| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Emit a warning and continue when OpenSSL is newer than expected. The
chroot still uses an older version.
BUG=b:245993083, b:246328810
BRANCH=none
TEST=make -C ~/cosarm/src/platform/vboot_reference/ USE_FLASHROM=0
See that the errors become warnings
Signed-off-by: Simon Glass <sjg@chromium.org>
Change-Id: I85afba4007da3bc7c37abc04d744185c3362ad99
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3887562
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add vb2api_inject_kernel_subkey for bootloaders that only want to use
vboot for loading and verifying the kernel. The intended usage is:
vb2api_init();
vb2api_inject_kernel_subkey();
vb2api_load_kernel();
BUG=b:237093169
BRANCH=none
TEST=make && make runtests
Change-Id: Iea6e31826f89ec754496427427d124a35285c463
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3732807
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes flashrom_get_wp() use the new libflashrom WP interface that
was recently added to flashrom and moves it to host/lib/flashrom_drv.c
with the other libflashrom wrapper functions.
BUG=b:223291615
BRANCH=none
TEST=flashrom --wp-disable; futility update -i image.bin \
futility prints: `Write protection: 0 (disabled; HW=0, SW=0).`
TEST=flashrom --wp-enable; futility update -i image.bin \
futility prints: `Write protection: 0 (disabled; HW=0, SW=1).`
Change-Id: Ib13eeb2f1f718443271b074969ff69e66149f401
Signed-off-by: Nikolai Artemiev <nartemiev@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3540785
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In vb2_get_gbb, abort if gbb_offset is zero. This ensures that functions
like vb2api_gbb_get_flags won't try to read garbage GBB data if the
context hasn't been properly initialized.
Some additional changes made to fix tests:
1. In vb2_set_boot_mode, don't access GBB unless needed.
2. In vb2api_get_dev_default_boot_target, use vb2api_gbb_get_flags
instead of vb2_get_gbb to make it easier to mock. This is needed for
depthcharge tests.
3. Make vb2api_get_debug_info tolerant of GBB not being set. This is
needed for depthcharge tests.
BUG=b:237093169
BRANCH=none
TEST=make && make runtests
Cq-Depend: chromium:3820402
Change-Id: I921d6cc4a5d91c8114c5e46748b4576a1e7716d0
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3817941
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move VbTryLoadKernel() and VbTryLoadMiniOsKernel() to depthcharge.
In addition, expose LoadKernel() and LoadMiniOsKernel() as
vb2api_load_kernel() and vb2api_load_minos_kernel(), respectively.
Since we remove VbTryLoadKernel() in vb2api_normal_boot(), rename
vb2api_normal_boot() to check_kernel_version() and call it in
vb2api_kernel_finalize().
Also, rename VbSelectAndLoadKernelParams, VbDiskInfo, and
VbExDiskHandle_t as vb2_kernel_params, vb2_disk_info, and
vb2ex_disk_handle_t, respectively.
BUG=b:172339016
BRANCH=none
TEST=make runtests
TEST=FW_NAME=tomato emerge-cherry depthcharge
Cq-Depend: chromium:3758201
Signed-off-by: Hsin-Te Yuan <yuanhsinte@google.com>
Change-Id: Iaf182ca81797fee24c6104dac9d4770ff75c7fb2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3755923
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create tests/common/ to put some common files.
BUG=none
BRANCH=none
TEST=make runtests
Signed-off-by: Hsin-Te Yuan <yuanhsinte@google.com>
Change-Id: I8918b7a1e62d47fca6074ef123e2de6f46f1aa00
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3754814
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We only check COV=1 in `make coverage` before. This will result in
deleting all files in the current working directory if we accidentally
tried `make coverage_init`.
Hide coverage_init and coverage_html if COV is not set.
