| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The reven board's first stage bootloader (bootia32.efi/bootx64.efi) is
signed by Microsoft so that it can boot with the default UEFI Secure
Boot keys. These two files should not be modified by the signing
scripts.
Implement this by adding a third argument to sign_uefi.sh,
"efi_glob". This argument is set to "*.efi" by default, maintaining the
existing behavior. If the key dir matches "*Reven*", the glob is changed
to "grub*.efi".
Tested by running sign_official_build.sh on a reven base image, once
with a keys dir matching "*Reven*", once with it not matching. When the
keys dir matches Reven, grub*.efi is signed but boot*.efi is not. When
the keys dir does not match Reven, both grub*.efi and boot*.efi are
signed:
Matching "*Reven*":
platform/vboot_reference/scripts/image_signing/sign_official_build.sh \
base build/images/reven/latest/chromiumos_base_image.bin \
platform/vboot_reference/tests/Reven \
build/images/reven/latest/chromiumos_base_image.bin.signed
Not matching:
platform/vboot_reference/scripts/image_signing/sign_official_build.sh \
base build/images/reven/latest/chromiumos_base_image.bin \
platform/vboot_reference/tests/devkeys \
build/images/reven/latest/chromiumos_base_image.bin.signed
BUG=b:205145491
TEST=Build a reven base image and test as described above
BRANCH=none
Change-Id: Iec2800c276ca82bfd6e5b465ff821b11e0b0bb08
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3262479
Reviewed-by: Joseph Sussman <josephsussman@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the context of device mapper (dm), use "mapped device".
BUG=b:179221734
TEST=make runtests
BRANCH=none
Change-Id: I9245d8482e59db93bfe6cdcaafa503038ae5c9e3
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3246662
Reviewed-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fstrim relies on the underlying device supporting it and on our
instances we're on lvm devices. Since we're fstrim'ing a mounted
loopback the ability to call fstrim is inherited by the parent device.
Something has changed in the kernel (see bug) that stopped us from
making the trim call on the loopback partition.
sfill with these options should accomplish the same thing (single
write with all zeros) as well as cleaning up inode space.
BRANCH=main
BUG=b:200038130
TEST=signer full tests with this commit.
Signed-off-by: engeg <engeg@google.com>
Change-Id: I8c71adfd59c11b5142aa367fb20222fc4b03a2ba
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3167191
Tested-by: George Engelbrecht <engeg@google.com>
Auto-Submit: George Engelbrecht <engeg@google.com>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Jared Loucks <jaredloucks@google.com>
Reviewed-by: Greg Edelston <gredelston@google.com>
Commit-Queue: George Engelbrecht <engeg@google.com>
Commit-Queue: Greg Edelston <gredelston@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
More permanent fix todo, need to unblock reven-release.
BUG=b:199136347
TEST=shellcheck
BRANCH=none
Change-Id: I2b124f88aa2c5c70124888e2d64bd5a2c41f1a96
Signed-off-by: Jack Neus <jackneus@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3149594
Reviewed-by: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
partnum variable isn't defined.
BUG=none
TEST=none
Signed-off-by: Jae Hoon Kim <kimjae@chromium.org>
BRANCH=none
Change-Id: Ie4ce809e4331d04c10c60f0e9c1b883124018038
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3146295
Tested-by: Jae Hoon Kim <kimjae@chromium.org>
Auto-Submit: Jae Hoon Kim <kimjae@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 1376cfbfdd3b0cbc14da190c744604c4f3d29a23.
Reason for revert: bad code (missing [[)
Original change's description:
> reven signing: skip install_gsetup_certs
>
> BUG=b:199136347,b:194500280
> TEST=none
> BRANCH=none
>
> Change-Id: Iba90c1f4dcc2fadf9cbadac1948d5037b0feb278
> Signed-off-by: Jack Neus <jackneus@google.com>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3145774
> Reviewed-by: George Engelbrecht <engeg@google.com>
Bug: b:199136347,b:194500280
Change-Id: I9b1df358a18d043eb0d20d18ed17e1bafbd9e5f3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3146076
Auto-Submit: Jack Neus <jackneus@google.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: George Engelbrecht <engeg@google.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: George Engelbrecht <engeg@google.com>
Tested-by: George Engelbrecht <engeg@google.com>
Tested-by: Jack Neus <jackneus@google.com>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:199136347,b:194500280
TEST=none
BRANCH=none
Change-Id: Iba90c1f4dcc2fadf9cbadac1948d5037b0feb278
Signed-off-by: Jack Neus <jackneus@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3145774
Reviewed-by: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reasons that miniOS partitions might be empty is that the feature is not
enabled yet, but the partitions exist as it's using the newer
disk_layout_v3.
