summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* detachables: New code path for displaying detachable menusstabilize-9592.82.Bstabilize-9592.67.Bstabilize-9592.55.Bstabilize-9592.15.Brelease-R60-9592.BShelley Chen2017-05-254-0/+84
| | | | | | | | | | | BUG=b:35585623 BRANCH=None TEST=None CQ-DEPEND=CL:457863 Change-Id: Ib2f8d93334cecfd80169842994ea7561baf41378 Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/457839
* rowan: Add preMP keys to vbutil_what_keysPatrick Berny2017-05-251-0/+4
| | | | | | | | | | | | | | | BUG=none BRANCH=ToT TEST=ensure Rowan PreMP keys are correctly output by 'vbutil_what_keys chromeos_9547.0.0_rowan_recovery_canary- channel_premp.bin' Change-Id: I292425106a0b2d8e42f8a31de18edd0e63618842 Reviewed-on: https://chromium-review.googlesource.com/514984 Commit-Ready: Patrick Berny <pberny@chromium.org> Tested-by: Patrick Berny <pberny@chromium.org> Reviewed-by: Patrick Berny <pberny@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>
* image_signing: ensure_secure_kernelparams.sh: use loopback devices for speedMike Frysinger2017-05-232-4/+64
| | | | | | | | | | | | | | | Rather than read out the whole kernel partition just to dump the kernel config, set the image up via a loopback device and read from there. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I3797a0e77315e8baf6f481f31c44b889ac6d098a Reviewed-on: https://chromium-review.googlesource.com/505475 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>
* define callback APIs for auxiliary firmware update.Caveh Jalali2017-05-232-0/+49
| | | | | | | | | | | | | | | TEST="COV=1 make" passes depthcharge still compiles in combination with follow-up CLs, ps8751 firmware update succeeds. BUG=b:35586896 Change-Id: Ibadc41e56e4e25ee0aba5c83caa0e3596fb9ad20 Reviewed-on: https://chromium-review.googlesource.com/505259 Commit-Ready: Caveh Jalali <caveh@google.com> Tested-by: Caveh Jalali <caveh@google.com> Reviewed-by: Randall Spangler <rspangler@chromium.org>
* vboot_ui_menu: Show Developer options on USB failureRizwan Qureshi2017-05-231-0/+2
| | | | | | | | | | | | | | | | | | | | | In the current implementation, if the boot from USB fails after pressing Ctrl-U or selecting "Boot USB Image", only a blank screen is shown instead of a menu. There is no option for the user to do anything else except wait for the timeout, after which boot from fixed disk is attempted. This does not seem like an intuitive boot flow. Hence, if the USB boot fails display the current menu, allowing the user to attempt something else. BUG=None BRANCH=None TEST= verfied that menu is displayed on USB boot failure from developer screen. Change-Id: Ide3967be7bba3d87c8a545a0f4ed52da44150fd0 Signed-off-by: Rizwan Qureshi <rizwan.qureshi@intel.com> Reviewed-on: https://chromium-review.googlesource.com/509671 Commit-Ready: Rizwan Qureshi <rizwan.qureshi@intel.corp-partner.google.com> Tested-by: Rizwan Qureshi <rizwan.qureshi@intel.corp-partner.google.com> Reviewed-by: Shelley Chen <shchen@chromium.org>
* image_signing: unify output helpersMike Frysinger2017-05-196-41/+47
| | | | | | | | | | | | | | | | | | | | We have `err_die` and `die` helpers that do the same thing, but some scripts just have to know which one to use based on their runtime. Just unify them as the more common `die` so all scripts can use it. Similarly, we provide info, warn, and error to dev scripts, but not to the runtime ones. Add small stubs in common_minimal.sh so the API is consistent. BRANCH=None BUG=chromium:718184 TEST=scripts still work Change-Id: Id44fb27900c37f4e357d20817f909e4534d1c5b3 Reviewed-on: https://chromium-review.googlesource.com/507990 Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org> Commit-Queue: Mike Frysinger <vapier@chromium.org>
* image_signing: fix key insert logicMike Frysinger2017-05-161-2/+1
| | | | | | | | | | | | | | | | We don't want to override the common trap as the common sh files already have handlers installed to clean up files/mounts. Re-use those helpers to avoid leaking loopback mounts. BRANCH=None BUG=chromium:718184 TEST=signing images still works Change-Id: I749ce5075194356219fea51152154fdc5a2e3b99 Reviewed-on: https://chromium-review.googlesource.com/505575 Reviewed-by: Eric Caruso <ejcaruso@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Mike Frysinger <vapier@chromium.org>
