| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If firmware diagnostics is enabled allow the user to lauch diagnostics
from the OS broken screen. Currently diagnostics can only be launched
from the recovery screen.
BUG=b:130244249
TEST=Tested on arcada device
make runmisctests
BRANCH=none
Change-Id: Ic6946338605599ea7411b5658acb2c6fc960a782
Signed-off-by: Mathew King <mathewk@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1564448
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CL:1517061 pulled vb2_context storage up to a higher level in the
call stack. It also changed vboot_api_kernel{4,5}_tests to use
the same context object as that used for VbExNvStorageRead and
VbExNvStorageWrite calls.
These tests were already initializing the vb2_context workbuf.
Since VbSelectAndLoadKernel and VbVerifyMemoryBootImage both
initialize the context object internally, ctx.workbuf was being
overwritten as part of the call, causing issues later on when
calling free(). (See chromium:946970 for more details.)
Separate these two context objects to clarify which one is being
used as an NVRAM backend, and which one is the classical
"context" object passed around in vboot flow. Also remove the
NVRAM context's workbuf, since it is not used.
BUG=b:124141368, chromium:946970
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ic1da92ce754e61d4102ca8a6eb9587cd8d9eca10
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1547711
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Copy hammer_dev.bin to temporary file before running
`futility sign` to avoid permissions issue when running
under ebuild environment.
Also correct an indentation issue.
BUG=chromium:950425, chromium:605348
TEST=FEATURES=test USE=cros_host ebuild vboot_reference-9999.ebuild test
BRANCH=none
Change-Id: I689be46d30b7bf78c6643e88a094e4f4ab311e20
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1557662
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of chromium:942901, physical dev switch functionality
is being deprecated.
VB2_CONTEXT_FORCE_DEVELOPER_MODE is for the express purpose
of enabling developer mode when the physical dev switch is
on. (See: coreboot's src/security/vboot/vboot_logic.c)
Remove the check of this context flag for deciding whether
developer mode is enabled.
In order to retain a path to developer mode on devices
with physical dev switch, this CL depends on
VBSD_HONOR_VIRT_DEV_SWITCH check being removed first
(see CL:1526070). (Alternately, we can wait for CB:31943
to be merged and pulled downstream.)
This constant will be marked as deprecated in a subsequent
CL, once the coreboot CL has been pulled downstream.
BUG=b:124141368, b:124192753, chromium:942901
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
CQ-DEPEND=CL:1526070
BRANCH=none
Change-Id: I81b54b9e2b8d3c6f9c00b40dd0771cda0585037c
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1524757
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of chromium:942901, physical dev switch functionality
is being deprecated.
As such, we no longer need to specify the flag
VBSD_HONOR_VIRT_DEV_SWITCH -- the virtual dev switch should
always be honoured.
Additionally, there is no longer a need to check this flag
when looking up the value for crossystem devsw_cur.
This constant will be marked as deprecated in a subsequent
CL.
BUG=b:124141368, b:124192753, chromium:942901
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
BRANCH=none
Change-Id: Ib1ab86d79b039650136f1038c23175f5990895db
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1526070
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The original purpose of vb2_context is to provide one shared
state object through the entirety of one particular application.
Pull the creation of vb2_context up to a higher level in order to
work towards this goal.
BUG=b:124141368
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
CQ-DEPEND=CL:1517179
BRANCH=none
Change-Id: I7c454afddb2b525895d9945b081b14b29100892c
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1517061
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:128419534
TEST=make runmisctests
BRANCH=none
Change-Id: I1b3403cbe9ce93d9341c7ce32277d75462da894f
Signed-off-by: Mathew King <mathewk@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1521216
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:127843397
TEST=Tested set and confirm screens on local arcada device
BRANCH=none
Change-Id: Ifafba3fd32a79131cf1d2059ef2147c074f3a3b6
Reviewed-on: https://chromium-review.googlesource.com/1529751
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mathew King <mathewk@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds diagnostic mode. When enabled for a board (based on
defconfig in depthcharge) the user can press Ctrl-C or F12 at a recovery
mode screen, at which point an nv bit is set and the system reboots.
