| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If firmware diagnostics is enabled allow the user to lauch diagnostics
from the OS broken screen. Currently diagnostics can only be launched
from the recovery screen.
BUG=b:130244249
TEST=Tested on arcada device
make runmisctests
BRANCH=none
Change-Id: Ic6946338605599ea7411b5658acb2c6fc960a782
Signed-off-by: Mathew King <mathewk@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1564448
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of chromium:942901, physical dev switch functionality
is being deprecated.
As such, we no longer need to specify the flag
VBSD_HONOR_VIRT_DEV_SWITCH -- the virtual dev switch should
always be honoured.
Additionally, there is no longer a need to check this flag
when looking up the value for crossystem devsw_cur.
This constant will be marked as deprecated in a subsequent
CL.
BUG=b:124141368, b:124192753, chromium:942901
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
BRANCH=none
Change-Id: Ib1ab86d79b039650136f1038c23175f5990895db
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1526070
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:128419534
TEST=make runmisctests
BRANCH=none
Change-Id: I1b3403cbe9ce93d9341c7ce32277d75462da894f
Signed-off-by: Mathew King <mathewk@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1521216
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds diagnostic mode. When enabled for a board (based on
defconfig in depthcharge) the user can press Ctrl-C or F12 at a recovery
mode screen, at which point an nv bit is set and the system reboots.
Upon reboot, if the nv bit is set then the user is prompted to confirm
launch of the diagnostic rom via the power button. If user confirms
then the diagnostic payload is verified and run (if verify fails or
payload doesn't run then a recovery reason is recorded and system
reboots to recovery mode). If the user does not confirm then the system
reboots.
BUG=b:124358784
BRANCH=None
TEST=Locally built and flashed using change that enabled feature for atlas
and set to use payload 2 (tianocore) rather than 5 (diagnostic). Confirmed
that Ctrl-C is functional or not based on defconfig and that Ctrl-C
sets NV bit and reboots. Confirmed that NV bit can be set and
queried via crossystem. Confirmed that during boot confirmation screen
appears or not based on NV bit. Confirmed that pressing power button
caused payload to be verified and run. Confirmed that non-matching hash
(build configured to use sha1 rather than sha256) caused payload to not
be run and system reboot to recovery. Confirmed that Esc or timeout
caused system to reboot.
CQ-DEPEND=CL:1471056
Change-Id: I8979d4eeb443bf64b727ee86a814c46d1d27ff37
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1470723
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The primary purpose of this change is to add a flag to VbExGetSwitches()
so the current user physical presence (via the status of the power button)
can be queried.
The flags have also been renamed from the historical _INIT_ use to
_SWITCH_ to reflect the current/actual API they're used with.
BUG=b:124358784
BRANCH=none
TEST=Locally built and flashed. Confirmed that the power button status
can be queried when the power button is disabled.
CQ-DEPEND=CL:1470273
Change-Id: I579ebe657ae35fb866eb30b466e8e8c16f54e584
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1471190
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is largely a cherry-pick of CL:1133598
- Externalize vb2_digest_buffer function to vb2api_digest_buffer.
- Change VbExLegacy()'s altfw_num parameter from int to enum so
caller can specify which specific payload to run.
BUG=b:124358784
BRANCH=None
TEST=Local compile. Verified with subsequent change that legacy boot
still works and new functionality can opt-in to and utilize payload
verification.
CQ-DEPEND=CL:1471053
Change-Id: I9700c2e38c3cfa255eeff72ce416295af9d076fb
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1471051
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:124297157
TEST=make runtest
test on device
BRANCH=none
CQ-DEPEND=CL:1466822
Change-Id: Ic3b1b502b1aff14a795397da3024f8a12eb04775
Reviewed-on: https://chromium-review.googlesource.com/1466290
Commit-Ready: Mathew King <mathewk@chromium.org>
Tested-by: Mathew King <mathewk@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Mathew King <mathewk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:933391
TEST=make runtests
Test ctrl+d, ctrl+u, and ctrl+l on device
BRANCH=none
Change-Id: Icf8699e5facac44a074cfd47e796b9957fd6b714
Reviewed-on: https://chromium-review.googlesource.com/1475781
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mathew King <mathewk@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Mathew King <mathewk@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At present we allow the user to press a keypad number to boot into another
bootloader but there is no indication which one is which.
Add a new screen for this. It is entered via Ctrl-L and shows the
available bootloaders, along with the number to press for each. The
contents of the screen is rendered by the bootloader, as usual.
