| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:265861606
BRANCH=None
TEST=futility gbb --get --flash --flags --hwid --digest --rootkey=/tmp/rootkey --bmpfv=/tmp/bmpfv --recoverykey=/tmp/recoverykey
TEST=futility gbb --get --flags --hwid --digest --rootkey=/tmp/rootkey2 --bmpfv=/tmp/bmpfv2 --recoverykey=/tmp/recoverykey2 /tmp/bios
TEST=diff the above
TEST=confirm that it is quicker (3s vs 26s on one dut)
Change-Id: I398e40a1cc50a6921e0385277fc03d0b7fa7c9b8
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4170147
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow flashrom_read_image to take a parameter to read only a region.
BUG=b:265861606
BRANCH=None
TEST=unit
Change-Id: I835ca341c00b21286721f65c3e009a76753b6628
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4170146
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
flashrom_read_region was attempting to read the fmap from the provided
destination buffer before falling back to the rom with a warning. Then
it would leak the buffer anyway using calloc. This was undocumented
behaviour.
There is only one callsite of this function (futility
manifest_detect_model_from_frid) and it does not use this feature: it
initialises a zeroed firmware_image.
BUG=b:265861606
BRANCH=None
TEST=futility update -a /usr/sbin/chromeos-firmwareupdate --detect-model-only # grunt
Change-Id: I90b4be9b1b22b19c84252425e770e30e4def3a7c
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4170145
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Sam McNally <sammc@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Probing all buses adds 200ms per flashrom interaction in tests using the
dummy programmer.
BUG=b:266014935
TEST=unit tests
BRANCH=None
Change-Id: I83c0c995bfdf057849c2d1f5cc76fa36fdc31407
Signed-off-by: Sam McNally <sammc@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4193608
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
flashrom now respects region permissions rather than ignoring
exit codes. While downstreaming this support we require these
flags to be set to ensure no change in behavior for futility.
It turns out chromeos-firmware-updater will fail on the read
path with,
```
[..]
read_flash: cannot read inside Management Engine region
(0x001000..0x1fffff).
Read operation failed!
ERROR: do_update: Cannot load system active firmware.
```
without skipping regions that cannot actually be read.
BUG=b:260440773
BRANCH=none
TEST=builds
Change-Id: I45a5b81837988fab18b1c392415dffe55ad49822
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4181583
Reviewed-by: Evan Benn <evanbenn@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow user to read a specific region from flash via the read
subcommand.
BUG=b:264974346
BRANCH=none
TEST=`futility read /tmp/bios`
TEST=`futility read --region=GBB /tmp/gbb`
Change-Id: Ibd75f8e67d31bab910a61fb5453ca6e90d41fac3
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4151009
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For devices with some memory training data that is not compatible with
the new flashed firmware (and can't be automatically detected by the new
firmware), we need a way to easily wipe out the existing memory training
data to enforce a retraining at the next boot. This usually happens when
repairing a device (with non-qualified firmware) and should never happen
in the OTA.
BUG=b:255617349
TEST=make; run test
BRANCH=None
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Change-Id: I92befefa6be59da10ca7572e7849ef905f184a5f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4018593
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
futility can modify gbb flags directly now. Add a notice that the
scripts will be removed.
BUG=b:260531154
BRANCH=None
TEST=./get_gbb_flags.sh
Change-Id: I46a9a903c6f2e68f76b71fba4246e85feef9f2e9
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4170143
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a function to convert a gbb flag to the name and description of that
flag. Use this function in cmd_gbb to format a help page and implement
--explicit.
BUG=b:260531154
BRANCH=None
TEST=futility gbb --get /dev/bios -e
TEST=futility gbb --help
Change-Id: I884b6e0e7322128409f8d62d76824d8e6e6ca330
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4161092
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Write the read firmware whether or not it can be parsed as a cros
firmware.
BUG=b:264810939
BRANCH=None
TEST=futility read /dev/null
Change-Id: Ia0fe2a6b9d9250dd05485d2f48c74a33a048ab21
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4158631
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
flashrom now respects region permissions rather than ignoring
exit codes. While downstreaming this support we require these
flags to be set to ensure no change in behavior for futility.
BUG=b:260440773
BRANCH=none
TEST=builds
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: Id54164385d24b3a9f2bf1da8490baf05c4728cf3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4127324
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a command that reads AP firmware to a specified file path.
