| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL retries reads and writes from/to TPM device if an error
is returned by read()/write(), up to 3 total attempts.
This is useful case of transient TPM communication errors that go
away after a single retry. Without this CL, after such errors the
encstateful key might be regenerated and encstateful data wiped.
BRANCH=none
BUG=chromium:702724
TEST=1) normal boot still works;
2) simulate a single error, verify that it retries.
Change-Id: I259882209df0aad66cd083729f746ea45909922b
Reviewed-on: https://chromium-review.googlesource.com/1067939
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The BINF3 (VBT7) reflects the firmware type, and we need that to
describe which type of firmware was booted.
The 'legacy' did not have its own value definition, but without that we
can't make sure if the system is running a non-chrome firmware or simply
entered legacy boot path. CL:1054307 introduced a new value (0x4) for
legacy type and we should handle it in crossystem mainfw_type command.
BUG=b:79130310
TEST=emerge-eve coreboot depthcharge chromeos-bootimage;
Boot in legacy mode and see crossystem reporting 'legacy' for
mainfw_type.
Change-Id: I4a1165e547e70c634d45054f56d1357ae5af2a83
Reviewed-on: https://chromium-review.googlesource.com/1068556
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some of the tools and utilities in vboot_reference do not build
with sanitizers enabled. To avoid this, do not build them
when NO_BUILD_TOOLS is defined.
CQ-DEPEND=CL:1060156
BUG=chromium:841588
TEST=USE="fuzzer" emerge-amd64-generic vboot_reference does not build host tools
TEST=emerge-falco vboot_reference builds all tools.
Change-Id: If238c98d4058db20765731237153bc6969a06375
Reviewed-on: https://chromium-review.googlesource.com/1060154
Commit-Ready: Manoj Gupta <manojgupta@chromium.org>
Tested-by: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This sets O_CLOEXEC when opening the TPM device to make sure the file
descriptor isn't shared across processes. The TPM character device
exposes the raw communication channel to send/receive commands to/from
the TPM. The TPM is not designed for concurrent access by multiple
users and the kernel driver already returns EBUSY on open when a
different process has already opened it. Consequently, it only makes
sense to have the /dev/tpm0 file descriptor be closed automatically on
exec().
None of the callers I'm aware of need to share the TPM file descriptor
across processes, and mount-encrypted has some ad-hoc code to close the
descriptor when it does fork+exec to spawn a helper. The existing code
isn't consistent and comprehensive (mount-encrypted spawns other
helpers where it forgets to close the file descriptor), so the plan is
to set O_CLOEXEC and remove the ad-hoc code.
BRANCH=None
BUG=None
TEST=Compiles, passes tests, image boots.
Change-Id: Ia6e73fb12e8f2ed8fe99b4c53ea6eb8cda4a21f5
Reviewed-on: https://chromium-review.googlesource.com/1055569
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
firmware_keys field in the HWID database also contains hash of recovery
key so need this information as well in order to deprecate firmware_keys
field.
BUG=chromium:763328
TEST=1) ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery ./chromeos_10644.0.0_soraka_recovery_dev-channel_mp.bin
./src/platform/vboot_reference/tests/devkeys ./output.bin
2) verify output file - VERSION.signer.
BRANCH=None
Change-Id: If2be93723e95d46fc0546239695be27c3229275c
Reviewed-on: https://chromium-review.googlesource.com/1053334
Commit-Ready: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Wei-Han Chen <stimim@chromium.org>
Reviewed-by: C Shapiro <shapiroc@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
chromoes-tpm-recovery was misspelled,
correct to chromeos-tpm-recovery
BRANCH=None
BUG=None
TEST=None
Change-Id: Ia3109348eed59f27b08d5261fbcc3d1d93067e89
Reviewed-on: https://chromium-review.googlesource.com/1043494
Commit-Ready: Nick Sanders <nsanders@chromium.org>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CL:866522 supported the case of loem and uni-build projects but not for
the project with one key only. After this CL, `gooftool finalize` can
refer to VERSION.signer in order to get correct firmware key hash from
recovery image. As the result, firmware_keys field can be removed from
HWID database.
