| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Just resolving some style comments left on CL:1955805. The CL merged
by CQ before I noticed the comments.
BUG=none
BRANCH=none
TEST=compiles
Change-Id: I286343e3ee2ecb4cb6092ca99fa46c4a80442e03
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1957760
Tested-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new subprocess_run library function provides a unit-tested way to
call subprocesses and collect output.
BUG=chromium:1030473
BRANCH=none
TEST=On drallion and druwl, crossystem works for both reading and writing
Change-Id: I072d91cf68ee91c663652d2c0433ef8bbedad7d7
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1955806
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, futility and crossystem needed to be statically
linked. (futility had both futility and futility_s.)
Since there's no longer any need to statically link any binaries
built by vboot_reference, remove this support from the Makefile.
BUG=b:124141368, chromium:765499
TEST=make clean && make runtests
BRANCH=none
Change-Id: I8c2b5c5b5aa86bbecb0c264f688dfdac4b19ca7e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1954976
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a powerful library for interacting with processes. We'll be
able to clean up much of the code which manually sets up the pipes and
calls exec* with this well-tested and expressive abstraction.
This code will initially be used in crossystem for calling out to
flashrom instead of relying on mosys.
BUG=chromium:1030473
BRANCH=none
TEST=provided unit tests
Change-Id: I56f28419406d0b1299bb91058dd4500079b2435e
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1955805
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function was added with the sole intended user being
BCB support on the depthcharge side.
Now that BCB is deprecated, we can remove it.
BUG=b:124141368, chromium:956474
TEST=make clean && make runtests
BRANCH=none
Change-Id: I4a99c540951b5e160bf50bcb790091d1df6eefc3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1954975
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously in vboot_common.c. This function "almost" only
reads vboot2 data. As we would like to deprecate and remove the
vboot_common.c file, find a new home for it.
BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ice980604be3537741293bb9f6d31385c1d915887
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1844596
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none
Change-Id: I7daf97a88c71ff188c5812a30ca71d6c84823ae9
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1844595
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pass on values returned from vb2_gbb_* functions instead
of using VBERROR_INVALID_GBB on error.
BUG=b:124141368, chromium:988410
TEST=make clean && make runtests
BRANCH=none
Change-Id: I66b99393f0fcc9eabe629d08b35247764cfbcefb
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1728296
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Convert LoadKernel and TryLoadKernel to use vboot2-style error
codes. Error codes are renamed as follows:
VBERROR_NO_KERNEL_FOUND
--> VB2_ERROR_LK_NO_KERNEL_FOUND
VBERROR_INVALID_KERNEL_FOUND
--> VB2_ERROR_LK_INVALID_KERNEL_FOUND
VBERROR_NO_DISK_FOUND
--> VB2_ERROR_LK_NO_DISK_FOUND
Remove these error codes:
VBERROR_LOAD_KERNEL_RECOVERY
Remove VBSD_BOOT_DEV_SWITCH_ON check in vb2_developer_ui
to align vboot_ui and vboot_ui_menu functionality.
VBERROR_LOAD_KERNEL
Unused.
BUG=b:124141368, chromium:988410
TEST=make clean && make runtests
BRANCH=none
Change-Id: I90389c6629cc6055c4a4acbbbdd358bb79b63bf7
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1728297
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=none
BUG=none
TEST=emerge-nami vboot_reference coreboot
Change-Id: I83a82a8b931c074e83ced8ea41c215d70825881e
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1935272
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We recently reactivated the -DUNROLL_LOOPS code for x86 devices.
Unfortunatley, this seems to lead to code size problems for early
firmware stages on certain x86 boards (CB:37475). The biggest speedup
with unrolled loops was observed during kernel verification anyway
(which hashes orders of magnitude more data than firmware verification),
so let's make this fully configurable by the calling firmware and only
enable it from depthcharge. Pre-RAM coreboot changes are probably better
served with the smaller implementation anyway (and this will only become
more important as we move to CBFS per-file hashing and need hash
algorithms in every stage).
BRANCH=None
BUG=None
TEST=None
Cq-Depend: chromium:1951413
Change-Id: I87eaa14299cae0ee0d0b4a098d638b6bccdaf75b
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1951782
Reviewed-by: Aaron Durbin <adurbin@google.com>
Reviewed-by: Subrata Banik <subrata.banik@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was for the Ryu project, which was cancelled (at least for
CrOS). It's safe to assume crossystem will never be used on Android.
BUG=chromium:990438
BRANCH=none
TEST=crossystem still functions on samus
Change-Id: Ide5b4ad105e9f36972067c125176ae5a08444ceb
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1949427
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
EC software sync should not be performed in recovery mode, as it breaks
the vboot model.