BUG=b:260531154
BRANCH=None
TEST=FEATURES=test emerge-grunt vboot_reference
TEST=futility read /tmp/bios
TEST=futility read /tmp/bios -p ec
TEST=env SERVOD_NAME=grunt futility read /tmp/bios --servo
Change-Id: I82fe0381b6f61ca4d67a9f5c27353e18ed4abe39
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4075310
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gbb command can read and modify flash in addition to acting on firmware
files.
BUG=b:260531154
BRANCH=None
TEST=FEATURES=test emerge-grunt vboot_reference
TEST=futility gbb -s --flags 0x0 /tmp/bios /tmp/bios2
TEST=futility gbb -g --flash
TEST=futility gbb --set --flash --flags=0x40b9 --flash
TEST=env SERVOD_NAME=grunt futility gbb --get --servo
TEST=env SERVOD_NAME=grunt futility gbb --set --servo --flags=0
Change-Id: I66b008ed7325d125eb305e84185e53eccd243898
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4075311
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updater arguments dealing with flash and servo control will be common
with other commands. Move those to a shared file.
BUG=b:260531154
BRANCH=None
TEST=FEATURES=test emerge-grunt vboot_reference
TEST=futility gbb -s --flags 0x0 /tmp/bios /tmp/bios2
Change-Id: I0a6c992425cf7ca529b3857cfabc654ae2b1be81
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4075308
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add PRESUBMIT.py to prevent people from uploading CLs using `git cl`.
BUG=none
TEST=`git cl upload` failed
BRANCH=none
Change-Id: I1906614093c6135dff1279393e3d79172f41a3c0
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4133838
Commit-Queue: Yidi Lin <yidilin@chromium.org>
Reviewed-by: Yidi Lin <yidilin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lib20/include and lib/cryptolib no longer exist, so remove them from the
include path.
BRANCH=none
BUG=none
TEST=none
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ia5e2893a1aaca6655565315a0e06131906668392
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4128690
Tested-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove the sign_uefi.sh script and call sign_uefi.py instead. This is in
a separate commit from the one adding the Python script in case we need
to revert.
Test command:
platform/vboot_reference/scripts/image_signing/sign_official_build.sh \
base build/images/reven/latest/chromiumos_test_image.bin \
platform/vboot_reference/tests/devkeys \
build/images/reven/latest/chromiumos_test_image.bin.signed
BRANCH=none
BUG=b:261631233
TEST=Run test command above, verify expected files are signed
Change-Id: Icf59b6b1a36acf6332cd6f402ef6072b99c44796
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4083507
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Shell scripts are hard to modify and hard to test, so port sign_uefi.sh
to Python. This is a fairly direct port that attempts to keep all the
behavior the same. In particular, there are no hard errors for missing
EFI/kernel files, or for failing to sign one of those files if it does
exist. It might be good to make the script more strict in the future,
but for now try to match the existing behavior.
Nothing actually calls the new script yet.
Also enable `black_check` in `PRESUBMIT.cfg` to enforce formatting.
BRANCH=none
BUG=b:261631233
TEST=make runtests
TEST=cros lint scripts/image_signing/sign_uefi*.py
Change-Id: I4b9b86607cc403779b0504758dd097b0d7237fef
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4083506
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On new systems, WPSW_BOOT is potentially bogus. The BIOS doesn't set
it so it always reports that the device is _not_ write protected.
Let's print an error log so we have an idea if we ever fall back.
BRANCH=None
BUG=b:249498455, b:254337014
TEST=Force a failure and see the log
Change-Id: Ie741ca9f9f938382ea7e56cfd81bd273dd9bb548
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Disallow-Recycled-Builds: test-failures
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4104708
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to scripts/newbitmaps/README the functionality has moved to
~/chromiumos/src/platform/bmpblk, so drop the related gitignore entries.
BRANCH=None
BUG=None
TEST=None
Change-Id: I38f612202cf956a6fb80e90361d2d788d5d6c998
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4107012
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Detect errors and exit on errors from read_from_file.
BUG=b:260531154
BRANCH=None
TEST=FEATURES=test emerge-grunt vboot_reference
TEST=futility gbb -s --flags 0x0 /tmp/bios /tmp/bios2 --bmp_fv /dev/null
TEST=futility gbb -g /tmp/bios
Change-Id: I1e24342642bcc276c6fb195ebfc95a1393100147
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4099828
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make the error handling logically and visually consistent in the main
switch statement. This makes the cleanup code run in all cases. futility
will also return an error in some error cases that were not handled.
