| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This can trigger the sync mechanism earlier so that the kernel has enough
time to schedule a real disk sync before system reboots.
We sent this in CL 41269, however it is reverted because the sync() and
syncfs() make test cases timeout (tons of disk access). So we only sync
file itself in this CL and leave the whoe system sync outside cgpt.
BUG=chromium-os:35992
TEST=make && make runtests ; and trybot
BRANCH=none
Original-Change-Id: I9c6b602220131f1f011e7865788a122d4c379e73
(cherry picked from commit 8e9b61a8f9e0d1446a2ac98db1959ed561880d91)
Change-Id: I5f419332cc5887d734f507533927e049e6cfbbf0
Reviewed-on: https://gerrit.chromium.org/gerrit/42211
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Yung-Chieh Lo <yjlou@chromium.org>
Tested-by: Yung-Chieh Lo <yjlou@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Export the NVRAM contents to tmpfs (/tmp) for use during boot without
incurring the cost of repeated trips through the TPM.
Signed-off-by: Will Drewry <wad@chromium.org>
BUG=chromium-os:37367
TEST=builds, boots, emits lockbox.nvram which validates using in-progress lockbox-cache
BRANCH=none
Change-Id: I8b1103f4bd22bd75e98a7617a571bdb3a06d2914
Previous-Reviewed-on: https://gerrit.chromium.org/gerrit/41433
Commit-Queue: Will Drewry <wad@chromium.org>
(cherry picked from commit 265e2f78dd46845253b683ca8367483c31ba3f4a)
Reviewed-on: https://gerrit.chromium.org/gerrit/42114
Commit-Queue: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a system key is available (could read TPM NVRAM), but the "finalization
needed" file exists, it means that we are in the situation where either
cryptohome was interrupted, or the TPM was temporarily unavailable at an
earlier boot. In this case, it is up to mount-encrypted to perform the
finalization. Before, we were making the very bad assumption that the
keyfile was valid if a system key was found, meaning we would delete the
"finalization needed" file, leaving us with no way to find the encryption
key leading to an OOBE on the next boot.
BUG=chrome-os-partner:15960
TEST=daisy build, manual testing
BRANCH=None
Change-Id: Ifb6d74d8a38100e00d9a4597c25a71a6c33f806c
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/39883
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This just adds a one-byte field in the nvstorage region for use in debugging
hard-to-catch errors. There's no official meaning or expectation for this
field. It's just a handy place to emit some information.
BUG=chrome-os-partner:11534
BRANCH=parrot
TEST=manual
Just change the value and ensure that it persists across a (working) reboot.
It's only updated at specific points under very exacting error conditions,
so all we really want to test is that it works as a place to store some
extra info.
crossystem recovery_subcode
crossystem recovery_subcode=14
reboot
crossystem recovery_subcode
The recovery_subcode byte is at index [6] of the VbNv.raw bytes that appear
when you press TAB, so you can find it there too:
VbNv.raw: 60 20 00 00 00 00 0e 00 00 00 00 00 00 00 00 65
Decimal 14 == 0x0e
Change-Id: I1930b8f81a03ab838dbee99a8d72c35a444efdfd
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/39803
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For debugging purposes, we like to see the kernel command line that a
particular kernel is using. We have all the tools to do this already,
but not easy to leverage (you have to manually extract/etc...). So
add a "dump_config" helper to help people out.
Further, the existing argc processing is incomplete and not terribly
friendly. Add some useful error messages explaining why we quit.
BUG=None
TEST=`./sign_official_build.sh dump_config <bin>` works
TEST=`./sign_official_build.sh verify <bin>` works
TEST=`./sign_official_build.sh` shows usage
TEST=`./sign_official_build.sh recovery <bin>` shows usage
TEST=`./sign_official_build.sh recovery <bin> / /tmp/foo` tries to sign
BRANCH=None
Change-Id: I9f94250b8c299783bdcba704733974c6a5491101
Reviewed-on: https://gerrit.chromium.org/gerrit/39603
Reviewed-by: Paul Taysom <taysom@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure all Tlcl users benefit from the new retry logic.
