| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ignore a power button push until after we have seen it released,
to avoid shutting down immediately if the power button is held
down on startup.
BUG=b:116819414,chromium:670492
BRANCH=grunt
TEST=manual:
1) Press and hold esc+refresh+power.
2) Depthcharge shows INSERT screen and does not power off.
3) Release esc+refresh+power.
4) Press and release power.
5) Depthcharge powers off.
TEST=test_that --fast -b grunt $grunt_ip firmware_ECLidShutdown
TEST=FEATURES=test emerge-grunt --nodeps vboot_reference
Change-Id: I7421a4b1a1b8a7894f0e7d1c7927ffc52d9faac0
Signed-off-by: Edward Hill <ecgh@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1256023
Reviewed-by: Raul E Rangel <rrangel@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We changed the verity kernel command line form before R16 was released
and included backwards compat support in the scripts for it. But all
the devices that were released for these old versions are EOL, and we
don't need to sign images that old anymore, so drop support.
BRANCH=None
BUG=chromium:891015
TEST=precq passes
Change-Id: I0e61c5d5cbeefb8ea0af955ead604a97fcb84bad
Reviewed-on: https://chromium-review.googlesource.com/1255344
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`futility` used to print debug messages to stdout, but there is a side
effect that stdout may be buffered and then flush later than stderr.
For example, when calling futility via ssh, we will see flashrom
messages before any of futility's own messages.
Also, many people want to get flashrom verbose messages (-V).
With this change, when calling ERROR and DEBUG, we will always output to
stderr. This also enables better parameter type checking.
`-d` and `-v` both contribute to verbosity, that will be converted to
-V's when calling flashrom.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I1d22a8054fc43cdc5e6c7415e131cc9826fbff0c
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1251145
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"Can we make futility support stdin like flashrom? I typically flash with:
ssh root@DUT flashrom -p host - < foo.bin"
Yes we can:
ssh root@DUT futility update -i - < foo.bin
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ib1ee5d4c882620e3b6f56fd5e4692b4829cf025a
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1251141
Reviewed-by: Raul E Rangel <rrangel@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'SMM store' must be preserved during firmware update. On newer systems,
this can be done by preserving FMAP section 'SMMSTORE' (CL:1221210).
For Eve, the SMM store did not have its own FMAP section and needs to be
reserved by explicit cbfstool calls.
BRANCH=None
BUG=b:70682365
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: Ica043f51de0170b5c40f61d059437b9572025e2e
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1250464
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The target AUE for daisy_snow is 74 or even longer, so we need to get a
better solution to get rid of script based updater customization (and the
painful EXTRA list in updater configuration).
The new quirk 'daisy_snow_dual_model' is assuming the input firmware image
has both daisy_snow x8 and x16 firmware packed into a single image
(because in vboot1, RW_A is identical to RW_B), and will modify A/B
contents according to target system.
BRANCH=None
BUG=chromium:881034
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
# Provide a fake mosys and output both MP / MPx16 to:
futility update -i bios-snow-2695.132.117-rw.bin \
--quirks daisy_snow_dual_model --emu emu.bin --sys_props 0,0x0000,0
Change-Id: I8af1b6c3117a703aed4da59902aaecb1009101f2
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1239798
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For people running updater directly without the packaged firmware
updater (chromeos-firmwareupdate), it is easier if we identify the
quirks inside updater itself instead of the wrapper script.
This change enables getting "default quirks" by target image RO version
so we won't need to pack firmware images first.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I179227f7a829577dc9fe5deb085fdee1a738c070
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1245663
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There will be more and more board-specific quirks in future and we want
to put them together into a special module.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I4fd2ff5e2b2e891cbd3da8c9393c6fbdf7024c75
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1245645
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The creation and deletion of temp files can be managed in same context
where updater config lives.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ic1745d27a071047d4882b21905bd11e15b5632cd
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1245644
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the do_update back to cmd_update with better initialization. The
update.c now has few APIs to invoke the firmware updater without relying
command line processing.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I99f792bf902ed72e487242ac8872aec384783555
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1245643
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It looks like cbfstool removing & inserting blobs into the bios, even
if the contents are the same, break the signatures run over the region.
