| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:231084609
BRANCH=None
TEST=None
Change-Id: Id76f2469faa13c136c6ec2761577acec4ad810e5
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3831833
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In vb2_get_gbb, abort if gbb_offset is zero. This ensures that functions
like vb2api_gbb_get_flags won't try to read garbage GBB data if the
context hasn't been properly initialized.
Some additional changes made to fix tests:
1. In vb2_set_boot_mode, don't access GBB unless needed.
2. In vb2api_get_dev_default_boot_target, use vb2api_gbb_get_flags
instead of vb2_get_gbb to make it easier to mock. This is needed for
depthcharge tests.
3. Make vb2api_get_debug_info tolerant of GBB not being set. This is
needed for depthcharge tests.
BUG=b:237093169
BRANCH=none
TEST=make && make runtests
Cq-Depend: chromium:3820402
Change-Id: I921d6cc4a5d91c8114c5e46748b4576a1e7716d0
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3817941
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The script doesn't work on betty without --force. And in turn
dev_features_rootfs_verification doesn't work as well.
BUG=None
TEST=copy the script to betty and run
BRANCH=none
Change-Id: I70f48b97b470bb04fb9f5fff751df83c44d7defe
Signed-off-by: Shao-Chuan Lee <shaochuan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3818089
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a general security test script. This allows
some logic to be moved out of the signer as well as providing a single
entry point for the security tests run by the signer.
BRANCH=none
BUG=b:202397678
TEST=Verified that correct security tests ran with/without
`--keyset-is-mp`
Change-Id: Ib4c779a90d2fe9160c278f20d7ec61242f1d68cc
Signed-off-by: Robert Zieba <robertzieba@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3820999
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit changes the order of the arguments for this script from
`<board> <image>` to `<image> <board>`. This brings the script in-line
with the existing ensure scripts.
BRANCH=none
BUG=b:202397678
TEST=Verified that script works with guybrush image
Change-Id: I7bf31eb0b6ab667b1c3c0e71c2388531bb3f1bc0
Signed-off-by: Robert Zieba <robertzieba@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3820998
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In CL:3788136 the zephyr EC image is renamed from zephyr.bin to ec.bin.
Therefore we don't need to check the existence of zephyr.bin anymore.
BUG=b:239887568
TEST=make runtests -j
BRANCH=none
Cq-Depend: chromium:3788136
Change-Id: Icd82baff93d2019cfd90b982e9c25b45cbf611c3
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3795458
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Yidi Lin <yidilin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make cbfstool_truncate() fail critically on subprocess execution error.
cbfstool is mandatory, so it should always be available.
If subprocess_run(), then either cbfstool is not available, or code is
incorrect, so it should not return.
BUG=none
TEST=make runfutiltests
BRANCH=none
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: I17089d0cc2512a25f25cafe616caa79845a7e078
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3804563
Commit-Queue: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recent discussions have brought us to the conclusion that we probably
want to include the SI_DESC section on Intel mainboards in the GSCVD
verified areas, since it contains soft straps that may affect
pre-coreboot behavior. The problem is that while this section itself
generally doesn't change, it is part of the larger Intel-specific SI_ALL
section that also contains the ME code and data -- which _can_ be
overwritten, so we usually place it in the RW part of the flash. The
section is instead protected from unauthorized software access by
platform-specific mechanisms.
This patch modifies `futility gscvd` so that it will also accept
verification ranges in an SI_ALL region (if it exists), not just in
WP_RO.
BRANCH=none
BUG=none
TEST=Modified coreboot to add SI_DESC range, verified ranges on Joxer.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Iacff931f7cb34a41d3d878eee395b97ba2452c2d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3794950
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
VbExDiskGetInfo and VbDiskFreeInfo are removed. Also, remove
VB2_DISK_FLAG_REMOVABLE and VB2_DISK_FLAG_FIXED since depthcharge
doesn't need them anymore.
BUG=b:172339016
BRANCH=none
TEST=make runtests
TEST=make test-screenshot
TEST=FW_NAME=tomato emerge-cherry depthcharge
Cq-Depend: chromium:3760812
Signed-off-by: Hsin-Te Yuan <yuanhsinte@google.com>
Change-Id: I30d142508992b8c634ab4f919cc1b1b1edb23f14
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3762078
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move VbTryLoadKernel() and VbTryLoadMiniOsKernel() to depthcharge.
