| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's possible for the AP to get updated and remove the RO-normal flag
without needing to update EC-RW firmware - for example, if it only
needs to update the BIOS. In this case, the EC doesn't need update,
but does need to jump to its RW firmware. But if the EC is already
booted RO-normal with jump disabled, it will refuse that request and
go to recovery mode.
The fix is simply to check if the request to jump to RW requires the
EC to cold-boot first, and pass through that error code to the caller.
BUG=chrome-os-partner:22617
BRANCH=none (affects all platforms, but only in this odd case, and this
is a change to the RW portion of the code)
TEST=pass new unit test which triggers this condition
Change-Id: Ia8d64dff784a9135ef23f6eb26bbca4ad9df57c3
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/170168
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't allow ENTER from a USB keyboard as the confirmation
in the switch from normal to developer mode.
For devices that have a physical recovery button, we require
a recovery button press instead. For other devices, we
require that ENTER be pressed on the internal keyboard.
This prevents an "evil keyboard" attack in which a USB keyboard
(or other USB device pretending to be a keyboard) sends a
control-D/ENTER sequence shortly after every boot (followed
by more evil keys). In that situation, when users power-on in
recovery mode, they will be forced to dev mode even if it
was not their intention. Further attacks are easy at
that point.
TESTING. On a panther device:
1. powered on with recovery button pressed -> booted in recovery mode
2. pressed control-D on external USB keyboard -> got to ToDev? screen
3. pressed ENTER -> system beeped
4. pressed recovery button -> system rebooted in DEV mode
... all as expected
Also:
1. powered on with recovery button pressed and HELD recovery button
2. pressed control-D -> system beeped
BUG=chrome-os-partner:21729
TEST=manual (see commit message)
BRANCH=none
CQ-DEPEND=CL:182420,CL:182946,CL:182357
Change-Id: Ib986d00d4567c2d447f8bbff0e5ccfec94596aa7
Reviewed-on: https://chromium-review.googlesource.com/182241
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Tested-by: Luigi Semenzato <semenzato@chromium.org>
Commit-Queue: Luigi Semenzato <semenzato@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is some inherent latency between the time the USB root hub is
initialized and the time USB devices are detected. This can lead to a
situation where USB media is attached, yet not found when we do our
initial device poll. The device may be detected in subsequent polls, so
the media can be booted and no 'remove' screen will be displayed.
With this change, if no media to remove is initially found, a second
poll will be made after a 500ms delay. This will be enough time for USB
devices to be correctly detected in our test cases.
Also, it is necessary to change the unit test due to the fact that we
now call VbExDiskGetInfo twice before actually displaying any screen.
TEST=Manual on Monroe. Insert USB media and trigger recovery boot.
Verify 'remove' screen is seen, 'insert' screen is seen after removing
media, and system boots after re-inserting media. Also passes
vboot_reference unit tests.
BUG=chrome-os-partner:23840
BRANCH=Panther, Monroe
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: Ia902c3a126588cd7ea618f2dbbca6b38d35d6ea0
Reviewed-on: https://chromium-review.googlesource.com/179757
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TEST=Built and booted Peppy. Ran flashrom from user space and
verified the EC firmware was updated after reboot.
CQ-DEPEND=CL:172651, CL:172652, CL:178324
BRANCH=none
BUG=chromium:325286
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: Ia73da70dbf3abb5ced48666e86715c8d24a431a0
Reviewed-on: https://chromium-review.googlesource.com/172635
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Daisuke Nojiri <dnojiri@google.com>
Commit-Queue: Daisuke Nojiri <dnojiri@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add checks that the vboot library does not leak memory. This works by
tracking VbExMalloc() calls and making sure that they have an associated
VbExFree().
Adjust host_signature to use VbExFree() instead of free(), so that this
scheme works correctly for existing code.