BUG=b:199021334
TEST=# run tests
Signed-off-by: Jae Hoon Kim <kimjae@chromium.org>
BRANCH=none
Change-Id: I2a6b68240428ab2f01394230840ff116c720b3df
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3145770
Tested-by: Jae Hoon Kim <kimjae@chromium.org>
Auto-Submit: Jae Hoon Kim <kimjae@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the missing line continuation backslash, caused by CL:3046439.
BUG=b:198232639
TEST=./sign_official_build.sh recovery ${IMAGE} tests/devkeys/ ${OUTPUT}
TEST=./sign_official_build.sh factory ${IMAGE} tests/devkeys/ ${OUTPUT}
BRANCH=none
Change-Id: I587747e33c47afc85264052c9ca59081d5524a72
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3134894
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:193618692
TEST=sign_official_build.sh can handle zstd-compressed Android image
BRANCH=none
Signed-off-by: Satoshi Niwa <niwa@google.com>
Cq-Depend: chrome-internal:4024687
Change-Id: Ie01e93e49da9b32245055f7e4b6fa4fb3fbefd8e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3066801
Tested-by: Satoshi Niwa <niwa@chromium.org>
Reviewed-by: Kazuhiro Inaba <kinaba@chromium.org>
Reviewed-by: Yury Khmel <khmel@chromium.org>
Auto-Submit: Satoshi Niwa <niwa@chromium.org>
Commit-Queue: Satoshi Niwa <niwa@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
verity is now in platform2.
BUG=chromium:886953
TEST=none
BRANCH=none
Change-Id: I55b8a88540b781658a02819de749ab2d20984658
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3087641
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This retries signing android image in case of integrity check failure.
The reason of failure is still unknown.
BUG=b:175081695
TEST=Locally image signing passed with adding temporary code that
emulates random diff file error. Confirmed recovery happened
and signing finished successfully.
BRANCH=none
Signed-off-by: Yury Khmel <khmel@google.com>
Change-Id: Iffc23145cae21f4f468b987d015f45fec95f29d0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3057193
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a reland of 43325cb9b2568c4a03c849f3474fcee8de3ae893
Looks like this was reverted incorrectly in CL:3044633, culprit
turned out to be an unrelated flake (see b/194293181).
Original change's description:
> vboot/sign_official_build: re-sign miniOS partitions
>
> sign_official_build.sh needs to be taught how to re-sign miniOS
> partitions, depending on whether the particular image at hand
> contains them or not.
>
> BUG=b:188121855
> TEST=make clean && make runtests
> BRANCH=none
>
> Cq-Depend: chromium:3027786
> Signed-off-by: Joel Kitching <kitching@google.com>
> Change-Id: Iaf847e14588011dd0fea6b59405091ae36ef038f
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2989640
> Tested-by: Joel Kitching <kitching@chromium.org>
> Reviewed-by: Mike Frysinger <vapier@chromium.org>
> Commit-Queue: Joel Kitching <kitching@chromium.org>
Bug: b:188121855
Signed-off-by: Julius Werner <jwerner@google.com>
Change-Id: I2e29a6e85f7d41ad365365ffb7e694f0c291d4f3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3046439
Reviewed-by: Sergey Frolov <sfrolov@google.com>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Julius Werner <jwerner@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 43325cb9b2568c4a03c849f3474fcee8de3ae893.
Reason for revert: b/194293181 suspect
Original change's description:
> vboot/sign_official_build: re-sign miniOS partitions
>
> sign_official_build.sh needs to be taught how to re-sign miniOS
> partitions, depending on whether the particular image at hand
> contains them or not.
