| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some devices may use rootdev=/dev/dm-1 as root device (the default one was
dm-0, according to build scripts). Running make_dev_ssd.sh
--remove_rootfs_verification on these devices will fail changing rootdev kernel
command line, and cause people not able to re-mount root device as writable.
To support running make_dev_ssd on these devices, we want to change the rootdev
pattern to dm[0-9].
BUG=chromium:428041.
TEST=make_dev_ssd.sh --remove_rootfs_verification
BRANCH=none
Change-Id: Idfd251c58e7d39b0b80ec1fc68989c2f49bdd1b2
Reviewed-on: https://chromium-review.googlesource.com/226782
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ChromiumOS images have recently changed the installable vblock from stateful
partition to kernel + vblock in slot B. sign_official_build script should
follow that layout so other scripts (ex, cros_generate_update_payload) won't
find wrong blob.
BRANCH=none
BUG=chrome-os-partner:32156
TEST=for image_t in ssd usb install recovery; do
./sign_official_build.sh $image_t IMAGE KEYDIR output$image_t.bin
./sign_official_build.sh verify output$image_t.bin
done
# Also boots images without problem.
Change-Id: I04e2b50f3f3355263ba6de9567b4a82c040c5826
Reviewed-on: https://chromium-review.googlesource.com/221890
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we try to sign an image w/out Chrome, this file won't exist.
Run grep with the -s flag to silence those warnings.
BUG=chromium:418817
TEST=`cbuildbot storm-release` no longer warns
BRANCH=None
Change-Id: Ibac0978e3e4d9f89c00206a2dd21c1d71544f710
Reviewed-on: https://chromium-review.googlesource.com/221184
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since all of the functionality of the resign_firmwarefd.sh script
is built in to futility, let's just make that script invoke
futility to do the work. We'll come back and remove the script
entirely, once all outside references to it have been changed to
do the right thing.
BUG=chromium:224734
BRANCH=ToT
TEST=make runtests
Also tested by editing tests/futility/test_resign_firmware.sh to
invoke the resign_firmwarefd.sh script instead of futility.
Everything passed.
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: Id068e551067a956cd7ddc3f9b9e23488261d8d94
Reviewed-on: https://chromium-review.googlesource.com/216716
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
chromeos-install always expects DM verity information from install source,
because even when --noenable_rootfs_verification is applied, the output image
will still include DM verity in kernel command line (just not enabled).
To support developers installing a modified image (by
--remove_rootfs_verification), we have to change the command line to keep DM
verity data, just like how --noenable_rootfs_verification is done.
BRANCH=none
BUG=none
TEST=make_dev_ssd.sh --noenable_rootfs_verification; reboot;
chromeos-install # success.
Change-Id: I3b2c8cbf1b89086ed91b5549c7147cd940fbda14
Reviewed-on: https://chromium-review.googlesource.com/207321
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to disable PD software sync but still do EC software sync
it is useful to have a separate GBB flag for it.
This will allow me to release a Samus P2B firmware image that will
update the EC but not the PD, since the PD FW that comes on P2B
devices cannot be updated with software sync.
BUG=chrome-os-partner:30079
BRANCH=None
TEST=flash BIOS with updated EC+PD:
1) no GBB flags to override behavior updates both EC and PD
2) GBB flag to disable EC software sync disables both EC and PD update
3) GBB flag to disable PD software sync disables only PD update
Change-Id: I49ffb59238bee4a2dd66b24f2516e3ce46ea06cd
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/211910
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In commit https://chromium-review.googlesource.com/203682 the output file names
were always vblock_A, and should be changed to vblock_A and vblock_B.
BUG=chrome-os-partner:30611
TEST=Signed a recovery image and checked output.
BRANCH=none
Change-Id: I91901ba2c24032c6af3e6ab3f731bb7dd384ae2d
Reviewed-on: https://chromium-review.googlesource.com/208610
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than leave the default set of keys in the firmware untouched
(which are dev keys), insert the first loem keyset we find. This is
for people who extract the bios.bin by hand and then blindly burn it
into their flash. This way they'll still get some valid loem keys.