BUG=None
TEST=daisy build, manual testing of racing tpmc loops
BRANCH=None
Change-Id: I8e9656a65b5d6b45694c1c8bceb95f54f7c751bb
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/39525
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Snow was built with overlapping regions in its FMAP, so when we use
dump_fmap -h to see what the layout is, it complains and dies. This change
lets it keep going if you give it multiple -h args. Nothing else is different.
BUG=none
BRANCH=none
TEST=manual
This complains and quits:
dump_fmap -h image-snow.bin
This complains and keeps going:
dump_fmap -hh image-snow.bin
Change-Id: Ia4592b9ba6963b8c5064dd6f51625e9495db2845
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/39551
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the TPM hits an error other than ENOENT during open(), retry for 5
seconds with 100ms polling delays. Also switch to on-demand opening
of TPM, so umount will not hit delays if tcsd keeps the TPM open at
shutdown time.
BUG=chrome-os-partner:15960
TEST=daisy build, mount ok with kernel patched to return EBUSY for a few
opens, platform_EncryptedStateful passes.
BRANCH=None
Change-Id: Ia597622bb54ccc4366be2a0c960c518406e6c0b2
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/39445
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If there were any errors communicating with the TPM at the OS layer
(open, read, write failures), the library would immediately exit, not
allowing the caller to make any decisions about how to handle it. This
introduces a way to initialize the library so that errors will get passed
back up to the caller instead of unceremoniously exiting.
Setting the environment variable "TPM_NO_EXIT=1" enables the feature. To
avoid needing to implement supporting functions in all backends, the
feature is currently limited to just the Tlcl stub implementation.
In the case of mount-encrypted, it can now survive the kernel returning
read/write failures. In the past it had only worked around having open
fail, but that has now been replaced with more sensible logic instead of
the environment variable trickiness.
BUG=chrome-os-partner:15960
TEST=daisy built with an always-failing kernel driver, u-boot builds too
BRANCH=None
Change-Id: Ic7b217017537980f9c239d678067398613045676
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/38791
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the case of the TPM getting into a permanent failure mode
(e.g. crosbug.com/p/15785), the entropy system was not trying harder to
get entropy (i.e. falling back to system RNG), and was just using
whatever happened to be on the stack.
This adds the system RNG to the fallback list:
- try TPM RNG
- try system RNG
- use uninitialized stack contents
The reason for the last one being used is so we can make sure we're
getting a system up. It is extremely unlikely for both the TPM and
the system RNGs to be broken and if they are, it's likely a relatively
permanent failure condition. If we abort in this state, we'll cause an
infinite repair loop which is a very bad user experience. Instead, get
the system up using terrible entropy so the conditions can be examined.
BUG=chrome-os-partner:15960
TEST=daisy build with instrumented kernel tpm driver to always fail
BRANCH=none
Change-Id: I92c454925a78bb0d94262cdb3914c1b72010450e
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/38751
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changed the pattern substitution to work with dm-[0-9]
BUG=chromium-os:25441
TEST=Turned off verity on stumpy both with and without bootcache
BRANCH=none
Change-Id: I519ad71879f2db847f450b869c8f7a67606f1e20
Reviewed-on: https://gerrit.chromium.org/gerrit/38691
Tested-by: Paul Taysom <taysom@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Paul Taysom <taysom@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are several places where the same recovery_reason was used to report
slightly different points of failure. Let's create some new codes instead.
Remember that recovery mode is handled by RO firmware, so if an updated RW
firmware uses one of the new error codes, pressing TAB at the recovery
screen will say "We have no idea what this means". That's not a bug. This CL
deprecates the original codes, so the fact that the RO firmware doesn't
recognize it just means it's a new code reported by a new RW BIOS.
