| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some commands like 'cros ap flash' may pass '-p host' to the futility
updater, making the updater consider itself running in the remote DUT
mode.
Other futility commands sharing the flash arguments (e.g.,
handle_flash_argument) work on files by default and only do flashing if
'-p' is specified, but that is not the case for the updater. So we
should double check the programmer before deciding the DUT type.
BUG=b:271115449
TEST=FEATURES=test emerge vboot_reference
BRANCH=None
Change-Id: I5be6e4382acffced0ef9cd94f6ede9e9d3fe2efa
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4300000
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
(cherry picked from commit b0cdc1e898de15bf818a27ec4610d771253188bc)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4358601
Commit-Queue: Isaac Lee <isaaclee@google.com>
Tested-by: Isaac Lee <isaaclee@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It maybe the case that the caller wishes to not clobber
the current flags set and merely just OR on the new bits.
BUG=b:270074866
TEST=```
# futility gbb --flash --get --flags
# futility gbb --flash --set --flags=(+|-)0x1
# futility gbb --flash --get --flags
as expected.
```
Change-Id: Ibd56dff986d2075b7b220c531e66b224d488b6e6
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4273505
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Sam McNally <sammc@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Emit a warning and continue when OpenSSL is newer than expected. The
chroot still uses an older version.
This was broken by:
0ca7a9e4 ("firmware: host: futility: Add CBFS metadata hash support")
BUG=b:245993083, b:246328810, b:197114807
BRANCH=none
TEST=make -C ~/cosarm/src/platform/vboot_reference/ USE_FLASHROM=0
See that the errors become warnings and the build completes
Change-Id: Id4e25e4ebad1d9ae1f6ee5425b3e6fe3cbd5d5e5
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4241424
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For commands such as `futility gbb --set --flags=0x140`, futility first
reads the GBB section from the flash, modifies the section, and then
writes back the section to the flash. The write, however, requires
another search of the FMAP section, in order to locate the GBB section
in the flash.
This unnecessary search can be avoided by reading the FMAP section
together with the GBB section. The FMAP data will be stored in the image
buffer, so that the FMAP layout can be retrieved directly from the
buffer for subsequent writes.
This will also prevent the misleading warnings from showing up:
Failed to read fmap from buffer.
WARNING: flashrom_write_image: could not read fmap from image, r=1,
falling back to read from rom
BUG=b:260531154
TEST=emerge-corsola vboot_reference
TEST=make runtests
TEST=No warnings and errors were shown with
`futility gbb --set --flash --flags=0x140`
BRANCH=none
Change-Id: I50029ae5d9c5ecb347f47e980e7c3b772ecc0f18
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4251504
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Similar to CL:3490388, support flashrom read for multiple regions.
BUG=b:260531154
TEST=emerge-corsola vboot_reference
BRANCH=none
Change-Id: I1f75832f882004e879bc299be6862db089c2b71d
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4251503
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Older Intel DUT's have a ME in "locked" mode in the descriptor
and while the write_flash() attempts to write back to flash
to a specific region it needs to read the FMAP to obtain the
region name. This read overlaps with the "locked" region and
thus the following is observed in logs:
```
FREG2: Management Engine region (0x00001000-0x001fffff) is locked.
[..]
read_flash: cannot read inside Management Engine region (0x001000..0x1fffff).
```
BUG=b:269199980
TEST=builds.
Change-Id: If7bebf28cd4d34cc4074700184233c83edbd2409
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4248344
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Sam McNally <sammc@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the futility command in the removal notice message, by adding the
missing `--flash` option.
BUG=b:260531154
TEST=Ran set_gbb_flags.sh
BRANCH=none
Change-Id: Ic1846929661a47c40b65e67ea76f776493ee2d9c
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4251505
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Matthew Blecker <matthewb@chromium.org>
Reviewed-by: Matthew Blecker <matthewb@chromium.org>
Reviewed-by: Alexandru Stan <amstan@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previous versions of bindgen used --blacklist-type, newer versions
of bindgen use --blocklist-type. This change updates our build
script to use the new spelling.
BRANCH=none
BUG=b:264938287
TEST=emerge-amd64-generic dev-rust/vboot_reference-sys
Change-Id: I15bf4591177af89693d9f02fd3ec2a3c27c92cbb
Signed-off-by: Bob Haarman <inglorion@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4250779
Reviewed-by: Allen Webb <allenwebb@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pre-submit hooks pointed out several unnecessary borrows in the build
script. This fixes those.
