summaryrefslogtreecommitdiff
path: root/firmware/stub
Commit message (Collapse)AuthorAgeFilesLines
* Makefile: Enable more warnings for host utilities / testsJulius Werner2019-05-142-7/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds a bunch of more warnings that are already enabled in coreboot and thus already enabled for firmware builds anyway (because coreboot just passes its CFLAGS through). Enabling it in the vboot Makefile means they also apply to host utilities and tests, which sounds desirable for consistency. Fix enough of the cruft and bad coding practices that accumulated over the years of not having warnings enabled to get it to build again (this includes making functions static, removing dead code, cleaning up prototypes, etc.). Also remove -fno-strict-aliasing from the x86 firmware build options, because it's not clear why it's there (coreboot isn't doing this, so presumably it's not needed). BRANCH=None BUG=None TEST=make runtests Change-Id: Ie4a42083c4770a4eca133b22725be9ba85b24184 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1598721 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
* firmware: add time unit conversion definesMatt Delco2019-03-202-3/+3
| | | | | | | | | | | | | | | This change adds some #defines to assist with converting between microseconds (usec), milliseconds (msec) and full seconds. BUG=b:124358784 BRANCH=None TEST=Local build and also ran "make runtests" Change-Id: I0fd43ccb42bbd42f9ed319a29eb4015b48c879bb Signed-off-by: Matt Delco <delco@google.com> Reviewed-on: https://chromium-review.googlesource.com/1504756 Reviewed-by: Julius Werner <jwerner@chromium.org>
* vboot: changes to allow RW_LEGACY hash verificationMatt Delco2019-03-131-1/+1
| | | | | | | | | | | | | | | | | | | | This is largely a cherry-pick of CL:1133598 - Externalize vb2_digest_buffer function to vb2api_digest_buffer. - Change VbExLegacy()'s altfw_num parameter from int to enum so caller can specify which specific payload to run. BUG=b:124358784 BRANCH=None TEST=Local compile. Verified with subsequent change that legacy boot still works and new functionality can opt-in to and utilize payload verification. CQ-DEPEND=CL:1471053 Change-Id: I9700c2e38c3cfa255eeff72ce416295af9d076fb Signed-off-by: Matt Delco <delco@google.com> Reviewed-on: https://chromium-review.googlesource.com/1471051 Reviewed-by: Julius Werner <jwerner@chromium.org>
* vboot_display: Add full_info parameter to VbExDisplayDebugInfo()factory-atlas-11907.Bfactory-atlas-11907.11.BJulius Werner2019-03-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | VbExDisplayDebugInfo() was invented for the TAB display that dumps a whole lot of possibly interesting debug data to the screen. Since some debug data is only available to the calling firmware, the convention has always been that the calling firmware is supposed to append any of its own debug data it thinks may be relevant to the output. Later, the function was reused to print small info messages that give the user a hint what went wrong when a Ctrl+U or Ctrl+L fails (unlocalized, of course, but better than nothing). The calling firmware is not aware of this new use case, so every time vboot prints a "WARNING: Ctrl+L not enabled" sort of message on the screen, depthcharge also dumps the firmware IDs and TPM state below it. This patch introduces a new parameter to the function to make the two differing use cases clear to the calling firmware. CQ-DEPEND=CL:1496903 BRANCH=None BUG=None TEST=with other patches Change-Id: I52a1e764189508130fea562ad6d53bcefb1fce64 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1497038
* vboot: Add ui for setting vendor data in VPDfirmware-atlas-11827.12.BMathew King2019-02-221-1/+7
| | | | | | | | | | | | | | | BUG=b:124297157 TEST=make runtest test on device BRANCH=none CQ-DEPEND=CL:1466822 Change-Id: Ic3b1b502b1aff14a795397da3024f8a12eb04775 Reviewed-on: https://chromium-review.googlesource.com/1466290 Commit-Ready: Mathew King <mathewk@chromium.org> Tested-by: Mathew King <mathewk@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Mathew King <mathewk@chromium.org>
* Add support for booting into alternative boot loadersSimon Glass2018-09-261-1/+1
| | | | | | | | | | | | | | | | | | | Add a generic way of selecting an alternative bootloader to run from the developer-mode menu. This enables keys 1-9 to select a particular numbered bootloader. Adjust VbExLegacy() to take a numeric parameter to signal which boot loader to run. CQ-DEPEND=CL:1228875 BUG=chromium:837018 BRANCH=none TEST=FEATURES=test emerge-grunt --nodeps vboot_reference Change-Id: I02eab1b87e21a6401ec42317c4c1fa1bd2767b53 Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1060854 Reviewed-by: Julius Werner <jwerner@chromium.org>
