summaryrefslogtreecommitdiff
path: root/scripts/image_signing
Commit message (Collapse)AuthorAgeFilesLines
* signer scripts: return an error when loading configs failfactory-3004.BMike Frysinger2012-10-053-3/+3
| | | | | | | | | | | | | | | | If we are given a config file that doesn't exist, return an error rather ignoring it. This way we don't accidentally give images a pass when we didn't properly test them. BUG=None TEST=`./security_test_image --board=x86-alex --baselines=/` now shows 3 failures rather than all pass BRANCH=None Change-Id: I9d130db05befaeac8fcca921f0e43f47c2461f9f Reviewed-on: https://gerrit.chromium.org/gerrit/34795 Reviewed-by: Ryan Cui <rcui@chromium.org> Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org>
* sign_official_build.sh: add an update payload operationMike Frysinger2012-09-261-0/+30
| | | | | | | | | | | | | | | This enables the signer script to sign update payloads. BUG=chromium-os:34521 TEST=`./sign_official_build.sh update_payload testcase.sha256 . foo` produced a signed foo file BRANCH=None Change-Id: I27a9de89e760427251538deec38161944388a152 Reviewed-on: https://gerrit.chromium.org/gerrit/33535 Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Don Garrett <dgarrett@chromium.org> Reviewed-by: Gaurav Shah <gauravsh@chromium.org> Commit-Ready: Mike Frysinger <vapier@chromium.org>
* Add CTRL-L in dev screen to support a "legacy boot option"Stefan Reinauer2012-09-201-0/+1
| | | | | | | | | | | | | | | | | | | | | This option is disabled per default and can be enabled with crossystem dev_boot_legacy=1 or by setting the GBB flag GBB_FLAG_FORCE_DEV_BOOT_LEGACY 0x00000080 BUG=chrome-os-partner:6108 TEST=crossystem dev_boot_legacy=1 boot to dev mode screen, press CTRL-L, see SeaBIOS start (other CLs needed) BRANCH=link Signed-off-by: Stefan Reinauer <reinauer@chromium.org> Change-Id: I593d2be7cff5ca07b8d08012c4514a172bd75a38 Reviewed-on: https://gerrit.chromium.org/gerrit/31265 Reviewed-by: Stefan Reinauer <reinauer@chromium.org> Tested-by: Stefan Reinauer <reinauer@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Commit-Ready: Stefan Reinauer <reinauer@chromium.org>
* scripts: Add the new GBB_FLAG_ENTER_TRIGGERS_TONORM usageTom Wai-Hong Tam2012-09-171-0/+1
| | | | | | | | | | | | | | | | | | This GBB_FLAG_ENTER_TRIGGERS_TONORM is new added for allowing Enter (default is Space) to trigger the TONORM screen. This flag is used by FAFT testing. Chage the usage of set_gbb_flags.sh to help an user. BUG=chrome-os-partner:12699 TEST=None. Trivial comment change. Change-Id: I8a1efa880627965570719f22dedfa0e31ab2d5f5 Reviewed-on: https://gerrit.chromium.org/gerrit/33404 Reviewed-by: Hung-Te Lin <hungte@chromium.org> Commit-Ready: Tom Wai-Hong Tam <waihong@chromium.org> Tested-by: Tom Wai-Hong Tam <waihong@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org>
* sign_official_build.sh: rename "install" to "factory"Mike Frysinger2012-09-121-2/+3
| | | | | | | | | | | | | | | | This lines up with the terminology that people have been using, and the valid types that can appear in signer instruction files. We keep around the old "install" so that other code continues to work. BUG=None TEST=None BRANCH=none Change-Id: I8d0d2ab4c0ae61f6bcdbcc24ec9796d9eabe386e Reviewed-on: https://gerrit.chromium.org/gerrit/33056 Reviewed-by: David McMahon <djmm@chromium.org> Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org>
* signing script: Resign just firmware body, not the entire sectionfactory-2848.BChe-Liang Chiou2012-09-041-6/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The signing script extracted firmware body sections FW_MAIN_{A,B} and resigned the whole section instead of just firmware body. As a result, read-only firmware spends more time loading read-write firmware from SPI flash. Since vblock has firmware body size information, signing script should retrieve it and use it to sign just firmware body. This may reduce boot time for ~560ms, depending on firmware image size, section size and SPI flash/bus throughput. Signed-off-by: Che-Liang Chiou <clchiou@chromium.org> BRANCH=snow,link BUG=chrome-os-partner:13094 TEST=For Snow (or boards that use cros_bundle_firmware), check that after resigning, VBLOCK_{A,B} and FW_MAIN_{A,B} are unchanged For Alex