| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use pkg-config to link with libcrosid when it's available.
Note that when futility is compiled from the coreboot tree, libcrosid
won't be available, at least at the moment, so expose -DUSE_CROSID to
the C code so we know when we have it available.
BUG=b:213251232
BRANCH=none
TEST=emerge-volteer -j vboot_reference
"lddtree /build/volteer/usr/bin/futility" lists libcrosid
Cq-Depend: chromium:3367251
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Change-Id: I8e69c5ce4570ac9df72440d0a34b6b03b5a36e77
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3368703
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't need the MOUNT_ENCRYPTED_KEY_PATH after we replaced the stale
TPM simulator with the driver-level TPM simulator.
It's time to remove it.
BUG=b:203195852, b:174807059
BRANCH=none
TEST=crossystem clear_tpm_owner_request=1
Signed-off-by: Yi Chou <yich@google.com>
Change-Id: I7c1c9c16697b1bbda9adea13448fdb9cffd9cc7b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3358669
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Leo Lai <cylai@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix flags missed in CL:3306615.
BUG=b:206031372
TEST=make runtests
TEST=sudo emerge-guybrush sys-boot/depthcharge
BRANCH=none
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: Idbb205bb9e14f44a10806785fb9f7b29572f0626
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3347667
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Jakub Czapiga <czapiga@google.com>
Commit-Queue: Jakub Czapiga <czapiga@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some users of futility do not need flashrom support such
as upstream coreboot. Allow for explicitly enabling the
paths.
BUG=b:203715651,b:209702505
BRANCH=none
TEST=builds
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: I61095bf91e3d01bd008d3b790478a590758e88cd
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3350299
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
Commit-Queue: Hsuan Ting Chen <roccochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Separate out all the flashrom worker code used in futility
to allow for later building a futility without flashrom
support.
BUG=b:203715651,b:209702505
BRANCH=none
TEST=builds
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: I938141056424f8f93a598bbb288ee7c8770edc95
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3350298
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are multiple flashrom calling wrapping code implementations
within vboot_ref. Work towards making a singular canonical
implementation.
BUG=b:207808292
BRANCH=none
TEST=`make`
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: I8e133a11b777b4e80bb4e43a64a5349956cef8eb
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3325329
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Nikolai Artemiev <nartemiev@google.com>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Until now some variables had to be unset or set to NULL to disable their
respective features. This patch makes it possible to disable variables
by passing zero as a value.
BUG=b:206031372
TEST=make runtests
TEST=sudo emerge-guybrush sys-boot/depthcharge
BRANCH=none
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: I1c254ac8ea3237615a20334ba6a66c09a4abd791
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3306615
Tested-by: Jakub Czapiga <czapiga@google.com>
Auto-Submit: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Jakub Czapiga <czapiga@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DETACHABLE and PHYSICAL_PRESENCE_KEYBOARD are unused in the code and can
be removed from the Makefile.
BUG=b:206031372
TEST=make runtests
BRANCH=none
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: I6d91f8bfa8342c95959014c3a0efcccf02f1d915
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3306614
Tested-by: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Jakub Czapiga <czapiga@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This utility is used in key generation, so it really belongs in the SDK.
However, some autotests currently also want to generate keys on the DUT.
So let's just install it to both.
BUG=b:207452735
TEST=FEATURES=test emerge-dedede vboot_reference
TEST=sudo emerge vboot_reference && which dumpRSAPublicKey
BRANCH=none
Change-Id: Ic2395a10557773acffa22ea3c9a1e01cf581053b
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3299839
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current rules for 'utils_install_sdk' and 'utils_install_board'
individually install the required list of binaries and scripts. When
there are overlapping files in 'UTIL_NAMES_SDK' and 'UTIL_NAMES_BOARD',
the second executed rule will fail with duplicate installation.
Instead of having a single phony target that installs all the files,
define a rule 'util_install-<FILE>' for each file to ensure that each
one will be installed at most once.
BUG=b:207452735
TEST=make runtests
TEST=emerge-dedede vboot_reference
TEST=FEATURES=test emerge-dedede vboot_reference
TEST=sudo emerge vboot_reference
BRANCH=none
Change-Id: I24c23a61c4ff7de851bf11541bc46c963bf35c22
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3299836
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BOOT_EXTERNAL_ON_DEV was not used anymore, so it was removed from the
Makefile and source code.
