| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a bunch of more warnings that are already enabled in
coreboot and thus already enabled for firmware builds anyway (because
coreboot just passes its CFLAGS through). Enabling it in the vboot
Makefile means they also apply to host utilities and tests, which sounds
desirable for consistency.
Fix enough of the cruft and bad coding practices that accumulated over
the years of not having warnings enabled to get it to build again (this
includes making functions static, removing dead code, cleaning up
prototypes, etc.).
Also remove -fno-strict-aliasing from the x86 firmware build options,
because it's not clear why it's there (coreboot isn't doing this, so
presumably it's not needed).
BRANCH=None
BUG=None
TEST=make runtests
Change-Id: Ie4a42083c4770a4eca133b22725be9ba85b24184
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1598721
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds some #defines to assist with converting
between microseconds (usec), milliseconds (msec) and full
seconds.
BUG=b:124358784
BRANCH=None
TEST=Local build and also ran "make runtests"
Change-Id: I0fd43ccb42bbd42f9ed319a29eb4015b48c879bb
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1504756
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is largely a cherry-pick of CL:1133598
- Externalize vb2_digest_buffer function to vb2api_digest_buffer.
- Change VbExLegacy()'s altfw_num parameter from int to enum so
caller can specify which specific payload to run.
BUG=b:124358784
BRANCH=None
TEST=Local compile. Verified with subsequent change that legacy boot
still works and new functionality can opt-in to and utilize payload
verification.
CQ-DEPEND=CL:1471053
Change-Id: I9700c2e38c3cfa255eeff72ce416295af9d076fb
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1471051
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
VbExDisplayDebugInfo() was invented for the TAB display that dumps a
whole lot of possibly interesting debug data to the screen. Since some
debug data is only available to the calling firmware, the convention has
always been that the calling firmware is supposed to append any of its
own debug data it thinks may be relevant to the output.
Later, the function was reused to print small info messages that give
the user a hint what went wrong when a Ctrl+U or Ctrl+L fails
(unlocalized, of course, but better than nothing). The calling firmware
is not aware of this new use case, so every time vboot prints a
"WARNING: Ctrl+L not enabled" sort of message on the screen, depthcharge
also dumps the firmware IDs and TPM state below it.
This patch introduces a new parameter to the function to make the two
differing use cases clear to the calling firmware.
CQ-DEPEND=CL:1496903
BRANCH=None
BUG=None
TEST=with other patches
Change-Id: I52a1e764189508130fea562ad6d53bcefb1fce64
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1497038
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:124297157
TEST=make runtest
test on device
BRANCH=none
CQ-DEPEND=CL:1466822
Change-Id: Ic3b1b502b1aff14a795397da3024f8a12eb04775
Reviewed-on: https://chromium-review.googlesource.com/1466290
Commit-Ready: Mathew King <mathewk@chromium.org>
Tested-by: Mathew King <mathewk@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Mathew King <mathewk@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a generic way of selecting an alternative bootloader to run from the
developer-mode menu. This enables keys 1-9 to select a particular numbered
bootloader.
Adjust VbExLegacy() to take a numeric parameter to signal which boot
loader to run.
CQ-DEPEND=CL:1228875
BUG=chromium:837018
BRANCH=none
TEST=FEATURES=test emerge-grunt --nodeps vboot_reference
Change-Id: I02eab1b87e21a6401ec42317c4c1fa1bd2767b53
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1060854
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Problem files were found with:
find . -name '*.c' -o -name '*.h' | xargs grep '^ [^*]'
and edited manually.
Ignores utility/ and cgpt/, since they seem to globally adhere
to a two-space tab convention.
BUG=None
TEST=make clean runtests
TEST=emerge vboot_reference depthcharge
Change-Id: I5a678484a119c8f1911f717e1968bdb4f1a0810f
Reviewed-on: https://chromium-review.googlesource.com/1160131
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL retries reads and writes from/to TPM device if an error
is returned by read()/write(), up to 3 total attempts.