and ZGB, check that old and new resign_firmwarefd.sh generates identical output (Test for Snow; repeat for A and B) dump_fmap -x image.bin VBLOCK_A FW_MAIN_A mv VBLOCK_A VBLOCK_A.orig mv FW_MAIN_A FW_MAIN_A.orig resign_firmwarefd.sh image.bin image-resigned.bin \ firmware_data_key.vbprivk \ firmware.keyblock \ dev_firmware_data_key.vbprivk \ dev_firmware.keyblock \ kernel_subkey.vbpubk dump_fmap -x image-resigned.bin VBLOCK_A FW_MAIN_A cmp VBLOCK_A.orig VBLOCK_A cmp FW_MAIN_A.orig FW_MAIN_A (Test for Alex and ZGB; repeat for old and new resign_firmwarefd.sh) resign_firmwarefd.sh image.bin image-resigned-{old or new}.bin \ firmware_data_key.vbprivk \ firmware.keyblock \ dev_firmware_data_key.vbprivk \ dev_firmware.keyblock \ kernel_subkey.vbpubk cmp image-resigned-old.bin image-resigned-new.bin Change-Id: Ie70b6c91614343ad9f991ae369a0f8e74ec213fe Reviewed-on: https://gerrit.chromium.org/gerrit/31572 Commit-Ready: Che-Liang Chiou <clchiou@chromium.org> Tested-by: Che-Liang Chiou <clchiou@chromium.org> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
* signer scripts: break kernel parameters on spaces rather than word boundariesMike Frysinger2012-08-241-7/+15
| | | | | | | | | | | | | | | | | | | | | The current kernel parameter parsing logic uses word boundaries (\b) to keep from replacing parameters inside of other parameters (like "level=1" mangling "loglevel=1" into "log"), but this fails when the last character isn't a "word" character. e.g. "\bconsole=\b" doesn't match "console=". Change the \b to a space. Since we're already using spaces as our split marker, this shouldn't be a problem. BRANCH=None BUG=chrome-os-partner:12780 BUG=chromium-os:33868 TEST=ran `ensure_secure_kernelparams.sh` on an image with 'console=' and saw it work Change-Id: Id69250179ea76aabfed9cd21c1c59483d78a215d Reviewed-on: https://gerrit.chromium.org/gerrit/31356 Reviewed-by: David McMahon <djmm@chromium.org> Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org>
* signer scripts: include debug output when we failMike Frysinger2012-08-241-0/+21
| | | | | | | | | | | | | | | | When checking kernel params fail, it's useful to know all the variables as to what it's doing. So dump some state when an error occurs. BRANCH=None BUG=None TEST=ran `ensure_secure_kernelparams.sh` on a bad image and saw useful output TEST=ran `ensure_secure_kernelparams.sh` on a good image and saw no output Change-Id: I0e499f87a6d8feed80da72aba75e1e6c1b4076c9 Reviewed-on: https://gerrit.chromium.org/gerrit/31355 Reviewed-by: David McMahon <djmm@chromium.org> Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org>
* Extend "non-release" check to session manager use-flags.Jim Hebert2012-08-071-1/+13
| | | | | | | | | | | | | | | | | | Since we've moved away from flag-files in session manager to enable certain dev/test-mode features, our strategy of checking for those flag files on the signer fell behind. This test adopts a scheme that any use flag starting with "test_" or "dangerous_" is blacklisted from release signing. BUG=chromium-os:32430 TEST=ran the script against both a 'base' and 'test' image from the builder/ToT. Passes/fails as expected. Change-Id: I54d6ef17d52371c7543d5705e0939e000db85e51 Reviewed-on: https://gerrit.chromium.org/gerrit/29034 Reviewed-by: Chris Masone <cmasone@chromium.org> Tested-by: Jim Hebert <jimhebert@chromium.org> Commit-Ready: Jim Hebert <jimhebert@chromium.org>
* Fix make_dev_ssd.sh --remove_rootfs_verificationRandall Spangler2012-08-031-8/+1
| | | | | | | | | | | | | | | | | | It was checking for /dev/dm-0, which isn't the case anymore. It now always attempts to remove rootfs verification from the command line; this is harmless (no-op) if it's already removed. BUG=chromium-os:31558 TEST=manual /usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification reboot touch /opt/google/chrome/chrome Change-Id: I62dc138e8d1d09bdcb16be3faab74d32c5f7675a Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/28506 Reviewed-by: David James <davidjames@chromium.org>
* vboot_reference: Improve make_dev_firmware script.Hung-Te Lin2012-08-011-48/+35
