| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lib20/include and lib/cryptolib no longer exist, so remove them from the
include path.
BRANCH=none
BUG=none
TEST=none
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ia5e2893a1aaca6655565315a0e06131906668392
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4128690
Tested-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove the sign_uefi.sh script and call sign_uefi.py instead. This is in
a separate commit from the one adding the Python script in case we need
to revert.
Test command:
platform/vboot_reference/scripts/image_signing/sign_official_build.sh \
base build/images/reven/latest/chromiumos_test_image.bin \
platform/vboot_reference/tests/devkeys \
build/images/reven/latest/chromiumos_test_image.bin.signed
BRANCH=none
BUG=b:261631233
TEST=Run test command above, verify expected files are signed
Change-Id: Icf59b6b1a36acf6332cd6f402ef6072b99c44796
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4083507
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Shell scripts are hard to modify and hard to test, so port sign_uefi.sh
to Python. This is a fairly direct port that attempts to keep all the
behavior the same. In particular, there are no hard errors for missing
EFI/kernel files, or for failing to sign one of those files if it does
exist. It might be good to make the script more strict in the future,
but for now try to match the existing behavior.
Nothing actually calls the new script yet.
Also enable `black_check` in `PRESUBMIT.cfg` to enforce formatting.
BRANCH=none
BUG=b:261631233
TEST=make runtests
TEST=cros lint scripts/image_signing/sign_uefi*.py
Change-Id: I4b9b86607cc403779b0504758dd097b0d7237fef
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4083506
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On new systems, WPSW_BOOT is potentially bogus. The BIOS doesn't set
it so it always reports that the device is _not_ write protected.
Let's print an error log so we have an idea if we ever fall back.
BRANCH=None
BUG=b:249498455, b:254337014
TEST=Force a failure and see the log
Change-Id: Ie741ca9f9f938382ea7e56cfd81bd273dd9bb548
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Disallow-Recycled-Builds: test-failures
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4104708
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to scripts/newbitmaps/README the functionality has moved to
~/chromiumos/src/platform/bmpblk, so drop the related gitignore entries.
BRANCH=None
BUG=None
TEST=None
Change-Id: I38f612202cf956a6fb80e90361d2d788d5d6c998
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4107012
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Detect errors and exit on errors from read_from_file.
BUG=b:260531154
BRANCH=None
TEST=FEATURES=test emerge-grunt vboot_reference
TEST=futility gbb -s --flags 0x0 /tmp/bios /tmp/bios2 --bmp_fv /dev/null
TEST=futility gbb -g /tmp/bios
Change-Id: I1e24342642bcc276c6fb195ebfc95a1393100147
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4099828
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make the error handling logically and visually consistent in the main
switch statement. This makes the cleanup code run in all cases. futility
will also return an error in some error cases that were not handled.
BUG=b:260531154
BRANCH=None
TEST=FEATURES=test emerge-grunt vboot_reference
TEST=futility gbb -s --flags 0x0 /tmp/bios /tmp/bios2
TEST=futility gbb -g /tmp/bios
Change-Id: I28c956959022cd3cb68aa476b81c0851d76c8739
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4099827
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:260531154
BRANCH=None
TEST=FEATURES=test emerge-grunt vboot_reference
TEST=futility gbb -s --flags 0x0 /tmp/bios /tmp/bios2
Change-Id: Ib3bd54c81a66da8839bd46b7b4cd57277af4d0f9
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4075309
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:260531154
BRANCH=None
TEST=FEATURES=test emerge-grunt vboot_reference
TEST=futility gbb -s --flags 0x0 /tmp/bios /tmp/bios2
Change-Id: I92dc87acdd7f0efcb034ee1151fcae0651e80f6f
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4075307
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All AP RO verification platform keys must be signed by the same AP RO
verification root key, this is why the root key pair needs to be
created only once, and used for signing key blocks for all PreMP AP RO
verification platform keys.
This patch adds make_arv_root.sh, a script for generating the root
key, and modifies create_new_keys.sh to use the single root key for
signing all generated platform keys.
