| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clang is diagnosing implicit fallthrough in C code
past https://reviews.llvm.org/rL369414.
Detect the support for the fallthrough attributes in gcc/clang
and enable it as VBOOT_FALLTHROUGH (copied from boringssl).
This is needed to fix ToT clang builds.
Note: GCC apparently does not diagnose fallthrough to another case
with break but clang does (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91432).
And clang does not detect the fallthrough based on code comments.
Bug: chromium:997709
Test: CQ
Change-Id: Id8b4be4deabca2d0f1b2efd80efa72a485a5dc8c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1772474
Tested-by: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Patrick Georgi <pgeorgi@chromium.org>
Commit-Queue: Manoj Gupta <manojgupta@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Minor but Coverity Scan noticed it.
BUG=none
BRANCH=none
TEST=none
Change-Id: I08e889f8515681e4065b0c93180aec4d083c5012
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1771971
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Patrick Georgi <pgeorgi@chromium.org>
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none
Change-Id: Id97f544da845f7070555e5e8cc6e782b2d45c300
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1758151
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'incompatible key' error message added the new line in wrong
location, causing the message to be truncated unexpectedly.
We should put the line break after whole message (including URL) is
printed.
BUG=None
TEST=make runfutiltests
BRANCH=None
Change-Id: Ic74da1c2657b9517dce786a72435275e7141348c
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1763968
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is possible for load_firmware_image() to fail, in which case there
will be a null pointer dereference of image.data in find_gbb(). Prevent
this by returning early if load_firmware_image() fails.
BUG=none
TEST=make clean && make runtests
BRANCH=none
Change-Id: If60fdff2f3a39f07ef0b1e87f0800ac4fb8d5895
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 198902
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1752522
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace vboot1-style VBERROR_SUCCESS with VB2_SUCCESS
(trivial change since both are equal values).
BUG=b:124141368, chromium:988410
TEST=make clean && make runtests
BRANCH=none
Change-Id: I46e02471a031e9f36ec869d11d0b957d1c1b5769
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1728114
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1722915
Commit-Queue: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To make explicit when vboot2 error codes should be returned,
use the new vb2_error_t type on all functions which return
VB2_ERROR_* constants.
BUG=b:124141368, chromium:988410
TEST=make clean && make runtests
BRANCH=none
Change-Id: Idd3ee8afe8c78347783ce5fa829cb78f1e5719e2
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1728113, chromium:1728499
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1728292
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove unused BDB code, previously created for a cancelled SoC
project.
BUG=b:124141368, chromium:986177
TEST=make clean && make runtests
BRANCH=none
Change-Id: I91faf97d9850f8afb816fa324ad9a4d9f3842888
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1710336
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, a mix of:
- DIE
- Fatal (customly defined in cmd_vbutil_kernel.c)
- VbExError
... were all used to print an error message and exit.
In the case of futility, standardize on using the FATAL macro
defined in futility.h.
BUG=b:124141368
TEST=Check that FATAL works correctly:
$ build/futility/futility vbutil_key --in a --out a --algorithm 18
FATAL: do_vbutil_key: Unknown option
TEST=make clean && make runtests
BRANCH=none
Change-Id: I97ca1153dc36e7208c69185883518c52d5d75293
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1679799
Commit-Queue: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none
Change-Id: Iff20dcc3aa47bfa29776609e5b352ea464c18241
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1680189
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace old vboot1-style Min macro with VB2_MIN,
and relocate tests accordingly.
BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none
Change-Id: I73d630147eaf23f97dd750769fb1e911dae01848
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1675866
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When testing updater behavior with emulation (--emulate), there was no
way to know if EC and PD images were correctly found from archive and
expected to be flashed (for example if we want to test the difference
between modes).
Since we do flash EC/PD in recovery and factory modes, it is better
to still allow loading EC/PD images, and simply not writing them
(and print some messages as indication) in emulation.
BUG=chromium:965092
TEST=make runfutiltests
BRANCH=None
Change-Id: I3bbbd75cb8adf2e238a593d3dee0b2491abe7719
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1626190
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Dana Goyette <dgoyette@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No one is using this, so drop the dependency.
BUG=chromium:978563
TEST=cq passes
BRANCH=None
Change-Id: I50595675f7f24f8af06a5a8ec3de21690e2ecb34
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1677105
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The ME unlock needs a different pattern for these devices.