| | | | | | | | | | | | | | | | | | | | | | Developers testing firmware preamble flags (usually for turn on/off RO-NORMAL bits) need a easy way to change existing firmware, without hacking FDT source / looking for complex script. Also included some minor improvements: * Always enable FORCE_DEV_BOOT_USB and DISABLE_FW_ROLLBACK_CHECK. These are flags most developers need when leaving official signed normal firmware. * --bmpfv is deprecated because our latest firmware now always include official bitmaps in updater, no more DEV bitmaps. BUG=none TEST=./make_dev_firmware.sh -f bios.bin -t new_bios.bin --preamble_flags 0 ./make_dev_firmware.sh -f bios.bin -t new_bios.bin --preamble_flags 1 Change-Id: I7ee72d32b4b7fa28f2be635fd8c7bb678852e132 Reviewed-on: https://gerrit.chromium.org/gerrit/28792 Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Commit-Ready: Hung-Te Lin <hungte@chromium.org>
* [vboot_reference] Prepare for the removal of /root/.forget_usernames from ↵Nirnimesh2012-07-171-8/+0
| | | | | | | | | | | | | | | test images /root/.forget_usernames is going away from test images. It was a hack. BUG=chromium-os:31807 TEST=suite:bvt Change-Id: I27b606fa0232514f3ec45a4ed765b89efcf8f07e Reviewed-on: https://gerrit.chromium.org/gerrit/27588 Reviewed-by: Gaurav Shah <gauravsh@chromium.org> Tested-by: Nirnimesh <nirnimesh@chromium.org> Commit-Ready: Nirnimesh <nirnimesh@chromium.org>
* vboot_reference: add "set_gbb_flags" script.Hung-Te Lin2012-06-271-0/+76
| | | | | | | | | | | | | | | A simple script to help setting GBB flags on-the-fly, with help information for flag value meanings. BUG=chrome-os-partner:10389 TEST=./set_gbb_flags.sh 0x20 ./set_gbb_flags.sh 0x0 Change-Id: Ic624f76c0897a1cbda876f3073b36f7c6425b5d4 Reviewed-on: https://gerrit.chromium.org/gerrit/26224 Reviewed-by: Bill Richardson <wfrichar@chromium.org> Commit-Ready: Hung-Te Lin <hungte@chromium.org> Tested-by: Hung-Te Lin <hungte@chromium.org>
* security test: Add test that verifies that update verification is enabledGaurav Shah2012-06-184-4/+37
| | | | | | | | | | | BUG=chromium-os:31893 TEST=verified on images with/without payload verification enabled. Change-Id: Ic1883aafcc2c48d9e7c5323d6dc7e21fb8f47585 Reviewed-on: https://gerrit.chromium.org/gerrit/25407 Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Ready: Gaurav Shah <gauravsh@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org>
* Signing scripts: Add firmware signing to sign_official_build.shGaurav Shah2012-06-071-9/+24
| | | | | | | | | | | | | | This makes it easy to integrate firmware signing into the signer since we can reuse the base signing script. BUG=chromium-os:10094 TEST=try signing both firmware and normal images. Change-Id: I8beb598e267de33a2c3468dcf8d7c4b74d4de9fd Reviewed-on: https://gerrit.chromium.org/gerrit/24654 Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Ready: Gaurav Shah <gauravsh@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org>
* Modify align_rootfs to use --src_image only.Don Garrett2012-06-041-102/+15
| | | | | | | | | | | | | | | Align_rootfs was written to auto-fetch the previous release of a given image, but that logic has bit-rotted. This CL is a quick hack to use --src_image instead. BUG=chromium-os:31124 TEST=Hand ran. Change-Id: I530c6f82c42993648cecb5d59172010d61dd1603 Reviewed-on: https://gerrit.chromium.org/gerrit/23168 Commit-Ready: Don Garrett <dgarrett@chromium.org> Reviewed-by: Don Garrett <dgarrett@chromium.org> Tested-by: Don Garrett <dgarrett@chromium.org>
* signer scripts: retry more than once when mountingMike Frysinger2012-05-011-12/+23
| | | | | | | | | | | | | | | | The retry logic has brought down the number of flakes significantly (from multiple errors a day to ~one every other day). But let's up the retry count, and have it sleep longer after each failure, so hopefully we can bring down the flake count even further. BUG=chrome-os-partner:8156 TEST=`./signing_poller.py -s` signs local images fine Change-Id: I98bc947836514d8b931568f87f7f9a373f771b79 Reviewed-on: https://gerrit.chromium.org/gerrit/21468 Reviewed-by: Gaurav Shah <gauravsh@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Commit-Ready: Mike Frysinger <vapier@chromium.org>
* signer scripts: workaround flaky kernels and loop mount failuresMike Frysinger2012-04-251-12/+36