Until we can figure out what's going on, avoid re-adding content that's
the same to keep the signatures valid.
BRANCH=None
BUG=chromium:889716
TEST=signing fizz image has valid vblock hashes
Change-Id: I00ba84cf22b6fffc594e60b78f91e7cb49c98f06
Reviewed-on: https://chromium-review.googlesource.com/1248201
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: C Shapiro <shapiroc@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The updater is getting more complicated and we may want to split into
few modules, for example "updater", "quirks", and "host".
The first step is to change cmd_update.c to updater.c (to preserve most
GIT history).
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Icae37db8720162130cf38767fec14a970cc9899d
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1245642
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many developers need to reflash or update firmware using servo, and the
firmware logic has been complicated enough that simply calling
'flashrom -w image.bin -p $SERVO' will usually destroy many important
settings, for example HWID, VPD, and other data provisioned in factory.
It should be more convenient if we can use 'futility update' against
servo. The '--programmer' provides first step - to override the flashrom
programmer so we can read and write via special programmer (like servo).
With this change, developers can reflash using:
futility -p $SERVO -i $IMAGE --force --wp 0
BRANCH=None
BUG=b:116326638
TEST=make futil; sudo tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: Iad4819ff8258086e1abb58fefd462d94050754d0
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1239817
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to support overriding programmer, we need to clean up the
'emulation' first.
The firmware_image.emulation was implemented as a flashrom emulate
programmer so we can emulate with calling flashrom in the very
beginning; and then replaced by native FMAP library because calling
flashrom add too much dependency and much slower in unit tests.
As a result, we can replace emulation to be the real file name being
emulated, and only keep that in the global config.
BRANCH=None
BUG=b:116326638
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: I5423e64d66be03a09ccfde29ecc3f4ef114c9453
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1239816
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Error messages should be printed using ERROR when being outside
the main updater function (do_update).
BRANCH=None
BUG=None
TEST=make futil; sudo tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: I037c99b6e4fbb6a05fd95d64a87d187d8531da39
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1245641
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By b/116298359#comment3, we know the tpm_fwver may be zero if the
firmware slot has been just created and no successful boots since last boot.
This is very common for factory and recovery so we should consider 0 as
"success".
There is still possible in early or proto builds, the device may have
vboot data structure changed so the updater calling vboot library cannot
get tpm_fwver properly. Also for people who wants to re-key their
devices with DEV firmware, we should allow waiving all TPM checks by
--force.
Also, in order to test that correctly, override_properties_from_list
should accept negative values to simulate failure in getting tpm_fwver
from VbGetSystemPropertyInt.
BRANCH=None
BUG=b:116298359
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: I09c91af36ceec340e393fb68999bea8d1907267d
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1239814
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a generic way of selecting an alternative bootloader to run from the
developer-mode menu. This enables keys 1-9 to select a particular numbered
bootloader.
Adjust VbExLegacy() to take a numeric parameter to signal which boot
loader to run.
CQ-DEPEND=CL:1228875
BUG=chromium:837018
BRANCH=none
TEST=FEATURES=test emerge-grunt --nodeps vboot_reference
Change-Id: I02eab1b87e21a6401ec42317c4c1fa1bd2767b53
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1060854
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:114610466
BRANCH=none
TEST=(1)Test cheza, whose storage has a block size of 4k:
$ make_dev_ssd.sh --remove_rootfs_verification --partitions 2
$ make_dev_ssd.sh --partitions 2 --save_config /tmp/foo_config
$ echo "console=ttyMSM0,115200n8" >> /tmp/foo_config.2
$ make_dev_ssd.sh --partitions 2 --set_config /tmp/foo_config
Messages show kernel is successfully re-signed.
Reboot and then see kernel log printed.