* vboot: bulk fix tabs and spacing inconsistencyJoel Kitching2018-08-033-12/+12
| | | | | | | | | | | | | | | | | | | Problem files were found with: find . -name '*.c' -o -name '*.h' | xargs grep '^ [^*]' and edited manually. Ignores utility/ and cgpt/, since they seem to globally adhere to a two-space tab convention. BUG=None TEST=make clean runtests TEST=emerge vboot_reference depthcharge Change-Id: I5a678484a119c8f1911f717e1968bdb4f1a0810f Reviewed-on: https://chromium-review.googlesource.com/1160131 Commit-Ready: Joel Kitching <kitching@chromium.org> Tested-by: Joel Kitching <kitching@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org>
* tpm_lite: stub: retry in case of TPM comm errorstabilize-10718.88.Bstabilize-10718.71.Bstabilize-10718.69.Bstabilize-10718.111.Brelease-R68-10718.BAndrey Pronin2018-05-241-7/+45
| | | | | | | | | | | | | | | | | | | | This CL retries reads and writes from/to TPM device if an error is returned by read()/write(), up to 3 total attempts. This is useful case of transient TPM communication errors that go away after a single retry. Without this CL, after such errors the encstateful key might be regenerated and encstateful data wiped. BRANCH=none BUG=chromium:702724 TEST=1) normal boot still works; 2) simulate a single error, verify that it retries. Change-Id: I259882209df0aad66cd083729f746ea45909922b Reviewed-on: https://chromium-review.googlesource.com/1067939 Commit-Ready: Andrey Pronin <apronin@chromium.org> Tested-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org>
* tpm_lite: Set O_CLOEXEC when opening TPM device.stabilize-10682.BMattias Nissler2018-05-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This sets O_CLOEXEC when opening the TPM device to make sure the file descriptor isn't shared across processes. The TPM character device exposes the raw communication channel to send/receive commands to/from the TPM. The TPM is not designed for concurrent access by multiple users and the kernel driver already returns EBUSY on open when a different process has already opened it. Consequently, it only makes sense to have the /dev/tpm0 file descriptor be closed automatically on exec(). None of the callers I'm aware of need to share the TPM file descriptor across processes, and mount-encrypted has some ad-hoc code to close the descriptor when it does fork+exec to spawn a helper. The existing code isn't consistent and comprehensive (mount-encrypted spawns other helpers where it forgets to close the file descriptor), so the plan is to set O_CLOEXEC and remove the ad-hoc code. BRANCH=None BUG=None TEST=Compiles, passes tests, image boots. Change-Id: Ia6e73fb12e8f2ed8fe99b4c53ea6eb8cda4a21f5 Reviewed-on: https://chromium-review.googlesource.com/1055569 Commit-Ready: Mattias Nissler <mnissler@chromium.org> Tested-by: Mattias Nissler <mnissler@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org>
* tpm_lite: Implement ReadPubek command.Mattias Nissler2018-04-131-0/+17
| | | | | | | | | | | | | | | | Add a TlclReadPubek library function to read the public endorsement key. BRANCH=None BUG=chromium:788719 TEST=New unit tests. Change-Id: I5f23b76b88198d656f4ba5782d2b4f25aaa082b1 Reviewed-on: https://chromium-review.googlesource.com/790413 Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Mattias Nissler <mnissler@chromium.org> Trybot-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
* firmware: remove unused vboot1 APIsRandall Spangler2018-03-081-40/+0
| | | | | | | | | | | | | | | As we've refactored the code over the last few years, there are some dangling features which are no longer used. Remove the code for them. BUG=chromium:611535 BRANCH=none TEST=make runtests; build and boot bob CQ-DEPEND=CL:954224 Change-Id: Id4f3caa0581ce68465ea92e3eeedab501fb6b1aa Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/954354 Reviewed-by: Julius Werner <jwerner@chromium.org>
* firmware: Prune down old region APIRandall Spangler2018-01-091-18/+0
| | | | | | | | | | | | | | | | | | | | | | | | The region API was a way for firmware and kernel verification to get at various blocks of caller-provided data. In practice, we only used it internally as a way to get at parts of the GBB. Prune it down to access only the bits of GBB we still need, from the buffer we already know we have. In the long run we should use the same vb2ex_read_resource() API that vb2 firmware verification does, but that should be done in a follow-up CL since it'll need to be coordinated with support in depthcharge. No change in functionality. BUG=chromium:611535 BRANCH=none TEST=make -j runtests; build bob firmware and boot it Change-Id: I5715cb8d88274164a1a73ed4a56bbd93af46f9bf Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/852798 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
