| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ideally we should fail if `tpm_fwver` can't be retrieved, but if an user can
run the updater then his system is already up so it's more likely to be a
vboot library issue (especially in early proto devices) that the crossystem
values were not reported correctly.
As a result, it seems more reasonable to skip checking TPM anti-rollback if
`tpm_fwver` can't be retrieved.
BRANCH=None
BUG=b:115764295
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: I7b6bf72531edb334a465c730fe8b3fbafa469b3a
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1238099
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After CL:1210342, the 'futility_s' is no longer needed so we may drop
the related build rules. People who wants to build static version of
futility can do:
make STATIC=true futil
BUG=chromium:765499
TEST=precq passes; make futil; make clean; make STATIC=1 futil
BRANCH=none
Change-Id: I80e83a80eaa273f09288f850c59a52494dc5bec9
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1235795
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The '--factory' is an alias to '--mode=factory_install' and was widely used
in several documents. Also moved WP check to end of argument parsing so
'--mode=factory --wp=0' can set WP correctly.
BRANCH=None
BUG=b:115764295
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: I7987d77c577414efb03941442e3125f35ac5ad98
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1233373
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In --mode=factory, we should fail if write protection is enabled.
Also added an unit test for the case.
BRANCH=None
BUG=b:115764295
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: I6c693e470a034554b1f4a3cb16cfbf974ae6f54b
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1226587
Reviewed-by: Marco Chen <marcochen@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A bunch of the params have '(writable)' at the end of the description
to indicate it's a writable field. However, it's not listed on every
field. Rather than resync all of them, automate it. Throw in the
type for good measure.
The old display:
hwid = LUMPY # Hardware ID
dev_boot_usb = 1 # Enable developer mode boot from USB/SD (writable)
The new display:
hwid = LUMPY # [RO/str] Hardware ID
dev_boot_usb = 1 # [RW/int] Enable developer mode boot from USB/SD
BUG=None
TEST=`crossystem` output looks better
BRANCH=None
Change-Id: I953cf5cb78b52edeece4215c3249b79b26d36f26
Reviewed-on: https://chromium-review.googlesource.com/1224652
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
clear_tpm_owner_request is 23 chars now.
BUG=None
TEST=`crossystem` is aligned
BRANCH=None
Change-Id: I6d077b7311c74c51fd608281ad48b29fc6219937
Reviewed-on: https://chromium-review.googlesource.com/1218502
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A bunch of these fields are slightly missorted.
BUG=None
TEST=`crossystem` is sorted
BRANCH=None
Change-Id: I9e90343f5034e7a8a2d81c9b8eeb4b1d7286f157
Reviewed-on: https://chromium-review.googlesource.com/1218503
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All accessories leverage the key format of Hammer therefore this
script calls Hammer's one to generate a key pair and renames them.
The key name isn't referenced by the signer anymore, so we will
name them all "hammerlike".
BUG=chromium:859269
TEST=Run this script in the chroot.
BRANCH=None
Change-Id: Iba35b03e59216e96a99f8aa471b660f3805c1f23
Reviewed-on: https://chromium-review.googlesource.com/1205636
Commit-Ready: Nick Sanders <nsanders@chromium.org>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many device may have some minor difference in early builds, for example
(board id) rev 0 and rev 1 may have GPIO pins connected to different
components. Usually the firmware should read board identifier and do the
right mapping, but sometimes the firmware may be totally incompatible and
no way to workaround (for example even the CPU may be different).
The min_platform_version is introduced so we can prevent updating to
incompatible systems, by reading $(mosys platform version).
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I418fee1aad884551b38ac25c340b2797b8503596
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1198815
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On recent Intel platforms, flashing to SI_ME may get corrupted due to ME
execution in parallel. If we lock SI_ME immediately (by writing the new
SI_DESC), the device may fail to boot due to ME execution failure.
