| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For options only available in long-form (--something), we should encode
using enum OPT_SOMETHING instead of random characters.
Also added dummy --update_ec, --update_pd, and --check_keys because
getopt* needs to have them explicitly defined (while the original
shflags will generate both --cmd and --nocmd automatically).
BUG=chromium:943262
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I701d88f6f5c346581651ed4f8bf004203672e209
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1569145
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CCD via Servo v4 or SuzyQ-like cables is becoming more popular so more
developers want to flash firmware with that, and it seems better to
have one short cut
'--ccd' instead of always typing '--wp=0 --force --fast -p raiden_debug_spi'.
BUG=None
TEST=make futil; build/futility/futility update --ccd -i image.bin -v
BRANCH=None
Change-Id: I0ca8c49a46cc5f8f87fb4dc1936ac9eb0a889baa
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1564235
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Workbuf should be allocated and free'd by vboot caller.
BUG=b:124141368, chromium:951692
TEST=make clean && make runtests
CQ-DEPEND=CL:1563872
BRANCH=none
Change-Id: Ibaa70f62c660d46cc083a5e55a73b961eb813649
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1560716
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order for vb2_shared_data to cross application boundaries,
it needs magic and version fields.
These can be initialized in vb2_init_context, which is called
implicitly via vb2api_fw_phase1 and vb2api_fail.
On re-init, check fields for validity.
BUG=b:124141368, b:124192753
TEST=make clean && make runtests
BRANCH=none
Change-Id: I90005833836f13f60813bdf82f0e4dbb8d9afecd
Reviewed-on: https://chromium-review.googlesource.com/1521406
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If firmware diagnostics is enabled allow the user to lauch diagnostics
from the OS broken screen. Currently diagnostics can only be launched
from the recovery screen.
BUG=b:130244249
TEST=Tested on arcada device
make runmisctests
BRANCH=none
Change-Id: Ic6946338605599ea7411b5658acb2c6fc960a782
Signed-off-by: Mathew King <mathewk@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1564448
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CL:1517061 pulled vb2_context storage up to a higher level in the
call stack. It also changed vboot_api_kernel{4,5}_tests to use
the same context object as that used for VbExNvStorageRead and
VbExNvStorageWrite calls.
These tests were already initializing the vb2_context workbuf.
Since VbSelectAndLoadKernel and VbVerifyMemoryBootImage both
initialize the context object internally, ctx.workbuf was being
overwritten as part of the call, causing issues later on when
calling free(). (See chromium:946970 for more details.)
Separate these two context objects to clarify which one is being
used as an NVRAM backend, and which one is the classical
"context" object passed around in vboot flow. Also remove the
NVRAM context's workbuf, since it is not used.
BUG=b:124141368, chromium:946970
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ic1da92ce754e61d4102ca8a6eb9587cd8d9eca10
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1547711
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No need to check for a package that is only needed for a few targets.
BUG=chromium:683381
TEST=no more "Package yaml-0.1 was not found in the pkg-config search
path." when emerge'ing sys-boot/coreboot
Change-Id: I56cacea59d9ac13ee3ba587e475e1ff451e535a9
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1564472
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When flashrom execution failed, it is not very easy to debug what went
wrong especially when loading system active firmware (-r).
The log may say SUCCEED (or no obvious error) and updater simply reports
failure. Reporting the returned termination status should help.
BUG=chromium:943262
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I4ea09b3d62ebf77eda98084accac582f841e7f7a
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1545590
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Copy hammer_dev.bin to temporary file before running
`futility sign` to avoid permissions issue when running
under ebuild environment.
Also correct an indentation issue.
BUG=chromium:950425, chromium:605348
TEST=FEATURES=test USE=cros_host ebuild vboot_reference-9999.ebuild test
BRANCH=none
Change-Id: I689be46d30b7bf78c6643e88a094e4f4ab311e20
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1557662
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this debug builds will fail.
BUG=none
TEST=USE=debug emerge-sarien depthcharge libpayload chromeos-bootimage
BRANCH=none
Change-Id: Iff182a116e89a8144a2102b288ea87fa75ff8885
Signed-off-by: Mathew King <mathewk@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1553920
Reviewed-by: Raul E Rangel <rrangel@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We haven't used the easter egg screen since Mario. Time to get rid of
that code.
BRANCH=None
BUG=None
TEST=Booted Kevin.
