| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Found by Coverity Scan
BUG=none
BRANCH=none
TEST=none
Change-Id: I2544a4e84ecadc262e08aaa4e6f056d710d807f5
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1771972
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Commit-Queue: Patrick Georgi <pgeorgi@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none
Change-Id: Id97f544da845f7070555e5e8cc6e782b2d45c300
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1758151
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'incompatible key' error message added the new line in wrong
location, causing the message to be truncated unexpectedly.
We should put the line break after whole message (including URL) is
printed.
BUG=None
TEST=make runfutiltests
BRANCH=None
Change-Id: Ic74da1c2657b9517dce786a72435275e7141348c
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1763968
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace old vboot1-style Min macro with VB2_MIN,
and relocate tests accordingly.
BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none
Change-Id: I73d630147eaf23f97dd750769fb1e911dae01848
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1675866
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When testing updater behavior with emulation (--emulate), there was no
way to know if EC and PD images were correctly found from archive and
expected to be flashed (for example if we want to test the difference
between modes).
Since we do flash EC/PD in recovery and factory modes, it is better
to still allow loading EC/PD images, and simply not writing them
(and print some messages as indication) in emulation.
BUG=chromium:965092
TEST=make runfutiltests
BRANCH=None
Change-Id: I3bbbd75cb8adf2e238a593d3dee0b2491abe7719
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1626190
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Dana Goyette <dgoyette@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Move vb2_packed_key from vb2_struct.h to 2struct.h
* Move vb2_verify_member_inside from lib20/common.c to 2common.c
* Move vb2_packed_key_data and vb2_verify_packed_key_inside from
lib20/packed_key.c to 2packed_key.c
* Relocate tests accordingly
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Change-Id: I6a9338ffdb640aad071941c3768427e15cd2aa93
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1642773
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In CL:1601678, few logging messages were not properly converted:
- STATUS should add \n
- INFO and WARN should not need __FUNCTION__
BUG=None
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ib01d9319815a5fbb579e49391fc4bff9d61ca214
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1626189
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Deprecate internal usage of GoogleBinaryBlockHeader struct in
favour of vb2_gbb_header struct. Keep the v1 struct around until
we remove references in other repos.
BUG=b:124141368, chromium:954774
TEST=make clean && make runtests
BRANCH=none
Change-Id: I396d2e624bd5dcac9c461cc86e8175e8f7692d26
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1583826
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a bunch of more warnings that are already enabled in
coreboot and thus already enabled for firmware builds anyway (because
coreboot just passes its CFLAGS through). Enabling it in the vboot
Makefile means they also apply to host utilities and tests, which sounds
desirable for consistency.
Fix enough of the cruft and bad coding practices that accumulated over
the years of not having warnings enabled to get it to build again (this
includes making functions static, removing dead code, cleaning up
prototypes, etc.).
Also remove -fno-strict-aliasing from the x86 firmware build options,
because it's not clear why it's there (coreboot isn't doing this, so
presumably it's not needed).
BRANCH=None
BUG=None
TEST=make runtests
Change-Id: Ie4a42083c4770a4eca133b22725be9ba85b24184
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1598721
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The firmware updater introduced its own logging macros, but the rest of
futility already used a (smaller) set of macros previously. Unify the
two so that all parts of the binary use the same system.
Note that the same debug output infrastructure can (and already could
before this patch, although it was less obvious) be enabled with both
futility --debug update and futility update -d. This is a bit weird but
shouldn't really hurt and I presume we may want it for backwards
compatibility in the updater.
BRANCH=None
BUG=None
TEST=make runtests
Change-Id: I8b7c1677bcef9e9772ee666c72958d27139b36a2
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1601678
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When flashrom execution failed, it is not very easy to debug what went
wrong especially when loading system active firmware (-r).
The log may say SUCCEED (or no obvious error) and updater simply reports
failure. Reporting the returned termination status should help.
BUG=chromium:943262
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I4ea09b3d62ebf77eda98084accac582f841e7f7a
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1545590
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When write protection is not enabled and updater sees TPM Anti-Rollback
failure, the log will only report TPM failure (example: crbug.com/937961).
This is hard to figure out if the failure was caused by re-key or other
reasons.