BUG=b:260531154
BRANCH=None
TEST=FEATURES=test emerge-grunt vboot_reference
TEST=futility gbb -s --flags 0x0 /tmp/bios /tmp/bios2
TEST=futility gbb -g /tmp/bios
Change-Id: I28c956959022cd3cb68aa476b81c0851d76c8739
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4099827
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:260531154
BRANCH=None
TEST=FEATURES=test emerge-grunt vboot_reference
TEST=futility gbb -s --flags 0x0 /tmp/bios /tmp/bios2
Change-Id: Ib3bd54c81a66da8839bd46b7b4cd57277af4d0f9
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4075309
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:260531154
BRANCH=None
TEST=FEATURES=test emerge-grunt vboot_reference
TEST=futility gbb -s --flags 0x0 /tmp/bios /tmp/bios2
Change-Id: I92dc87acdd7f0efcb034ee1151fcae0651e80f6f
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4075307
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All AP RO verification platform keys must be signed by the same AP RO
verification root key, this is why the root key pair needs to be
created only once, and used for signing key blocks for all PreMP AP RO
verification platform keys.
This patch adds make_arv_root.sh, a script for generating the root
key, and modifies create_new_keys.sh to use the single root key for
signing all generated platform keys.
By default the root key is placed at the top of the root key
directory, from which all key creation scripts are invoked. It is
possible to specify the desired path for the root key to both
make_arv_root.sh and create_new_keys.sh.
Note that the keyset generated for each board still needs to include
the AP RO verification root public key, added explicit copying.
BRANCH=none
BUG=b:299965578
TEST=ran the following commands in ./scripts:
$ mkdir keys
$ cd keys
$ ../keygeneration/make_arv_root.sh
$ ../keygeneration/create_new_keys.sh --output Nissa
This resulted in creation of directory ./scripts/keys/Nissa with
all generated keys and the AP RO verification root public key copy.
Then ran sign_official_build.sh using Nissa recovery image and the
keys/Nissa directory as inputs, observed successful AP firmware
signing, including signing of RO_GSCVD sections.
Then successfully ran ./tests/futility/test_gscvd.sh
Change-Id: Ic024ccdcdcb751be677934bf559c40b2826c714e
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4058180
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When updating with --archive and a non-host programmer (and thus no
reliable crosid to discover the appropriate firmware manifest key), and
no explicit --model parameter is passed, try to detect the model by
matching the FRID of the current firmware with one of the host firmware
images in the archive.
Add a --detect-model-only flag to perform the same matching, but report
the detected model name and exit. This can be used in combination with
the manifest to automatically select an appropriate EC image to pass to
flash_ec.
BUG=b:253966060
TEST=futility update -a firmware.tar.bz2 --servo
BRANCH=None
Signed-off-by: Sam McNally <sammc@chromium.org>
Change-Id: I25fa0f109d0d8052179b220251d4720438b93bc4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3965584
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the error recording from a global to checking the function return
code. The function can then be moved to another translation unit.
BUG=b:260531154
BRANCH=None
TEST=FEATURES=test emerge-grunt vboot_reference
TEST=futility gbb -s --flags 0x0 /tmp/bios /tmp/bios2
Change-Id: I7a2d35471f55d557e707568d0981b1d8cbbc6a19
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4082790
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
errno was being printed and then errno was returned from the function.
This can be incorrect if the print function changes errno. Instead store
errno, print and return the same value.
BUG=b:260531154
BRANCH=None
TEST=FEATURES=test emerge-grunt vboot_reference
TEST=futility gbb -s --flags 0x0 /tmp/bios /tmp/bios2
Change-Id: I5016ac31e56c4a0f16f89a2a52087ba64833d28a
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4075306
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Returning errno when there was no libc error was wrong. Return -1.
No one checks the error from this function anyway.
BUG=b:260531154
BRANCH=None
TEST=FEATURES=test emerge-grunt vboot_reference
TEST=futility gbb -s --flags 0x0 /tmp/bios /tmp/bios2
Change-Id: Ib91e0917fc1e33a4a95b3874639c3e2fcc5dd1df
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4075305
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add VB2_RECOVERY_RW_VENDOR_BLOB_VERIFICATION reason to indicate failure
during RW vendor blob verification.
BUG=b:242825052
BRANCH=None
TEST=Build Skyrim BIOS image and boot to OS.