BUG=chrome-os-partner:21115
BRANCH=pit
TEST=FEATURES=test emerge-peach_pit vboot_reference
Change-Id: I6ccccfbcc162fc43fb75862cd0eddad78ce8b18a
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/66175
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At present reading data from storage in Vboot is a little fragmented. For
the firmware image, we expect the boot loader to handle this. For the disk
we have a block-level API. For the GBB (which also sits in the firmware
image) we expect the entire thing to be read before Vboot is called.
Add the concept of a region, and an API to read from a region. At present,
and most pressing, is reading from a GBB region. In the future this could
be extended to other parts of the firmware or even the disk.
Move all access to the GBB into this API so that the boot loader can provide
either a GBB region in one large contiguous chunk, or a function to deal with
read requests from vboot.
The call to VbExRegionRead() is behind a flag since not all boot loaders
support it yet.
The main change for boot loaders which don't support this new API is that
vboot will do more behind the scenes. For example, it will allocate memory
for chunks of data that it reads from the GBB, rather than just accessing it
directly. This approach is considerably simpler than trying to pass char **
everywhere and have vboot decide whether something needs to be allocated or
not.
The tests are updated, mainly to include setting up a GBB structure
accessible from VbCommonParams, which is now required by the firmware and
kernel functions. In normal operation this is set up at the start of
VbLoadFIrmware() and VbSelectAndLoadKernel() but for tests which call
children of these functions directly, the GBB structure must be set up
manually by the test.
BUG=chrome-os-partner:21115
BRANCH=none
TEST=manual
FEATURES=test sudo -E emerge vboot_reference
Change-Id: If2b8bbe467fdbd643239d8d9b5d7aa98df4d286f
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Hendricks <dhendrix@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/63336
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/167361
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 1d3c804b6b9d2ffb6953a7ee98fabfd548915ad7.
This patch breaks cbuildbot on internal paladins bots.
Change-Id: Icf7f9d9bbb56b092035888eaa3e249ffd23fac16
(cherry picked from commit 3a60335ebb1530e5fd9d5da3bc6214949bc59caf)
Reviewed-on: https://chromium-review.googlesource.com/167451
Reviewed-by: Yoshiki Iguchi <yoshiki@chromium.org>
Commit-Queue: Yoshiki Iguchi <yoshiki@chromium.org>
Tested-by: Yoshiki Iguchi <yoshiki@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At present reading data from storage in Vboot is a little fragmented. For
the firmware image, we expect the boot loader to handle this. For the disk
we have a block-level API. For the GBB (which also sits in the firmware
image) we expect the entire thing to be read before Vboot is called.
Add the concept of a region, and an API to read from a region. At present,
and most pressing, is reading from a GBB region. In the future this could
be extended to other parts of the firmware or even the disk.
Move all access to the GBB into this API so that the boot loader can provide
either a GBB region in one large contiguous chunk, or a function to deal with
read requests from vboot.
The call to VbExRegionRead() is behind a flag since not all boot loaders
support it yet.
The main change for boot loaders which don't support this new API is that
vboot will do more behind the scenes. For example, it will allocate memory
for chunks of data that it reads from the GBB, rather than just accessing it
directly. This approach is considerably simpler than trying to pass char **
everywhere and have vboot decide whether something needs to be allocated or
not.
The tests are updated, mainly to include setting up a GBB structure
accessible from VbCommonParams, which is now required by the firmware and
kernel functions. In normal operation this is set up at the start of
VbLoadFIrmware() and VbSelectAndLoadKernel() but for tests which call
children of these functions directly, the GBB structure must be set up
manually by the test.
BUG=chrome-os-partner:21115
BRANCH=none
TEST=manual
FEATURES=test sudo -E emerge vboot_reference
Change-Id: I2c19e9dc2ed602d0642bbf4f7d27f79fe9fad873
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/63336
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At present the kernel tests produce valgrind errors since the GPT data is
sometimes accessed before it is read. This is unnecessary, so update the
code to avoid this.
BUG=chrome-os-partner:21115
BRANCH=pit
TEST=manual
valgrind --leak-check=full ./build/tests/vboot_kernel_tests
See that we no longer get valgrind errors.