In try-rw and rw update, the updater will always check rootkey
compatibility before checking TPM anti-rollback, so we should do the
same thing on full update (RO+RW). With this change, the updater will
report key mismatch before failing with TPM anti-rollback.
BUG=chromium:937961
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I2f035450995387b198f990467e4f416e6c7b746e
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1514007
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
coreboot uses the C preprocessor on its linker scripts to
allow evaluation of macros when defining memory layout.
Move constants from 2api.h to an independent file in order
to allow for coreboot to use these constants in its memlayout
file, without needing to include the entire vboot API.
Note this commit creates two new header files:
- firmware/2lib/include/2constants.h: contains the constants
- firmware/include/vb2_constants.h: externally importable header
Also, rename VB2_WORKBUF_RECOMMENDED_SIZE to
VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE for clarity.
BUG=b:124141368, b:124192753
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
BRANCH=none
Change-Id: Id17c6955b67e51cb048b10b4be0901c0e9110a1f
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1504490
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many projects started their initial builds without knowing that some
sections must be preserved when being updated. This may be solved by
adding section name to 'preserved' list in firmware updater (for
instance, CL:1239797), or include that section as sub area of
{RO,RW}_PRESERVE.
However, there are problems in both solutions. For example, installing
an older image will run old updater, which will not preserve the new
names. Also, if there are multiple sections must be preserved (and not
contiguous - see CL:1493629) there will be problems. Additionally,
changing FMAP layout usually causes more problems.
As a result, adding the description in FMAP area would be the better
idea. A new FMAP_AREA_PRESERVE suggests firmware updater to preserve
a section if possible. In Coreboot, this can be easily set in *.fmd
using flag (PRESERVE). See https://review.coreboot.org/31709 for
example.
BUG=chromium:936768
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ie56f65dd418faa97ffb78b1acff613e7d7e268b8
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1495054
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In RO+RW update mode, we only check if the system will be doing re-key.
However, as Unibuild and White-label are becoming more popular today,
this may not be true when signer config has something wrong, or if the
patching of rootkey/vblock is broken.
As a result we should also check if the target image is looking good
before proceed to update in recovery mode.
BUG=b:126931606
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=none
Change-Id: I16c2f9b4fd886e15414de8fda7bd41813f3f8d83
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1496678
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On a full firmware update we need to preserve these regions:
SI_GBE contains the unique MAC address for the system
SI_PDR contains data from the factory and diagnostics
BUG=b:126637087
BRANCH=none
TEST=futility update image-sarien.bin
Change-Id: I2981c8cc478617029934ef3fbdb1c446c858fad8
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1493629
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many firmware developers will try to flash a local built firmware (i.e,
DEV key signed) on a MP device (with write protection enabled).
The updater used to provide feedback like:
ERROR: verify_keyblock: Failed verifying key block.
INFO: Current (RO) firmware image has root key: ade780ffd0...732867181bae
WARNING: Target (RW) image is signed by rootkey: b11d74edd2...e1135b49e7f0.
ERROR: RW not signed by same RO root key
>> FAILED: Firmware updater aborted.
This is correctly identifying the root cause, but not helpful for
developers to figure out what to do, and may be confused with the DEV
re-key safety check (which needs --force).
Also, when developers try to do "--mode=factory --force", the message
was:
updater_setup_config: Factory mode needs WP disabled.
Where the 'WP' is again not clear enough.
With this change, we're improving the error messages so that:
- Being consistent on 'root key' instead of 'rootkey'.
- Being consistent for having period for error messages, except those
ended with root key hash (for easier copy-paste).
- Say 'Write Protection' instead of 'WP'.
- When re-keying with WP enabled, print a better hint:
"To change keys in RO area, you have to first remove write protection
(https://goo.gl/ces83U)."
BUG=None
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=none
Change-Id: Ia74d7b113766d09428a4d0897918b4f17b4afae7
Reviewed-on: https://chromium-review.googlesource.com/1465709
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Matthew Blecker <matthewb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Starting from GBB 1.2, a digest is stored in GBB and must be updated
whenever the HWID string is changed.
In shell script version of updater, the digest is automatically updated
when we do "futility gbb -s --hwid=XXX", but in native updater
implementation we only updated the HWID string and left digest
unchanged, this leaves devices generating wrong PCR1 values.
