| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename GBB flag FAFT_KEY_OVERRIDE to RUNNING_FAFT.
Add a comment to clarify its use.
BUG=b:124141368, chromium:965914
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ib90de7a0d22b39898fc84be8c16ff34ea1d3b504
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1977902
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All devices which have a PD chip running CrOS EC code have already shipped,
and there is no intention to go back to using an "EC" for a TCPC anymore.
BUG=b:143762298,chromium:1017093
BRANCH=none
TEST=make runtests
Change-Id: I177c00581089de59e4f35608b97ef5432e8b492b
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1895712
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds checks necessary before various types of images
signing could proceed.
The checks include verifying that Board ID flags and major version
number match the image type.
Also, manifest modification for node locked images is enhanced by
setting the least significant bit of the tag field to one. This will
ensure that the prod key ladder is not available to node locked images
even though they are signed with a prod key.
BRANCH=none
BUG=b:74100307
TEST=verified various cases by manually editing prod.json and
signing_instructions.sh and observing results: either error
messages or successful modification of the manifest and signing.
Change-Id: I0bc4a8acae1ca4e983999fd47e515c48786ded6c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1894848
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Node locked images signed by the builder will have to come from the
factory branch and have version of 0.3.22.
Signing manifest will be processed to insert Device ID values, remove
Board ID values and set the top bit of config1.
BRANCH=none
BUG=b:74100307
TEST=ran the script manually with proper input and verified that
manifest is processed as expected.
Change-Id: Ib8cbe0f1ae31e79c3228a662c02231caeb901adc
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1880572
Tested-by: George Engelbrecht <engeg@google.com>
Reviewed-by: Ned Nguyen <nednguyen@google.com>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=None
BUG=None
TEST=None
Change-Id: I6e10fd839e256454ce3671228116d8c3a9ec6092
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1888274
Tested-by: LaMont Jones <lamontjones@chromium.org>
Tested-by: George Engelbrecht <engeg@google.com>
Auto-Submit: LaMont Jones <lamontjones@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: George Engelbrecht <engeg@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No platforms support vpd in mosys anymore, so this will always
fail. Drop the warning message and let the user extract it from the
BIOS backup if they need.
BUG=chromium:990438
BRANCH=none
TEST=verified no platform offers cmd_vpd in mosys
Change-Id: I5550724f13120202775245cfd252c988edd5b21f
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1881473
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stardardize on inconsistency between "keyblock" and "key block"
both in code, comments, and textual output.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ib8819a2426c1179286663f21f0d254f3de9d94a4
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1786385
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also standardize on using hex for printing ASCII key values
across vboot_ui.c and vboot_ui_menu.c.
BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ib10288d95e29c248ebe807d99108aea75775b155
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1840191
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We're dropping this from the signer, so drop it from here too.
Nothing else has referred to it.
BUG=None
TEST=CQ passes
BRANCH=None
Change-Id: I855ef036b620082ec98af7aac8ea330ae472435a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1814697
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow MP images to be signed. Also, the manifest file name changed.
BRANCH=none
BUG=b:74100307
TEST=manual
Change-Id: Ia6b4724ceea2b7a18a2caecea7142d1b6ebfaa13
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1791816
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
Commit-Queue: LaMont Jones <lamontjones@chromium.org>
Tested-by: LaMont Jones <lamontjones@chromium.org>
Auto-Submit: LaMont Jones <lamontjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:124141368, chromium:995172
TEST=make clean && make runtests
BRANCH=none
Change-Id: I42e4ac8a21ac3be416d315a8a8cc914f997bab79
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1758148
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We deleted the script the oci-container target needs,
so remove some remaining dead references.