In addition, expose LoadKernel() and LoadMiniOsKernel() as
vb2api_load_kernel() and vb2api_load_minos_kernel(), respectively.
Since we remove VbTryLoadKernel() in vb2api_normal_boot(), rename
vb2api_normal_boot() to check_kernel_version() and call it in
vb2api_kernel_finalize().
Also, rename VbSelectAndLoadKernelParams, VbDiskInfo, and
VbExDiskHandle_t as vb2_kernel_params, vb2_disk_info, and
vb2ex_disk_handle_t, respectively.
BUG=b:172339016
BRANCH=none
TEST=make runtests
TEST=FW_NAME=tomato emerge-cherry depthcharge
Cq-Depend: chromium:3758201
Signed-off-by: Hsin-Te Yuan <yuanhsinte@google.com>
Change-Id: Iaf182ca81797fee24c6104dac9d4770ff75c7fb2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3755923
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces a new API named `vb2api_get_fw_boot_info` to get
the FW slot information like tries, current boot slot, previous boot
slot, previous boot status and boot mode.
Additionally, moved the required data structures from 2api.h to newly
created 2info.h file to keep vboot information and inline functions
for coreboot/eventlog usage.
BUG=b:215615970
TEST=Able to compile the Google/Kano board using the emerge command.
Signed-off-by: Subrata Banik <subratabanik@google.com>
Change-Id: Ib3f197c851dc4b445dbf64868c3f9157a4f6c9fe
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3737570
Auto-Submit: Subrata Banik <subratabanik@chromium.org>
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Subrata Banik <subratabanik@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
crrev.com/c/3665477 started using `--unpack` rather than
`--sb_extract` for self-extracting firmware update bundles.
Unfortunately, existing prebuilt artifacts used by signer tests are
old and only support `--sb_extract`, and hence fail with recent
vboot_reference that includes this change.
This change simply reverts the option back to `--sb_extract` for
unpacking self-extracting bundles.
BRANCH=None
BUG=b:179170462
BUG=b:202397678
TEST=unittests
Change-Id: I528346a5d593caba7ca822820b9a38e994f0ea94
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3792485
Commit-Queue: Josh Horwich <jhorwich@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Prameet Shah <phshah@chromium.org>
Tested-by: Josh Horwich <jhorwich@chromium.org>
Auto-Submit: Josh Horwich <jhorwich@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds --keyset option for sign command for BIOS_IMAGE,
RAW_FIRMWARE, RAW_KERNEL and KERN_PREAMBLE file types. The default value
of this option is '/usr/share/vboot/devkeys'. It allows futility to load
public and private keys, and keyblocks from under this path, when they
were not provided manually using their respective options.
Files loaded by default for BIOS_IMAGE and RAW_FIRMWARE:
- ${keysetdir}/firmware_data_key.vbprivk
- ${keysetdir}/firmware.keyblock
- ${keysetdir}/kernel_subkey.vbpubk
Files loaded by default for RAW_KERNEL:
- ${keysetdir}/kernel_data_key.vbprivk
- ${keysetdir}/kernel.keyblock
File loaded by default for KERN_PREAMBLE:
- ${keysetdir}/kernel_data_key.vbprivk
BUG=none
BRANCH=none
TEST=make runfutiltests
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: Ic4026d501d88e0de7d2c6f52c7494c639d08bd15
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3740601
Auto-Submit: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
Tested-by: Jakub Czapiga <czapiga@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `--manifest` (do_manifest) command needs to scan most firmware
images in the archive to build up the right information. That can be ~2s
for a 200MB archive even though we just need the version string. 2s is
usually fast enough for developers when they want to check the archive
contents, but that is too slow if the boot time scripts (for example,
CSME updater) need to collect the information.
As a result, we want to allow overriding how the updater gets the
manifest. For most systems that the firmware archive is created by the
buildbot or the signerbot, the scripts can use "--manifest --fast" to
retrieve the cached JSON manifest file.
BUG=b:238908603
TEST=make; run test
BRANCH=None
Change-Id: I5d7dead4d0a43129fd31dd035aac63deaee42a08
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3775703
Reviewed-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In preparation for moving VbTryLoadKernel to depthcharge, move the
VB2_NV_DISPLAY_REQUEST check from vb2api_normal_boot to
vb2api_kernel_phase2.