* image_signing: strip_boot_from_image.sh: convert to info/error helpersstabilize-9554.BMike Frysinger2017-05-131-2/+2
| | | | | | | | | | | | | | This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I48edde260e1d1db88f65624c7ff46ad2ac1cc2f4 Reviewed-on: https://chromium-review.googlesource.com/498100 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>
* image_signing: resign_image.sh: drop unused scriptMike Frysinger2017-05-131-56/+0
| | | | | | | | | | | | | | | This script hasn't been executed by image_signing or the cros-signer code, and cs/ doesn't turn up any hits. Scrub it from the codebase. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: Ief4256a8ceab753d5c1fd6d0f3d81609e11f62a9 Reviewed-on: https://chromium-review.googlesource.com/500329 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>
* image_signing: sign_official_build.sh: convert to info/error helpersMike Frysinger2017-05-131-45/+39
| | | | | | | | | | | | | | This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I4097fd58f349dc84c242dd12d6a94e12f387a1f0 Reviewed-on: https://chromium-review.googlesource.com/498232 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>
* image_signing: ensure_sane_lsb-release.sh: convert to info/error helpersMike Frysinger2017-05-131-9/+9
| | | | | | | | | | | | | | This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I7351e1ff63bb7e88e4449dd2718685fef7ec031d Reviewed-on: https://chromium-review.googlesource.com/498267 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>
* image_signing: ensure_no_nonrelease_files.sh: convert to info/error helpersMike Frysinger2017-05-121-3/+3
| | | | | | | | | | | | | | This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I666d3f5beee4b4e3e9903d546ef66917990a659e Reviewed-on: https://chromium-review.googlesource.com/498231 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>
* image_signing: make_dev_ssd.sh: convert to info/error helpersMike Frysinger2017-05-121-18/+18
| | | | | | | | | | | | | | This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I96e20f38b6a51ad4dc8064fa3fb3d4302c47888f Reviewed-on: https://chromium-review.googlesource.com/497302 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>
* image_signing: common.sh: prefix helper messages with $PROG by defaultMike Frysinger2017-05-111-3/+4
| | | | | | | | | | | | | | This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I072994dd07cf559a60e8a139eaeaf000cbbf72e3 Reviewed-on: https://chromium-review.googlesource.com/497301 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>
* image_signing: do not fail when chronos does not existMike Frysinger2017-05-111-1/+4
| | | | | | | | | | | | | | | If the device doesn't create a chronos user, don't throw errors. For some embedded systems, they don't need a chronos user. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I4604beae1e647e024a04583471b8a7d0d4f188fa Reviewed-on: https://chromium-review.googlesource.com/500027 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>
* image_signing: swap_rootfs.sh: drop unused scriptMike Frysinger2017-05-101-29/+0
| | | | | | | | | | | | | | | This script hasn't been executed by image_signing or the cros-signer code, and cs/ doesn't turn up any hits. Scrub it from the codebase. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: Ic9cf90929f949a7f6b4e41e5b819d6f786c1c833 Reviewed-on: https://chromium-review.googlesource.com/500328 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>
* image_signing: output pubkey in DER formatMike Frysinger2017-05-101-1/+6
| | | | | | | | | | | | BRANCH=None BUG=chromium:718184 TEST=new imageloader works Change-Id: I430ed616954c820d3d1607eefd4f8e1c60863a8f Reviewed-on: https://chromium-review.googlesource.com/497914 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Greg Kerr <kerrnel@chromium.org>
* vboot: Add multiboot kernel typeDuncan Laurie2017-05-082-4/+7