* detachables: Skip "Enable Developer Mode" in DEV modeShelley Chen2017-08-141-1/+2
| | | | | | | | | | | | | | | | | | | | When DUT is already in dev mode, don't let user select the "Enable Developer Mode" selection in the menu. Add disabled_idx_mask to VbExDisplayMenu API to allow for disabling of menu items in the future if needed. BUG=b:63078243, b:35585623 BRANCH=None TEST=reboot into recovery with DUT already in dev mode. Make sure can't scroll to "Enable Developer Mode: entry. reboot into recovery with DUT in normal mode. Make sure "Enable Developer Mode" entry is selectable. CQ-DEPEND=CL:565335 Change-Id: Ic71fe6aa2e41337787a0c2278f729356edb155fd Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/598430 Reviewed-by: Julius Werner <jwerner@chromium.org>
* define callback APIs for auxiliary firmware update.Caveh Jalali2017-05-231-0/+11
| | | | | | | | | | | | | | | TEST="COV=1 make" passes depthcharge still compiles in combination with follow-up CLs, ps8751 firmware update succeeds. BUG=b:35586896 Change-Id: Ibadc41e56e4e25ee0aba5c83caa0e3596fb9ad20 Reviewed-on: https://chromium-review.googlesource.com/505259 Commit-Ready: Caveh Jalali <caveh@google.com> Tested-by: Caveh Jalali <caveh@google.com> Reviewed-by: Randall Spangler <rspangler@chromium.org>
* detachables: Define VbExDisplayMenu()stabilize-9430.Bstabilize-9428.BShelley Chen2017-03-291-0/+6
| | | | | | | | | | | | | Create new callback for drawing detachable firmware menus BUG=b:35585623 BRANCH=None TEST=None Change-Id: Ief207f6119f00151e2d480549aaac3a8755cb1b4 Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/457838 Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
* poppy: define VbExDisplayGetDimension()Shelley Chen2017-03-021-0/+5
| | | | | | | | | | | | | callback to get rows/cols of display BUG=b:35585623 BRANCH=None TEST=make sure code compiles Change-Id: I276975b2f0eecceb66a30ceaa449ab76a440026d Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/447837 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* poppy: add highlight param to VbExDisplayText()Shelley Chen2017-02-271-1/+2
| | | | | | | | | | | | BUG=chrome-os-partner:61275 BRANCH=None TEST=None CQ-DEPEND=CL:442747,CL:442690 Change-Id: I0730b64a1f8bf1f4aeca1be5ee87724d61818b23 Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/442689 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* firmware: Adding VbExDisplayText functionShelley Chen2017-01-131-0/+6
| | | | | | | | | | | | | | | Enables easy printing of text to display. Will be used for detachable UI. BUG=chrome-os-partner:61275 BRANCH=None TEST=Tested from new vboot_ui_menu.c file CQ-DEPEND=CL:424357 Change-Id: I668dd57eaafa02fb31f6ac479bcd03a613323f14 Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/424090 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* firmware: replace VBDEBUG(()) macro with VB2_DEBUG()Randall Spangler2017-01-121-7/+10
| | | | | | | | | | | | | | | | The original VBDEBUG macro used doubly-nested parens to work with MSVC, which didn't support varargs in macros. We now only use more modern compilers, so replace it with the VB2_DEBUG macro and get rid of the ugly and fragile double parens. BUG=chromium:611535 BRANCH=none TEST=make runtests; build_packages --board=reef chromeos-firmware Change-Id: Ifc0cb0733b14daaa1fde095fab7da4215a538c77 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/425133 Reviewed-by: Shelley Chen <shchen@chromium.org>
* tpm_lite_stub: clean up debug printouts in VbExTpmSendReceiveAndrey Pronin2016-11-101-23/+18
| | | | | | | | | | | | | | | | | | | | | | 1) Callers of VbExTpmSendReceive often use the same buffer for TPM command and response. So, debug-print the command before sending to avoid it being overwritten with the response before printing. 2) VbExTpmSendReceive only prints execution time in debug mode. Execute gettimeofday() only when debug mode is enabled. 3) Avoid printing "DEBUG: " prefix before every byte in the command/response. BUG=none BRANCH=none TEST=emerge-$BOARD vboot_reference with and without DEBUG=1, run tpmc commands, check the output. Change-Id: I1bfe9a21e1a78227996eb7310a3584a9e5b73a87 Reviewed-on: https://chromium-review.googlesource.com/409613 Commit-Ready: Andrey Pronin <apronin@chromium.org> Tested-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org>
* vboot: use malloc and free directlyRandall Spangler2016-11-068-198/+4
| | | | | | | | | | | | | | | | Originally, vboot1 code used VbExMalloc() and VbExFree() since it needed to talk to EFI firmware that didn't have standard malloc() and free(). Now, coreboot and depthcharge implement them as wrappers around those standard calls. vboot2 code already calls them directly, so let vboot1 code do that too. BUG=chromium:611535 BRANCH=none TEST=make runtests; emerge-kevin coreboot depthcharge Change-Id: I49ad0e32e38d278dc3589bfaf494bcf0e4b0a4bd Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/400905