BUG=chromium:763328
TEST=1) ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery ./chromeos_10644.0.0_soraka_recovery_dev-channel_mp.bin
./src/platform/vboot_reference/tests/devkeys ./output.bin
2) verify output file - VERSION.signer.
BRANCH=None
Change-Id: I376cd7038c0fe1d5cc71cb39cbabeb5e79994407
Reviewed-on: https://chromium-review.googlesource.com/1051429
Commit-Ready: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: C Shapiro <shapiroc@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Newer versions of util-linux/mount don't like when you create overlapping
loopback files. Since we always create a loopback of the entire image,
this means every mount fails.
We can change the few users in here over to using the existing loopback
partitions rather than continuing to create their own from scratch. This
makes the code a bit simpler.
However, we currently duplicate some of the mount image helpers so that
one version works off of a disk image while the other uses loopbacks.
Cleaning this up requires a number of changes in other files which we'll
want to do eventually, just not right now (to minimize risk).
BUG=chromium:714598
TEST=image signing works on newer gLinux installs
BRANCH=None
Change-Id: I31b35636b3b271e97070d283f8cb74d3183d8ec8
Reviewed-on: https://chromium-review.googlesource.com/1034435
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Dumping md5sum information along the way of signing bios.bin to shed
some lights on the signing process in order to debug the first slot
issue.
BUG=b:77252439
TEST=None
BRANCH=None
Change-Id: I5083d6db2eee42c5cc9588606f95bbffba0c00ff
Reviewed-on: https://chromium-review.googlesource.com/1036802
Commit-Ready: YH Lin <yueherngl@chromium.org>
Tested-by: YH Lin <yueherngl@chromium.org>
Reviewed-by: C Shapiro <shapiroc@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was an oversight from a previous CL:1007498 that removed the 512 block
size restrictions.
BUG=b:77540192
BRANCH=none
TEST=manual
make runtests passed.
Change-Id: I75b3ffebcc25afdde3774bcbb4a9600215a04436
Reviewed-on: https://chromium-review.googlesource.com/1031193
Commit-Ready: Sam Hurst <shurst@google.com>
Tested-by: Sam Hurst <shurst@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:78577893
BRANCH=None
TEST=None
Change-Id: I1905f53aadb0ae882dc4cf9f4fd214b4ccdfc440
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1029429
Commit-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Duncan Laurie <dlaurie@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Follow up the code review comments on CL:995175, which was merged as
1493e938e45535f86b7132a83123c6319eacb217
("image_signing: sign UEFI binaries")
BUG=b:62189155
TEST=See CL:*613656
BRANCH=none
Change-Id: Ic01bfbbfe39fbfb85c0f313ab62bbcd3e2fbb9a3
Reviewed-on: https://chromium-review.googlesource.com/1024919
Commit-Ready: Edward Jee <edjee@google.com>
Tested-by: Edward Jee <edjee@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Follow up the code review comments on CL:995174, which was merged as
7dff0105d66fa597741604cf1652a72c7a8463ac
("keygeneration: add support for UEFI key generation")
BUG=b:62189155
TEST=With CL:*613656, set up a local signer and tested key generation
and signing.
Also, manually ran the scripts like the following.
$ export PATH=$(readlink -f ../../../cros-signing/signer/signingtools-bin):$PATH
$ cd scripts/keygeneration && ./create_new_keys.sh --uefi --output ./key
$ chmod -R u+w key/uefi
$ ./uefi/increment_kek_key.sh key/uefi
$ ./uefi/increment_kek_key.sh key/uefi
$ ./uefi/increment_db_child_key.sh key/uefi
$ ./uefi/increment_db_child_key.sh key/uefi
$ ./uefi/increment_db_child_key.sh key/uefi
$ ./uefi/increment_db_key.sh key/uefi
$ ./uefi/increment_db_child_key.sh key/uefi
$ ./uefi/increment_db_key.sh key/uefi
$ ./uefi/increment_db_child_key.sh key/uefi
$ ./uefi/increment_db_child_key.sh key/uefi
$ openssl x509 -noout -subject -in key/uefi/db/db.children/db_child.pem
BRANCH=none
Change-Id: I6c0cd47914a0a77970cd074fe087bba33c16cffc
Reviewed-on: https://chromium-review.googlesource.com/1024918
Commit-Ready: Edward Jee <edjee@google.com>
Tested-by: Edward Jee <edjee@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Follow up the code review comments on CL:995174, which was merged as
7dff0105d66fa597741604cf1652a72c7a8463ac
("keygeneration: add support for UEFI key generation")
BUG=b:62189155
TEST=See the following commit.