This is supported by two new screens, one for the keyboard UI and one for
the menu UI. Also a new function, VbExGetAltFwIdxMask(), is added to find
out what bootloaders are available.
Note: This CL combines changes for both UIs. The changes may be easier to
review separately.
CQ-DEPEND=CL:1273269
BUG=chromium:837018
BRANCH=none
TEST=FEATURES=test emerge-grunt --nodeps vboot_reference
Change-Id: Ib3227545dc677c8f9587944753e32f3b49647360
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1273268
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We use this in a few places, so add a constant.
BUG=chromium:837018
BRANCH=none
TEST=FEATURES=test emerge-grunt --nodeps vboot_reference
Change-Id: I7182d0ac52c23c01397de08683ad83b818486f91
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1286221
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ignore a power button push until after we have seen it released,
to avoid shutting down immediately if the power button is held
down on startup.
BUG=b:116819414,chromium:670492
BRANCH=grunt
TEST=manual:
1) Press and hold esc+refresh+power.
2) Depthcharge shows INSERT screen and does not power off.
3) Release esc+refresh+power.
4) Press and release power.
5) Depthcharge powers off.
TEST=test_that --fast -b grunt $grunt_ip firmware_ECLidShutdown
TEST=FEATURES=test emerge-grunt --nodeps vboot_reference
Change-Id: I7421a4b1a1b8a7894f0e7d1c7927ffc52d9faac0
Signed-off-by: Edward Hill <ecgh@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1256023
Reviewed-by: Raul E Rangel <rrangel@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a generic way of selecting an alternative bootloader to run from the
developer-mode menu. This enables keys 1-9 to select a particular numbered
bootloader.
Adjust VbExLegacy() to take a numeric parameter to signal which boot
loader to run.
CQ-DEPEND=CL:1228875
BUG=chromium:837018
BRANCH=none
TEST=FEATURES=test emerge-grunt --nodeps vboot_reference
Change-Id: I02eab1b87e21a6401ec42317c4c1fa1bd2767b53
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1060854
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Problem files were found with:
find . -name '*.c' -o -name '*.h' | xargs grep '^ [^*]'
and edited manually.
Ignores utility/ and cgpt/, since they seem to globally adhere
to a two-space tab convention.
BUG=None
TEST=make clean runtests
TEST=emerge vboot_reference depthcharge
Change-Id: I5a678484a119c8f1911f717e1968bdb4f1a0810f
Reviewed-on: https://chromium-review.googlesource.com/1160131
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems like there are some testing use cases where we want the device
to boot into the recovery installer but it is impractical to fully
simulate a user-triggered recovery. This has become impossible with the
recent change to always require manual recovery to boot an image, even
when the developer mode switch is enabled (CL:924458).
This patch adds a new GBB flag to support this use case. When the flag
is set, all recovery mode is manual recovery mode, regardless of wheter
the developer mode switch is on or not.
Since the GBB_FLAG_ENABLE_SERIAL was killed off before it ever really
worked anyway, we can safely reuse the bit reserved for it.
BRANCH=None
BUG=None
TEST=make runtests, manually confirmed on Kevin
Change-Id: I4f51dfd20b4ff04c522f53596896dccbceee52dc
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/976660
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, non-manual recovery behavior would depend on the developer
mode switch: in normal mode it would get stuck at the BROKEN screen, but
in developer mode it would proceed exactly like manual recovery. This
behavior was mostly just confusing to people and it seems that we have
no real use case for it anymore. Remove the developer mode special case
so that non-manual recovery will always go to the BROKEN screen from now
on.
BRANCH=scarlet?
BUG=None
TEST=make runtests, verified manually on Scarlet and Kevin
Change-Id: Iaf33f82d7cb709a5ee309c08d1ad3015859738b3
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/924458
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When switching from normal to dev mode, the EC is in RO. AP requests
warm reboot, whic causes EC to jump to RW. After sysjump, RW tries to
renegotiate PD but it's too late for type-c monitor to function
because VBIOS has already run.
This patch makes AP request EC reboot when switching to dev mode.
BUG=b:73083750
BRANCH=none
TEST=Dingdong connected to Teemo. Verify norm-to-dev screen is
displayed. make -j runtests.
Change-Id: I763cd6968406f7b904604b2588a9db6d567cbd4e
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/907734
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that vb2_shared_data / vb2_context provides all the same data to
lower-level kernel verification code that cparams did, stop passing
cparams down to those functions.
No change in functionality.