* vboot: use standard memcmp, memcpy, memsetRandall Spangler2016-10-232-36/+1
| | | | | | | | | | | | | | Originally, we didn't trust the firmware to provide these functions from a standard library. Now, with coreboot, we do. BUG=chromium:611535 BRANCH=none TEST=make runtests; emerge-kevin coreboot depthcharge Change-Id: I4e624c40085f2b665275a38624340b2f6aabcf11 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/399120 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
* Fix indentation in firmware and host libsRandall Spangler2016-10-132-172/+184
| | | | | | | | | | | | | | | | | | | vboot_reference originally used 2-space indentation, rather than kernel-style tabs. This makes it painful to maintain given that newer source files are kernel-style. Re-indent the files that need it, and reflow comments. No functionality changes. BUG=none BRANCH=none TEST=make runtests Change-Id: I7dabed41f69434b1988a52600c0cb1eac8c8d7e6 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/396488 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
* Fix coverity warnings in firmwareRandall Spangler2016-09-061-1/+1
| | | | | | | | | | | | | | Assorted minor code issues, which we should fix so any new errors stand out more. BUG=chromium:643769 BRANCH=none TEST=make runtests Change-Id: I84182df0d0e222f4f60206c621ec62e1ee283adb Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/380697 Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
* Support doing battery cut-off in firmware stage.Hung-Te Lin2016-04-121-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new crossystem value "battery_cutoff_request" to indicate that next reboot should cut-off battery and shutdown during firmware stage. This request is primarily for factories to ship devices in an safe state. Previously we have done same thing by running "ectool battery-cutoff" but that creates a problem which "ectool" (and the one to request for cut-off) must live in developer mode while the device must be shipped in normal mode. The mode transition was solved by setting "disable_dev_request=1", but that flag is may get lost on x86 systems (having NV storage in CMOS) when the battery is cut-off . From the experience from Ryu, such settings (dev mode transition and battery cut-off) should be done together inside firmware execution so we can create a new flag, battery_cutoff_request, to finalize device properly. BRANCH=none BUG=chromium:601705 TEST=emerge-chell depthcharge vboot_reference chromeos-bootimage crossystem battery_cutoff_request=1 # Unplug AC adapter reboot # See device rebooted and then shutdown immediately. # Press power button and system won't boot. # Attach AC adapter and now system boots. CQ-DEPEND=CL:337596,CL:338193 Change-Id: I73ccae15b337cd65786106646546c67c155b8fa6 Reviewed-on: https://chromium-review.googlesource.com/337602 Commit-Ready: Hung-Te Lin <hungte@chromium.org> Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
* Port to musl: musl doesn't have execinfo.h.Doug Evans2016-01-071-0/+15
| | | | | | | | Change-Id: Idc2f18880581d3a2e67185becee8b77cfa5cdf04 Reviewed-on: https://chromium-review.googlesource.com/313388 Commit-Ready: Doug Evans <dje@google.com> Tested-by: Doug Evans <dje@google.com> Reviewed-by: Randall Spangler <rspangler@chromium.org>
* vboot: Change VbExEc implementations to support RO updateMary Ruthven2016-01-061-7/+9
| | | | | | | | | | | | | | | | | This change will be used to support EC-RO software sync by allowing for access to the readonly region of firmware. Currently only the writable section is accessed by vboot using VB_SELECT_FIRMWARE_A and B. BUG=chrome-os-partner:48703 BRANCH=none TEST=built on jerry and check that the RO hash can be read and the image can be updated. CQ-DEPEND=CL:319185,CL:320425,CL:320598 Change-Id: Ic3942d86b65da3123798cfd11a78056f5dab6699 Signed-off-by: Mary Ruthven <mruthven@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/319213 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* vboot_api_kernel: Add new EcVbootDone APIShawn Nematbakhsh2015-10-291-0/+5
| | | | | | | | | | | | | | | | | | | Add a new post-EC software sync API VbExEcVbootDone() to take actions which normally need to happen after EC verification / sysjump. BUG=chromium:537269 TEST=Manual on Glados. Set CHG_MW thresh to 20000, BAT_PCT to 50. Verify that LIMIT_POWER host event is set until Zinger negotiates to 20V. Also verify that we do not proceed with boot when Donette is plugged. BRANCH=None CQ-DEPEND=CL:307885,CL:309523 Change-Id: I77e6000aa8a44e3aca4fb5982e5b5f5191774989 Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/307952 Commit-Ready: Shawn N <shawnn@chromium.org> Tested-by: Shawn N <shawnn@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org>