>
> BUG=b:188121855
> TEST=make clean && make runtests
> BRANCH=none
>
> Cq-Depend: chromium:3027786
> Signed-off-by: Joel Kitching <kitching@google.com>
> Change-Id: Iaf847e14588011dd0fea6b59405091ae36ef038f
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2989640
> Tested-by: Joel Kitching <kitching@chromium.org>
> Reviewed-by: Mike Frysinger <vapier@chromium.org>
> Commit-Queue: Joel Kitching <kitching@chromium.org>
Bug: b:188121855
Change-Id: Ieb936a21d5ae09ed84eb65c9a3a3198a5b5b22a5
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3044633
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Sergey Frolov <sfrolov@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sign_official_build.sh needs to be taught how to re-sign miniOS
partitions, depending on whether the particular image at hand
contains them or not.
BUG=b:188121855
TEST=make clean && make runtests
BRANCH=none
Cq-Depend: chromium:3027786
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Iaf847e14588011dd0fea6b59405091ae36ef038f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2989640
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After crrev/i/3949327, compression type is not simply determined by
ARC type.
BUG=b:180894807
TEST=sign_official_build.sh and check the log message
BRANCH=none
Signed-off-by: Satoshi Niwa <niwa@google.com>
Cq-Depend: chromium:2999963
Cq-Depend: chrome-internal:3949327
Change-Id: I4b1bf452e0d033b4bb8c2f2c1f91819741f9885c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2999823
Tested-by: Satoshi Niwa <niwa@chromium.org>
Reviewed-by: Yury Khmel <khmel@chromium.org>
Reviewed-by: Satoshi Niwa <niwa@chromium.org>
Reviewed-by: Kazuhiro Inaba <kinaba@chromium.org>
Auto-Submit: Satoshi Niwa <niwa@chromium.org>
Commit-Queue: Satoshi Niwa <niwa@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
miniOS requires a distinct kernel data key, whose dev key pair
is added in this CL as minios_kernel_data_key.vb{pub,priv}k.
A distinct keyblock is also required. The keyblock should set
the kernel keyblock flag MINIOS_1. Other keyblocks are modified
appropriately to set MINIOS_0. Keyblocks were generated using
the following commands:
$ futility vbutil_keyblock
--flags 23
--datapubkey tests/devkeys/ec_data_key.vbpubk
--signprivate tests/devkeys/ec_root_key.vbprivk
--pack tests/devkeys/ec.keyblock
Keyblock file: tests/devkeys/ec.keyblock
Signature valid
Flags: 23 !DEV DEV !REC !MINIOS
Data key algorithm: 7 RSA4096 SHA256
Data key version: 1
Data key sha1sum: 5833470fe934be76753cb6501dbb8fbf88ab272b
$ futility vbutil_keyblock
--flags 23
--datapubkey tests/devkeys/firmware_data_key.vbpubk
--signprivate tests/devkeys/root_key.vbprivk
--pack tests/devkeys/firmware.keyblock
Keyblock file: tests/devkeys/firmware.keyblock
Signature valid
Flags: 23 !DEV DEV !REC !MINIOS
Data key algorithm: 7 RSA4096 SHA256
Data key version: 1
Data key sha1sum: e2c1c92d7d7aa7dfed5e8375edd30b7ae52b7450
$ futility vbutil_keyblock
--flags 27
--datapubkey tests/devkeys/recovery_kernel_data_key.vbpubk
--signprivate tests/devkeys/recovery_key.vbprivk
--pack tests/devkeys/recovery_kernel.keyblock
Keyblock file: tests/devkeys/recovery_kernel.keyblock
Signature valid
Flags: 27 !DEV DEV REC !MINIOS
Data key algorithm: 11 RSA8192 SHA512
Data key version: 1
Data key sha1sum: e78ce746a037837155388a1096212ded04fb86eb
$ futility vbutil_keyblock
--flags 43
--datapubkey tests/devkeys/minios_kernel_data_key.vbpubk
--signprivate tests/devkeys/recovery_key.vbprivk
--pack tests/devkeys/minios_kernel.keyblock
Keyblock file: tests/devkeys/minios_kernel.keyblock
Signature valid
Flags: 43 !DEV DEV REC MINIOS
Data key algorithm: 8 RSA4096 SHA512
Data key version: 1
Data key sha1sum: 65441886bc54cbfe3a7308b650806f4b61d8d142
$ futility vbutil_keyblock
--flags 23
--datapubkey tests/devkeys/kernel_data_key.vbpubk
--signprivate tests/devkeys/kernel_subkey.vbprivk
--pack tests/devkeys/kernel.keyblock
Keyblock file: tests/devkeys/kernel.keyblock
Signature valid
Flags: 23 !DEV DEV !REC !MINIOS
Data key algorithm: 4 RSA2048 SHA256
Data key version: 1
Data key sha1sum: d6170aa480136f1f29cf339a5ab1b960585fa444
$ futility vbutil_keyblock
--flags 26
--datapubkey tests/devkeys/installer_kernel_data_key.vbpubk
--signprivate tests/devkeys/recovery_key.vbprivk
--pack tests/devkeys/installer_kernel.keyblock
Keyblock file: tests/devkeys/installer_kernel.keyblock
Signature valid
Flags: 26 DEV REC !MINIOS
Data key algorithm: 11 RSA8192 SHA512
Data key version: 1
Data key sha1sum: e78ce746a037837155388a1096212ded04fb86eb
BUG=b:188121855
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I5b3e4def83ff29ca156b3c84dfcb8398f4985e67
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2965485
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update dependencies list, and use ${FUTILITY} rather than calling
futility directly.