BUG=b:206031372
BRANCH=none
TEST=make runtests
TEST=emerge-guybrush depthcharge
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: I463a77f2de8f59954704495708025321ca1571d8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3289345
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Jakub Czapiga <czapiga@google.com>
Commit-Queue: Jakub Czapiga <czapiga@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use libflashrom API over sub-processing the flashrom CLI.
Squash in,
vboot_reference/futility: Use image layout as fallback
Use the layout encoding within the image as the fallback if
we cannot read it from ROM. Also cleanup error paths while
here.
BUG=b:203715651
BRANCH=none
TEST=cros deploy to nocturne and ran:
`/usr/sbin/chromeos-firmwareupdate --mode=recovery --wp=1`.
&& `$ cros_run_unit_tests --board nocturne --packages vboot_reference`.
Cq-Depend: chromium:3249690, chromium:3281062, chromium:3288610
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: I892aec510d8023abd42a07cbb036be79bc8b4498
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3247852
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Sam McNally <sammc@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The help text of the new subcommand is as follows:
-------
This utility creates an RO verification space in the Chrome OS AP
firmware image or allows to validate a previously prepared image
containing the RO verification space.
Usage: futilitygscvd PARAMS <AP FIRMWARE FILE> [<root key hash>]
Creation of RO Verification space:
Required PARAMS:
-R|--ranges STRING Comma separated colon delimited
hex tuples <offset>:<size>, the
areas of the RO covered by the
signature
-r|--root_pub_key <file> The main public key, in .vbpubk
format, used to verify platform
key
-k|--keyblock <file> Signed platform public key in
.keyblock format, used for run
time RO verifcation
-p|--platform_priv <file> Private platform key in .vbprivk
format, used for signing RO
verification data
Optional PARAMS:
[--outfile] OUTFILE Output firmware image containing
RO verification information
Validation of RO Verification space:
The only required parameter is <AP FIRMWARE FILE>, if optional
<root key hash> is given, it is compared to the hash of the body
of the root key found in <AP_FIRMWARE_FILE>.
-h|--help Print this message
-------
When creating GVD section, the sha256 hash of the root public key
payload is printed on stdout, this is the hash to include in the GSC
image to for the root key verification.
Code converting ASCII hex string into binary is refactored into a misc
function.
BRANCH=none
BUG=b:141191727
TEST=testing included the following steps:
. modified guybrush coreboot to allocate an 8KB RO_GSCVD area in
FMAP and built a guybrush BIOS image
. filled GVD space as described in the source file comments
. verified the created space as described in the source file comments
. verified AP RO integrity on the GSC size using crrev.com/c/3172256
Change-Id: I51a80be5007a32d5286b93499f71da84f41b3d81
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3174570
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add new rule 'install_dut_test' to deploy dut-specific tests to the
device. Any tests included in the rule will be installed into
/usr/share/vboot/tests/.
Especially vb2_sha256_x86_tests uses sha-ni extension, which might not
be available on some platforms. So it needs to be deployed to the dut
and run there.
BUG=b:162551138
BRANCH=none
TEST=build with modified ebuild on hana & guybrush
Signed-off-by: Kangheui Won <khwon@chromium.org>
Change-Id: I9c6e00c8a9aca192ae283560383417c1215c221f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3141250
Reviewed-by: Raul E Rangel <rrangel@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add VbTryLoadMiniOsKernel() to vboot API, which boots from a miniOS
recovery kernel located on internal disk. In this boot path, an attempt
is made to verify and boot this kernel. Recovery proceeds from within
the miniOS kernel by downloading a recovery image over the network. No
USB disk is used in the process.
For more information, see go/nbr-firmware.
BUG=b:188121855, b:186682292
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ic4d1fe5642a2bf71c51c78fd7830ad2b6e9eebeb
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2856364
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By passing TEST_PRINT=1 to make, VBOOT_DEBUG symbol will be defined and
hence cause the stub vb2ex_printf() to print to stderr. Note that
DEBUG=1 will also imply VBOOT_DEBUG as before.
BUG=none
TEST=make clean && TEST_PRINT=0 make run2tests
TEST=make clean && TEST_PRINT=1 make run2tests
BRANCH=none
Change-Id: I39353f7fdec0167aa054501bda9d6e23bf66b732
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3161533
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since all the screens and tests are already moved to depthcharge
in previous CLs, remove all internal UI functions and tests from
vboot.
BUG=b:172339016
TEST=DEBUG=1 make -j test_setup && make -j runtests
BRANCH=none
Signed-off-by: edisonhello <edisonhello@google.com>
Change-Id: Ifbd005a5761e5c354e010fc70487a63cd17cf4b3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3139540
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL is a part of centralizing ui codes. The removed screens and unit
tests will be added in depthcharge.