BRANCH=none
Change-Id: Id642029010e4eea51ec1f7d23240678f3f07e872
Reviewed-on: https://chromium-review.googlesource.com/1024917
Commit-Ready: Edward Jee <edjee@google.com>
Tested-by: Edward Jee <edjee@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signature Scheme V2 was introduced in N.
TEST=(prepare)
1. Produce A.img by running the original sign_android_image.sh on a
test image.
2. Produce B.img by running the new sign_android_image.sh on the
same image.
TEST=Check Settings.apk with apksigner. Saw only v1 signature exists
with A.img, and only v2 exists with B.img, as expected.
Certificates on both APKs have the same fingerprint.
TEST=Login with A to create a new /data state, then login with B.
Platform apps still run. No signature error in logcat.
BRANCH=none
BUG=b:67942659
Change-Id: Ibabc399563bfdc92836856a377997405cc660483
Reviewed-on: https://chromium-review.googlesource.com/993153
Commit-Ready: Victor Hsieh <victorhsieh@chromium.org>
Tested-by: Victor Hsieh <victorhsieh@chromium.org>
Reviewed-by: Bernie Thompson <bhthompson@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Whiskers decided to leverage the key format of Hammer therefore this
script calls Hammer's one to generate a key pair and renames them to
key_whiskers*.
BUG=b:78254017
TEST=Run this script in the chroot and verify the generated key pair.
BRANCH=None
Change-Id: Iae7097a3b2da1b134fa1a986c669704bbbaca4e9
Reviewed-on: https://chromium-review.googlesource.com/1018591
Commit-Ready: Patrick Berny <pberny@chromium.org>
Tested-by: Patrick Berny <pberny@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Bob Moragues <moragues@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:62189155
TEST=See CL:*601769
BRANCH=none
Change-Id: Id9569616bae0d5f44c1c96e18522ace244a5aae8
Reviewed-on: https://chromium-review.googlesource.com/995175
Commit-Ready: Edward Jee <edjee@google.com>
Tested-by: Edward Jee <edjee@google.com>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Generated with the following commands.
$ mkdir tests/devkeys/uefi
$ ./scripts/keygeneration/uefi/create_new_uefi_keys.sh tests/devkeys/uefi lakitu
$ rm -f tests/devkeys/uefi/{pk,kek,db,dbx}/*.rsa
BUG=b:62189155
TEST=See the following commit.
BRANCH=none
Change-Id: I996081c30fbfa89d07dba9252128dc214530e71f
Reviewed-on: https://chromium-review.googlesource.com/994179
Commit-Ready: Edward Jee <edjee@google.com>
Tested-by: Edward Jee <edjee@google.com>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:62189155
TEST=With CL:*601769, set up a local signer and tested key generation
and signing.
Also, manually ran the scripts like the following.
$ export PATH=$(readlink -f ../../../cros-signing/signer/signingtools-bin):$PATH
$ cd scripts/keygeneration && ./create_new_keys.sh --uefi --board lakitu --output ./key
$ ./uefi/increment_kek_key.sh key/uefi lakitu
$ ./uefi/increment_kek_key.sh key/uefi lakitu
$ ./uefi/increment_db_child_key.sh key/uefi lakitu
$ ./uefi/increment_db_child_key.sh key/uefi lakitu
$ ./uefi/increment_db_child_key.sh key/uefi lakitu
$ ./uefi/increment_db_key.sh key/uefi lakitu
$ ./uefi/increment_db_child_key.sh key/uefi lakitu
$ ./uefi/increment_db_key.sh key/uefi lakitu
$ ./uefi/increment_db_child_key.sh key/uefi lakitu
$ ./uefi/increment_db_child_key.sh key/uefi lakitu
$ openssl x509 -noout -subject -in key/uefi/db.children/db_child.pem
BRANCH=none
Change-Id: I9276269a2a66c57f4e99deafec3b90d6cbf52244
Reviewed-on: https://chromium-review.googlesource.com/995174
Commit-Ready: Edward Jee <edjee@google.com>
Tested-by: Edward Jee <edjee@google.com>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds a new NV and GBB flag for controlling USB device
mode behavior, adding an additional step to enable UDC on systems
that support it.