BUG=b:188121855
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I8a28465937ca82ea9e18edc5d613570a561a3e0e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2989639
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These two types are simply thin wrappers around vbutil_kernel
and are no longer used.
BUG=b:188121855
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ia9a13f2992eb9de9f6c65525739da5f8e945cb3e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2989638
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Merge aliases "ssd" and "base", since they do the same thing but
only "base" is used in chromite scripts.
Remove "usb" since it is not used anywhere.
BUG=b:188121855
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ief610387fc1b6d72fe8674b0e4d51d74e6173ddd
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2989637
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the existing mount helper so we clean up automatically when exiting.
BUG=None
TEST=CQ passes
BRANCH=None
Change-Id: I882c7f5ea3b54e08745c48378cc50702550cdc71
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2923828
Reviewed-by: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update these scripts to accept a rootfs dir as input so we don't have
to loopback+mount+umount with every invocation. This speeds up the
overall runs.
BUG=None
TEST=scripts still work against image & rootfs dirs
BRANCH=None
Change-Id: I23050faebefd0a19e8ad44cdb76d7cc49c28e570
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2923827
Reviewed-by: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Collapse the 4 sudo calls & temporary file into a single call.
This is a bit easier to read and is faster as a result.
We can also hoist the selinux restore to do it only once at the
end if we modified the file.
BUG=None
TEST=set_lsb_release.sh on an image still works
BRANCH=None
Change-Id: I300cf47d017d159d762a62fe2aab789ce391f89a
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2923826
Reviewed-by: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't need all this infrastructure for arbitrary cleanups when we
only ever run 2 clean up steps. This also fixes a subtle bug in the
old logic: we registered cleanups in the logical order of (1) mounts
and then (2) loopbacks, but the cleanup loop walks the registered
calls in reverse order. This means the loopback cleanup would fail
and timeout because we hadn't unmounted the partitions yet. The
overall script doesn't fail as cleanup uses `set +e`, but it makes
every script waste ~10 seconds at exit.
BUG=None
TEST=running set_lsb_release.sh on images works quickly now
BRANCH=None
Change-Id: Ibd25ad6ba149c64e08ac3ab860342fe7b2cc7851
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2923825
Reviewed-by: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the new rollback info space value the node locked images base
needs to be enabled.
BRANCH=none
BUG=b:187438971
TEST=none
Change-Id: I78eafc72766947df81c9b6519bc13633423840d6
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2888711
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change replaces --diff and --fast-verify for the supported
equivalent flashrom options
BRANCH=none
BUG=b:186479007
TEST=tryjobs
Change-Id: I614ba71c606dbe4e3a1b4988df845bcbbd61dd01
Signed-off-by: Daniel Campello <campello@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2853623
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the gsc signer reads the contents of the payload it finds
out if it is a cr50 or ti50 chip. We write the chip type to a
.rename file next to the bin (which has a @CHIP@ in the path) so
that the signer can rename the artifact for placement.