| | | | | | | | | | | | | | | The kernels we are running the signers on flake out from time to time when mounting the loop back images. Have the mount code detect this edge case and automatically retry when the flake hits. BUG=chrome-os-partner:8156 TEST=`./signing_poller.py -s` signs local images fine Change-Id: Iaa08445904aa26f0aa7240504f6c7a96e6ef3bbb Reviewed-on: https://gerrit.chromium.org/gerrit/21055 Reviewed-by: Gaurav Shah <gauravsh@chromium.org> Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org>
* signer scripts: use make_temp_dir helperMike Frysinger2012-04-162-4/+2
| | | | | | | | | | | | | | | | | | The common code takes care of cleaning up temporary files for us if we use the right helpers. These scripts don't though, so the temp files end up not getting cleaned and over time, /tmp/ files up with crap. The common helper takes care of unmounting and removing, so converting these files over should be safe. BUG=None TEST=`./signer/signer_poller.py -s` signs local images and leaves no /tmp/tmp.* junk Change-Id: I87aa122895997a5ec0017665203fdc8d14e0ab2a Reviewed-on: https://gerrit.chromium.org/gerrit/20329 Reviewed-by: Gaurav Shah <gauravsh@chromium.org> Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org>
* signer scripts: use `sudo` if need be when modifying /etc/lsb-releaseMike Frysinger2012-04-122-11/+24
| | | | | | | | | | | | | | | If we try to run the signing_poller daemon as non-root, it fails to set the channel. Detect if the lsb file is writable, and if not, switch to using sudo on the fly. BUG=None TEST=`./signer/signing_poller.py` as non-root and setting the channel works Change-Id: Iadb10ae68582edfb332f33d3b101c83949ee9502 Reviewed-on: https://gerrit.chromium.org/gerrit/20089 Reviewed-by: Gaurav Shah <gauravsh@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Commit-Ready: Mike Frysinger <vapier@chromium.org>
* signer scripts: unmount loop devices without -d arg to umountGaurav Shah2012-04-099-15/+15
| | | | | | | | | | | | | | | | | Investigations in crosbug.com/26483 revealed a bug in loop device handling if 'umount -d' was called on loop devices mounted using 'mount -o loop'. This CL changes all invocations of umount to remove the -d option since they are always in the context of a loop device creating using -o loop. BUG=chrome-os-partner:8156 TEST=none Change-Id: I96f30664c3f9148d3b57d430002512d8e94b66bc Reviewed-on: https://gerrit.chromium.org/gerrit/19858 Reviewed-by: David James <davidjames@chromium.org> Commit-Ready: Gaurav Shah <gauravsh@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org>
* signer security test: special case dogfood channel for app id checkGaurav Shah2012-03-132-5/+7
| | | | | | | | | | | | | Similar to the canary channel, the dogfood channel images can have their own app id that is distinct from the board app id. BUG=chromium-os:25702, chrome-os-partner:8441 TEST=on a dogfood-channel image Change-Id: Ic993a40d905b224072d325a69e47fdb6633c2e22 Reviewed-on: https://gerrit.chromium.org/gerrit/18039 Tested-by: Gaurav Shah <gauravsh@chromium.org> Reviewed-by: Scott Zawalski <scottz@chromium.org>
* signer tests: Allow different appids for canary channel imagesGaurav Shah2012-02-082-3/+13
| | | | | | | | | | | | | | | If the channel is canary, allow appid to match the value of expected_appid_canary in the ensure sane lsb release test configuration. BUG=chromium-os:25437 TEST=manually tested on an image with and without the channel being canary. Change-Id: I6bf71adbe0fc090ef777c28d24c53eaa8be18404 Reviewed-on: https://gerrit.chromium.org/gerrit/15509 Tested-by: Gaurav Shah <gauravsh@chromium.org> Reviewed-by: Scott Zawalski <scottz@chromium.org> Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
* signer: run kernel security test of kernel partition 4 instead of partition 2Gaurav Shah2011-12-151-1/+5
| | | | | | | | | | | | | | | | The test is run on a recovery image by the signer. We care more about the parameters on the kernel partition 4 (the SSD install kernel) than 2. It'd be nice to have security test on the recovery kernel too and I have marked that as a TODO for now. BUG=chromium-os:24077 TEST=tested on a R17 and R18 mario, alex and zgb image. Change-Id: Ia27ceaefb24dff64115f08b1cc6bbb75d1900071 Reviewed-on: https://gerrit.chromium.org/gerrit/12970 Reviewed-by: Jim Hebert <jimhebert@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org>