BUG=b:145310842
BRANCH=firmware-hatch-12672.B
TEST=Verify that EC sync is skipped in recovery mode (coreboot & depthcharge)
Change-Id: I771b970b044ed2b13a1cd79f5649af92b0177ac7
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1941037
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stop magically checking get_info_flags by subtracting the
expected value from vbtlk_retval. Introduce two globals
vbtlk_expect_fixed and vbtlk_expect_removable which are
checked when the mocked VbTryLoadKernel function is called.
Update some comment style and fix spacing.
BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none
Change-Id: I038aa03dcff24ec06f68f6a175f992ed99feddb9
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1836612
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added VB2_SECDATA_FWMP_DEV_FIPS_MODE flag which would enable FIPS 140-2/3
compliant behavior in Cr50. This includes power-up self tests, known
answer tests for cryptographic functions, etc.
BUG=b:138577491
TEST=make clean && make runtests
BRANCH=none
Change-Id: I37334aab82fc36e6beff1a8902867fe316f901b6
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1947916
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than the caller picking and choosing between vb2_run_altfw
and vb2_try_alt_fw, always use the "try" function, and manually
specify the `allowed` argument.
Fix up some comment styles.
Reverse the order of vb2_commit_data and secdata_kernel_lock
calls, and check the return value of vb2_commit_data.
BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ib6b2752ba1b9be66401612a46f9c1b9353669c27
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1776286
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since power_button_state is only used within vboot_ui.c, it should be
declared static.
BRANCH=none
BUG=none
TEST=emerge-nami vboot_reference
Change-Id: I392f137af15b36cf343817c681b18434e33e53e4
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1937048
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Daisy snow has set its AUE version to R75 and R76 went stable for a long
time, so we can now remove the quirk for it.
BUG=None
TEST=make clean && make runtests
Change-Id: I8a955f1e02221c6562958f584dabdb27ab5d870d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1940401
Tested-by: Hung-Te Lin <hungte@chromium.org>
Auto-Submit: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In current kernel verification code, secdata reads and writes
are spread throughout the code. vboot2's design is to use
vb2_context.secdata_* for storing the state of secdata spaces,
and have the caller (depthcharge) read/save this field when
necessary.
Centralize secdata reads/writes into the functions of
secdata_tpm.c, previously known as rollback_index.c.
Functions which directly read/write to the TPM space are modified
to use vb2_secdata_*_get and vb2_secdata_*_set.
The secure spaces get read/flushed by functions in
vboot_api_kernel.c. These calls and the underlying functions
from secdata_tpm.c will eventually be relocated to depthcharge.
Create a new external function vb2ex_commit_data, which commits
any modified nvdata/secdata. Currently the depthcharge
implementation of this function only writes nvdata, but once
secdata TPM drivers have been migrated from vboot_reference to
depthcharge, it will also commit these data spaces.
This CL also removes the VbExNvStorageRead call from
vb2_kernel_setup, and the data is instead read in depthcharge
CL:1819379, right before calling VbSelectAndLoadKernel.
As such, both the VbExNvStorageRead and VbExNvStorageWrite
functions may be removed.
Finally, create a vb2_secdata_kernel_lock function, which should
be used right before attempting to leave vboot (by booting an OS
or chainloading to another firmware). This should eventually be
exposed as a vb2ex_ API function and relocated to depthcharge.
BUG=b:124141368, chromium:972956, chromium:1006689
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ifbfb21122af0bf85e22a6d3a0d48a1db7f7c25b7
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1819380, chromium:1939168
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1728298
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unify "create a temp file and write firmware image contents" to the
new API get_firmware_image_temp_file with better error messages.
BRANCH=none
BUG=chromium:1024401
TEST=make clean && make runtests
Change-Id: I441f24053a8d94def587cf8270c44a4bdce9a4fe
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1928359
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Auto-Submit: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since vendor data flag in vb2_context is set from depthcharge directly
(CL:1933685), VB_SALK_INFLAGS_VENDOR_DATA_SETTABLE can be removed. The
inflags field is also removed from struct VbSelectAndLoadKernelParams.
BRANCH=none
BUG=chromium:953656
TEST=emerge-kukui depthcharge vboot_reference
Cq-Depend: chromium:1933685
Change-Id: If5cdf11d1fd27603b22b2c71183847a0987e5fc8
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1932279
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the recovery switch is physical then the propmt to enter dev mode
will say to press the recovery switch not the enter key. In this case we
do not want to warn the user that an internal keyboard is needed to
confirm we will just silently ignore the enter key.
