| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For set_lsb_release.sh called without parameter, it doesn't modify
anything in the image, and mount the image ro. Thus setfattr to
ensure security.selinux xattr will fail with Read-only filesystem,
and is not necessary since nothing has been modified.
BUG=chromium:954670
TEST=set_lsb_release.sh xx.bin a b
TEST=set_lsb_release.sh xx.bin
BRANCH=none
Change-Id: I32bf61796c2b60d18e4e62cc43f2d0e9dc75cef5
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1666516
Tested-by: Qijiang Fan <fqj@google.com>
Commit-Queue: LaMont Jones <lamontjones@chromium.org>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After every invocation to set_lsb_release.sh, make sure /etc/lsb-release
in $rootfs has the expected SELinux security context stored at
security.selinux extended attribute.
BRANCH=none
BUG=chromium:954670
TEST=set-lsb_release.sh chromium_test_image.bin a b
Change-Id: I541493d8ad3c94b16840337d807629691b1b00bb
Reviewed-on: https://chromium-review.googlesource.com/1630426
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Qijiang Fan <fqj@google.com>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* To enable, use --use_apksigner.
* Drop signature schemes that we don't really need.
* Supports key rotation. In this case, the signing lineage
will be honored if the file exists next to the keys.
* Update key generation script to auto generate the signing lineage.
TEST=the script runs successfully with and without the flag
TEST=`apksigner lineage --print-certs -v -in foo.apk` shows
correct rotation info
TEST=keygeneration/create_new_android_keys.sh --rotate-from old new
BUG=None
BRANCH=None
Change-Id: Ic7b7b0ed4ea707a748dc42a1f39d6eb79d53cf1b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1643411
Tested-by: Victor Hsieh <victorhsieh@chromium.org>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
Commit-Queue: Victor Hsieh <victorhsieh@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sign_official_build.sh accepted a subset of the syntax allowed by
sign_firmware.sh. Update to be consistent.
BUG=chromium:962529
BRANCH=None
TEST=Manually verified
Change-Id: Ic9c7d5d8a4744c09c06249ed835ef678e6368aa0
Reviewed-on: https://chromium-review.googlesource.com/1612376
Commit-Ready: LaMont Jones <lamontjones@chromium.org>
Tested-by: LaMont Jones <lamontjones@chromium.org>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the key file directory name includes string 'test' do not check if
the image being signed has the prod RO.
BRANCH=none
BUG=b:74100307
TEST=manual
Change-Id: I3241d31f6612c1dc44c217958d74d4da784c5dfb
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1614793
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Deprecate internal usage of GoogleBinaryBlockHeader struct in
favour of vb2_gbb_header struct. Keep the v1 struct around until
we remove references in other repos.
BUG=b:124141368, chromium:954774
TEST=make clean && make runtests
BRANCH=none
Change-Id: I396d2e624bd5dcac9c461cc86e8175e8f7692d26
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1583826
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After sed -i, if the lsb-release will change, sed -i will recreate the
file and loose the security.selinux xattr.
We need to recover this extended attribute to make sure lsb-release
still has the correct label in signed images.
BRANCH=none
BUG=chromium:954670
TEST=../platform/vboot_reference/scripts/image_signing/set_channel.sh image.bin something
TEST=../platform/vboot_reference/scripts/image_signing/tag_image.sh --from image.bin --remove_test_label
TEST=../platform/vboot_reference/scripts/image_signing/remove_test_label.sh image.bin
TEST=getfattr -n security.selinux dir_3/etc/lsb-release after above each command
Change-Id: Icfb721a9b4b2ebb21c2cb0f14381ef1f61b928d7
Reviewed-on: https://chromium-review.googlesource.com/1610265
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Qijiang Fan <fqj@google.com>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Kenny Root <kroot@google.com>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In case jq does not find a node in the JSON file, it still returns
with exit code of 0, it just prints 'null' instead of the expected
node value.
This patch adds processing this error condition, which makes it easier
to troubleshoot the case of misconfigured Cr50 signing manifest.