BRANCH=none
BUG=None
TEST=cq
Change-Id: I92987004db3573084fa91db3b72f09b7b7327cfb
Signed-off-by: Bob Haarman <inglorion@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4250778
Reviewed-by: Allen Webb <allenwebb@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following CPU exception when enabling ARMV8_CRYPTO_EXT.
[DEBUG] exception _sync_sp_el0
[DEBUG] ELR = 0x000000000025f390 ESR = 0x96000010
[DEBUG] FAR = 0x000000000c000000 SPSR = 0x2000000c
[DEBUG] X00 = 0x000000000026cf20 X01 = 0x000000000bffffe0
[DEBUG] X02 = 0x00000000ffd042de X03 = 0xffffffffffffffff
[DEBUG] X04 = 0x000000000026cf88 X05 = 0x0000000000054ff8
[DEBUG] X06 = 0x0000000000000002 X07 = 0x000000000000000a
[DEBUG] X08 = 0x000000000025f5f0 X09 = 0x000000000026cf30
[DEBUG] X10 = 0x000000000010b4ee X11 = 0x00000000000001fc
[DEBUG] X12 = 0x0000000000000080 X13 = 0x0000000000125110
[DEBUG] X14 = 0x0000000000124f10 X15 = 0x0000000000125310
[DEBUG] X16 = 0x0000000000267580 X17 = 0x749ffa8d9d5f02ca
[DEBUG] X18 = 0x0000000000125110 X19 = 0x0000000000000000
[DEBUG] X20 = 0x000000000026cf20 X21 = 0x000000000010b760
[DEBUG] X22 = 0x000000000026cf48 X23 = 0x0000000000000000
[DEBUG] X24 = 0x0000000000000000 X25 = 0x00000000000a3800
[DEBUG] X26 = 0x000000000026c970 X27 = 0x000000000026c802
[DEBUG] X28 = 0x0000000000000000 X29 = 0x0000000000000000
[DEBUG] X30 = 0x000000000025f1e0 SP = 0x000000000010b650
The issue happens when the buffer size processed by
`vb2ex_hwcrypto_digest_extend` is equal to VB2_SHA256_BLOCK_SIZE.
`vb2_sha256_transform_hwcrypto` is called twice in
`vb2ex_hwcrypto_digest_extend`. The first call processes the whole
buffer. The second call still processes the buffer even if
`remaining_blocks` is equal to 0. This causes `block_nb`(see X02)
underflow in the assembly code. Then ld1 instruction accesses an
unexpected memory address(see X01) and raises CPU exception.
Fix the issue by checking `block_nb` value before calling to
`sha256_ce_transform`.
BRANCH=corsola
BUG=b:263514393
TEST=flash image-geralt*.bin and no CPU exception raised
Change-Id: I9b74d60413b3cc571950e15c0d2b901bc4063385
Signed-off-by: Yidi Lin <yidilin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4242678
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Silence all current instances of "SC2001 (style): See if you can use
${variable//search/replace} instead." Replacing complicated `sed` calls
without tests in place would likely lead to mistakes, so leave them
alone for now. The lint is not disabled globally though, so new uses can
still be flagged.
BRANCH=none
BUG=None
TEST=cros lint scripts/image_signing/sign_official_build.sh
TEST=scripts/image_signing/sign_official_build.sh recovery \
TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.bin
TEST= tests/devkeys
TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.signed
Change-Id: I228e78033f891ee09db40b937b4d7a7750de8c18
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4245621
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix all instances of "SC2046 (warning): Quote this to prevent word
splitting."
BRANCH=none
BUG=None
TEST=cros lint scripts/image_signing/sign_official_build.sh
TEST=scripts/image_signing/sign_official_build.sh recovery \
TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.bin
TEST= tests/devkeys
TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.signed
Change-Id: I46a7f3ed0b65e930e7fb95cd97954377a9a09e20
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4245620
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix all instances of "SC2005 (style): Useless echo? Instead of 'echo
$(cmd)', just use 'cmd'."
BRANCH=none
BUG=None
TEST=cros lint scripts/image_signing/sign_official_build.sh
TEST=scripts/image_signing/sign_official_build.sh recovery \
TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.bin
TEST= tests/devkeys
TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.signed
Change-Id: Ia11a30187cb79077aeee4c626dc41de9bee5a12b
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4245619
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Detect if we are going to update a remote DUT (by checking if the flash
parameter has been changed), and ignore all the local system properties
if needed.