BUG=b:135216986
BRANCH=none
TEST=test update from unlocked to locked image on sarien
Change-Id: I928ee3de522937d5b972daaec4460dcc731b495e
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1659534
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Move vb2_packed_key from vb2_struct.h to 2struct.h
* Move vb2_verify_member_inside from lib20/common.c to 2common.c
* Move vb2_packed_key_data and vb2_verify_packed_key_inside from
lib20/packed_key.c to 2packed_key.c
* Relocate tests accordingly
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Change-Id: I6a9338ffdb640aad071941c3768427e15cd2aa93
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1642773
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When booting off of a 4kb device, depthcharge gets upset when reading
the main kernel blob (after reading a 64k chunk initially) because
the total size is not an even number of 4k sectors. Most of the parts
of the kernel blob are rounded up to 4kb, except for one.
Align the whole image up to 4kb so that it's an even number of sectors
on a 4kb device.
BUG=b:134061077
BRANCH=none
TEST=Boot off a UFS card
Change-Id: Iffa93cccd2b5902161fb373efb37f7414e816455
Signed-off-by: Evan Green <evgreen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1641958
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In CL:1601678, few logging messages were not properly converted:
- STATUS should add \n
- INFO and WARN should not need __FUNCTION__
BUG=None
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ib01d9319815a5fbb579e49391fc4bff9d61ca214
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1626189
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Deprecate internal usage of GoogleBinaryBlockHeader struct in
favour of vb2_gbb_header struct. Keep the v1 struct around until
we remove references in other repos.
BUG=b:124141368, chromium:954774
TEST=make clean && make runtests
BRANCH=none
Change-Id: I396d2e624bd5dcac9c461cc86e8175e8f7692d26
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1583826
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2common.h contains code which should be internal to vboot.
Most notably of which is 2struct.h, which contains
the vb2_shared_data data structure.
BUG=b:124141368, chromium:956474
TEST=make clean && make runtests
BRANCH=none
Cq-Depend: chromium:1587981, chromium:1599567, chromium:1610164
Change-Id: I712f51915bb9b0b03dce558e2b843eb83662f434
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1583819
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a bunch of more warnings that are already enabled in
coreboot and thus already enabled for firmware builds anyway (because
coreboot just passes its CFLAGS through). Enabling it in the vboot
Makefile means they also apply to host utilities and tests, which sounds
desirable for consistency.
Fix enough of the cruft and bad coding practices that accumulated over
the years of not having warnings enabled to get it to build again (this
includes making functions static, removing dead code, cleaning up
prototypes, etc.).
Also remove -fno-strict-aliasing from the x86 firmware build options,
because it's not clear why it's there (coreboot isn't doing this, so
presumably it's not needed).
BRANCH=None
BUG=None
TEST=make runtests
Change-Id: Ie4a42083c4770a4eca133b22725be9ba85b24184
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1598721
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The firmware updater introduced its own logging macros, but the rest of
futility already used a (smaller) set of macros previously. Unify the
two so that all parts of the binary use the same system.
Note that the same debug output infrastructure can (and already could
before this patch, although it was less obvious) be enabled with both
futility --debug update and futility update -d. This is a bit weird but
shouldn't really hurt and I presume we may want it for backwards
compatibility in the updater.
BRANCH=None
BUG=None
TEST=make runtests
Change-Id: I8b7c1677bcef9e9772ee666c72958d27139b36a2
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1601678
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes the code displaying vboot screens using bitmap
and layout data stored in GBB. bmpblk_utility, and futility
support for BmpBlock is also removed.
BUG=chromium:622501,chrome-os-partner:54619,b:124141368
BRANCH=none
CQ-DEPEND=CL:373123
TEST=Verified screens on eve && emerge-eve chromeos-bootimage &&
make runtests
Change-Id: I1a8dd8ff0162965e81df121d5a87ea64310a0854
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/367882
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For options only available in long-form (--something), we should encode
using enum OPT_SOMETHING instead of random characters.
Also added dummy --update_ec, --update_pd, and --check_keys because
getopt* needs to have them explicitly defined (while the original
shflags will generate both --cmd and --nocmd automatically).
BUG=chromium:943262
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I701d88f6f5c346581651ed4f8bf004203672e209
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1569145
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CCD via Servo v4 or SuzyQ-like cables is becoming more popular so more
developers want to flash firmware with that, and it seems better to
have one short cut
'--ccd' instead of always typing '--wp=0 --force --fast -p raiden_debug_spi'.
BUG=None
TEST=make futil; build/futility/futility update --ccd -i image.bin -v
BRANCH=None
Change-Id: I0ca8c49a46cc5f8f87fb4dc1936ac9eb0a889baa
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1564235
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When flashrom execution failed, it is not very easy to debug what went
wrong especially when loading system active firmware (-r).