It's not a great solution, but it's better than nothing.
BUG=chromium:381862
TEST=signed recovery image by hand w/loemkeys and looked at packed bios.bin
TEST=signed recovery image by hand w/devkeys and looked at packed bios.bin
TEST=signed recovery image by hand w/custom loemkeys and looked at packed bios.bin
BRANCH=none
Change-Id: I8db1e34d9f4d85be6edf81fecf79a72031571b01
Reviewed-on: https://chromium-review.googlesource.com/204262
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With an loem keyset in a recovery shellball, we don't want to write the
rootkeys & vblocks to the firmware image directly. Instead, we'll put
them into a keyset subdir that the firmware updater will process later.
bios.bin
keyset/
rootkey.LOEMID
vblock_A.LOEMID
vblock_B.LOEMID
We still write the recovery key to the firmware image though as that is
shared between all the keysets.
BUG=chromium:381862
TEST=Ran against a recovery image with devkeys & loemkeys and checked shellball
TEST=`cbuildbot daisy-release` works
BRANCH=none
Change-Id: I6fc99c71e6c7dee25f7f9a466a97314ff750fda9
Reviewed-on: https://chromium-review.googlesource.com/203682
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No real functional changes here. Tidying up to make the next CL easier.
BUG=chromium:381862
TEST=ran by hand and checked output
BRANCH=none
Change-Id: I9ffea6eba17560797135f39cf861318b545b9a54
Reviewed-on: https://chromium-review.googlesource.com/203681
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make ensure_no_nonrelease_files.sh stop grepping
/etc/session_manager_use_flags.txt for USE flags. Instead,
look for non-comment lines in /etc/chrome_dev.conf.
BUG=chromium:377301
TEST=manual: ran against images both with and without
extra config directives
BRANCH=none
CQ-DEPEND=I86d01f4a551433527bb434dc62c30fb44082f774
CQ-DEPEND=Ic030207840b6be79b51486d1706573241a01c08d
Change-Id: Iefeefd936dc7706ed74340edb6521621885bbe25
Reviewed-on: https://chromium-review.googlesource.com/203463
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Daniel Erat <derat@chromium.org>
Tested-by: Daniel Erat <derat@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
make_dev_firmware.sh calls resign_firmwarefd.sh, which extracts rootkey from
input image for checking VBLOCK firmware body size. As a result, we should
resign firmware before changing rootkey / GBB.
BUG=chromium:365738
TEST=Install Nyan/Peppy PreMP-signed firmware, run make_dev_firmware.sh, and
then boot in normal mode.
BRANCH=none
Change-Id: I45dbcacb40b7b77bbf89f1ba244bf7fb25f9ae27
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/196521
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Early proto devices (for testers and developers) may have hardware write
protection enabled and software disabled. They can still flash SPI ROM in that
case, and no need to disable hardware WP switch.
BRANCH=none
BUG=chromium:341242
TEST=./set_gbb_flags.sh 0x39 # see WP messages.
Change-Id: Id320410795a162a009b80360c2225c7510337591
Reviewed-on: https://chromium-review.googlesource.com/186336
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Shawn Nematbakhsh <shawnn@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
People trying to override GBB flags and not having write protection disabled may
corrupt whole RW section of firmware.
To avoid that, we should check write protection before starting to invoke
flashrom commands.
BUG=chromium:341242
TEST=./set_gbb_flags.sh 0x39 # Aborted on a write-protected system, as expected.
BRANCH=none
Change-Id: I6b2dcc75b87dc5ceace0d7caec62ded787b2b534
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/185653
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "-p internal:bus=*" is now deprecated by "-p {host,ec}" because we may have
EC on SPI bus.
BUG=none
TEST=manually executed dev_debug_vboot and see correct output.
