| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The firmware updater now looks at CBFS 'FW_MAIN_A' (RW A) and if a text
file 'updater_quirks' is found, the contents will be fetched to setup
default quirks.
This helps sharing same customization across multiple firmware images
(for different models) shared by same unibuild OS image. Without that,
we have to maintain a large list of hard-coded model names in firmware
updater source.
BRANCH=none
BUG=b:169284414
TEST=make runtests
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Change-Id: I938bffe9f16bc3adee0dc3efb6976efe581c6d8c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2426093
Reviewed-by: Karthikeyan Ramasubramanian <kramasub@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we fail reading a GPT header, we memset() the respective buffer to 0
to avoid operating on uninitialized bytes. We should do the same for the
GPT entries array.
BRANCH=None
BUG=chromium:1137521
TEST=make runtests
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I1019eaf5e9ab05cd9953a15874f4931766952d88
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2469601
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In recent Intel platforms, updating Management Engine (ME) while SoC is in
S0 state is an unsupported use-case. To work-around this issue for the
devices that are in development, specifically during firmware update,
this quirk is added to preserve the ME region. In the subsequent boot,
ME region is updated as part of boot firmware update upstart script.
BUG=b:165590952
BRANCH=None
TEST=With the quirk enabled, ensured that the ME is preserved under the
following scenario:
chromeos-firmwareupdate --mode=autoupdate
chromeos-firmwareupdate --mode=recovery
futility update --mode=autoupdate -a /usr/sbin/chromeos-firmwareupdate
futility update --mode=recovery -a /usr/sbin/chromeos-firmwareupdate
In other scenarios, ME region is not preserved.
Change-Id: I81a52d11d1fb363b7e07ef3439b927449456b28a
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2465286
Tested-by: Karthikeyan Ramasubramanian <kramasub@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Karthikeyan Ramasubramanian <kramasub@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To support loading quirks from external files, we want to skip tab (\t)
and new line characters (\n, \r).
BRANCH=none
BUG=b:169284414
TEST=make runtests
Change-Id: If314d6cf36907837ce9c36b73337976ee0c6fad1
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2467305
Reviewed-by: Karthikeyan Ramasubramanian <kramasub@chromium.org>
Commit-Queue: Karthikeyan Ramasubramanian <kramasub@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This follows steps we have in build image phase to have parity in image
packing.
* Discard reapply selinex context. This looks not needed once
re-signing should not change selinux context. Instead we could do
similar to build image, pass file context to mksquashfs
* Apply mksquashfs params based on image type, container/vm. This
fixes proper block size and image compression algorithm
* Remove old image before packing to prevent mksquashfs merge attempt
BUG=b:170400225
BUG=b:170220295
BUG=b:170219920
BRANCH=none
TEST=locally signed vm (kohaku) and container (hana): arc.Optin*,
arc.Preopt*. Also checked final image size. With this CL it is
reduced to 150Mb(vm) and very close to original image size
(delta is less than 0.1%)
Signed-off-by: Yury Khmel <khmel@chromium.org>
Change-Id: I7037bea68fc2969345a8fabc3c6a9b9b690f02d1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2462005
Reviewed-by: Yusuke Sato <yusukes@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Tested-by: Yury Khmel <khmel@google.com>
Auto-Submit: Yury Khmel <khmel@google.com>
Commit-Queue: Yury Khmel <khmel@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As promised, it's October 2020, nyan_kitty went AUE with M85, and M86
just got pushed stable. That means we can now delete this code :)
BUG=chromium:1090803
BRANCH=none
TEST=compiles
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Change-Id: I5a15ef1e1ad02885af135d8e42d02d492bdd6c05
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2469604
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add three macros in 2api.h for bitmask operations:
- VB2_SET_BIT(mask, index)
- VB2_CLR_BIT(mask, index)
- VB2_GET_BIT(mask, index)
These macros will be used in corresponding depthcharge CLs.
Split disabled_item_mask into:
- disabled_item_mask: Disabled style, but still visible and selectable.
- hidden_item_mask: Not visible.
Ignore selecting on disabled menu items.
Set appropriate disabled_item_mask for page up/down buttons in log
screen.
Revise tests of hidden_item_mask and add unit tests of disabled_item_mask.