Remove diagnostics menu, diagnostics storage and memory checking screens.
Remove unit tests for above screens and menu.
BUG=b:172339016
TEST=export CC=x86_64-pc-linux-gnu-clang DEBUG=1 DETACHABLE=0; \
make -j test_setup && make -j runtests
TEST=export CC=x86_64-pc-linux-gnu-clang DEBUG=1 DETACHABLE=1; \
make -j test_setup && make -j runtests
BRANCH=none
Cq-Depend: chromium:3138687
Signed-off-by: edisonhello <edisonhello@google.com>
Change-Id: I5eb1bee6a5f1aedb77298acbddab20156c1c086e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3139537
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These don't really belong together. We can get two cleaner test
files by splitting them apart.
This CL is part of a series to merge vboot1 and vboot2.0
kernel verification code; see b/181739551.
BUG=b:181739551, b:172337800, b:124141368
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Idaa4c36214cc98bffdc50bdb5c071673829250ee
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3039164
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DIAGNOSTIC_UI is indirectly decided by the diag_payload and minidiag use
flag from depthcharge.
But with introducing the diagnostic boot mode, coreboot also needs to
build minidiag utility functions and enable this building flag.
Therefore we consider to deprecate DIAGNOSTIC_UI and always build them.
For diag_payload:
It is for a diagnostic tool which based on legacy UI and deprecated
For minidiag:
Mini-diag is set default enabled for newer devices, and we could still
use kernel secdata in runtime if we decide to disable it on certain
platforms.
In conclusion, deprecating DIAGNOSTIC_UI will not affect newer devices.
BUG=b:190796342, b:181931817
BRANCH=none
TEST=emerge-volteer depthcharge
TEST=emerge-volteer coreboot
TEST=CC=x86_64-pc-linux-gnu-clang;
make clean && make runtests
Cq-Depend: chromium:3004223
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: I0d804bcd9d31d3952c744a1926ac59cde7b7f841
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3006114
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Latest x86 processors have SHA256 extension which can accelerate hash
computation in vboot.
This is especially helpful on low-end devices where sha256 computation
takes 70ms-90ms, with this CL it is reduced to 10ms.
BUG=b:162551138
BRANCH=zork
TEST=build and boot, check cbmem -t
TEST=run vb2_sha256_x86_tests on dirinboz
Signed-off-by: Kangheui Won <khwon@chromium.org>
Change-Id: I50e123048d54d5061e8d8e0e0ae804a416130948
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2639457
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
Reviewed-by: Raul E Rangel <rrangel@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Raul E Rangel <rrangel@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vboot has grown code that requires optimizations (notably dead code
elimination) to be enabled to work right and avoid linker reference
errors. For example, the VB2_TRY() macro may or may not emit a call to
vb2api_fail(), based on whether a `ctx` argument was passed. This is
done through an if-statement with a compile-time constant condition, but
the compiler will only actually omit the vb2api_fail() call instruction
when optimizations are enabled. Not all vboot build targets (e.g.
hostlib) provide the vb2api_fail() symbol, so disabling optimizations
may cause link failures for those targets.
GCC and clang offer an -Og option that only enables simple optimizations
(like dead-code elimination) which don't interfere with debugging...
let's just use that instead.
BRANCH=None
BUG=None
TEST=None
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ia972dc498839df80af6ccae8a8203e8c63a5eadc
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2986801
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Relocate currently-in-use kernel struct functions out
of lib20 namespace, and into:
* 2struct.c for functions required at runtime
* host_common.c for functions required by host
Relocate firmware struct functions from 2common.c
into 2struct.c
vb2_common.h may be deleted as a result.
This CL is part of a series to merge vboot1 and vboot2.0
kernel verification code; see b/181739551.
BUG=b:181739551
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ic162d9633b6112ddc4a819b3e58d313dc484f304
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2825269
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This was done on OpenBSD 6.8.
Required packages are: e2fsprogs and gcc.
Change-Id: I86ec080e1ddb90053d81f1edd17d3406e7e737c6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2903352
Reviewed-by: Patrick Georgi <pgeorgi@chromium.org>
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Commit-Queue: Patrick Georgi <pgeorgi@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ryu was a canceled Chrome OS project (it launched with Android
instead).
6 years later and this unused code is still kicking around. Delete
it.