BUG=b:144034020
TEST=On Drallion enter key does not work to switch to dev mode and does
not beep or print a warning when the enter key is pressed
BRANCH=none
Change-Id: I250ea2622c9c38bfc0d7463eb95ca65a12b41153
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1929601
Tested-by: Mathew King <mathewk@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Mathew King <mathewk@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:124141368, chromium:1006689
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ieb47f54f665299b5377077c8975611ba3e1b8dc9
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1921775
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than depending on the architecture and environment to
provide the correct memory alignment (__BIGGEST_ALIGNMENT__),
hardcode to 8, which should be sufficient for all cases.
(Previously, by using __BIGGEST_ALIGNMENT__, this is set to
16 in all known cases, which is unnecessarily large.)
Update vb2_workbuf tests to be more flexible according to
VB2_WORKBUF_ALIGN value.
BUG=b:124141368
TEST=make clean && make runtests
TEST=Try values of VB2_WORKBUF_ALIGN=2,4,8,16,32,64
BRANCH=none
Change-Id: I819586119fa3102fa423a01e0737e6864c05d752
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1911921
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After storing the GBB header on the workbuf, the offset of wb.buf
is stored into workbuf_used by incorrectly using ctx as the
pointer base, rather than sd (which corresponds to the start of
the workbuf). This subtracts 8 bytes from the correct value of
workbuf_used, and leaves the last 8 bytes of the GBB header
vulnerable to being overwritten with any VB2_WORKBUF_ALIGN values
less than 16.
Also update the relevant vb2_misc_tests check to account for
GBB headers with non-aligned sizes (currently it is 128 bytes).
BUG=b:124141368, chromium:1027846
TEST=Test with various VB2_WORKBUF_ALIGN values
BRANCH=none
Change-Id: I862d29155ce08df6911c277f8ce8c703ffaf1df7
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1932276
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The updater_utils.c should not deal with updater_config directly.
Currently everything relates to generating temporary files will need
updater_config due to updater_create_temp_file. By moving that out (let
every caller to pass &cfg->tempfiles) we can detach updater_utils.c from
updater_config.
BRANCH=none
BUG=chromium:1024401
TEST=make clean && make runtests
Change-Id: I44bc4df0152596a822b1e0672f41c16825472249
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1928358
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
Auto-Submit: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "EC update" (either calling flashrom or using EC RO software sync)
logic has been bloated and is really not a typical updater feature (that
only makes sense for dogfooders). And we have seen enough special cases
that some boards may not want to use it (or causing problems).
Move that to a quirk so we can turn on or off in a more flexible way.
BRANCH=none
BUG=chromium:1024401
TEST=make clean && make runtests
Change-Id: I2d4fe0d9ee0d98ad41b8cbdcaff848846d120d07
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1926010
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
Auto-Submit: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The firmware updater (updater.c) is bloated so we should move functions
that are not really related to 'updating logic' to a new file,
updater_utils.c.
Refactor only by moving functions (and renamed few functions), no
changes in updater logic.
BRANCH=none
BUG=chromium:1024401
TEST=make clean && make runtests
Change-Id: I98339c5c4a81845b36daf842c79625fa2389c7f0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1926009
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
Auto-Submit: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When flashing using CCD, we should:
- Set programmer to raiden_debug_spi:target=AP
- Set write protection argument to "0" instead of number 0 (which means NULL).
- do_check_compatible_tpm_keys should not raise failure if force_update is set.
BRANCH=None
BUG=None
TEST=make runtest;
sudo futility update --ccd -i image.bin
Change-Id: I01121791bbbae0ffbcbc7a56c24b506d48ef7394
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1926011
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
Auto-Submit: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default in pre-upload.py was changed to warn about Signed-Off-By
lines: https://crrev.com/c/1917972.
BRANCH=none
BUG=none
TEST=repo upload --cbr .
Change-Id: Ie54b95251a751134c8824d3720e2fe73ef79fbc9
Signed-off-by: Jett Rink <jettrink@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1926520
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently VB_SALK_INFLAGS_ENABLE_DETACHABLE_UI in
VbSelectAndLoadKernelParams.inflags controls whether to enable
detachable ui. However, it doesn't have much to do with the specifics of
"loading a kernel", and would fit better in vb2_context.flags, which is
also passed to VbSelectAndLoadKernel().
This patch replaces the usage of VB_SALK_INFLAGS_ENABLE_DETACHABLE_UI
with vb2_context_flags VB2_CONTEXT_DETACHABLE_UI, which is set from
depthcharge.