Change-Id: I9e9660e38a62a735cf01a37c2d81ddb5ab8b1528
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/66173
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some functions of vboot are disabled for sandbox because sandbox could not
support them. This has changed, so remove the sandbox #ifdefs in the code.
Some printf() strings cause warnings on sandbox - mostly that uin64_t is
not 'long long' on a 64-bit machine. The existing format strings in U-Boot
do not seem to take account of this, so add casts to remove the warnings.
Also add a few more debug strings to make it easier to see what is happening
in the vboot flow.
BUG=chrome-os-partner:21115
BRANCH=pit
TEST=manual
crosfw -b sandbox -V
See there are no warnings.
Change-Id: I86f90a693e4bd23fcacf6d48297dd32229348dd4
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/65621
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This tells the boot loader the number of firmware types that are supported,
so that it can declare arrays of that size.
BUG=chrome-os-partner:21115
BRANCH=pit
TEST=manual
Build for pit, link, daisy
Change-Id: Ib10e559af29b8dfe78268eb6e0465a245427313e
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/66095
Reviewed-by: Che-Liang Chiou <clchiou@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In many cases format strings in vboot_reference do not match their
parameters, which causes all kind of ugly results when examining debug
output.
Enforce proper format verification.
CQ-DEPEND=CL:65396
BRANCH=pit
BUG=none
TEST=manual
. compiled cleanly in vboot_reference, observed debug printouts
making sense.
Change-Id: I58d5ba1f9097ef9922fbaeb7a9946aadf5eb8617
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/65394
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These function prototypes changed recently and the mocked driver is not
building any longer.
BUG=none
BRANCH=none
TEST=successful build with MOCK_TPM=1
Change-Id: Iaaf2d2c2883add7a478d7ee887b06e45c65e1bb2
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/65338
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add labels to MTD partitions and clean up some of the show code, adding more
info on the MTD prints and eliminating duplicated code.
BRANCH=none
TEST=make runtests & manual cgpt add -l "label"; cgpt show to verify labels
BUG=none
Change-Id: I59736128f394c2aca937a3a0bb5fc5d42b0149a9
Reviewed-on: https://gerrit.chromium.org/gerrit/63367
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
firmware/lib/flash_ts.c: In function 'flash_ts_find_writeable_spot':
firmware/lib/flash_ts.c:180:5: error:
implicit declaration of function 'VbExDebug' [-Werror=implicit-function-declaration]
cc1: all warnings being treated as errors
BUG=None
TEST=`make` works
TEST=`make DEBUG=1` works
BRANCH=none
Change-Id: Id529ca885828ca38d5230f41f81d4b87395c5e65
Reviewed-on: https://gerrit.chromium.org/gerrit/59654
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's extremely helpful to know what a device's gbb flags are when
running vboot. It aids in debugging issues by providing more
information and context.
BUG=None
BRANCH=None
TEST=Built and booted. Checked log.
Change-Id: I663de6f617f0e8c74e2b2f3b7a2be63f4a9c020a
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/63489
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SetupTPM no longer uses recovery_mode parameter for anything other than
a debug print. This change moves the debug print to a caller function,
then removes recovery_mode from SetupTPM and some caller functions that
no longer have a use for it.
BUG=chrome-os-partner:20913.
TEST=Manual. Boot factory install shim in recovery mode and verify TPM
clear operations succeed. Boot in dev mode and verify "Lock physical
presence" print on UART.
BRANCH=None.
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: I2f671f6680a6e67cf722855e659e99752bc0783c
Reviewed-on: https://gerrit.chromium.org/gerrit/62916
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RollbackKernelLock previously checked a global to determine recovery
mode state. Since we have two copies of vboot_reference in firmware
(in coreboot and depthcharge), this creates a problem with
synchronization. Remove the global entirely and instead pass the
recovery state to RollbackKernelLock.
BUG=chrome-os-partner:20913.
TEST=Manual. Boot factory install shim in recovery mode and verify TPM
clear operations succeed. Boot in dev mode and verify "Lock physical
presence" print on UART.