* signing script: Check for errors on extracted dm params in kernel command line.Gaurav Shah2011-12-132-34/+68
| | | | | | | | | | | | | | | | | | | | | | | | | Correctly handle the lack of valid dm config parameters in the kernel command line (dm="..."). In particular, skip trying to perform a rootfs hash update for that kernel partition. This change has the side effect of properly signing new recovery images with the in-flight changes recovery install changes being done as part of crosbug.com/22530. Also fix verification of recovery images to consider both kernel partitions for determing the hash to compare the calculated value against. Finally, remove dd's verbose output while signing the firmware. BUG=chromium-os:22530 TEST=manually re-signed new (Alex) and old (Lumpy) recovery image. Verified that recovery install works. Change-Id: Ied9f82f2e77ed581875cec0b43ce45fd98186db2 Reviewed-on: https://gerrit.chromium.org/gerrit/12588 Tested-by: Gaurav Shah <gauravsh@chromium.org> Reviewed-by: Will Drewry <wad@chromium.org> Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
* sign_official_build: Do not ignore the firmware version while re-signing ↵Gaurav Shah2011-12-062-7/+7
| | | | | | | | | | | | | | | | | | | | firmware Change https://gerrit.chromium.org/gerrit/12471 introduced a regression where by we always sign a firmware with version 1. This change fixes that bug. BUG=chromium-os:23817 TEST=ran sign_official_build and made sure the firmware was signed with the right firmware version. Change-Id: I6c8d3e8b103f3f7329b7a4db5a78a8f1ce4415a2 Reviewed-on: https://gerrit.chromium.org/gerrit/12496 Reviewed-by: Gaurav Shah <gauravsh@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org> Commit-Ready: Gaurav Shah <gauravsh@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org>
* sign_official_build: Use sign_firmware.sh for in-place firmware signing.release-R17-1412.BGaurav Shah2011-12-051-23/+9
| | | | | | | | | | | | | | | | | | | | | We recently fixed a bug in the sign_firmware.sh script to perform root key replacement after signing FWA and FWB to allow resign_firmwarefd.sh to correctly determine the preamble flag to use. As it turns out, the sign_official_build.sh script used by the signer for in-place firmware re-signing was using a different code path (by directly calling resign_firmwarefd.sh). This change makes sign_official_build script call sign_firmware.sh instead. BUG=chrome-os-partner:6874 TEST=tried signing a vanilla lumpy image with and without the fix, and observed the value of preamble flag used. Change-Id: Icffb1d86fbe44f69e444da51fe251ad3427635c6 Reviewed-on: https://gerrit.chromium.org/gerrit/12471 Reviewed-by: Duncan Laurie <dlaurie@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org>
* vboot_reference: sanity check firmware A/B content when resigningHung-Te Lin2011-12-051-14/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | If the FW_A and FW_B contents are the same, we should not resign with DEV/NORM keyblocks. BUG=chrome-os-partner:6942 TEST=(to sign) ./resign_firmwarefd.sh bios.bin new.bin \ ../../tests/devkeys/firmware_data_key.vbprivk ../../tests/devkeys/firmware.keyblock \ ../../tests/devkeys/dev_firmware_data_key.vbprivk \ ../../tests/devkeys/dev_firmware.keyblock \ ../../tests/devkeys/kernel_subkey.vbpubk (to verify) dump_fmap -x new.bin vbutil_keyblock --unpack VBLOCK_A | grep Flags vbutil_keyblock --unpack VBLOCK_B | grep Flags When the input (bios.bin) have DEV FW (ex, zgb/alex), then output is A=6, B=7; when the input is old or new firmware without DEV (ex, mario/s*y/l*y), output is A=7, B=7, and you'lll see "Found firmware with same A/B content - ignore DEV keyblock." meessage during resign process. Change-Id: I10cbbf7370f35a40673b328b70c83e7d1213a45d Reviewed-on: https://gerrit.chromium.org/gerrit/12371 Commit-Ready: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org> Tested-by: Hung-Te Lin <hungte@chromium.org>
* Make dev firmware keyblock/data key generation and use optionalGaurav Shah2011-11-221-0/+6