BRANCH=none
BUG=chromium:953656
TEST=emerge-kukui depthcharge vboot_reference
Cq-Depend: chromium:1918868
Change-Id: Iafe0f9fe0a90bcb5a7fa557fac75e0856796769d
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1921769
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TEST=Able to save ~50ms of bootime with this CL
Without this CL
1100:finished vboot kernel verification 802,443 (148,108)
With this CL
1100:finished vboot kernel verification 775,914 (102,601)
Signed-off-by: Subrata Banik <subrata.banik@intel.com>
Change-Id: I96bea22667ebf45b446a26d84de96e52f3d28aa0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1919094
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Tim Wawrzynczak <twawrzynczak@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CL:1900560 broke MOCK_TPM due to a typo in the Makefile. This patch
fixes it.
BRANCH=None
BUG=None
TEST=None
Change-Id: Ifd23ad764029b72af3fb03cf9dd52faefa586a80
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1922491
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch splits out the TPM functionality into a separate library called
TLCL (TPM lightweight command library). This is to avoid linking in TLCL
code two times and causing duplicate references.
BUG=none
BRANCH=none
TEST=make clean && make runtests
Cq-Depend: chromium:1901882
Change-Id: I56e961c066b2df1d1e19f632b834b11625454f59
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1900560
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unlike STM32 (used on ARM Chromebooks), EC images on most x86
Chromebooks used to have a header before EC_RO section describing the
size and attributes of firmware to load. However, partial updating with
only 'EC_RO' by flashrom will not include those data. So we should use
'WP_RO' to update whole RO area.
This also implies EC RO software sync, which usually only updates
ec.RO.bin in EC_RO, is not safe on devices with extra data. A quick
solution is to only allow RO software sync when EC_RO is aligned to top
of EC firmware image. Also in future devices cannot run EC software sync
may skip generating EC RO blobs in AP coreboot CBFS so the updater won't
try to do RO software sync.
BUG=chromium:1024401
TEST=(kukui) chromeos-firmwareupdate --mode=recovery # updated and boot
(laser) chromeos-firmwareupdate --mode=recovery # updated and boot
also verified we can update from old x86 EC (EC_RO does not
include header) to new style (EC_RO contains header).
Change-Id: I2c90320ffbfd79ba0cbaf70016446d8ab489e6ac
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1919097
Reviewed-by: Shelley Chen <shchen@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
chromeos-tpm-recovery only works when it's actually booted in recovery
mode, not when just running a recovery image in developer mode with
Ctrl+U. This distinction is often not super clear to non-firmware
people, so make the error message more explicit.
BRANCH=None
BUG=None
TEST=None
Change-Id: I18afa933f624f26d1f7949b9b586ab01daf7c801
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1913491
Reviewed-by: Curtis Malainey <cujomalainey@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, battery cutoff is handled at the end of a successful EC
software sync. Now that auxiliary firmware sync is separate from the
EC, this patch moves it back to after both EC and auxfw updates are
successful, to ensure all firmware is up-to-date before entering ship
mode.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: I96bea22667ebf45b446a26d84de96e52f3d289a5
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1889430
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:143094352
BRANCH=none
TEST=make clean && make runtests
Change-Id: I3665bfb10c66e2fbe3906e99cc72346748123cfb
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1873879
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new flag can be set by any firmware which updates the EC to let
further stages know that the EC sync has already been completed during
this boot.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: Ide14efe7091631b62d240ddc984c8c70527a6d37
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1877066
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
crossystem functions just make up a fake vb2_context for calling into
things like vb2_nv_init(), but that function actually accesses
vb2_shared_data as well. This used to work because vb2_get_sd() would
return NULL in that case and vb2_nv_init() actually checks for that,
but with the persistent context model this is no longer possible and
making up directly allocated contexts is always illegal.
This patch adds a small fake workbuffer to the fake context so we can
have real backing storage for shared data. (This might not be the final
way we want to fix it but should work as a quick band-aid over the
crashes.)
Also remove the now pointless (sd == NULL) checks from vb2_nv_init().
BRANCH=None
BUG=chromium:1024732
TEST=make runtests
Change-Id: I91247013f092bbfc41cf1974b82cf70a29fa4734
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1917486
Tested-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Brian Norris <briannorris@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch separates out some code into an extra file so that it's
easier to link into hostlib without pulling in all additional
dependencies from the random 2misc.c crap. The functions are copied
wholesale with no changes.