BUG=b:186777279
BRANCH=none
TEST=compile futility
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Change-Id: Ic359413bc22a51ac8839e3e062234b1fd99a262c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2861022
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This piece of code caused serious issues in b/184559695, and it
seems like we have no active users at the moment.
We can punt the decision to remove the code entirely, but for now,
let's stop building and executing it, leaving it to potential
users to fix it up, and refactor/cleanup/test the code.
BRANCH=none
BUG=b:184812319
TEST=`make` does not build `cgpt_wrapper` or any SPI-NOR code.
TEST=`make GPT_SPI_NOR=1` does build it.
TEST=`emerge-$BOARD -v vboot_reference && \
cros deploy $IP vboot_reference`
`cgpt find -t kernel` does not print any RW_GPT-related errors
anymore.
Change-Id: Ie081f372964807caa1b121059288ae761f2f8e43
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2814132
Commit-Queue: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After implemented the driver-level TPM2.0 simulator on VM boards, the
mount-encrypted would use the vTPM to encrypted the file system.
We would need to remove the TPM simulator NVChip when we want to
hard reset the TPM on VM.
And we don't need to remove the mount-encrypted key after we landed
the driver-level TPM simulator on all VM boards.
BUG=b:174807059
BRANCH=none
TEST=crossystem clear_tpm_owner_request=1
TEST=crossystem clear_tpm_owner_request // showing the right value
Cq-Depend: chromium:2576865, chromium:2638953
Signed-off-by: Yi Chou <yich@google.com>
Change-Id: Iba2c9b93ed9e558a9163542dfc1fbcb738c1d83d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2576867
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No longer used with new vboot UI; remove.
(Missed this in the prior removal of legacy UI code.)
BUG=b:167643628, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I01383071dee6257921547302fe4a2977b3521195
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2641342
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move vb2ex_mtime stub from vboot_api_stub_init
into 2lib/2stub.c in vboot2 namespace.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ica27630090f854e1abc56acae0294b68deb74a0f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2635676
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lib20/packed_key.c functions are currently called throughout
2lib namespace, so move to 2lib/2packed_key.c.
Move function declarations from vb2_common.h to 2packed_key.h,
and include 2packed_key.h from 2common.h.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I151b2d41cbbfa1bfd03de301bd4ee69c49e81f3b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2635220
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lib20/misc.c contains only functions related to firmware
verification, which are currently called from 2lib/2api.c,
so move this to 2lib/2firmware.c.
Move its unit test file accordingly.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ibaeea168ed5055d47d4be86f5b3bb0f803f97dad
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2635219
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:146399181, b:167643628
TEST=make clean && make runtests
TEST=Build and flash to device
BRANCH=none
Cq-Depend: chromium:2512739
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ia8d95451d55142fbe9acaa6e49de9b5abe134083
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2512740
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to the gcc docs:
-fPIE
These options are similar to -fpic and -fPIC, but generated position
independent code can be only linked into executables
Example failure when linking against shared library:
FAILED: lib/libbrillo-core.so
x86_64-cros-linux-gnu-clang++ -shared -Wl,-O2 -Wl,--as-needed
-Wl,--gc-sections -Wl,--icf=all -Wl,-z,relro -Wl,-z,noexecstack
-Wl,-z,now -Wl,--as-needed --sysroot=/build/hatch -o
./lib/libbrillo-core.so -Wl,-soname=libbrillo-core.so
@lib/libbrillo-core.so.rsp
ld.lld: error: relocation R_X86_64_PC32 cannot be used against symbol
subprocess_stdin; recompile with -fPIC
>>> defined in
/build/hatch/usr/lib/../lib64/libvboot_host.a(subprocess.o)
>>> referenced by subprocess.c:278 (host/lib/subprocess.c:278)
>>> subprocess.o:(subprocess_run) in archive
/build/hatch/usr/lib/../lib64/libvboot_host.a
BRANCH=none
BUG=b:174578361
TEST=FEATURES="test" emerge-hatch vboot_reference
Change-Id: I5cda8dbe87d20d1b4b659459d861bc04f492e3e5
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2568259
Commit-Queue: Julius Werner <jwerner@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Test for warning flags that older gcc versions don't support
and only use them if supported.
BUG=none
TEST=vboot builds with gcc 4.9, ensured with manual tests that the
test_ccflag operator works correctly.
Change-Id: I14c8cbe9a687981f195d481f744db12d8877a3e0
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2550799
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Commit-Queue: Patrick Georgi <pgeorgi@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
They're not needed on the host (except for tests) and they trigger
a bug in GCC 4.9 (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=49132).