By default the root key is placed at the top of the root key
directory, from which all key creation scripts are invoked. It is
possible to specify the desired path for the root key to both
make_arv_root.sh and create_new_keys.sh.
Note that the keyset generated for each board still needs to include
the AP RO verification root public key, added explicit copying.
BRANCH=none
BUG=b:299965578
TEST=ran the following commands in ./scripts:
$ mkdir keys
$ cd keys
$ ../keygeneration/make_arv_root.sh
$ ../keygeneration/create_new_keys.sh --output Nissa
This resulted in creation of directory ./scripts/keys/Nissa with
all generated keys and the AP RO verification root public key copy.
Then ran sign_official_build.sh using Nissa recovery image and the
keys/Nissa directory as inputs, observed successful AP firmware
signing, including signing of RO_GSCVD sections.
Then successfully ran ./tests/futility/test_gscvd.sh
Change-Id: Ic024ccdcdcb751be677934bf559c40b2826c714e
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4058180
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When updating with --archive and a non-host programmer (and thus no
reliable crosid to discover the appropriate firmware manifest key), and
no explicit --model parameter is passed, try to detect the model by
matching the FRID of the current firmware with one of the host firmware
images in the archive.
Add a --detect-model-only flag to perform the same matching, but report
the detected model name and exit. This can be used in combination with
the manifest to automatically select an appropriate EC image to pass to
flash_ec.
BUG=b:253966060
TEST=futility update -a firmware.tar.bz2 --servo
BRANCH=None
Signed-off-by: Sam McNally <sammc@chromium.org>
Change-Id: I25fa0f109d0d8052179b220251d4720438b93bc4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3965584
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the error recording from a global to checking the function return
code. The function can then be moved to another translation unit.
BUG=b:260531154
BRANCH=None
TEST=FEATURES=test emerge-grunt vboot_reference
TEST=futility gbb -s --flags 0x0 /tmp/bios /tmp/bios2
Change-Id: I7a2d35471f55d557e707568d0981b1d8cbbc6a19
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4082790
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
errno was being printed and then errno was returned from the function.
This can be incorrect if the print function changes errno. Instead store
errno, print and return the same value.
BUG=b:260531154
BRANCH=None
TEST=FEATURES=test emerge-grunt vboot_reference
TEST=futility gbb -s --flags 0x0 /tmp/bios /tmp/bios2
Change-Id: I5016ac31e56c4a0f16f89a2a52087ba64833d28a
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4075306
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Returning errno when there was no libc error was wrong. Return -1.
No one checks the error from this function anyway.
BUG=b:260531154
BRANCH=None
TEST=FEATURES=test emerge-grunt vboot_reference
TEST=futility gbb -s --flags 0x0 /tmp/bios /tmp/bios2
Change-Id: Ib91e0917fc1e33a4a95b3874639c3e2fcc5dd1df
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4075305
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add VB2_RECOVERY_RW_VENDOR_BLOB_VERIFICATION reason to indicate failure
during RW vendor blob verification.
BUG=b:242825052
BRANCH=None
TEST=Build Skyrim BIOS image and boot to OS.
Change-Id: I401131d8b55f8c72813ae8773ad2bb57070898c1
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4090066
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With provision to report previous boots failures (ref CB:70382),
NV storage might already be initialized before verstage_main() runs.
Hence update vb2_nv_init to return early if NV storage is already
initialized.
BUG=None
BRANCH=None
TEST=Build and boot to OS in Skyrim.
Change-Id: I8052a44eed5741b15bff7ba8af290acdc68d33cb
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4064426
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently when failures are reported before a slot is selected, vboot
directly requests for recovery. Add a new API to report previous boot
failure before a slot is selected. This will allow coreboot verstage to
report any failures that happened in the previous boot such that
verified boot can select the appropriate FW slot instead of booting into
recovery mode directly.
BUG=b:242825052
BRANCH=None
TEST=Build Skyrim BIOS image. Run the unit test built for this API. Boot
to OS in Skyrim. Corrupt certain sections in flashmap and report boot
failures and ensured that vboot selected the appropriate FW slot.