Signed-off-by: George Engelbrecht <engeg@google.com>
BRANCH=None
BUG=b:179964270
TEST=local signer
Change-Id: I0600cb60bb614111802119293ba0c63f2b61c231
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2728736
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: George Engelbrecht <engeg@google.com>
Tested-by: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Standardize on the term "altfw" (short form) and
"alternate bootloader" (long form) in both code and
documentation.
Remove the VbAltFwIndex_t enum, and replace with a
simple uint32_t.
Rename VbExLegacy to vb2ex_run_altfw, and move
to vboot2 namespace.
Rename crossystem param dev_boot_legacy to
dev_boot_altfw, but leave an alias.
Rename crossystem param dev_default_boot value
from legacy to altfw, but leave an alias.
BUG=b:179458327
TEST=make clean && make runtests
TEST=emerge vboot_reference and check output for:
crossystem dev_boot_legacy=0
crossystem dev_boot_altfw=0
crossystem dev_default_boot=legacy
crossystem dev_default_boot=altfw
BRANCH=none
Cq-Depend: chromium:2641196
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I289df63d992a3d9ae3845c59779ecbd115b18ee2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2641346
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
grep returns exit code 1, if pattern was not found, and due to `set -e`
ensure_not_tainted_license.sh exits immediately with code 1. This change
fixes it.
This change also ensures that the correct code 1 is returned when the
pattern is found.
BUG=chromium:1163996
TEST=N/A
BRANCH=none
Signed-off-by: Sergey Frolov <sfrolov@google.com>
Change-Id: Idd33cec8795420ca1aab9ab1490a338a04d20257
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2638856
Tested-by: George Engelbrecht <engeg@google.com>
Commit-Queue: George Engelbrecht <engeg@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes ensure_not_tainted_license.sh only emit a warning if
license file is not found, as opposed to failing.
BUG=chromium:1163996
TEST=N/A
BRANCH=none
Change-Id: I14103bc520efabf3e0c1424e8a5cae259d42c966
Signed-off-by: Sergey Frolov <sfrolov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2632876
Commit-Queue: George Engelbrecht <engeg@google.com>
Reviewed-by: George Engelbrecht <engeg@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a part of the work to ensure that tainted images are never
signed with MP keys. A special tainted tag was added to the license file by
https://chromium-review.googlesource.com/c/chromiumos/chromite/+/2560225
and in ensure_not_tainted.sh we detect the presence of this tag.
This script has been manually tested on tainted and non-tainted images.
BUG=chromium:1059363
TEST=manual
BRANCH=none
Change-Id: I17ca27bb7895f268a79cca3ad948808f0f96b8c7
Signed-off-by: Sergey Frolov <sfrolov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2607414
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Allen Webb <allenwebb@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit bc2317695965bb92b8809d9c06327adedcb0653c.
The reason for revert is that the signer needs to know the generated
file name, and in case vboot reference alters the name the signer
remains unaware of the change and is still looking for the file named
@CHIP@...
Some other means of figuring out the file name will be required, let's
stick with the @CHIP@ prefix for now.
BRANCH=none
BUG=b:173049030
TEST=none
Change-Id: I23ea65314d49e86fc4edb015e89b6076f87a54dd
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2605238
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: George Engelbrecht <engeg@google.com>
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When processing Gsc image singing request the signing server is not
aware of which chip the image is being signed for, the output file
name includes the string @CHIP@ and it is the responsibility of the
actual signing scripts to figure out if the image is for Cr50 or Ti50.
The destination image type is determined based no the signing manifest
contents, this patch add code to replace @CHIP@ with the actual image
type.
BRANCH=none
BUG=b:173049030
TEST=invoked the script to sign a Ti50 image locally, verified that
the produced signed image file had the expected name.
Change-Id: Ib1534ce50e0a44d0ec014e8dbee4e4d85c2082c9
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2596695
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The major difference between Cr50 and Ti50 signing is that the RW
sections are represented differently: elf files in Cr50 case and ihex
files in Ti50 case.
Other differences include the produced signed final image size and the
offsets of the components in the final image.
The signing script is being updated to figure out all these
differences at run time. A new optional field is introduced in the
signing manifest, the 'generation'. If this field is absent or set to
'h' (for H1), the script proceeds with the Cr50 signing process. If
'generation' is set to 'd' (for D2), the script proceeds with the Ti50
signing process.