This is useful case of transient TPM communication errors that go
away after a single retry. Without this CL, after such errors the
encstateful key might be regenerated and encstateful data wiped.
BRANCH=none
BUG=chromium:702724
TEST=1) normal boot still works;
2) simulate a single error, verify that it retries.
Change-Id: I259882209df0aad66cd083729f746ea45909922b
Reviewed-on: https://chromium-review.googlesource.com/1067939
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This sets O_CLOEXEC when opening the TPM device to make sure the file
descriptor isn't shared across processes. The TPM character device
exposes the raw communication channel to send/receive commands to/from
the TPM. The TPM is not designed for concurrent access by multiple
users and the kernel driver already returns EBUSY on open when a
different process has already opened it. Consequently, it only makes
sense to have the /dev/tpm0 file descriptor be closed automatically on
exec().
None of the callers I'm aware of need to share the TPM file descriptor
across processes, and mount-encrypted has some ad-hoc code to close the
descriptor when it does fork+exec to spawn a helper. The existing code
isn't consistent and comprehensive (mount-encrypted spawns other
helpers where it forgets to close the file descriptor), so the plan is
to set O_CLOEXEC and remove the ad-hoc code.
BRANCH=None
BUG=None
TEST=Compiles, passes tests, image boots.
Change-Id: Ia6e73fb12e8f2ed8fe99b4c53ea6eb8cda4a21f5
Reviewed-on: https://chromium-review.googlesource.com/1055569
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a TlclReadPubek library function to read the public endorsement
key.
BRANCH=None
BUG=chromium:788719
TEST=New unit tests.
Change-Id: I5f23b76b88198d656f4ba5782d2b4f25aaa082b1
Reviewed-on: https://chromium-review.googlesource.com/790413
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Trybot-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As we've refactored the code over the last few years, there are some
dangling features which are no longer used. Remove the code for them.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; build and boot bob
CQ-DEPEND=CL:954224
Change-Id: Id4f3caa0581ce68465ea92e3eeedab501fb6b1aa
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/954354
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The region API was a way for firmware and kernel verification to get
at various blocks of caller-provided data. In practice, we only used
it internally as a way to get at parts of the GBB. Prune it down to
access only the bits of GBB we still need, from the buffer we already
know we have.
In the long run we should use the same vb2ex_read_resource() API that
vb2 firmware verification does, but that should be done in a follow-up
CL since it'll need to be coordinated with support in depthcharge.
No change in functionality.
BUG=chromium:611535
BRANCH=none
TEST=make -j runtests; build bob firmware and boot it
Change-Id: I5715cb8d88274164a1a73ed4a56bbd93af46f9bf
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/852798
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When DUT is already in dev mode, don't let user select the "Enable
Developer Mode" selection in the menu. Add disabled_idx_mask to
VbExDisplayMenu API to allow for disabling of menu items in the future
if needed.
BUG=b:63078243, b:35585623
BRANCH=None
TEST=reboot into recovery with DUT already in dev mode. Make sure
can't scroll to "Enable Developer Mode: entry.
reboot into recovery with DUT in normal mode. Make sure
"Enable Developer Mode" entry is selectable.
CQ-DEPEND=CL:565335
Change-Id: Ic71fe6aa2e41337787a0c2278f729356edb155fd
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/598430
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TEST="COV=1 make" passes
depthcharge still compiles
in combination with follow-up CLs, ps8751 firmware update
succeeds.
BUG=b:35586896
Change-Id: Ibadc41e56e4e25ee0aba5c83caa0e3596fb9ad20
Reviewed-on: https://chromium-review.googlesource.com/505259
Commit-Ready: Caveh Jalali <caveh@google.com>
Tested-by: Caveh Jalali <caveh@google.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create new callback for drawing detachable firmware menus
BUG=b:35585623
BRANCH=None
TEST=None
Change-Id: Ief207f6119f00151e2d480549aaac3a8755cb1b4
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/457838
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
callback to get rows/cols of display
BUG=b:35585623
BRANCH=None
TEST=make sure code compiles
Change-Id: I276975b2f0eecceb66a30ceaa449ab76a440026d
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/447837
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:61275
BRANCH=None
TEST=None
CQ-DEPEND=CL:442747,CL:442690
Change-Id: I0730b64a1f8bf1f4aeca1be5ee87724d61818b23
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/442689
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enables easy printing of text to display.