Change-Id: I8f403f296ebb2a3d14ba6a70f12cd13a58e67b64
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1548303
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
VbDisplayDebugInfo() currently redraws the screen before displaying
debug info for no apparent reason. This should generally not be
necessary because the debug output doesn't tend to change, so redrawing
it over old debug output works fine on its own. Removing this gets rid
of an unnecessary flicker.
BRANCH=None
BUG=None
TEST=Hit Tab a few times on Kevin, flicker is less noticable.
Change-Id: I1e82ece1d25274461fa306c0ab821251a90a2692
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1548302
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new debug output using the HWID font looks pretty, but it does bring
a few new UX issues since it often completely overlays the main firmware
screen. This patch adds the ability to force redrawing the screen (i.e.
dismissing any debug text that might be on there) by pressing Esc (which
is probably the most natural thing a user would press to try to get rid
of the text). This check for Esc happens after any other key checks, so
pressing it at the TO_DEV screen will still return you to the recovery
screen (as it has before).
I also noticed some problems when dismissing debug info by selecting a
different menu option in the detachable UI: we don't normally redraw the
whole screen when switching between options, so this will still leave
the debug output in the background (which is usable but ugly). With this
patch the detachable UI will always redraw the screen on the first draw
request after displaying debug info.
BRANCH=None
BUG=None
TEST=Manually went through affected transitions on Kevin (both clamshell
and detachable).
Change-Id: Ifadbc1a258bb7a7f8029e0f1f1786230aa724ae5
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1548301
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Shelley Chen <shchen@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of chromium:942901, physical dev switch functionality
is being deprecated.
After coreboot CL:1541323 is merged, VBSD_HONOR_VIRT_DEV_SWITCH
will no longer be used, and can be renamed.
BUG=b:124141368, b:124192753, chromium:942901
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
CQ-DEPEND=CL:1541323
BRANCH=none
Change-Id: I4f304565f581b21658771336c6f70f0edcfe0e29
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1526072
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of chromium:942901, physical dev switch functionality
is being deprecated.
After CL:1541322 is merged, VB2_CONTEXT_FORCE_DEVELOPER_MODE
will no longer be used, and can be renamed.
(See: src/security/vboot/vboot_logic.c)
BUG=b:124141368, b:124192753, chromium:942901
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
CQ-DEPEND=CL:1541322
BRANCH=none
Change-Id: I3a401a59dc80cb42617a8f3a485d303aa3484c92
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1526071
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In case jq does not find a node in the JSON file, it still returns
with exit code of 0, it just prints 'null' instead of the expected
node value.
This patch adds processing this error condition, which makes it easier
to troubleshoot the case of misconfigured Cr50 signing manifest.
BRANCH=none
BUG=b:74100307
TEST=tried using the script with a manifest which does not have the
node of board_id_flags defined. Observed error message of
...sign_cr50_firmware.sh: ERROR : bid_flags not found in...
instead of previous error reported as
...sign_cr50_firmware.sh: line 53: null: unbound variable
Change-Id: I70acff7a3331b01f0f964f2942bf2806a2af8691
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1537260
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of chromium:942901, physical dev switch functionality
is being deprecated.
BUG=chromiumos:942901
TEST=make clean && make runtests
BRANCH=none
Change-Id: I84d35a3eade6272896e7f9c3c43e87bba090f132
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1539435
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vboot_reference has a set of "external" functions which are
defined by the client and linked in at compile time.
Instead of creating a separate return code for each unimplemented
external function, group them all into one.
BUG=chromium:944804
TEST=make clean && make runtests
BRANCH=None
Change-Id: Ic3896572c71aabf99590758c7fc3848b61f9e078
Reviewed-on: https://chromium-review.googlesource.com/1539433
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vboot Makefile contains a target library called
libtinyvboot_host.a, and claims it is used by autoupdate
installer since it must sometimes be a 32-bit executable.
(See CL:44442.)
As far as I can tell, this lib is no longer used, and we can
safely remove it:
(1) I don't see any mention of this file in any repo's git
history:
$ repo list | sed -e 's@ :.*@@' | while read dir;
do ( cd $dir; out=`git --no-pager log --no-renames -p -Svboot_host |
grep tinyvboot_host`; [ -z "$out" ] || echo "$dir\n$out" ); done;
src/platform/vboot_reference
+TINYHOSTLIB = ${BUILD}/libtinyvboot_host.a
(2) The library doesn't get installed in vboot_reference's
ebuild.