Instead of using fixed offsets into the final image, the base
addresses of the components in ihex format are used, the only fixed
value is the base address of the flash image in the chip address space
(0x40000 for H1 vs 0x80000 for D2).
To make this work for H1 the output format of the signed blob produced
by gsc-codesigner is changed from binary to ihex.
BRANCH=none
BUG=b:173049030
TEST=using this script and the signing_istructions.sh module produced
by the real Cr50 signer was able to produce functional images for
both Cr50 and Ti50.
Change-Id: I845be1101b09c9476fa27fbddb72607dc6cea901
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2570009
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the advent of D2 memory layout scheme it became impossible to
hardcode the base address of various components of the D2 firmware
image. Luckily, the components are represented as binary blobs in
Intel ihex format, which allows to retrieve the base address of the
component from the ihex records.
The address is composed of two elements: the segment base supplied in
the record type 02 or 04, and the record offset into the segment,
supplied in the data record of type 0.
The segment address is expressed as a 16 bit value, the actual value
shifted right either 4 bits (in case of record type 02) or 16 bits (in
case of record type 04). The data record offset is also a 16 bit
value.
The base address of the blob is calculated as
<segment address> + <first data record offset>
and is available from the first two records in the ihex module.
Detailed information of ihex file format can be found in
https://en.wikipedia.org/wiki/Intel_HEX .
BRANCH=none
BUG=b:173049030
TEST=with the next patch in the stack applied was able to successfully
build a multicomponent ti50 image.
Change-Id: I135c2f9960f1f218532c82bafd7acbe362414fc9
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2570008
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch does not yet provide the ability to sign Ti50 images, but
prepares the signing scripts for further modifications to support a
variety of security chip signing flows.
BRANCH=none
BUG=b:173049030
TEST=verified successful signing of a Cr50 image in a test signer
setup
also created a functional Cr50 image invoking
sign_official_build.sh by hand.
Change-Id: Ic103c9fdf7d1c4ea160c7f6849d5ae5a8303c343
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2537078
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds extra verifications to many Android signer operation in order
to narrow down the problem when empty folders are removed from the disk.
BUG=chromium:1154734
TEST=Locally image signing passed. Emulated problem and it was detected.
BRANCH=none
Signed-off-by: Yury Khmel <khmel@google.com>
Change-Id: If8bb9fced290117766bfa9ff76a25fc86ed263dc
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2572240
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to find the culprit loopback device which isn't detatching on
crbug.com/1141907. We might as well log our cleanup actions anyway, and
this will allow us to see the last loopback processed in production.
BUG=chromium:1141907
TEST=just a log message
BRANCH=None
Signed-off-by: George Engelbrecht <engeg@google.com>
Change-Id: I126efceae4f67993069675c23f6c4af61c7e5667
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2514561
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently this trap initiated function will not save the orginal return
value of the script. Save it and return it on exit.
BUG=chromium:1141907
TEST=unittest and manually on a signer
BRANCH=None
Signed-off-by: George Engelbrecht <engeg@google.com>
Change-Id: Icd807f4d153e4bcc1d309fbcea43c2b3344771ca
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2514560
Reviewed-by: Sean McAllister <smcallis@google.com>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:1141907
TEST=unit tests and manual signing run
Signed-off-by: George Engelbrecht <engeg@google.com>
BRANCH=none
Change-Id: I0316f464e138dea9e77b2554a3b31250e8b92c07
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2514559
Reviewed-by: Sean McAllister <smcallis@google.com>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
Commit-Queue: George Engelbrecht <engeg@google.com>
Tested-by: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:1141907
TEST=unit tests and manual signing run
Signed-off-by: George Engelbrecht <engeg@google.com>
BRANCH=none
Change-Id: I39b133ca69e717576140b418fc59dd167f068d59
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2514558
Reviewed-by: Sean McAllister <smcallis@google.com>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
Commit-Queue: George Engelbrecht <engeg@google.com>
Tested-by: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Eval will terminate the shell on non-zero error code.
"POSIX says that an error in a special built-in utility
(such as eval) should cause the non-interactive shell to terminate"
This is the case and is causing cleanup to terminate android signing
with a non-zero error when it is clear the intent (given the set +e) is
that we should be best effort here.