BUG=none
BRANCH=none
TEST=make coverage_init and see the error message
TEST=make clean && COV=1 make coverage -j
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: I2d22b211b3d9e59d12faa0ab3d1c2ca8433598f7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3747419
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, make coverage is broken due to two issues:
1. The optimization option -O0 ignores the inline specifier in
firmware/2lib/2sha256_x86.c:46 and 52. This will violate the
compile-time constraint "i" and cause a build failure.
Fix this issue by using -Og instead of -O0.
2. The coverage_html requires ${COV_INFO}.* files which are generated in
coverage_init and runtests. We need to add prerequisites to prevent
potential errors while running with "-j".
BUG=none
BRANCH=none
TEST=make clean && COV=1 make coverage -j
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: If1f9de1dbc56f36afead9045c1f95349a5fa156c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3755927
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pass VbSelectAndLoadKernelParams kparams as a function argument instead
of using global variable kparams_ptr. Remove VbSelectAndLoadKernel and
replace its tests with the unit tests for vb2_set_boot_mode,
vb2api_kernel_phase2, vb2api_kernel_finalize, and vb2api_normal_boot.
BUG=b:172339016
BRANCH=none
TEST=make runtests
Cq-Depend: chromium:3731710
Signed-off-by: Hsin-Te Yuan <yuanhsinte@google.com>
Change-Id: I26895ced5e310b2894b9d42d0ad5514d3b0b930a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3731412
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch reworks whole BIOS image signing to support images with CBFS,
and with ponly RW/A slot. CBFS images will now be truncated to eliminate
unnecessary empty space, and will sign only the part of firmware area
which contains the data, and not empty space.
This patch also adds more checks for potential errors, and does not
allow for signing incorrect nor uses data from structures, which might
not be valid.
futility sign command tests are also greatly extended to cover a wide
variety of possible errors, which have to be handled correctly.
BUG=b:197114807
TEST=sudo emerge vboot_reference
TEST=build whole chromeos-bootimage after making it and coreboot use
`futility sign --type bios ...`
TEST=make runtests
BRANCH=none
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Cq-Depend: chromium:3707104
Change-Id: I7c84aa38776e8890a87f0e9b7ec7f32d86f82c13
Disallow-Recycled-Builds: test-failures
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3575325
Tested-by: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Auto-Submit: Jakub Czapiga <czapiga@google.com>
Commit-Queue: Jakub Czapiga <czapiga@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
subproccess helpers are only used by flashrom.c at the moment. However we
temporarily need the symbols to bridge the gap with cbfstools/elogtool in
upstream coreboot. Furthmore, there are new additional use-cases for
subproccess in other parts of vboot_reference unrelated to flashrom
directly.
BUG=b:231152447
BRANCH=none
TEST=builds
Change-Id: Id8008eefd46efa329adf76323800bb7646bf922c
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3697856
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With a series of UI callback functions removed from depthcharge (see the
long CL list in Cq-Depend below), now we can remove them from vboot2
API.
BUG=b:172339016
TEST=make runtests -j
TEST=emerge-corsola libpayload depthcharge
BRANCH=none
Cq-Depend: chromium:3581323, chromium:3581320, chromium:3587669
Cq-Depend: chromium:3611670, chromium:3631467, chromium:3631405
Cq-Depend: chromium:3677727, chromium:3681952
Change-Id: Icccaf81b8a6f16780bf68a6f1f3aa01689fc9ed8
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3682754
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The updater_archive has two functions: the implementation of archives,
and the creation of manifest. Since we are having more support of
archives in different format and the logic of manifests is getting more
complicated, so it is better to move the manifest to its own file.
No functional changes, only internal refactoring.
BUG=None
TEST=make; run test
BRANCH=None
Change-Id: I01ff9561583357eac4c6add8a09384f1c4c9d671
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3647407
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The firmware archive files from buildbot are usually released in
tar+bzip2 format. Although the standard format of the archive
(chromeos-firmwareupdate) is ZIP, it is very helpful if the developers
can quickly run the update using the standard tar.bz2 archive files.