Will be used for detachable UI.
BUG=chrome-os-partner:61275
BRANCH=None
TEST=Tested from new vboot_ui_menu.c file
CQ-DEPEND=CL:424357
Change-Id: I668dd57eaafa02fb31f6ac479bcd03a613323f14
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/424090
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The original VBDEBUG macro used doubly-nested parens to work with
MSVC, which didn't support varargs in macros. We now only use more
modern compilers, so replace it with the VB2_DEBUG macro and get rid
of the ugly and fragile double parens.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; build_packages --board=reef chromeos-firmware
Change-Id: Ifc0cb0733b14daaa1fde095fab7da4215a538c77
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/425133
Reviewed-by: Shelley Chen <shchen@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Callers of VbExTpmSendReceive often use the same buffer for
TPM command and response. So, debug-print the command before
sending to avoid it being overwritten with the response before
printing.
2) VbExTpmSendReceive only prints execution time in debug mode.
Execute gettimeofday() only when debug mode is enabled.
3) Avoid printing "DEBUG: " prefix before every byte in the
command/response.
BUG=none
BRANCH=none
TEST=emerge-$BOARD vboot_reference with and without DEBUG=1,
run tpmc commands, check the output.
Change-Id: I1bfe9a21e1a78227996eb7310a3584a9e5b73a87
Reviewed-on: https://chromium-review.googlesource.com/409613
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Originally, vboot1 code used VbExMalloc() and VbExFree() since it needed
to talk to EFI firmware that didn't have standard malloc() and free().
Now, coreboot and depthcharge implement them as wrappers around those
standard calls. vboot2 code already calls them directly, so let vboot1
code do that too.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I49ad0e32e38d278dc3589bfaf494bcf0e4b0a4bd
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400905
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Originally, we didn't trust the firmware to provide these functions from
a standard library. Now, with coreboot, we do.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I4e624c40085f2b665275a38624340b2f6aabcf11
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/399120
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vboot_reference originally used 2-space indentation, rather than
kernel-style tabs. This makes it painful to maintain given that newer
source files are kernel-style.
Re-indent the files that need it, and reflow comments.
No functionality changes.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: I7dabed41f69434b1988a52600c0cb1eac8c8d7e6
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/396488
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Assorted minor code issues, which we should fix so any new errors stand
out more.
BUG=chromium:643769
BRANCH=none
TEST=make runtests
Change-Id: I84182df0d0e222f4f60206c621ec62e1ee283adb
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/380697
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new crossystem value "battery_cutoff_request" to indicate that
next reboot should cut-off battery and shutdown during firmware stage.
This request is primarily for factories to ship devices in an safe
state. Previously we have done same thing by running "ectool battery-cutoff"
but that creates a problem which "ectool" (and the one to request for
cut-off) must live in developer mode while the device must be shipped
in normal mode. The mode transition was solved by setting
"disable_dev_request=1", but that flag is may get lost on x86 systems
(having NV storage in CMOS) when the battery is cut-off .
From the experience from Ryu, such settings (dev mode transition and
battery cut-off) should be done together inside firmware execution so we
can create a new flag, battery_cutoff_request, to finalize device
properly.
BRANCH=none
BUG=chromium:601705
TEST=emerge-chell depthcharge vboot_reference chromeos-bootimage
crossystem battery_cutoff_request=1
# Unplug AC adapter
reboot
# See device rebooted and then shutdown immediately.
# Press power button and system won't boot.
# Attach AC adapter and now system boots.
CQ-DEPEND=CL:337596,CL:338193
Change-Id: I73ccae15b337cd65786106646546c67c155b8fa6
Reviewed-on: https://chromium-review.googlesource.com/337602
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
|
|
|
|
|
|
|
|
| |
Change-Id: Idc2f18880581d3a2e67185becee8b77cfa5cdf04
Reviewed-on: https://chromium-review.googlesource.com/313388
Commit-Ready: Doug Evans <dje@google.com>
Tested-by: Doug Evans <dje@google.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change will be used to support EC-RO software sync by allowing for
access to the readonly region of firmware. Currently only the writable
section is accessed by vboot using VB_SELECT_FIRMWARE_A and B.
