| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
| |
No need to have two implementations of this now.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I18bac928eb09971c37f3e1d7cbfd2009999b1f31
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400899
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
No need to have two implementations of this now.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: Id3348eae80c5d85451981a44729164ff59f88648
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/399121
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Originally, we didn't trust the firmware to provide these functions from
a standard library. Now, with coreboot, we do.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I4e624c40085f2b665275a38624340b2f6aabcf11
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/399120
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
find: A p is added betwen device name and partition whenever the last
character of a device is a number, as written in disk_name() in kernel
block/partition-generic.c file.
debug_vboot: Add regex for nvme device.
BUG=chromium:655192
BRANCH=none
TEST=Check that when a machine boots from NVMe, chromeos-setgoodkernel
set "successful" field properly.
Run " dev_debug_vboot --cleanup", check the NVMe device kernel
partitions are verified.
Change-Id: I6a9342c95500fa582f51f06e48c1ff90684c2a27
Signed-off-by: Gwendal Grignou <gwendal@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/398338
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change fixes errors reported by coreboot toolchain.
BUG=chromium:649554
BRANCH=none
TEST=make runtests
Change-Id: Icd61899718af64b3d199fff37bbea2ccec6ab2cd
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400666
Commit-Ready: Dan Shi <dshi@google.com>
Reviewed-by: Martin Roth <martinroth@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes futility-bdb --create take --load_address parameter,
which sets the load address field in the BDB header.
BUG=chromium:649554
BRANCH=none
TEST=make runtests
$ futility bdb --resign test/futility/data/bin.bdb --data_version 2
then futility show --type bdb test/futility/data/bin.bdb
Change-Id: Ib4dec86c2a043e0989c91bbc01f39776e3630e4c
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/399594
Commit-Ready: Daisuke Nojiri <dnojiri@google.com>
Tested-by: Daisuke Nojiri <dnojiri@google.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes futility-bdb command take --data_version parameter.
BUG=chromium:649554
BRANCH=none
TEST=make runtests
$ futility bdb --resign test/futility/data/bin.bdb --data_version 2
then futility show --type bdb test/futility/data/bin.bdb
Change-Id: I567d5879555f4ae7382fc47ef79135e7a13b7600
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/399593
Commit-Ready: Daisuke Nojiri <dnojiri@google.com>
Tested-by: Daisuke Nojiri <dnojiri@google.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes futility show command dump more information
of the BDB header.
BUG=chromium:649554
BRANCH=none
TEST=make runtests
$ futility show --type bdb ~/tmp/rotor/bin/coreboot.rom
Change-Id: I8a10ed03b673879ab80f777b34863e670d37cd8c
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/399061
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes futility show command dump information of the
signatures found in a BDB.
BUG=chromium:649554
BRANCH=none
TEST=make runtests
$ futility show --type bdb ~/tmp/rotor/bin/coreboot.rom
Change-Id: I168dcd5adf237ec9989f43e3834577257e9a10ff
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/399060
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes futility show command dump information of the keys
found in a BDB.
BUG=chromium:649554
BRANCH=none
TEST=make runtests. run futility show tests/futility/data/bdb.bin
Change-Id: I82bb3956b043adf1febe42941618608865525da2
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/399059
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes futility show command to dump data header information
in a BDB. # of hashes is used to verify 'futility bdb --add' can add a
hash in the unit test.
BUG=chromium:649554
BRANCH=none
TEST=make runtests. run futility show tests/futility/data/bdb.bin
BDB Header:
Struct Version: 0x1:0x0
BDB key digest: c7895611c24efb2249d97376189eeee07def6bcd8ab162a3850d279354f08ddf
size: 1176
Data Header:
Struct Version: 0x1:0x0
# of Hashes: 2
Hash Entry Size:56
Signed Size: 272
Description:
Hash #0:
Offset: 0x2
Size: 35
Partition: 3
Type: 1
Load Address: 0x4
Digest: 72bcf33f448465f035bd58e4b61501db925e67c89feb4a70cb909d8b425861f4
Hash #1:
Offset: 0x2
Size: 35
Partition: 3
Type: 1
Load Address: 0x4
Digest: 72bcf33f448465f035bd58e4b61501db925e67c89feb4a70cb909d8b425861f4
Change-Id: I88934b761236f36a5d607c96f6f2543a62e50b68
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/392949
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch makes futility show command print out hash information.