Also, rootfs is modifiable.
(2)Do a similar test on scarlet, whose storage has a block size of 512B.
See the same result.
Change-Id: Ic5d7714e4f608c477f935d244cd5ad62eb38815a
Signed-off-by: Philip Chen <philipchen@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1240934
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Philip Chen <philipchen@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Evan Green <evgreen@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to drop armv7a-cros-linux-gnueabi toolchain, so we need
to use armv7a-cros-linux-gnueabihf-gcc instead.
BRANCH=None
BUG=chromium:711369
TEST=emerge-kevin vboot_reference
Change-Id: Ie6831079162916eb11e98da3aecdcd8c0bd0d82d
Reviewed-on: https://chromium-review.googlesource.com/1241856
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The eventlog is stored in RW_ELOG and should not be destroyed during firmware
update.
BUG=chromium:655423
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I0b4fe1e78ae2d499e985471f51cfa9eb983c8adc
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1242663
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cheza early proto devices have declared few sections that must be
preserved before RO_PRESERVE is introduced, so we want to temporarily
include them until the migration is completed.
BUG=b:116326638
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ie8f397c000839ccfd475eab1d248843b23320465
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1239797
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There may be more platforms that want to preserve some data in RO+RW
firmware update. To prevent adding a huge list, we want to add new
RO_PRESERVE and RW_PRESERVE so sections to be preserved can be simply
defined as sub section of these and no more changes in updater side.
RO_VPD, RW_VPD and RW_NVRAM are remain unchanged due to legacy.
BUG=b:116326638
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I669e61aa75ab292fcee1a7b056af0e4d5fb14a7b
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1239815
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ideally we should fail if `tpm_fwver` can't be retrieved, but if an user can
run the updater then his system is already up so it's more likely to be a
vboot library issue (especially in early proto devices) that the crossystem
values were not reported correctly.
As a result, it seems more reasonable to skip checking TPM anti-rollback if
`tpm_fwver` can't be retrieved.
BRANCH=None
BUG=b:115764295
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: I7b6bf72531edb334a465c730fe8b3fbafa469b3a
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1238099
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After CL:1210342, the 'futility_s' is no longer needed so we may drop
the related build rules. People who wants to build static version of
futility can do:
make STATIC=true futil
BUG=chromium:765499
TEST=precq passes; make futil; make clean; make STATIC=1 futil
BRANCH=none
Change-Id: I80e83a80eaa273f09288f850c59a52494dc5bec9
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1235795
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The '--factory' is an alias to '--mode=factory_install' and was widely used
in several documents. Also moved WP check to end of argument parsing so
'--mode=factory --wp=0' can set WP correctly.
BRANCH=None
BUG=b:115764295
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: I7987d77c577414efb03941442e3125f35ac5ad98
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1233373
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In --mode=factory, we should fail if write protection is enabled.
Also added an unit test for the case.
BRANCH=None
BUG=b:115764295
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: I6c693e470a034554b1f4a3cb16cfbf974ae6f54b
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1226587
Reviewed-by: Marco Chen <marcochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A bunch of the params have '(writable)' at the end of the description
to indicate it's a writable field. However, it's not listed on every
field. Rather than resync all of them, automate it. Throw in the
type for good measure.
The old display:
hwid = LUMPY # Hardware ID
dev_boot_usb = 1 # Enable developer mode boot from USB/SD (writable)
The new display:
hwid = LUMPY # [RO/str] Hardware ID
dev_boot_usb = 1 # [RW/int] Enable developer mode boot from USB/SD
BUG=None
TEST=`crossystem` output looks better
BRANCH=None
Change-Id: I953cf5cb78b52edeece4215c3249b79b26d36f26
Reviewed-on: https://chromium-review.googlesource.com/1224652
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
clear_tpm_owner_request is 23 chars now.
BUG=None
TEST=`crossystem` is aligned
BRANCH=None
Change-Id: I6d077b7311c74c51fd608281ad48b29fc6219937
Reviewed-on: https://chromium-review.googlesource.com/1218502
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A bunch of these fields are slightly missorted.