BUG=chromium:1141907
TEST=unittest and manually on a signer
Change-Id: Ie6374b292c7982371d549b919b44328ea71a09dd
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2513228
Reviewed-by: George Engelbrecht <engeg@google.com>
Tested-by: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We've moved to applying a file based set of selinux policies instead of
taking the ones that were snagged from the image. Remove the policy
attributes and let unsquash do whatever it would do by default.
See https://chat.google.com/room/AAAA45hbdCQ/jkXYe7jMEDk.
BUG=chromium:1141907
TEST=unittests
Change-Id: I0a976fb216e0a07c00c4bb2fb68df6fa1ea00d79
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2511121
Reviewed-by: Yury Khmel <khmel@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yury Khmel <khmel@google.com>
Commit-Queue: George Engelbrecht <engeg@google.com>
Commit-Queue: Yury Khmel <khmel@google.com>
Tested-by: George Engelbrecht <engeg@google.com>
Auto-Submit: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We're getting silent errors in here somewhere.
BRANCH=none
BUG=chromium:1141907
TEST=none
Change-Id: I9af0a3ea1696920fe67c915660f82a68c1bddf34
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2504358
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
Commit-Queue: LaMont Jones <lamontjones@chromium.org>
Tested-by: LaMont Jones <lamontjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This follows steps we have in build image phase to have parity in image
packing.
* Discard reapply selinex context. This looks not needed once
re-signing should not change selinux context. Instead we could do
similar to build image, pass file context to mksquashfs
* Apply mksquashfs params based on image type, container/vm. This
fixes proper block size and image compression algorithm
* Remove old image before packing to prevent mksquashfs merge attempt
BUG=b:170400225
BUG=b:170220295
BUG=b:170219920
BRANCH=none
TEST=locally signed vm (kohaku) and container (hana): arc.Optin*,
arc.Preopt*. Also checked final image size. With this CL it is
reduced to 150Mb(vm) and very close to original image size
(delta is less than 0.1%)
Signed-off-by: Yury Khmel <khmel@chromium.org>
Change-Id: I7037bea68fc2969345a8fabc3c6a9b9b690f02d1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2462005
Reviewed-by: Yusuke Sato <yusukes@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Tested-by: Yury Khmel <khmel@google.com>
Auto-Submit: Yury Khmel <khmel@google.com>
Commit-Queue: Yury Khmel <khmel@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:170156734
BRANCH=none
TEST=sign rvc-arc image
Signed-off-by: Victor HSieh <victorhsieh@chromium.org>
Change-Id: I99fc4eb19be6cc785297e223a6603c1d777c5c77
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2458789
Reviewed-by: Yury Khmel <khmel@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:170156734
TEST=run signing script locally
BRANCH=None
Signed-off-by: Victor HSieh <victorhsieh@chromium.org>
Change-Id: I4f045729241b479b56fef5687b721b5b59c2eed8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2450551
Reviewed-by: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This supports new set of certificates plat_mac_permissions.xml and adds
handling media and network_stack certificates.
BRANCH=none
BUG=b:169458218
TEST=Sign test image from goldeneye per instructions in bug, deploy
it to device (kohaku) pass tast.arc.Optin.vm test
Signed-off-by: Yury Khmel <khmel@chromium.org>
Change-Id: I61c4e327eaa605ed60c0c80b3598c0f4fb6e5f5f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2447430
Tested-by: Yury Khmel <khmel@google.com>
Auto-Submit: Yury Khmel <khmel@google.com>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: Yury Khmel <khmel@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Discovered by CL:2353632, the regular expression for extracting rootfs
partition should include non-digit character first otherwise we won't
get correct number when the partition number is longer than one digit
(e.g., >=10).
BUG=None
TEST=./make_dev_ssd.sh
BRANCH=none
Change-Id: I155e04beec47c55df4d09cb78168ab0a7407c697
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2353776
Reviewed-by: Kuang-che Wu <kcwu@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The signer uses BLOCKLIST instead of DENYLIST. This patches make the
language match.
BUG=b:163883397
BRANCH=None
TEST=egrep -i -I -r "deny.*list"
TEST=make runtests
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: I47c913eb2ca89cd3eea4ca3ff5f1accb223ba418
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2401968
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|