BUG=b:124141368, chromium:440078
TEST=build vboot_reference
BRANCH=none
Change-Id: I0ff41f0596f911ac1d969bfabcdaab7fc2c883f7
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1535459
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of chromium:942901, physical dev switch functionality
is being deprecated.
VB2_CONTEXT_FORCE_DEVELOPER_MODE is for the express purpose
of enabling developer mode when the physical dev switch is
on. (See: coreboot's src/security/vboot/vboot_logic.c)
Remove the check of this context flag for deciding whether
developer mode is enabled.
In order to retain a path to developer mode on devices
with physical dev switch, this CL depends on
VBSD_HONOR_VIRT_DEV_SWITCH check being removed first
(see CL:1526070). (Alternately, we can wait for CB:31943
to be merged and pulled downstream.)
This constant will be marked as deprecated in a subsequent
CL, once the coreboot CL has been pulled downstream.
BUG=b:124141368, b:124192753, chromium:942901
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
CQ-DEPEND=CL:1526070
BRANCH=none
Change-Id: I81b54b9e2b8d3c6f9c00b40dd0771cda0585037c
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1524757
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of chromium:942901, physical dev switch functionality
is being deprecated.
As such, we no longer need to specify the flag
VBSD_HONOR_VIRT_DEV_SWITCH -- the virtual dev switch should
always be honoured.
Additionally, there is no longer a need to check this flag
when looking up the value for crossystem devsw_cur.
This constant will be marked as deprecated in a subsequent
CL.
BUG=b:124141368, b:124192753, chromium:942901
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
BRANCH=none
Change-Id: Ib1ab86d79b039650136f1038c23175f5990895db
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1526070
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The original purpose of vb2_context is to provide one shared
state object through the entirety of one particular application.
Pull the creation of vb2_context up to a higher level in order to
work towards this goal.
BUG=b:124141368
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
CQ-DEPEND=CL:1517179
BRANCH=none
Change-Id: I7c454afddb2b525895d9945b081b14b29100892c
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1517061
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of chromium:942901, physical dev switch functionality
is being deprecated.
There is no longer any need to provide devsw_virtual flag
in crossystem.
BUG=b:124141368, b:124192753, chromium:942901
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
TEST=Check for references to devsw_virtual in code search
BRANCH=none
Change-Id: Id80ec1de8c43909ce2ff661744622d2ea36030a6
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1526069
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:128419534
TEST=make runmisctests
BRANCH=none
Change-Id: I1b3403cbe9ce93d9341c7ce32277d75462da894f
Signed-off-by: Mathew King <mathewk@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1521216
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:127843397
TEST=Tested set and confirm screens on local arcada device
BRANCH=none
Change-Id: Ifafba3fd32a79131cf1d2059ef2147c074f3a3b6
Reviewed-on: https://chromium-review.googlesource.com/1529751
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mathew King <mathewk@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When signing Cr50 images, Board ID flags and major version number
fields of the manifest must follow the following convention:
- even major version numbers indicate pre-pvt branch, Board ID flag
bit 0x10 must be set;
- odd major version numbers indicate mp branch, Board ID flag bit
0x10000 must be set;
BRANCH=none
BUG=b:74100307
TEST=extracted pre-pvt branch produced Cr50 tarball into /tmp/cr50.cp,
and ran the following command:
scripts/image_signing/sign_cr50_firmware.sh /tmp/cr50.cp tests/devkeys \
signed
observed successful completion. Modified
/tmp/cr50.cp/ec_RW-manifest-prod.json to set major version number
to 3 instead of 4 and tried again, got the following error, as
expected:
sign_cr50_firmware.sh: ERROR : Inconsistent manifest \
/tmp/cr50.cp/ec_RW-manifest-prod.json: major = "3", board_id_flags = "16"
Change-Id: Ic123df4396d7d497347de40a5ff448940c0b1982
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1321410
Reviewed-by: David Riley <davidriley@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes sure that Cr50 manifest included in the builder
produced tarball is stripped to remove the comments before it is given
to jq for processing.
Also a little clean up.
BRANCH=none
BUG=b:74100307
TEST=tested as described in the next patch.
Change-Id: I4852fea7c21752c45fcfe4cc60d45f264f142bab
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1529387
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds diagnostic mode. When enabled for a board (based on
defconfig in depthcharge) the user can press Ctrl-C or F12 at a recovery
mode screen, at which point an nv bit is set and the system reboots.