BUG=chromium-os:36562
TEST=manual
BRANCH=parrot
Run
make && make runtests
It should pass. You can test some of the error cases on actual hardware by
using
crossystem recovery_reason=86
reboot
and pressing TAB at the recovery screen. For that example you should see the
message
recovery_reason: 0x56 TPM lock error in rewritable firmare
Change-Id: I123c781e6c6f6fe0284c4fd49f5f5a855eece7df
Reviewed-on: https://gerrit.chromium.org/gerrit/38652
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
To help identify the specific failure conditions encountered when the
TPM goes weird, report them any time they are encountered.
BUG=chrome-os-partner:15960
TEST=daisy build, manual testing
BRANCH=none
Change-Id: I80b3bd23c88c19d807cbcafe8ea2736fe000e1d6
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/38468
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To handle a more diverse set of configurations, added
processing of regular expressions for the dm params.
BUG=chromium-os:36441
TEST=rand security_test_image for various configurations
BRANCH=none
Change-Id: I4d9e610586cc9f63d55397e60462600ed9b9651f
Reviewed-on: https://gerrit.chromium.org/gerrit/38202
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Paul Taysom <taysom@chromium.org>
Tested-by: Paul Taysom <taysom@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
BRANCH=none
Change-Id: I4a5ecedd4dd8e2ef866793edd825f4d5716402bf
Reviewed-on: https://gerrit.chromium.org/gerrit/38097
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using PT=18 provides better screen on scaled screens.
IPAPGothic does not look good after being scaled, so let's use Droid Sans
Fallback again.
BRANCH=none
BUG=none
TEST=make # pass
Change-Id: I59f3768a14055d8f135e15b85107406d5a2d4924
Reviewed-on: https://gerrit.chromium.org/gerrit/38016
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To simplify dependency (and prepare for building inside chroot), we need to get
rid of dependency for ImageMagick, which is now entirely replaceable by Python
Image Library.
BRANCH=none
BUG=none
TEST=make # pass
Change-Id: Ie3d3a4ac399b2fe58aa75f8e02e4475bcba21c51
Reviewed-on: https://gerrit.chromium.org/gerrit/37985
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:35909
TEST=None (need suggestions form semenzato)
BRANCH=none
Change-Id: Ife7c545a28fd70407ba2fe1a0a14e20df8e847f7
Reviewed-on: https://gerrit.chromium.org/gerrit/37020
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Tested-by: Paul Stewart <pstew@chromium.org>
Commit-Ready: Paul Stewart <pstew@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new flag, 0x100, to indicate FAFT key stroke overrides.
BUG=chrome-os-partner:14056
TEST=none
BRANCH=stout
Change-Id: I76b7f3f4c51abec5528047f690f20a09b257abc2
Signed-off-by: Marc Jones <marc.jones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/37074
Reviewed-by: Ronald G. Minnich <rminnich@chromium.org>
Reviewed-by: Gediminas Ramanauskas <gedis@chromium.org>
Tested-by: Gediminas Ramanauskas <gedis@chromium.org>
Commit-Ready: Marc Jones <marc.jones@se-eng.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Running ImageMagick + PIL is a redundant task; we should let PIL
do flatten, resize, and exporting to different format.
Before: real 11m54s, user 37m10s.
After: real 8m3s, user 16m33s.
BRANCH=none
BUG=none
TEST=make
Change-Id: I65f1e5b769161650310abca46851824755402d9b
Reviewed-on: https://gerrit.chromium.org/gerrit/37200
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sub-shell execution is slow. To improve shell script execution speed:
- Replae $(expr) by $(()).
- Cache image file data and avoid executing ImageMagick.
- Prevent extra eval & subshell.
- Remove bash-only syntax to allow using dash.
# time ../make_default_yaml en
Before change: Real 9s, User 1m7s.
After (bash): Real 1.6s, User 8.8s.
After (dash): Real 1.0s, User 6.9s.
BRANCH=none
BUG=none
TEST=make
Change-Id: I59626fb1a211de82cf58fcd1331a5641b97e2823
Reviewed-on: https://gerrit.chromium.org/gerrit/37006
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=none
BUG=chrome-os-partner:15823
TEST=make # pass
Change-Id: Ibb998e71059146067403872386bf17659a50c0f3
Reviewed-on: https://gerrit.chromium.org/gerrit/37098
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libraries must come after objects when linking. Otherwise their
references will be elided when earlier objects didn't need them.