* Pass locale to VbExDisplayScreenDaisuke Nojiri2015-10-151-1/+1
| | | | | | | | | | | | | | | This change makes VbDisplayScreen read the last saved locale from nvram and pass it to VbExDisplayScreen so that it can draw locale dependent screens. BUG=chromium:502066 BRANCH=tot TEST=Tested on Samus. make runtests. CQ-DEPEND=CL:304382,CL:306100,CL:306110 Change-Id: I9782ec5a8a9f8393998aa8a0d64e88ad1809233b Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/304375
* vboot_reference: fix unittest when building with clang.Yunlian Jiang2015-06-111-1/+1
| | | | | | | | | | | | | | | | | | | | When linking vboot_api_kernel4_tests, there are two VbBootNormal() available, the gcc chooses the one in vboot_api_kernel4_tests.c and the test passes, the clang chooses the one in vboot_api_kernel.c and make the unittest fail. This CL makes the one in vboot_api_kernel.c a weak symbol so that clang can choose the one in vboot_api_kernel4_tests.c BUG=chromium:498469 BRANCH=none TEST=CC=x86_64-cros-linux-gnu-clang FEATURES='test' emerge-amd64-generic vboot_reference Change-Id: Ibcb78ee055fc9485dbc2bcc1d1cf98144a1a3b64 Reviewed-on: https://chromium-review.googlesource.com/276504 Reviewed-by: Randall Spangler <rspangler@chromium.org> Commit-Queue: Yunlian Jiang <yunlian@chromium.org> Tested-by: Yunlian Jiang <yunlian@chromium.org>
* cgpt: Add a callback to allow override of GPT entry priorityFurquan Shaikh2015-06-041-0/+5
| | | | | | | | | | | | | | | | | | | | This can be used by implementations that want to request vboot to favor a particular kernel entry for booting without affecting the checks for rollback protection and image verification. CQ-DEPEND=CL:274716, CL:274932, CL:275171 BUG=None BRANCH=None TEST=Compiles successfully. make -j runtests successful. Change-Id: I6a4600020354f5d4118c17f083c353c2585c4181 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/274558 Reviewed-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Stefan Reinauer <reinauer@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Commit-Queue: Nicolas Boichat <drinkcat@chromium.org> Trybot-Ready: Nicolas Boichat <drinkcat@chromium.org>
* futility: workaround for broken toolchain in static buildsBill Richardson2014-11-301-0/+39
| | | | | | | | | | | | | | | | | | The cros-compiler doesn't support backtrace(3) when linked statically. Until that's fixed, just don't use it. BUG=chromium:437107 BRANCH=ToT, samus TEST=manual FEATURES=test emerge-link vboot_reference /build/link/usr/bin/futility_s gbb_utility -c 100,100,100,100 test.bin /build/link/usr/bin/futility_s gbb_utility -s --hwid=HEY test.bin Change-Id: I66b76fc8c0aa92f95976c5d5015f62730bb12064 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/232234 Reviewed-by: Mike Frysinger <vapier@chromium.org>
* vboot: new streaming APIsDan Ehrenberg2014-10-151-0/+87
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds three functions called from vboot into depthcharge to support NAND. NAND needs to stream rather than be accessed randomly in order to skip bad blocks. The intended flow from vboot1 is: - Read the GPT from a NAND disk handle, and depthcharge will silently fill it in with reads from from SPI - When a partition is selected, open a stream on the volume to access NAND - Sequentially read the NAND partition - Close the NAND stream This can be done multiple times when trying different partitions. The stream is associated with the GPT by reading/opening a stream from the same disk handle. This patch includes stub implementations by rspangler to translate the stream calls to block device calls. To reduce vboot code duplication, this flow will be done for all media types eventually, but a STREAMING flag is included to ease the transition. The draft depthcharge code can be found at https://chromium-review.googlesource.com/#/c/222312/ BUG=chromium:403432 TEST=stub implementations pass unit tests; together with upcoming depthcharge and vboot code, actually boots a kernel. This compiles by itself. BRANCH=none Change-Id: I660a89594390c72c2ef6ea2564367ce62bd90cf2 Reviewed-on: https://chromium-review.googlesource.com/221992 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Daniel Ehrenberg <dehrenberg@chromium.org> Tested-by: Randall Spangler <rspangler@chromium.org> Commit-Queue: Randall Spangler <rspangler@chromium.org>
* vboot: Notify EC of current boot modeSheng-Liang Song2014-09-031-0/+13