BUG=chrome-os-partner:48703
BRANCH=none
TEST=built on jerry and check that the RO hash can be read and the image
can be updated.
CQ-DEPEND=CL:319185,CL:320425,CL:320598
Change-Id: Ic3942d86b65da3123798cfd11a78056f5dab6699
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/319213
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new post-EC software sync API VbExEcVbootDone() to take actions
which normally need to happen after EC verification / sysjump.
BUG=chromium:537269
TEST=Manual on Glados. Set CHG_MW thresh to 20000, BAT_PCT to 50. Verify
that LIMIT_POWER host event is set until Zinger negotiates to 20V. Also
verify that we do not proceed with boot when Donette is plugged.
BRANCH=None
CQ-DEPEND=CL:307885,CL:309523
Change-Id: I77e6000aa8a44e3aca4fb5982e5b5f5191774989
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/307952
Commit-Ready: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes VbDisplayScreen read the last saved locale from nvram
and pass it to VbExDisplayScreen so that it can draw locale dependent
screens.
BUG=chromium:502066
BRANCH=tot
TEST=Tested on Samus. make runtests.
CQ-DEPEND=CL:304382,CL:306100,CL:306110
Change-Id: I9782ec5a8a9f8393998aa8a0d64e88ad1809233b
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/304375
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When linking vboot_api_kernel4_tests, there are two VbBootNormal()
available, the gcc chooses the one in vboot_api_kernel4_tests.c and
the test passes, the clang chooses the one in vboot_api_kernel.c and
make the unittest fail. This CL makes the one in vboot_api_kernel.c
a weak symbol so that clang can choose the one in
vboot_api_kernel4_tests.c
BUG=chromium:498469
BRANCH=none
TEST=CC=x86_64-cros-linux-gnu-clang FEATURES='test'
emerge-amd64-generic vboot_reference
Change-Id: Ibcb78ee055fc9485dbc2bcc1d1cf98144a1a3b64
Reviewed-on: https://chromium-review.googlesource.com/276504
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Yunlian Jiang <yunlian@chromium.org>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This can be used by implementations that want to request vboot to
favor a particular kernel entry for booting without affecting the
checks for rollback protection and image verification.
CQ-DEPEND=CL:274716, CL:274932, CL:275171
BUG=None
BRANCH=None
TEST=Compiles successfully. make -j runtests successful.
Change-Id: I6a4600020354f5d4118c17f083c353c2585c4181
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/274558
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Commit-Queue: Nicolas Boichat <drinkcat@chromium.org>
Trybot-Ready: Nicolas Boichat <drinkcat@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The cros-compiler doesn't support backtrace(3) when linked
statically. Until that's fixed, just don't use it.
BUG=chromium:437107
BRANCH=ToT, samus
TEST=manual
FEATURES=test emerge-link vboot_reference
/build/link/usr/bin/futility_s gbb_utility -c 100,100,100,100 test.bin
/build/link/usr/bin/futility_s gbb_utility -s --hwid=HEY test.bin
Change-Id: I66b76fc8c0aa92f95976c5d5015f62730bb12064
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/232234
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds three functions called from vboot into depthcharge to
support NAND. NAND needs to stream rather than be accessed randomly
in order to skip bad blocks. The intended flow from vboot1 is:
- Read the GPT from a NAND disk handle, and depthcharge will silently
fill it in with reads from from SPI
- When a partition is selected, open a stream on the volume to access
NAND
- Sequentially read the NAND partition
- Close the NAND stream
This can be done multiple times when trying different partitions. The
stream is associated with the GPT by reading/opening a stream from the
same disk handle.