| | | | | | | | | | | | | | Add a kernel type for signing multiboot kernel images. BUG=b:38040849 BRANCH=none TEST=properly sign a multiboot kernel image and then verify the resulting image. Change-Id: If00e7c85244bc59853c305e42543f34c5fabf356 Signed-off-by: Duncan Laurie <dlaurie@google.com> Reviewed-on: https://chromium-review.googlesource.com/497933 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* futility: Verify linux kernel signatureDuncan Laurie2017-05-082-1/+16
| | | | | | | | | | | | | | | | | Verify the linux kernel signature on images before assuming they contain a linux kernel. This allows non-linux images on x86 to be left unmodified when signed. BUG=b:38040849 BRANCH=none TEST=sign a multiboot kernel image that remains unmodified, and ensure that x86 linux kernels are still updated properly and can still be booted. Change-Id: Ib7ba2d59ebe6413ab355aa7c0a9ee2e32c3ed98a Signed-off-by: Duncan Laurie <dlaurie@google.com> Reviewed-on: https://chromium-review.googlesource.com/497932 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* image_signing: set_channel: use new lsbval helperMike Frysinger2017-05-071-1/+1
| | | | | | | | | | | | | | Minor clean up to the logic. BUG=None TEST=`./set_channel recovery_image.bin stable-channel` changed the lsb-release file to stable BRANCH=None Change-Id: Idf12b643f88e373b528b50e269537b861052b448 Reviewed-on: https://chromium-review.googlesource.com/414225 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org>
* image_signing: fix signing of zip/crx filesMike Frysinger2017-05-041-10/+10
| | | | | | | | | | | | | | Restore the search logic for manifests in subdirs. BRANCH=None BUG=chromium:697645 TEST=signed adb/fastboot zip archives Change-Id: I07a417216ea463cb00d6ead7cd3b61d6e6fa507d Reviewed-on: https://chromium-review.googlesource.com/494207 Commit-Ready: Hsinyu Chao <hychao@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Eric Caruso <ejcaruso@chromium.org>
* image_signing: change files sign_oci_container looks forstabilize-9517.Bfirmware-rowan-9516.BEric Caruso2017-04-261-16/+19
| | | | | | | | | | | | | | | | | Since we're packing containers in a format imageloader understands, we need to consume imageloader's manifest and produce a signature it knows to look for. BRANCH=ToT BUG=chromium:697645 TEST=package adb container, verify imageloader.sig.2 is present Change-Id: Ied9cdacf1d448a094c1b171bc2bf3b2ae54eb517 Reviewed-on: https://chromium-review.googlesource.com/457102 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>
* devkeys: switch container key from RSA to ECMike Frysinger2017-04-262-64/+7
| | | | | | | | | | | | | | | | | Created by doing: openssl ecparam -name prime256v1 -out prime256v1.pem openssl ecparam -genkey -noout -out cros-oci-container.pem -in prime256v1.pem openssl pkey -in cros-oci-container.pem -out cros-oci-container-pub.pem -pubout BUG=chromium:660209 TEST=`./sign_official_build.sh oci-container fastboot/ ../tests/devkeys` still works BRANCH=None Change-Id: I4171b2d9d9788cccf082d613b1de6e7ca9d0b005 Reviewed-on: https://chromium-review.googlesource.com/461418 Commit-Ready: Dylan Reid <dgreid@chromium.org> Tested-by: Dylan Reid <dgreid@chromium.org> Reviewed-by: Eric Caruso <ejcaruso@chromium.org>
* Add missing arg to debug messagestabilize-9460.73.Bstabilize-9460.66.Bstabilize-9460.60.Bstabilize-9460.40.Bstabilize-9460.4.Bstabilize-9460.23.Brelease-R59-9460.BBill Richardson2017-04-121-1/+1
| | | | | | | | | | | BUG=none BRANCH=all TEST=none Change-Id: Ic7b318fbc05a2b25f4923d08381186c8b37a5999 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/475117 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* detachables: Define VbExDisplayMenu()stabilize-9430.Bstabilize-9428.BShelley Chen2017-03-292-0/+17
| | | | | | | | | | | | | Create new callback for drawing detachable firmware menus BUG=b:35585623 BRANCH=None TEST=None Change-Id: Ief207f6119f00151e2d480549aaac3a8755cb1b4 Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/457838 Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
* Preserve compress method when re-sign Android imageVictor Hsieh2017-03-281-1/+3