BUG=None
TEST=`LDFLAGS=-Wl,--as-needed emerge-daisy vboot_reference` worked
BRANCH=None
Change-Id: Ic8237a767758d002cd848ed3293b17940884b609
Reviewed-on: https://gerrit.chromium.org/gerrit/37166
Reviewed-by: Kees Cook <keescook@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change *usb2 to "USB2 only, no SD" and add "*sdusb2" as "USB2 only, with SD".
Also fixed PIL conversion error on Ubuntu Precise edition.
BRANCH=none
BUG=chrome-os-partner:15738
TEST=make # pass
Change-Id: I9bc22b7f82bc6e58e6069ae6dd4951e882edb19c
Reviewed-on: https://gerrit.chromium.org/gerrit/36997
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Dave Parker <dparker@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changing languages is terribly slow at the confirm screen, when
switching from dev to normal. Reduce sleep time to improve user
experience.
BUG=chrome-os-partner:15726
TEST=boot in dev, hit space, hit arrows rapidly to change language,
observe no lag.
BRANCH=butterfly, stout
Change-Id: I0943debc31d78dcfce87e7f7d4537ae47f5f8cfd
Reviewed-on: https://gerrit.chromium.org/gerrit/36956
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Shawn Nematbakhsh <shawnn@google.com>
Tested-by: Shawn Nematbakhsh <shawnn@google.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There will be more bios*.bin (ex, bios_rw.bin) in firmware updater, and we do
want to sign all files.
BRANCH=signer
BUG=chromium-os:35369
TEST=sign_official_build.sh ssd DEV_IMAGE ../../tests/devkeys
Change-Id: I2ea0c5c3d7a18c43df581f50b4bd907206dcd7ad
Reviewed-on: https://gerrit.chromium.org/gerrit/36890
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TPM on snow devices may boot in an unusable state. The workaround
is to detect this early and reboot. The workaround code prevents
an infinite reboot loop by counting the number of reboots and entering
recovery mode with this reason after a small threshold has been reached.
BUG=chromium:156655
TEST=no test! Not even compiled!
BRANCH=none
Change-Id: Ica2f14f8f7df8c46b7cbe5dbd578ba93c8f3a78c
Reviewed-on: https://gerrit.chromium.org/gerrit/36790
Tested-by: Luigi Semenzato <semenzato@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Luigi Semenzato <semenzato@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Part of the recent rewrite dropped changing of the active dir to
${KEY_DIR}. Meant the scripts needed to be run inside of the key
dir since not all functions take the key dir as an argument but
instead assume they're in ${PWD}.
BUG=None
TEST=Ran increment_kernel_subkey_and_key_mp.sh and saw it work
BRANCH=None
Change-Id: Icbc02f123e999d186d9c40fd16528a134397699e
Reviewed-on: https://gerrit.chromium.org/gerrit/35803
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of fsid, which is unpopulated for tmpfs, use device number
since that will increment for each different tmpfs.
BUG=chrome-os-partner:15192
TEST=parrot build, manual testing
BRANCH=none
Change-Id: I0024f7283c90684daaf1278d3cf6b76cc85bb253
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/35615
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Elly Jones <ellyjones@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While not having a TPM was supported for non-Chrome devices, it was not
expected for Chrome devices. This adds logic to fail the TPM calls
before making them when the TPM is missing. The tpm_lite library doesn't
handle the TPM being missing, so we have to do this ourselves.
BUG=chrome-os-partner:15192
TEST=parrot build, verified operation after "mv /dev/tpm0 /dev/tpm0.bak"
BRANCH=none
Change-Id: I2f625305dce7fa698fcad33e412ee37c60da9bc2
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/35440
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We didn't get bit by this bug because getlong_opt does partial matching
on long option names. So --flag also works.
BUG=none
TEST=resign a test firmware; ensure preamble flag is preserved.