Change-Id: I3b1fe8e28fc754919cd4067eeed5029e7dbae7a4
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4064425
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This sleep function is only used in depthcharge/ui and can be replaced
by calling mdelay() directly.
BUG=b:251372002
BRANCH=none
TEST=FW_NAME=dojo emerge-cherry depthcharge
TEST=(vboot_reference) make run2tests
TEST=(depthcharge) make clean-unit-tests && make unit-tests -j
TEST=(depthcharge) make clean-screenshot && make test-screenshot -j
Cq-Depend: chromium:4054185
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: Ib54c72595298090656f8018ac58e0ef68aac1a5f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4053907
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using --emulation with a bundled updater, the presence of EC or PD
firmware images causes the check_single_image condition to fail, since
EC and PD programmers are not supported by --emulation. Treat
--emulation the same as --host_only for deciding what images to load.
BUG=b:259347347
TEST=firmware_UpdaterModes on xivu
BRANCH=None
Change-Id: I07549e01107edff26b66d5afe5c0e5b325ff996f
Signed-off-by: Sam McNally <sammc@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4066244
Tested-by: Frank Wu <frank_wu@compal.corp-partner.google.com>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Frank Wu <frank_wu@compal.corp-partner.google.com>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sometimes we want to know if someone disable rootfs verification
on DUT, but we have no evidence in logs.
This CL modify make_dev_ssd.sh, for logging the operations and
the parameters passed to the script in /var/log/messages when
the device is changing itself.
It can help us checking:
1. The operartions done by executing make_dev_sdd.sh
2. Whether someone disable rootfs verification.
3. The time when the rootfs verification was disabled.
BUG=b:140709784
TEST=manual test on TOMATO DUT
Change-Id: I8140e13b0e74a9b2a084954c5153e528045d7c7e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4022414
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: LIU KUAN-FU <iamjeffliu@google.com>
Commit-Queue: LIU KUAN-FU <iamjeffliu@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The linking process during the installation phase of this package
breaks if you compile with make USE_FLASHROM=0. A new conditional has
been added to the make file that prevents utility/crossystem from
compiling if USE_FLASHROM is either not set or set to the number 0.
BUG=b:256682063
TEST=cros_run_unit_tests --board amd64-generic --packages vboot_reference
TEST=env USE="test -flashrom" emerge-amd64-generic vboot_reference
TEST=env USE="-flashrom" emerge-amd64-generic vboot_reference
BRANCH=none
Signed-off-by: Nobel Barakat nobelbarakat@google.com
Change-Id: Ia8cdd24653fdb74c9bb5f4de86b7711b138299cf
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4045302
Commit-Queue: Nobel Barakat <nobelbarakat@google.com>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Nobel Barakat <nobelbarakat@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GBB flags contents are ignored when AP RO ranges hash is calculated.
The embedded verification will succeed only if the flags are cleared,
but the command line tool should not fail because of nonzero GBB
flags.
This patch adds add additional pass when validating to see if
validation succeeds with GBB flags zeroed.
Also adding a debug printout to allow the user to see ranges covered
by the signature when validating an image and modifying the tests to
accommodate passing when GBB flags are non-zero.
BRANCH=none
BUG=none
TEST=successfully validated AP RO signature with the same image with
and without cleared gbb flags. When checking the image with
nonzero flags the 'Ranges digest matches with zeroed GBB flags'
warning message is printed.
invoking 'make runtests' succeeds.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I3e38924f14697a3efd058286f9579d89e5161910
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4049934
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sign_official_build.sh script uses the presence of the AP RO
verification keys as the indicator that AP RO verification signing is
required. But it is possible to have they keys created, but the AP
firmware image still not have the RO_GSCVD section in FMAP.
Using the presence of RO_GSVD section is a more reliable indicator of
the need to sign for AP RO verification. Let's use it and fail the
signer if the section is present, but the AP RO signing keys are not
found in the keys directory.
BRANCH=none
BUG=b:259965578
TEST=removed the generated arv_root key and tried signing an image
requiring AP RO verification signing, observed the script
terminate with error reporting the missing key
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I4ad3272fb62a91154458d3b770b2c91a2beffc5b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4045049
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a lot of duplication between logging futility invocations and
actual invocations, this copy and paste can easily get out of sync.