As a result, a quirk is added so the firmware updater will never lock
SI_ME. The Flash Master values are always unlocked when updating SI_ME,
and after system reboot, a board-postinst script should check ME status
and reflash SI_DESC only if SI_ME looks all good.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I584aa373797e2b4c2608f07aac21c16cdb34a5c4
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1198807
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some devices may have shipped with a smaller image that the real flash may be
larger, especially if the device's original flash has been EOL'ed.
The quirk 'enlarge_image' allows changing image size according to current_image
size by padding 0xFF (flash default value).
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I84373cfa9bcbd98a2cd96a7dd4bed27a6f724cf3
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1198806
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The firmware updater usually needs to apply many special rules for particular
device, previously done by the 'updater_custom.sh' script.
In futility updater, we want to support that by a 'quirks' system, that
the updater package can declare a list of needed quirks and send to updater
as `futility update --quirks LIST`.
Currently only a dummy "test" quirks is defined.
The real quirks will be added in follow up changes.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ic935d69a54473f2347964e7c161ffcdc0af43ec6
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1198804
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When running on DUT we should create temporary files using system calls instead
of using hard-coded path and file name.
The new create_temp_file() will collect all temporary files and remove them
all when the remove_temp_files() is invoked (usually at end of program).
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I866dd8dfe7acbf8c5a586249ea2d19f33891672d
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1203334
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For devices that do not have update tag provisioned in legacy CBFS, we
need a way to push and enforce the updater to complete first migration.
The '--mode=legacy' provides a short cut to do
"flashrom -p host -w image -i RW_LEGACY"
Devices that need newer (or latest) legacy firmware should invoke
firmware updater in their initialization or setup process, to enforce
updating RW_LEGACY.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I87db067ad134e82bbbdc937bd2880c6731ec892b
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1198808
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The errorcnt in do_update should not add function return values
directly because the function may return negative values, which would
lead to wrong results. Instead we can process using '!!' so the returned
value will always be zero or positive integers.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I9f450b2ee8d86035288f06bdb314dfb1dce3ca64
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1209023
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change ensures that the slot_len is enough to hold the metadata
before attempting to actually read it.
BUG=None
BRANCH=None
TEST=None
Change-Id: Ief50edccc7a73c2c3002f772c616e4ed5557ecbd
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1212528
Commit-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We shouldn't need this anywhere anymore, so drop it.
BUG=chromium:765499
TEST=precq passes
BRANCH=none
Change-Id: I0f1adb2bf120e1a20c79d2641a0d2fe96d8e6908
Reviewed-on: https://chromium-review.googlesource.com/1210342
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To simplify debugging with logs, we want to print "current function" in almost
every debug and error messages. To prevent typing __FUNCTION__ everywhere,
two new macros ERROR and DEBUG are introduced, to print messages in
ERROR: <function>: <message>\n and
DEBUG: <function>: <message>\n .
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: If680f436042d58a32e2b4f534d4c22958f68d021
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1197023
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Intel platforms, when management engine is not in manufacturing mode the
SI_DESC will be read only and SI_ME can't be accessed by CPU.
For RW-FULL mode when we want to reflash whole firmware, flashrom will skip
SI_ME but it'll still try to update SI_DESC if the content looks different,
which would make all firmware update to fail when a new image is pushed with
different SI_DESC contents.
As a result, we have to preserve and skip SI_DESC changes when ME is locked.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I834405ad519dcb7ccd44073addfd63e844b74168
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1197022
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This won't have any real power savings until the APIC delay is merged
and enabled.
BUG=b:109749762
BRANCH=none
TEST=Booted grunt and made sure the developer screens still worked.