BUG=b:172339016
BRANCH=none
TEST=make runtests
Signed-off-by: Hsin-Te Yuan <yuanhsinte@google.com>
Change-Id: I3629d8dbbcaba23220152543ba77558c8bbcdc7b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3752431
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce set_boot_mode to set up the corresponding ctx flags and call
vb2_set_boot_mode to set ctx->boot_mode to be consistent with those
flags.
BUG=none
BRANCH=none
TEST=make runtests
Signed-off-by: Hsin-Te Yuan <yuanhsinte@google.com>
Change-Id: I7020639521af30bcdb6edcfac4c1a5b21ca8815e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3750959
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create tests/common/ to put some common files.
BUG=none
BRANCH=none
TEST=make runtests
Signed-off-by: Hsin-Te Yuan <yuanhsinte@google.com>
Change-Id: I8918b7a1e62d47fca6074ef123e2de6f46f1aa00
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3754814
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We only check COV=1 in `make coverage` before. This will result in
deleting all files in the current working directory if we accidentally
tried `make coverage_init`.
Hide coverage_init and coverage_html if COV is not set.
BUG=none
BRANCH=none
TEST=make coverage_init and see the error message
TEST=make clean && COV=1 make coverage -j
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: I2d22b211b3d9e59d12faa0ab3d1c2ca8433598f7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3747419
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, make coverage is broken due to two issues:
1. The optimization option -O0 ignores the inline specifier in
firmware/2lib/2sha256_x86.c:46 and 52. This will violate the
compile-time constraint "i" and cause a build failure.
Fix this issue by using -Og instead of -O0.
2. The coverage_html requires ${COV_INFO}.* files which are generated in
coverage_init and runtests. We need to add prerequisites to prevent
potential errors while running with "-j".
BUG=none
BRANCH=none
TEST=make clean && COV=1 make coverage -j
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: If1f9de1dbc56f36afead9045c1f95349a5fa156c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3755927
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the hash file of auxfw is not found in the CBFS, VB2_ERROR_UNKNOWN
will be returned from vb2ex_auxfw_check(), causing the device to enter
reboot loop. Similar to how we handle missing ecrw.hash, vb2api_fail()
should be called, so that the device will try to boot from the other
slot, and if the hash is still missing, recovery will be triggered.
Call vb2api_fail() from vb2api_auxfw_sync() using the 3-argument form of
VB2_TRY(). Add a unit test to prevent regression.
BUG=b:237745301
TEST=make run2tests
TEST=emerge-corsola libpayload
BRANCH=none
Change-Id: I789c63b10201bd1852bc087199ec7b226ec85ba8
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3742863
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pass VbSelectAndLoadKernelParams kparams as a function argument instead
of using global variable kparams_ptr. Remove VbSelectAndLoadKernel and
replace its tests with the unit tests for vb2_set_boot_mode,
vb2api_kernel_phase2, vb2api_kernel_finalize, and vb2api_normal_boot.
BUG=b:172339016
BRANCH=none
TEST=make runtests
Cq-Depend: chromium:3731710
Signed-off-by: Hsin-Te Yuan <yuanhsinte@google.com>
Change-Id: I26895ced5e310b2894b9d42d0ad5514d3b0b930a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3731412
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since crrev.com/c/2511121 we no longer use xattrs when using
unsquashfs on the Android system image. A side-effect of this change
is the loss of capabilities for a handful of Android binaries such as
/system/bin/run-as.
This change records the capabilities on the system image and applies
them manually to the output system image.