BRANCH=none
Change-Id: I6363c09c2ebf57812bf35b7db220303a2786db20
Reviewed-on: https://gerrit.chromium.org/gerrit/66321
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Yung-Chieh Lo <yjlou@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a helper script intended for the signing servers to use to strip
out the /boot directory from images just before signing.
BUG=chromium:210352
TEST=Manually used to strip and image and validated the results.
BRANCH=None
Change-Id: I814522284143d8f90651e13000d428718aeca1e4
Reviewed-on: https://gerrit.chromium.org/gerrit/60828
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Don Garrett <dgarrett@chromium.org>
Tested-by: Don Garrett <dgarrett@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed sign_official_build.sh to work with PARTUUID in the linux format,
PARTUUID=%U/PARTNROFF=1. Had to handle the '/'.
Also fixed a misspelled variable name, devcie -> device. It worked
before because a NULL string generated the right results in the
current configuration.
BUG=chromium:224066
TEST=~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh recovery /home/taysom/trunk/src/build/images/$B/latest/recovery_image.bin /home/taysom/trunk/src/platform/vboot_reference/tests/devkeys /tmp/taysom.bin
BRANCH=none
Change-Id: Id201885a63c6eba4cdb7c9216c0d3d35e6d3f0c4
Reviewed-on: https://gerrit.chromium.org/gerrit/61889
Tested-by: Paul Taysom <taysom@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Paul Taysom <taysom@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) GBB flag to skip EC software sync, so EC will be untouched. Needed
for EC development.
2) GBB flag to default to booting legacy at end of dev screen timeout.
Very handy for booting Ubuntu (or other OS).
Also added unit tests for the new flags.
BUG=chrome-os-partner:20111
BRANCH=none
TEST=make runtests
Change-Id: I9da87d87014881a1b1393b0b4a5acb921d080066
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/58270
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code was using a mixture of shell patterns and
sed regular expression. Changed code to just used
sed regex. This will let me use more complex regex
that are needed for adding PARTUUID to uuids.
BUG=chromium:241572
TEST=./security_test_image
BRANCH=none
Change-Id: I2e8570051b31d580ae36cb82f05383a33236b88e
Reviewed-on: https://gerrit.chromium.org/gerrit/51503
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Paul Taysom <taysom@chromium.org>
Tested-by: Paul Taysom <taysom@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Linux kernel expects partitions that are identified by uuid,
to have the the uuid prefixed by "PARTUUID=" and an optional suffix
of "PARTRNOFF=%d".
The change adds additional pattern matching for these strings.
This will also let get rid of custom uuid processing in dm-verity,
dm-bootcache and dm-verity-chromeos.
BUG=chromium:224066
TEST=security_test_image with old and new command line
BRANCH=none
Change-Id: I71b89dd1df8d7ccd5768c2784078bb869d546bf3
Reviewed-on: https://gerrit.chromium.org/gerrit/51303
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Paul Taysom <taysom@chromium.org>
Tested-by: Paul Taysom <taysom@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's no need to give execute permissions to files that aren't supposed to
executed.
BUG=none
BRANCH=none
TEST=manual
make runtests
Change-Id: I2480b97b39124e98c2f639d56be54cadfdc17f9b
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/42648
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When setting a field, this script mounts the image, unmounts, mounts
it, then writes the field, then unmounts it. When setting 4 or 5
keys at once, this is quite a waste.
Tweak it so we only mount it once, and we can set multiple keys in
a single call by looping over the input args.
BUG=None
TEST=`./signing_unittests.py` passes
BRANCH=None
Change-Id: Id7dc4e8ef58113cc4632721851fcab04ef1e69eb
Reviewed-on: https://gerrit.chromium.org/gerrit/42601
Reviewed-by: Ryan Cui <rcui@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed the error when running "sign_official_build.sh verify"
that was introduced by https://gerrit.chromium.org/gerrit/#/c/40052/
BUG=chromium-os:38229
TEST=sign_official_buils.sh verify on parrot recovery image
BRANCH=none
Change-Id: Ice1933347811c006005f622d178869df12344998
Reviewed-on: https://gerrit.chromium.org/gerrit/42231
Tested-by: Paul Taysom <taysom@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Paul Taysom <taysom@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changed the manipulation of the device mapper arguments in the
command line to handle bootcache. Had to maintain backwards
compatibility with older versions because the signer is used
with older images.