BUG=chromium:611535
BRANCH=none
TEST=make -j runtests; build bob firmware and boot it
Change-Id: I86eb1801ee96d8b56404b74843a8d09e3122567f
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/852814
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The region API was a way for firmware and kernel verification to get
at various blocks of caller-provided data. In practice, we only used
it internally as a way to get at parts of the GBB. Prune it down to
access only the bits of GBB we still need, from the buffer we already
know we have.
In the long run we should use the same vb2ex_read_resource() API that
vb2 firmware verification does, but that should be done in a follow-up
CL since it'll need to be coordinated with support in depthcharge.
No change in functionality.
BUG=chromium:611535
BRANCH=none
TEST=make -j runtests; build bob firmware and boot it
Change-Id: I5715cb8d88274164a1a73ed4a56bbd93af46f9bf
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/852798
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, firmware verification uses entirely vb2 structs, including
vb2_shared_data. This goes through an ugly translation to the old vb1
VbSharedData to pass it to depthcharge. The vboot kernel verification
maintains an equally ugly translation back to the vb2 struct
internally.
Eventually, we want to get rid of all that and use vb2 all the way
down to what crossystem picks up from the OS.
But before we can do that, we need to finish translating kernel
verification code to use the new vb2 structs. This is a step on that
path, using vb2_shared_data equivalents where present and hiding the
old vb1 shared data struct as a member of vb2_shared_data so at least
the vboot functions don't need to pass around cparams to get at it.
This will be followed by more CLs which convert more vboot internals
to use vb2 structs directly, and eventually coreboot/depthcharge CLs
which pass the vb2 structs from firmware verification directly to
kernel verification.
No change in functionality.
BUG=chromium:611535
BRANCH=none
TEST=make -j runtests; build bob firmware and boot it
Change-Id: I5df8ce81ba3c3ac3f2cb4229db5461757cd89d8d
Reviewed-on: https://chromium-review.googlesource.com/852856
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All screens are now drawn by depthcharge. ToT firmware does not
include a bmpblk / bmpfv section in the GBB. Remove the code paths
which are no longer used.
Also drop a few cparams parameters from functions that no longer use
it, now that those functions don't need to access the GBB.
BUG=chromium:502066
BRANCH=none
TEST=make -j runtests; build bob firmware and check recovery screens
Change-Id: I4d2d0a3ba57c34151e65c6f42581df823192a4ae
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/852371
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Vboot firmware previously supported a rather complex audio looping
library. Our original intent was to allow developers to flash a
custom beep sequence / tune as an easter egg. We never fully
supported that, but the code to allow it lived on. Get rid of that.
Vboot also previously made no assumptions about the frequency of
VbExGetTimer(), which was only used by the vboot_audio library. So it
spent 10ms every boot measuring the frequency. Which is silly now,
because depthcharge implements that as a microsecond timer. Get rid
of that measurement and define the timer as a microsecond timer.
BUG=chromium:611535
BRANCH=none
TEST=make -j runtests; build bob firmware and boot it
Change-Id: I350246874fb36b00149423696285cfcaca0fc526
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/847311
Reviewed-by: Shelley Chen <shchen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Vboot1 code directly referenced the GBB from cparams even though now
it has access to the GBB flags via the vb2 context. Refactor all
existing code to use the vb2 context, since that takes us one step
closer to getting rid of the old vboot1 cparams.
No change in functionality.
BUG=chromium:611535
BRANCH=none
TEST=make -j runtests; build bob firmware and boot it
Change-Id: Ic4a5bf215b723a2eacbf0a4cf0eba8b1338155a2
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/847310
Reviewed-by: Shelley Chen <shchen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove the old vboot1 vboot_nvstorage library (VbNv*() functions) and
use the vboot2 library (vb2_nv_*()) instead. This is needed in
preparation for moving to 64-byte records; no sense in implementing
that change twice...
Should be (better be) no change in system behavior.
BUG=chromium:789276
BRANCH=none
TEST=make runtests
compare output of crossystem before/after change (should be identical)
Change-Id: I10f9975b0824263064b9a74a3c6daadcecc085d3
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/794732
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch allows a power button on a keyboard to shut down the system
when waiting for a user interaction at a firmware screen. The firmware
menu, which is implemented by vboot_ui_menu, shouldn't be affected.
BUG=b:70244028
BRANCH=none
TEST=Verify power button on Fizz can shut down the system at recovery
screen, broken screen, todev scree, and user confirmation screen using
a USB keyboard and a servo. Verify recovery button can confirm dev mode
transition. Run 'make runmisctests' successfully.