Upon reboot, if the nv bit is set then the user is prompted to confirm
launch of the diagnostic rom via the power button. If user confirms
then the diagnostic payload is verified and run (if verify fails or
payload doesn't run then a recovery reason is recorded and system
reboots to recovery mode). If the user does not confirm then the system
reboots.
BUG=b:124358784
BRANCH=None
TEST=Locally built and flashed using change that enabled feature for atlas
and set to use payload 2 (tianocore) rather than 5 (diagnostic). Confirmed
that Ctrl-C is functional or not based on defconfig and that Ctrl-C
sets NV bit and reboots. Confirmed that NV bit can be set and
queried via crossystem. Confirmed that during boot confirmation screen
appears or not based on NV bit. Confirmed that pressing power button
caused payload to be verified and run. Confirmed that non-matching hash
(build configured to use sha1 rather than sha256) caused payload to not
be run and system reboot to recovery. Confirmed that Esc or timeout
caused system to reboot.
CQ-DEPEND=CL:1471056
Change-Id: I8979d4eeb443bf64b727ee86a814c46d1d27ff37
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1470723
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change allocates a bit in the nvram that will be used
in a later change to tell the firmware whether to detour
to diagnostic mode during boot.
BUG=b:124358784
BRANCH=None
TEST=Local build and ran "make runtests". Verified with a later
change that the nvram bit takes effect as expected.
Change-Id: If2fd3f46da30fc7375d37b240e3e745819ae0632
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1504758
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vb2_run_altfw() can jump to run a legacy payload, so this change
adds a call to vb2_nv_commit() to commit any pending changes
to nvram before making the jump.
The call to commit requires a vb2_context, so the majority of this
change is to plumb this context through various functions.
BUG=b:124358784
BRANCH=None
TEST=local compile. Tested with a later change that helps confirm
that a pending nvram change is written before jumping.
Change-Id: Ib32980527aa07357d62dd695a6ff479e8c918cf8
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1504757
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds some #defines to assist with converting
between microseconds (usec), milliseconds (msec) and full
seconds.
BUG=b:124358784
BRANCH=None
TEST=Local build and also ran "make runtests"
Change-Id: I0fd43ccb42bbd42f9ed319a29eb4015b48c879bb
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1504756
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add vboot2 callback for tpm_set_mode.
This is mostly a cherry-pick of these:
https://chromium-review.googlesource.com/c/1354139
https://chromium-review.googlesource.com/c/1365293
The re-enable of the tpm is now performed by coreboot
so this version doesn't implement tpm_get_mode.
BUG=b:124358784
BRANCH=None
TEST=compile vboot_reference and depthcharge
CQ-DEPEND=CL:1471195
Change-Id: I4168b50650e22f35ad9c66d49f34b689c46a36e1
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1470962
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Keith Short <keithshort@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:128419017
TEST=Tested on arcada by forcing VbExSetVendorData to return an error
and verified that error message is shown
BRANCH=None
Change-Id: I9aa33f88fcb40c1f8d8c60848653654470ac1925
Signed-off-by: Mathew King <mathewk@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1521215
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The primary purpose of this change is to add a flag to VbExGetSwitches()
so the current user physical presence (via the status of the power button)
can be queried.
The flags have also been renamed from the historical _INIT_ use to
_SWITCH_ to reflect the current/actual API they're used with.
BUG=b:124358784
BRANCH=none
TEST=Locally built and flashed. Confirmed that the power button status
can be queried when the power button is disabled.
CQ-DEPEND=CL:1470273
Change-Id: I579ebe657ae35fb866eb30b466e8e8c16f54e584
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1471190
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove:
- VB2_DISABLE_DEVELOPER_MODE
- VB2_SD_DEV_MODE_ENABLED
(Both have been renamed.)
coreboot dependencies: CB:31297, CB:31298
BUG=b:124141368
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
BRANCH=none
Change-Id: Ic50e5e327e5b192af3aa103e4b36ff7ed8631c8f
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1506681
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Patrick Georgi <pgeorgi@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Not everyone uses /mnt/host/source as their development
environment. If running "make runtests" from a different
directory, test_show_contents.sh fails, reporting different
stdout for the various futility tests that it runs.
Update test_show_contents.sh to use relative test paths, and
update the expected output of futility runs.
Also fix consistency of quoted variables.