BUG=chromium-os:37114, 37061
TEST=On a parrot with dev signed keys, signed and installed an R-23 image (2913),
a image with bootcache disabled and an image with bootcache enabled.
BRANCH=none
Change-Id: I59c46ccc3ff8b89ae9c4515f020ea9fbe6d96c7c
Reviewed-on: https://gerrit.chromium.org/gerrit/40052
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Paul Taysom <taysom@chromium.org>
Tested-by: Paul Taysom <taysom@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For debugging purposes, we like to see the kernel command line that a
particular kernel is using. We have all the tools to do this already,
but not easy to leverage (you have to manually extract/etc...). So
add a "dump_config" helper to help people out.
Further, the existing argc processing is incomplete and not terribly
friendly. Add some useful error messages explaining why we quit.
BUG=None
TEST=`./sign_official_build.sh dump_config <bin>` works
TEST=`./sign_official_build.sh verify <bin>` works
TEST=`./sign_official_build.sh` shows usage
TEST=`./sign_official_build.sh recovery <bin>` shows usage
TEST=`./sign_official_build.sh recovery <bin> / /tmp/foo` tries to sign
BRANCH=None
Change-Id: I9f94250b8c299783bdcba704733974c6a5491101
Reviewed-on: https://gerrit.chromium.org/gerrit/39603
Reviewed-by: Paul Taysom <taysom@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changed the pattern substitution to work with dm-[0-9]
BUG=chromium-os:25441
TEST=Turned off verity on stumpy both with and without bootcache
BRANCH=none
Change-Id: I519ad71879f2db847f450b869c8f7a67606f1e20
Reviewed-on: https://gerrit.chromium.org/gerrit/38691
Tested-by: Paul Taysom <taysom@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Paul Taysom <taysom@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To handle a more diverse set of configurations, added
processing of regular expressions for the dm params.
BUG=chromium-os:36441
TEST=rand security_test_image for various configurations
BRANCH=none
Change-Id: I4d9e610586cc9f63d55397e60462600ed9b9651f
Reviewed-on: https://gerrit.chromium.org/gerrit/38202
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Paul Taysom <taysom@chromium.org>
Tested-by: Paul Taysom <taysom@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new flag, 0x100, to indicate FAFT key stroke overrides.
BUG=chrome-os-partner:14056
TEST=none
BRANCH=stout
Change-Id: I76b7f3f4c51abec5528047f690f20a09b257abc2
Signed-off-by: Marc Jones <marc.jones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/37074
Reviewed-by: Ronald G. Minnich <rminnich@chromium.org>
Reviewed-by: Gediminas Ramanauskas <gedis@chromium.org>
Tested-by: Gediminas Ramanauskas <gedis@chromium.org>
Commit-Ready: Marc Jones <marc.jones@se-eng.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There will be more bios*.bin (ex, bios_rw.bin) in firmware updater, and we do
want to sign all files.
BRANCH=signer
BUG=chromium-os:35369
TEST=sign_official_build.sh ssd DEV_IMAGE ../../tests/devkeys
Change-Id: I2ea0c5c3d7a18c43df581f50b4bd907206dcd7ad
Reviewed-on: https://gerrit.chromium.org/gerrit/36890
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We didn't get bit by this bug because getlong_opt does partial matching
on long option names. So --flag also works.
BUG=none
TEST=resign a test firmware; ensure preamble flag is preserved.