BRANCH=none
BUG=b:74100307
TEST=tried using the script with a manifest which does not have the
node of board_id_flags defined. Observed error message of
...sign_cr50_firmware.sh: ERROR : bid_flags not found in...
instead of previous error reported as
...sign_cr50_firmware.sh: line 53: null: unbound variable
Change-Id: I70acff7a3331b01f0f964f2942bf2806a2af8691
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1537260
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When signing Cr50 images, Board ID flags and major version number
fields of the manifest must follow the following convention:
- even major version numbers indicate pre-pvt branch, Board ID flag
bit 0x10 must be set;
- odd major version numbers indicate mp branch, Board ID flag bit
0x10000 must be set;
BRANCH=none
BUG=b:74100307
TEST=extracted pre-pvt branch produced Cr50 tarball into /tmp/cr50.cp,
and ran the following command:
scripts/image_signing/sign_cr50_firmware.sh /tmp/cr50.cp tests/devkeys \
signed
observed successful completion. Modified
/tmp/cr50.cp/ec_RW-manifest-prod.json to set major version number
to 3 instead of 4 and tried again, got the following error, as
expected:
sign_cr50_firmware.sh: ERROR : Inconsistent manifest \
/tmp/cr50.cp/ec_RW-manifest-prod.json: major = "3", board_id_flags = "16"
Change-Id: Ic123df4396d7d497347de40a5ff448940c0b1982
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1321410
Reviewed-by: David Riley <davidriley@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes sure that Cr50 manifest included in the builder
produced tarball is stripped to remove the comments before it is given
to jq for processing.
Also a little clean up.
BRANCH=none
BUG=b:74100307
TEST=tested as described in the next patch.
Change-Id: I4852fea7c21752c45fcfe4cc60d45f264f142bab
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1529387
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The comments said remount was avoided due to loop offset usage which,
while true, isn't the only reason. We can't remount rw without first
calling enable_rw_mount to clear the invalid bits in the fs header.
Update the comment to reflect that and switch to our mount helper as
it will call that for us.
BUG=chromium:938958
TEST=precq passes & signing unittests pass
BRANCH=None
Change-Id: I1063bc84befebddc942a3dec05e8f33ea834db30
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1522089
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Newer kernels seem to be buggy when using loop mounts with offsets.
Switch to using `losetup -P` everywhere as that doesn't seem to run
into the bug.
BUG=chromium:938958
TEST=precq passes & signing unittests pass
BRANCH=None
Change-Id: I3c35436708d0a4b2c5c1900406503e753f88a53c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1521065
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's already a local |output| variable that we clobbered.
BUG=chromium:935628
TEST=cros-signing/signer/signing_unittest.py passes
BRANCH=none
Change-Id: Idde2aa35053ff6bc149f3f4d1df784e25b4fcdc5
Reviewed-on: https://chromium-review.googlesource.com/c/1490651
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Openssl output format changed, use futility for key_size.
BUG=chromium:935628
TEST=None
BRANCH=none
Change-Id: I1329fa8cd1a79943dbcd8be19d56680ae22376f1
Reviewed-on: https://chromium-review.googlesource.com/c/1489452
Tested-by: LaMont Jones <lamontjones@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This introduces a script for signing Cr50 images on the build server.
BRANCH=cr50
TEST=sign_official_build.sh cr50_firmware input tests/devkeys output
BUG=b:74100307
Change-Id: I741b8532980b0a7a0b32fbacff235c38661c7668
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1313573
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We changed the verity kernel command line form before R16 was released
and included backwards compat support in the scripts for it. But all
the devices that were released for these old versions are EOL, and we
don't need to sign images that old anymore, so drop support.
BRANCH=None
BUG=chromium:891015
TEST=precq passes
Change-Id: I5cc37fae19fb4b3db229598aa0f5c69a6f32005a
Reviewed-on: https://chromium-review.googlesource.com/1387904
Commit-Ready: LaMont Jones <lamontjones@chromium.org>
Tested-by: LaMont Jones <lamontjones@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 16ceb9625ed13b0da4ae6306f9187b672b9b382f dropped support for old
versions, but it also accidentally dropped the salt= setting which ended
up breaking newer recovery kernels. Restore that line and drop an unused
var from the old code path.