The log may say SUCCEED (or no obvious error) and updater simply reports
failure. Reporting the returned termination status should help.
BUG=chromium:943262
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I4ea09b3d62ebf77eda98084accac582f841e7f7a
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1545590
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When write protection is not enabled and updater sees TPM Anti-Rollback
failure, the log will only report TPM failure (example: crbug.com/937961).
This is hard to figure out if the failure was caused by re-key or other
reasons.
In try-rw and rw update, the updater will always check rootkey
compatibility before checking TPM anti-rollback, so we should do the
same thing on full update (RO+RW). With this change, the updater will
report key mismatch before failing with TPM anti-rollback.
BUG=chromium:937961
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I2f035450995387b198f990467e4f416e6c7b746e
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1514007
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We are recently seeing more and more issues that mosys on early build of
devices can't report model properly and caused recovery to fail.
For single-model manifest, the updater used to double check if "mosys
platform name" matches the single model name for unibuild devices
(non-empty signature_id); however this is not really necessary since we
have other platform checks and key checks.
Remove the check and always return the single model to simplify
development in early stage.
BUG=None
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I1bb901dc9661623cd1161dde6ee4573c5da958a7
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1513997
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
coreboot uses the C preprocessor on its linker scripts to
allow evaluation of macros when defining memory layout.
Move constants from 2api.h to an independent file in order
to allow for coreboot to use these constants in its memlayout
file, without needing to include the entire vboot API.
Note this commit creates two new header files:
- firmware/2lib/include/2constants.h: contains the constants
- firmware/include/vb2_constants.h: externally importable header
Also, rename VB2_WORKBUF_RECOMMENDED_SIZE to
VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE for clarity.
BUG=b:124141368, b:124192753
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
BRANCH=none
Change-Id: Id17c6955b67e51cb048b10b4be0901c0e9110a1f
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1504490
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Unibuild, the white label models may use (per model) PreMP key for
devices without VPD 'whitelabel_tag' - this helps dogfooders and lab
machines to run and update properly.
BUG=b:126800200
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=none
Change-Id: I7249e3fb1a2b7ab8ed281d2aa317aee6cde8f8db
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1501614
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Futility has two debug facilities: the Debug() function that can be
enabled by passing --debug on the command line, and the VB2_DEBUG()
macro (mostly in common code from the firmware/ directory that it
includes) which can only be enabled by passing DEBUG=1 at build time.
This is confusing and inconvenient, since you don't always want to
rebuild futility whenever you need that extra debug output and it's not
very obvious that you can get even more debugging beyond just passing
--debug.
This patch resolves the inconsistency by merging both facilities
together into a single VB2_DEBUG() that is output when passing --debug.
In order to make this work, we'll have to move the VBOOT_DEBUG #define
so that it only affects the stub implementation of vb2ex_printf(), and
any caller overriding the stub is in charge of their own destiny. This
should be okay since callers can still individually implement debugging
policy in their versions of vb2ex_printf() if they want to. (This may
have been useful to cut down the binary space for debugging strings, but
our firmware has always been unconditionally enabling VBOOT_DEBUG in the
past years, so that doesn't seem to be very important in practice.)
BRANCH=None
BUG=None
TEST=Ran futility --debug show, noticed I got all the extra keyblock
verification debug output I always wanted.
Change-Id: I9a5c205fc3673941b50f03f2a967b1be110a1555
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1504140
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many projects started their initial builds without knowing that some
sections must be preserved when being updated. This may be solved by
adding section name to 'preserved' list in firmware updater (for
instance, CL:1239797), or include that section as sub area of
{RO,RW}_PRESERVE.
However, there are problems in both solutions. For example, installing
an older image will run old updater, which will not preserve the new
names. Also, if there are multiple sections must be preserved (and not
contiguous - see CL:1493629) there will be problems. Additionally,
changing FMAP layout usually causes more problems.
As a result, adding the description in FMAP area would be the better
idea. A new FMAP_AREA_PRESERVE suggests firmware updater to preserve
a section if possible. In Coreboot, this can be easily set in *.fmd
using flag (PRESERVE). See https://review.coreboot.org/31709 for
example.
BUG=chromium:936768
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ie56f65dd418faa97ffb78b1acff613e7d7e268b8
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1495054
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In RO+RW update mode, we only check if the system will be doing re-key.
However, as Unibuild and White-label are becoming more popular today,
this may not be true when signer config has something wrong, or if the
patching of rootkey/vblock is broken.