BRANCH=none
Change-Id: Ifd87c627b82468529fe1241be3629198d194027b
Reviewed-on: https://gerrit.chromium.org/gerrit/35350
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The bootcache will be changing the linux command line. Added additional
patterns that are acceptable to the signing software.
BUG=chromium-os:25441
TEST=ran security_test_image script against stumpy recovery images
BRANCH=none
Change-Id: I22d00ebc6191b5499f722974d90c260b78eb63b2
Reviewed-on: https://gerrit.chromium.org/gerrit/34959
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Paul Taysom <taysom@chromium.org>
Tested-by: Paul Taysom <taysom@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we are given a config file that doesn't exist, return an error rather
ignoring it. This way we don't accidentally give images a pass when we
didn't properly test them.
BUG=None
TEST=`./security_test_image --board=x86-alex --baselines=/` now shows 3 failures rather than all pass
BRANCH=None
Change-Id: I9d130db05befaeac8fcca921f0e43f47c2461f9f
Reviewed-on: https://gerrit.chromium.org/gerrit/34795
Reviewed-by: Ryan Cui <rcui@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This enables the signer script to sign update payloads.
BUG=chromium-os:34521
TEST=`./sign_official_build.sh update_payload testcase.sha256 . foo` produced a signed foo file
BRANCH=None
Change-Id: I27a9de89e760427251538deec38161944388a152
Reviewed-on: https://gerrit.chromium.org/gerrit/33535
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Don Garrett <dgarrett@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This option is disabled per default and can be enabled with
crossystem dev_boot_legacy=1
or by setting the GBB flag
GBB_FLAG_FORCE_DEV_BOOT_LEGACY 0x00000080
BUG=chrome-os-partner:6108
TEST=crossystem dev_boot_legacy=1
boot to dev mode screen, press CTRL-L, see SeaBIOS start
(other CLs needed)
BRANCH=link
Signed-off-by: Stefan Reinauer <reinauer@chromium.org>
Change-Id: I593d2be7cff5ca07b8d08012c4514a172bd75a38
Reviewed-on: https://gerrit.chromium.org/gerrit/31265
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
Tested-by: Stefan Reinauer <reinauer@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Stefan Reinauer <reinauer@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This GBB_FLAG_ENTER_TRIGGERS_TONORM is new added for allowing Enter
(default is Space) to trigger the TONORM screen. This flag is
used by FAFT testing.
Chage the usage of set_gbb_flags.sh to help an user.
BUG=chrome-os-partner:12699
TEST=None. Trivial comment change.
Change-Id: I8a1efa880627965570719f22dedfa0e31ab2d5f5
Reviewed-on: https://gerrit.chromium.org/gerrit/33404
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Ready: Tom Wai-Hong Tam <waihong@chromium.org>
Tested-by: Tom Wai-Hong Tam <waihong@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This lines up with the terminology that people have been using, and the
valid types that can appear in signer instruction files. We keep around
the old "install" so that other code continues to work.
BUG=None
TEST=None
BRANCH=none
Change-Id: I8d0d2ab4c0ae61f6bcdbcc24ec9796d9eabe386e
Reviewed-on: https://gerrit.chromium.org/gerrit/33056
Reviewed-by: David McMahon <djmm@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The signing script extracted firmware body sections FW_MAIN_{A,B} and
resigned the whole section instead of just firmware body.
As a result, read-only firmware spends more time loading read-write
firmware from SPI flash.
Since vblock has firmware body size information, signing script should
retrieve it and use it to sign just firmware body.
This may reduce boot time for ~560ms, depending on firmware image size,
section size and SPI flash/bus throughput.