This patch removes the duplication.
Also capitalizing 'BIOS' in log messages.
BRANCH=none
BUG=none
TEST=collected logs of invocation this script for signing a nivviks
image, logs before and after are identical modulo temp
file/directory names.
Change-Id: Ic5def05bbe39b1e0534ffd53446bbd2a486d6976
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4043440
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The preserve_me applies for all non-factory updates for firmware with
the quirk enabled. It was only really intended to apply to firmware
updates during autoupdates, that is --mode=autoupdate. Instead, we
checked for an archive, which is always set, possibly a fallback
directory archive rather than an archive file, resulting in it being
used except for --mode=factory. Switch the condition to TRY_UPDATE_AUTO
instead so only --mode=autoupdate enables the preserve_me quirk.
BUG=b:255447297
TEST=futility update -i /tmp/image.bin doesn't apply the quirk
futility update -i /tmp/image.bin -m autoupdate applies the quirk
BRANCH=None
Change-Id: I7459f027a918dc70cbde1bfc6f5da2b549bcc513
Signed-off-by: Sam McNally <sammc@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4050014
Reviewed-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default make target 'all' should depend on either ${UTIL_FILES_SDK}
or ${UTIL_FILES_BOARD}. However, these variables are defined after the
'all' rule, so they actually evaluate to empty strings. This causes the
utility files such as 'crossystem' to be missing. The bug was introduced
by CL:3299836.
Fortunately, these files are also dependencies of the 'install' target.
Therefore this bug doesn't lead to any problem for the vboot_reference
package, because the utilities will be built in src_install().
BUG=none
TEST=make clean && make all -j8 && make install DESTDIR=./install
TEST=make run2tests -j
BRANCH=none
Change-Id: I0abb320e38f17fead373ba44521f3db5346add65
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4045570
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to add an additional layer of protection against accidental
releasing of prod signed images with dev public keys and hashes for
which private keys are not secret.
The blobs of the keys and hashes to avoid are available in the Ti50
tarball, this patch adds a check and fails the signing process each
time the prohibited blob is found in the Ti50 binary.
BRANCH=none
BUG=b:254059627
TEST=invoked the script to sign Ti50 images built with and without
'ALLOW_AP_RO_DEV_SIGNING_KEY=1 TI50_DEV=1' defined, Observed
signer failure when signing the image with either variable
defined, reporting the presence of the appropriate blob.
Change-Id: I8497e749807f862f6d20cf33cad4657008a6372a
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4032539
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Allen Webb <allenwebb@google.com>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 87663c3bef0f6b198945cf3eb83632f461a5d6f8.
The parent CL to this commit should be sufficient to resolve the
failure that prevented "crossystem board_id" on ARM from working.
Original change's description:
> crossystem: Add board_id property
>
> futility is one of a few places in ChromeOS that uses "mosys platform
> version". The goal is to remove this command from mosys.
>
> This commit adds a new property to crossystem, "board_id", which
> reads the board revision from SMBIOS/FDT, and replaces the call in
> futility with the appropriate VbGetSystemPropertyInt.
>
> BUG=b:187790074
> BRANCH=none
> TEST="crossystem board_id" on hana and brya
>
> Change-Id: Id69c8e309c0e509a165aa6da2778573ac7de3455
> Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4029537
> Reviewed-by: Julius Werner <jwerner@chromium.org>
BUG=b:187790074
BRANCH=none
TEST="crossystem board_id" on hana and brya
Change-Id: I37b4c622e3c1d294b5be8e0d98ef14175902acc3
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4045047
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hard-coding to /proc/device-tree/firmware/chromeos won't let us read
device-tree properties outside of /firmware/chromeos.
The follow-on CL reads from /firmware/coreboot.
BUG=b:187790074
BRANCH=none
TEST=CQ passes
Change-Id: I752aa5a1e20db1dad7f2508852c7a1c982a4bcb4
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4045046
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit db1b34f559fdbf5584b57007da43e4dddda43c6a.