Users of this feature will need to first enable developer mode and
then enable UDC separately by running "crossystem dev_enable_udc=1".
Alternatively those without write protect enabled can set a GBB
flag to have UDC enabled by default while in developer mode.
This is based on the security reviewed proposal at
https://docs.google.com/document/d/1b6avd9xvhvljN_NKtctWrClj4mSYZ_uPmp7MmAnPwqs
BUG=b:74339386
BRANCH=poppy
TEST=manual testing on Eve device
Change-Id: I6f440320f28b033639b53246d3034bc8acc37a33
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1010769
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:78009842
Change-Id: I50de5d69309a25411c907425675eace330de7615
Signed-off-by: Shaunak Saha <shaunak.saha@intel.com>
Signed-off-by: Hannah Williams <hannah.williams@intel.com>
Reviewed-on: https://chromium-review.googlesource.com/742490
Commit-Ready: Aaron Durbin <adurbin@chromium.org>
Tested-by: Hannah Williams <hannah.williams@intel.corp-partner.google.com>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a command that checks whether the well-known secret (SHA1 hash of
20 zero bytes) works for owner authentication. This is accomplished by
sending a DefineSpace command for TPM_NV_INDEX_TRIAL, which will
trigger auth checks but not actually allocate an NVRAM space.
Successful command execution thus indicates that authorization was
successful. tpmc exposes the status via its exit status. This will be
used in the tpm-firmware-updater driver script to verify that the TPM
is in upgradable state.
BRANCH=None
BUG=chromium:788719
TEST=compiles
Change-Id: I630831127e0e01186650412a92643c2153fbe2ee
Reviewed-on: https://chromium-review.googlesource.com/978171
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new TlclGetSpaceInfo function returns more detailed information
about a defined NVRAM space. The existing TlclGetPermissions function
is now using TlclGetSpaceInfo behind the scenes.
BRANCH=None
BUG=chromium:788719
TEST=New unit tests.
Change-Id: I6c4f490d575788b696fd742a69e81e2767ec50f1
Reviewed-on: https://chromium-review.googlesource.com/937705
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the remaining constants for NVRAM space attributes. The code
previously only declared the ones required in vboot_reference, but
that led to other code growing its own ad-hoc declarations for missing
constants. Just declare them all to simplify things.
BRANCH=None
BUG=chromium:788719
TEST=compiles
Change-Id: I749ae5e4dc1b2ba56121fe42fd136b505d8cae80
Reviewed-on: https://chromium-review.googlesource.com/937704
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds two new functions and their corresponding TPM commands to create
delegation families and list the delegation family table, respectively.
This isn't sufficient to meaningfully manage delegation families, but good
enough for the (ab)use case of storing flags in delegation family labels, which
we are going to do in order to strengthen encrypted stateful to guarantee
recreation of the encrypted file system after TPM clear..
BRANCH=None
BUG=chromium:788719
TEST=new unit tests
Change-Id: I31beb662784a8fff450b485c7cabc553944d7772
Reviewed-on: https://chromium-review.googlesource.com/817199
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a TlclDefineSpaceEx function that allows to pass additional
parameters when creating NVRAM spaces, i.e. owner authorization as
well as PCR bindings.
BRANCH=None
BUG=chromium:788719
TEST=New unit tests.