BUG=chromium:649555
BRANCH=none
TEST=make runtests. Ran futility show tests/futility/data/bdb.bin.
Change-Id: I4d0e933b7b9dca6548aa8488d9ca85b8692a5d49
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/392948
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vboot_reference originally used 2-space indentation, rather than
kernel-style tabs. This makes it painful to maintain given that newer
source files are kernel-style.
Re-indent the files that need it, and reflow comments.
No functionality changes.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: I7dabed41f69434b1988a52600c0cb1eac8c8d7e6
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/396488
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For a device with bootcache support (such as parrot), the kernel config
contains bootcache args (reference: device_map_args in
build_kernel_image.sh). When removing rootfs verification, bootcache
should be disabled, equivalently we should remove bootcache args.
BRANCH=vboot_reference
BUG=chromium:590606
TEST=tested on parrot device with ./build_image --board=parrot test.
After installing the image on device,
(1) run sudo /usr/share/vboot/bin/make_dev_ssd.sh
--remove_rootfs_verification
(2) reboot
The bootloop bug is fixed.
Change-Id: I56ca5f2d98e00e1117611959a67ce72338ec7377
Reviewed-on: https://chromium-review.googlesource.com/395386
Commit-Ready: Qiang Xu <warx@chromium.org>
Tested-by: Qiang Xu <warx@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Qiang Xu <warx@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
test_bdb.sh is failing because sp-rw.bin is missing. Adding sp-rw.bin.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: I7cb892077e424bdfa5f723051a7ebbbda04f14c2
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/396393
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bdb_get_hash_by_index returns a hash entry from a BDB using an index.
bdb_get_hash is also renamed to bdb_get_hash_by_type. bdb_get_hash
is deprecated. Callers are expected to call bdb_get_hash_by_index(buf, 0)
instead.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: Id99926123c0ac9094574eb057c63f79eceda2867
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/392947
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When --ignore_key_digest is specified, futility bdb --verify command
returns success even if the key digest didn't match. Warning message
will be printed to remind the digest wasn't checked.
BUG=chromium:649554
BRANCH=none
TEST=Tested as follows:
$ build/futility/futility bdb --verify tests/futility/data/bdb.bin \
--ignore_key_digest
BDB is valid. Key digest doesn't match but ignored.
$ echo $?
0
Change-Id: I996b0a4f7bbbcf546e2d958f28c5ee8fb251fb99
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/392946
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, test macros print out 'desc' regardless 'comment' is specified
or not. This patch makes TEST_EQ print 'desc' only if 'comment' is not
supplied.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: I9cc3c9a9561534352ae0315dfea983f2c212b909
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/388859
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:649554
BRANCH=none
TEST=make runtests
Change-Id: Id33911a1a05375f860c38ee6df3f98fa59066acf
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/388734
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:649554
BRANCH=none
TEST=make runtests
Change-Id: Ie774a64e9abd6de8f0f96567f6f6a2e930a8624c
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/388733
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This script will be testing futility bdb command.
BUG=chromium:649554
BRANCH=none
TEST=make runtests
Change-Id: I3c5b9f9564b3cc67cac4eca02798b8146feeb072
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/388732
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes futility show command support boot block descriptor (BDB)
of the common boot flow.
BUG=chromium:649554
BRANCH=none
TEST=make runtests. Ran futility show bdb.bin.
Change-Id: I5f199a32ab1c268351e822e37ed39e41ae19bc7a
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/388631
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds 'verify' sub-command to futility bdb. It verifies a BDB.
If a key digest is given, it also checks the validity of the embedded
BDB key.
BUG=chromium:649554
BRANCH=none
TEST=make runtests. Ran futility bdb --create, --add, --resign, --verify.
Change-Id: Ie19dc0f067c3c6ce65b2b6184bad14b49b188f6d
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/387906
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
'resign' sub-command signs a BDB using keys provided. It can resign only
the data key, the hashes, or both. Required keys vary depending on what
part of BDB is invalid and on what public key is specified in the command
line. It then detects what key is needed based on
the verification result and fails if the required key is not provided.