BUG=None
TEST=`crossystem` is sorted
BRANCH=None
Change-Id: I9e90343f5034e7a8a2d81c9b8eeb4b1d7286f157
Reviewed-on: https://chromium-review.googlesource.com/1218503
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All accessories leverage the key format of Hammer therefore this
script calls Hammer's one to generate a key pair and renames them.
The key name isn't referenced by the signer anymore, so we will
name them all "hammerlike".
BUG=chromium:859269
TEST=Run this script in the chroot.
BRANCH=None
Change-Id: Iba35b03e59216e96a99f8aa471b660f3805c1f23
Reviewed-on: https://chromium-review.googlesource.com/1205636
Commit-Ready: Nick Sanders <nsanders@chromium.org>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many device may have some minor difference in early builds, for example
(board id) rev 0 and rev 1 may have GPIO pins connected to different
components. Usually the firmware should read board identifier and do the
right mapping, but sometimes the firmware may be totally incompatible and
no way to workaround (for example even the CPU may be different).
The min_platform_version is introduced so we can prevent updating to
incompatible systems, by reading $(mosys platform version).
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I418fee1aad884551b38ac25c340b2797b8503596
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1198815
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On recent Intel platforms, flashing to SI_ME may get corrupted due to ME
execution in parallel. If we lock SI_ME immediately (by writing the new
SI_DESC), the device may fail to boot due to ME execution failure.
As a result, a quirk is added so the firmware updater will never lock
SI_ME. The Flash Master values are always unlocked when updating SI_ME,
and after system reboot, a board-postinst script should check ME status
and reflash SI_DESC only if SI_ME looks all good.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I584aa373797e2b4c2608f07aac21c16cdb34a5c4
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1198807
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some devices may have shipped with a smaller image that the real flash may be
larger, especially if the device's original flash has been EOL'ed.
The quirk 'enlarge_image' allows changing image size according to current_image
size by padding 0xFF (flash default value).
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I84373cfa9bcbd98a2cd96a7dd4bed27a6f724cf3
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1198806
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The firmware updater usually needs to apply many special rules for particular
device, previously done by the 'updater_custom.sh' script.
In futility updater, we want to support that by a 'quirks' system, that
the updater package can declare a list of needed quirks and send to updater
as `futility update --quirks LIST`.
Currently only a dummy "test" quirks is defined.
The real quirks will be added in follow up changes.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ic935d69a54473f2347964e7c161ffcdc0af43ec6
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1198804
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When running on DUT we should create temporary files using system calls instead
of using hard-coded path and file name.
The new create_temp_file() will collect all temporary files and remove them
all when the remove_temp_files() is invoked (usually at end of program).
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I866dd8dfe7acbf8c5a586249ea2d19f33891672d
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1203334
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For devices that do not have update tag provisioned in legacy CBFS, we
need a way to push and enforce the updater to complete first migration.
The '--mode=legacy' provides a short cut to do
"flashrom -p host -w image -i RW_LEGACY"
Devices that need newer (or latest) legacy firmware should invoke
firmware updater in their initialization or setup process, to enforce
updating RW_LEGACY.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I87db067ad134e82bbbdc937bd2880c6731ec892b
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1198808
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The errorcnt in do_update should not add function return values
directly because the function may return negative values, which would
lead to wrong results. Instead we can process using '!!' so the returned
value will always be zero or positive integers.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I9f450b2ee8d86035288f06bdb314dfb1dce3ca64
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1209023
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change ensures that the slot_len is enough to hold the metadata
before attempting to actually read it.
BUG=None
BRANCH=None
TEST=None
Change-Id: Ief50edccc7a73c2c3002f772c616e4ed5557ecbd
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1212528
Commit-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We shouldn't need this anywhere anymore, so drop it.