BRANCH=None
BUG=chromium:891015, chromium:891764
TEST=running `./sign_official_build.sh verify` against the images in crbug.com/891764 works again
Change-Id: I8ae619c9243f9c2638962ae439b9df5090d6c535
Reviewed-on: https://chromium-review.googlesource.com/1376831
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I have one too many times being bitten by forgetting to reboot
my DUT between running this tool and trying to flash a new kernel.
Make the script remind me of this requirement.
BRANCH=none
BUG=none
TEST=ran script, saw new output
Change-Id: I5c4738317087ec7654b13c1c9c3cd67273ba3bf1
Signed-off-by: Enrico Granata <egranata@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1330016
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We recently expanded the kernel size from 16M to 64M for the generic
amd64 image and that's causing problems for this script. Let's drop the
check for a maximum size as we have other sanity checks for reading the
kernel command line and modifying vboot headers later on anyway.
BRANCH=None
BUG=chromium:905093
TEST=deploy_chrome for amd64-generic image
Change-Id: Id08ad0a1feb28fda850c611e1e993d15b32e502d
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1336109
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Storing backup files inside /mnt/stateful_partition should be done only
on DUTs running ChromeOS. For chroot or other environment, we should
just store in current folder if available.
Also fixed that the warning message when backup files can't be generated
should be printed using "warn" instead of "warning".
BUG=None
TEST=./make_dev_ssd.sh -i image --edit_config --partitions 2
Change-Id: Ie81e810951e7fc72f350de847440a8f0372bc9be
Reviewed-on: https://chromium-review.googlesource.com/1300893
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We changed the verity kernel command line form before R16 was released
and included backwards compat support in the scripts for it. But all
the devices that were released for these old versions are EOL, and we
don't need to sign images that old anymore, so drop support.
BRANCH=None
BUG=chromium:891015
TEST=precq passes
Change-Id: I0e61c5d5cbeefb8ea0af955ead604a97fcb84bad
Reviewed-on: https://chromium-review.googlesource.com/1255344
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It looks like cbfstool removing & inserting blobs into the bios, even
if the contents are the same, break the signatures run over the region.
Until we can figure out what's going on, avoid re-adding content that's
the same to keep the signatures valid.
BRANCH=None
BUG=chromium:889716
TEST=signing fizz image has valid vblock hashes
Change-Id: I00ba84cf22b6fffc594e60b78f91e7cb49c98f06
Reviewed-on: https://chromium-review.googlesource.com/1248201
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: C Shapiro <shapiroc@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:114610466
BRANCH=none
TEST=(1)Test cheza, whose storage has a block size of 4k:
$ make_dev_ssd.sh --remove_rootfs_verification --partitions 2
$ make_dev_ssd.sh --partitions 2 --save_config /tmp/foo_config
$ echo "console=ttyMSM0,115200n8" >> /tmp/foo_config.2
$ make_dev_ssd.sh --partitions 2 --set_config /tmp/foo_config
Messages show kernel is successfully re-signed.
Reboot and then see kernel log printed.
Also, rootfs is modifiable.
(2)Do a similar test on scarlet, whose storage has a block size of 512B.
See the same result.
Change-Id: Ic5d7714e4f608c477f935d244cd5ad62eb38815a
Signed-off-by: Philip Chen <philipchen@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1240934
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Philip Chen <philipchen@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Evan Green <evgreen@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unibuilds, such as Octopus, generate long lines listing the
individual board names.
Removing a check which is restricting the unibuilds ability to add
additional boards to the list.
BUG=chromium:873552
BRANCH=none
TEST=none
Change-Id: I080f4f251935eb19ee3377556500a5bd98117a2f
Reviewed-on: https://chromium-review.googlesource.com/1173256
Commit-Ready: Bob Moragues <moragues@chromium.org>
Tested-by: Bob Moragues <moragues@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To speed things up, support stripping /boot from a rootfs block device.