BRANCH=None
BUG=chromium:1024732
TEST=make runtests
Change-Id: Ia00d1da277e5fc0956c8a1ae608d842224016c91
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1917819
Tested-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Brian Norris <briannorris@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This callback is redundant, because vboot takes the buffer pointer and
just passes it straight into vb2ex_ec_update_image(), so clearly the
platform must be able to find the image on its own. Remove it, and also
remove the arguments to vb2ex_ec_update_image which were the image and
its size.
BUG=none
BRANCH=none
TEST=make runtests
Cq-Depend: chromium:1910562
Change-Id: I35548cc0bde761cf08337489af0772bbdf46de4d
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1877065
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the logic for updating auxfw is entangled with the logic
for performing EC software sync. This patch attempts to split them
apart, so that they can be used separately. VbSelectAndLoadKernel()
currently still performs both, EC first and then auxfw. The intended
use-case for this functionality is to perform EC software sync only in
coreboot's romstage. Unit tests were updated to ensure functionality
is effectively unchanged.
BUG=b:143094352, chromium:1016688
BRANCH=none
TEST=make clean && make runtests
Change-Id: I7bdf38694cfed83b18dd8189b8516780184ecc8e
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1867314
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove devidx argument from internal and external functions.
Rename external API functions to vboot2 scheme (vb2ex_...).
Rename external EC-related data types to vboot2 scheme (vb2_...).
BUG=b:124141368, chromium:1016688, chromium:1017093, b:112198832, b:143094352
TEST=make clean && make runtests
BRANCH=none
Cq-Depend: chromium:1910562
Change-Id: I4ca9858a0f91a0365288c04cdb90aad0efdd7647
Signed-off-by: Joel Kitching <kitching@google.com>
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1872255
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The EC RO name inside CBFS is actually 'ecro' instead of 'ec_ro'.
BRANCH=None
BUG=b:141965252
TEST=make clean && make runtests
Run 'futility update -i image.bin -e ec.bin --mode=recovery'
Change-Id: I2ede0bfbd550d343726df893ce707e82d77d5f30
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1913689
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also standardize on position and spacing of __attribute__.
BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ic61d6193c2413824837a51af98eb2dcd9ea4ab85
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1902843
Commit-Queue: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When unpacking files, unzip will retain timestamps on the outputs.
This makes it easy to recreate the firmware unpacker with the same
exact contents. futility doesn't copy update timestamps anywhere,
so all the mtimes are $now, which makes it impossible to recreate
the same archive.
Update the API to pass around mtimes by reading them from inputs,
setting them on outputs, and copying them across.
BUG=None
TEST=`futility update -a chromeos-firmwareupdate --unpack out` has timestamps on outputs
BRANCH=None
Change-Id: Icc0ae833390115082e1677d190d1b2a029b78439
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1913067
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All devices which have a PD chip running CrOS EC code have already shipped,
and there is no intention to go back to using an "EC" for a TCPC anymore.
BUG=b:143762298,chromium:1017093
BRANCH=none
TEST=make runtests
Change-Id: I177c00581089de59e4f35608b97ef5432e8b492b
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1895712
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes an issue discovered while fuzzing
vb2_load_fw_keyblock(): the data key contained in the keyblock is not
sanity-checked before moving it around on the work buffer, resulting in
a potential overflow if it's key_size flows over the end of the
keyblock. This is not exploitable since the keyblock was already
verified, so only signed (=trusted) keyblocks can get to this stage, but
there's nothing wrong with double-checking anyway.
This patch also rewrites the data_key moving code a bit to just move the
whole key rather than individually copying the header elements and then
just memmove()ing the data (and keeping the previous key_offset from the
root key rather than the one from the data key). None of these issues
affect correctness but it seems simpler and cleaner to me this way.
Finally, remove an instance where the keyblock was accessed after the
memmove(). This would be bad if the data key was so much larger than the
keyblock that memmove()ing it overwrites the keyblock header. Like an
existing comment points out, that doesn't happen with the key sizes we
choose in practice, but it's still better to not rely on that.
BRANCH=none
BUG=chromium:1017793
TEST=make runtests and reran failing fuzz testcase
Change-Id: I78ded43ad999e0883a69cbb2ea7e876888a9fa22
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1880015
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move vb2_context to live inside of vb2_shared_data, instead of
in a separate memory space allocated by the caller.
See design doc:
http://go/vboot2-persistent-context
BUG=b:124141368, chromium:994060
TEST=make clean && make runtests
BRANCH=none
Change-Id: If2421756572a43ba58b9da9f00e56a8f26ad3ad5
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1874753, chromium:1902339
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1716351
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|