BUG=b:179170462
BRANCH=None
TEST=unittests
TEST=Locally sign hatch (ARC R) and kevin (ARC P) base images and
verify signed base image's system.raw.img contents
Signed-off-by: Josh Horwich <jhorwich@chromium.org>
Change-Id: Ied824d5ebf7a5139e71341abca810b14e67623e0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3723017
Reviewed-by: Allen Webb <allenwebb@google.com>
Tested-by: Josh Horwich <jhorwich@chromium.org>
Reviewed-by: Prameet Shah <phshah@chromium.org>
Commit-Queue: Josh Horwich <jhorwich@chromium.org>
Reviewed-by: Yury Khmel <khmel@google.com>
Reviewed-by: Yury Khmel <khmel@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=make runtests
BRANCH=none
Signed-off-by: Hsin-Te Yuan <yuanhsinte@google.com>
Change-Id: I406bcf806a6bbe21faa5f069381b73d43a7550b2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3737566
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Hsuan Ting Chen <roccochen@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using enum types in serialized data structures is dangerous, because
their width may depend on compiler settings. This patch changes the data
type for (vb2_context).boot_mode to uint8_t to make sure the struct
layout will be the same in all environments. Since we only defined boot
modes up to 5 for now (and our systems are always little endian), the
structure remains binary compatible with serializations of the previous
version (so no struct version change should be necessary).
BRANCH=none
BUG=none
TEST=make runtests
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I82bc8e665ea51adaaf1f5d94986c22bd62e58bba
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3751833
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Subrata Banik <subratabanik@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch moves the `vb2_fw_result` enum definition from 2nvstorage.h
to 2api.h as 2api.h is the only header file which is getting included
by the vb2_api.h.
The direction is to keep all required data structure needed by coreboot
inside 2api.h only.
The follow-up patch would like to implement a new API which would allow
to get the slot information and vboot logic as part of coreboot will
call into this API to retrieve this info prior storing into the elog
while booting.
BUG=b:215615970
TEST=Able to compile the Google/Kano board using the emerge command.
Signed-off-by: Subrata Banik <subratabanik@google.com>
Change-Id: I35a4d34d1032dbf354b161feb6fcd68221a039a8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3737569
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Auto-Submit: Subrata Banik <subratabanik@chromium.org>
Commit-Queue: Subrata Banik <subratabanik@chromium.org>
Tested-by: Subrata Banik <subratabanik@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
BRANCH=none
Change-Id: Iedbad16be5f9541cb74cc092821b828bd25b12da
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3742864
Commit-Queue: Julius Werner <jwerner@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In vb2api_fw_phase1, use the boot_mode set by vb2_set_boot_mode to
determine whether to initialize display. This fixes the edge case where
VB2_NV_DIAG_REQUEST is set, but vb2api_diagnostic_ui_enabled() is 0.
BUG=none
TEST=make runtests
BRANCH=none
Signed-off-by: Hsin-Te Yuan <yuanhsinte@google.com>
Change-Id: Iecb9f52b056906bcd1d7da324390672adc5112c7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3737563
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch reworks whole BIOS image signing to support images with CBFS,
and with ponly RW/A slot. CBFS images will now be truncated to eliminate
unnecessary empty space, and will sign only the part of firmware area
which contains the data, and not empty space.
This patch also adds more checks for potential errors, and does not
allow for signing incorrect nor uses data from structures, which might
not be valid.
futility sign command tests are also greatly extended to cover a wide
variety of possible errors, which have to be handled correctly.
BUG=b:197114807
TEST=sudo emerge vboot_reference
TEST=build whole chromeos-bootimage after making it and coreboot use
`futility sign --type bios ...`
TEST=make runtests
BRANCH=none
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Cq-Depend: chromium:3707104
Change-Id: I7c84aa38776e8890a87f0e9b7ec7f32d86f82c13
Disallow-Recycled-Builds: test-failures
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3575325
Tested-by: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Auto-Submit: Jakub Czapiga <czapiga@google.com>
Commit-Queue: Jakub Czapiga <czapiga@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extract the middle part of VbSelectAndLoadKernel as vb2api_kernel_phase2
and call it from VbSelectAndLoadKernel. Also, remove vb2_nv_init in
VbSelectAndLoadKernel. Furthermore, publicize vb2_normal_boot as
vb2api_normal_boot in preparation for moving the content of
VbSelectAndLoadKernel to depthcharge. Besides, when NO_BOOT is set,
manual recovery should be disallowed (unless
VB2_GBB_FLAG_FORCE_MANUAL_RECOVERY is set). Therefore, print the NO_BOOT
debug log only for the broken screen case.