BUG=b:163301076, b:146399181
BRANCH=none
TEST=CC=x86_64-pc-linux-gnu-clang;
make clean && make runtests
TEST=CC=x86_64-pc-linux-gnu-clang; DETACHABLE=1;
make clean && make runtests
TEST=CC=x86_64-pc-linux-gnu-clang; PHYSICAL_PRESENCE_KEYBOARD=1;
make clean && make runtests
TEST=CC=x86_64-pc-linux-gnu-clang; DIAGNOSTIC_UI=1;
make clean && make runtests
TEST=Build locally, navigate to debug info screen with <TAB>,
select page up or page down, and observe that nothing happens.
Cq-Depend: chromium:2432168
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: I1607af53f6e2b5c1cde568cb24606314051d2380
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2426154
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Save parameters `timer_disabled` and `error_code` in mocked
vb2ex_displayed_ui calls to check whether the consecutive calls are
duplicate or not.
The unit tests of these parameters will be added in following CLs.
BRANCH=none
BUG=b:146399181, b:156448738
TEST=CC=x86_64-pc-linux-gnu-clang;
make clean && make runtests
TEST=CC=x86_64-pc-linux-gnu-clang; DETACHABLE=1;
make clean && make runtests
TEST=CC=x86_64-pc-linux-gnu-clang; PHYSICAL_PRESENCE_KEYBOARD=1;
make clean && make runtests
TEST=FEATURES=test PKGDIR=/build/puff/test-packages
/mnt/host/source/chromite/bin/parallel_emerge
--sysroot=/build/puff --jobs=32 vboot_reference
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: I2b7c9b6b05d2427e938394ff9d0769fbde81f773
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2449310
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use packed structures to avoid unexpected error about padding.
BUG=b:156448738, b:170186754
BRANCH=none
TEST=CC=x86_64-pc-linux-gnu-clang;
make clean && make runtests
TEST=FEATURES=test PKGDIR=/build/puff/test-packages
/mnt/host/source/chromite/bin/parallel_emerge
--sysroot=/build/puff --jobs=32 vboot_reference
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: Ibdcffe81d92db2880c53282a313ffa678af7d43d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2454911
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:170156734
BRANCH=none
TEST=sign rvc-arc image
Signed-off-by: Victor HSieh <victorhsieh@chromium.org>
Change-Id: I99fc4eb19be6cc785297e223a6603c1d777c5c77
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2458789
Reviewed-by: Yury Khmel <khmel@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:170156734
TEST=run signing script locally
BRANCH=None
Signed-off-by: Victor HSieh <victorhsieh@chromium.org>
Change-Id: I4f045729241b479b56fef5687b721b5b59c2eed8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2450551
Reviewed-by: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This supports new set of certificates plat_mac_permissions.xml and adds
handling media and network_stack certificates.
BRANCH=none
BUG=b:169458218
TEST=Sign test image from goldeneye per instructions in bug, deploy
it to device (kohaku) pass tast.arc.Optin.vm test
Signed-off-by: Yury Khmel <khmel@chromium.org>
Change-Id: I61c4e327eaa605ed60c0c80b3598c0f4fb6e5f5f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2447430
Tested-by: Yury Khmel <khmel@google.com>
Auto-Submit: Yury Khmel <khmel@google.com>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: Yury Khmel <khmel@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For utilities reading text file, it is easier to process as ASCIIZ input
if vb2_readfile can always return a buffer ends with '\0' so we don't
need to pass and check the size.
BUG=None
TEST=make clean && make runtests
BRANCH=None
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Change-Id: Ib6294969fb325b9b7899e6295fb1817ad91a9952
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2426092
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:146399181
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I884ec94adc762549ad565fe0796d3db625039f64
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2428563
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Follow same style as MENU_ITEMS macro for clarity and safety.
BUG=b:146399181
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I9aac27dca763c98fd5ca7e35219163d990c73ab0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2428202
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Header not needed.
BUG=b:146399181
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I84585909db16ce71cf4ba1beba1f6924c9e71457
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2428201
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add vb2ex_hwcrypto_modexp support to accelerate only calculation part of
RSA and we can handle the rest. Instead of relying on opaque hardware
accleration for all RSA verification process, this will enable us to
maintain our security level while enhancing overall speed of
verification.
BRANCH=zork
BUG=b:169157796
TEST=make runtests
Signed-off-by: Kangheui Won <khwon@chromium.org>
Change-Id: I6f9fc919c4215964158815a58a9f1b338c2a76a4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2444809
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To prevent flooding AU logs, we don't want flashrom to print verbose
logs especially when reading system SPI flash. However, if anything goes
wrong it will be very helpful to have all the messages logged.