This way futility remains buildable with such an old host compiler,
even if firmware builds and serious work (with tests) needs a newer
compiler.
Error message averted (sample):
firmware/2lib/2ui_screens.c:17:32: error: initializer element is not constant
#define MENU_ITEMS(a) ((struct vb2_menu){ \
^
firmware/2lib/2ui_screens.c:1231:10: note: in expansion of macro 'MENU_ITEMS'
.menu = MENU_ITEMS(diagnostics_memory_items),
^
Change-Id: Ic5bd16e4d252df4297d57c5d41436f4322a1445c
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2553422
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Commit-Queue: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL would give VM boards the ability to hard reset TPM.
When clearing TPM ownership on real devices, there are two things
would happen:
1. TPM reset all of its NVRAM data.
2. mount-encrypted can't decrypt old encrypted partition.
The TPM2.0 simulator put its NV space at "/var/lib/trunks/NVChip".
And "/var/lib" is under encrypted partition.
Remove the mount-encrypted key would cause mount-encrypted lost the
encrypted partition on next boot, and it would simply achieve those
two targets.
BUG=b:170785530
BRANCH=none
TEST=crossystem clear_tpm_owner_request=1
Cq-Depend: chromium:2501904
Signed-off-by: Yi Chou <yich@google.com>
Change-Id: Ifeff0cf03bf76706849905816d22024f3d1b952f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2470577
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:163883397
BRANCH=None
TEST=make runtests
TEST=egrep -r -i -I '(sane|insane)'
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: I109207575e2c00d6aa3b0ed17de7f699087a9658
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2369464
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Built on FreeBSD 12.1-RELEASE, 13-CURRENT, using gcc9 installed from
packages.
Change-Id: Ifa8bb343c7e916c1b545cf6c1e4bd0a18ea391cd
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2382790
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add vb2ex_hwcrypto_rsa_verify support for RSA verification.
If firmware implements the function it will used instead of SW
implementation in vboot.
Also separate hwcrypto stubs to 2stub_hwcrypto.c for depthcharge and coreboot.
Depthcharge needs stubs but fails to compile 2stub.c
BRANCH=none
BUG=b:163710320, b:161205813
TEST=make runtests
TEST=check hwcrypto is allowed/disallowed depending on nvmem flag
Change-Id: I85573e7cff31f32043db4b0a6b24b642856024e3
Signed-off-by: Kangheui Won <khwon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2353775
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit cd78ae54a2f7ccec9ef0216b633d1b4626d14af0.
Reason for revert: broke snapshot builders
BUG=chromium:1108724
TEST=None
Original change's description:
> Makefile: Add dumpRSAPublicKey to SDK utilities
>
> This utility is used in key generation, so it really belongs in the SDK.
> However, some autotests currently also want to generate keys on the DUT.
> So let's just install it to both.
>
> BRANCH=none
> BUG=none
> TEST=sudo emerge
>
> Signed-off-by: Julius Werner <jwerner@chromium.org>
> Change-Id: I8b69b284d2a1c15f1fb17e1bb7be43a6215cd42d
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2298661
> Reviewed-by: Joel Kitching <kitching@chromium.org>
Bug: none
Change-Id: Ia868c8c5f4a7269e25ef38a51157bbd90ac24064
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2315562
Reviewed-by: Wu-Cheng Li <wuchengli@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: Wu-Cheng Li <wuchengli@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This utility is used in key generation, so it really belongs in the SDK.
However, some autotests currently also want to generate keys on the DUT.
So let's just install it to both.
BRANCH=none
BUG=none
TEST=sudo emerge
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I8b69b284d2a1c15f1fb17e1bb7be43a6215cd42d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2298661
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We appear to intend to supply --gc-sections all the time, but the
calling environment may provide its own LDFLAGS which will override
this.
BUG=none
TEST=build for both SDK and target; watch (with V=1) that --gc-sections
is really supplied
Signed-off-by: Brian Norris <briannorris@chromium.org>
Change-Id: Icdcdc3e730e3898b6058f2e3e750a7cdda87e74b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2283843
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These are linker commands, not compiler (even though we use CC as LD).
Use LDLIBS consistently, and don't provide CFLAGS.
This improves clarity and consistency, even if it still doesn't truly
separate CC and LD.