This should help 'updating a Chromebook from a Chromebox via servo' to
behave the same as updating from a non-ChromeOS Linux desktop.
BUG=b:247428499,b:255617349
TEST=make; run test
BRANCH=None
Change-Id: I4aa0e98efa21179708d8b593fc619b7f7b65f418
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4181582
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Jeffrey Kardatzke <jkardatzke@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To support local and remote DUTs, we need to always pass the updater
configuration (including flash programmer information) for DUT related
calls.
No functional changes but this is required for DUT detection in the
future.
BUG=b:247428499,b:255617349
TEST=make; run test
BRANCH=None
Change-Id: I91bdc95f3073d1e94030246790db83645fbd63ac
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4235306
Auto-Submit: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove quirks defined for boards derived from rambi, storm, strago, and
veyron. Also updated reference design names for the derived platforms.
BUG=None
TEST=make; run test
BRANCH=None
Change-Id: I71f391cc7ef7ceff8ae6a93be599390910aba20c
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4235305
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
As CL:4211436 mentioned, all vboot1 boards are now AUE and it is time to
drop vboot1 logic to simplify the updater.
BUG=b:124141368,b:172342538
TEST=make; run test
BRANCH=None
Change-Id: Ice445158abd2b6465dad7cade10ce88b46d3c981
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4235302
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From b:255617349#comment133, the --wp-* commands should work with any
servo, including servo-micro; so we should pass the right DUT programmer
(e.g., cfg->image.programmer) instead of PROG_HOST when
retrieving software write protection status (WPSW).
BUG=b:255617349
TEST=make; run test
BRANCH=None
Change-Id: Iff5a105da8bed06bbd714a72a7d06d2b64b3dcd4
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4235303
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When developers (or the lab) runs 'futility update' on a Chromebox to
update a remote DUT connected via servo, the updater will incorrectly
recognize the Chromebox as the 'host' = 'system' = 'DUT', selecting
wrong config and setting wrong cookies.
To fix that, we want to isolate and refactor how we identify and access
'host' and 'DUT'. The first step is to rename and move the 'system
property' related functions to 'dut properties' in the `updater_dut.c`.
No functional changes in this patch.
Only renamed functions and moved the implementation to different places.
BUG=b:247428499,b:255617349
TEST=make; run test
BRANCH=None
Change-Id: I5c1f9bb67a14fbcdd80958597290a2789f4c2dac
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4181581
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix all instances of "SC2250 (style): Prefer putting braces around
variable references even when not strictly required."
BRANCH=none
BUG=None
TEST=cros lint scripts/image_signing/sign_official_build.sh
TEST=scripts/image_signing/sign_official_build.sh recovery \
TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.bin
TEST= tests/devkeys
TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.signed
Change-Id: I94bf368cad1d970e44ba16ed21cad48c13b5b9fb
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4237838
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix all instances of "SC2248 (style): Prefer double quoting even when
variables don't contain special characters."
BRANCH=none
BUG=None
TEST=cros lint scripts/image_signing/sign_official_build.sh
TEST=scripts/image_signing/sign_official_build.sh recovery \
TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.bin
TEST= tests/devkeys
TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.signed
Change-Id: I1240fc581aa82c78f60b347f5d885fffbef3130c
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4237837
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix all instances of "SC2086 (info): Double quote to prevent globbing
and word splitting."
BRANCH=none
BUG=None
TEST=cros lint scripts/image_signing/sign_official_build.sh
TEST=scripts/image_signing/sign_official_build.sh recovery \
TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.bin
TEST= tests/devkeys
TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.signed
Change-Id: Ia28dfea7d4f7ecfc6ac587f85d6ced78c937a59a
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4237836
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix all instances of "SC2155 (warning): Declare and assign separately to
avoid masking return values."
BRANCH=none
BUG=None
TEST=cros lint scripts/image_signing/sign_official_build.sh
TEST=scripts/image_signing/sign_official_build.sh recovery \
TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.bin
TEST= tests/devkeys
TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.signed
Change-Id: I789cb55821af5a5fc161c5de871fbf806df2bb3f
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4237835
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=None
BUG=None
TEST=`repo upload` still works
Change-Id: I844bb2b92b9b2aca53c8d312f83757542932fe98
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4241937
Commit-Queue: Julius Werner <jwerner@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the shell script implementation of explicit with the futility
implementation.