Change-Id: I7d75198771946415fa6a8fa69dff024d87ba5ef0
Signed-off-by: Raul E Rangel <rrangel@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1182190
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The RW_LEGACY logic has been changed recently and need cbfstool to help
identifying if update can be performed silently.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ida38bb8886b17c2f7bbb2c14d072508d4b9c5809
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1194821
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To make it easier for integration with legacy firmware updater, we want
to add few options:
-m, --mode MODE
-d, --debug
-v, --verbose
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I6f045db0a8e9b5c73c1f0be2b52a71a7ee2a495e
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1193043
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the RW is not signed by RO root key then verified boot will fail and enter
recovery mode. This may happen when user is trying to flash a DEV (or
PreMP) signed firmware on a MP-signed device, with write protection
enabled.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I1cee0b5f42f1f403d9baa5f9b2659f75511fbcb8
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1183659
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In verified boot, the key versions stored in TPM will be checked before
being able to load and run a signed RW firmware. This is also known as
anti-rollback check.
To prevent user installing an incompatible RO (even RW) and then being
not able to boot, we should check TPM key versions (by `tpm_fwver`
system property) before starting to update.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I6d50a6e475001d76fbcbe680a3f8b10f62354096
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1189249
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A safety check so people won't accidentally flashed wrong firmware image and
then being not able to boot.
The platform is decided by extracting the first component (delimited by dot
'.') of firmware ID. For example, platform for "Google_Link.123" is
"Google_Link".
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I90a1631f6b3e9a675fe1990cf9c204d763faf54c
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1189248
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are still many devices running vboot1 and we need to support them as
well. There is no way to determine if a firmware is vboot2 or not, so we
can only rely on the system property "fw_vboot2".
If fw_vboot2 is 0, then we should always update section B and compare content
with section A.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Iefdcb81099914c2183c627a33eb73678d1269bc1
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1184952
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The updater logic is heavily based on write protection status. The write
protection must be decided by two sources: hardware ("write protection
switch", known as `wpsw` in crossystem) and software (on most SPI, this
is controlled by SRP0 register using flashrom).
When debugging firmware updating issues, it is very important to have
complete logs for status of all WP sources (hw and sw, and the final
decision by updater itself - maybe overridden by --wp).
This change tries to handle WP properly and also leaving enough
information of how the WP logic was decided.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I15dc2dbcefc421c1194aa623e15f00d793653e93
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1183658
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In try-boot updating flow, we have to first check if RO content needs to be
changed or not, and do full (ro+ro) update if WP is disabled. Also, before
starting to update RW-A or RW-B, we should also check if the active system
already has same firmware contents.
An --force is also added to allow skipping the check.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ie2f75f9aab4696c75aedafbf45e418ee98a2a4b4
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1183654
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some of the headers have extern C markings already, so add to the
rest of the installed files so users don't have to.
BUG=chromium:878440
TEST=build passes
BRANCH=none
Change-Id: I3edf56ca2235269803049207806a9f7eb4c664f2
Reviewed-on: https://chromium-review.googlesource.com/1201042
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When updating RO (or going to compare with contents), we need to
preserve (copy) section data from system active firmware image.
The `preserve_images` will try to preserve a list of known sections in
full update (`--wp=0`) mode, so we VPD data and HWID won't be lost.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh
BRANCH=None
Change-Id: I85c4ba972853dbc0fc101bee269c0effe70988b1
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1183653
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In vboot2, to try one RW (unused) section on next boot, we have to:
- Find mainfw_act
- Select and update to the "other" slot
- Set system property fw_try_{next,count} values to try in next boot.
The new '--try' (-t) option can trigger the mode if available.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
futility update --emulation FILE -i IMAGE -t --sys_prop 0; # Updates to B.
futility update --emulation FILE -i IMAGE -t --sys_prop 1; # Updates to A.
BRANCH=None
Change-Id: I4b4662616a7181d2f37307238b7b80ae82369768
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1188017
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the system property 'mainfw_act'.
In both vboot1 and vboot2, the try-rw update process will need to figure out
what is current (active) firmware slot, which is the "mainfw_act" system
property.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
futility --debug update -i IMAGE --sys_prop 0;
futility --debug update -i IMAGE --sys_prop 1;
BRANCH=None
Change-Id: Ie745726107bff416549ba095a3defdd4cc98d32d
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1183652
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The logic is same as --mode=recovery,--wp=1 in legacy firmware updater.