BUG=chromium:765499
TEST=precq passes
BRANCH=none
Change-Id: I0f1adb2bf120e1a20c79d2641a0d2fe96d8e6908
Reviewed-on: https://chromium-review.googlesource.com/1210342
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To simplify debugging with logs, we want to print "current function" in almost
every debug and error messages. To prevent typing __FUNCTION__ everywhere,
two new macros ERROR and DEBUG are introduced, to print messages in
ERROR: <function>: <message>\n and
DEBUG: <function>: <message>\n .
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: If680f436042d58a32e2b4f534d4c22958f68d021
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1197023
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Intel platforms, when management engine is not in manufacturing mode the
SI_DESC will be read only and SI_ME can't be accessed by CPU.
For RW-FULL mode when we want to reflash whole firmware, flashrom will skip
SI_ME but it'll still try to update SI_DESC if the content looks different,
which would make all firmware update to fail when a new image is pushed with
different SI_DESC contents.
As a result, we have to preserve and skip SI_DESC changes when ME is locked.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I834405ad519dcb7ccd44073addfd63e844b74168
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1197022
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This won't have any real power savings until the APIC delay is merged
and enabled.
BUG=b:109749762
BRANCH=none
TEST=Booted grunt and made sure the developer screens still worked.
Change-Id: I7d75198771946415fa6a8fa69dff024d87ba5ef0
Signed-off-by: Raul E Rangel <rrangel@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1182190
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The RW_LEGACY logic has been changed recently and need cbfstool to help
identifying if update can be performed silently.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ida38bb8886b17c2f7bbb2c14d072508d4b9c5809
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1194821
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To make it easier for integration with legacy firmware updater, we want
to add few options:
-m, --mode MODE
-d, --debug
-v, --verbose
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I6f045db0a8e9b5c73c1f0be2b52a71a7ee2a495e
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1193043
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the RW is not signed by RO root key then verified boot will fail and enter
recovery mode. This may happen when user is trying to flash a DEV (or
PreMP) signed firmware on a MP-signed device, with write protection
enabled.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I1cee0b5f42f1f403d9baa5f9b2659f75511fbcb8
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1183659
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In verified boot, the key versions stored in TPM will be checked before
being able to load and run a signed RW firmware. This is also known as
anti-rollback check.
To prevent user installing an incompatible RO (even RW) and then being
not able to boot, we should check TPM key versions (by `tpm_fwver`
system property) before starting to update.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I6d50a6e475001d76fbcbe680a3f8b10f62354096
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1189249
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A safety check so people won't accidentally flashed wrong firmware image and
then being not able to boot.
The platform is decided by extracting the first component (delimited by dot
'.') of firmware ID. For example, platform for "Google_Link.123" is
"Google_Link".
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I90a1631f6b3e9a675fe1990cf9c204d763faf54c
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1189248
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are still many devices running vboot1 and we need to support them as
well. There is no way to determine if a firmware is vboot2 or not, so we
can only rely on the system property "fw_vboot2".
If fw_vboot2 is 0, then we should always update section B and compare content
with section A.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Iefdcb81099914c2183c627a33eb73678d1269bc1
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1184952
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The updater logic is heavily based on write protection status. The write
protection must be decided by two sources: hardware ("write protection
switch", known as `wpsw` in crossystem) and software (on most SPI, this
is controlled by SRP0 register using flashrom).
When debugging firmware updating issues, it is very important to have
complete logs for status of all WP sources (hw and sw, and the final
decision by updater itself - maybe overridden by --wp).
This change tries to handle WP properly and also leaving enough
information of how the WP logic was decided.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I15dc2dbcefc421c1194aa623e15f00d793653e93
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1183658
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In try-boot updating flow, we have to first check if RO content needs to be
changed or not, and do full (ro+ro) update if WP is disabled. Also, before
starting to update RW-A or RW-B, we should also check if the active system
already has same firmware contents.
An --force is also added to allow skipping the check.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ie2f75f9aab4696c75aedafbf45e418ee98a2a4b4
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1183654
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