`cmd_gbb_utility` updates the digest by calling `update_hwid_digest`
using vboot1 structure, so we should introduce a new vboot2 friendly
function, `vb2_change_hwid`, which changes both HWID string and digest
at same time.
Note this has no impact for end user's devices with write protection
enabled. Only changes dogfood units AU results.
BUG=b:122248649
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=none
Change-Id: I6ad2754e6df3c9dd66d71c560a2afc26d14eae33
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1411932
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using 'futility update' with Servo Micro or CCD, the programmer is
pretty slow that every invocation of flashrom would take a very long
time, so re-reading firmware contents when writing (flashrom -w) seems
redundant. For such usage, a '--fast' would be helpful that
- Uses the last read image (image_current) as --diff
- Add --noverify
BUG=None
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I1ad57185160a082ea6b5c94b837a4d3ba708b587
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1375495
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A special Snow RO firmware had been released and would break existing
platform check: 'Google_Snow_Rev4.2695.128.0'. As a result, we want to
bypass platform check in quirk 'daisy_snow_dual_model'.
BUG=chromium:917581
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I10b0e4c2b8a11faff979b4add368f342a72a6cec
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1390083
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The firmware updater archive is going to rename the prefix of host (AP)
firmware image from 'bios' to 'image' (CL:1318712), to be more
consistent with firmware package output. We need to include both old and
new names in updater manifest construction.
For --mode=output, we will produce both 'bios.bin' and 'image.bin'. In
future there should be only 'image.bin' after migration is completed.
BUG=b:65745723
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I8b7e3bc2953b70525fb14fcf6aadaf6d1e00e4aa
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1327862
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For developers running a local build on white label models, currently
the chromeos-firmwareupdate will always fail if VPD `whitelabel_tag` is
set because the `keyset/` folder does not exist (which was created by
signer bot).
Developers in this case usually don't really care about which key to use
and will be happy with the default (DEV signed) keys, also the key
compatibility will be still checked later, so we can skip the white
label patching if no keyset folder, which would allow developers getting
same experience on WL and non-WL devices.
BUG=b:120268135
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I3992301ff4c406096e11e1ae8129f2f68b2319b5
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1356688
Reviewed-by: C Shapiro <shapiroc@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In auto update and recovery, the firmware updater was executed with both
stdout and stderr logged. However, the logs usually comes with all stderr
first then all stdout. This makes it harder to debug because the
messages logged in out of order.
TO solve that, few macros are introduced:
INFO: for useful information.
STATUS: the most common information, usually comes with a prefix code.
And all messages should now go to stderr except the final execution
result (and those output commands, for example --manifest).
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
CQ-DEPEND=CL:1345250
BRANCH=None
Change-Id: Ie0dc6594ece10e7e15caf9c36353e2b3ec8754c5
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1345611
Reviewed-by: Youcheng Syu <youcheng@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There were devices shipped as "only device" (no key set) and then became
one of the "white label" family. This is now no longer valid on newer
devices but we have to support the legacy ones, for example Reks.
BUG=chromium:906962
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I437be08726ab2c46229062689bf765ac6837ca5d
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1345610
Reviewed-by: Youcheng Syu <youcheng@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There may be quirks needed during image archive setup (for example
loading white label tags) so we have to move quirks setup to some
earlier place.
BUG=chromium:906962
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I1f6eddb0119c64098df75bad72809ba8366625c7
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1345609
Reviewed-by: Youcheng Syu <youcheng@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For dogfood devices, we usually will only re-key from DEV to PreMP, and then
PreMP to MP. It was found that for retail devices, if WP was disabled
(unintended), user may accidentally re-key to DEV keys if they (1)
recover with a DEV-signed image, or (2) received an AU that didn't have
right signing keys.
As a result, we want to make it harder when recovering to DEV keys.
BUG=chromium:894324
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Id3f7788e6c86d12b6e37b77818a1b4c2ceda1e2f
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1312596
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are devices, especially during or after RMA, may have WP states
not synced; for example
HW = 1
SW (AP) = 0
SW (EC) = 1
In this case, we can still update host firmware but not EC. This happens
more often on EC that needs an extra reboot to change WP states.
As a result, we do want to check real programmer again before updating
optional images.