Change-Id: Icc7d7a774da19acac3d2938d5748ad2323ba4856
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/811444
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Depthcharge currently asks EC whether recovery was requested manually
or not without verifying EC is in RO or not. If EC-RW is compromised,
recovery switch state can be spoofed.
This patch makes Depthcharge check EC_IN_RW to determine whether EC
is in RO or not. Only if it's in RO and it says recovery button was
pressed at boot, we proceed to the recovery process.
All other recovery requests including manual recovery requested by a
(compromised) host will end up with 'broken' screen.
BUG=b:66516882
BRANCH=none
TEST=Boot Fizz. make runtests.
Change-Id: I01d2df05fe22e79bbc949f5cb83db605147667b3
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/693008
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This cleans up the vboot functions which handle display so they don't
need to pass it around. Eventually, it'll be absorbed by vb2_context.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; build_packages --board=reef chromeos-firmware; boot reef
Change-Id: I58169dfd37abe657f9b9aa339cc72ffa398329e0
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/414288
Reviewed-by: Shelley Chen <shchen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Passing the vb2 context around allows using more of the vb2 functions in
future changes, and prepares for a future where we directly use the
context as it was set up in firmware verification.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I8efa606dbdec5d195b66eb899e76fdc84337ad36
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/404997
Reviewed-by: Shelley Chen <shchen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This new recovery reason will instruct the calling firmware in
vboot_select_and_load_kernel to reboot the device (under the assumption
that training of memory has already been performed by the firmware). On
seeing the return code VBERROR_REBOOT_REQUESTED, calling firmware should
perform a reboot.
BUG=chrome-os-partner:59352
BRANCH=None
TEST=make -j runtests successful
Change-Id: I110a735e612665cb2378bd71ca01a111edaf58e3
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/407656
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Originally, vboot1 code used VbExMalloc() and VbExFree() since it needed
to talk to EFI firmware that didn't have standard malloc() and free().
Now, coreboot and depthcharge implement them as wrappers around those
standard calls. vboot2 code already calls them directly, so let vboot1
code do that too.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I49ad0e32e38d278dc3589bfaf494bcf0e4b0a4bd
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400905
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Originally, we didn't trust the firmware to provide these functions from
a standard library. Now, with coreboot, we do.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I4e624c40085f2b665275a38624340b2f6aabcf11
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/399120
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds RW firmware support for the optional firmware management
parameters TPM space.
System-level tests require CL:339262 to add cryptohome support.
BUG=chromium:601492
BRANCH=baytrail and newer platforms
TEST=make -j runtests
Or better, COV=1 make, and then make sure all new code is covered.
Change-Id: Ifaf644c80809552d5961615be6017c2a332a034b
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/339234
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In developer mode, this option will make the system try to boot into
a legacy OS first after the 30 second timeout. This removes the need to
press a key during boot to try legacy mode and the need to remove the
write protect screw to boot legacy as default.
BUG=chromium:310697
BRANCH=none
TEST=make runtests
Change-Id: I9a9f64c14ad015e21d08eec36e8fc187189cd2f2
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/304077
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the new recovery process, a user will see 'broken' screen
instead of 'remove' screen, where usb stick presence is no longer
detected. A user instead has to hit esc+refresh+power to proceed
to recovery mode.
BUG=chromium:501060
BRANCH=tot
TEST=make runtests
Change-Id: Icd511c1ca892628b96befbb0a34c2c84b881c857
Reviewed-on: https://chromium-review.googlesource.com/304404
Commit-Ready: Daisuke Nojiri <dnojiri@chromium.org>
Tested-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes what I think is an inconsistency in the existing legacy
boot behavior: when the GBB flag that defaults to legacy boot is set,
running out the 30 second timer would still boot legacy mode even if
dev_boot_legacy is not actually set (whereas pressing CTRL+L in the
same configuration would beep and refuse).
This patch makes both legacy boot trgiggers check the same condition
before boot. This does not restrict functionality since anyone who sets
the DEFAULT_DEV_BOOT_LEGACY GBB flag could simply set
FORCE_DEV_BOOT_LEGACY at the same time. It does however open up an
interesting new use case of using NVRAM to change back-and-forth between
legacy and normal developer mode (after GBB flags are changed once and
write-protection is enabled again).
If this is updated in the field it might lock existing devices out of
legacy mode... however, since by far the most common GBB flag
combination recommended on the internet seems to be 0x489 (including
FORCE_DEV_BOOT_LEGACY), I doubt this would be a problem in practice.