Change-Id: I401131d8b55f8c72813ae8773ad2bb57070898c1
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4090066
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With provision to report previous boots failures (ref CB:70382),
NV storage might already be initialized before verstage_main() runs.
Hence update vb2_nv_init to return early if NV storage is already
initialized.
BUG=None
BRANCH=None
TEST=Build and boot to OS in Skyrim.
Change-Id: I8052a44eed5741b15bff7ba8af290acdc68d33cb
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4064426
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently when failures are reported before a slot is selected, vboot
directly requests for recovery. Add a new API to report previous boot
failure before a slot is selected. This will allow coreboot verstage to
report any failures that happened in the previous boot such that
verified boot can select the appropriate FW slot instead of booting into
recovery mode directly.
BUG=b:242825052
BRANCH=None
TEST=Build Skyrim BIOS image. Run the unit test built for this API. Boot
to OS in Skyrim. Corrupt certain sections in flashmap and report boot
failures and ensured that vboot selected the appropriate FW slot.
Change-Id: I3b1fe8e28fc754919cd4067eeed5029e7dbae7a4
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4064425
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This sleep function is only used in depthcharge/ui and can be replaced
by calling mdelay() directly.
BUG=b:251372002
BRANCH=none
TEST=FW_NAME=dojo emerge-cherry depthcharge
TEST=(vboot_reference) make run2tests
TEST=(depthcharge) make clean-unit-tests && make unit-tests -j
TEST=(depthcharge) make clean-screenshot && make test-screenshot -j
Cq-Depend: chromium:4054185
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: Ib54c72595298090656f8018ac58e0ef68aac1a5f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4053907
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using --emulation with a bundled updater, the presence of EC or PD
firmware images causes the check_single_image condition to fail, since
EC and PD programmers are not supported by --emulation. Treat
--emulation the same as --host_only for deciding what images to load.
BUG=b:259347347
TEST=firmware_UpdaterModes on xivu
BRANCH=None
Change-Id: I07549e01107edff26b66d5afe5c0e5b325ff996f
Signed-off-by: Sam McNally <sammc@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4066244
Tested-by: Frank Wu <frank_wu@compal.corp-partner.google.com>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Frank Wu <frank_wu@compal.corp-partner.google.com>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sometimes we want to know if someone disable rootfs verification
on DUT, but we have no evidence in logs.
This CL modify make_dev_ssd.sh, for logging the operations and
the parameters passed to the script in /var/log/messages when
the device is changing itself.
It can help us checking:
1. The operartions done by executing make_dev_sdd.sh
2. Whether someone disable rootfs verification.
3. The time when the rootfs verification was disabled.
BUG=b:140709784
TEST=manual test on TOMATO DUT
Change-Id: I8140e13b0e74a9b2a084954c5153e528045d7c7e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4022414
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: LIU KUAN-FU <iamjeffliu@google.com>
Commit-Queue: LIU KUAN-FU <iamjeffliu@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The linking process during the installation phase of this package
breaks if you compile with make USE_FLASHROM=0. A new conditional has
been added to the make file that prevents utility/crossystem from
compiling if USE_FLASHROM is either not set or set to the number 0.
BUG=b:256682063
TEST=cros_run_unit_tests --board amd64-generic --packages vboot_reference
TEST=env USE="test -flashrom" emerge-amd64-generic vboot_reference
TEST=env USE="-flashrom" emerge-amd64-generic vboot_reference
BRANCH=none
Signed-off-by: Nobel Barakat nobelbarakat@google.com
Change-Id: Ia8cdd24653fdb74c9bb5f4de86b7711b138299cf
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4045302
Commit-Queue: Nobel Barakat <nobelbarakat@google.com>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Nobel Barakat <nobelbarakat@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GBB flags contents are ignored when AP RO ranges hash is calculated.
The embedded verification will succeed only if the flags are cleared,
but the command line tool should not fail because of nonzero GBB
flags.
This patch adds add additional pass when validating to see if
validation succeeds with GBB flags zeroed.
Also adding a debug printout to allow the user to see ranges covered
by the signature when validating an image and modifying the tests to
accommodate passing when GBB flags are non-zero.
BRANCH=none
BUG=none
TEST=successfully validated AP RO signature with the same image with
and without cleared gbb flags. When checking the image with
nonzero flags the 'Ranges digest matches with zeroed GBB flags'
warning message is printed.
invoking 'make runtests' succeeds.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I3e38924f14697a3efd058286f9579d89e5161910
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4049934
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sign_official_build.sh script uses the presence of the AP RO
verification keys as the indicator that AP RO verification signing is
required. But it is possible to have they keys created, but the AP
firmware image still not have the RO_GSCVD section in FMAP.