BUG=chromium:976916
TEST=signing image w/key deletes it, and signing image w/out key passes
BRANCH=None
Change-Id: I54624a1241a7b7326a746514aa32644fd94ec525
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1762462
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The way the sed logic was written we allowed invalid sed expressions
to count as "pass". This is because we use "no output" as the signal
that the command line option is OK (since the sed script deleted it),
but it meant that invalid sed scripts produced no output too. Add an
explicit exit status check to make sure invalid scripts fail.
BUG=chromium:991590
TEST=`./image_signing/ensure_secure_kernelparams.sh ./coral-12439.0.0-recovery.bin .../cros-signing/security_test_baselines/ensure_secure_kernelparams.config` produces no errors
BRANCH=None
Change-Id: I1de3ada7e44c49f97ecc40824d98cca9291ab7e6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1762459
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We never released this feature and we've dropped the logic from newer
releases. Purge the signing logic of references to the key. We still
need to delete the key in case we're signing an older release branch.
BUG=chromium:976916
TEST=signing image w/key deletes it, and signing image w/out key passes
BRANCH=None
Change-Id: I82b8a4dab5f68e01c54281afd4817eea3dd359ff
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1742692
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We're updating the algorithm for this so the signing scripts have to
support it as well. Since we're running ToT signing scripts on older
images as well, determine the hash algorithm used in the image by
checking its length (40 hex digits for SHA1, 64 for SHA256).
BRANCH=None
BUG=b:137576540
TEST=$(sign_official_build.sh recovery recovery_image.bin
/tmp/scratch/mykeys/ resigned_image.bin) -- used futility to confirm
that new image kern_b_hash matches new image KERN-B and uses the
expected algorithm (tried with both SHA1 and SHA256)
Cq-Depend: chromium:1706624
Change-Id: Ie1a62ad1fd4fbf141cc1c32d592b863f2d43a24e
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1707529
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adding --absolute-names to getfattr to let getfattr not to remove
the leading slash, and not to print the warning to stderr.
BUG=chromium:954670
TEST=set_lsb_release.sh xx.bin a b
TEST=`getfattr: Removing leading '/' from absolute path names` not printed
BRANCH=none
Change-Id: I6273151713612746443d5d68a8df530f1146a4a2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1712890
Tested-by: Qijiang Fan <fqj@google.com>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
Commit-Queue: Qijiang Fan <fqj@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:985940
TEST=None
BRANCH=none
Change-Id: I844074e28a9cf2384bb7dc1593de7d7e01622457
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1710989
Tested-by: LaMont Jones <lamontjones@chromium.org>
Auto-Submit: LaMont Jones <lamontjones@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We migrated away from this in 2012, so drop the alias. Any devices
made around that time won't need new factory images either.
BUG=None
TEST=None
BRANCH=None
Change-Id: I72a155d6c4c241781ec07b2ebb9a2393f8470a08
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1679436
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I was following the advice given in these examples and saw:
# flashrom -p bios -w /mnt/stateful_partition/backups/bios_SAMUS_TEST_8028_20190628_100324.fd
flashrom v0.9.9 : cc7cca2 : Jun 15 2019 04:36:54 UTC on Linux 4.14.129 (x86_64)
Error: Unknown programmer bios.
Please run "flashrom --help" for usage info.
As you can see in flashrom_bios() in that same file, the "programmer"
argument in flashrom that you need to flash the BIOS is "host" not
"bios":
# flashrom -p host -w /tmp/bios_SAMUS_TEST_8028_20190628_100324.fd
flashrom v0.9.9 : 2d00129 : Jun 27 2019 15:16:55 UTC on Linux 4.14.129 (x86_64)
flashrom v0.9.9 : 2d00129 : Jun 27 2019 15:16:55 UTC on Linux 4.14.129 (x86_64)
Calibrating delay loop... OK.
coreboot table found at 0x7ce3a000.
...