| | | | | | | | | | | | | | | | | | For key generation, only generate dev firmware keyblocks, if the --devkeyblock option is passed. For signing, re-use normal firmware keyblock and data key if no dev keyblocks or data key are found in the keyset directory. BUG=chrome-os-partner:6942 TEST=manual - tested key generation with/without the new flag - tested signing with or without the presence of dev keyblock Change-Id: Ic4bf72cb194461e07fcc0f6de39d4e16d1c979a6 Reviewed-on: https://gerrit.chromium.org/gerrit/12038 Reviewed-by: Hung-Te Lin <hungte@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org> Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
* Replace root and recovery keys in the GBB after firmware sections have been ↵Gaurav Shah2011-11-161-7/+11
| | | | | | | | | | | | | | | | | re-signed resign_firmwarefd.sh needs a verifiable copy of the firmware (and associated root key) to determine the preamble flag value to use. BUG=chrome-os-partner:6874 TEST=manually tested resigning a firmware .bin using sign_firmware.sh. Verified correct preamble flag determination. Change-Id: Ifb132f54f4891dec4fa7250d3a00e7b4feda24c1 Reviewed-on: https://gerrit.chromium.org/gerrit/11776 Reviewed-by: Duncan Laurie <dlaurie@chromium.org> Commit-Ready: Gaurav Shah <gauravsh@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org>
* Change load_shflags to use the new location of shflags for clientsSonny Rao2011-10-271-6/+4
| | | | | | | | | | | | BUG=chromium-os:21742 TEST=manual, ensure vboot scripts continue to work like make_dev_ssd.sh on the client Change-Id: I405334bab734f35a1a81e4b9e90e93cb760cc3d2 Reviewed-on: https://gerrit.chromium.org/gerrit/10479 Reviewed-by: Hung-Te Lin <hungte@chromium.org> Tested-by: Sonny Rao <sonnyrao@chromium.org> Commit-Ready: Sonny Rao <sonnyrao@chromium.org>
* Add test script that can determine if a build contains ASAN-binaries.factory-1235.BJim Hebert2011-10-191-0/+35
| | | | | | | | | | BUG=chromium-os:21863 TEST=ensure_not_ASAN.sh image.bin Change-Id: I414f941a787e0023257401bb8ed7b4a5257f026a Reviewed-on: http://gerrit.chromium.org/gerrit/10352 Reviewed-by: Gaurav Shah <gauravsh@chromium.org> Tested-by: Jim Hebert <jimhebert@chromium.org>
* sign_official_build: allow repacking firmware when executed by sudoHung-Te Lin2011-09-261-0/+1
| | | | | | | | | | | | | | | To prevent execution permissions lost after being copied to /tmp, force adding a+rx to the staging file. BUG=chromium-os:20797 TEST=sudo sign_official_build.sh ssd \ x86-zgb-0.16.1089.0.bin ../../tests/devkeys ssd_image.bin Change-Id: Ibee12dbb3faea9f6b05600d1343620e0af8633fb Reviewed-on: http://gerrit.chromium.org/gerrit/8263 Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Gaurav Shah <gauravsh@chromium.org> Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
* sign_official_build: Work around different verity arguments across imagesGaurav Shah2011-09-231-3/+14
| | | | | | | | | | | | | | | | | | | | | Work around the fact that we have 3 different verity kernel arguments depending on the image being signed (legacy parameters, new key=value parameters, new key= value parameters with salt). Since the signer is not branch conscious, expect and use the old verity binary to be present when legacy kernel arguments are specified. The last 2 types of verity arguments can be distinguished based on whether a salt is present. BUG=chromium-os:20640 TEST=manually tested by signing r14, r15 and r16 images and verifying that kernel parameters are set correctly. Change-Id: I96ecf6f506a94509a64ef12d7a108e977f94c23c Reviewed-on: http://gerrit.chromium.org/gerrit/8214 Commit-Ready: Gaurav Shah <gauravsh@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org> Reviewed-by: David McMahon <djmm@chromium.org> Tested-by: David McMahon <djmm@chromium.org>
* image security test: Allow alternatives for verity parametersGaurav Shah2011-09-212-15/+36
| | | | | | | | | | | | | | | | | | This is again working around the fact that the signer isn't branch conscious. Depending on which branch you look at, there are 3 possible verity parameter styles in use. This CL allows the kernel parameter test to allow multiple alternatives for verity dm= parameters. BUG=chromium-os:20640 TEST=manually tried with a R16, R15 and R14 image Change-Id: I07554594d6adbdfd1988395d3e91edfd603d8cd4 Reviewed-on: http://gerrit.chromium.org/gerrit/8067 Reviewed-by: Jim Hebert <jimhebert@chromium.org> Commit-Ready: Gaurav Shah <gauravsh@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org>