BUG=chromium:649554
BRANCH=none
TEST=make runtests. Ran futility bdb --create, --add, --resign, --verify
Change-Id: I589a5972f1d7e5066eb56e1c5efb4ee7089d41cd
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/387118
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
futility bdb --add appends a new hash entry to the given BDB.
The resulting BDB does not have a valid signature and is expected to
be resigned by 'resign' sub-command after all hashes are added.
BUG=chromium:649554
BRANCH=none
TEST=make runtest. Ran futility bdb --add, then --resign, then --verify
(to be implemented)
Change-Id: Icdf185f8ac268a23bb3954f5e78df6f80e749e18
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/387117
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds BDB_ERROR_DATA_CHECK_SIG and BD_ERROR_DATA_SIGNED_SIZE
to distiniguish data signature validation errors.
'futility bdb --resign' uses these to decide whether to resign is needed
or not.
BUG=chromium:649554
BRANCH=none
TEST=make runtests
Change-Id: I19137801ece2424ae575092c51d02664c8b73ba3
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/386795
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bdb command manipulates BDBs. '--create' sub-command creates a BDB.
Other sub-commands will follow in the successive patches.
BUG=chromium:649554
BRANCH=none
TEST=make runtests. Ran futility bdb --create using test keys and verify
it with bdb --verify (to be implemented).
Change-Id: Ib0a6165ac93efc7478b9d999d3c837d47cf81ddd
Reviewed-on: https://chromium-review.googlesource.com/386794
Commit-Ready: Daisuke Nojiri <dnojiri@chromium.org>
Tested-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Assorted minor code issues, which we should fix so any new errors stand
out more.
BUG=chromium:643769
BRANCH=none
TEST=make runtests
Change-Id: I82ece2de948ef224115c408bdfc09445d3da119b
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/390337
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Verified boot has "TPM anti-rollback check" that prohibits booting
firmware if the device has been installed with a firmware that has
higher signing version. This is causing problems when people are trying
to use make_dev_firmware script on MP devices (which usually has a
higher version than DEV keyset, which is always 1).
Previously, make_dev_firmware won't alert about this so developers will
first see boot failure, figure out what happened, and then either uprev
the devkeys folder manually (which we don't provide scripts on DUT so
it's hard), or reset the device by using factory reset shim.
Since make_dev_firmware already knows all information, it should check
and increase version number automatically.
This change has implemented checking and increasing 'firmware version'.
The 'data key version' is also checked, but increasing that is more
complicated and we probably don't have all required tools yet on DUT,
so it is only checked.
Also added one flag --[no]mod_hwid so MP device users can keep their HWID
easier, when they need to switch back and forth between DEV / real MP
firmware.
BRANCH=none
BUG=none
TEST=Grab a firmware from daisy mp-v4.bin and do
./make_dev_firmware.sh -f bios.bin -t out.bin --nomod_hwid
Change-Id: If81ef60e6debdcd1c6d899b5a2c03bdacb4fd4f7
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/390871
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
bdb_extend prints out secrets derived from the given BDS based on
the given BDB.
BUG=chromium:649555
BRANCH=none
TEST=make runtests. Ran bdb_extend -s bds.bin -b bdb.bin (with/without -m)
Change-Id: I8d9f73468992dad4cb93a422c0eae0977be9a16f
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/385539
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
These APIs return size and offsets of BDB components. They help code
look more descriptive.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: I29326e249d9f2b88d5716f878f8415703f63360c
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/388813
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds code which dervies secrets from BDS. It's supposed to be
done by SP-RO, hence the code is mostly useful for testing (or emulation).
vba_extend_secrets_ro takes a function pointer to a hash extend
function. It'll be used to try different sha256 extend algorithms.
BUG=chromium:649555
BRANCH=none
TEST=make runtests
Change-Id: I8fef6b851fb84686d8bcdd948b36160016687c51
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/384354
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If key digest matching is not required (i.e. verify-bdb-key efuse
flag is not set), bdb_verify skips digest matching. This change makes
bdb_verify accept null pointer for the key digest parameter.
BUG=chromium:649555
BRANCH=none
TEST=make runtests
Change-Id: I14e5bd02526684b7b7bca1e1701cf04056df83ea
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/385538
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The lab use test image (non-signed) to run CTS, so we still need to switch key to make a test pass (which blacklist Google's dev key).