BUG=b:260531154
BRANCH=None
TEST=get_gbb_flag.sh -e --file=/tmp/bios
Change-Id: I6f9079152e0e1e2d1a4f462bb2661ef4e8273c75
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4161093
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
futility gbb can now read and write from flash or file.
BUG=b:260531154
BRANCH=None
TEST=SERVOD_NAME=damu get_gbb_flags.sh -e --servo
TEST=get_gbb_flags.sh -e
TEST=get_gbb_flags.sh -e --file /tmp/bios
TEST=set_gbb_flags.sh 0x0
TEST=set_gbb_flags.sh 0x0 --servo
TEST=set_gbb_flags.sh 0x0 /tmp/bios
Change-Id: I5cc1a893171195c09f7363b3e99f676806049d0d
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4161091
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reven generates recovery images for use with the ChromeOS Recovery
Utility. Since those images are used to install Reven, they should be
signed like base images rather than recovery images (i.e. kern-a/root-a
should be signed with the normal key, not the recovery key).
With our current boot stack this difference doesn't actually matter
since it boots with the kernel image on the ESP, but with crdyboot we'll
boot with the ChromeOS kernel partitions, so they need to be signed
correctly.
BRANCH=none
BUG=b:256621033
TEST=USE=crdyboot build_packages
TEST=build_image
TEST=platform/vboot_reference/scripts/image_signing/sign_official_build.sh
TEST= recovery build/images/reven/latest/chromiumos_image.bin
TEST= platform/vboot_reference/tests/devkeys
TEST= build/images/reven/latest/chromiumos_image.bin.signed
TEST=Boot in a UEFI VM
Change-Id: Ie3f6dd829a8bc15eeffc1d7fe1fc07e14cb30ef0
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4206908
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new get_is_reven() function which uses get_board_from_lsb_release()
to determine the board name. This replaces a glob check against the
KEY_DIR with an exact string match to prevent future accidents (e.g. if
a key set named "Revenator" was added), and also checking against the
board name makes local testing easier (since the test devkeys can be
used without copying to a new "Reven" directory).
Also removed a todo about getting "is reven?" from a config in the
signing repo. The linked bug is closed, and the TODO is 16 months
old now so it's probably fine as-is.
BRANCH=none
BUG=b:256621033
TEST=platform/vboot_reference/scripts/image_signing/sign_official_build.sh
TEST= recovery build/images/reven/latest/chromiumos_image.bin
TEST= platform/vboot_reference/tests/devkeys
TEST= build/images/reven/latest/chromiumos_image.bin.signed
Change-Id: I3586b607447b0f55a4a253d9a4d9c7212889c7d6
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4206907
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Copy sha256_armv8a_ce_a64.S from [1] and make some small changes to make
it fit in vboot_reference build environment.
With this CL, the boot time gets 126ms improvement on Tentacruel.
The `vboot kernel verification` is reduced to 12ms.
[1]
https://github.com/OP-TEE/optee_os/blob/master/core/arch/arm/crypto/sha256_armv8a_ce_a64.S
BRANCH=corsola
BUG=b:263514393
TEST=make install_dut_test; ./build/tests/vb2_sha256_x86_tests
TEST=check `cbmem -t` on Tentacruel
Change-Id: Ic9abeae9687b2162d7ddadd46111ec20f34e771c
Signed-off-by: Yidi Lin <yidilin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4170144
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To address the case where the signer could be modifying the original
contents of the board name by adding the release stage, check for
presence of the base board name in the string instead of checking for
exact matcn.
BRANCH=none
BUG=b:263378945
TEST=attempted local signing, observed expected messages in the output
log.
Change-Id: Idddd33cdbbc91497bfbc94b3757adb0f24f1a1f0
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4228431
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Tim Van Patten <timvp@google.com>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Guybrush firmware archive pinned to ChromeOS firmware releases
starting with 108 includes the uninitialized RO_GSCVD section, which
causes signer failures.
Fixing and qualifying the firmware is going to take a long time, as a
workaround this patch adds a check for the keyset name, and does not
attempt AP RO signing in case the keyset name includes the string
'guybrush', case insensitive.