| | | | | | | | | | | | | | | | | | | | Notify EC of boot mode, i.e. normal, developer or recovery. This is necessary for battery firmware updates. BUG=chrome-os-partner:24741 CQ-DEPEND=CL:205323 CQ-DEPEND=CL:210033 CQ-DEPEND=CL:215720 BRANCH=ToT TEST=Verified on samus & glimmer. Passed runalltests. ~/trunk/src/platform/vboot_reference $ make runalltests -j Change-Id: I1613ede34b4a929d1e8114fb519861f349377e94 Signed-off-by: Sheng-Liang Song <ssl@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/210032 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* Change VbExEc functions to take a devidx parameterstabilize-6092.Bstabilize-6082.BRandall Spangler2014-07-191-10/+10
| | | | | | | | | | | | | | | | | | | | This will be used in subsequent CLs to support PD software sync. For now, only devidx=0 is used. This changes the external vboot API, so must be checked in at the same time as changes to the u-boot and depthcharge implementations. For now, those implementations should simply check if devidx=0 and fail if it's not. BUG=chrome-os-partner:30079 BRANCH=none TEST=make runtests CQ-DEPEND=CL:208195,CL:208196 Change-Id: Iad3be9d676ac224c4582669bcd67176b39f75c73 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/208210 Reviewed-by: Bill Richardson <wfrichar@chromium.org>
* lib: Add VbExDisplaySetDimension.Hung-Te Lin2014-05-131-0/+5
| | | | | | | | | | | | | | | | | | | | | For displaying GBB images on panels with different dimension, X86 has VESA mode and VBIOS to scale automatically but ARM does not have such mode settings. If we install a larger panel on ARM platforms, current firmware will render the screens in left-top corner and leave black borders in right-bottom corner. To render images correctly, vboot library has to send out the expected dimension (similar to the VESA mode) so display provider can scale or shift images. BUG=chrome-os-partner:28494 TEST=emerge-nyan vboot_reference CQ-DEPEND=CL:199051,CL:199045 BRANCH=none Change-Id: I6d60f755ca2bcbd3135631d7624a8a4a4cff68b1 Reviewed-on: https://chromium-review.googlesource.com/199043 Reviewed-by: Bill Richardson <wfrichar@chromium.org> Tested-by: Hung-Te Lin <hungte@chromium.org> Commit-Queue: Hung-Te Lin <hungte@chromium.org>
* vboot: use recovery button as dev mode switch confirmationstabilize-5339.BLuigi Semenzato2014-01-191-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We don't allow ENTER from a USB keyboard as the confirmation in the switch from normal to developer mode. For devices that have a physical recovery button, we require a recovery button press instead. For other devices, we require that ENTER be pressed on the internal keyboard. This prevents an "evil keyboard" attack in which a USB keyboard (or other USB device pretending to be a keyboard) sends a control-D/ENTER sequence shortly after every boot (followed by more evil keys). In that situation, when users power-on in recovery mode, they will be forced to dev mode even if it was not their intention. Further attacks are easy at that point. TESTING. On a panther device: 1. powered on with recovery button pressed -> booted in recovery mode 2. pressed control-D on external USB keyboard -> got to ToDev? screen 3. pressed ENTER -> system beeped 4. pressed recovery button -> system rebooted in DEV mode ... all as expected Also: 1. powered on with recovery button pressed and HELD recovery button 2. pressed control-D -> system beeped BUG=chrome-os-partner:21729 TEST=manual (see commit message) BRANCH=none CQ-DEPEND=CL:182420,CL:182946,CL:182357 Change-Id: Ib986d00d4567c2d447f8bbff0e5ccfec94596aa7 Reviewed-on: https://chromium-review.googlesource.com/182241 Reviewed-by: Luigi Semenzato <semenzato@chromium.org> Tested-by: Luigi Semenzato <semenzato@chromium.org> Commit-Queue: Luigi Semenzato <semenzato@chromium.org>
* Disable EC jump after RW image startsstabilize-5085.BDaisuke Nojiri2013-12-061-1/+1
| | | | | | | | | | | | | | | TEST=Built and booted Peppy. Ran flashrom from user space and verified the EC firmware was updated after reboot. CQ-DEPEND=CL:172651, CL:172652, CL:178324 BRANCH=none BUG=chromium:325286 Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Change-Id: Ia73da70dbf3abb5ced48666e86715c8d24a431a0 Reviewed-on: https://chromium-review.googlesource.com/172635 Reviewed-by: Randall Spangler <rspangler@chromium.org> Tested-by: Daisuke Nojiri <dnojiri@google.com> Commit-Queue: Daisuke Nojiri <dnojiri@google.com>
* Add memory leak checkingSimon Glass2013-09-171-0/+88
| | | | | | | | | | | | | | | | | Add checks that the vboot library does not leak memory. This works by tracking VbExMalloc() calls and making sure that they have an associated VbExFree(). Adjust host_signature to use VbExFree() instead of free(), so that this scheme works correctly for existing code. BUG=chrome-os-partner:21115 BRANCH=pit TEST=FEATURES=test emerge-peach_pit vboot_reference Change-Id: I6ccccfbcc162fc43fb75862cd0eddad78ce8b18a Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/66175