BRANCH=tbd
BUG=chrome-os-partner:39999
TEST=Booted with GBB flags 0x4b9 and 0x439, observed difference.
Change-Id: If6a6d99ab2cf116db2237fdc3df97fc22a68251c
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/270182
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Notify EC of boot mode, i.e. normal, developer or recovery.
This is necessary for battery firmware updates.
BUG=chrome-os-partner:24741
CQ-DEPEND=CL:205323
CQ-DEPEND=CL:210033
CQ-DEPEND=CL:215720
BRANCH=ToT
TEST=Verified on samus & glimmer.
Passed runalltests.
~/trunk/src/platform/vboot_reference $ make runalltests -j
Change-Id: I1613ede34b4a929d1e8114fb519861f349377e94
Signed-off-by: Sheng-Liang Song <ssl@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/210032
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will be used in subsequent CLs to support PD software sync. For
now, only devidx=0 is used.
This changes the external vboot API, so must be checked in at the same
time as changes to the u-boot and depthcharge implementations. For
now, those implementations should simply check if devidx=0 and fail if
it's not.
BUG=chrome-os-partner:30079
BRANCH=none
TEST=make runtests
CQ-DEPEND=CL:208195,CL:208196
Change-Id: Iad3be9d676ac224c4582669bcd67176b39f75c73
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/208210
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't allow ENTER from a USB keyboard as the confirmation
in the switch from normal to developer mode.
For devices that have a physical recovery button, we require
a recovery button press instead. For other devices, we
require that ENTER be pressed on the internal keyboard.
This prevents an "evil keyboard" attack in which a USB keyboard
(or other USB device pretending to be a keyboard) sends a
control-D/ENTER sequence shortly after every boot (followed
by more evil keys). In that situation, when users power-on in
recovery mode, they will be forced to dev mode even if it
was not their intention. Further attacks are easy at
that point.
TESTING. On a panther device:
1. powered on with recovery button pressed -> booted in recovery mode
2. pressed control-D on external USB keyboard -> got to ToDev? screen
3. pressed ENTER -> system beeped
4. pressed recovery button -> system rebooted in DEV mode
... all as expected
Also:
1. powered on with recovery button pressed and HELD recovery button
2. pressed control-D -> system beeped
BUG=chrome-os-partner:21729
TEST=manual (see commit message)
BRANCH=none
CQ-DEPEND=CL:182420,CL:182946,CL:182357
Change-Id: Ib986d00d4567c2d447f8bbff0e5ccfec94596aa7
Reviewed-on: https://chromium-review.googlesource.com/182241
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Tested-by: Luigi Semenzato <semenzato@chromium.org>
Commit-Queue: Luigi Semenzato <semenzato@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is some inherent latency between the time the USB root hub is
initialized and the time USB devices are detected. This can lead to a
situation where USB media is attached, yet not found when we do our
initial device poll. The device may be detected in subsequent polls, so
the media can be booted and no 'remove' screen will be displayed.
With this change, if no media to remove is initially found, a second
poll will be made after a 500ms delay. This will be enough time for USB
devices to be correctly detected in our test cases.
Also, it is necessary to change the unit test due to the fact that we
now call VbExDiskGetInfo twice before actually displaying any screen.
TEST=Manual on Monroe. Insert USB media and trigger recovery boot.
Verify 'remove' screen is seen, 'insert' screen is seen after removing
media, and system boots after re-inserting media. Also passes
vboot_reference unit tests.
BUG=chrome-os-partner:23840
BRANCH=Panther, Monroe
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: Ia902c3a126588cd7ea618f2dbbca6b38d35d6ea0
Reviewed-on: https://chromium-review.googlesource.com/179757
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add checks that the vboot library does not leak memory. This works by
tracking VbExMalloc() calls and making sure that they have an associated
VbExFree().
Adjust host_signature to use VbExFree() instead of free(), so that this
scheme works correctly for existing code.
BUG=chrome-os-partner:21115
BRANCH=pit
TEST=FEATURES=test emerge-peach_pit vboot_reference
Change-Id: I6ccccfbcc162fc43fb75862cd0eddad78ce8b18a
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/66175
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At present reading data from storage in Vboot is a little fragmented. For
the firmware image, we expect the boot loader to handle this. For the disk
we have a block-level API. For the GBB (which also sits in the firmware
image) we expect the entire thing to be read before Vboot is called.
Add the concept of a region, and an API to read from a region. At present,
and most pressing, is reading from a GBB region. In the future this could
be extended to other parts of the firmware or even the disk.