Using the presence of RO_GSVD section is a more reliable indicator of
the need to sign for AP RO verification. Let's use it and fail the
signer if the section is present, but the AP RO signing keys are not
found in the keys directory.
BRANCH=none
BUG=b:259965578
TEST=removed the generated arv_root key and tried signing an image
requiring AP RO verification signing, observed the script
terminate with error reporting the missing key
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I4ad3272fb62a91154458d3b770b2c91a2beffc5b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4045049
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a lot of duplication between logging futility invocations and
actual invocations, this copy and paste can easily get out of sync.
This patch removes the duplication.
Also capitalizing 'BIOS' in log messages.
BRANCH=none
BUG=none
TEST=collected logs of invocation this script for signing a nivviks
image, logs before and after are identical modulo temp
file/directory names.
Change-Id: Ic5def05bbe39b1e0534ffd53446bbd2a486d6976
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4043440
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The preserve_me applies for all non-factory updates for firmware with
the quirk enabled. It was only really intended to apply to firmware
updates during autoupdates, that is --mode=autoupdate. Instead, we
checked for an archive, which is always set, possibly a fallback
directory archive rather than an archive file, resulting in it being
used except for --mode=factory. Switch the condition to TRY_UPDATE_AUTO
instead so only --mode=autoupdate enables the preserve_me quirk.
BUG=b:255447297
TEST=futility update -i /tmp/image.bin doesn't apply the quirk
futility update -i /tmp/image.bin -m autoupdate applies the quirk
BRANCH=None
Change-Id: I7459f027a918dc70cbde1bfc6f5da2b549bcc513
Signed-off-by: Sam McNally <sammc@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4050014
Reviewed-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default make target 'all' should depend on either ${UTIL_FILES_SDK}
or ${UTIL_FILES_BOARD}. However, these variables are defined after the
'all' rule, so they actually evaluate to empty strings. This causes the
utility files such as 'crossystem' to be missing. The bug was introduced
by CL:3299836.
Fortunately, these files are also dependencies of the 'install' target.
Therefore this bug doesn't lead to any problem for the vboot_reference
package, because the utilities will be built in src_install().
BUG=none
TEST=make clean && make all -j8 && make install DESTDIR=./install
TEST=make run2tests -j
BRANCH=none
Change-Id: I0abb320e38f17fead373ba44521f3db5346add65
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4045570
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to add an additional layer of protection against accidental
releasing of prod signed images with dev public keys and hashes for
which private keys are not secret.
The blobs of the keys and hashes to avoid are available in the Ti50
tarball, this patch adds a check and fails the signing process each
time the prohibited blob is found in the Ti50 binary.
BRANCH=none
BUG=b:254059627
TEST=invoked the script to sign Ti50 images built with and without
'ALLOW_AP_RO_DEV_SIGNING_KEY=1 TI50_DEV=1' defined, Observed
signer failure when signing the image with either variable
defined, reporting the presence of the appropriate blob.
Change-Id: I8497e749807f862f6d20cf33cad4657008a6372a
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4032539
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Allen Webb <allenwebb@google.com>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 87663c3bef0f6b198945cf3eb83632f461a5d6f8.
The parent CL to this commit should be sufficient to resolve the
failure that prevented "crossystem board_id" on ARM from working.
Original change's description:
> crossystem: Add board_id property
>
> futility is one of a few places in ChromeOS that uses "mosys platform
> version". The goal is to remove this command from mosys.
>
> This commit adds a new property to crossystem, "board_id", which
> reads the board revision from SMBIOS/FDT, and replaces the call in
> futility with the appropriate VbGetSystemPropertyInt.
>
> BUG=b:187790074
> BRANCH=none
> TEST="crossystem board_id" on hana and brya
>
> Change-Id: Id69c8e309c0e509a165aa6da2778573ac7de3455
> Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4029537
> Reviewed-by: Julius Werner <jwerner@chromium.org>
BUG=b:187790074
BRANCH=none
TEST="crossystem board_id" on hana and brya
Change-Id: I37b4c622e3c1d294b5be8e0d98ef14175902acc3
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4045047
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hard-coding to /proc/device-tree/firmware/chromeos won't let us read
device-tree properties outside of /firmware/chromeos.
The follow-on CL reads from /firmware/coreboot.