This way we can mount an image via loopback and pass that in directly.
BRANCH=None
BUG=chromium:714598
TEST=strip_boot_from_image.sh on image files works, and on loopback partitions
Change-Id: Ie74d3f239ac29533f4325d0c1f75e3cce5fab7a5
Reviewed-on: https://chromium-review.googlesource.com/1152075
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
Reviewed-by: Chris Ching <chingcodes@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Require that the container passed in is the one containing
the specified key, and no other key. So if only one key is
present it must be the specified key.
BUG=chromium:863464
TEST=run locally
BRANCH=None
Change-Id: Ieeca5773f35b7bf92beae8a2192ed6e6fd9008e6
Reviewed-on: https://chromium-review.googlesource.com/1136910
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-by: Bob Moragues <moragues@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the root is default RW mounted, we found that the system is more
fragile due to suspend and resume tests.
It is found that in early builds, many projects tend to need minor fixes
in test image rootfs, for example kernel modules or files read by
kernel. Currently the only way to update those files is to reflash whole
images, but that's not very practical when the network in manufacturing
line is pretty slow. It would be better if we can change a single file.
As a result, we want to allow setting the default root mount option when
running make_dev_ssd.sh. The new --nodefault_rw_root allows disabling
rootfs verification but still mounting rootfs as RO, which makes better
chances for system to be stable, and changes can still be made by an
explicit 'mount -o rw,remount /'.
BUG=None
TEST=./make_dev_ssd.sh --remove_rootfs_verification --nodefault_rw_root
Change-Id: Ie2675e25b77e638ba6c3be8e2a2a3887a95582fc
Reviewed-on: https://chromium-review.googlesource.com/1137966
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
firmware_keys field in the HWID database also contains hash of recovery
key so need this information as well in order to deprecate firmware_keys
field.
BUG=chromium:763328
TEST=1) ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery ./chromeos_10644.0.0_soraka_recovery_dev-channel_mp.bin
./src/platform/vboot_reference/tests/devkeys ./output.bin
2) verify output file - VERSION.signer.
BRANCH=None
Change-Id: If2be93723e95d46fc0546239695be27c3229275c
Reviewed-on: https://chromium-review.googlesource.com/1053334
Commit-Ready: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Wei-Han Chen <stimim@chromium.org>
Reviewed-by: C Shapiro <shapiroc@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
chromoes-tpm-recovery was misspelled,
correct to chromeos-tpm-recovery
BRANCH=None
BUG=None
TEST=None
Change-Id: Ia3109348eed59f27b08d5261fbcc3d1d93067e89
Reviewed-on: https://chromium-review.googlesource.com/1043494
Commit-Ready: Nick Sanders <nsanders@chromium.org>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CL:866522 supported the case of loem and uni-build projects but not for
the project with one key only. After this CL, `gooftool finalize` can
refer to VERSION.signer in order to get correct firmware key hash from
recovery image. As the result, firmware_keys field can be removed from
HWID database.
BUG=chromium:763328
TEST=1) ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery ./chromeos_10644.0.0_soraka_recovery_dev-channel_mp.bin
./src/platform/vboot_reference/tests/devkeys ./output.bin
2) verify output file - VERSION.signer.
BRANCH=None
Change-Id: I376cd7038c0fe1d5cc71cb39cbabeb5e79994407
Reviewed-on: https://chromium-review.googlesource.com/1051429
Commit-Ready: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: C Shapiro <shapiroc@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Newer versions of util-linux/mount don't like when you create overlapping
loopback files. Since we always create a loopback of the entire image,
this means every mount fails.
We can change the few users in here over to using the existing loopback
partitions rather than continuing to create their own from scratch. This
makes the code a bit simpler.
However, we currently duplicate some of the mount image helpers so that
one version works off of a disk image while the other uses loopbacks.