BRANCH=FalcoPeppy.
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: I4e751d4a9ca60cd57c5c662ce86eba595fb22ba2
Reviewed-on: https://gerrit.chromium.org/gerrit/62874
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per the discussion on issue 221745 we will be using 64-bit byte offsets
for the MTD partition table and converting to/from sectors internally in cgpt.
Existing interfaces do not change, eg sizes are still reported in sectors, only
the on-disk representation is affected.
BRANCH=none
BUG=chromium:221745
TEST=unit tests pass
Change-Id: Id312d42783acfdabe6eb8aea11dcbd298e00a100
Reviewed-on: https://gerrit.chromium.org/gerrit/60919
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
Reviewed-by: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If FW hash is invalid, it is possible for boot to continue as normal
because the shared recovery reason is not updated. Update the shared
recovery reason to ensure the bootloader knows to do a recovery boot.
This change affects only systems that do not support RO_NORMAL (ex.
Haswell systems).
BUG=chrome-os-partner:20518.
TEST=Run firmware_CorruptBothFwSigAB on Peppy, verify PASS.
BRANCH=None.
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: I3b311416bf8c504deb4154e5850d967253c9dc17
Reviewed-on: https://gerrit.chromium.org/gerrit/60148
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Commit-Queue: Shawn Nematbakhsh <shawnn@chromium.org>
Tested-by: Shawn Nematbakhsh <shawnn@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix some bugs in the cgpt implementation of the flash I/O functions & load
logic, it was validating too much at load time.
Implement the create command for MTD
BUG=chromium:221745
TEST=MTD version of run_cgpt_tests.sh passes
BRANCH=none
Original-Change-Id: I2f52637d82962f4d805aa827c5c37685f10e76ea
Reviewed-on: https://gerrit.chromium.org/gerrit/47172
Tested-by: Albert Chaulk <achaulk@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
(cherry picked from commit 931544744ba410dad267064b87d504b0b4c24772)
Change-Id: If9364155fb2c030645adc6ee6f3fbe5373bcc153
Reviewed-on: https://gerrit.chromium.org/gerrit/49793
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
Reviewed-by: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=none
BUG=none
TEST=manual
. observe proper function name reported in the debug output
Change-Id: I03f87f0f5816db73a105687cd1a67f21c891f677
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/59642
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide an MTD implementation of several common functions in cgpt_common.c
BUG=chromium:221745
BRANCH=none
TEST=none
Original-Change-Id: Ib3248c283ca31e33a91b9ea0c14b2f72ea7c5850
Reviewed-on: https://gerrit.chromium.org/gerrit/47029
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
(cherry picked from commit b0bd7e4cf8dd15cc3c371dac157093c7e7c7a874)
Change-Id: I243c2bf98a88d0019c332b274868459b5f1b8ea1
Reviewed-on: https://gerrit.chromium.org/gerrit/49791
Reviewed-by: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) GBB flag to skip EC software sync, so EC will be untouched. Needed
for EC development.
2) GBB flag to default to booting legacy at end of dev screen timeout.
Very handy for booting Ubuntu (or other OS).
Also added unit tests for the new flags.
BUG=chrome-os-partner:20111
BRANCH=none
TEST=make runtests
Change-Id: I9da87d87014881a1b1393b0b4a5acb921d080066
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/58270
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This means that in normal mode the system will boot all the way to the
OS before shutting down.
In developer or recovery modes, the BIOS screens will still check for
shutdown requested and shut down if so. This is necessary in
developer mode for security reasons, and because there's no guarantee
that a dev OS will still pay attention to the lid switch.
BUG=chrome-os-partner:17521
BRANCH=spring
TEST=make runtests; unit tests pass
Change-Id: I0698b659ad0febcf73043f1e8c5b98681c1bc5ba
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/58109
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Integrates the FTS driver into cgpt. This driver is binary-format compatible
with the linux driver for interoperabiilty. The cgpt changes load & store a
hex-encoded mtd partition table in the FTS; we need some sort of encoding
because FTS only stores NUL-terminated strings.