BUG=chromium:902546
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I9a526cde19a1ab3c41afecb4f7247bd941edc3f4
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1322295
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If some system that firmware RW sections were damaged, the firmware
string may become '\xFF' (flash erased content). We do not want to see
that as version string, and this will help FAFT testing.
BUG=chromium:899901
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I947ec3c8286a022163abf01ae1d8ab5747aacf08
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1317050
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to make the firmware updater package more consistent file
contents (for example, we don't want time stamps, and better if the
files are always physically located in same order) we want to create and
manipulate the ZIP based package directly using updater.
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ie4c5aafe51f633729de2879c73bf7074a695151f
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1286173
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `programmer` cannot be decided in `load_firmware_image` and is always
specified (and managed) by an outer context, and should be preserved
even when we call `free_firmware_image`.
This helps reloading or removing loaded images at runtime.
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I22f698d4a7118197379e11556b18f70ecd023ca2
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1295209
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The legacy firmware updater can update explicitly only some type of
images by using `--[no]update_main`, `--[no]update_ec`,
`--[no]update_pd`.
Since software sync is introduced, usually it does not make sense to
only update EC or PD; instead the real request is to "ignore provided EC
and PD images and update only host".
The new `--host_only` argument provides an easy way to ignore images in
command line (`--ec_image`, `--pd_image`) and archives (`ec.bin`,
`pd.bin`).
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Idf403680880cd58a00867172ccec97fd60c1b826
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1295210
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
For backward compatibility, we need to support the 'output' mode in legacy
firmware updater. The output must select right files according to system
model, and apply all white label transform if needed.
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ib433647317fa97387aa4a7f8f2101b47e6ca2123
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1282084
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For white label devices, we have to select and patch key files (root key
and vblock) by VPD (`whitelabel_tag` or `customization_id`). The white
label tag VPD will be processed and converted to a "signature ID" for
key selection.
To support that, updater has to fetch current (system) image if the
matched model is following white label (so we can read VPD from it).
For developers who want to load and use particular files, they can use
--signature_id to override VPD values.
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I3630bae28d1a8493b56d0e5efd29f3c61a470379
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1278420
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For devices using Unified Build, we have to select and load images from
archive by model configuration (setvars.sh). The system model can be
retrieved by $(mosys platform model), but for developers who want to
simulate or get images for particular platform, a command line argument
--model is needed.
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I8f4a6735b34bc694a05808b001c7309623b2afa3
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1278419
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In RMA or factory reinstall flow, we will want to make sure device will
next boot into developer mode, which was usually enforced by GBB flags.
In updater4, this is done by updater using flags defined in target
image. We should keep same behavior.
BUG=b:117866155
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Idb6337d453d606dbf88b2a2b82961f21125b7fef
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1288211
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For white label projects, the firmware updater has to select correct
root key and corresponding vblock files per different LOEM. In Unified
build, multiple models may share same firmware base image, with
different key files (per OEM). As a result, we have to apply the key
files before using the firmware image files.
This change adds the "patch" information when building manifest, and
prints the correct key hash in `--manifest` mode.
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ib5e31af5262a0989a5a474d0683c83121f24cc78
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1270323
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The firmware updater packages used to rely on a pre-generated VERSION
file to report what files were included and their image versions. Its
format was hard to parse, and may be out-dated if people repack without
updating VERSION file.
The firmware updater today has the ability to read and parse version,
key hash, ... etc everything we need, so it seems more reasonable to
just let firmware updater scan updater package and print the information
in JSON format, so it will be very easy to fetch latest information.
To make sure the output is purely JSON, the start and end messages are
now sent to stderr instead of stdout.
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ifa468fbb3adf798c7931f015258e6c6ce93de993
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1260804
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We are going to have more command line arguments that must be passed to
updater_setup_config, and it is better to manage so many variables in a
struct.
Also, revised the order or argument processing so that simple settings
are now processed first, then complicated ones or those with dependency.
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I03ac036d26e49cdf924c03d6e86a272ce89fc2aa
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1265575
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A firmware update is usually released as a package with multiple images,
instructions, signed vblocks and other files. To work with that, a new
argument '--archive' is added.
The --archive accepts a directory or file, and will determine the
correct driver automatically. For resources (for example --image) in
relative path, updater should find files from archive.