This patch includes stub implementations by rspangler to translate the
stream calls to block device calls.
To reduce vboot code duplication, this flow will be done for all media
types eventually, but a STREAMING flag is included to ease the transition.
The draft depthcharge code can be found at
https://chromium-review.googlesource.com/#/c/222312/
BUG=chromium:403432
TEST=stub implementations pass unit tests; together with upcoming depthcharge
and vboot code, actually boots a kernel. This compiles by itself.
BRANCH=none
Change-Id: I660a89594390c72c2ef6ea2564367ce62bd90cf2
Reviewed-on: https://chromium-review.googlesource.com/221992
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Daniel Ehrenberg <dehrenberg@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Notify EC of boot mode, i.e. normal, developer or recovery.
This is necessary for battery firmware updates.
BUG=chrome-os-partner:24741
CQ-DEPEND=CL:205323
CQ-DEPEND=CL:210033
CQ-DEPEND=CL:215720
BRANCH=ToT
TEST=Verified on samus & glimmer.
Passed runalltests.
~/trunk/src/platform/vboot_reference $ make runalltests -j
Change-Id: I1613ede34b4a929d1e8114fb519861f349377e94
Signed-off-by: Sheng-Liang Song <ssl@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/210032
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will be used in subsequent CLs to support PD software sync. For
now, only devidx=0 is used.
This changes the external vboot API, so must be checked in at the same
time as changes to the u-boot and depthcharge implementations. For
now, those implementations should simply check if devidx=0 and fail if
it's not.
BUG=chrome-os-partner:30079
BRANCH=none
TEST=make runtests
CQ-DEPEND=CL:208195,CL:208196
Change-Id: Iad3be9d676ac224c4582669bcd67176b39f75c73
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/208210
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For displaying GBB images on panels with different dimension, X86 has VESA mode
and VBIOS to scale automatically but ARM does not have such mode settings. If we
install a larger panel on ARM platforms, current firmware will render the
screens in left-top corner and leave black borders in right-bottom corner.
To render images correctly, vboot library has to send out the expected dimension
(similar to the VESA mode) so display provider can scale or shift images.
BUG=chrome-os-partner:28494
TEST=emerge-nyan vboot_reference
CQ-DEPEND=CL:199051,CL:199045
BRANCH=none
Change-Id: I6d60f755ca2bcbd3135631d7624a8a4a4cff68b1
Reviewed-on: https://chromium-review.googlesource.com/199043
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't allow ENTER from a USB keyboard as the confirmation
in the switch from normal to developer mode.
For devices that have a physical recovery button, we require
a recovery button press instead. For other devices, we
require that ENTER be pressed on the internal keyboard.
This prevents an "evil keyboard" attack in which a USB keyboard
(or other USB device pretending to be a keyboard) sends a
control-D/ENTER sequence shortly after every boot (followed
by more evil keys). In that situation, when users power-on in
recovery mode, they will be forced to dev mode even if it
was not their intention. Further attacks are easy at
that point.
TESTING. On a panther device:
1. powered on with recovery button pressed -> booted in recovery mode
2. pressed control-D on external USB keyboard -> got to ToDev? screen
3. pressed ENTER -> system beeped
4. pressed recovery button -> system rebooted in DEV mode
... all as expected
Also:
1. powered on with recovery button pressed and HELD recovery button
2. pressed control-D -> system beeped
BUG=chrome-os-partner:21729
TEST=manual (see commit message)
BRANCH=none
CQ-DEPEND=CL:182420,CL:182946,CL:182357
Change-Id: Ib986d00d4567c2d447f8bbff0e5ccfec94596aa7
Reviewed-on: https://chromium-review.googlesource.com/182241
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Tested-by: Luigi Semenzato <semenzato@chromium.org>
Commit-Queue: Luigi Semenzato <semenzato@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TEST=Built and booted Peppy. Ran flashrom from user space and
verified the EC firmware was updated after reboot.