BRANCH=none
Change-Id: Ifd87c627b82468529fe1241be3629198d194027b
Reviewed-on: https://gerrit.chromium.org/gerrit/35350
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The bootcache will be changing the linux command line. Added additional
patterns that are acceptable to the signing software.
BUG=chromium-os:25441
TEST=ran security_test_image script against stumpy recovery images
BRANCH=none
Change-Id: I22d00ebc6191b5499f722974d90c260b78eb63b2
Reviewed-on: https://gerrit.chromium.org/gerrit/34959
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Paul Taysom <taysom@chromium.org>
Tested-by: Paul Taysom <taysom@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we are given a config file that doesn't exist, return an error rather
ignoring it. This way we don't accidentally give images a pass when we
didn't properly test them.
BUG=None
TEST=`./security_test_image --board=x86-alex --baselines=/` now shows 3 failures rather than all pass
BRANCH=None
Change-Id: I9d130db05befaeac8fcca921f0e43f47c2461f9f
Reviewed-on: https://gerrit.chromium.org/gerrit/34795
Reviewed-by: Ryan Cui <rcui@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
devsw_cur is really a meaningless concept on systems with virtual dev
switches; it exists primarily to support factory test of physical
developer switches. However, some plugins use this instead of the
preferred devsw_boot, and it's easier to modify crossystem than the
plugins at this point in time.
BUG=chrome-os-partner:12928
BRANCH=none (affects all current products, but is an OS-level change, not FW)
TEST=manual
- On link, 'crossystem devsw_cur devsw_boot' with dev switch on -> '1 1'
- On link, 'crossystem devsw_cur devsw_boot' with dev switch off -> '0 0'
- On lumpy or earlier, 'crossystem devsw_cur' should return current dev
switch position; check this by toggling the physical switch without
rebooting and see that the reported value follows the switch value.
Change-Id: Ie7416e5cb03c133572c32af677b55ed18884dfb8
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/34531
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently vbutil_what_keys only displays the kernel keyblock info for disk
images. This adds a -v option (requiring sudo) to cause it to attempt to look
inside any rootfs partitions and extract the BIOS image from the shellball.
This CL also updates the list of known sha1sums.
Without -v:
vbutil_what_keys recovery_image.bin
IMAGE: recovery_image.bin
part 2 kernel: 49d40533b0812d3f31232c5eedd47e7e11acc293 (!DEV DEV REC)
part 4 kernel: cc887372ac2d1c415eac93fc11e753629c387358 (!DEV DEV !REC)
With -v:
vbutil_what_keys -v recovery_image.bin
IMAGE: recovery_image.bin
part 2 kernel: 49d40533b0812d3f31232c5eedd47e7e11acc293 (!DEV DEV REC)
part 4 kernel: cc887372ac2d1c415eac93fc11e753629c387358 (!DEV DEV !REC)
part 3 shellball:
hwid: X86 LUMPY TEST 6638
recovery key: 0d800afb53cdd05dd849addee0143ca1d96e893c
root key: 4e92f07efd4a920c4e4f1ed97cf47b7b04ee1428
BUG=none
BRANCH=none
TEST=manual
This is an optional feature to a debugging utility. You can try the examples
above if you feel like testing it yourself.
Change-Id: Ie0dc918c1a99705c408314e960f4dc98aee7c1a9
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/34537
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ctrl-U used to simply beep without messages for why it does not work (due to NV
data dev_boot_usb). Since the system is already in Developer mode, it should be
fine to provide some debug information otherwise we can spent time trying to
figure out why the firmware doesn't work.
BRANCH=all
BUG=chrome-os-partner:14474
TEST=flash image to Link, enter DEV and press Ctrl-U; gets beep and warning messages.
Change-Id: Iab20ecdb2e1c4e267b7257a7bd241006241ddf70
Reviewed-on: https://gerrit.chromium.org/gerrit/34406
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We use gbb-flag-force-dev-switch-on in default firmware images to make
things easier for factory and some devs.
But when we request normal mode there should be some sort of warning/error
telling the user that this is not available, otherwise we can spent time trying
to figure out why the firmware doesn't work.