Note in current implementation, only ZIP is supported for file type
drivers (and need the system to have libzip already installed).
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I6a91cbe73fb4ee203c5fa4607f6651a39ba854d5
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1253229
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No real function changes.
For incoming changes, we want to rename the shared functions to make it more
clear (and more consistent) in hot it was used, including:
- load_image: should be load_firmware_image(image, filename)
- free_image: should be free_firmware_image
- reload_image: should be reload_firmware_image
- load_system_image: should be load_system_firmware
- create_temp_file: should be updater_create_temp_file to make it more clear
it is created for updater (and deleted when updater has finished)
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I120e30b5a4c40ccce03e5f361734f2583476703a
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1270322
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When calling `asprintf`, if the return value is negative value then the
strp parameter is not allocated. Updater will need to call asprintf very
often in future, and we should abort immediately if asprintf can't
allocate buffer, since that implies either we are running out of memory,
or the system has gone very wrong.
Instead of writing if (asprintf(...) < 0) { ERROR(); return...}
everywhere, it seems easier to just add a macro and abort as exit(1).
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I8ea5f6c22dcc8225bc53fbd54b4b41a928f84910
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1260803
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`futility` used to print debug messages to stdout, but there is a side
effect that stdout may be buffered and then flush later than stderr.
For example, when calling futility via ssh, we will see flashrom
messages before any of futility's own messages.
Also, many people want to get flashrom verbose messages (-V).
With this change, when calling ERROR and DEBUG, we will always output to
stderr. This also enables better parameter type checking.
`-d` and `-v` both contribute to verbosity, that will be converted to
-V's when calling flashrom.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I1d22a8054fc43cdc5e6c7415e131cc9826fbff0c
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1251145
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"Can we make futility support stdin like flashrom? I typically flash with:
ssh root@DUT flashrom -p host - < foo.bin"
Yes we can:
ssh root@DUT futility update -i - < foo.bin
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ib1ee5d4c882620e3b6f56fd5e4692b4829cf025a
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1251141
Reviewed-by: Raul E Rangel <rrangel@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'SMM store' must be preserved during firmware update. On newer systems,
this can be done by preserving FMAP section 'SMMSTORE' (CL:1221210).
For Eve, the SMM store did not have its own FMAP section and needs to be
reserved by explicit cbfstool calls.
BRANCH=None
BUG=b:70682365
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: Ica043f51de0170b5c40f61d059437b9572025e2e
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1250464
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The target AUE for daisy_snow is 74 or even longer, so we need to get a
better solution to get rid of script based updater customization (and the
painful EXTRA list in updater configuration).
The new quirk 'daisy_snow_dual_model' is assuming the input firmware image
has both daisy_snow x8 and x16 firmware packed into a single image
(because in vboot1, RW_A is identical to RW_B), and will modify A/B
contents according to target system.
BRANCH=None
BUG=chromium:881034
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
# Provide a fake mosys and output both MP / MPx16 to:
futility update -i bios-snow-2695.132.117-rw.bin \
--quirks daisy_snow_dual_model --emu emu.bin --sys_props 0,0x0000,0
Change-Id: I8af1b6c3117a703aed4da59902aaecb1009101f2
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1239798
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For people running updater directly without the packaged firmware
updater (chromeos-firmwareupdate), it is easier if we identify the
quirks inside updater itself instead of the wrapper script.
This change enables getting "default quirks" by target image RO version
so we won't need to pack firmware images first.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I179227f7a829577dc9fe5deb085fdee1a738c070
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1245663
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There will be more and more board-specific quirks in future and we want
to put them together into a special module.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I4fd2ff5e2b2e891cbd3da8c9393c6fbdf7024c75
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1245645
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The creation and deletion of temp files can be managed in same context
where updater config lives.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ic1745d27a071047d4882b21905bd11e15b5632cd
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1245644
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the do_update back to cmd_update with better initialization. The
update.c now has few APIs to invoke the firmware updater without relying
command line processing.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I99f792bf902ed72e487242ac8872aec384783555
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1245643
|
|
|
The updater is getting more complicated and we may want to split into
few modules, for example "updater", "quirks", and "host".
The first step is to change cmd_update.c to updater.c (to preserve most
GIT history).
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Icae37db8720162130cf38767fec14a970cc9899d
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1245642
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