With this patch, we will try reading system flash again with max verbosity.
BUG=chromium:943262,b:169026171
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I5469182f2628855e65546bef3abf8791261aabca
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1545598
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Setting error_code always implies we need to beep.
BUG=b:146399181
TEST=Build locally
BRANCH=zork
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: I65d790a63739f36dc1db8e22321adbff26d70893
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2397017
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, we only have a beep when the user presses ctrl-u. Adding
an error message to clarify what the error is.
BUG=b:164944674
BRANCH=puff, zork
TEST=boot into developer mode
make sure "boot from external disk" doesn't appear
press ctrl+U and make sure dialog box with error appears
Cq-Depend: chromium:2359765
Signed-off-by: Shelley Chen <shchen@google.com>
Change-Id: Id8fad79802cb61883758e8c7561163cc17fb0f87
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2359768
Tested-by: Shelley Chen <shchen@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Shelley Chen <shchen@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Discovered by CL:2353632, the regular expression for extracting rootfs
partition should include non-digit character first otherwise we won't
get correct number when the partition number is longer than one digit
(e.g., >=10).
BUG=None
TEST=./make_dev_ssd.sh
BRANCH=none
Change-Id: I155e04beec47c55df4d09cb78168ab0a7407c697
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2353776
Reviewed-by: Kuang-che Wu <kcwu@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Handle three different errors in alternate boot:
- VB2_UI_ERROR_ALTERNATE_BOOT_DISABLED
- VB2_UI_ERROR_NO_BOOTLOADER
- VB2_UI_ERROR_ALTERNATE_BOOT_FAILED
BUG=b:146399181, b:161092974
TEST=make clean && make runtests
BRANCH=puff, zork
Cq-Depend: chromium:2384995
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: I1e6572ed4a1c756d6d3727818439de25cad03158
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2382998
Tested-by: Shelley Chen <shchen@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Shelley Chen <shchen@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Force to reacquire a newer firmware log snapshot every time when the
user enters the firmware log screen.
Re-entering (e.g. back from language selection or debug info tab) will
still show the cached firmware log string.
BUG=b:146399181, b:168442372
TEST=make clean && make runtests
TEST=Build locally, navigate to the firmware log screen,
go back, and enter the firmware log screen again.
BRANCH=none
Cq-Depend: chromium:2409742
Change-Id: I8c3eea23446c58603ce698a86f1aca4b264ebb0e
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2411761
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CL:2353775 made the functions tested by vb2_keyblock_fuzzer and
vb2_preamble_fuzzer look at secdata, which broke the fuzzer because they
don't initialize secdata the way a normal boot would. This patch makes
the fuzzers initialize both firmware and kernel secdata explicitly (and
nvdata as well for good measure, although I think it's technically not
needed).
BRANCH=None
BUG=chromium:1125143,chromium:1124172
TEST=None
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Id9aaa4d44a20455133adc4c2bc524895629edfb9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2402423
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The name of a gpiochip can in theory be up to NAME_MAX characters long
(usually 255), which exceeds the length of the 30 byte buffer allocated
for it. In practice we won't need more than the 30 bytes, but the
smaller buffer trips a -Wformat-truncation warning from GCC that makes
the build fail. Make the buffer bigger to keep GCC happy.
BUG=none
BRANCH=none
TEST=make utillib compiles on BeagleBone Black
Change-Id: I528f395033f58057846e717ff126e7a5dca504e3
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2393193
Tested-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When GBB forces developer mode (VB2_GBB_FLAG_FORCE_DEV_SWITCH_ON),
disallow Ctrl-S shortcut in developer screens. Beep and show an error
message when Ctrl-S is pressed.
BRANCH=zork
BUG=b:146399181, b:164975737
TEST=export CC=x86_64-pc-linux-gnu-clang; make runtests
TEST=emerge-nami depthcharge
Cq-Depend: chromium:2397556
Change-Id: I62d18575290498b7ae829c2b3a2ff8dda6679636
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2390593
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The signer uses BLOCKLIST instead of DENYLIST. This patches make the
language match.