* Implementation of Region APIstabilize-4636.BSimon Glass2013-08-301-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At present reading data from storage in Vboot is a little fragmented. For the firmware image, we expect the boot loader to handle this. For the disk we have a block-level API. For the GBB (which also sits in the firmware image) we expect the entire thing to be read before Vboot is called. Add the concept of a region, and an API to read from a region. At present, and most pressing, is reading from a GBB region. In the future this could be extended to other parts of the firmware or even the disk. Move all access to the GBB into this API so that the boot loader can provide either a GBB region in one large contiguous chunk, or a function to deal with read requests from vboot. The call to VbExRegionRead() is behind a flag since not all boot loaders support it yet. The main change for boot loaders which don't support this new API is that vboot will do more behind the scenes. For example, it will allocate memory for chunks of data that it reads from the GBB, rather than just accessing it directly. This approach is considerably simpler than trying to pass char ** everywhere and have vboot decide whether something needs to be allocated or not. The tests are updated, mainly to include setting up a GBB structure accessible from VbCommonParams, which is now required by the firmware and kernel functions. In normal operation this is set up at the start of VbLoadFIrmware() and VbSelectAndLoadKernel() but for tests which call children of these functions directly, the GBB structure must be set up manually by the test. BUG=chrome-os-partner:21115 BRANCH=none TEST=manual FEATURES=test sudo -E emerge vboot_reference Change-Id: If2b8bbe467fdbd643239d8d9b5d7aa98df4d286f Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: David Hendricks <dhendrix@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/63336 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/167361
* Revert "Implementation of Region API"Yoshiki Iguchi2013-08-291-21/+0
| | | | | | | | | | | | | This reverts commit 1d3c804b6b9d2ffb6953a7ee98fabfd548915ad7. This patch breaks cbuildbot on internal paladins bots. Change-Id: Icf7f9d9bbb56b092035888eaa3e249ffd23fac16 (cherry picked from commit 3a60335ebb1530e5fd9d5da3bc6214949bc59caf) Reviewed-on: https://chromium-review.googlesource.com/167451 Reviewed-by: Yoshiki Iguchi <yoshiki@chromium.org> Commit-Queue: Yoshiki Iguchi <yoshiki@chromium.org> Tested-by: Yoshiki Iguchi <yoshiki@chromium.org>
* Implementation of Region APISimon Glass2013-08-281-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At present reading data from storage in Vboot is a little fragmented. For the firmware image, we expect the boot loader to handle this. For the disk we have a block-level API. For the GBB (which also sits in the firmware image) we expect the entire thing to be read before Vboot is called. Add the concept of a region, and an API to read from a region. At present, and most pressing, is reading from a GBB region. In the future this could be extended to other parts of the firmware or even the disk. Move all access to the GBB into this API so that the boot loader can provide either a GBB region in one large contiguous chunk, or a function to deal with read requests from vboot. The call to VbExRegionRead() is behind a flag since not all boot loaders support it yet. The main change for boot loaders which don't support this new API is that vboot will do more behind the scenes. For example, it will allocate memory for chunks of data that it reads from the GBB, rather than just accessing it directly. This approach is considerably simpler than trying to pass char ** everywhere and have vboot decide whether something needs to be allocated or not. The tests are updated, mainly to include setting up a GBB structure accessible from VbCommonParams, which is now required by the firmware and kernel functions. In normal operation this is set up at the start of VbLoadFIrmware() and VbSelectAndLoadKernel() but for tests which call children of these functions directly, the GBB structure must be set up manually by the test. BUG=chrome-os-partner:21115 BRANCH=none TEST=manual FEATURES=test sudo -E emerge vboot_reference Change-Id: I2c19e9dc2ed602d0642bbf4f7d27f79fe9fad873 Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/63336 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* Massive refactoring of external header files.Bill Richardson2013-04-026-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | This reduces the number of exported header files to the minimum needed by the existing userspace utilities and firmware implementations. BUG=chromium:221544 BRANCH=none TEST=manual, trybots CQ-DEPEND=CL:47019,CL:47022,CL:47023 sudo FEATURES=test emerge vboot_reference FEATURES=test emerge-$BOARD \ vboot_reference \ chromeos-cryptohome \ chromeos-installer \ chromeos-u-boot \ peach-u-boot \ depthcharge Change-Id: I2946cc2dbaf5459a6c5eca92ca57d546498e6d85 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/47021 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* Get rid of some crufty macros.Gabe Black2013-03-195-15/+5