As a result we should also check if the target image is looking good
before proceed to update in recovery mode.
BUG=b:126931606
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=none
Change-Id: I16c2f9b4fd886e15414de8fda7bd41813f3f8d83
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1496678
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On a full firmware update we need to preserve these regions:
SI_GBE contains the unique MAC address for the system
SI_PDR contains data from the factory and diagnostics
BUG=b:126637087
BRANCH=none
TEST=futility update image-sarien.bin
Change-Id: I2981c8cc478617029934ef3fbdb1c446c858fad8
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1493629
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many firmware developers will try to flash a local built firmware (i.e,
DEV key signed) on a MP device (with write protection enabled).
The updater used to provide feedback like:
ERROR: verify_keyblock: Failed verifying key block.
INFO: Current (RO) firmware image has root key: ade780ffd0...732867181bae
WARNING: Target (RW) image is signed by rootkey: b11d74edd2...e1135b49e7f0.
ERROR: RW not signed by same RO root key
>> FAILED: Firmware updater aborted.
This is correctly identifying the root cause, but not helpful for
developers to figure out what to do, and may be confused with the DEV
re-key safety check (which needs --force).
Also, when developers try to do "--mode=factory --force", the message
was:
updater_setup_config: Factory mode needs WP disabled.
Where the 'WP' is again not clear enough.
With this change, we're improving the error messages so that:
- Being consistent on 'root key' instead of 'rootkey'.
- Being consistent for having period for error messages, except those
ended with root key hash (for easier copy-paste).
- Say 'Write Protection' instead of 'WP'.
- When re-keying with WP enabled, print a better hint:
"To change keys in RO area, you have to first remove write protection
(https://goo.gl/ces83U)."
BUG=None
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=none
Change-Id: Ia74d7b113766d09428a4d0897918b4f17b4afae7
Reviewed-on: https://chromium-review.googlesource.com/1465709
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Matthew Blecker <matthewb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Starting from GBB 1.2, a digest is stored in GBB and must be updated
whenever the HWID string is changed.
In shell script version of updater, the digest is automatically updated
when we do "futility gbb -s --hwid=XXX", but in native updater
implementation we only updated the HWID string and left digest
unchanged, this leaves devices generating wrong PCR1 values.
`cmd_gbb_utility` updates the digest by calling `update_hwid_digest`
using vboot1 structure, so we should introduce a new vboot2 friendly
function, `vb2_change_hwid`, which changes both HWID string and digest
at same time.
Note this has no impact for end user's devices with write protection
enabled. Only changes dogfood units AU results.
BUG=b:122248649
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=none
Change-Id: I6ad2754e6df3c9dd66d71c560a2afc26d14eae33
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1411932
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using 'futility update' with Servo Micro or CCD, the programmer is
pretty slow that every invocation of flashrom would take a very long
time, so re-reading firmware contents when writing (flashrom -w) seems
redundant. For such usage, a '--fast' would be helpful that
- Uses the last read image (image_current) as --diff
- Add --noverify
BUG=None
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I1ad57185160a082ea6b5c94b837a4d3ba708b587
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1375495
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A special Snow RO firmware had been released and would break existing
platform check: 'Google_Snow_Rev4.2695.128.0'. As a result, we want to
bypass platform check in quirk 'daisy_snow_dual_model'.
BUG=chromium:917581
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I10b0e4c2b8a11faff979b4add368f342a72a6cec
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1390083
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In quirk daisy_snow_dual_model, after RO is preserved the actual RO
version should be updated as well from current image. Without this,
reported version may look weird as RO=132, RW=117.
BRANCH=None
BUG=chromium:915013
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: I1bc6c47a8bd548265fd654dae6ab2a5971d59a1c
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1383631
Reviewed-by: Duncan Laurie <dlaurie@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The firmware updater archive is going to rename the prefix of host (AP)
firmware image from 'bios' to 'image' (CL:1318712), to be more
consistent with firmware package output. We need to include both old and
new names in updater manifest construction.
For --mode=output, we will produce both 'bios.bin' and 'image.bin'. In
future there should be only 'image.bin' after migration is completed.
BUG=b:65745723
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I8b7e3bc2953b70525fb14fcf6aadaf6d1e00e4aa
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1327862
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename "smm store" to "smm_store".
Depends on CL:1351857.