| | | | | | | | | | | | | TEST=sign_android_image.sh rootfs /path/to/tests/devkeys/android # unsquash -s still shows gzip (previous script always use lzo) BUG=chromium:705247 BRANCH=none Change-Id: If95686d293123a069ce36bc53cbea3a08aa3e7ab Reviewed-on: https://chromium-review.googlesource.com/461205 Commit-Ready: Victor Hsieh <victorhsieh@chromium.org> Tested-by: Victor Hsieh <victorhsieh@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>
* vboot_reference: Add support for 3072-bit exponent 3 keysNicolas Boichat2017-03-1621-3/+102
| | | | | | | | | | | | | | | | This also adds the required tests (keys, testcases), and some additional tests in vb2_rsa_utility_tests.c that were not added when 2048-bit exponent 3 support was added. BRANCH=none BUG=chromium:684354 TEST=make runtests Change-Id: I56d22302c2254ef500b9d2d290a79d8c8bc39942 Reviewed-on: https://chromium-review.googlesource.com/449060 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org>
* vbutil_keyblock: Force checking the signature if signpubkey is providedNicolas Boichat2017-03-161-3/+10
| | | | | | | | | | | | | | | | | | | Previously, futility vbutil_keyblock --unpack would just ignore the error if the keyblock was not signed (but a signing public key was provided). This fix would have caught the regression introduced by 939cc3a "futility: Use only vboot 2.0 APIs for keyblocks" BUG=chromium:611535 BRANCH=none TEST=make runtests on m/master => fails TEST=make runtests with CL:448399 => succeeds Change-Id: Id7f0a248863aae2f41c2fa46fbb8a37848e707a9 Reviewed-on: https://chromium-review.googlesource.com/449058 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org>
* host_keyblock: Fix vb2_create_keyblock_externalNicolas Boichat2017-03-161-1/+2
| | | | | | | | | | | | | | | | 939cc3a "futility: Use only vboot 2.0 APIs for keyblocks" introduced 2 subtle bugs, and we could still pass unit tests. Until we start adding more signing algorithms and sig_data_size != 0. BUG=chromium:611535 BRANCH=none TEST=make runtests Change-Id: Ief95e5ab773185b59276cf06d1efaa29f1212466 Reviewed-on: https://chromium-review.googlesource.com/448399 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org>
* poppy: center detachable menu textstabilize-M58-9334.41.0.Bstabilize-9334.58.Brelease-R58-9334.BShelley Chen2017-03-021-2/+6
| | | | | | | | | | | | BUG=b:35585623 BRANCH=None TEST=reboot and make sure menu is centered in fw screen CQ-DEPEND=CL:447818 Change-Id: I7ce5063adab978338af18ad2befe65107fdea21f Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/447838 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* poppy: define VbExDisplayGetDimension()Shelley Chen2017-03-022-0/+10
| | | | | | | | | | | | | callback to get rows/cols of display BUG=b:35585623 BRANCH=None TEST=make sure code compiles Change-Id: I276975b2f0eecceb66a30ceaa449ab76a440026d Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/447837 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* poppy: Disable arrow keys for language switchShelley Chen2017-03-021-2/+0
| | | | | | | | | | | | | | | | Previously, could use arrow keys to change language in fw screen. Disabling this in detachable menu because will be using menu to switch languages. BUG=b:35585623 BRANCH=None TEST=reboot and try to use right/left arrows. Make sure they don't do anything. Change-Id: Ic720ea4ec9e6b7ae1676fdf60d27e2c74e48f736 Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/444945 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* poppy: use return key for selectionShelley Chen2017-03-021-9/+2
| | | | | | | | | | | | | | Replacing right arrow key with return for selection when keyboard is available because it's more obvious. BUG=b:35585623 BRANCH=None TEST=reboot and make sure return selects menu item. Change-Id: I6b2fbd8cddcd98c49638a6b9d79b47da1ca6545f Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/444944 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* poppy: reinstating fw ctrl functionsShelley Chen2017-03-021-0/+43
| | | | | | | | | | | | | | | Putting ctrl+D, ctrl+U, ctrl+L shortcuts back in from the fw screens. BUG=b:35585623 BRANCH=None TEST=reboot and try ctrl+D, etc. in fw screen to make sure that they have desired effects. Change-Id: I5ca555658eddabeeea6a2f64794e6839f35d75f7 Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/443349 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* vboot_ui_menu: getting rid of explicit function printShelley Chen2017-03-021-50/+39