Upon reboot, if the nv bit is set then the user is prompted to confirm
launch of the diagnostic rom via the power button. If user confirms
then the diagnostic payload is verified and run (if verify fails or
payload doesn't run then a recovery reason is recorded and system
reboots to recovery mode). If the user does not confirm then the system
reboots.
BUG=b:124358784
BRANCH=None
TEST=Locally built and flashed using change that enabled feature for atlas
and set to use payload 2 (tianocore) rather than 5 (diagnostic). Confirmed
that Ctrl-C is functional or not based on defconfig and that Ctrl-C
sets NV bit and reboots. Confirmed that NV bit can be set and
queried via crossystem. Confirmed that during boot confirmation screen
appears or not based on NV bit. Confirmed that pressing power button
caused payload to be verified and run. Confirmed that non-matching hash
(build configured to use sha1 rather than sha256) caused payload to not
be run and system reboot to recovery. Confirmed that Esc or timeout
caused system to reboot.
CQ-DEPEND=CL:1471056
Change-Id: I8979d4eeb443bf64b727ee86a814c46d1d27ff37
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1470723
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change allocates a bit in the nvram that will be used
in a later change to tell the firmware whether to detour
to diagnostic mode during boot.
BUG=b:124358784
BRANCH=None
TEST=Local build and ran "make runtests". Verified with a later
change that the nvram bit takes effect as expected.
Change-Id: If2fd3f46da30fc7375d37b240e3e745819ae0632
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1504758
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds some #defines to assist with converting
between microseconds (usec), milliseconds (msec) and full
seconds.
BUG=b:124358784
BRANCH=None
TEST=Local build and also ran "make runtests"
Change-Id: I0fd43ccb42bbd42f9ed319a29eb4015b48c879bb
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1504756
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The primary purpose of this change is to add a flag to VbExGetSwitches()
so the current user physical presence (via the status of the power button)
can be queried.
The flags have also been renamed from the historical _INIT_ use to
_SWITCH_ to reflect the current/actual API they're used with.
BUG=b:124358784
BRANCH=none
TEST=Locally built and flashed. Confirmed that the power button status
can be queried when the power button is disabled.
CQ-DEPEND=CL:1470273
Change-Id: I579ebe657ae35fb866eb30b466e8e8c16f54e584
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1471190
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Not everyone uses /mnt/host/source as their development
environment. If running "make runtests" from a different
directory, test_show_contents.sh fails, reporting different
stdout for the various futility tests that it runs.
Update test_show_contents.sh to use relative test paths, and
update the expected output of futility runs.
Also fix consistency of quoted variables.
BUG=b:124141368
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
BRANCH=none
Change-Id: I35fd81734b6318a506613eb4f04bb7055709feef
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1517062
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is largely a cherry-pick of CL:1133598
- Externalize vb2_digest_buffer function to vb2api_digest_buffer.
- Change VbExLegacy()'s altfw_num parameter from int to enum so
caller can specify which specific payload to run.
BUG=b:124358784
BRANCH=None
TEST=Local compile. Verified with subsequent change that legacy boot
still works and new functionality can opt-in to and utilize payload
verification.
CQ-DEPEND=CL:1471053
Change-Id: I9700c2e38c3cfa255eeff72ce416295af9d076fb
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1471051
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In CL:1495054 the updater has different logic when the firmware image
has FMAP_AREA_PRESERVE in FMAP flags. This needs to be verified in unit
test.
The new test tries to set 010=0x08 (FMAP_AREA_PRESERVE) in RO_VPD area flag
but not RW_VPD, with RO and RW VPD both being provisioned in source
(from) image. The legacy path would update both while the new path will
only update RO, so we can make sure the flag-based preservation is
working as expected.
BUG=chromium:936768
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I07d232444344397b80344ccc9b56f8af3256e043
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1514452
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When write protection is not enabled and updater sees TPM Anti-Rollback
failure, the log will only report TPM failure (example: crbug.com/937961).
This is hard to figure out if the failure was caused by re-key or other
reasons.
In try-rw and rw update, the updater will always check rootkey
compatibility before checking TPM anti-rollback, so we should do the
same thing on full update (RO+RW). With this change, the updater will
report key mismatch before failing with TPM anti-rollback.