BUG=b:172339016
BRANCH=none
TEST=make runtests
Signed-off-by: Hsin-Te Yuan <yuanhsinte@google.com>
Change-Id: I4dc5ee4fb80ecc8c24a992a489c3bf6fe267046d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3720975
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
BRANCH=none
TEST=none
Signed-off-by: Hsin-Te Yuan <yuanhsinte@google.com>
Change-Id: Ia29490c6fb8bf02a98ef09b1d284369802a2b750
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3719468
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Hsuan Ting Chen <roccochen@chromium.org>
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `--repack` is actually broken if invoked from futility updater
because libzip does not support SFX, and can't open an empty file.
The right way to repack is to use the --repack from the wrapper script
(e.g., chromeos-firmwareupdate) that it will call zip directly.
BUG=b:236399204
TEST=make; test
BRANCH=none
Change-Id: I0a88bb9d9f16acb49029626da76e92e78fcd331d
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3721657
Reviewed-by: YH Lin <yueherngl@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the final part of VbSelectAndLoadKernel into vb2api_kernel_finalize
and call vb2api_kernel_finalize at the end of VbSelectAndLoadKernel.
BUG=b:172339016
BRANCH=none
TEST=make runtests
Signed-off-by: Hsin-Te Yuan <yuanhsinte@google.com>
Change-Id: Ieef929f679e4703e6771313cdf34a9959cc1335f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3715882
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
BRANCH=none
TEST=make runtests
Signed-off-by: Jakub Czapiga <czapiga@google.com>
Change-Id: I364ac6ace35705f1cfdaec71297523d4c2132b75
Disallow-Recycled-Builds: test-failures
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3695417
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently there is no script to ensure that AMD PSP flags are set
correctly in a firmware image. This commit adds ensure_amd_psps_flags.sh
to handle that functionality. The script can check that certain flags
are set as well as checking that certain flags are not set.
BRANCH=none
BUG=b:202397678
TEST=Ran script with grunt, zork, MI and skyrim images, verified that
it responds correctly to PSP flag values
Signed-off-by: Robert Zieba <robertzieba@google.com>
Change-Id: Ie0864544b9b97704ee901d893b4d833c1ab068b9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3526100
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
subproccess helpers are only used by flashrom.c at the moment. However we
temporarily need the symbols to bridge the gap with cbfstools/elogtool in
upstream coreboot. Furthmore, there are new additional use-cases for
subproccess in other parts of vboot_reference unrelated to flashrom
directly.
BUG=b:231152447
BRANCH=none
TEST=builds
Change-Id: Id8008eefd46efa329adf76323800bb7646bf922c
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3697856
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit moves `extract_firmware_bundle` into common.sh as this
function is useful for other scripts as well. This commit also updates
this function to use the `--unpack` option as `--sb_extract` is now
deprecated.
BRANCH=none
BUG=b:202397678
TEST=Verified that scripts continue to work as expected
Signed-off-by: Robert Zieba <robertzieba@google.com>
Change-Id: Ib5596968f31a4b3b21fb81877d84b28660824818
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3665477
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With a series of UI callback functions removed from depthcharge (see the
long CL list in Cq-Depend below), now we can remove them from vboot2
API.
BUG=b:172339016
TEST=make runtests -j
TEST=emerge-corsola libpayload depthcharge
BRANCH=none
Cq-Depend: chromium:3581323, chromium:3581320, chromium:3587669
Cq-Depend: chromium:3611670, chromium:3631467, chromium:3631405
Cq-Depend: chromium:3677727, chromium:3681952
Change-Id: Icccaf81b8a6f16780bf68a6f1f3aa01689fc9ed8
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3682754
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adding `*` to OWNERS makes Rubber Stamper not work for cherry-picks, so
we transition to something else. While coreboot and depthcharge
responsibilities are so distributed that it probably still makes sense
to allow the whole firmware team to approve (see CL:3687245 and
CL:3687246), vboot is not as platform-specific and it seems that we
mostly have a tighter group of contributors. Looking at the recent
commits, it seems that pretty much every patch was approved by one of
the existing explicitly-mentioned owners anyway, so I think it makes
sense to reduce ownership to that set. (Note that the scripts/
subdirectory already has its own additional OWNERS file managed by the
infra team, so we don't necessarily need to cover that.)
BRANCH=none
BUG=none
TEST=none
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ib902f4dcf654f00703da8fff831c6a2b9f7e9e0e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3687195
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This feature has not been needed since pre-2012 devices which have long
since reached their end of life. We can safely remove it to simplify the
code.