Erasing and writing flash chip... SUCCESS
BUG=none
TEST=successfully flashed a backup BIOS image using flashrom
BRANCH=none
Change-Id: Ib1e10c1e06ad84714853953702328c4f4dadebe7
Signed-off-by: Ross Zwisler <zwisler@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1685859
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We are leaving the --4k options since they are (now) no-ops, and
existing users of the script may be passing them. Since they are the
default, we want to discourage their use, so they are not documented.
BUG=b:135130152
TEST=Unit tests pass
BRANCH=None
Change-Id: I1d73496f45ac0e04657149d438434a33e0e8569b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1680641
Tested-by: LaMont Jones <lamontjones@chromium.org>
Commit-Queue: LaMont Jones <lamontjones@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Auto-Submit: LaMont Jones <lamontjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=None
TEST=manually verified.
BRANCH=None
Change-Id: I65467d56409bcf608e9c59aa0759e820d11507ed
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1667537
Tested-by: LaMont Jones <lamontjones@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: LaMont Jones <lamontjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For set_lsb_release.sh called without parameter, it doesn't modify
anything in the image, and mount the image ro. Thus setfattr to
ensure security.selinux xattr will fail with Read-only filesystem,
and is not necessary since nothing has been modified.
BUG=chromium:954670
TEST=set_lsb_release.sh xx.bin a b
TEST=set_lsb_release.sh xx.bin
BRANCH=none
Change-Id: I32bf61796c2b60d18e4e62cc43f2d0e9dc75cef5
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1666516
Tested-by: Qijiang Fan <fqj@google.com>
Commit-Queue: LaMont Jones <lamontjones@chromium.org>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After every invocation to set_lsb_release.sh, make sure /etc/lsb-release
in $rootfs has the expected SELinux security context stored at
security.selinux extended attribute.
BRANCH=none
BUG=chromium:954670
TEST=set-lsb_release.sh chromium_test_image.bin a b
Change-Id: I541493d8ad3c94b16840337d807629691b1b00bb
Reviewed-on: https://chromium-review.googlesource.com/1630426
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Qijiang Fan <fqj@google.com>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* To enable, use --use_apksigner.
* Drop signature schemes that we don't really need.
* Supports key rotation. In this case, the signing lineage
will be honored if the file exists next to the keys.
* Update key generation script to auto generate the signing lineage.
TEST=the script runs successfully with and without the flag
TEST=`apksigner lineage --print-certs -v -in foo.apk` shows
correct rotation info
TEST=keygeneration/create_new_android_keys.sh --rotate-from old new
BUG=None
BRANCH=None
Change-Id: Ic7b7b0ed4ea707a748dc42a1f39d6eb79d53cf1b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1643411
Tested-by: Victor Hsieh <victorhsieh@chromium.org>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
Commit-Queue: Victor Hsieh <victorhsieh@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sign_official_build.sh accepted a subset of the syntax allowed by
sign_firmware.sh. Update to be consistent.
BUG=chromium:962529
BRANCH=None
TEST=Manually verified
Change-Id: Ic9c7d5d8a4744c09c06249ed835ef678e6368aa0
Reviewed-on: https://chromium-review.googlesource.com/1612376
Commit-Ready: LaMont Jones <lamontjones@chromium.org>
Tested-by: LaMont Jones <lamontjones@chromium.org>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the key file directory name includes string 'test' do not check if
the image being signed has the prod RO.
BRANCH=none
BUG=b:74100307
TEST=manual
Change-Id: I3241d31f6612c1dc44c217958d74d4da784c5dfb
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1614793
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Deprecate internal usage of GoogleBinaryBlockHeader struct in
favour of vb2_gbb_header struct. Keep the v1 struct around until
we remove references in other repos.
BUG=b:124141368, chromium:954774
TEST=make clean && make runtests
BRANCH=none
Change-Id: I396d2e624bd5dcac9c461cc86e8175e8f7692d26
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1583826
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After sed -i, if the lsb-release will change, sed -i will recreate the
file and loose the security.selinux xattr.
We need to recover this extended attribute to make sure lsb-release
still has the correct label in signed images.