BUG=b:230679721
TEST=futility update --manifest -a \
~/Downloads/ChromeOS-firmware-R91-13885.3.0-asurada.tar.bz2
QEMU_LD_PREFIX=/build/cherry qemu-arm /build/cherry/usr/bin/futility \
update --manifest -a \
~/Downloads/ChromeOS-firmware-R91-13885.3.0-asurada.tar.bz2
BRANCH=None
Change-Id: Ibbab2e8226a00e8b5b292293af570eda37b31a8a
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3644540
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unfortunately the USE_FLASHROM build flag broke during a refactor
in commit f0af257a9b333b. This flag is needed for coreboot builds.
Resolve by putting relevant files under guards.
BUG=b:221234560,b:220833585
BRANCH=none
TEST=`USE_FLASHROM={0,1} make`
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: Ic10a3909bf070897cef7f1556deef57eba6c57f3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3493527
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Commit-Queue: Martin Roth <martinroth@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bring sub-process and libflashrom wrapper implementations
under the common host/lib path to later be reconciled.
The WP implementation is left separated out due to the
lack of a libflashrom WP implementation which creates
circular dependencies for the moment.
BUG=b:207808292
BRANCH=none
TEST=none
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: Ic759c4e9828778a0ef1443b163224aef2c7cba54
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3461093
Reviewed-by: Nikolai Artemiev <nartemiev@google.com>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use pkg-config to link with libcrosid when it's available.
Note that when futility is compiled from the coreboot tree, libcrosid
won't be available, at least at the moment, so expose -DUSE_CROSID to
the C code so we know when we have it available.
BUG=b:213251232
BRANCH=none
TEST=emerge-volteer -j vboot_reference
"lddtree /build/volteer/usr/bin/futility" lists libcrosid
Cq-Depend: chromium:3367251
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Change-Id: I8e69c5ce4570ac9df72440d0a34b6b03b5a36e77
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3368703
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't need the MOUNT_ENCRYPTED_KEY_PATH after we replaced the stale
TPM simulator with the driver-level TPM simulator.
It's time to remove it.
BUG=b:203195852, b:174807059
BRANCH=none
TEST=crossystem clear_tpm_owner_request=1
Signed-off-by: Yi Chou <yich@google.com>
Change-Id: I7c1c9c16697b1bbda9adea13448fdb9cffd9cc7b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3358669
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Leo Lai <cylai@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix flags missed in CL:3306615.
BUG=b:206031372
TEST=make runtests
TEST=sudo emerge-guybrush sys-boot/depthcharge
BRANCH=none
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: Idbb205bb9e14f44a10806785fb9f7b29572f0626
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3347667
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Jakub Czapiga <czapiga@google.com>
Commit-Queue: Jakub Czapiga <czapiga@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some users of futility do not need flashrom support such
as upstream coreboot. Allow for explicitly enabling the
paths.
BUG=b:203715651,b:209702505
BRANCH=none
TEST=builds
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: I61095bf91e3d01bd008d3b790478a590758e88cd
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3350299
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
Commit-Queue: Hsuan Ting Chen <roccochen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Separate out all the flashrom worker code used in futility
to allow for later building a futility without flashrom
support.
BUG=b:203715651,b:209702505
BRANCH=none
TEST=builds
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: I938141056424f8f93a598bbb288ee7c8770edc95
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3350298
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are multiple flashrom calling wrapping code implementations
within vboot_ref. Work towards making a singular canonical
implementation.
BUG=b:207808292
BRANCH=none
TEST=`make`
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: I8e133a11b777b4e80bb4e43a64a5349956cef8eb
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3325329
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Nikolai Artemiev <nartemiev@google.com>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Until now some variables had to be unset or set to NULL to disable their
respective features. This patch makes it possible to disable variables
by passing zero as a value.