Reason for revert: seems to break scarlet - b/259702907
Original change's description:
> crossystem: Add board_id property
>
> futility is one of a few places in ChromeOS that uses "mosys platform
> version". The goal is to remove this command from mosys.
>
> This commit adds a new property to crossystem, "board_id", which
> reads the board revision from SMBIOS/FDT, and replaces the call in
> futility with the appropriate VbGetSystemPropertyInt.
>
> BUG=b:187790074
> BRANCH=none
> TEST="crossystem board_id" on hana and brya
>
> Change-Id: Id69c8e309c0e509a165aa6da2778573ac7de3455
> Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4029537
> Reviewed-by: Julius Werner <jwerner@chromium.org>
Bug: b:187790074, b:259702907
Change-Id: Ibdc2525d6f395e2ef63354d36ca02b71543e8079
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4038443
Commit-Queue: Jack Rosenthal <jrosenth@chromium.org>
Tested-by: Jack Rosenthal <jrosenth@chromium.org>
Commit-Queue: Brian Norris <briannorris@chromium.org>
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Owners-Override: Jack Rosenthal <jrosenth@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cbfstool uses tab instead of space, and because of that current
code does not work correctly with metadata hash images. Changing
space to tab in pattern fixes the issue.
BRANCH=none
BUG=b:259153966,b:197114807
TEST=build bootimage for volteer/voxel
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: Iab6ab56927a6bea9275eda4a5bad1ad73b779a69
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4030402
Commit-Queue: Jakub Czapiga <czapiga@google.com>
Tested-by: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
futility is one of a few places in ChromeOS that uses "mosys platform
version". The goal is to remove this command from mosys.
This commit adds a new property to crossystem, "board_id", which
reads the board revision from SMBIOS/FDT, and replaces the call in
futility with the appropriate VbGetSystemPropertyInt.
BUG=b:187790074
BRANCH=none
TEST="crossystem board_id" on hana and brya
Change-Id: Id69c8e309c0e509a165aa6da2778573ac7de3455
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4029537
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The region parameter to flashrom_read_image() is essentially unusable in
isolation since it reads just the requested region into a buffer sized
to the entire flash, at the offset of the region within the flash.
Remove its unused region parameter and split the functionality of
requesting a region into flashrom_read_region() which stores just the
requested region into a buffer sized to the region.
BUG=b:253966060
TEST=futility update --detect-model -a <archive> works as expected
BRANCH=None
Signed-off-by: Sam McNally <sammc@chromium.org>
Change-Id: Ibf6c152dd42fbc99c1742fb077bc6aa35feeed08
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3965583
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
futility update --emulate and flashrom's dummy programmer serve similar
purposes - both provide support for using a file instead of a real ROM.
The current --emulate implementation involves special-casing before
interacting with flashrom and pre-filling in the current image contents;
an appropriately-configured dummy programmer and unmodified flashrom
interactions could accomplish the same outcome with a more centralised
handling of --emulate. Other --emulate interactions mock out
non-flashrom interactions, so need to continue handling --emulate
specially for now.
Switch --emulate to use the dummy programmer. Add an extra field to
store the original programmer option for deciding on whether the apply
the preserve_me quirk.
BUG=b:253966060
TEST=unit tests
BRANCH=None
Signed-off-by: Sam McNally <sammc@chromium.org>
Change-Id: I687749523f54edcb9dd41cfc85614949b9d6607a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3965582
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most of AP firmware images do not include the RO_GSCVD section and are
not supposed to be signed for AP RO verification.
The presence of AP RO verification keys (files prefixed with arv_...)
can be considered an indicator of the need to sign the RO_GSCVD
section.
This patch adds logic to skip signing of AP RO in case the appropriate
signing keys are not present.
