| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the new rollback info space value the node locked images base
needs to be enabled.
BRANCH=none
BUG=b:187438971
TEST=none
Change-Id: I78eafc72766947df81c9b6519bc13633423840d6
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2888711
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the gsc signer reads the contents of the payload it finds
out if it is a cr50 or ti50 chip. We write the chip type to a
.rename file next to the bin (which has a @CHIP@ in the path) so
that the signer can rename the artifact for placement.
Signed-off-by: George Engelbrecht <engeg@google.com>
BRANCH=None
BUG=b:179964270
TEST=local signer
Change-Id: I0600cb60bb614111802119293ba0c63f2b61c231
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2728736
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: George Engelbrecht <engeg@google.com>
Tested-by: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit bc2317695965bb92b8809d9c06327adedcb0653c.
The reason for revert is that the signer needs to know the generated
file name, and in case vboot reference alters the name the signer
remains unaware of the change and is still looking for the file named
@CHIP@...
Some other means of figuring out the file name will be required, let's
stick with the @CHIP@ prefix for now.
BRANCH=none
BUG=b:173049030
TEST=none
Change-Id: I23ea65314d49e86fc4edb015e89b6076f87a54dd
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2605238
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: George Engelbrecht <engeg@google.com>
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When processing Gsc image singing request the signing server is not
aware of which chip the image is being signed for, the output file
name includes the string @CHIP@ and it is the responsibility of the
actual signing scripts to figure out if the image is for Cr50 or Ti50.
The destination image type is determined based no the signing manifest
contents, this patch add code to replace @CHIP@ with the actual image
type.
BRANCH=none
BUG=b:173049030
TEST=invoked the script to sign a Ti50 image locally, verified that
the produced signed image file had the expected name.
Change-Id: Ib1534ce50e0a44d0ec014e8dbee4e4d85c2082c9
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2596695
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The major difference between Cr50 and Ti50 signing is that the RW
sections are represented differently: elf files in Cr50 case and ihex
files in Ti50 case.
Other differences include the produced signed final image size and the
offsets of the components in the final image.
The signing script is being updated to figure out all these
differences at run time. A new optional field is introduced in the
signing manifest, the 'generation'. If this field is absent or set to
'h' (for H1), the script proceeds with the Cr50 signing process. If
'generation' is set to 'd' (for D2), the script proceeds with the Ti50
signing process.
Instead of using fixed offsets into the final image, the base
addresses of the components in ihex format are used, the only fixed
value is the base address of the flash image in the chip address space
(0x40000 for H1 vs 0x80000 for D2).
To make this work for H1 the output format of the signed blob produced
by gsc-codesigner is changed from binary to ihex.
BRANCH=none
BUG=b:173049030
TEST=using this script and the signing_istructions.sh module produced
by the real Cr50 signer was able to produce functional images for
both Cr50 and Ti50.
Change-Id: I845be1101b09c9476fa27fbddb72607dc6cea901
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2570009
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the advent of D2 memory layout scheme it became impossible to
hardcode the base address of various components of the D2 firmware
image. Luckily, the components are represented as binary blobs in
Intel ihex format, which allows to retrieve the base address of the
component from the ihex records.
The address is composed of two elements: the segment base supplied in
the record type 02 or 04, and the record offset into the segment,
supplied in the data record of type 0.
The segment address is expressed as a 16 bit value, the actual value
shifted right either 4 bits (in case of record type 02) or 16 bits (in
case of record type 04). The data record offset is also a 16 bit
value.
The base address of the blob is calculated as
<segment address> + <first data record offset>
and is available from the first two records in the ihex module.
Detailed information of ihex file format can be found in
https://en.wikipedia.org/wiki/Intel_HEX .
BRANCH=none
BUG=b:173049030
TEST=with the next patch in the stack applied was able to successfully
build a multicomponent ti50 image.
Change-Id: I135c2f9960f1f218532c82bafd7acbe362414fc9
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2570008
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
This patch does not yet provide the ability to sign Ti50 images, but
prepares the signing scripts for further modifications to support a
variety of security chip signing flows.
BRANCH=none
BUG=b:173049030
TEST=verified successful signing of a Cr50 image in a test signer
setup
also created a functional Cr50 image invoking
sign_official_build.sh by hand.
Change-Id: Ic103c9fdf7d1c4ea160c7f6849d5ae5a8303c343
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2537078
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
|