BUG=b:163883397
BRANCH=None
TEST=egrep -i -I -r "deny.*list"
TEST=make runtests
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: I47c913eb2ca89cd3eea4ca3ff5f1accb223ba418
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2401968
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:163883397
BRANCH=None
TEST=make runtests
TEST=egrep -r -i -I '(sane|insane)'
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: I109207575e2c00d6aa3b0ed17de7f699087a9658
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2369464
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce alternate boot functionality both via keyboard shortcut
("Ctrl+L") to directly boot into the default alternate bootloader,
and via menu ("Alternate bootloader" on dev screen) to show a screen
listing available bootloaders.
BUG=b:146399181, b:161092974
TEST=make clean && make runtests
BRANCH=puff, zork
Cq-Depend: chromium:2339040
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I28f157936017719dc95656db147967f5e61a1407
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2335017
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Hsuan Ting Chen <roccochen@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Built on FreeBSD 12.1-RELEASE, 13-CURRENT, using gcc9 installed from
packages.
Change-Id: Ifa8bb343c7e916c1b545cf6c1e4bd0a18ea391cd
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2382790
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mosys used to have code (below), which led me to believe that we
always try and leave the last entry unfilled:
memset(blank, 0xff, VBNV_BLOCK_SIZE);
for (index = 0; index < len / VBNV_BLOCK_SIZE; index++) {
unsigned int offset = index * VBNV_BLOCK_SIZE;
if (!memcmp(blank, &data[offset], VBNV_BLOCK_SIZE))
break;
}
if (index == 0) {
lprintf(LOG_ERR, "VBNV is uninitialized\n");
return -1;
} else if (index >= len) { <---- SEE NOTE
lprintf(LOG_ERR, "VBNV is full\n"); <--- unreachable
return -1;
} else {
return index - 1;
}
The statement at "SEE NOTE" will always be false, so this code fooled
me to believe that we consider VBNV without a row of 0xFF*16 to be
empty.
And so I implemented and wrote unit tests for what I believed the
correct behavior to be :/
Anyway, this is causing us issues since AP firmware does not implement
it that way. So allow the last row to be filled.
BUG=chromium:1112578
BRANCH=none
TEST=unit tests
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Change-Id: Ib3da78eddef69a688d081cdb5391a25000dac9d3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2402385
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL kicks off COIL for vboot_reference.
Currently the global unblocked_terms.txt are in effect. Since
it's identical to the global blocked_terms.txt, nothing is being
blocked.
This patch adds unblocked_terms.txt, which overrides the global one.
Thus, all changes with a word listed in the global blocked_terms.txt
but not in the local unblocked_terms.txt will be blocked.
BUG=b:165908442, b:163883397
BRANCH=None
TEST=Run repohook.
Cq-Depend: chromium:2369239
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: I1618db8e46f2b77397e016c1dfb02f20f66bb3aa
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2369360
Reviewed-by: Bernie Thompson <bhthompson@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=none
BUG=b:156692539, b:156693348
TEST=emerge-hatch vboot_reference
TEST=unittest passed:
( export CC=x86_64-pc-linux-gnu-clang DEBUG=1 MENU_UI=1 DIAGNOSTIC_UI=1
MINIMAL=1 TPM2_MODE= MOCK_TPM=; make clean &&
make -j32 test_setup && make runtests; echo $? )
Cq-Depend: chromium:2322286, chromium:2328704, chromium:2336239
Cq-Depend: chromium:2361823, chromium:2361582
Signed-off-by: Meng-Huan Yu <menghuan@chromium.org>
Change-Id: I8b875b09bd5bcdb65f08c11945b046d2b3c3a113
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2372022
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This script will sign the psp_veratage.bin file and modify the fields as required.
BUG=b:166095736
TEST=create verstage signed with test key.
Change-Id: I234d7902f950a60a816dd5f4d46d3d5afd105489
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2390825
Tested-by: Martin Roth <martinroth@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Martin Roth <martinroth@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to separate the stages of creating the key & using the key as
our HSM tools use different commands for these.
This also means we no longer need a passphrase at all.
BUG=b:166095736
TEST=ran script before & after and made sure output (largely) looked the same
BRANCH=None
Change-Id: Id488789f83c21ffb6263489e3c22531878ceb1f2
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2391219
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Always show page up/down buttons in log screen.
Beep if users select the page up button on the first page or the page
down button on the last page.