BUG=b:187790074
BRANCH=none
TEST=CQ passes
Change-Id: I752aa5a1e20db1dad7f2508852c7a1c982a4bcb4
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4045046
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit db1b34f559fdbf5584b57007da43e4dddda43c6a.
Reason for revert: seems to break scarlet - b/259702907
Original change's description:
> crossystem: Add board_id property
>
> futility is one of a few places in ChromeOS that uses "mosys platform
> version". The goal is to remove this command from mosys.
>
> This commit adds a new property to crossystem, "board_id", which
> reads the board revision from SMBIOS/FDT, and replaces the call in
> futility with the appropriate VbGetSystemPropertyInt.
>
> BUG=b:187790074
> BRANCH=none
> TEST="crossystem board_id" on hana and brya
>
> Change-Id: Id69c8e309c0e509a165aa6da2778573ac7de3455
> Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4029537
> Reviewed-by: Julius Werner <jwerner@chromium.org>
Bug: b:187790074, b:259702907
Change-Id: Ibdc2525d6f395e2ef63354d36ca02b71543e8079
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4038443
Commit-Queue: Jack Rosenthal <jrosenth@chromium.org>
Tested-by: Jack Rosenthal <jrosenth@chromium.org>
Commit-Queue: Brian Norris <briannorris@chromium.org>
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Owners-Override: Jack Rosenthal <jrosenth@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cbfstool uses tab instead of space, and because of that current
code does not work correctly with metadata hash images. Changing
space to tab in pattern fixes the issue.
BRANCH=none
BUG=b:259153966,b:197114807
TEST=build bootimage for volteer/voxel
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: Iab6ab56927a6bea9275eda4a5bad1ad73b779a69
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4030402
Commit-Queue: Jakub Czapiga <czapiga@google.com>
Tested-by: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
futility is one of a few places in ChromeOS that uses "mosys platform
version". The goal is to remove this command from mosys.
This commit adds a new property to crossystem, "board_id", which
reads the board revision from SMBIOS/FDT, and replaces the call in
futility with the appropriate VbGetSystemPropertyInt.
BUG=b:187790074
BRANCH=none
TEST="crossystem board_id" on hana and brya
Change-Id: Id69c8e309c0e509a165aa6da2778573ac7de3455
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4029537
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The region parameter to flashrom_read_image() is essentially unusable in
isolation since it reads just the requested region into a buffer sized
to the entire flash, at the offset of the region within the flash.
Remove its unused region parameter and split the functionality of
requesting a region into flashrom_read_region() which stores just the
requested region into a buffer sized to the region.
BUG=b:253966060
TEST=futility update --detect-model -a <archive> works as expected
BRANCH=None
Signed-off-by: Sam McNally <sammc@chromium.org>
Change-Id: Ibf6c152dd42fbc99c1742fb077bc6aa35feeed08
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3965583
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
futility update --emulate and flashrom's dummy programmer serve similar
purposes - both provide support for using a file instead of a real ROM.
The current --emulate implementation involves special-casing before
interacting with flashrom and pre-filling in the current image contents;
an appropriately-configured dummy programmer and unmodified flashrom
interactions could accomplish the same outcome with a more centralised
handling of --emulate. Other --emulate interactions mock out
non-flashrom interactions, so need to continue handling --emulate
specially for now.
Switch --emulate to use the dummy programmer. Add an extra field to
store the original programmer option for deciding on whether the apply
the preserve_me quirk.
BUG=b:253966060
TEST=unit tests
BRANCH=None
Signed-off-by: Sam McNally <sammc@chromium.org>
Change-Id: I687749523f54edcb9dd41cfc85614949b9d6607a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3965582
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most of AP firmware images do not include the RO_GSCVD section and are
not supposed to be signed for AP RO verification.
The presence of AP RO verification keys (files prefixed with arv_...)
can be considered an indicator of the need to sign the RO_GSCVD
section.
This patch adds logic to skip signing of AP RO in case the appropriate
signing keys are not present.
BRANCH=none
BUG=b:247645824, cros:1382709
TEST=ran sign_official_build.sh to re-sign a Nissa test tarball,
observed successful completion with log messages confirming
RO_GSCVD signing.
then removed tests/devkeys/arv_root.vbpubk and ran the script
again, observed successful completion and log messages
confirming skipping AP RO verification signing.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Iee5a2adcceb7ecc86f48d7c56755cc10405e5eed
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4024432
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|