BUG=chromium:937961
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I2f035450995387b198f990467e4f416e6c7b746e
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1514007
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
coreboot uses the C preprocessor on its linker scripts to
allow evaluation of macros when defining memory layout.
Move constants from 2api.h to an independent file in order
to allow for coreboot to use these constants in its memlayout
file, without needing to include the entire vboot API.
Note this commit creates two new header files:
- firmware/2lib/include/2constants.h: contains the constants
- firmware/include/vb2_constants.h: externally importable header
Also, rename VB2_WORKBUF_RECOMMENDED_SIZE to
VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE for clarity.
BUG=b:124141368, b:124192753
TEST=Build locally
TEST=/work/vboot/src/repohooks/pre-upload.py
TEST=make clean && make runtests
TEST=make clean && COV=1 make coverage && make coverage_html
BRANCH=none
Change-Id: Id17c6955b67e51cb048b10b4be0901c0e9110a1f
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1504490
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
VbExDisplayDebugInfo() was invented for the TAB display that dumps a
whole lot of possibly interesting debug data to the screen. Since some
debug data is only available to the calling firmware, the convention has
always been that the calling firmware is supposed to append any of its
own debug data it thinks may be relevant to the output.
Later, the function was reused to print small info messages that give
the user a hint what went wrong when a Ctrl+U or Ctrl+L fails
(unlocalized, of course, but better than nothing). The calling firmware
is not aware of this new use case, so every time vboot prints a
"WARNING: Ctrl+L not enabled" sort of message on the screen, depthcharge
also dumps the firmware IDs and TPM state below it.
This patch introduces a new parameter to the function to make the two
differing use cases clear to the calling firmware.
CQ-DEPEND=CL:1496903
BRANCH=None
BUG=None
TEST=with other patches
Change-Id: I52a1e764189508130fea562ad6d53bcefb1fce64
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1497038
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Unibuild, the white label models may use (per model) PreMP key for
devices without VPD 'whitelabel_tag' - this helps dogfooders and lab
machines to run and update properly.
BUG=b:126800200
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=none
Change-Id: I7249e3fb1a2b7ab8ed281d2aa317aee6cde8f8db
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1501614
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The computation to determine the number of table entries was incorrect
due to sizeof(TPM_FAMILY_TABLE_ENTRY) producing a wrong value for the
size of a single entry. TPM_FAMILY_TABLE_ENTRY actually doesn't match
the encoding of the entries in the TPM's response due to alignment.
Fix this by using a constant that reflects the correct entry size.
Relatedly, I found that ReadDelegationFamilyTableTest would have
caught the bug, but was actually not being invoked. Fix this as well.
BUG=chromium:934193
TEST=Unit tests, manual per instructions in bug.
BRANCH=none
Change-Id: Ic72ad110dc0dbf15cc3cc25b438c4bc2bd2d6015
Reviewed-on: https://chromium-review.googlesource.com/1480519
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Tested-by: Andreea-Elena Costinas <acostinas@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:124297157
TEST=make runtest
test on device
BRANCH=none
CQ-DEPEND=CL:1466822
Change-Id: Ic3b1b502b1aff14a795397da3024f8a12eb04775
Reviewed-on: https://chromium-review.googlesource.com/1466290
Commit-Ready: Mathew King <mathewk@chromium.org>
Tested-by: Mathew King <mathewk@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Mathew King <mathewk@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:933391
TEST=make runtests
Test ctrl+d, ctrl+u, and ctrl+l on device
BRANCH=none
Change-Id: Icf8699e5facac44a074cfd47e796b9957fd6b714
Reviewed-on: https://chromium-review.googlesource.com/1475781
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mathew King <mathewk@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Mathew King <mathewk@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename VB2_DISABLE_DEVELOPER_MODE to VB2_CONTEXT_DISABLE_DEVELOPER_MODE.
Flag name should be consistent with others in vb2_context_flags.
VB2_DISABLE_DEVELOPER_MODE should be removed in subsequent CL.
BUG=b:124141368
TEST=Build locally
BRANCH=none
Change-Id: I42260205e9e27b4bd382cdf69962917d41ca882a
Reviewed-on: https://chromium-review.googlesource.com/1460645
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename VB2_SD_DEV_MODE_ENABLED to VB2_SD_FLAG_DEV_MODE_ENABLED.
