife93adcc90b2c48e79d4e0c8164d2e64e6326ca7
Reviewed-on: https://chromium-review.googlesource.com/230884
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 5040a945dfd0dd305d3ca8e923b8bf0bd5c6528e.
This patch breaks booting any image (both fixed and
removable) on Veyron_Pinky (and presumably every other
non-NAND board?). By the power vested in me through the
office of ChromeOS tree sheriff (well, five hours early
but whatever) it is hereby reverted!
BUG=chromium:425677
BRANCH=none
TEST=Can successfully boot on Veyron_Pinky again.
Change-Id: I9323a3d5e34491337fc7eb09dd00d845ac42997d
Reviewed-on: https://chromium-review.googlesource.com/229963
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
Tested-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To support an external GPT, disks have two new attributes:
- A binary flag indicating whether the GPT is in the same address
space as the payloads or a separate one.
- The number of sectors of the streaming portion of storage, as
opposed to the portion containing the GPT.
These have been added elsewhere to GptData (in cgptlib) and BlockDev
(in depthcharge). This patch adds the plumbing between those, including
in the DiskInfo interface between the firmware and vboot.
BUG=chromium:425677
BRANCH=none
TEST=Interactively wrote the GPT with cgpt and observed the following
boot with depthcharge to read the GPT from SPI and then read from
the proper locations in NAND flash.
make runalltests passes.
Signed-off-by: Dan Ehrenberg <dehrenberg@chromium.org>
Change-Id: I5a77e417aea8ee9442d18c200d1b073aa5375ecf
Reviewed-on: https://chromium-review.googlesource.com/228943
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
load_kernel_tests called out to "cgpt" as is and this is interpreted as
"/usr/bin/cgpt" on the host. This CL fixes that by using the right
version in "build/install_for_test/bin/cgpt".
BUG=none
BRANCH=none
TEST=rename /usr/bin/cgpt; make runtests
Change-Id: I65ee0f271b081da6f719764e22c14fef05cdb65b
Reviewed-on: https://chromium-review.googlesource.com/229590
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Nam Nguyen <namnguyen@chromium.org>
Tested-by: Nam Nguyen <namnguyen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
And associated unit tests.
And fix a memory overwrite in the old vb_api_tests.c, which apparently
didn't touch a critical piece of the shared work buffer, but was still
wrong. (This was a problem in the test, not in the code being
tested.)
BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests
Change-Id: I322fb7e6bb5214b0adcf5d6d48a0cd238abba88e
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/229738
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows the api header to include it without pulling in the rest
of the vboot2 internal structs.
No functional changes; just moving a struct definition.
BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests
Change-Id: Ife9408f9b597939a3cc85a10d534108e12f2d739
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/229793
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, "cgpt" called out to "flashrom" directly to read and write
NOR area. This CL removes that dependency and always treats "drive_path"
as the storage of GPT structs. This makes it consistent that whatever
device that cgpt reads from or writes to is always the device that
stores GPT structs. We only need to pass in the size of the drive that
contains the partitions, but we do not need to access to that drive.
More information is in the bug.
BUG=chromium:432611
BRANCH=none
TEST=unittest
CQ-DEPEND=CL:228942
Change-Id: Id0139adf70463cec4f2924de8b9a4725dbec822b
Reviewed-on: https://chromium-review.googlesource.com/229736
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Nam Nguyen <namnguyen@chromium.org>
Tested-by: Nam Nguyen <namnguyen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, my_lba of the secondary GPT was recorded as if that
GPT was written at the end of the device. This patch tweaks
my_lba to report where it is in the random-access GPT address space,
namely at the end of that space.
TEST=Compiled it into the firmware and observed the firmware to update
the my_lba field of the secondary GPT.
BRANCH=none
BUG=chromium:425677
Signed-off-by: Dan Ehrenberg <dehrenberg@chromium.org>
Change-Id: I88791fb2cff1086351ca8a3adeef675c4a88cc9a
Reviewed-on: https://chromium-review.googlesource.com/228942
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Daniel Ehrenberg <dehrenberg@chromium.org>
Tested-by: Daniel Ehrenberg <dehrenberg@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
And associated unit tests.
BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests
Change-Id: I6565d8f5da947b4874a656a61051df1a4ce415c7
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/229163
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