BRANCH=none
BUG=chromium:954670
TEST=../platform/vboot_reference/scripts/image_signing/set_channel.sh image.bin something
TEST=../platform/vboot_reference/scripts/image_signing/tag_image.sh --from image.bin --remove_test_label
TEST=../platform/vboot_reference/scripts/image_signing/remove_test_label.sh image.bin
TEST=getfattr -n security.selinux dir_3/etc/lsb-release after above each command
Change-Id: Icfb721a9b4b2ebb21c2cb0f14381ef1f61b928d7
Reviewed-on: https://chromium-review.googlesource.com/1610265
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Qijiang Fan <fqj@google.com>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Kenny Root <kroot@google.com>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In case jq does not find a node in the JSON file, it still returns
with exit code of 0, it just prints 'null' instead of the expected
node value.
This patch adds processing this error condition, which makes it easier
to troubleshoot the case of misconfigured Cr50 signing manifest.
BRANCH=none
BUG=b:74100307
TEST=tried using the script with a manifest which does not have the
node of board_id_flags defined. Observed error message of
...sign_cr50_firmware.sh: ERROR : bid_flags not found in...
instead of previous error reported as
...sign_cr50_firmware.sh: line 53: null: unbound variable
Change-Id: I70acff7a3331b01f0f964f2942bf2806a2af8691
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1537260
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When signing Cr50 images, Board ID flags and major version number
fields of the manifest must follow the following convention:
- even major version numbers indicate pre-pvt branch, Board ID flag
bit 0x10 must be set;
- odd major version numbers indicate mp branch, Board ID flag bit
0x10000 must be set;
BRANCH=none
BUG=b:74100307
TEST=extracted pre-pvt branch produced Cr50 tarball into /tmp/cr50.cp,
and ran the following command:
scripts/image_signing/sign_cr50_firmware.sh /tmp/cr50.cp tests/devkeys \
signed
observed successful completion. Modified
/tmp/cr50.cp/ec_RW-manifest-prod.json to set major version number
to 3 instead of 4 and tried again, got the following error, as
expected:
sign_cr50_firmware.sh: ERROR : Inconsistent manifest \
/tmp/cr50.cp/ec_RW-manifest-prod.json: major = "3", board_id_flags = "16"
Change-Id: Ic123df4396d7d497347de40a5ff448940c0b1982
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1321410
Reviewed-by: David Riley <davidriley@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes sure that Cr50 manifest included in the builder
produced tarball is stripped to remove the comments before it is given
to jq for processing.
Also a little clean up.
BRANCH=none
BUG=b:74100307
TEST=tested as described in the next patch.
Change-Id: I4852fea7c21752c45fcfe4cc60d45f264f142bab
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1529387
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The comments said remount was avoided due to loop offset usage which,
while true, isn't the only reason. We can't remount rw without first
calling enable_rw_mount to clear the invalid bits in the fs header.
Update the comment to reflect that and switch to our mount helper as
it will call that for us.
BUG=chromium:938958
TEST=precq passes & signing unittests pass
BRANCH=None
Change-Id: I1063bc84befebddc942a3dec05e8f33ea834db30
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1522089
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Newer kernels seem to be buggy when using loop mounts with offsets.
Switch to using `losetup -P` everywhere as that doesn't seem to run
into the bug.
BUG=chromium:938958
TEST=precq passes & signing unittests pass
BRANCH=None
Change-Id: I3c35436708d0a4b2c5c1900406503e753f88a53c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1521065
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's already a local |output| variable that we clobbered.
BUG=chromium:935628
TEST=cros-signing/signer/signing_unittest.py passes
BRANCH=none
Change-Id: Idde2aa35053ff6bc149f3f4d1df784e25b4fcdc5
Reviewed-on: https://chromium-review.googlesource.com/c/1490651
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Openssl output format changed, use futility for key_size.