Cleaning this up requires a number of changes in other files which we'll
want to do eventually, just not right now (to minimize risk).
BUG=chromium:714598
TEST=image signing works on newer gLinux installs
BRANCH=None
Change-Id: I31b35636b3b271e97070d283f8cb74d3183d8ec8
Reviewed-on: https://chromium-review.googlesource.com/1034435
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Dumping md5sum information along the way of signing bios.bin to shed
some lights on the signing process in order to debug the first slot
issue.
BUG=b:77252439
TEST=None
BRANCH=None
Change-Id: I5083d6db2eee42c5cc9588606f95bbffba0c00ff
Reviewed-on: https://chromium-review.googlesource.com/1036802
Commit-Ready: YH Lin <yueherngl@chromium.org>
Tested-by: YH Lin <yueherngl@chromium.org>
Reviewed-by: C Shapiro <shapiroc@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:78577893
BRANCH=None
TEST=None
Change-Id: I1905f53aadb0ae882dc4cf9f4fd214b4ccdfc440
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1029429
Commit-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Duncan Laurie <dlaurie@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Follow up the code review comments on CL:995175, which was merged as
1493e938e45535f86b7132a83123c6319eacb217
("image_signing: sign UEFI binaries")
BUG=b:62189155
TEST=See CL:*613656
BRANCH=none
Change-Id: Ic01bfbbfe39fbfb85c0f313ab62bbcd3e2fbb9a3
Reviewed-on: https://chromium-review.googlesource.com/1024919
Commit-Ready: Edward Jee <edjee@google.com>
Tested-by: Edward Jee <edjee@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signature Scheme V2 was introduced in N.
TEST=(prepare)
1. Produce A.img by running the original sign_android_image.sh on a
test image.
2. Produce B.img by running the new sign_android_image.sh on the
same image.
TEST=Check Settings.apk with apksigner. Saw only v1 signature exists
with A.img, and only v2 exists with B.img, as expected.
Certificates on both APKs have the same fingerprint.
TEST=Login with A to create a new /data state, then login with B.
Platform apps still run. No signature error in logcat.
BRANCH=none
BUG=b:67942659
Change-Id: Ibabc399563bfdc92836856a377997405cc660483
Reviewed-on: https://chromium-review.googlesource.com/993153
Commit-Ready: Victor Hsieh <victorhsieh@chromium.org>
Tested-by: Victor Hsieh <victorhsieh@chromium.org>
Reviewed-by: Bernie Thompson <bhthompson@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:62189155
TEST=See CL:*601769
BRANCH=none
Change-Id: Id9569616bae0d5f44c1c96e18522ace244a5aae8
Reviewed-on: https://chromium-review.googlesource.com/995175
Commit-Ready: Edward Jee <edjee@google.com>
Tested-by: Edward Jee <edjee@google.com>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Looks like we forgot to update the help text for set_gbb_flags.sh when
adding the DISABLE_FMWP flag. This patch fixes that.
BRANCH=None
BUG=None
TEST=None
Change-Id: Iae45e151ae786565f6a1a695a2e3c3d01f8c1d0a
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/976801
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems like there are some testing use cases where we want the device
to boot into the recovery installer but it is impractical to fully
simulate a user-triggered recovery. This has become impossible with the
recent change to always require manual recovery to boot an image, even
when the developer mode switch is enabled (CL:924458).
This patch adds a new GBB flag to support this use case. When the flag
is set, all recovery mode is manual recovery mode, regardless of wheter
the developer mode switch is on or not.
Since the GBB_FLAG_ENABLE_SERIAL was killed off before it ever really
worked anyway, we can safely reuse the bit reserved for it.
BRANCH=None
BUG=None
TEST=make runtests, manually confirmed on Kevin
Change-Id: I4f51dfd20b4ff04c522f53596896dccbceee52dc
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/976660
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This regenerates packages cache during signing the image once apks are
changed due timestamp and key update.