BRANCH=none
BUG=b:263378945
TEST=downloaded a ChromeOS guybrush recovery image
hromeOS-recovery-R108-15183.72.0-guybrush.tar.xz, extracted the
binary and attempted to sign it by running
./scripts/image_signing/sign_official_build.sh base \
<path to>/recovery_image.bin ./test/devkeys /tmp/signed
observed the expected message on the console:
"Not looking for RO_GSCVD on guygrush, b/263378945"
as well as successful firmware singing.
The same invocation before this patch is applied is failing.
Also verified that when singing a Nissa recovery image the AP RO
verification section is signed as expected.
Change-Id: Ifd93e3ebc8fc35e2ba29c7a364767e4414df051d
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4217481
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a new keygeneration script that can be used to replace
the recovery key from an existing key set, but preserved the old key as
a secondary recovery_key.v1. All dependent kernel data keys are
regenerated, but we will create both keyblocks signed by the new and the
old recovery key. This is useful in cases where we want newly produced
devices to use a different recovery key that will no longer boot older
images, but still give older boards already shipped with the old
recovery key a chance to boot new recovery images built after that point
(if they have been dual-signed).
BRANCH=none
BUG=b:266371047
TEST=Created new keyset, ran the script, manually reviewed newly created
keys.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Id240c26815cc6ee883315a65e788c68e1a0549e4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4195518
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:265861606
BRANCH=None
TEST=futility gbb --get --flash --flags --hwid --digest --rootkey=/tmp/rootkey --bmpfv=/tmp/bmpfv --recoverykey=/tmp/recoverykey
TEST=futility gbb --get --flags --hwid --digest --rootkey=/tmp/rootkey2 --bmpfv=/tmp/bmpfv2 --recoverykey=/tmp/recoverykey2 /tmp/bios
TEST=diff the above
TEST=confirm that it is quicker (3s vs 26s on one dut)
Change-Id: I398e40a1cc50a6921e0385277fc03d0b7fa7c9b8
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4170147
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow flashrom_read_image to take a parameter to read only a region.
BUG=b:265861606
BRANCH=None
TEST=unit
Change-Id: I835ca341c00b21286721f65c3e009a76753b6628
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4170146
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
flashrom_read_region was attempting to read the fmap from the provided
destination buffer before falling back to the rom with a warning. Then
it would leak the buffer anyway using calloc. This was undocumented
behaviour.
There is only one callsite of this function (futility
manifest_detect_model_from_frid) and it does not use this feature: it
initialises a zeroed firmware_image.
BUG=b:265861606
BRANCH=None
TEST=futility update -a /usr/sbin/chromeos-firmwareupdate --detect-model-only # grunt
Change-Id: I90b4be9b1b22b19c84252425e770e30e4def3a7c
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4170145
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Sam McNally <sammc@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Probing all buses adds 200ms per flashrom interaction in tests using the
dummy programmer.
BUG=b:266014935
TEST=unit tests
BRANCH=None
Change-Id: I83c0c995bfdf057849c2d1f5cc76fa36fdc31407
Signed-off-by: Sam McNally <sammc@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4193608
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
flashrom now respects region permissions rather than ignoring
exit codes. While downstreaming this support we require these
flags to be set to ensure no change in behavior for futility.
It turns out chromeos-firmware-updater will fail on the read
path with,
```
[..]
read_flash: cannot read inside Management Engine region
(0x001000..0x1fffff).
Read operation failed!
ERROR: do_update: Cannot load system active firmware.
```
without skipping regions that cannot actually be read.
BUG=b:260440773
BRANCH=none
TEST=builds
Change-Id: I45a5b81837988fab18b1c392415dffe55ad49822
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4181583
Reviewed-by: Evan Benn <evanbenn@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow user to read a specific region from flash via the read
subcommand.
BUG=b:264974346
BRANCH=none
TEST=`futility read /tmp/bios`
TEST=`futility read --region=GBB /tmp/gbb`
Change-Id: Ibd75f8e67d31bab910a61fb5453ca6e90d41fac3
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4151009
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For devices with some memory training data that is not compatible with
the new flashed firmware (and can't be automatically detected by the new
firmware), we need a way to easily wipe out the existing memory training
data to enforce a retraining at the next boot. This usually happens when
repairing a device (with non-qualified firmware) and should never happen
in the OTA.
BUG=b:255617349
TEST=make; run test
BRANCH=None
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Change-Id: I92befefa6be59da10ca7572e7849ef905f184a5f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4018593
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
futility can modify gbb flags directly now. Add a notice that the
scripts will be removed.