* Allow path to the cgpt binary to be set on the command lineEric M. Blake2011-09-162-14/+28
| | | | | | | | | | | | BUG=chromium-os:17138 TEST=tested changes on vm8-m2, was able to successfully run au-generate.py and it used the cgpt binary from au-generate.zip Change-Id: Ia57f1be4b0d669cad430e51977cce6e26d704320 Reviewed-on: http://gerrit.chromium.org/gerrit/7796 Reviewed-by: Gaurav Shah <gauravsh@chromium.org> Reviewed-by: Eric Blake <eblake@chromium.org> Tested-by: Eric Blake <eblake@chromium.org>
* sign_official_build: support new firmware updater repacking methodfactory-1020.BHung-Te Lin2011-09-091-35/+59
| | | | | | | | | | | | | | | | | | To prevent hard-coding the procedure to repack a firmware updater, this CL supports using new "--sb_repack" mode supported by updater so that signer does not need to care about how the updater is packed anymore. BUG=chromium-os:20027 TEST=./sign_official_build.sh ssd \ ~/trunk/src/build/images/x86-zgb/latest/chromiumos_image.bin \ ../../tests/devkeys \ ~/trunk/src/build/images/x86-zgb/latest/chromiumos_new_image.bin # success Change-Id: I035dfaa86b05b85748e69ec039769b0c08d33f64 Reviewed-on: http://gerrit.chromium.org/gerrit/7311 Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
* Fix image verify with new key-value verity paramsGaurav Shah2011-08-251-7/+13
| | | | | | | | | | BUG=chromium-os:18492 TEST=manually on new and old image. Change-Id: Ifa7ab70cd2cd3629656d167cd6f4bfaae8f7f03a Reviewed-on: http://gerrit.chromium.org/gerrit/6589 Reviewed-by: Elly Jones <ellyjones@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org>
* Add support for new verity key-value style kernel parametersGaurav Shah2011-08-231-10/+39
| | | | | | | | | | | BUG=chromium-os:18492 TEST=manually tested with both an old verity image, as well as a new one (with the pending http://gerrit.chromium.org/gerrit/6085) Change-Id: I347de9185db1c4ea949d37121c63e08184e8fcfe Reviewed-on: http://gerrit.chromium.org/gerrit/6516 Reviewed-by: Elly Jones <ellyjones@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org>
* make_dev_firmware: handle developer firmware keyblock correctlyfirmware-u-boot-v1firmware-881-u-boot-v1Hung-Te Lin2011-08-101-0/+29
| | | | | | | | | | | | | | | | | | We should detect keyblock from existing firmware and decide if a developer firmware keyblock should be used. BUG=chromium-os:18946 TEST=./make_dev_firmware.sh -f zgb.bin -t zgb_dev.bin # seeing Using keyblocks (developer, normal)... ./make_dev_firmware.sh -f mario.bin -t mario_dev.bin # seeing Using keyblocks (normal, normal)... ./make_dev_firmware.sh -f arm.bin -t arm_dev.bin # seeing Using keyblocks (normal, normal)... Change-Id: I74fa0db980e26a6a19a4393303e8c5b3260c84c7 Reviewed-on: http://gerrit.chromium.org/gerrit/5623 Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org>
* resign_firmwarefd: replace mosys by "dump_fmap -p"Hung-Te Lin2011-08-021-34/+28
| | | | | | | | | | | | | | | | | Parsing fmap information becomes easier after dump_fmap adds "-p" mode, and prevents the dependency because dump_fmap is in same repo with signing scripts. BUG=none, pure refine to reduce dependency and less error messages TEST=./resign_firmwarefd.sh mario_bios.bin output.bin \ devkeys/firmware_data_key.vbprivk devkeys/firmware.keyblock \ devkeys/firmware_data_key.vbprivk devkeys/firmware.keyblock \ devkeys/kernel_subkey.vbpubk # Also verified with modern firmware like ZGB/Alex and ARM. Change-Id: Ia40ecd9ab641250272952e20ab058e780eb7770b Reviewed-on: http://gerrit.chromium.org/gerrit/5132 Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
* resign_firmwarefd: don't change preamble flag by default.Hung-Te Lin2011-08-021-5/+18
| | | | | | | | | | | | | | | | | | When preamble_flag is not assigned manually, resign_firwmarefd should not change the preamble flag. BUG=chromium-os:18207 TEST=# Prepare a bios.bin with preamble_flag=1 (ex, ARM firmware) ./resign_firmwarefd.sh bios.bin ..... # do not assign preamble vbutil_firmware --verify # see preamble_flag=1 # Repeat with firmware having preamble_flag=0 (ex, x86 firmware like ZGB/Alex) # preamble_flag is 0 after resign_firmwarefd. Change-Id: I50f88bbf51a28defaf1c4e5383ab856168a128fc Reviewed-on: http://gerrit.chromium.org/gerrit/5133 Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org> Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