BUG=b:206031372
TEST=make runtests
TEST=sudo emerge-guybrush sys-boot/depthcharge
BRANCH=none
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: I1c254ac8ea3237615a20334ba6a66c09a4abd791
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3306615
Tested-by: Jakub Czapiga <czapiga@google.com>
Auto-Submit: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Jakub Czapiga <czapiga@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DETACHABLE and PHYSICAL_PRESENCE_KEYBOARD are unused in the code and can
be removed from the Makefile.
BUG=b:206031372
TEST=make runtests
BRANCH=none
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: I6d91f8bfa8342c95959014c3a0efcccf02f1d915
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3306614
Tested-by: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Jakub Czapiga <czapiga@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This utility is used in key generation, so it really belongs in the SDK.
However, some autotests currently also want to generate keys on the DUT.
So let's just install it to both.
BUG=b:207452735
TEST=FEATURES=test emerge-dedede vboot_reference
TEST=sudo emerge vboot_reference && which dumpRSAPublicKey
BRANCH=none
Change-Id: Ic2395a10557773acffa22ea3c9a1e01cf581053b
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3299839
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current rules for 'utils_install_sdk' and 'utils_install_board'
individually install the required list of binaries and scripts. When
there are overlapping files in 'UTIL_NAMES_SDK' and 'UTIL_NAMES_BOARD',
the second executed rule will fail with duplicate installation.
Instead of having a single phony target that installs all the files,
define a rule 'util_install-<FILE>' for each file to ensure that each
one will be installed at most once.
BUG=b:207452735
TEST=make runtests
TEST=emerge-dedede vboot_reference
TEST=FEATURES=test emerge-dedede vboot_reference
TEST=sudo emerge vboot_reference
BRANCH=none
Change-Id: I24c23a61c4ff7de851bf11541bc46c963bf35c22
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3299836
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BOOT_EXTERNAL_ON_DEV was not used anymore, so it was removed from the
Makefile and source code.
BUG=b:206031372
BRANCH=none
TEST=make runtests
TEST=emerge-guybrush depthcharge
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: I463a77f2de8f59954704495708025321ca1571d8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3289345
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Jakub Czapiga <czapiga@google.com>
Commit-Queue: Jakub Czapiga <czapiga@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use libflashrom API over sub-processing the flashrom CLI.
Squash in,
vboot_reference/futility: Use image layout as fallback
Use the layout encoding within the image as the fallback if
we cannot read it from ROM. Also cleanup error paths while
here.
BUG=b:203715651
BRANCH=none
TEST=cros deploy to nocturne and ran:
`/usr/sbin/chromeos-firmwareupdate --mode=recovery --wp=1`.
&& `$ cros_run_unit_tests --board nocturne --packages vboot_reference`.
Cq-Depend: chromium:3249690, chromium:3281062, chromium:3288610
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: I892aec510d8023abd42a07cbb036be79bc8b4498
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3247852
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Sam McNally <sammc@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The help text of the new subcommand is as follows:
-------
This utility creates an RO verification space in the Chrome OS AP
firmware image or allows to validate a previously prepared image
containing the RO verification space.
Usage: futilitygscvd PARAMS <AP FIRMWARE FILE> [<root key hash>]
Creation of RO Verification space:
Required PARAMS:
-R|--ranges STRING Comma separated colon delimited
hex tuples <offset>:<size>, the
areas of the RO covered by the
signature
-r|--root_pub_key <file> The main public key, in .vbpubk
format, used to verify platform
key
-k|--keyblock <file> Signed platform public key in
.keyblock format, used for run
time RO verifcation
-p|--platform_priv <file> Private platform key in .vbprivk
format, used for signing RO
verification data
Optional PARAMS:
[--outfile] OUTFILE Output firmware image containing
RO verification information
Validation of RO Verification space:
The only required parameter is <AP FIRMWARE FILE>, if optional
<root key hash> is given, it is compared to the hash of the body
of the root key found in <AP_FIRMWARE_FILE>.