This reverts commit b94145a309131f23d49a08dd94fc26247621da65.
TEST=None
BUG=b:29915721,b:31373710
Change-Id: I0873d13b606f3e49b9d055e9dd081d3dacd97c65
Reviewed-on: https://chromium-review.googlesource.com/388636
Commit-Ready: Victor Hsieh <victorhsieh@chromium.org>
Tested-by: Victor Hsieh <victorhsieh@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Defining these symbols weakly causes the output executable to hit
segmentation fault because ld chooses *UND* symbols over the definition
when they appear in *.a archive:
$ objdump -t build/libvboot_utilbdb.a
bdb.o:
0000000000000000 w *UND* 0000000000000000 bdb_rsa4096_verify
...
rsa.o
000000000000061f w F .text 0000000000000111 bdb_rsa4096_verify
...
This happens regardless whether the symbol is referenced or not;
or whether the object defining the symbol appears earlier than the
reference or not.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: Ib53a9010f2afdc2ba59369fb145aef4381db30d3
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/387905
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, test macros print out 'desc' regardless 'comment' is specified
or not. This patch makes 'desc' printed out only if 'comment' is not
supplied.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: I146d681b0d3cb7d41c7f80b71c59418a0250fc17
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/385159
Commit-Ready: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The version of unsquashfs that is shipped with Trusty does not correctly
file capabilities, even though the target filesystem supports them. This
change forces the Android signer script to prefer the pre-built binaries
for mksquashfs/unsquashfs in order for the file capabilities to be
preserved.
BUG=b:31630024
BRANCH=none
TEST=Called sign_android_image.sh locally, saw capabilities preserved
across repeated invocations.
CQ-DEPEND=CL:*289356
Change-Id: I13e8782edb699eb4ce8bcf82885bd474f4351430
Reviewed-on: https://chromium-review.googlesource.com/387867
Commit-Ready: Luis Hector Chavez <lhchavez@google.com>
Tested-by: Luis Hector Chavez <lhchavez@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An earlier commit had added this:
ifeq (${TPM2_MODE},)
# TODO(apronin): tests for TPM2 case?
TEST_NAMES += \
tests/tlcl_tests \
tests/rollback_index2_tests
endif
but left this:
.PHONY: runmisctests
runmisctests: test_setup
${RUNTEST} ${BUILD_RUN}/tests/rollback_index2_tests
[...]
${RUNTEST} ${BUILD_RUN}/tests/tlcl_tests
So if TPM2_MODE is not null, those two test targets won't be
built. This CL puts those two into the same guard, so that
they won't be attempted if they're not built.
BUG=chrome-os-partner:57727
BRANCH=all
TEST=manual
Before, this fails:
FEATURES=test emerge-reef vboot_reference
Now, it passes.
Change-Id: Ic00f9f867d3d9c719d797907f00fda8bc5044504
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/388711
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We use these features on the signer, so move the logic here so it's
in the public code.
BUG=None
TEST=`./create_new_keys.sh --key-name hihya --output foo --android` worked
BRANCH=None
Change-Id: I85d6fdbafd99a1b94bc90e26cbc17ba801614914
Reviewed-on: https://chromium-review.googlesource.com/388673
Reviewed-by: David Riley <davidriley@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=b:29915721
TEST=`./create_new_keys.sh --android` includes android keys
BRANCH=None
Change-Id: Ibb00b87921435ac5b70a297324ddf60563dc08d8
Reviewed-on: https://chromium-review.googlesource.com/386905
Reviewed-by: Victor Hsieh <victorhsieh@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Assorted minor code issues, which we should fix so any new errors stand
out more.
BUG=chromium:643769
BRANCH=none
TEST=make runtests
Change-Id: I927571f8a30794c70228506afe4da3eda86f765b
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/383953
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Assorted minor code issues, which we should fix so any new errors stand
out more.
BUG=chromium:643769
BRANCH=none
TEST=make runtests
Change-Id: I8fcf0c51e33d5dc49f650f4069f1579091cf188d
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/383713
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Assorted minor code issues, which we should fix so any new errors stand
out more.