An debugging option '--wp' is introduced so user can easily switch between FULL
UPDATE (--wp=0) or RW UPDATE (--wp=1).
BUG=chromium:875551
TEST=make futil; futility update -i IMAGE --wp=0;
futility update -i IMAGE --wp=1;
tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ic7d8aa8b327296988ebf80a8e737e8893b7870ea
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1188016
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When updating firmware, we may need to get some system environment
status, like which firmware slot was selected and boot (active), or
setting cookies so the next boot will be using right (updated) slot.
In verified boot, these status are manipulated by "system property"
using API Vb{Get,Set}SystemProperty{String,Int}. The user land tool is
`crossystem`.
In order to run the firmware updater for testing and debugging, we need
an easy way to toggle getting real system status, or fetch from
predefined values. A new 'system_property' structure is introduced
and included as part of `updater_config`.
Each property can be access by `get_system_property(property_type)`
function. If the value was not fetched yet, the function will call
corresponding 'getter' function defined in property and then cache it.
A new parameter '--sys_props` is also introduced so we can easily
override them from command line so the updater will not get status from
running system.
The --sys_props takes a list of integers, eliminated by space or comma.
For example,
"1,2,3" => overrides [0]=1, [1]=2, [2]=3.
"1 2,3" => overrides [0]=1, [1]=2, [2]=3.
"1, ,3" => overrides [0]=1, [2]=3.
BUG=chromium:875551
TEST=make futil; futility update -i IMAGE
tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ia2e06a953da1480da9a94f7f397802caa7468efa
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1188015
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The logic is same as --mode=factory or --mode=recovery,--wp=0 in legacy
firmware updater.
BUG=chromium:875551
TEST=make futil; futility update -i IMAGE
tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ifbfc4fb76f954483e779c8b508377d07561b67da
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1183651
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To help debugging and testing, we may want to run updater against an
image file instead of modifying real system firmware.
The --emulate allows running with all checks and reading, and outputs
to given file.
BUG=chromium:875551
TEST=make futil; futility update -i IMAGE --emulate IMAGE2
tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ic52fe60a1468f29245cade70f859513d8d117c9c
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1184953
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To manipulate the firmware contents on device, we need to access the
flash chipset (usually via SPI) on system. The `host_flashrom` provides
a way to call external program "flashrom" for reading and writing
firmware. So the `update_firmware` can now load "system current
firmware" using flashrom.
Note in the future we may want to statically link the flashrom as
library so there won't be external dependency.
BUG=chromium:875551
TEST=make futil; futility update -i IMAGE
tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I52f2d4fe4fe4dd660f762a5a75e3367820717e19
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1183650
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add `find_firmware_section` and `firmware_section_exists` utility
functions to manipulate FMAP based sections easily. It is used by
parsing of image version strings, which helps indicating the firmware
versions going to be updated.
BUG=chromium:875551
TEST=make futil; futility update -i /build/eve/firmware/image.bin
tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I458fa8c31c45dbbd29614c3d6ccd586e46a3ed0b
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1183649
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To specify images, we want to read them from files specified from
command line:
-i: AP (host) firmware image.
-e: EC firmware image.
--pd_image: PD firmware image (deprecated).
BUG=chromium:875551
TEST=make futil; futility update -i /build/eve/firmware/image.bin
tests/futility/run_test_script.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I3c2dbe3d3ce4619aa7e044a154be3aba7ab9181c
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1183648
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A reference firmware updater for all systems running vboot using FMAP for
layout. The updater is currently a dummy implementation and will be completed
with incoming changes.
BUG=chromium:875551
TEST=make futil; build/futility/futility update;
tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I57bec91c178749b79a19789f9599f5f9048fced8
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1182701
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An 'Error' is easier than writing fprintf(stderr, "ERROR: %s", ...).