Also remove ZGB image, as it is no longer needed.
BUG=b:197114807
TEST=sudo FEATURES=test emerge vboot_reference
BRANCH=none
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Cq-Depend: chromium:3650757
Change-Id: I889dc6300c5cb72bdfcb9c2b66d63e97d3f8c862
Disallow-Recycled-Builds: test-failures
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3578968
Commit-Queue: Jakub Czapiga <czapiga@google.com>
Auto-Submit: Jakub Czapiga <czapiga@google.com>
Tested-by: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previous change I5e8b4d848f30f53fae58c721c9b7ddcfbfea9852
was reverted because the check did not pass if the
signing process adds new files to the image.
The new check alerts only when we miss files in the original image.
BUG=b:230434967
BRANCH=None
TEST=Run ./sign_official_build.sh locally
Signed-off-by: Daichi Hirono <hirono@chromium.org>
Change-Id: If8e9eeb9568fefcde92d737b356fa84b865b05c9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3653721
Commit-Queue: Shao-Chuan Lee <shaochuan@chromium.org>
Tested-by: Daichi Hirono <hirono@chromium.org>
Commit-Queue: Daichi Hirono <hirono@chromium.org>
Auto-Submit: Daichi Hirono <hirono@chromium.org>
Reviewed-by: Shao-Chuan Lee <shaochuan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the firmware part of go/deferredupdates.
During autoupdates, it's required to defer firmware cookies (a.k.a. slot
switching) to not try the updated RW firmware. Instead it is deferred
for the values to be updated at a later time, when the actual update
should be applied.
Since there is not a clear communication method between
futility and postinstall+autoupdater, it'll be the case that STATUS will
be used as the IPC for postinstall+autoupdater to determine when to
update firmware cookies w/ a UUID.
```
// autoupdate
localhost ~ # chromeos-firmwareupdate --mode=autoupdate --wp=1
Machine Model: gimble
Write Protect: HW=0 SW=0
Last Boot Version: RO=Google_Gimble.14498.0.0 ACT/B=Google_Gimble.14498.0.0
Firmware Updater: RO=Google_Gimble.14505.93.0 RW=Google_Gimble.14505.93.0
>> Starting firmware updater.
>> Target image: images/bios-gimble.ro-14505-93-0.rw-14505-93-0.bin (RO:Google_Gimble.14505.93.0, RW/A:Google_Gimble.14505.93.0, RW/B:Google_Gimble.14505.93.0).
>> Current system: <sys-flash> (RO:Google_Gimble.14498.0.0, RW/A:Google_Gimble.14505.93.0, RW/B:Google_Gimble.14498.0.0).
>> Write protection: 1 (enabled; HW=1, SW=1).
>> TRY-RW UPDATE: Updating RW_SECTION_A to try on reboot.
>> DONE: Firmware updater exits successfully.
fw_prev_result = trying # [RO/str] Firmware result of previous boot
fw_prev_tried = B # [RO/str] Firmware tried on previous boot (A or B)
fw_result = success # [RW/str] Firmware result this boot
fw_tried = B # [RO/str] Firmware tried this boot (A or B)
fw_try_count = 10 # [RW/int] Number of times to try fw_try_next
fw_try_next = A # [RW/str] Firmware to try next (A or B)
fw_vboot2 = 1 # [RO/int] 1 if firmware was selected by vboot2 or 0 otherwise
fwb_tries = 10 # [RW/int] Try firmware B count
fwid = Google_Gimble.14498.0.0 # [RO/str] Active firmware ID
fwupdate_tries = 0 # [RW/int] Times to try OS firmware update (inside kern_nv)
mainfw_act = B # [RO/str] Active main firmware
// deferupdate HOLD
localhost ~ # chromeos-firmwareupdate --mode=deferupdate_hold --wp=1
Machine Model: gimble
Write Protect: HW=0 SW=0
Last Boot Version: RO=Google_Gimble.14498.0.0 ACT/B=Google_Gimble.14498.0.0
Firmware Updater: RO=Google_Gimble.14505.93.0 RW=Google_Gimble.14505.93.0
>> Starting firmware updater.
>> Target image: images/bios-gimble.ro-14505-93-0.rw-14505-93-0.bin (RO:Google_Gimble.14505.93.0, RW/A:Google_Gimble.14505.93.0, RW/B:Google_Gimble.14505.93.0).