BUG=b:120060878
TEST=None
Change-Id: Iae511ecdc6d918d06218de1b651b1e5e3821d2f1
Reviewed-on: https://chromium-review.googlesource.com/1351178
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For developers running a local build on white label models, currently
the chromeos-firmwareupdate will always fail if VPD `whitelabel_tag` is
set because the `keyset/` folder does not exist (which was created by
signer bot).
Developers in this case usually don't really care about which key to use
and will be happy with the default (DEV signed) keys, also the key
compatibility will be still checked later, so we can skip the white
label patching if no keyset folder, which would allow developers getting
same experience on WL and non-WL devices.
BUG=b:120268135
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I3992301ff4c406096e11e1ae8129f2f68b2319b5
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1356688
Reviewed-by: C Shapiro <shapiroc@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The firmware name for Veyron devices are Google_Veyron_XXX and we have
to correct the names in quirks database.
BUG=chromium:910085
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I3bf3bbb32fe90ebf370c1bc51c54d0280ddb7e98
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1354147
Reviewed-by: Youcheng Syu <youcheng@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"Model '%s' is not defined in manifest." is not very easy to understand
for people who are debugging devices in early stages. We should provide
better instructions. For example, running with Coral updater will now
show:
ERROR: manifest_find_model: Cannot get model name.
You are probably running an image for wrong board, or a device in early
stage that 'mosys' command is not ready, or image from old (or factory)
branches that Unified Build config is not updated yet for 'mosys'.
Please check command 'mosys platform model', which should output one of
the supported models below:
unprovisioned_meep sparky orbatrix unprovisioned_fleex grabbiter bobba
unprovisioned_bobba mimrock fleex meep yorp phaser360 sparky360 phaser
bobba360 unprovisioned_phaser bip
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ib17fcb654d1530b94c44cf21aaa28717841f11ed
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1351171
Reviewed-by: Cheng-Han Yang <chenghan@chromium.org>
Reviewed-by: Ting Shen <phoenixshen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In auto update and recovery, the firmware updater was executed with both
stdout and stderr logged. However, the logs usually comes with all stderr
first then all stdout. This makes it harder to debug because the
messages logged in out of order.
TO solve that, few macros are introduced:
INFO: for useful information.
STATUS: the most common information, usually comes with a prefix code.
And all messages should now go to stderr except the final execution
result (and those output commands, for example --manifest).
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
CQ-DEPEND=CL:1345250
BRANCH=None
Change-Id: Ie0dc6594ece10e7e15caf9c36353e2b3ec8754c5
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1345611
Reviewed-by: Youcheng Syu <youcheng@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There were devices shipped as "only device" (no key set) and then became
one of the "white label" family. This is now no longer valid on newer
devices but we have to support the legacy ones, for example Reks.
BUG=chromium:906962
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I437be08726ab2c46229062689bf765ac6837ca5d
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1345610
Reviewed-by: Youcheng Syu <youcheng@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There may be quirks needed during image archive setup (for example
loading white label tags) so we have to move quirks setup to some
earlier place.
BUG=chromium:906962
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I1f6eddb0119c64098df75bad72809ba8366625c7
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1345609
Reviewed-by: Youcheng Syu <youcheng@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For dogfood devices, we usually will only re-key from DEV to PreMP, and then
PreMP to MP. It was found that for retail devices, if WP was disabled
(unintended), user may accidentally re-key to DEV keys if they (1)
recover with a DEV-signed image, or (2) received an AU that didn't have
right signing keys.
As a result, we want to make it harder when recovering to DEV keys.
BUG=chromium:894324
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Id3f7788e6c86d12b6e37b77818a1b4c2ceda1e2f
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1312596
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are devices, especially during or after RMA, may have WP states
not synced; for example
HW = 1
SW (AP) = 0
SW (EC) = 1
In this case, we can still update host firmware but not EC. This happens
more often on EC that needs an extra reboot to change WP states.
As a result, we do want to check real programmer again before updating
optional images.
BUG=chromium:902546
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I9a526cde19a1ab3c41afecb4f7247bd941edc3f4
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1322295
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If some system that firmware RW sections were damaged, the firmware
string may become '\xFF' (flash erased content). We do not want to see
that as version string, and this will help FAFT testing.
BUG=chromium:899901
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I947ec3c8286a022163abf01ae1d8ab5747aacf08
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1317050
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To simplify the migration plan, we want to support the legacy arguments
used by FAFT:
--noupdate_ec => --host_only
--noupdate_pd => --host_only
--nocheck_keys => --force
--update_main => ignore
BUG=chromium:882445,b:118509893
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I31652806085937fe5ca2f2facc7321021977cbb7
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1310253
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