BRANCH=all
BUG=chrome-os-partner:14474
TEST=flash image to Link, set GBB flags to 0x39, boot to DEV screen
and press SPACE (TONORM); gets beep and warning messages.
Change-Id: Id48c12693c7575001fae7fad92a868cb5465e83d
Reviewed-on: https://gerrit.chromium.org/gerrit/34172
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This enables the signer script to sign update payloads.
BUG=chromium-os:34521
TEST=`./sign_official_build.sh update_payload testcase.sha256 . foo` produced a signed foo file
BRANCH=None
Change-Id: I27a9de89e760427251538deec38161944388a152
Reviewed-on: https://gerrit.chromium.org/gerrit/33535
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Don Garrett <dgarrett@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the cgpt utility complaints about parameter errors, it is
impossible to tell what exactly went wrong. This change consolidates
error definitions and adds a function to convert integer error values
into text messages.
BRANCH=none
BUG=none
TEST=manual
. emerge-link vbooot_reference
. copy generated `cgpt' to a Link device
. run command with wrong arguments with respect to the existing GPT:
localhost var # ./cgpt add -i 3 -b 3985408 -s 1757184 -t rootfs -l ROOT-A /dev/sda
ERROR: cgpt add: Starting LBA overlaps
ERROR: cgpt add: -i 3 -l ROOT-A -b 3985408 -s 1757184 -t 3CB8E202-3B7E-47DD-8A3C-7FF2A13CFCEC
. on the host, in the chroot in src/platform/vboot_reference run
$ make && make runtests
observe all tests succeed
Change-Id: Ibd23ca0430a875f70524adc99e0509b26ae699b2
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/34003
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Older firmware does not provide nonvolatile-context-storage FDT
property, and crossystem complains about it.
This is harmless; so just make it quiet.
Signed-off-by: Che-Liang Chiou <clchiou@chromium.org>
BRANCH=none
BUG=chrome-os-partner:14475
TEST=manual, see blow
Run crossystem and make sure its output does not contain
"Unable to open FDT property nonvolatile-context-storage"
messages.
Check crossystem still works by comparing its output w/ and w/o this
change.
Change-Id: I0b8f40775833457a75d801f185344e931ac08847
Reviewed-on: https://gerrit.chromium.org/gerrit/33896
Commit-Ready: Che-Liang Chiou <clchiou@chromium.org>
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
--snark; no functional change.
BUG=none
TEST=build code
BRANCH=none
Change-Id: Id3a8c5aaf0e5a9d0e1949af602840efcc1895f50
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/33898
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This option is disabled per default and can be enabled with
crossystem dev_boot_legacy=1
or by setting the GBB flag
GBB_FLAG_FORCE_DEV_BOOT_LEGACY 0x00000080
BUG=chrome-os-partner:6108
TEST=crossystem dev_boot_legacy=1
boot to dev mode screen, press CTRL-L, see SeaBIOS start
(other CLs needed)
BRANCH=link
Signed-off-by: Stefan Reinauer <reinauer@chromium.org>
Change-Id: I593d2be7cff5ca07b8d08012c4514a172bd75a38
Reviewed-on: https://gerrit.chromium.org/gerrit/31265
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
Tested-by: Stefan Reinauer <reinauer@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Stefan Reinauer <reinauer@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=None
TEST=Ran it
BRANCH=None
Change-Id: Ib494c64d81c4ee80991a01b2172c7c47b60d5658
Reviewed-on: https://gerrit.chromium.org/gerrit/33659
Tested-by: Kris Rambish <krisr@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to dual boot Windows and ChromeOS, Windows must
not find a GPT partition table on the disk. So change
ChromeOS to cope with an alternative signature "CHROMEOS"
instead of the standard "EFI PART"
BUG=chrome-os-partner:6108
TEST=rebuild chromeos, install it,
run cgpt legacy /dev/sda
dd if=/dev/sda of=/tmp/x bs=1k
hexdump -C /tmp/X
see the string CHROMEOS
BRANCH=link
Signed-off-by: Stefan Reinauer <reinauer@chromium.org>
Change-Id: Ia88eff33b9880bd73a78c1b8e026c1f8298c4557
Reviewed-on: https://gerrit.chromium.org/gerrit/31264
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Stefan Reinauer <reinauer@chromium.org>
Tested-by: Stefan Reinauer <reinauer@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For firmware and kernel key increment testing we need to be able to
rev only particular keys and verify an autoupdate works.