Currently, the mtd code paths aren't executed in cgpt, only in the tests. It's
also not hooked up to the vboot code yet, we will need to do that eventually.
BUG=chromium:221745
TEST=new unit test added
BRANCH=none
Change-Id: I94eb0389d29aca0beb9d9a644465c7d86161b3c2
Original-Change-Id: I9fe2fa91b666572563426adb8fa9d426f9b60bbf
Reviewed-on: https://gerrit.chromium.org/gerrit/46796
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
Reviewed-by: Albert Chaulk <achaulk@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/49789
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The tpmc utility is failing to build with:
MOCK_TPM=1 emerge vboot_reference
Because some functions are not exported by the
mocked_tlcl library. This commit adds mocked
functions for TlclPacketSize() and TlclSendReceive()
BUG=chrome-os-partner:19263
BRANCH=none
TEST=manual: MOCK_TPM=1 emerge-fox_wtm2 vboot_reference
Change-Id: Iaf4c2dff78272c41572e3b89444346a03be35fbe
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/50225
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Defines MTD on-disk structures & API in mtdlib.h/c that closely mirrors
the existing cgpt implementation. Currently, the disk structures do not
contain guids or labels, and the number of available partition types and
quantities are limited, exactly what we want to support should be decided
before we ship this.
Adds appropriate test coverage to the unit test library - either by modifying
existing tests, or copying them and changing them accordingly.
BUG=chromium:221745
TEST=added appropriate tests to the unittests
BRANCH=none
Change-Id: Iee19864498024c72229bc3c7811594fe762f52de
Original-Change-Id: I031eca69d6c8e825b02bd0522d57e92b05eb191a
Reviewed-on: https://gerrit.chromium.org/gerrit/46082
Tested-by: Albert Chaulk <achaulk@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/48793
Reviewed-by: Albert Chaulk <achaulk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In recovery mode we ignore all TPM errors.
Just a comment change; no code change.
BUG=none
BRANCH=none
TEST=build vboot
Change-Id: I43ed89d0d38347b55e1f6e17b712814f9b972156
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/47747
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reduces the number of exported header files to the minimum needed by
the existing userspace utilities and firmware implementations.
BUG=chromium:221544
BRANCH=none
TEST=manual, trybots
CQ-DEPEND=CL:47019,CL:47022,CL:47023
sudo FEATURES=test emerge vboot_reference
FEATURES=test emerge-$BOARD \
vboot_reference \
chromeos-cryptohome \
chromeos-installer \
chromeos-u-boot \
peach-u-boot \
depthcharge
Change-Id: I2946cc2dbaf5459a6c5eca92ca57d546498e6d85
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/47021
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These were macros that were never used, or that were only set to one thing and
could be substituted up front.
I left in code guarded by the HAVE_ENDIAN_H and HAVE_LITTLE_ENDIAN macros even
though those are never defined because they guard a reportedly significantly
faster implementation of some functionality, at least according to a comment
in the source. It would be a good idea to enable that code path and see if it
really does make a big difference before removing it entirely.
BUG=None
TEST=Built for Link, Daisy, and the host with FEATURES=test. Built depthcharge
for Link and booted in normal mode.
BRANCH=None
Change-Id: I934a4dd0da169ac018ba07350d56924ab88b1acc
Signed-off-by: Gabe Black <gabeblack@google.com>
Reviewed-on: https://gerrit.chromium.org/gerrit/45687
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Gabe Black <gabeblack@chromium.org>
Tested-by: Gabe Black <gabeblack@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These are no longer necessary.
BUG=None
TEST=Built for Daisy, Link, Lumpy.
BRANCH=None
Change-Id: I8db7dde1ba52bd5cf1881481ef6a502a5b509439
Signed-off-by: Gabe Black <gabeblack@google.com>
Reviewed-on: https://gerrit.chromium.org/gerrit/45686
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Gabe Black <gabeblack@chromium.org>
Commit-Queue: Gabe Black <gabeblack@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's no longer necessary and adds complexity.