Change-Id: I73404c05528a89604fea3bcb1f00741fb865ba77
Reviewed-on: https://chromium-review.googlesource.com/814114
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Trybot-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the ability to take TPM ownership. This requires two new commands:
TPM_OIAP to start an auth session and TPM_TakeOwnership to establish
ownership. TPM_TakeOwnership requires an auth session and proper
command authentication to work, which is also added.
BRANCH=None
BUG=chromium:788719
TEST=new unit tests
Change-Id: Ib70144eedb0b1c7c43b26c06529d33ccbaa51a0e
Reviewed-on: https://chromium-review.googlesource.com/790414
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Trybot-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a TlclReadPubek library function to read the public endorsement
key.
BRANCH=None
BUG=chromium:788719
TEST=New unit tests.
Change-Id: I5f23b76b88198d656f4ba5782d2b4f25aaa082b1
Reviewed-on: https://chromium-review.googlesource.com/790413
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Trybot-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove 512 sector block size restriction so that UFS, with sector block size 4096
or greater, can be used. The sector block size is queried from the kernel with
ioctl(BLKSSZGET) or queried from depthcharge with VbExDiskGetInfo().
BUG=b:77540192
BRANCH=none
TEST=manual
make runtests passed.
Tested firmware on Kevin and boot to kernel from disk.
Executed cgpt show /dev/mmcblk0 on eve device and verified output was correct.
Should be tested on device with sector block size greater than 512.
Change-Id: I8165c8ee4da68180eecc8d12b3fb501cc5c60a5d
Reviewed-on: https://chromium-review.googlesource.com/1007498
Commit-Ready: Sam Hurst <shurst@google.com>
Tested-by: Sam Hurst <shurst@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add helper functions that read a number in TPM byte order and advance
the buffer pointer in a single operation. Replace instances of this
pattern with call to the helpers. No functional changes.
BRANCH=None
BUG=None
TEST=existing unit tests
Change-Id: I96d866893ec875aafc978cbe2a55ea7f9f27542c
Reviewed-on: https://chromium-review.googlesource.com/985832
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
firmware/lib/tpm_lite.c turned off CHROMEOS_ENVIRONMENT if FOR_TEST is
enabled, resulting in a situation where code specific to
CHROMEOS_ENVIRONMENT couldn't be tested. Fortunately, AFAICS
tlcl_tests does not use FOR_TEST for anything useful any longer, so
just drop it.
BRANCH=None
BUG=None
TEST=FEATURES=test emerge-$BOARD -v1 vboot_reference
Change-Id: I7f08ef6d2343bc60a6d2982c3cc7bae0507d94d5
Reviewed-on: https://chromium-review.googlesource.com/937703
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Wand decided to leverage the key format of Hammer therefore this
script calls Hammer's one to generate a key pair and renames them to
key_wand*.
BUG=b:73799441
TEST=Run this script in the chroot and verify the generated key pair.
BRANCH=None
Change-Id: Id2749d78e0632bee66c09c4ee7aa1930534157b7
Reviewed-on: https://chromium-review.googlesource.com/991532
Commit-Ready: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default value is "disk", and should be mentionned as an option.
BRANCH=none
BUG=none
TEST=emerge-poppy -av vboot_reference
Change-Id: I9ddfe155f1dbaf019b74c1bab7b5ce5539545e7f
Reviewed-on: https://chromium-review.googlesource.com/989375
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If an aux firmware update fails enter recovery with a specific
reason code so we can identify systems that fail.
Also handle the case where the update succeeds and requests a
cold reset of the EC, first clearing the oprom flag if
necessary in order to prevent a second reset.
Unit test was added to check recovery reason for aux firmware
update failure.
BUG=b:74336712
BRANCH=eve
TEST=manual: force update to fail and ensure it goes to recovery
mode, and after successful update check that the option rom flag
is cleared before the EC reset happens.
Unit tests udpated and 'make runtests' passes.
Change-Id: I35a93892a0f8bb16eac0925ada5dfbc5c3144f8d
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://chromium-review.googlesource.com/959671
Reviewed-by: Caveh Jalali <caveh@google.com>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a distinct recovery reason for aux firmware update failures
so we have some visibility into failures in eventlog.
This is used in a subsequent commit.