BUG=b:124141368
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
BRANCH=none
Change-Id: I35fd81734b6318a506613eb4f04bb7055709feef
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1517062
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DriveOpen mallocs a couple of buffers, but DriveClose only freed them if a
particular flag was passed causing GptSave to be called. Move the free calls
out of GptSave so that the buffers are always freed, and add DriveClose calls
to a couple of cgpt functions that are missing them.
BUG=chromium:940543
TEST=precq passes, manual testing with cgpt/valgrind shows that memory leaks
for cgpt find, show are fixed.
BRANCH=none
Change-Id: I58aeddfa6b8b4715ba4f8e064e95a660371a01c9
Reviewed-on: https://chromium-review.googlesource.com/1516413
Commit-Ready: Fletcher Woodruff <fletcherw@chromium.org>
Tested-by: Fletcher Woodruff <fletcherw@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is largely a cherry-pick of CL:1133598
- Externalize vb2_digest_buffer function to vb2api_digest_buffer.
- Change VbExLegacy()'s altfw_num parameter from int to enum so
caller can specify which specific payload to run.
BUG=b:124358784
BRANCH=None
TEST=Local compile. Verified with subsequent change that legacy boot
still works and new functionality can opt-in to and utilize payload
verification.
CQ-DEPEND=CL:1471053
Change-Id: I9700c2e38c3cfa255eeff72ce416295af9d076fb
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1471051
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The comments said remount was avoided due to loop offset usage which,
while true, isn't the only reason. We can't remount rw without first
calling enable_rw_mount to clear the invalid bits in the fs header.
Update the comment to reflect that and switch to our mount helper as
it will call that for us.
BUG=chromium:938958
TEST=precq passes & signing unittests pass
BRANCH=None
Change-Id: I1063bc84befebddc942a3dec05e8f33ea834db30
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1522089
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Newer kernels seem to be buggy when using loop mounts with offsets.
Switch to using `losetup -P` everywhere as that doesn't seem to run
into the bug.
BUG=chromium:938958
TEST=precq passes & signing unittests pass
BRANCH=None
Change-Id: I3c35436708d0a4b2c5c1900406503e753f88a53c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1521065
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In CL:1495054 the updater has different logic when the firmware image
has FMAP_AREA_PRESERVE in FMAP flags. This needs to be verified in unit
test.
The new test tries to set 010=0x08 (FMAP_AREA_PRESERVE) in RO_VPD area flag
but not RW_VPD, with RO and RW VPD both being provisioned in source
(from) image. The legacy path would update both while the new path will
only update RO, so we can make sure the flag-based preservation is
working as expected.
BUG=chromium:936768
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I07d232444344397b80344ccc9b56f8af3256e043
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1514452
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When write protection is not enabled and updater sees TPM Anti-Rollback
failure, the log will only report TPM failure (example: crbug.com/937961).
This is hard to figure out if the failure was caused by re-key or other
reasons.
In try-rw and rw update, the updater will always check rootkey
compatibility before checking TPM anti-rollback, so we should do the
same thing on full update (RO+RW). With this change, the updater will
report key mismatch before failing with TPM anti-rollback.
BUG=chromium:937961
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I2f035450995387b198f990467e4f416e6c7b746e
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1514007
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We are recently seeing more and more issues that mosys on early build of
devices can't report model properly and caused recovery to fail.
For single-model manifest, the updater used to double check if "mosys
platform name" matches the single model name for unibuild devices
(non-empty signature_id); however this is not really necessary since we
have other platform checks and key checks.
Remove the check and always return the single model to simplify
development in early stage.
BUG=None
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I1bb901dc9661623cd1161dde6ee4573c5da958a7
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1513997
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
List two switches with their documentation in vb2_api.h:
- NEED_VB2_SHA_LIBRARY
- NEED_VB20_INTERNALS
BUG=b:124141368, b:124192753
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
BRANCH=none
Change-Id: I91798f9211ddb09fa57cc958f6c9a662b9d41192
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1480751
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
coreboot uses the C preprocessor on its linker scripts to
allow evaluation of macros when defining memory layout.
Move constants from 2api.h to an independent file in order
to allow for coreboot to use these constants in its memlayout
file, without needing to include the entire vboot API.
Note this commit creates two new header files:
- firmware/2lib/include/2constants.h: contains the constants
- firmware/include/vb2_constants.h: externally importable header
Also, rename VB2_WORKBUF_RECOMMENDED_SIZE to
VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE for clarity.