BUG=None
TEST=Built vboot_reference (with FEATURES=test), chromeos-u-boot, depthcharge,
chromeos-factory, chromeos-factoryinstall, chromeos-initramfs, and
chromeos-cryptohome for daisy, lumpy, link, alex, and fox_wtm2 where
applicable. Built vboot_reference for the host.
BRANCH=None
Change-Id: Ic2d70b92b25d57fd9ca1d9ad47d9889f6adc85e7
Signed-off-by: Gabe Black <gabeblack@google.com>
Reviewed-on: https://gerrit.chromium.org/gerrit/45685
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Gabe Black <gabeblack@chromium.org>
Tested-by: Gabe Black <gabeblack@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Strncat() looks almost like strncat(), but it's completely different. Change
the name to reduce confusion.
Also fix a place where strncat() was misused anyway.
BUG=none
BRANCH=all
TEST=manual
sudo FEATURES=test emerge vboot_reference
FEATURES=test emerge-$BOARD vboot_reference
Change-Id: I39c30d391aa6566ec67461462e800720ade66a91
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/44572
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This structure, like RollbackSpaceFirmware in my previous CL, contains members
that are inherently unaligned. This breaks when the machine running vboot
cares about alignment. Like before, I'm using Memcpy to avoid the direct
unaligned accesses.
BUG=chrome-os-partner:17340
TEST=Built and booted into depthcharge on Snow. Without this change, there's
an unaligned access in RollbackKernelRead. After this change, the unaligned
access goes away and vboot gets at the kernel version successfully.
BRANCH=None
Change-Id: Ifcdcee1ab4bbce74d05e563cb82bef73a1aa9a84
Signed-off-by: Gabe Black <gabeblack@google.com>
Reviewed-on: https://gerrit.chromium.org/gerrit/44503
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Gabe Black <gabeblack@chromium.org>
Tested-by: Gabe Black <gabeblack@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This structure has two uint8_t members and then fw_versions which is a
uint32_t. That means that fw_versions is 32 bits wide but only has 16 bit
alignment, and architectures that care about that sort of thing won't be able
to access it. ARM generally cares about alignment, but there's a bit which
lets you select whether 32 bit accesses can be unaligned. In the past this bit
was ignored, and because this is a 32 bit data type the right load happened to
be used.
To avoid the unaligned access all together, this change makes vboot use Memcpy
to access fw_versions. The number of accesses should be very small so the
overhead should be minimal.
BUG=chrome-os-partner:17340
TEST=Built and booted depthcharge on Snow. Without this change, there was an
unaligned exception during SetupTPM when the fw_versions member was accessed
as part of a VBDEBUG call. With this change, the exception went away and the
TPM was initialized successfully.
BRANCH=None
Change-Id: I1ed705f2de450c65f986c1c7ba30da15c0150f74
Signed-off-by: Gabe Black <gabeblack@google.com>
Reviewed-on: https://gerrit.chromium.org/gerrit/44499
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Gabe Black <gabeblack@chromium.org>
Tested-by: Gabe Black <gabeblack@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes it more obvious which modules and VbEx*() functions must be
implemented to call these entry points.
This change only moves functions between modules and adds two
link-test binaries; it doesn't change any functionality.
BUG=chromium-os:39262
BRANCH=none
TEST=make && make runtests
Change-Id: If3edf0b1989b631f0e7ad18de7ccdad8315181b5
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/44076
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The rollback_index.c file uses a macro RETURN_ON_FAILURE which creates
a locally block-scoped variable named 'result'. However, when built with
-Wshadow -Werror the compile will break because the 'result' variable
will shadow the one function scoped variable. Fix this warning by
changing the variable name from 'result' to 'result_' in
the RETURN_ON_FAILURE macro.
BUG=chrome-os-partner:17695
BRANCH=None
TEST=built fwlib with -Werror -Wshadow. Compiles correctly.
runtests still passes as well.