BUG=chromium:935628
TEST=None
BRANCH=none
Change-Id: I1329fa8cd1a79943dbcd8be19d56680ae22376f1
Reviewed-on: https://chromium-review.googlesource.com/c/1489452
Tested-by: LaMont Jones <lamontjones@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This introduces a script for signing Cr50 images on the build server.
BRANCH=cr50
TEST=sign_official_build.sh cr50_firmware input tests/devkeys output
BUG=b:74100307
Change-Id: I741b8532980b0a7a0b32fbacff235c38661c7668
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1313573
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We changed the verity kernel command line form before R16 was released
and included backwards compat support in the scripts for it. But all
the devices that were released for these old versions are EOL, and we
don't need to sign images that old anymore, so drop support.
BRANCH=None
BUG=chromium:891015
TEST=precq passes
Change-Id: I5cc37fae19fb4b3db229598aa0f5c69a6f32005a
Reviewed-on: https://chromium-review.googlesource.com/1387904
Commit-Ready: LaMont Jones <lamontjones@chromium.org>
Tested-by: LaMont Jones <lamontjones@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 16ceb9625ed13b0da4ae6306f9187b672b9b382f dropped support for old
versions, but it also accidentally dropped the salt= setting which ended
up breaking newer recovery kernels. Restore that line and drop an unused
var from the old code path.
BRANCH=None
BUG=chromium:891015, chromium:891764
TEST=running `./sign_official_build.sh verify` against the images in crbug.com/891764 works again
Change-Id: I8ae619c9243f9c2638962ae439b9df5090d6c535
Reviewed-on: https://chromium-review.googlesource.com/1376831
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I have one too many times being bitten by forgetting to reboot
my DUT between running this tool and trying to flash a new kernel.
Make the script remind me of this requirement.
BRANCH=none
BUG=none
TEST=ran script, saw new output
Change-Id: I5c4738317087ec7654b13c1c9c3cd67273ba3bf1
Signed-off-by: Enrico Granata <egranata@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1330016
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We recently expanded the kernel size from 16M to 64M for the generic
amd64 image and that's causing problems for this script. Let's drop the
check for a maximum size as we have other sanity checks for reading the
kernel command line and modifying vboot headers later on anyway.
BRANCH=None
BUG=chromium:905093
TEST=deploy_chrome for amd64-generic image
Change-Id: Id08ad0a1feb28fda850c611e1e993d15b32e502d
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1336109
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Storing backup files inside /mnt/stateful_partition should be done only
on DUTs running ChromeOS. For chroot or other environment, we should
just store in current folder if available.
Also fixed that the warning message when backup files can't be generated
should be printed using "warn" instead of "warning".
BUG=None
TEST=./make_dev_ssd.sh -i image --edit_config --partitions 2
Change-Id: Ie81e810951e7fc72f350de847440a8f0372bc9be
Reviewed-on: https://chromium-review.googlesource.com/1300893
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We changed the verity kernel command line form before R16 was released
and included backwards compat support in the scripts for it. But all
the devices that were released for these old versions are EOL, and we
don't need to sign images that old anymore, so drop support.
BRANCH=None
BUG=chromium:891015
TEST=precq passes
Change-Id: I0e61c5d5cbeefb8ea0af955ead604a97fcb84bad
Reviewed-on: https://chromium-review.googlesource.com/1255344
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It looks like cbfstool removing & inserting blobs into the bios, even
if the contents are the same, break the signatures run over the region.
Until we can figure out what's going on, avoid re-adding content that's
the same to keep the signatures valid.