* resign_firmwarefd.sh: support new "flag" (for hinting two-stop FW)Hung-Te Lin2011-07-222-3/+18
| | | | | | | | | | | | | | The two-stop firmware relies on the "flag" field which may be useful for the resign_firmwarefd.sh. BUG=chrome-os-partner:5095 TEST=./resign_firmwarefd [params] 1 vbutil_firmware --verify ..... # seeing flag = 1 Change-Id: I56b44ee5b610e36384e15e6eb31286f0f838734b Reviewed-on: http://gerrit.chromium.org/gerrit/4561 Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
* Fix script to use new key=value style /bin/verity argumentsGaurav Shah2011-07-211-6/+5
| | | | | | | | | | | BUG=chromium-os:17953 TEST=Run sign_official_build.sh verify from the chroot on an image, now it succeeds. Change-Id: Idd923716c95f4f12bd0a1236e2894af276e26d71 Reviewed-on: http://gerrit.chromium.org/gerrit/4499 Reviewed-by: Elly Jones <ellyjones@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org>
* make_dev_ssd: support new %U parameterHung-Te Lin2011-07-011-5/+1
| | | | | | | | | | | | The %U is better since arm and x86 both supports it now. BUG=chromium-os:15683 TEST=./make_dev_ssd.sh # need latest kernel patch Change-Id: I94a6471788d3496cfa7ef263493e89877bb2b593 Reviewed-on: http://gerrit.chromium.org/gerrit/3551 Reviewed-by: Che-Liang Chiou <clchiou@chromium.org> Tested-by: Hung-Te Lin <hungte@chromium.org>
* make_dev_ssd: fix ARM device namesHung-Te Lin2011-06-302-3/+25
| | | | | | | | | | | BUG=chromium-os:15061 TEST=(on arm) ./make_dev_ssd.sh --remove_rootfs_verification # works Change-Id: I0ed5e02cd566c89b2604a2e77b87413dc957471e Reviewed-on: http://gerrit.chromium.org/gerrit/3375 Reviewed-by: Bill Richardson <wfrichar@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Tested-by: Hung-Te Lin <hungte@chromium.org>
* Firmware generate script for boot scenarios.Rajesh Chenna2011-06-141-0/+101
| | | | | | | | | | BUG=16488 TEST=Manual. Run firmware_boot.sh <BIOS name without .fd extension> Change-Id: Iff4751803782d0f65bf4469e845100d40ae9cb6c Reviewed-on: http://gerrit.chromium.org/gerrit/2618 Tested-by: Rajesh Chenna <rchenna@chromium.org> Reviewed-by: Rajesh Chenna <rchenna@chromium.org>
* kernel command line test: add optional regular expression parameter supportGaurav Shah2011-06-102-0/+8
| | | | | | | | | | | | | Add support for matching an optional kernel command line parameter that must be matched via a regular expression. BUG=none TEST=manually on R12, R13 and R14 recovery images. Tests pass. Change-Id: I82c1e6c9bd98f41912ab2054840fb2edec4698d9 Reviewed-on: http://gerrit.chromium.org/gerrit/2474 Reviewed-by: Jim Hebert <jimhebert@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org>
* Update the install kernel on the recovery image with the right vblockGaurav Shah2011-06-012-34/+47
| | | | | | | | | | | | | | | | | | | | | This avoids the need to read the vblock off the stateful partition to re-construct the right SSD install kernel. The recovery installer can also perform its verification checks (e.g. rollback to old version) by directly reading kernel partition B instead of re-constructing it by mounting the stateful partition. We still copy the SSD vblock on the stateful for tools that still use them (by overwriting the SSD kernel vblock). That operation is basically a no-op now. This unnecessary step will be removed from the tools as part of separate CLs. BUG=chromium-os:8378, chrome-os-partner:3309 TEST=signed a new recovery image, made sure it installs Change-Id: Ic4308fba1355f67a3b2821ae7e8d438bf658b0d1 Reviewed-on: http://gerrit.chromium.org/gerrit/1648 Tested-by: Gaurav Shah <gauravsh@chromium.org> Reviewed-by: Will Drewry <wad@chromium.org>
* Add /sbin and /usr/sbin to the search pathGaurav Shah2011-05-131-0/+4
| | | | | | | | | | | | | Some tools (such as dumpe2fs) may reside in paths that are not in the system non-root path. BUG=chromium-os:13564 TEST=Can now run sign_official_build without sudo. Change-Id: I48737e7735551c9004a6fa19359da664ca67b423 Reviewed-on: http://gerrit.chromium.org/gerrit/867 Reviewed-by: Hung-Te Lin <hungte@chromium.org> Tested-by: Gaurav Shah <gauravsh@chromium.org>
View Lorry Controller Status