>> Current system: <sys-flash> (RO:Google_Gimble.14498.0.0, RW/A:Google_Gimble.14505.93.0, RW/B:Google_Gimble.14498.0.0).
>> Write protection: 1 (enabled; HW=1, SW=1).
>> TRY-RW UPDATE: Updating RW_SECTION_A to try on reboot.
>> DEFER UPDATE: Defer setting cookies for RW_SECTION_A.
>> DONE: Firmware updater exits successfully.
fw_prev_result = trying # [RO/str] Firmware result of previous boot
fw_prev_tried = B # [RO/str] Firmware tried on previous boot (A or B)
fw_result = success # [RW/str] Firmware result this boot
fw_tried = B # [RO/str] Firmware tried this boot (A or B)
fw_try_count = 0 # [RW/int] Number of times to try fw_try_next
fw_try_next = B # [RW/str] Firmware to try next (A or B)
fw_vboot2 = 1 # [RO/int] 1 if firmware was selected by vboot2 or 0 otherwise
fwb_tries = 0 # [RW/int] Try firmware B count
fwid = Google_Gimble.14498.0.0 # [RO/str] Active firmware ID
fwupdate_tries = 0 # [RW/int] Times to try OS firmware update (inside kern_nv)
mainfw_act = B # [RO/str] Active main firmware
// deferupdate APPLY
localhost ~ # chromeos-firmwareupdate --mode=deferupdate_apply --wp=1
Machine Model: gimble
Write Protect: HW=0 SW=1
Last Boot Version: RO=Google_Gimble.14498.0.0 ACT/B=Google_Gimble.14498.0.0
Firmware Updater: RO=Google_Gimble.14505.106.0 RW=Google_Gimble.14505.106.0
>> Starting firmware updater.
INFO: update_firmware: Apply defer updates, only setting cookies for the next boot slot.
>> DONE: Firmware updater exits successfully.
fw_prev_result = trying # [RO/str] Firmware result of previous boot
fw_prev_tried = B # [RO/str] Firmware tried on previous boot (A or B)
fw_result = success # [RW/str] Firmware result this boot
fw_tried = B # [RO/str] Firmware tried this boot (A or B)
fw_try_count = 10 # [RW/int] Number of times to try fw_try_next
fw_try_next = A # [RW/str] Firmware to try next (A or B)
fw_vboot2 = 1 # [RO/int] 1 if firmware was selected by vboot2 or 0 otherwise
fwb_tries = 10 # [RW/int] Try firmware B count
fwid = Google_Gimble.14498.0.0 # [RO/str] Active firmware ID
fwupdate_tries = 0 # [RW/int] Times to try OS firmware update (inside kern_nv)
mainfw_act = B # [RO/str] Active main firmware
```
BUG=b:232304971
TEST=chromeos-firmwareupdate w/ comment above
BRANCH=None
Signed-off-by: Jae Hoon Kim <kimjae@chromium.org>
Change-Id: Idcfc5864a2cfc2b46a8b936bbab61e3da7c62596
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3661357
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In many places (e.g. go/cros-dlm), we treat GSC board IDs as a 4-letter
ASCII string rather than a hexadecimal number. To relieve people of the
need to manually convert between formats when copy&pasting IDs, this
patch makes the `gscvd` command accept both versions.
BRANCH=none
BUG=b:229015103
TEST=futility gscvd -b GVLR
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I50fa73f5a14d2747c3e1b15e5dc3fbfcb2391f47
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3656349
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce a new vboot context flag VB2_CONTEXT_DISABLE_TPM to indicate
whether TPM should be disabled before jumping to kernel. This allows us
to move the vb2ex_tpm_set_mode(VB2_TPM_MODE_DISABLED) call from vboot to
depthcharge. See CL:3653659 for details.