BRANCH=none
BUG=b:247645824, cros:1382709
TEST=ran sign_official_build.sh to re-sign a Nissa test tarball,
observed successful completion with log messages confirming
RO_GSCVD signing.
then removed tests/devkeys/arv_root.vbpubk and ran the script
again, observed successful completion and log messages
confirming skipping AP RO verification signing.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Iee5a2adcceb7ecc86f48d7c56755cc10405e5eed
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4024432
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
BRANCH=none
TEST=make runtests -j8
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Disallow-Recycled-Builds: test-failures
Change-Id: I9c22627410836906a84c387377facc778dd77f3b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3986523
Tested-by: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Jakub Czapiga <czapiga@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This doesn't use "mosys platform model" anymore, update the comment
text.
BUG=b:187790074
BRANCH=none
TEST=none
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Change-Id: I8ee427a0f26f386d319bb12a9f64be70ecbb9761
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3995400
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Servo v2 is deprecated, so we should change the default servo programmer
to the servo micro/C2D2 programmer (raiden_debug_spi).
BUG=b:256007307,b:256048551
TEST=make; run tests
BRANCH=None
Change-Id: Ie42d79ed2b7bd664dfdf01f4631665bac23040f2
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3989704
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When signing AP RO images, in cases when signer_config.csv manifest
includes the brand code column add a futility invocation to sign the
RO_GSCVD section of the image. If the <path to unpacked>/keyset
directory is found, save the gscvd.<model> blob in that directory.
BRANCH=none
BUG=b:247652363
TEST=built ChromeOS test image for Nissa, then invoked
$ scripts/image_signing/sign_official_build.sh \
base \
~/trunk/src/build/images/nissa/latest/chromiumos_test_image.bin \
tests/devkeys \
/tmp/signed.bin
and observed 'futility gscvd' invocation in the log.
Cq-Depend: 3954963
Change-Id: I55cec75794560662ed2cfb2dac7f44d972a8571f
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3935034
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove the qemu logic from the Makefile. Document the RUNTEST, BUILD_RUN
and SRC_RUN variables. Ensure those variables are used consistently
throughout the Makefile and test scripts.
BUG=b:231084609
BRANCH=None
TEST=FEATURES=test emerge vboot_reference
TEST=FEATURES=test emerge-amd64-generic vboot_reference
TEST=FEATURES=test emerge-hatch coreboot
TEST=(coreboot upstream with this patch) make all
TEST=make BUILD=build1 runtests
TEST=make BUILD=build2 RUNTEST=env runtests
Cq-Depend: chromium:3934904
Change-Id: Ifd18463d681bedbf7464165f2df0181474b36791
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3831828
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix coreboot standalone build by initializing body_c in show_fw_preamble_buf.
BUG=b:254014539
Signed-off-by: Selma Bensaid <selma.bensaid@intel.com>
Change-Id: I963a1e8556b36302d455710d4561fc8460c44405
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3961988
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Jakub Czapiga <czapiga@google.com>
Tested-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is still being debated who is supposed to make sure that the GBB
flags are set to zero before the root of trust validation is granted
to the AP firmware image, but as of today the approach is that the GBB
flags must be zero at AP RO validation time.
The problem is that when AP RO space signature is created GBB flags
can be set to a non-zero value.
With this patch when AP RO areas contents is hashed, in case GBB flags
are included in one of the ranges, the flags are not read from the
flash, and substituted with zero.
During validation the real flags value is used. A unit test is added
to verify various futility gscvd GBB related situations, the blobs for
the unit test were extracted from a Nivviks firmware image.
BRANCH=none
BUG=b:245799496, b:253540670
TEST='./tests/futility/test_gscvd.sh' and 'make runfutiltests' succeed
Change-Id: I2f047b990cf71ea24d191fc690da08e25ebb10cc
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3958581
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Separate GBB discovery into a function and cache GBB information in
the ap_firmware_file structure for future use.
BRANCH=none
BUG=b:245799496
TEST=ran the following command
./build/futility/futility gscvd -G -R 00000000:00001000 \
--keyblock tests/devkeys/arv_platform.keyblock \
--platform_priv tests/devkeys/arv_platform.vbprivk \
--board_id XYZ1 \
--root_pub_key tests/devkeys/arv_root.vbpubk "${BIOS_FILE}"
using 'futility' compiled before and after this patch was applied,
verified that the resulting file is the same.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I3ab59536cfa75a303be3e9271d9b44b1de851f5c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3958580
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To support the "futility update" ability to put together firmware
images for different targets, the pre-signed RO_GSCVD sections need to
be included in the firmware tarball.