BUG=b:260531154
BRANCH=None
TEST=./get_gbb_flags.sh
Change-Id: I46a9a903c6f2e68f76b71fba4246e85feef9f2e9
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4170143
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a function to convert a gbb flag to the name and description of that
flag. Use this function in cmd_gbb to format a help page and implement
--explicit.
BUG=b:260531154
BRANCH=None
TEST=futility gbb --get /dev/bios -e
TEST=futility gbb --help
Change-Id: I884b6e0e7322128409f8d62d76824d8e6e6ca330
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4161092
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Write the read firmware whether or not it can be parsed as a cros
firmware.
BUG=b:264810939
BRANCH=None
TEST=futility read /dev/null
Change-Id: Ia0fe2a6b9d9250dd05485d2f48c74a33a048ab21
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4158631
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
flashrom now respects region permissions rather than ignoring
exit codes. While downstreaming this support we require these
flags to be set to ensure no change in behavior for futility.
BUG=b:260440773
BRANCH=none
TEST=builds
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: Id54164385d24b3a9f2bf1da8490baf05c4728cf3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4127324
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a command that reads AP firmware to a specified file path.
BUG=b:260531154
BRANCH=None
TEST=FEATURES=test emerge-grunt vboot_reference
TEST=futility read /tmp/bios
TEST=futility read /tmp/bios -p ec
TEST=env SERVOD_NAME=grunt futility read /tmp/bios --servo
Change-Id: I82fe0381b6f61ca4d67a9f5c27353e18ed4abe39
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4075310
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gbb command can read and modify flash in addition to acting on firmware
files.
BUG=b:260531154
BRANCH=None
TEST=FEATURES=test emerge-grunt vboot_reference
TEST=futility gbb -s --flags 0x0 /tmp/bios /tmp/bios2
TEST=futility gbb -g --flash
TEST=futility gbb --set --flash --flags=0x40b9 --flash
TEST=env SERVOD_NAME=grunt futility gbb --get --servo
TEST=env SERVOD_NAME=grunt futility gbb --set --servo --flags=0
Change-Id: I66b008ed7325d125eb305e84185e53eccd243898
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4075311
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updater arguments dealing with flash and servo control will be common
with other commands. Move those to a shared file.
BUG=b:260531154
BRANCH=None
TEST=FEATURES=test emerge-grunt vboot_reference
TEST=futility gbb -s --flags 0x0 /tmp/bios /tmp/bios2
Change-Id: I0a6c992425cf7ca529b3857cfabc654ae2b1be81
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4075308
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add PRESUBMIT.py to prevent people from uploading CLs using `git cl`.
BUG=none
TEST=`git cl upload` failed
BRANCH=none
Change-Id: I1906614093c6135dff1279393e3d79172f41a3c0
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4133838
Commit-Queue: Yidi Lin <yidilin@chromium.org>
Reviewed-by: Yidi Lin <yidilin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lib20/include and lib/cryptolib no longer exist, so remove them from the
include path.
BRANCH=none
BUG=none
TEST=none
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ia5e2893a1aaca6655565315a0e06131906668392
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4128690
Tested-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove the sign_uefi.sh script and call sign_uefi.py instead. This is in
a separate commit from the one adding the Python script in case we need
to revert.
Test command:
platform/vboot_reference/scripts/image_signing/sign_official_build.sh \
base build/images/reven/latest/chromiumos_test_image.bin \
platform/vboot_reference/tests/devkeys \
build/images/reven/latest/chromiumos_test_image.bin.signed
BRANCH=none
BUG=b:261631233
TEST=Run test command above, verify expected files are signed
Change-Id: Icf59b6b1a36acf6332cd6f402ef6072b99c44796
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4083507
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Shell scripts are hard to modify and hard to test, so port sign_uefi.sh
to Python. This is a fairly direct port that attempts to keep all the
behavior the same. In particular, there are no hard errors for missing
EFI/kernel files, or for failing to sign one of those files if it does
exist. It might be good to make the script more strict in the future,
but for now try to match the existing behavior.
Nothing actually calls the new script yet.
Also enable `black_check` in `PRESUBMIT.cfg` to enforce formatting.
BRANCH=none
BUG=b:261631233
TEST=make runtests
TEST=cros lint scripts/image_signing/sign_uefi*.py
Change-Id: I4b9b86607cc403779b0504758dd097b0d7237fef
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4083506
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