BUG=None
TEST=Ran it
BRANCH=None
Change-Id: Ic814480b4bf8fbc994132fcd7ba519c3be9b0ccd
Reviewed-on: https://gerrit.chromium.org/gerrit/32458
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Kris Rambish <krisr@chromium.org>
Tested-by: Kris Rambish <krisr@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We may have multiple storage types (disk or mkbp) of VbNvContext.
crossystem should switch the type and choose the corresponding device
driver.
After patching U-Boot, you may check storage type:
[ "mkbp" = "$(cat /proc/device-tree/firmware/chromeos/nonvolatile-context-storage)" ]
And cross-verify crossystem with mosys:
$ mosys nvram vboot read
70000000000000000000000000000020
$ crossystem recovery_request
0
$ crossystem recovery_request=123
$ mosys nvram vboot read
70007b0000000000000000000000005d
$ mosys nvram vboot write 70000000000000000000000000000020
$ crossystem recovery_request
0
More importantly, crossystem should also work with older version of
firmware, which does not pass down this information.
Signed-off-by: Che-Liang Chiou <clchiou@chromium.org>
BRANCH=none
BUG=chrome-os-partner:13766
TEST=Check storage type on a Snow device:
[ "mkbp" = "$(cat /proc/device-tree/firmware/chromeos/nonvolatile-context-storage)" ]
Make sure that FAFT is still happy:
./run_remote_tests.sh --remote $ADDR --board daisy 'firmware_TryFwB/control$'
./run_remote_tests.sh --remote $ADDR --board daisy 'firmware_TryFwB/control.dev$'
More importantly, check crossystem worked well even when ChromeOS
is booted from an older version of firmware.
Change-Id: I3989a8c181efe03cd9f06127743763e0ad97e281
Reviewed-on: https://gerrit.chromium.org/gerrit/32470
Reviewed-by: Che-Liang Chiou <clchiou@chromium.org>
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Commit-Ready: Che-Liang Chiou <clchiou@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This GBB_FLAG_ENTER_TRIGGERS_TONORM is new added for allowing Enter
(default is Space) to trigger the TONORM screen. This flag is
used by FAFT testing.
Chage the usage of set_gbb_flags.sh to help an user.
BUG=chrome-os-partner:12699
TEST=None. Trivial comment change.
Change-Id: I8a1efa880627965570719f22dedfa0e31ab2d5f5
Reviewed-on: https://gerrit.chromium.org/gerrit/33404
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Ready: Tom Wai-Hong Tam <waihong@chromium.org>
Tested-by: Tom Wai-Hong Tam <waihong@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we don't accept keyboard input in UPDATE screen.
BRANCH=none
BUG=chrome-os-partner:13821
TEST=make # no more languages on UPDATE screen.
Change-Id: I08fa6dab7415e9a461ca8096073e98a155a8489e
Reviewed-on: https://gerrit.chromium.org/gerrit/33161
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Dave Parker <dparker@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A shortcut and easier way to enable USB booting without always calling the huge
firmware updater.
BRANCH=none
BUG=none
TEST=./enable_dev_usb_boot # successfully set dev_usb_boot value.
Change-Id: I9ebb3ce79ef58bc0a32926866d5e1827a92b6e74
Reviewed-on: https://gerrit.chromium.org/gerrit/33046
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This lines up with the terminology that people have been using, and the
valid types that can appear in signer instruction files. We keep around
the old "install" so that other code continues to work.
BUG=None
TEST=None
BRANCH=none
Change-Id: I8d0d2ab4c0ae61f6bcdbcc24ec9796d9eabe386e
Reviewed-on: https://gerrit.chromium.org/gerrit/33056
Reviewed-by: David McMahon <djmm@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