This patch adds a command line option which will make 'futilty gscvd'
save the signed section in a local file for inclusion in the tarball.
BRANCH=none
BUG=b:245799496
TEST=verified that passing the --gscvd_out command line option results
in creating a file with the RO_GSCVD section contents, identical
to the section in the signed binary file.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Id4a75c74ad1e27c11a6005472708730b8051f036
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3954963
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Compare fwid with firmware installer manifest to see if they mismatch,
then report the result to UMA.
BUG=b:211005753
TEST=Manual test
BRANCH=None
Signed-off-by: Yuanpeng Ni <yuanpengni@chromium.org>
Change-Id: Id5ed7ad95f4f5439d30fdad9314e8e2b317834ab
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3960435
Reviewed-by: Jae Hoon Kim <kimjae@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a noop change making reading the code a little easier, avoid
naming variable the same as the function name.
BRANCH=none
BUG=none
TEST='make futil' still succeeds
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I5b5d742aa5463160207f05f6c19c20754e538813
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3954469
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
BRANCH=none
TEST=make runtests
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: If93a65ba58c4973d4b344229c7ee26685395bbbf
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3964274
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Jakub Czapiga <czapiga@google.com>
Tested-by: Jakub Czapiga <czapiga@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
firmware/lib/tpm_lite/include/tpm_error_messages.h had DOS (CRLF) line
endings. This patch changes them to UNIX (LF) and also fixes other
style warnings and errors reported by pre-upload repo hook.
BUG=none
BRANCH=none
TEST=make runtests
Signed-off-by: Jakub Czapiga <czapiga@google.com>
Change-Id: Ic9f177fb00e1bd942585211f2ed33a4e386f864d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3966174
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out that if two processes try to read the same GPIO at the
same time that one of them will fail because the GPIO is
"busy".
This is really by design of the kernel's GPIO API. In order to read a
value, each userspace process "requests" control of the GPIO and then
queries it. There doesn't appear to be any way to "wait" for a GPIO
that's been requested by someone else--we just need to wait a bit and
try again later. ...so that's what we'll do.
Without this patch, if you run the following script on a
write-protected sc7180-trogdor class device in two shells at the same
time:
old_val=""
while true; do
val=$(crossystem wpsw_cur)
if [[ "${val}" != "${old_val}" ]]; then
echo "$(date): ${old_val} => ${val}"
old_val="${val}"
fi
done
Then you'll see stuff like this:
GPIO_GET_LINEHANDLE_IOCTL: Device or resource busy
Tue Oct 18 11:34:01 PDT 2022: 1 => 0
Tue Oct 18 11:34:01 PDT 2022: 0 => 1
GPIO_GET_LINEHANDLE_IOCTL: Device or resource busy
Tue Oct 18 11:34:01 PDT 2022: 1 => 0
Tue Oct 18 11:34:01 PDT 2022: 0 => 1
The 0 actually comes from the fact that crossystem falls back to
`GetVdatInt(VDAT_INT_HW_WPSW_BOOT)` if it fails to read the GPIO and
that value isn't initted to anything on trogdor (VDAT_INT_HW_WPSW_BOOT
is deprecated and not populated on trogdor).
It is postulated that the above problem is causing some parts of the
system to get confused about the write protect state of devices.
BRANCH=none
BUG=b:249498455
TEST=Run script in CL commit message and see no errors
Change-Id: I307cdb4e290c27694690a19af60f4697ee0233e4
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3963985
Reviewed-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To migrate the archive manifest generation from `setvars.sh` to
`signer_config.csv`, we have to find the patch files (rootkey.*,
vblock_?.*, gscvd.*) in the signer_config manifest builder.
Also updated the comments for how the signer_config works.
BUG=b:251040363
TEST=make; run test
BRANCH=None
Change-Id: I6e30b7fc55fda2b24f7809a8f2215bb9af1117af
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3937843
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