CQ-DEPEND=CL:172651, CL:172652, CL:178324
BRANCH=none
BUG=chromium:325286
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: Ia73da70dbf3abb5ced48666e86715c8d24a431a0
Reviewed-on: https://chromium-review.googlesource.com/172635
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Daisuke Nojiri <dnojiri@google.com>
Commit-Queue: Daisuke Nojiri <dnojiri@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add checks that the vboot library does not leak memory. This works by
tracking VbExMalloc() calls and making sure that they have an associated
VbExFree().
Adjust host_signature to use VbExFree() instead of free(), so that this
scheme works correctly for existing code.
BUG=chrome-os-partner:21115
BRANCH=pit
TEST=FEATURES=test emerge-peach_pit vboot_reference
Change-Id: I6ccccfbcc162fc43fb75862cd0eddad78ce8b18a
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/66175
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At present reading data from storage in Vboot is a little fragmented. For
the firmware image, we expect the boot loader to handle this. For the disk
we have a block-level API. For the GBB (which also sits in the firmware
image) we expect the entire thing to be read before Vboot is called.
Add the concept of a region, and an API to read from a region. At present,
and most pressing, is reading from a GBB region. In the future this could
be extended to other parts of the firmware or even the disk.
Move all access to the GBB into this API so that the boot loader can provide
either a GBB region in one large contiguous chunk, or a function to deal with
read requests from vboot.
The call to VbExRegionRead() is behind a flag since not all boot loaders
support it yet.
The main change for boot loaders which don't support this new API is that
vboot will do more behind the scenes. For example, it will allocate memory
for chunks of data that it reads from the GBB, rather than just accessing it
directly. This approach is considerably simpler than trying to pass char **
everywhere and have vboot decide whether something needs to be allocated or
not.
The tests are updated, mainly to include setting up a GBB structure
accessible from VbCommonParams, which is now required by the firmware and
kernel functions. In normal operation this is set up at the start of
VbLoadFIrmware() and VbSelectAndLoadKernel() but for tests which call
children of these functions directly, the GBB structure must be set up
manually by the test.
BUG=chrome-os-partner:21115
BRANCH=none
TEST=manual
FEATURES=test sudo -E emerge vboot_reference
Change-Id: If2b8bbe467fdbd643239d8d9b5d7aa98df4d286f
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Hendricks <dhendrix@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/63336
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/167361
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 1d3c804b6b9d2ffb6953a7ee98fabfd548915ad7.
This patch breaks cbuildbot on internal paladins bots.
Change-Id: Icf7f9d9bbb56b092035888eaa3e249ffd23fac16
(cherry picked from commit 3a60335ebb1530e5fd9d5da3bc6214949bc59caf)
Reviewed-on: https://chromium-review.googlesource.com/167451
Reviewed-by: Yoshiki Iguchi <yoshiki@chromium.org>
Commit-Queue: Yoshiki Iguchi <yoshiki@chromium.org>
Tested-by: Yoshiki Iguchi <yoshiki@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At present reading data from storage in Vboot is a little fragmented. For
the firmware image, we expect the boot loader to handle this. For the disk
we have a block-level API. For the GBB (which also sits in the firmware
image) we expect the entire thing to be read before Vboot is called.
Add the concept of a region, and an API to read from a region. At present,
and most pressing, is reading from a GBB region. In the future this could
be extended to other parts of the firmware or even the disk.
Move all access to the GBB into this API so that the boot loader can provide
either a GBB region in one large contiguous chunk, or a function to deal with
read requests from vboot.
The call to VbExRegionRead() is behind a flag since not all boot loaders
support it yet.
The main change for boot loaders which don't support this new API is that
vboot will do more behind the scenes. For example, it will allocate memory
for chunks of data that it reads from the GBB, rather than just accessing it
directly. This approach is considerably simpler than trying to pass char **
everywhere and have vboot decide whether something needs to be allocated or
not.
The tests are updated, mainly to include setting up a GBB structure
accessible from VbCommonParams, which is now required by the firmware and
kernel functions. In normal operation this is set up at the start of
VbLoadFIrmware() and VbSelectAndLoadKernel() but for tests which call
children of these functions directly, the GBB structure must be set up
manually by the test.