BUG=b:124141368, b:124192753
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
BRANCH=none
Change-Id: Id17c6955b67e51cb048b10b4be0901c0e9110a1f
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1504490
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
VbExDisplayDebugInfo() was invented for the TAB display that dumps a
whole lot of possibly interesting debug data to the screen. Since some
debug data is only available to the calling firmware, the convention has
always been that the calling firmware is supposed to append any of its
own debug data it thinks may be relevant to the output.
Later, the function was reused to print small info messages that give
the user a hint what went wrong when a Ctrl+U or Ctrl+L fails
(unlocalized, of course, but better than nothing). The calling firmware
is not aware of this new use case, so every time vboot prints a
"WARNING: Ctrl+L not enabled" sort of message on the screen, depthcharge
also dumps the firmware IDs and TPM state below it.
This patch introduces a new parameter to the function to make the two
differing use cases clear to the calling firmware.
CQ-DEPEND=CL:1496903
BRANCH=None
BUG=None
TEST=with other patches
Change-Id: I52a1e764189508130fea562ad6d53bcefb1fce64
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1497038
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
VbExDisplayScreen/Menu() can fail for many reasons... most often because
some asset that was part of the intended screen couldn't be found. Most
of the errors are permanent and will not get better by trying again.
The respective vboot wrapper functions track the last screen change that
was requested so that we don't keep drawing the same screen over and
over again for every keyboard poll. The current code does not update
this tracking when there was an error during drawing, but the benefit of
this is questionable... those errors usually mean that some part wasn't
drawn correctly, but they don't mean "please keep trying". This problem
is currently worked around in depthcharge by just always passing
VBERROR_SUCCESS even if the underlying screen drawing calls failed, but
it seems cleaner not to hide this error from vboot and instead make
vboot deal with it better.
BRANCH=None
BUG=None
TEST=Navigated through some menus both with and without bitmaps in CBFS.
Change-Id: I3d86a5150fddce9fab18189b2b706960d429b2b7
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1497037
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Mathew King <mathewk@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Unibuild, the white label models may use (per model) PreMP key for
devices without VPD 'whitelabel_tag' - this helps dogfooders and lab
machines to run and update properly.
BUG=b:126800200
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=none
Change-Id: I7249e3fb1a2b7ab8ed281d2aa317aee6cde8f8db
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1501614
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Futility has two debug facilities: the Debug() function that can be
enabled by passing --debug on the command line, and the VB2_DEBUG()
macro (mostly in common code from the firmware/ directory that it
includes) which can only be enabled by passing DEBUG=1 at build time.
This is confusing and inconvenient, since you don't always want to
rebuild futility whenever you need that extra debug output and it's not
very obvious that you can get even more debugging beyond just passing
--debug.
This patch resolves the inconsistency by merging both facilities
together into a single VB2_DEBUG() that is output when passing --debug.
In order to make this work, we'll have to move the VBOOT_DEBUG #define
so that it only affects the stub implementation of vb2ex_printf(), and
any caller overriding the stub is in charge of their own destiny. This
should be okay since callers can still individually implement debugging
policy in their versions of vb2ex_printf() if they want to. (This may
have been useful to cut down the binary space for debugging strings, but
our firmware has always been unconditionally enabling VBOOT_DEBUG in the
past years, so that doesn't seem to be very important in practice.)
BRANCH=None
BUG=None
TEST=Ran futility --debug show, noticed I got all the extra keyblock
verification debug output I always wanted.
Change-Id: I9a5c205fc3673941b50f03f2a967b1be110a1555
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1504140
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many projects started their initial builds without knowing that some
sections must be preserved when being updated. This may be solved by
adding section name to 'preserved' list in firmware updater (for
instance, CL:1239797), or include that section as sub area of
{RO,RW}_PRESERVE.
However, there are problems in both solutions. For example, installing
an older image will run old updater, which will not preserve the new
names. Also, if there are multiple sections must be preserved (and not
contiguous - see CL:1493629) there will be problems. Additionally,
changing FMAP layout usually causes more problems.
As a result, adding the description in FMAP area would be the better
idea. A new FMAP_AREA_PRESERVE suggests firmware updater to preserve
a section if possible. In Coreboot, this can be easily set in *.fmd
using flag (PRESERVE). See https://review.coreboot.org/31709 for
example.
BUG=chromium:936768
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ie56f65dd418faa97ffb78b1acff613e7d7e268b8
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1495054
Reviewed-by: Julius Werner <jwerner@chromium.org>
|