-h|--help Print this message
-------
When creating GVD section, the sha256 hash of the root public key
payload is printed on stdout, this is the hash to include in the GSC
image to for the root key verification.
Code converting ASCII hex string into binary is refactored into a misc
function.
BRANCH=none
BUG=b:141191727
TEST=testing included the following steps:
. modified guybrush coreboot to allocate an 8KB RO_GSCVD area in
FMAP and built a guybrush BIOS image
. filled GVD space as described in the source file comments
. verified the created space as described in the source file comments
. verified AP RO integrity on the GSC size using crrev.com/c/3172256
Change-Id: I51a80be5007a32d5286b93499f71da84f41b3d81
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3174570
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add new rule 'install_dut_test' to deploy dut-specific tests to the
device. Any tests included in the rule will be installed into
/usr/share/vboot/tests/.
Especially vb2_sha256_x86_tests uses sha-ni extension, which might not
be available on some platforms. So it needs to be deployed to the dut
and run there.
BUG=b:162551138
BRANCH=none
TEST=build with modified ebuild on hana & guybrush
Signed-off-by: Kangheui Won <khwon@chromium.org>
Change-Id: I9c6e00c8a9aca192ae283560383417c1215c221f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3141250
Reviewed-by: Raul E Rangel <rrangel@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add VbTryLoadMiniOsKernel() to vboot API, which boots from a miniOS
recovery kernel located on internal disk. In this boot path, an attempt
is made to verify and boot this kernel. Recovery proceeds from within
the miniOS kernel by downloading a recovery image over the network. No
USB disk is used in the process.
For more information, see go/nbr-firmware.
BUG=b:188121855, b:186682292
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ic4d1fe5642a2bf71c51c78fd7830ad2b6e9eebeb
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2856364
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By passing TEST_PRINT=1 to make, VBOOT_DEBUG symbol will be defined and
hence cause the stub vb2ex_printf() to print to stderr. Note that
DEBUG=1 will also imply VBOOT_DEBUG as before.
BUG=none
TEST=make clean && TEST_PRINT=0 make run2tests
TEST=make clean && TEST_PRINT=1 make run2tests
BRANCH=none
Change-Id: I39353f7fdec0167aa054501bda9d6e23bf66b732
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3161533
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since all the screens and tests are already moved to depthcharge
in previous CLs, remove all internal UI functions and tests from
vboot.
BUG=b:172339016
TEST=DEBUG=1 make -j test_setup && make -j runtests
BRANCH=none
Signed-off-by: edisonhello <edisonhello@google.com>
Change-Id: Ifbd005a5761e5c354e010fc70487a63cd17cf4b3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3139540
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL is a part of centralizing ui codes. The removed screens and unit
tests will be added in depthcharge.
Remove diagnostics menu, diagnostics storage and memory checking screens.
Remove unit tests for above screens and menu.
BUG=b:172339016
TEST=export CC=x86_64-pc-linux-gnu-clang DEBUG=1 DETACHABLE=0; \
make -j test_setup && make -j runtests
TEST=export CC=x86_64-pc-linux-gnu-clang DEBUG=1 DETACHABLE=1; \
make -j test_setup && make -j runtests
BRANCH=none
Cq-Depend: chromium:3138687
Signed-off-by: edisonhello <edisonhello@google.com>
Change-Id: I5eb1bee6a5f1aedb77298acbddab20156c1c086e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3139537
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These don't really belong together. We can get two cleaner test
files by splitting them apart.
This CL is part of a series to merge vboot1 and vboot2.0
kernel verification code; see b/181739551.
BUG=b:181739551, b:172337800, b:124141368
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Idaa4c36214cc98bffdc50bdb5c071673829250ee
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3039164
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DIAGNOSTIC_UI is indirectly decided by the diag_payload and minidiag use
flag from depthcharge.