BUG=chrome-os-partner:21115
BRANCH=none
TEST=manual
FEATURES=test sudo -E emerge vboot_reference
Change-Id: I2c19e9dc2ed602d0642bbf4f7d27f79fe9fad873
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/63336
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reduces the number of exported header files to the minimum needed by
the existing userspace utilities and firmware implementations.
BUG=chromium:221544
BRANCH=none
TEST=manual, trybots
CQ-DEPEND=CL:47019,CL:47022,CL:47023
sudo FEATURES=test emerge vboot_reference
FEATURES=test emerge-$BOARD \
vboot_reference \
chromeos-cryptohome \
chromeos-installer \
chromeos-u-boot \
peach-u-boot \
depthcharge
Change-Id: I2946cc2dbaf5459a6c5eca92ca57d546498e6d85
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/47021
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These were macros that were never used, or that were only set to one thing and
could be substituted up front.
I left in code guarded by the HAVE_ENDIAN_H and HAVE_LITTLE_ENDIAN macros even
though those are never defined because they guard a reportedly significantly
faster implementation of some functionality, at least according to a comment
in the source. It would be a good idea to enable that code path and see if it
really does make a big difference before removing it entirely.
BUG=None
TEST=Built for Link, Daisy, and the host with FEATURES=test. Built depthcharge
for Link and booted in normal mode.
BRANCH=None
Change-Id: I934a4dd0da169ac018ba07350d56924ab88b1acc
Signed-off-by: Gabe Black <gabeblack@google.com>
Reviewed-on: https://gerrit.chromium.org/gerrit/45687
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Gabe Black <gabeblack@chromium.org>
Tested-by: Gabe Black <gabeblack@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These are no longer necessary.
BUG=None
TEST=Built for Daisy, Link, Lumpy.
BRANCH=None
Change-Id: I8db7dde1ba52bd5cf1881481ef6a502a5b509439
Signed-off-by: Gabe Black <gabeblack@google.com>
Reviewed-on: https://gerrit.chromium.org/gerrit/45686
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Gabe Black <gabeblack@chromium.org>
Commit-Queue: Gabe Black <gabeblack@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes it more obvious which modules and VbEx*() functions must be
implemented to call these entry points.
This change only moves functions between modules and adds two
link-test binaries; it doesn't change any functionality.
BUG=chromium-os:39262
BRANCH=none
TEST=make && make runtests
Change-Id: If3edf0b1989b631f0e7ad18de7ccdad8315181b5
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/44076
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
No code changes, just reformatting.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: Ibffadf6c8a5911b79a29f8f554ca00c595f6b27b
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/42624
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes the need to load the EC code at all when the precomputed
hash matches.
BUG=chrome-os-partner:17606
BRANCH=spring
TEST=wouldn't that be nice
Change-Id: If4438b9db8b1449b8fd4d90ef3acb3bbec5e09a0
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/42567
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure all Tlcl users benefit from the new retry logic.
BUG=None
TEST=daisy build, manual testing of racing tpmc loops
BRANCH=None
Change-Id: I8e9656a65b5d6b45694c1c8bceb95f54f7c751bb
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/39525
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If there were any errors communicating with the TPM at the OS layer
(open, read, write failures), the library would immediately exit, not
allowing the caller to make any decisions about how to handle it. This
introduces a way to initialize the library so that errors will get passed
back up to the caller instead of unceremoniously exiting.
Setting the environment variable "TPM_NO_EXIT=1" enables the feature. To
avoid needing to implement supporting functions in all backends, the
feature is currently limited to just the Tlcl stub implementation.
In the case of mount-encrypted, it can now survive the kernel returning
read/write failures. In the past it had only worked around having open
fail, but that has now been replaced with more sensible logic instead of
the environment variable trickiness.
BUG=chrome-os-partner:15960
TEST=daisy built with an always-failing kernel driver, u-boot builds too
BRANCH=None
Change-Id: Ic7b217017537980f9c239d678067398613045676
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/38791
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
|