Change-Id: I9fedef5567411beacdc1c0b8ed182573601f24aa
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/44044
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
VbHWID() returns a fixed string which can also be a returning a
string that lives in the read only text segment or read only flash.
Because of this the compiler will rightfully error when built with
-Werror and -Wwrite-strings because the const qualifier is being
ignored. Correct this and the ripple effect in VbRenderTextAtPos().
VbRenderTextAtPos() should be using constant strings anyhow.
BUG=chrome-os-partner:17695
BRANCH=None
TEST=built fwlib with -Werror -Wwrite-strings. Compiles correctly. make
runtests still passes as well.
Change-Id: Id03a783d2d9b5de4cc3b3ce0fa6d74934751cca4
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/44043
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the fwlib is built with -Wmissing-prototypes and -Werror
there build breakages that occur. Fix these errors by either
including the header file with the correct declaration or provide
the declaration at the top of the c files for global symbols that
are used by tests.
BUG=chrome-os-partner:17695
BRANCH=None
TEST=built fwlib library with -Wmissing-prototypes and -Werror. Also
'make runtests' still passes.
Change-Id: I992516ee2545509054887173bc65234905381e06
Signed-off-by: Aaron Durbin
Reviewed-on: https://gerrit.chromium.org/gerrit/44042
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Aaron Durbin <adurbin@chromium.org>
Tested-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously,
1) AP-RO, EC-RO -> checked
2) AP-RW, EC-RO transition to EC-RW -> checked
3) AP-RW, EC-RW already -> NOT checked
Now, (3) calls VbExIsShutdownRequested() as well.
This fix is needed to avoid inconsistent behavior of software sync
after we ship a RW update.
Whether we *should* actually shut down or not based on how/why we
booted is a separate issue to be addressed by the U-boot
implementation of VbExIsShutdownRequested() in a separate CL.
BUG=chromium-os:38645
BRANCH=all
TEST=make runtests
Manual testing also possible - force AP-RW firmware, then reboot with
lid closed. Previously, the first boot would shut down because of
(2), but subsequent reboots of the AP only wouldn't because of (3).
Change-Id: I226202f48d793b88a30ffa62731de878f8c22315
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/43044
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:38139
BRANCH=none
TEST=make runtests && FEATURES=test emerge-daisy vboot_reference
Change-Id: I28cd31f995f078d1715acaeaccce6e864930a986
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/42846
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:38139
BRANCH=none
TEST=make runtests && FEATURES=test emerge-daisy vboot_reference
Change-Id: Ib280b80ba707f8a2141d728f78ae296774b1301a
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/42669
|
| |
|
|
|
|
|
|
|
|
|
|
| |
No code changes, just reformatting.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: Ibffadf6c8a5911b79a29f8f554ca00c595f6b27b
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/42624
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This removes the need to load the EC code at all when the precomputed
hash matches.
BUG=chrome-os-partner:17606
BRANCH=spring
TEST=wouldn't that be nice
Change-Id: If4438b9db8b1449b8fd4d90ef3acb3bbec5e09a0
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/42567
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's no need to give execute permissions to files that aren't supposed to
executed.
BUG=none
BRANCH=none
TEST=manual
make runtests
Change-Id: I2480b97b39124e98c2f639d56be54cadfdc17f9b
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/42648
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is used by vboot to retrieve the precomputed hash of the expected
EC image, which requires reading less data from EEPROM than getting
the entire EC image.
BUG=chrome-os-partner:17606
BRANCH=spring
TEST=none; just a new API not used yet
Change-Id: I226643144280acabba147d345ef1f83a77a91fbc
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/42566
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
No code changes, just reformatting.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: I0adb8044ff79a1653a5093ba24934d87b142c9b7
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/42565
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
No code changes, just reformatting.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: Ib8748df93c64395c88e1f789805393fcfe3ac419
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/42397
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
No code changes, just reformatting.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: Id690c8334147970784db5ac54933ad1f5a58dcc1
Reviewed-on: https://gerrit.chromium.org/gerrit/42263
Tested-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Randall Spangler <rspangler@chromium.org>
|