BUG=chromium:875551
TEST=make futil;
BRANCH=None
Change-Id: Id4a849014dc202319dc1932289c68f43b2430c7d
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1183647
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds a command to cgpt to
change the GUID of the drive.
BRANCH=none
BUG=None
TEST=Compiled and ran utility to verify that GUID changes.
Also verified that the new and existing tests completed
successfully.
Change-Id: Ia8a815447509626312e2b06c6f293901290c73c3
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1171834
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A later change I authored has the tests check the GUID of the drive.
When the primary table is ignored the GUID from the secondary wasn't
being displayed either. This change has the details of the secondary
table get displayed when the primary table is ignored.
BRANCH=none
BUG=None
TEST=Compiled. The change was runtime tested as part of a larger change though
I didn't unit test this particular change after it was split out into a
separate commit.
Change-Id: I300511cf65c67f4888e08ab49cd72c7acf234507
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1173410
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:112520234
TEST=make runtests
BRANCH=master
Change-Id: I84ea07f948fec9aa2945c10831f434e77b0e435d
Signed-off-by: Ting Shen <phoenixshen@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1172305
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Ting Shen <phoenixshen@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unibuilds, such as Octopus, generate long lines listing the
individual board names.
Removing a check which is restricting the unibuilds ability to add
additional boards to the list.
BUG=chromium:873552
BRANCH=none
TEST=none
Change-Id: I080f4f251935eb19ee3377556500a5bd98117a2f
Reviewed-on: https://chromium-review.googlesource.com/1173256
Commit-Ready: Bob Moragues <moragues@chromium.org>
Tested-by: Bob Moragues <moragues@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit switches from claiming 33 bytes of NVRAM for the compressed
representation of a prime256v1 compressed public key to 32 bytes for its
SHA256 hash. This makes it easier to process with the standard OpenSSL
binary.
BUG=chromium:845589
TEST=make runtests
BRANCH=none
Change-Id: Ic641b800bcbf2158d52ffbebbf143c47061e8cc3
Reviewed-on: https://chromium-review.googlesource.com/1161496
Commit-Ready: Tudor Brindus <tbrindus@chromium.org>
Tested-by: Tudor Brindus <tbrindus@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Port CL:1009444 to ToT.
Adds (enable|disable)_alt_os_request flag for AltOS boot flow.
BRANCH=none
BUG=b:70804764
TEST=1. make runtests
2. Manually, set and get new flags via crossystem
Change-Id: Ie7fe2620f736335f11c39cbfe37b3fdf400ff926
Reviewed-on: https://chromium-review.googlesource.com/1014840
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Ting Shen <phoenixshen@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Problem files were found with:
find . -name '*.c' -o -name '*.h' | xargs grep '^ [^*]'
and edited manually.
Ignores utility/ and cgpt/, since they seem to globally adhere
to a two-space tab convention.
BUG=None
TEST=make clean runtests
TEST=emerge vboot_reference depthcharge
Change-Id: I5a678484a119c8f1911f717e1968bdb4f1a0810f
Reviewed-on: https://chromium-review.googlesource.com/1160131
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a flag recoverysw_is_virtual for determining whether a
device's recovery switch status (as given by recoverysw_cur) is from a
physical button or a line connected to Servo, without a physical button
(e.g. veyron_minnie).
BRANCH=none
BUG=chromium:845589
TEST=manually tested on cave and veyron_minnie; make runtests
Change-Id: If8e54e1df78b25a52dbf359ce641bea75533d705
Reviewed-on: https://chromium-review.googlesource.com/1157537
Commit-Ready: Tudor Brindus <tbrindus@chromium.org>
Tested-by: Tudor Brindus <tbrindus@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Copied from depthcharge.
BUG=none
BRANCH=none
TEST=formatted some code
Change-Id: I9b9916df7da6195c753f2ce9ddbf37baf8a3e747
Signed-off-by: Raul E Rangel <rrangel@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1160930
Reviewed-by: Martin Roth <martinroth@chromium.org>
|