BRANCH=puff, zork
BUG=b:146399181, b:163301076
TEST=emerge-puff depthcharge
TEST=emerge-zork depthcharge
TEST=navigate to the debug info screen by <TAB>
Cq-Depend: chromium:2361582
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: I29a567554f9283ea3fca0f58fb31c7056523c2a9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2361823
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=none
BUG=b:156692539, b:156693348
TEST=emerge-hatch vboot_reference
TEST=unittest passed:
( export CC=x86_64-pc-linux-gnu-clang DEBUG=1 MENU_UI=0 DIAGNOSTIC_UI=0
MINIMAL=1 TPM2_MODE= MOCK_TPM=; make clean &&
make -j32 test_setup && make runtests; echo $? )
( export CC=x86_64-pc-linux-gnu-clang DEBUG=1 MENU_UI=1 DIAGNOSTIC_UI=0
MINIMAL=1 TPM2_MODE= MOCK_TPM=; make clean &&
make -j32 test_setup && make runtests; echo $? )
( export CC=x86_64-pc-linux-gnu-clang DEBUG=1 MENU_UI=0 DIAGNOSTIC_UI=1
MINIMAL=1 TPM2_MODE= MOCK_TPM=; make clean &&
make -j32 test_setup && make runtests; echo $? )
( export CC=x86_64-pc-linux-gnu-clang DEBUG=1 MENU_UI=1 DIAGNOSTIC_UI=1
MINIMAL=1 TPM2_MODE= MOCK_TPM=; make clean &&
make -j32 test_setup && make runtests; echo $? )
Cq-Depend: chromium:2193314, chromium:2328704
Signed-off-by: Meng-Huan Yu <menghuan@chromium.org>
Change-Id: I4f3c64ce53b14437cb14d3c1109e14608d082141
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2318590
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CL:2163088 is working on depthcharge side to support refreshing
everything in vboot side, but it is still work in progress.
In the meanwhile, we can have a flag to control the refreshing for
already support refreshing everytime screen.
This flag can be removed after all screens are supported refreshing
everytime in vboot.
BRANCH=none
BUG=b:156692539, b:156693348
TEST=emerge-hatch vboot_reference
TEST=verfied in later CL that the screen is refreshed when the action
callback set this flag.
Signed-off-by: Meng-Huan Yu <menghuan@chromium.org>
Change-Id: Ie76e8dce5186d0acfbc176a4cc8079c3df37fd38
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2336239
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This script is based on previous key generation scripts and on the
AMD document describing their recommendations.
BUG=b:166095736
TEST=Generate keys of different sizes with different passphrases in
various directories.
Change-Id: I76a31f5d592d233282c145a9a4ce5220a2d597d8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2380612
Tested-by: Martin Roth <martinroth@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement firmware log screen which can be accessed from advanced
options menu.
The screen displays a snapshot for the firmware log using the same
layout of debug info screen.
BRANCH=puff, zork
BUG=b:146399181, b:146105976
TEST=CC=x86_64-pc-linux-gnu-clang;
make clean && make runtests
TEST=USE="menu_ui" emerge-puff depthcharge
TEST=USE="menu_ui" emerge-zork depthcharge
TEST=select "advanced options",
and navigate to firmware log screen
Cq-Depend: chromium:2334490
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: I3cb5800d71925aa20ca4d5636172885e23fd0099
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2328241
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our keyblock and preamble fuzzers have been broken since CL:2353775,
because they don't set up secdata in the context which the tested
functions now depend upon. Unfortunately, we got no alerting about
this... I only just happened to look at ClusterFuzz randomly today and
saw an odd break in execution statistics around that date.
With the new code as it is right now, all fuzzing attempts of the
function end up running vb2ex_abort() from the uninitialized secdata. It
would be great if the fuzzer could report every time it ends up in that
function, but it doesn't seem to do that right now. Supposedly it
reports "crashes", but I guess exit(1) is not a crash, so let's switch
the line to abort() and see if that gets me the reporting behavior I
want (before actually fixing the fuzzer).
BRANCH=None
BUG=None
TEST=None
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ie65838f30fa33a7602db253860afc8eeadcac4c6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2389002
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Re-initialize the log screen when going back from another screen.
BRANCH=puff
BUG=b:146399181, b:146105976
TEST=CC=x86_64-pc-linux-gnu-clang;
make clean && make runtests
TEST=USE="menu_ui" emerge-puff depthcharge
when the firmware log screen is implemented,
select "advanced options",
navigate to firmware log screen,
press <TAB> to debug info,
and select back to firmware log screen
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: Ie44805e3bfb14a4a8b660a18a123a184a4c5ea45
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2329224
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
(cherry picked from commit 2cb872fa3056158c35f82a9412e667b69ccf5a49)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2332200
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Developers may want to use the new GBB flags when flashing a firmware
image. That can be done by --factory, but it's also more convenient to
have a new parameter for overriding the flags with a new value.