BUG=b:74336712
BRANCH=eve
TEST=manual: force update failure and ensure device goes to recovery
with this reason
Change-Id: I4b215444592b7c31cd25d59ad2a52b85d504e3bf
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://chromium-review.googlesource.com/959669
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: caveh jalali <caveh@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Responses and commands share the same header structure. The
tpm_code field corresponds to TPM_CC in one case and TPM_RC
in the other. Make it uint32_t (instead of TPM_CC) in the
structure to avoid confusion when dealing with responses.
BUG=chromium:825894
BRANCH=none
TEST=build
Change-Id: I07821f35b0f539a863ee97c0a08c141d0533a4de
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/981111
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Propagate the actual error - a non-successful response
code from the tpm or communication/serializing failure -
to the caller of the Tlcl functions in TPM 2.0 case.
Currently, the callers only have special processing for
the error codes from TCG TPM 1.2 range, which are never
returned in case of communication or serialization failures
or from the actual TPM 2.0. (The only case of mapping
TPM 2.0 error codes to TPM_E_BADINDEX is preserved in this CL.)
Thus, changing the actual values returned from the functions
won't change any current behavior in the calling layers.
This CL is a preparatory work for adding special processing
for communication errors in mount-encrypted.
BUG=chromium:702724
BRANCH=none
TEST=build; test that tpmc getvf, tpmc read still work.
Change-Id: I96b20e7285e83f0038abc01e4b7175c938867e7d
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/977225
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The constants from the list defined in tss_constants.h
should be the same values regardless of TPM 1.2 vs 2.0
spec version since AP firmware checks for those exact
values in certain cases. Stop defining them separately
for TPM 1.2 and 2.0 and move to the common tss_constants.h.
Before the change, even though TPM_E constants were defined
in TPM spec dependent files, they were defined identically.
So, no changes to the behavior are caused by this CL.
This is a preparatoryy change to fixing error handling for
Tlcl and mount-encrypted.
BUG=chromium:702724
BRANCH=none
TEST=emerge vboot_reference
Change-Id: Ib7a5f41ca55579d053ba63ce07f4bed1394e7ae9
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/976871
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Looks like we forgot to update the help text for set_gbb_flags.sh when
adding the DISABLE_FMWP flag. This patch fixes that.
BRANCH=None
BUG=None
TEST=None
Change-Id: Iae45e151ae786565f6a1a695a2e3c3d01f8c1d0a
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/976801
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems like there are some testing use cases where we want the device
to boot into the recovery installer but it is impractical to fully
simulate a user-triggered recovery. This has become impossible with the
recent change to always require manual recovery to boot an image, even
when the developer mode switch is enabled (CL:924458).
This patch adds a new GBB flag to support this use case. When the flag
is set, all recovery mode is manual recovery mode, regardless of wheter
the developer mode switch is on or not.
Since the GBB_FLAG_ENABLE_SERIAL was killed off before it ever really
worked anyway, we can safely reuse the bit reserved for it.
BRANCH=None
BUG=None
TEST=make runtests, manually confirmed on Kevin
Change-Id: I4f51dfd20b4ff04c522f53596896dccbceee52dc
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/976660
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This regenerates packages cache during signing the image once apks are
changed due timestamp and key update.
TEST=Build image, sign it useing devkeys and deploy to device. Perform
user sign-in and enable ARC. Test logcat and everything is clear.
BUG=b:74108152
Change-Id: I4809a1f87c8b8f52094054dbb4c8ba3e059aee89
Reviewed-on: https://chromium-review.googlesource.com/948064
Commit-Ready: Yury Khmel <khmel@google.com>
Tested-by: Yury Khmel <khmel@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CL:942031 introduced a check for the length of output returned by
mosys. If the output has a trailing newline, then the check failed.
Just make sure we get at least as much data as we expect.
BUG=b:74439800
BRANCH=none
TEST=run crossystem on bob; no 'mosys returned hex data' errors
Change-Id: If678b201185dbda869e4e17abae314470f5cef4a
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/958286
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Check the result of VbSharedDataRead() before dereferencing it.