TEST=Build image, sign it useing devkeys and deploy to device. Perform
user sign-in and enable ARC. Test logcat and everything is clear.
BUG=b:74108152
Change-Id: I4809a1f87c8b8f52094054dbb4c8ba3e059aee89
Reviewed-on: https://chromium-review.googlesource.com/948064
Commit-Ready: Yury Khmel <khmel@google.com>
Tested-by: Yury Khmel <khmel@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of only logging when ARC++ is not present, also report when we
found an ARC++ image about to be re-signed.
BUG=None
TEST=See info message when running sign_official_build.sh
BRANCH=None
Change-Id: I0d983d38048c4b8dace51e4ea25e23c7cf1da3d7
Reviewed-on: https://chromium-review.googlesource.com/942021
Commit-Ready: Nicolas Norvez <norvez@chromium.org>
Tested-by: Nicolas Norvez <norvez@chromium.org>
Reviewed-by: Victor Hsieh <victorhsieh@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- move helper functions that detect which keys should be used depending
on the build flavor to a separate lib
- add unit tests for that lib
BUG=b:72947583
TEST=unit tests
TEST=run against caroline image, scripts detects 'cheets' build flavor
TEST=run against novato-arc64 image (SDK), script detects 'cheets' build
flavor
TEST=run against newbie image (AOSP), script detects 'aosp' build flavor
TEST=run against invalid build property 'paosp_cheets_...', script
aborts as expected
BRANCH=None
Change-Id: I5595c10a5a063e7658d0cf17c77dbeead429cd97
Reviewed-on: https://chromium-review.googlesource.com/923097
Commit-Ready: Nicolas Norvez <norvez@chromium.org>
Tested-by: Nicolas Norvez <norvez@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The original "ro.product.name" of the Android image is modified by the
Chrome OS build process to change it to the CrOS device name instead,
which breaks the detection of the build flavor.
Instead, we now rely on the "ro.build.flavor" property which is not
modified.
If the build flavor is either cheets_* or sdk_google_cheets_*, we expect
the keys to be the cheets keys. AOSP keys are used for aosp_cheets_*
build flavors.
BUG=b:72947583
TEST=run against caroline image, scripts detects 'cheets' build flavor
TEST=run against novato-arc64 image (SDK), script detects 'cheets' build
flavor
TEST=run against newbie image (AOSP), script detects 'aosp' build flavor
TEST=run against invalid build property 'paosp_cheets_...', script
aborts as expected
BRANCH=None
Change-Id: I662436b256b59238b00c7374120f315b538fcd75
Reviewed-on: https://chromium-review.googlesource.com/911905
Commit-Ready: Nicolas Norvez <norvez@chromium.org>
Tested-by: Nicolas Norvez <norvez@chromium.org>
Reviewed-by: Victor Hsieh <victorhsieh@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We deleted crosh workarounds logic years ago (e.g. CL:178932),
so drop references here too.
BUG=None
TEST=precq passes
BRANCH=None
Change-Id: I2b195a7ca863101be35a4bfde29d7950a96c1edd
Reviewed-on: https://chromium-review.googlesource.com/907069
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Following ag/3536780, aosp_cheets targets have their APKs signed with
keys https://android.googlesource.com/platform/build/+/master/target/product/security/
The image signing script now:
- detects if it's an aosp_cheets or cheets build
- checks the correct signing keys have been used in either case
- logs more information about the Android image
BUG=b:72947583
TEST=manually test sign_framework_apks against AOSP and cheets builds
TEST=aosp_cheets builds prior to ag/3536780 are now failing (expected)
TEST=aosp_cheets builds posterior to ag/3536780 are passing
TEST=cheets builds (before and after) are passing
TEST=check that commenting out ro.product.name in build.prop triggers an
error
TEST=check that an invalid value in ro.product.name triggers an error
BRANCH=None
Change-Id: I72abea5182fbfe76820e3f48831be04f39cb334e
Reviewed-on: https://chromium-review.googlesource.com/904726
Commit-Ready: Nicolas Norvez <norvez@chromium.org>
Tested-by: Nicolas Norvez <norvez@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For the EC supporting EFS boot, the RO section contains a
public key, and the RW is signed. For running FAFT, should
replace the RO key to a known one (the dev key under
vboot_reference), such that FAFT tests can resign the RW
using a known private key.