Signed-off-by: Che-Liang Chiou <clchiou@chromium.org>
BRANCH=snow,link
BUG=chrome-os-partner:13094
TEST=For Snow (or boards that use cros_bundle_firmware), check that
after resigning, VBLOCK_{A,B} and FW_MAIN_{A,B} are unchanged
For Alex and ZGB, check that old and new resign_firmwarefd.sh
generates identical output
(Test for Snow; repeat for A and B)
dump_fmap -x image.bin VBLOCK_A FW_MAIN_A
mv VBLOCK_A VBLOCK_A.orig
mv FW_MAIN_A FW_MAIN_A.orig
resign_firmwarefd.sh image.bin image-resigned.bin \
firmware_data_key.vbprivk \
firmware.keyblock \
dev_firmware_data_key.vbprivk \
dev_firmware.keyblock \
kernel_subkey.vbpubk
dump_fmap -x image-resigned.bin VBLOCK_A FW_MAIN_A
cmp VBLOCK_A.orig VBLOCK_A
cmp FW_MAIN_A.orig FW_MAIN_A
(Test for Alex and ZGB; repeat for old and new resign_firmwarefd.sh)
resign_firmwarefd.sh image.bin image-resigned-{old or new}.bin \
firmware_data_key.vbprivk \
firmware.keyblock \
dev_firmware_data_key.vbprivk \
dev_firmware.keyblock \
kernel_subkey.vbpubk
cmp image-resigned-old.bin image-resigned-new.bin
Change-Id: Ie70b6c91614343ad9f991ae369a0f8e74ec213fe
Reviewed-on: https://gerrit.chromium.org/gerrit/31572
Commit-Ready: Che-Liang Chiou <clchiou@chromium.org>
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current kernel parameter parsing logic uses word boundaries (\b) to
keep from replacing parameters inside of other parameters (like "level=1"
mangling "loglevel=1" into "log"), but this fails when the last character
isn't a "word" character. e.g. "\bconsole=\b" doesn't match "console=".
Change the \b to a space. Since we're already using spaces as our split
marker, this shouldn't be a problem.
BRANCH=None
BUG=chrome-os-partner:12780
BUG=chromium-os:33868
TEST=ran `ensure_secure_kernelparams.sh` on an image with 'console=' and saw it work
Change-Id: Id69250179ea76aabfed9cd21c1c59483d78a215d
Reviewed-on: https://gerrit.chromium.org/gerrit/31356
Reviewed-by: David McMahon <djmm@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When checking kernel params fail, it's useful to know all the variables
as to what it's doing. So dump some state when an error occurs.
BRANCH=None
BUG=None
TEST=ran `ensure_secure_kernelparams.sh` on a bad image and saw useful output
TEST=ran `ensure_secure_kernelparams.sh` on a good image and saw no output
Change-Id: I0e499f87a6d8feed80da72aba75e1e6c1b4076c9
Reviewed-on: https://gerrit.chromium.org/gerrit/31355
Reviewed-by: David McMahon <djmm@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we've moved away from flag-files in session manager to
enable certain dev/test-mode features, our strategy of checking
for those flag files on the signer fell behind. This test adopts
a scheme that any use flag starting with "test_" or "dangerous_"
is blacklisted from release signing.
BUG=chromium-os:32430
TEST=ran the script against both a 'base' and 'test' image
from the builder/ToT. Passes/fails as expected.
Change-Id: I54d6ef17d52371c7543d5705e0939e000db85e51
Reviewed-on: https://gerrit.chromium.org/gerrit/29034
Reviewed-by: Chris Masone <cmasone@chromium.org>
Tested-by: Jim Hebert <jimhebert@chromium.org>
Commit-Ready: Jim Hebert <jimhebert@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was checking for /dev/dm-0, which isn't the case anymore. It now
always attempts to remove rootfs verification from the command line;
this is harmless (no-op) if it's already removed.
BUG=chromium-os:31558
TEST=manual
/usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification
reboot
touch /opt/google/chrome/chrome
Change-Id: I62dc138e8d1d09bdcb16be3faab74d32c5f7675a
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/28506
Reviewed-by: David James <davidjames@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Developers testing firmware preamble flags (usually for turn on/off RO-NORMAL
bits) need a easy way to change existing firmware, without hacking FDT source /
looking for complex script.