Move all access to the GBB into this API so that the boot loader can provide
either a GBB region in one large contiguous chunk, or a function to deal with
read requests from vboot.
The call to VbExRegionRead() is behind a flag since not all boot loaders
support it yet.
The main change for boot loaders which don't support this new API is that
vboot will do more behind the scenes. For example, it will allocate memory
for chunks of data that it reads from the GBB, rather than just accessing it
directly. This approach is considerably simpler than trying to pass char **
everywhere and have vboot decide whether something needs to be allocated or
not.
The tests are updated, mainly to include setting up a GBB structure
accessible from VbCommonParams, which is now required by the firmware and
kernel functions. In normal operation this is set up at the start of
VbLoadFIrmware() and VbSelectAndLoadKernel() but for tests which call
children of these functions directly, the GBB structure must be set up
manually by the test.
BUG=chrome-os-partner:21115
BRANCH=none
TEST=manual
FEATURES=test sudo -E emerge vboot_reference
Change-Id: If2b8bbe467fdbd643239d8d9b5d7aa98df4d286f
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Hendricks <dhendrix@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/63336
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/167361
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 1d3c804b6b9d2ffb6953a7ee98fabfd548915ad7.
This patch breaks cbuildbot on internal paladins bots.
Change-Id: Icf7f9d9bbb56b092035888eaa3e249ffd23fac16
(cherry picked from commit 3a60335ebb1530e5fd9d5da3bc6214949bc59caf)
Reviewed-on: https://chromium-review.googlesource.com/167451
Reviewed-by: Yoshiki Iguchi <yoshiki@chromium.org>
Commit-Queue: Yoshiki Iguchi <yoshiki@chromium.org>
Tested-by: Yoshiki Iguchi <yoshiki@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At present reading data from storage in Vboot is a little fragmented. For
the firmware image, we expect the boot loader to handle this. For the disk
we have a block-level API. For the GBB (which also sits in the firmware
image) we expect the entire thing to be read before Vboot is called.
Add the concept of a region, and an API to read from a region. At present,
and most pressing, is reading from a GBB region. In the future this could
be extended to other parts of the firmware or even the disk.
Move all access to the GBB into this API so that the boot loader can provide
either a GBB region in one large contiguous chunk, or a function to deal with
read requests from vboot.
The call to VbExRegionRead() is behind a flag since not all boot loaders
support it yet.
The main change for boot loaders which don't support this new API is that
vboot will do more behind the scenes. For example, it will allocate memory
for chunks of data that it reads from the GBB, rather than just accessing it
directly. This approach is considerably simpler than trying to pass char **
everywhere and have vboot decide whether something needs to be allocated or
not.
The tests are updated, mainly to include setting up a GBB structure
accessible from VbCommonParams, which is now required by the firmware and
kernel functions. In normal operation this is set up at the start of
VbLoadFIrmware() and VbSelectAndLoadKernel() but for tests which call
children of these functions directly, the GBB structure must be set up
manually by the test.
BUG=chrome-os-partner:21115
BRANCH=none
TEST=manual
FEATURES=test sudo -E emerge vboot_reference
Change-Id: I2c19e9dc2ed602d0642bbf4f7d27f79fe9fad873
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/63336
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) GBB flag to skip EC software sync, so EC will be untouched. Needed
for EC development.
2) GBB flag to default to booting legacy at end of dev screen timeout.
Very handy for booting Ubuntu (or other OS).
Also added unit tests for the new flags.
BUG=chrome-os-partner:20111
BRANCH=none
TEST=make runtests
Change-Id: I9da87d87014881a1b1393b0b4a5acb921d080066
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/58270
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reduces the number of exported header files to the minimum needed by
the existing userspace utilities and firmware implementations.
BUG=chromium:221544
BRANCH=none
TEST=manual, trybots
CQ-DEPEND=CL:47019,CL:47022,CL:47023
sudo FEATURES=test emerge vboot_reference
FEATURES=test emerge-$BOARD \
vboot_reference \
chromeos-cryptohome \
chromeos-installer \
chromeos-u-boot \
peach-u-boot \
depthcharge
Change-Id: I2946cc2dbaf5459a6c5eca92ca57d546498e6d85
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/47021
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
BUG=chromium-os:38139
BRANCH=none
TEST=make runtests && FEATURES=test emerge-daisy vboot_reference
Change-Id: Ib280b80ba707f8a2141d728f78ae296774b1301a
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/42669
|