For BIOS image, we use make_dev_firmware.sh to do a similar
job to replace the key in BIOS. This CL makes the
make_dev_firmware script support changing EC key.
BUG=b:71769443
BRANCH=none
TEST=Modify files
$ # Check the original BIOS and EC images
$ futility show ec.bin
$ futility show bios.bin
$ ./make_dev_firmware.sh --change_ec -f bios.bin -t new_bios.bin \
-e ec.bin -o new_ec.bin --backup_dir backup
$ # Check the new images, using new keys and verification succeeded
$ futility show new_ec.bin
$ futility show new_bios.bin
TEST=Modify live firmware
$ ./make_dev_firmware.sh --change_ec
And then run firmware_ECUpdateId with a Type-C charger.
TEST=Run sign_official_build.sh
$ sign_official_build.sh recovery recovery_image.bin \
~/trunk/src/platform/vboot_reference/tests/devkeys /tmp/out.bin
TEST=make runalltests
Change-Id: Id51e2c411a4e6d016e619cec91453ce918b7fff7
Reviewed-on: https://chromium-review.googlesource.com/889406
Commit-Ready: Wai-Hong Tam <waihong@google.com>
Tested-by: Wai-Hong Tam <waihong@google.com>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To record sha1sum of keys in keyset can help loem or unibuild projects to verify
1. whether rekey process is performed correctly during the factory
build.
2. whether HWID database is updated correctly.
BUG=chromium:763328
TEST=1) modify loem.ini to match what coral is.
2) ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery ./chromeos_10308.0.0_coral_recovery_dev-channel_mp-v4.bin
./src/platform/vboot_reference/tests/loemkeys ./output.bin
3) verify output file - VERSION.signer.
BRANCH=none
Change-Id: I80deadb04d9dc0eb66fc5ac45dce84e6f41f1a16
Signed-off-by: Marco Chen <marcochen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/866522
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The helper function - info redirects msg to stderr and appends some
backslash escapes so
1. it can't be redirected to VERSION.signer via stdout again.
2. Even if change to stderr, we also don't want these appended
msg.
BUG=chromium:760879
TEST==~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery ../build/images/coral/latest/recovery_image.bin
../platform/vboot_reference/tests/devkeys
BRANCH=None
Change-Id: I46d560fb4cb93756fd02e32412410afb3a4db0e2
Reviewed-on: https://chromium-review.googlesource.com/861694
Commit-Ready: Marco Chen <marcochen@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=None
BUG=chromium:714598
TEST=signing images still works
Change-Id: Icc848e49b35aa29c1a1206fa9f351be6ec252b13
Reviewed-on: https://chromium-review.googlesource.com/852675
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the indent and content of the help message.
BRANCH=none
BUG=none
TEST=./make_dev_ssd.sh -h
Change-Id: I12f0de807cf5cb8d6edf7f4a6acdc7c11d0114d9
Reviewed-on: https://chromium-review.googlesource.com/848620
Commit-Ready: Youcheng Syu <youcheng@chromium.org>
Tested-by: Youcheng Syu <youcheng@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We are not zeroing the free space properly before signing official images. This
patch fixes it by using fstrim instead of dd. More info can be found in
CL:751809.
BRANCH=none
BUG=chromium:780291
TEST=used sign_official_build.sh to sign two recovery images (these images produced <zero-space> file) with dev keys. Then generated delta update between the two new images. This time there was no <zero-space> file between the two images.
Change-Id: Ib97fb206f5c8bcfd97c43d075990c7fcdaad6f7e
Reviewed-on: https://chromium-review.googlesource.com/848237
Commit-Ready: Amin Hassani <ahassani@chromium.org>
Tested-by: Amin Hassani <ahassani@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|