But with introducing the diagnostic boot mode, coreboot also needs to
build minidiag utility functions and enable this building flag.
Therefore we consider to deprecate DIAGNOSTIC_UI and always build them.
For diag_payload:
It is for a diagnostic tool which based on legacy UI and deprecated
For minidiag:
Mini-diag is set default enabled for newer devices, and we could still
use kernel secdata in runtime if we decide to disable it on certain
platforms.
In conclusion, deprecating DIAGNOSTIC_UI will not affect newer devices.
BUG=b:190796342, b:181931817
BRANCH=none
TEST=emerge-volteer depthcharge
TEST=emerge-volteer coreboot
TEST=CC=x86_64-pc-linux-gnu-clang;
make clean && make runtests
Cq-Depend: chromium:3004223
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: I0d804bcd9d31d3952c744a1926ac59cde7b7f841
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3006114
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Latest x86 processors have SHA256 extension which can accelerate hash
computation in vboot.
This is especially helpful on low-end devices where sha256 computation
takes 70ms-90ms, with this CL it is reduced to 10ms.
BUG=b:162551138
BRANCH=zork
TEST=build and boot, check cbmem -t
TEST=run vb2_sha256_x86_tests on dirinboz
Signed-off-by: Kangheui Won <khwon@chromium.org>
Change-Id: I50e123048d54d5061e8d8e0e0ae804a416130948
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2639457
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
Reviewed-by: Raul E Rangel <rrangel@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Raul E Rangel <rrangel@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vboot has grown code that requires optimizations (notably dead code
elimination) to be enabled to work right and avoid linker reference
errors. For example, the VB2_TRY() macro may or may not emit a call to
vb2api_fail(), based on whether a `ctx` argument was passed. This is
done through an if-statement with a compile-time constant condition, but
the compiler will only actually omit the vb2api_fail() call instruction
when optimizations are enabled. Not all vboot build targets (e.g.
hostlib) provide the vb2api_fail() symbol, so disabling optimizations
may cause link failures for those targets.
GCC and clang offer an -Og option that only enables simple optimizations
(like dead-code elimination) which don't interfere with debugging...
let's just use that instead.
BRANCH=None
BUG=None
TEST=None
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ia972dc498839df80af6ccae8a8203e8c63a5eadc
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2986801
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Relocate currently-in-use kernel struct functions out
of lib20 namespace, and into:
* 2struct.c for functions required at runtime
* host_common.c for functions required by host
Relocate firmware struct functions from 2common.c
into 2struct.c
vb2_common.h may be deleted as a result.
This CL is part of a series to merge vboot1 and vboot2.0
kernel verification code; see b/181739551.
BUG=b:181739551
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ic162d9633b6112ddc4a819b3e58d313dc484f304
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2825269
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This was done on OpenBSD 6.8.
Required packages are: e2fsprogs and gcc.
Change-Id: I86ec080e1ddb90053d81f1edd17d3406e7e737c6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2903352
Reviewed-by: Patrick Georgi <pgeorgi@chromium.org>
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Commit-Queue: Patrick Georgi <pgeorgi@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ryu was a canceled Chrome OS project (it launched with Android
instead).
6 years later and this unused code is still kicking around. Delete
it.
BUG=b:186777279
BRANCH=none
TEST=compile futility
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Change-Id: Ic359413bc22a51ac8839e3e062234b1fd99a262c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2861022
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This piece of code caused serious issues in b/184559695, and it
seems like we have no active users at the moment.
We can punt the decision to remove the code entirely, but for now,
let's stop building and executing it, leaving it to potential
users to fix it up, and refactor/cleanup/test the code.
BRANCH=none
BUG=b:184812319
TEST=`make` does not build `cgpt_wrapper` or any SPI-NOR code.
TEST=`make GPT_SPI_NOR=1` does build it.