| | | | | | | | | | | | | | | | | | | | | | | These were macros that were never used, or that were only set to one thing and could be substituted up front. I left in code guarded by the HAVE_ENDIAN_H and HAVE_LITTLE_ENDIAN macros even though those are never defined because they guard a reportedly significantly faster implementation of some functionality, at least according to a comment in the source. It would be a good idea to enable that code path and see if it really does make a big difference before removing it entirely. BUG=None TEST=Built for Link, Daisy, and the host with FEATURES=test. Built depthcharge for Link and booted in normal mode. BRANCH=None Change-Id: I934a4dd0da169ac018ba07350d56924ab88b1acc Signed-off-by: Gabe Black <gabeblack@google.com> Reviewed-on: https://gerrit.chromium.org/gerrit/45687 Reviewed-by: Randall Spangler <rspangler@chromium.org> Commit-Queue: Gabe Black <gabeblack@chromium.org> Tested-by: Gabe Black <gabeblack@chromium.org>
* Get rid of the now unused biosincludes.h headers.stabilize-3881.0.BGabe Black2013-03-191-42/+0
| | | | | | | | | | | | | | | | These are no longer necessary. BUG=None TEST=Built for Daisy, Link, Lumpy. BRANCH=None Change-Id: I8db7dde1ba52bd5cf1881481ef6a502a5b509439 Signed-off-by: Gabe Black <gabeblack@google.com> Reviewed-on: https://gerrit.chromium.org/gerrit/45686 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org> Tested-by: Gabe Black <gabeblack@chromium.org> Commit-Queue: Gabe Black <gabeblack@chromium.org>
* Split off modules required for VbInit() and VbSelectFirmware()Randall Spangler2013-02-264-85/+123
| | | | | | | | | | | | | | | | | This makes it more obvious which modules and VbEx*() functions must be implemented to call these entry points. This change only moves functions between modules and adds two link-test binaries; it doesn't change any functionality. BUG=chromium-os:39262 BRANCH=none TEST=make && make runtests Change-Id: If3edf0b1989b631f0e7ad18de7ccdad8315181b5 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/44076 Reviewed-by: Bill Richardson <wfrichar@chromium.org>
* Reformat to kernel styleRandall Spangler2013-02-061-117/+128
| | | | | | | | | | | | No code changes, just reformatting. BUG=none BRANCH=none TEST=make runtests Change-Id: Ibffadf6c8a5911b79a29f8f554ca00c595f6b27b Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/42624
* EC software sync uses precomputed hash if availableRandall Spangler2013-02-061-0/+13
| | | | | | | | | | | | | This removes the need to load the EC code at all when the precomputed hash matches. BUG=chrome-os-partner:17606 BRANCH=spring TEST=wouldn't that be nice Change-Id: If4438b9db8b1449b8fd4d90ef3acb3bbec5e09a0 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/42567
* tlcl: move open retry into TlclKees Cook2012-12-121-6/+24
| | | | | | | | | | | | | Make sure all Tlcl users benefit from the new retry logic. BUG=None TEST=daisy build, manual testing of racing tpmc loops BRANCH=None Change-Id: I8e9656a65b5d6b45694c1c8bceb95f54f7c751bb Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/39525 Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
* Tlcl: allow OS failures to bubble up to callerstabilize2Kees Cook2012-11-281-10/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | If there were any errors communicating with the TPM at the OS layer (open, read, write failures), the library would immediately exit, not allowing the caller to make any decisions about how to handle it. This introduces a way to initialize the library so that errors will get passed back up to the caller instead of unceremoniously exiting. Setting the environment variable "TPM_NO_EXIT=1" enables the feature. To avoid needing to implement supporting functions in all backends, the feature is currently limited to just the Tlcl stub implementation. In the case of mount-encrypted, it can now survive the kernel returning read/write failures. In the past it had only worked around having open fail, but that has now been replaced with more sensible logic instead of the environment variable trickiness. BUG=chrome-os-partner:15960 TEST=daisy built with an always-failing kernel driver, u-boot builds too BRANCH=None Change-Id: Ic7b217017537980f9c239d678067398613045676 Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/38791 Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
View Lorry Controller Status