BUG=none
TEST=build
Cq-Depend: chromium:2285152
Signed-off-by: Brian Norris <briannorris@chromium.org>
Change-Id: Ie54fafdccab5b9c942fc2cc38009c75f3d46a5e4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2281964
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's some code that is architecture specific, but looking at
it, it's code for Chrome OS devices that just happens to be
split along ISA lines.
When building on systems that we don't ship crossystems integration for,
these parts are replaced by stubs that always return error conditions,
which allows building on unsupported ISA (such as POWER).
The issue was reported at https://ticket.coreboot.org/issues/145
where a coreboot user wanted to build a vboot-enabled coreboot
configuration (which builds futility for the signing part) on a
POWER host system, which failed because we lack an implementation
of the crossystem interfaces for POWER.
BUG=none
BRANCH=none
TEST=Built upstream coreboot with a vboot-enabled target inside
qemu-user-ppc64. Doing so works with these patches applied
while it failed without them.
Change-Id: I4aaeb56d4521c426a520bc9a1bb49497bec86c35
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2270096
Commit-Queue: Patrick Georgi <pgeorgi@chromium.org>
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=none
BUG=none
TEST=make runtests
TEST=emerge-puff depthcharge
Cq-Depend: chromium:2241263
Change-Id: I4ebfadda3a41c09662f241f04c251784716784e3
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2241418
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will replace the usage of "mosys nvram vboot {read,write}" on x86
platforms, and all ARM platforms except veyron (chromebooks only) and
nyan_kitty (which use VBNV storage in the ChromeOS EC, deprecated for
new platforms). These affected ARM devices will be going AUE sometime
this summer, and we can expect to remove the mosys usage in crossystem
later this year.
The code to find the active VBNV in SPI flash was modeled to match the
logic in mosys (see mosys/lib/vbnv/vbnv_flash.c).
BUG=chromium:1032351,chromium:1030473,chromium:789276
BRANCH=none
TEST=provided unit tests
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Change-Id: I4f42af2f9a6b0703302635f8d8ebb2d7599d9847
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2218889
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Lightweight wrapper around flashrom, exposing two APIs:
flashrom_read(programmer, region, data_out, size_out)
flashrom_write(programmer, region, data, size)
|region| can be NULL, in which case operate on the whole flash chip.
The intended usage of this wrapper library is to read/write VBNV from
SPI flash directly, avoiding the call thru mosys (which has deprecated
the command). Bringing this logic into crossystem directly will also
help with expanding VBNV to 64-bytes.
BUG=chromium:1032351,chromium:1030473,chromium:789276
BRANCH=none
TEST=provided unit tests
Change-Id: I3997bd03a2db7e58e4e76fc200c637dd3b5b20a4
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2218888
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Use "vboot_ui_legacy" prefix for all legacy UI-related files.
- Merge vboot_display.{c,h} and vboot_ui_legacy_common.c into
vboot_ui_legacy.{c,h}.
- Move VbDisplayScreen and VbDisplayMenu implementation into
their respective vboot_ui_legacy_*.c files.
- Update VbCheckDisplayKey to take |screen| argument to avoid
reading disp_current_screen global variable.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Change-Id: I777551e4968ca22282901d22a262a8f2ec849702
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:2214615
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2112322
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rearrange UI tests into three files: vb2_ui_utility_tests for utility
functions and core UI functions, vb2_ui_action_tests for hooked actions,
and vb2_ui_tests for UI entries.
This CL does not add any extra tests.
BRANCH=none
BUG=b:156448738
TEST=make clean && make runtests
TEST=make clean && DETACHABLE=1; make runtests
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: I36a0a43aa3295b06cf32446dcc107652d64d2b8f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2198268
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds support for the SHA-224 and SHA-384 hash algorithms,
which are basically just variants of SHA-256 and SHA-512 (respectively)
with different initialization vectors and truncating a bit of the final
output. They are only added to serve vboot's role as all-purpose crypto
toolbox for callers (e.g. coreboot, where I need SHA-384 to support a
certain SoC boot descriptor right now) and not intended for actual use
as signature or firmware body hashes -- therefore, we only add the hash
algorithms themselves and don't create enum values for them in enum
vb2_crypto_algorithm or other structures.
Also clarify the difference between UNROLL_LOOPS and UNROLL_LOOPS_SHA512
in the Makefile, since it was totally not obvious to me.
BRANCH=None
BUG=None
TEST=make runtest and make runtest UNROLL_LOOPS=1
Cq-Depend: chromium:2191082
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ic132d4dfe5967f03be4666b26c47d32c1235f4a9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2183551
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