| | | | | | | | | | | | | | | Since we're now using VB2_DEBUG, no need to explicitly print out __func__ anymore. BUG=b:35585623 BRANCH=None TEST=reboot and make sure still see serial output in AP console. Change-Id: Ica524d4e50c61681e466815ffb93d33ceee215aa Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/443348 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* poppy: replacing dev warn & rec screens with baseShelley Chen2017-03-021-9/+9
| | | | | | | | | | | | | | | Using new base screen only and leaving center blank for displaying the detachable menu items. BUG=b:35585623 BRANCH=None TEST=reboot and make sure icons don't show up in FW screens. Change-Id: I705dac43441f386ebceb58533fa0e336541fcd3c Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/442692 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* poppy: defining base screen enum itemShelley Chen2017-03-011-0/+2
| | | | | | | | | | | BUG=b:35585623 BRANCH=None TEST=None Change-Id: I2bb7f3f3cb8fd37f8a7c2253e1ea0cb322d01c9c Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/442691 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* poppy: Highlight menu selectionShelley Chen2017-02-271-21/+10
| | | | | | | | | | | | | | | Reverse foreground/background colors for highlighted selection. BUG=chrome-os-partner:61275 BRANCH=None TEST=reboot and make sure selection is highlighted CQ-DEPEND=CL:442747 Change-Id: Iaf33cf6140a3ce774a67e3ac7d381d5e05feeddb Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/442690 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* poppy: add highlight param to VbExDisplayText()Shelley Chen2017-02-272-3/+10
| | | | | | | | | | | | BUG=chrome-os-partner:61275 BRANCH=None TEST=None CQ-DEPEND=CL:442747,CL:442690 Change-Id: I0730b64a1f8bf1f4aeca1be5ee87724d61818b23 Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/442689 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* futility: rwsig: Add support for images with FMAPNicolas Boichat2017-02-255-56/+253
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If an FMAP is detected in the rwsig image file, use it to determine the location of: - RW region - RW signature - public key in RO region futility show uses that information to verify the signature, and futility sign uses it is correctly resign the image, and replace the public key a well. This also adds tests for this use case. hammer_dev.bin sample image uses huge RO public key and RW signature regions to make sure all keys up to RSA-8192 can be used. BRANCH=none BUG=chrome-os-partner:62321 TEST=make -j TEST=./build/futility/futility --debug show \ --pubkey hammer.vbpubk2 hammer.bin TEST=./build/futility/futility --debug show hammer.bin TEST=cp hammer.bin hammer.bin.orig ./build/futility/futility --debug sign \ --prikey hammer.vbprik2 hammer.bin diff hammer.bin hammer.bin.orig => identical TEST=openssl genrsa -3 -out hammer2.pem 2048 futility create --desc="Hammer 2nd key" hammer2.pem \ hammer2 ./build/futility/futility --debug sign \ --version 2 --prikey hammer2.vbprik2 hammer.bin These 2 commands succeed, but show different keys: ./build/futility/futility --debug show hammer.bin ./build/futility/futility --debug show hammer.bin.orig TEST=make runtests Change-Id: I2cebc421eaf97d1b92c9a58afc238d41487d0f6d Reviewed-on: https://chromium-review.googlesource.com/445536 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
* cmd_sign/rwsig: Free sign_option.prikey in the main functionNicolas Boichat2017-02-252-2/+2
| | | | | | | | | | | | | | It's better to free it in the same function as it was allocated. BRANCH=none BUG=none TEST=make runtests Change-Id: I7a224364c4b1afce5a274b944d32fc1b7ba5db30 Reviewed-on: https://chromium-review.googlesource.com/446177 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
* cgpt: find: filter out more devices before touching themJeffy Chen2017-02-241-4/+15