BUG=b:223662000, b:232743820
TEST=make runtests
TEST=emerge-cherry depthcharge
BRANCH=cherry
Cq-Depend: chromium:3653659
Change-Id: Ie7bcc3c7bf01346a3bc1f9e14b30017a4c3148ac
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3653207
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a new `--add_gbb`/`-G` flag to the `gscvd` command that
can be used as a shorthand option to add the `GBB` FMAP section to the
covered ranges. When adding the GBB, it is important that we exclude the
HWID and HWID digest from the covered ranges, because they can vary
between units and it would be too cumbersome to sign every possible HWID
separately. Figuring out the right ranges to pass that exclude these
individual fields of the structure manually from the build scripts would
be very awkward, so let's add this option here where we can write the
logic cleanly with C code and have all the vboot data structure
definitions readily available.
Also do some minor option parsing cleanups.
BRANCH=none
BUG=b:229015103
TEST=Created GSCVDs with this flag, manually confirmed with a hex editor
that the correct ranges were created.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I3bef5355506d831353afe6f534ae9303334d014c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3653203
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 48532e571bf79f32af972f6096681c11674c3825.
Reason for revert: Stable roll blocked due to unit test failures in platform/signing.
https://ci.chromium.org/ui/p/chromeos/builders/cq/fullcheckout-presubmit/b8813887760837459473/overview
Original change's description:
> signer: Check the list of android image files
>
> BUG=b:230434967
> BRANCH=None
> TEST=Run ./sign_official_build.sh locally
>
> Signed-off-by: Daichi Hirono <hirono@chromium.org>
>
> Change-Id: I5e8b4d848f30f53fae58c721c9b7ddcfbfea9852
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3607891
> Tested-by: Daichi Hirono <hirono@chromium.org>
> Commit-Queue: Daichi Hirono <hirono@chromium.org>
> Reviewed-by: Shao-Chuan Lee <shaochuan@chromium.org>
Bug: b:230434967
Change-Id: I185562d6dcbac4fd30b6dc4c331bd0b1508d58e8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3644484
Commit-Queue: Daichi Hirono <hirono@chromium.org>
Tested-by: Daichi Hirono <hirono@chromium.org>
Reviewed-by: Shao-Chuan Lee <shaochuan@chromium.org>
Auto-Submit: Daichi Hirono <hirono@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The updater_archive has two functions: the implementation of archives,
and the creation of manifest. Since we are having more support of
archives in different format and the logic of manifests is getting more
complicated, so it is better to move the manifest to its own file.
No functional changes, only internal refactoring.
BUG=None
TEST=make; run test
BRANCH=None
Change-Id: I01ff9561583357eac4c6add8a09384f1c4c9d671
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3647407
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The firmware archive files from buildbot are usually released in
tar+bzip2 format. Although the standard format of the archive
(chromeos-firmwareupdate) is ZIP, it is very helpful if the developers
can quickly run the update using the standard tar.bz2 archive files.
BUG=b:230679721
TEST=futility update --manifest -a \
~/Downloads/ChromeOS-firmware-R91-13885.3.0-asurada.tar.bz2
QEMU_LD_PREFIX=/build/cherry qemu-arm /build/cherry/usr/bin/futility \
update --manifest -a \
~/Downloads/ChromeOS-firmware-R91-13885.3.0-asurada.tar.bz2
BRANCH=None
Change-Id: Ibbab2e8226a00e8b5b292293af570eda37b31a8a
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3644540
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename 'struct archive' to 'struct u_archive' as 'updater archive'
so in future we can support libarchive (which needs 'struct archive').
BUG=None
TEST=make; run test
BRANCH=None
Change-Id: Id4e5b425044b6f1e64f504373c264dba05da62f4
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3644539
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adding calls to cbfstool truncate command requires file to be closed and
not mapped to work correctly. This patch reworks file opening and
mapping to make it simpler. It also moves responsibility from main
command runner to command functions to correctly operate on their
input/output files.
BUG=b:197114807
TEST=sudo FEATURES=test emerge vboot_reference
TEST=build and boot while chromeos-bootimage and boot on volteer/voxel
platform
BRANCH=none
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: Iee24fdc43f2a57f54c65f6e55cdd26adf44a0b29
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3575324
Tested-by: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
Auto-Submit: Jakub Czapiga <czapiga@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's require the user of this script to explicitly provide the base
file name of the generated key.
BRANCH=none
BUG=b:221423468
TEST=verified generating the new key in various directories (local and
non local).
Verified that the script fails if the user does not supply the
required key file base name.
Change-Id: Iaf85e5822d06c65ca4b7d51f17579269576e4707
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3630287
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|