BRANCH=none
BUG=b:166569397
TEST=make runtests
Change-Id: If9dce9b1f2fbb27655ad2a111ba75ab83375fb7a
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2382991
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Check the variable error_beep to handle the error beep request without
screen state change.
BRANCH=zork
BUG=b:146399181
TEST=USE="menu_ui" emerge-zork depthcharge chromeos-bootimage
TEST=Enter the debug info screen by <TAB>,
select <Page up>, and notice a beep
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: Id31fb06c37e2fee9b2eec1030cec06f22e7de854
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2379585
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add vb2ex_hwcrypto_rsa_verify support for RSA verification.
If firmware implements the function it will used instead of SW
implementation in vboot.
Also separate hwcrypto stubs to 2stub_hwcrypto.c for depthcharge and coreboot.
Depthcharge needs stubs but fails to compile 2stub.c
BRANCH=none
BUG=b:163710320, b:161205813
TEST=make runtests
TEST=check hwcrypto is allowed/disallowed depending on nvmem flag
Change-Id: I85573e7cff31f32043db4b0a6b24b642856024e3
Signed-off-by: Kangheui Won <khwon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2353775
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I don't even want to get into why this is needed. I'm so tired of
having to deal with new clang-specific toolchain bullshit 2-3 times a
year. libzip did this
https://github.com/nih-at/libzip/commit/1d949dd77339fb59605dc8f3a30f76604d693795
and then we upreved to it in CL:2245845 and now building upstream
coreboot in a Chrome OS chroot is broken.
I have to get back to wasting time on the other three random things
that broke when I ran repo sync, so someone please just approve...
BRANCH=None
BUG=None
TEST=None
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ic578e8f8e47f7fafd98d8c3148cbe24d9156886b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2366053
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, VB2_SECDATA_KERNEL_FLAGS controls experimental features
like phone recovery (and its UI), diagnostics entry. All of those
are under recovery screen. In order to allow later update pushes to
enable specific features in write-protected RO, we should not set
those flags in recovery path. Otherwise, it will always toggle back
and forth when booting RO recovery path vs. normal boot path.
BRANCH=puff
BUG=b:165181118
TEST=MENU_UI=0 DIAGNOSTIC_UI=0 make runtests
TEST=MENU_UI=0 DIAGNOSTIC_UI=1 make runtests
TEST=MENU_UI=1 DIAGNOSTIC_UI=0 make runtests
TEST=MENU_UI=1 DIAGNOSTIC_UI=1 make runtests
TEST=Cherry-pick locally to ToT of firmware-puff-13324.B with
chromium:2360066 to manually check flags on Kaisa device.
Change-Id: I7ec45b4ecfa6d50781cec2690dbc88894c734073
Signed-off-by: Chun-Ta Lin <itspeter@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2361983
Tested-by: Chun-ta Lin <itspeter@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Chun-ta Lin <itspeter@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce new prototype for HW RSA accleration. This is not used
on anywhere yet but will unblock coreboot work to support HW RSA.
BRANCH=none
BUG=b:163710320, b:161205813
TEST=make runtests; emerge-zork coreboot depthcharge
Change-Id: Ic4b93f32410efdd06bd012efe58749b6ef0692c6
Signed-off-by: Kangheui Won <khwon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2364338
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Google is working to change its source code to use more inclusive
language. To that end, replace the term "blacklist" & "whitelist"
with inclusive alternatives.
chrome-internal:3214766, chrome-internal:3214767, chrome-internal:3214831
will be checked in separately. They refer to a pinned vboot_reference.
So, this patch won't affect the signer until the pin is moved.
BUG=b:163883397
BRANCH=None
TEST=grep -ir "white*list"
TEST=grep -ir "black*list"
TEST=make runtests
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: Iff98b55713b3c7381ba092ff14b50141b8422cf2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2353421
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Google is working to change its source code to use more inclusive
language. To that end, replace the term "sanity" with inclusive
alternatives.
BUG=b:163883397
BRANCH=None
TEST=grep -ir sanity
TEST=make runtests
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: I708a044d89050c442f14fb11a8ae5e98490d56af
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2353420
Reviewed-by: Julius Werner <jwerner@chromium.org>
|