BUG=chromium:643769
BRANCH=none
TEST=make runtests
Change-Id: Ifcb50b3dfcc3d376bf6803e9c06f8e68dafd51a0
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/382611
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Assorted minor code issues, which we should fix so any new errors stand
out more.
BUG=chromium:643769
BRANCH=none
TEST=make runtests
Change-Id: Ib37b45dea54bd506b519b0304300b8d192e34339
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/382319
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'key.versions' file is used by the image signing scripts to
ensure that newly generated keys and re-signed buildbot images
have the correct version numbers to avoid rollback in
officially-signed Chrome OS images.
If a skilled user is re-keying her Chromebook to use personal
keys in normal mode (which requires disabling WP and changing the
GBB and VBLOCK_A/B), she can avoid clearing the TPM rollback
counters if make_dev_firmware.sh will obtain the firmware_version
from the key.versions file in her personal key directory.
BUG=none
BRANCH=none
TEST=make runtests, manual tests
Extract an MP-signed BIOS from a Chromebook Peppy.
flashrom -p host -r peppy.bin
Resign it without this CL:
make_dev_firmware.sh -f peppy.bin -k tests/devkeys -t dev_peppy.bin
Resign it with this CL:
make_dev_firmware.sh -f peppy.bin -k tests/devkeys -t dev_peppy_new.bin
Confirm no difference:
cmp dev_peppy.bin dev_peppy_new.bin
Temporarily edit tests/devkeys/key.versions to contain
firmware_key_version=2
firmware_version=3
kernel_key_version=4
kernel_version=5
Resign again:
make_dev_firmware.sh -f peppy.bin -k tests/devkeys -t dev_peppy_new2.bin
Confirm that the only difference is the firmware version in VBLOCK_A/B:
futility show dev_peppy_new*.bin
Change-Id: I133f1b58fb969eaeb239a44a4800750c4eee1d5f
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/383887
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We switched to different debug keys so the signature needs to be
updated.
TEST=sign_official_image with the new recovery image, failed before this
change bug succeeded after.
BUG=chromium:645628
Change-Id: I58236222c26f90268de80dc99f22d84650e67bb7
Reviewed-on: https://chromium-review.googlesource.com/383900
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Victor Hsieh <victorhsieh@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bit 2 in the GPT partition attributes has been allocated as the legacy
bios boot (equivalent to the "active" or "boot" flag in MBR). If we
try to boot images on newer x86 systems, syslinux dies because it can't
find any GPT partition marked bootable.
Update the various parts of cgpt add & show to manage this bit. Now we
can run:
cgpt add -i 12 -B 1 chromiumos_image.bin
And the EFI partition will be marked bootable.
BUG=chromium:644845
TEST=vboot_reference unittests pass
TEST=booted an amd64-generic disk image via USB on a generic laptop
BRANCH=None
Change-Id: I78e17b8df5b0c61e9e2d8a3c703e6d5ad230fe92
Reviewed-on: https://chromium-review.googlesource.com/382411
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The documentation claims the -A option shows the raw 64-bit attributes
field when in reality it only shows the high reserved 16-bits. Change
the docs to match the code.
BUG=chromium:644845
TEST=vboot_reference unittests pass
BRANCH=None
Change-Id: If163896ddbca0dc27ac8205db313031e73a68fd7
Reviewed-on: https://chromium-review.googlesource.com/382431
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most of the cmd funcs had the same logic copied & pasted multiple times
over. Unify them into a common header.
BUG=chromium:644845
TEST=precq passes
TEST=passing invalid args to some funcs is caught
BRANCH=None
Change-Id: Ib7212bcbb17da1135b2508a52910aac37ee8e6cd
Reviewed-on: https://chromium-review.googlesource.com/382691
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In CL:378661 we removed dev_firmware* from tests/devkey but that also makes
futility unit tests to fail.
This changes signing test scripts to first check if dev_firmware* keys exist,
and only use it (and test ZGB signing results) if available.
BRANCH=none
BUG=chrome-os-partner:52568,chrome-os-partner:56917
TEST=make runfutiltests; make runtests;
add dev_firmware* back; run tests again and success.
Change-Id: If42c8404baf183edf5c8dbeadf537efa8ad571ec
Reviewed-on: https://chromium-review.googlesource.com/381151
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