| | | | | | | | | | | | | | | | | | A partition's name would always start with the disk name. And in /proc/partitions, the partitions are always listed right after the disk. Let's filter out devices which are not followed by partitions when go through the /proc/partitions. BUG=chrome-os-partner:62955 TEST=run "cgpt find -t kernel" on kevin, no more this warning: blk_update_request: I/O error, dev mmcblk0rpmb Change-Id: If200a2476d26b1beaf644838d47ea2e60552855e Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com> Reviewed-on: https://chromium-review.googlesource.com/444492 Reviewed-by: Julius Werner <jwerner@chromium.org>
* vboot_reference: Add support for 2048-bit exponent 3 keysstabilize-9313.Bfirmware-cr50-release-9308.25.Bfirmware-cr50-mp-release-9308.87.Bfirmware-cr50-mp-r86-9311.70.Bfirmware-cr50-mp-9311.Bfirmware-cr50-guc-factory-9308.26.Bfirmware-cr50-9308.Bfirmware-cr50-9308.24.BNicolas Boichat2017-02-1821-26/+174
| | | | | | | | | | | | | | This also adds the required tests (keys, testcases). BRANCH=none BUG=chromium:684354 TEST=make runtests Change-Id: I5e148f8792ea325f813d76089271f3c4bcc2935d Reviewed-on: https://chromium-review.googlesource.com/438951 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org>
* futility: create: Output "wrote XX.vb[pub|pri]k" to stdoutNicolas Boichat2017-02-151-4/+4
| | | | | | | | | | | | | | | | Let's keep stderr for actual errors. BRANCH=none BUG=chromium:690773 TEST=make runtests TEST=futility create key.pem out > /dev/null is quiet Change-Id: Id7ce658a0dc08f45d4d035b68e355e49d9717674 Reviewed-on: https://chromium-review.googlesource.com/442524 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
* host_key2: Add VB2_SIG_ALG_COUNT to count the number of valid signaturesNicolas Boichat2017-02-152-2/+7
| | | | | | | | | | | | | | | | More reliable than simply assuming that VB2_SIG_RSA8192 is the last signature. BRANCH=none BUG=chromium:684354 TEST=rm tests/testkeys/key_*; make genkeys -j TEST=make runtests -j Change-Id: I755b3afb50313fcdf292fb3cd5b0dfe09f8593e3 Reviewed-on: https://chromium-review.googlesource.com/438948 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org>
* rollback_index: Add disable-ccd-unlock FWMP flagRandall Spangler2017-02-141-0/+2
| | | | | | | | | | | | | | This flag will be used by cr50 to disable case-closed debugging unlock. Here, we're just defining the flag. BUG=chrome-os-partner:62205 BRANCH=reef TEST=build_packages --board=reef chromeos_firmware Change-Id: If86e112948e1c95a767808b2f92dd8fe35abf46c Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/440846 Reviewed-by: Shelley Chen <shchen@chromium.org>
* poppy: initializing next_menu_idx to current_menu_idxShelley Chen2017-02-111-1/+1
| | | | | | | | | | | | | Get rid of uninitialized variable warning. BUG=chrome-os-partner:61275 BRANCH=None TEST=make cgpt WERROR= STATIC=1 Change-Id: I31faa557406c6a90cfdea8571620675c81c0c0ec Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/440432 Reviewed-by: Hung-Te Lin <hungte@chromium.org>
* tests: Add simple test for rwsig imagesNicolas Boichat2017-02-112-0/+47
| | | | | | | | | | | | | | | | This tests that futility can correctly create and verify rwsig images. Note that we do not test RSA 8192, as the signature is longer than 1024 bytes, and the test logic would need to be changed. BRANCH=none BUG=chromium:684354 TEST=make runfutiltests Change-Id: I690e59fe8fa3e273dd81176211c58e1677fa720f Reviewed-on: https://chromium-review.googlesource.com/438950 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
* gen_test_keys.sh: Fixup key_index when keys already existNicolas Boichat2017-02-111-0/+1
| | | | | | | | | | | | | BRANCH=none BUG=chromium:684354 TEST=rm tests/testkeys/key_rsa2048*; make genkeys -j8 Change-Id: I6c75d2d54faf7a02c8fc4ef1ccc8647809c1aae8 Reviewed-on: https://chromium-review.googlesource.com/438949 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
* signature_digest/SignatureDigest: convert vb2_crypto to hash algorithmNicolas Boichat2017-02-111-6/+11
| | | | | | | | | | | | | | | | We were passing the wrong value to PrependDigestInfo. Let's also refactor the function a little bit. BRANCH=none BUG=chromium:689371 TEST=make gentestcases; git status => no change Change-Id: I0244c3f3de05b33b7ddd21e93a266faf34f2c239 Reviewed-on: https://chromium-review.googlesource.com/439086 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
View Lorry Controller Status