Also included some minor improvements:
* Always enable FORCE_DEV_BOOT_USB and DISABLE_FW_ROLLBACK_CHECK. These are
flags most developers need when leaving official signed normal firmware.
* --bmpfv is deprecated because our latest firmware now always include
official bitmaps in updater, no more DEV bitmaps.
BUG=none
TEST=./make_dev_firmware.sh -f bios.bin -t new_bios.bin --preamble_flags 0
./make_dev_firmware.sh -f bios.bin -t new_bios.bin --preamble_flags 1
Change-Id: I7ee72d32b4b7fa28f2be635fd8c7bb678852e132
Reviewed-on: https://gerrit.chromium.org/gerrit/28792
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
test images
/root/.forget_usernames is going away from test images. It was a hack.
BUG=chromium-os:31807
TEST=suite:bvt
Change-Id: I27b606fa0232514f3ec45a4ed765b89efcf8f07e
Reviewed-on: https://gerrit.chromium.org/gerrit/27588
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Nirnimesh <nirnimesh@chromium.org>
Commit-Ready: Nirnimesh <nirnimesh@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A simple script to help setting GBB flags on-the-fly, with help information for
flag value meanings.
BUG=chrome-os-partner:10389
TEST=./set_gbb_flags.sh 0x20
./set_gbb_flags.sh 0x0
Change-Id: Ic624f76c0897a1cbda876f3073b36f7c6425b5d4
Reviewed-on: https://gerrit.chromium.org/gerrit/26224
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:31893
TEST=verified on images with/without payload verification enabled.
Change-Id: Ic1883aafcc2c48d9e7c5323d6dc7e21fb8f47585
Reviewed-on: https://gerrit.chromium.org/gerrit/25407
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes it easy to integrate firmware signing into the signer
since we can reuse the base signing script.
BUG=chromium-os:10094
TEST=try signing both firmware and normal images.
Change-Id: I8beb598e267de33a2c3468dcf8d7c4b74d4de9fd
Reviewed-on: https://gerrit.chromium.org/gerrit/24654
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Align_rootfs was written to auto-fetch the previous release of a given
image, but that logic has bit-rotted. This CL is a quick hack to use
--src_image instead.
BUG=chromium-os:31124
TEST=Hand ran.
Change-Id: I530c6f82c42993648cecb5d59172010d61dd1603
Reviewed-on: https://gerrit.chromium.org/gerrit/23168
Commit-Ready: Don Garrett <dgarrett@chromium.org>
Reviewed-by: Don Garrett <dgarrett@chromium.org>
Tested-by: Don Garrett <dgarrett@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The retry logic has brought down the number of flakes significantly (from
multiple errors a day to ~one every other day). But let's up the retry
count, and have it sleep longer after each failure, so hopefully we can
bring down the flake count even further.
BUG=chrome-os-partner:8156
TEST=`./signing_poller.py -s` signs local images fine
Change-Id: I98bc947836514d8b931568f87f7f9a373f771b79
Reviewed-on: https://gerrit.chromium.org/gerrit/21468
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The kernels we are running the signers on flake out from time to time
when mounting the loop back images. Have the mount code detect this
edge case and automatically retry when the flake hits.
BUG=chrome-os-partner:8156
TEST=`./signing_poller.py -s` signs local images fine
Change-Id: Iaa08445904aa26f0aa7240504f6c7a96e6ef3bbb
Reviewed-on: https://gerrit.chromium.org/gerrit/21055
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The common code takes care of cleaning up temporary files for us if we
use the right helpers. These scripts don't though, so the temp files
end up not getting cleaned and over time, /tmp/ files up with crap.
The common helper takes care of unmounting and removing, so converting
these files over should be safe.
BUG=None
TEST=`./signer/signer_poller.py -s` signs local images and leaves no /tmp/tmp.* junk
Change-Id: I87aa122895997a5ec0017665203fdc8d14e0ab2a
Reviewed-on: https://gerrit.chromium.org/gerrit/20329
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|