BUG=chromium:789276,chromium:819695
BRANCH=none
TEST=make runtests
Change-Id: I1b1cc90bdc2fca61a9aad6b02e8b7e1f6a919797
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/954712
Commit-Ready: Keith Haddow <haddowk@chromium.org>
Reviewed-by: Keith Haddow <haddowk@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As we've refactored the code over the last few years, there are some
dangling features which are no longer used. Remove the code for them.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; build and boot bob
CQ-DEPEND=CL:954224
Change-Id: Id4f3caa0581ce68465ea92e3eeedab501fb6b1aa
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/954354
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On CNL systems, the pinctrl (gpiochip) driver label is "INT34BB:00".
Declare it properly.
BRANCH=none
BUG=b:71722386
TEST=on Meowth, run 'crossystem wpsw_cur' and see '0' rather than an
error.
Change-Id: I74f3cce19afac9a76e8d3071426e79eb9bb11db9
Reviewed-on: https://chromium-review.googlesource.com/951789
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Benson Leung <bleung@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The calling firmware can set ctx->flags VB2_CONTEXT_NVDATA_V2 to tell
vboot that nvdata is a 64-byte record instead of a 16-byte record, or
equivalently, set the VBSD_NVDATA_V2 flag if calling the old vboot1
API.
If calling firmware does not (which is the current coreboot and
depthcharge default), then the 16-byte record is used, and V2 fields
return explicit default values.
Added the fw_max_rollforward V2 field, which defaults to 0xfffffffe on
V1. This will be used by a subsequent CL.
Added unit tests to verify all that.
Added crossystem support, though it will only work with the current
16-byte records until firmware sets the VBSD flag and mosys supports
larger records.
(Note that because coreboot/depthcharge do not yet set the new context
flag, this CL should not change ToT firmware behavior.)
See go/vboot-nvstorage for design doc.
BUG=chromium:789276
BRANCH=none
TEST=make runtests
Change-Id: I43072ef153dfa016c051f560892af1fbb3508e3a
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/942031
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was deprecated months ago in crossystem, and isn't set by
depthcharge or coreboot. Remove the flag from vboot as well, keeping
only a reminder in vboot_struct.h so we don't reuse the VbSharedData
bit.
BUG=chromium:742685
BRANCH=none
TEST=make runtests
Change-Id: Ifa928e8ec4d999c524c6f4168695859261f384c9
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/947256
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
VbLockDevice() would be inconvenient to port to 64-byte NV storage
records because it doesn't take VbSharedData flags or a vb2_context.
So, just have depthcharge call vbnv_write() directly (as it does in
other places in fastboot.c) and get rid of this API.
BUG=chromium:789276
BRANCH=none
TEST=make runtests
CQ-DEPEND=CL:944183
Change-Id: I2aeaecf7f929cd1a1ebd1f6850d0dd96c6fabb49
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/944243
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of only logging when ARC++ is not present, also report when we
found an ARC++ image about to be re-signed.
BUG=None
TEST=See info message when running sign_official_build.sh
BRANCH=None
Change-Id: I0d983d38048c4b8dace51e4ea25e23c7cf1da3d7
Reviewed-on: https://chromium-review.googlesource.com/942021
Commit-Ready: Nicolas Norvez <norvez@chromium.org>
Tested-by: Nicolas Norvez <norvez@chromium.org>
Reviewed-by: Victor Hsieh <victorhsieh@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- move helper functions that detect which keys should be used depending
on the build flavor to a separate lib
- add unit tests for that lib
BUG=b:72947583
TEST=unit tests
TEST=run against caroline image, scripts detects 'cheets' build flavor
TEST=run against novato-arc64 image (SDK), script detects 'cheets' build
flavor
TEST=run against newbie image (AOSP), script detects 'aosp' build flavor
TEST=run against invalid build property 'paosp_cheets_...', script
aborts as expected
BRANCH=None
Change-Id: I5595c10a5a063e7658d0cf17c77dbeead429cd97
Reviewed-on: https://chromium-review.googlesource.com/923097
Commit-Ready: Nicolas Norvez <norvez@chromium.org>
Tested-by: Nicolas Norvez <norvez@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|