TEST=`emerge-$BOARD -v vboot_reference && \
cros deploy $IP vboot_reference`
`cgpt find -t kernel` does not print any RW_GPT-related errors
anymore.
Change-Id: Ie081f372964807caa1b121059288ae761f2f8e43
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2814132
Commit-Queue: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After implemented the driver-level TPM2.0 simulator on VM boards, the
mount-encrypted would use the vTPM to encrypted the file system.
We would need to remove the TPM simulator NVChip when we want to
hard reset the TPM on VM.
And we don't need to remove the mount-encrypted key after we landed
the driver-level TPM simulator on all VM boards.
BUG=b:174807059
BRANCH=none
TEST=crossystem clear_tpm_owner_request=1
TEST=crossystem clear_tpm_owner_request // showing the right value
Cq-Depend: chromium:2576865, chromium:2638953
Signed-off-by: Yi Chou <yich@google.com>
Change-Id: Iba2c9b93ed9e558a9163542dfc1fbcb738c1d83d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2576867
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No longer used with new vboot UI; remove.
(Missed this in the prior removal of legacy UI code.)
BUG=b:167643628, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I01383071dee6257921547302fe4a2977b3521195
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2641342
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move vb2ex_mtime stub from vboot_api_stub_init
into 2lib/2stub.c in vboot2 namespace.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ica27630090f854e1abc56acae0294b68deb74a0f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2635676
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lib20/packed_key.c functions are currently called throughout
2lib namespace, so move to 2lib/2packed_key.c.
Move function declarations from vb2_common.h to 2packed_key.h,
and include 2packed_key.h from 2common.h.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I151b2d41cbbfa1bfd03de301bd4ee69c49e81f3b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2635220
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lib20/misc.c contains only functions related to firmware
verification, which are currently called from 2lib/2api.c,
so move this to 2lib/2firmware.c.
Move its unit test file accordingly.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ibaeea168ed5055d47d4be86f5b3bb0f803f97dad
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2635219
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:146399181, b:167643628
TEST=make clean && make runtests
TEST=Build and flash to device
BRANCH=none
Cq-Depend: chromium:2512739
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ia8d95451d55142fbe9acaa6e49de9b5abe134083
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2512740
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to the gcc docs:
-fPIE
These options are similar to -fpic and -fPIC, but generated position
independent code can be only linked into executables
Example failure when linking against shared library:
FAILED: lib/libbrillo-core.so
x86_64-cros-linux-gnu-clang++ -shared -Wl,-O2 -Wl,--as-needed
-Wl,--gc-sections -Wl,--icf=all -Wl,-z,relro -Wl,-z,noexecstack
-Wl,-z,now -Wl,--as-needed --sysroot=/build/hatch -o
./lib/libbrillo-core.so -Wl,-soname=libbrillo-core.so
@lib/libbrillo-core.so.rsp
ld.lld: error: relocation R_X86_64_PC32 cannot be used against symbol
subprocess_stdin; recompile with -fPIC
>>> defined in
/build/hatch/usr/lib/../lib64/libvboot_host.a(subprocess.o)
>>> referenced by subprocess.c:278 (host/lib/subprocess.c:278)
>>> subprocess.o:(subprocess_run) in archive
/build/hatch/usr/lib/../lib64/libvboot_host.a
BRANCH=none
BUG=b:174578361
TEST=FEATURES="test" emerge-hatch vboot_reference
Change-Id: I5cda8dbe87d20d1b4b659459d861bc04f492e3e5
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2568259
Commit-Queue: Julius Werner <jwerner@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Test for warning flags that older gcc versions don't support
and only use them if supported.
BUG=none
TEST=vboot builds with gcc 4.9, ensured with manual tests that the
test_ccflag operator works correctly.
Change-Id: I14c8cbe9a687981f195d481f744db12d8877a3e0
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2550799
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Commit-Queue: Patrick Georgi <pgeorgi@chromium.org>
|