BRANCH=None
BUG=chromium:889716
TEST=signing fizz image has valid vblock hashes
Change-Id: I00ba84cf22b6fffc594e60b78f91e7cb49c98f06
Reviewed-on: https://chromium-review.googlesource.com/1248201
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: C Shapiro <shapiroc@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:114610466
BRANCH=none
TEST=(1)Test cheza, whose storage has a block size of 4k:
$ make_dev_ssd.sh --remove_rootfs_verification --partitions 2
$ make_dev_ssd.sh --partitions 2 --save_config /tmp/foo_config
$ echo "console=ttyMSM0,115200n8" >> /tmp/foo_config.2
$ make_dev_ssd.sh --partitions 2 --set_config /tmp/foo_config
Messages show kernel is successfully re-signed.
Reboot and then see kernel log printed.
Also, rootfs is modifiable.
(2)Do a similar test on scarlet, whose storage has a block size of 512B.
See the same result.
Change-Id: Ic5d7714e4f608c477f935d244cd5ad62eb38815a
Signed-off-by: Philip Chen <philipchen@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1240934
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Philip Chen <philipchen@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Evan Green <evgreen@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All accessories leverage the key format of Hammer therefore this
script calls Hammer's one to generate a key pair and renames them.
The key name isn't referenced by the signer anymore, so we will
name them all "hammerlike".
BUG=chromium:859269
TEST=Run this script in the chroot.
BRANCH=None
Change-Id: Iba35b03e59216e96a99f8aa471b660f3805c1f23
Reviewed-on: https://chromium-review.googlesource.com/1205636
Commit-Ready: Nick Sanders <nsanders@chromium.org>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unibuilds, such as Octopus, generate long lines listing the
individual board names.
Removing a check which is restricting the unibuilds ability to add
additional boards to the list.
BUG=chromium:873552
BRANCH=none
TEST=none
Change-Id: I080f4f251935eb19ee3377556500a5bd98117a2f
Reviewed-on: https://chromium-review.googlesource.com/1173256
Commit-Ready: Bob Moragues <moragues@chromium.org>
Tested-by: Bob Moragues <moragues@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To speed things up, support stripping /boot from a rootfs block device.
This way we can mount an image via loopback and pass that in directly.
BRANCH=None
BUG=chromium:714598
TEST=strip_boot_from_image.sh on image files works, and on loopback partitions
Change-Id: Ie74d3f239ac29533f4325d0c1f75e3cce5fab7a5
Reviewed-on: https://chromium-review.googlesource.com/1152075
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
Reviewed-by: Chris Ching <chingcodes@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Require that the container passed in is the one containing
the specified key, and no other key. So if only one key is
present it must be the specified key.
BUG=chromium:863464
TEST=run locally
BRANCH=None
Change-Id: Ieeca5773f35b7bf92beae8a2192ed6e6fd9008e6
Reviewed-on: https://chromium-review.googlesource.com/1136910
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-by: Bob Moragues <moragues@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the root is default RW mounted, we found that the system is more
fragile due to suspend and resume tests.
It is found that in early builds, many projects tend to need minor fixes
in test image rootfs, for example kernel modules or files read by
kernel. Currently the only way to update those files is to reflash whole
images, but that's not very practical when the network in manufacturing
line is pretty slow. It would be better if we can change a single file.
As a result, we want to allow setting the default root mount option when
running make_dev_ssd.sh. The new --nodefault_rw_root allows disabling
rootfs verification but still mounting rootfs as RO, which makes better
chances for system to be stable, and changes can still be made by an
explicit 'mount -o rw,remount /'.
BUG=None
TEST=./make_dev_ssd.sh --remove_rootfs_verification --nodefault_rw_root
Change-Id: Ie2675e25b77e638ba6c3be8e2a2a3887a95582fc
Reviewed-on: https://chromium-review.googlesource.com/1137966
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All accessories leverage the key format of Hammer therefore this
script calls Hammer's one to generate a key pair and renames them.
BUG=b:110880196
TEST=Run this script in the chroot.
BRANCH=None
Change-Id: I955f28fbe2c1dab1b5f76672c34e6022660a77ed
Reviewed-on: https://chromium-review.googlesource.com/1121632
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|