Flag name should be consistent with others in vb2_shared_data_flags.
VB2_SD_DEV_MODE_ENABLED should be removed in subsequent CL.
BUG=b:124141368
TEST=Build locally
BRANCH=none
Change-Id: I301a43ac6bc7c825a7cb9f9b47f57ed330ba2294
Reviewed-on: https://chromium-review.googlesource.com/1460644
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Tested-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many firmware developers will try to flash a local built firmware (i.e,
DEV key signed) on a MP device (with write protection enabled).
The updater used to provide feedback like:
ERROR: verify_keyblock: Failed verifying key block.
INFO: Current (RO) firmware image has root key: ade780ffd0...732867181bae
WARNING: Target (RW) image is signed by rootkey: b11d74edd2...e1135b49e7f0.
ERROR: RW not signed by same RO root key
>> FAILED: Firmware updater aborted.
This is correctly identifying the root cause, but not helpful for
developers to figure out what to do, and may be confused with the DEV
re-key safety check (which needs --force).
Also, when developers try to do "--mode=factory --force", the message
was:
updater_setup_config: Factory mode needs WP disabled.
Where the 'WP' is again not clear enough.
With this change, we're improving the error messages so that:
- Being consistent on 'root key' instead of 'rootkey'.
- Being consistent for having period for error messages, except those
ended with root key hash (for easier copy-paste).
- Say 'Write Protection' instead of 'WP'.
- When re-keying with WP enabled, print a better hint:
"To change keys in RO area, you have to first remove write protection
(https://goo.gl/ces83U)."
BUG=None
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=none
Change-Id: Ia74d7b113766d09428a4d0897918b4f17b4afae7
Reviewed-on: https://chromium-review.googlesource.com/1465709
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Matthew Blecker <matthewb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Starting from GBB 1.2, a digest is stored in GBB and must be updated
whenever the HWID string is changed.
In shell script version of updater, the digest is automatically updated
when we do "futility gbb -s --hwid=XXX", but in native updater
implementation we only updated the HWID string and left digest
unchanged, this leaves devices generating wrong PCR1 values.
`cmd_gbb_utility` updates the digest by calling `update_hwid_digest`
using vboot1 structure, so we should introduce a new vboot2 friendly
function, `vb2_change_hwid`, which changes both HWID string and digest
at same time.
Note this has no impact for end user's devices with write protection
enabled. Only changes dogfood units AU results.
BUG=b:122248649
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=none
Change-Id: I6ad2754e6df3c9dd66d71c560a2afc26d14eae33
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1411932
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This introduces a script for signing Cr50 images on the build server.
BRANCH=cr50
TEST=sign_official_build.sh cr50_firmware input tests/devkeys output
BUG=b:74100307
Change-Id: I741b8532980b0a7a0b32fbacff235c38661c7668
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1313573
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we enforce this file (with name=) on signers, add it to our test
keysets so we can run unittests against them.
BRANCH=None
BUG=chromium:343499
TEST=precq passes as do new unittests
Change-Id: Ia807df1b8037097064dadc85fcf8796d44ada1af
Reviewed-on: https://chromium-review.googlesource.com/1401143
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In CL:1351178 the SMM store file name has been changed to 'smm_store' so we
have to also change test script.
BUG=b:120060878
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: Idc98517cc46a848bb77335214a11fbc9303590f2
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1375494
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The firmware updater archive is going to rename the prefix of host (AP)
firmware image from 'bios' to 'image' (CL:1318712), to be more
consistent with firmware package output. We need to include both old and
new names in updater manifest construction.
For --mode=output, we will produce both 'bios.bin' and 'image.bin'. In
future there should be only 'image.bin' after migration is completed.
BUG=b:65745723
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I8b7e3bc2953b70525fb14fcf6aadaf6d1e00e4aa
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1327862
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"Model '%s' is not defined in manifest." is not very easy to understand
for people who are debugging devices in early stages. We should provide
better instructions. For example, running with Coral updater will now
show:
ERROR: manifest_find_model: Cannot get model name.
You are probably running an image for wrong board, or a device in early
stage that 'mosys' command is not ready, or image from old (or factory)
branches that Unified Build config is not updated yet for 'mosys'.
Please check command 'mosys platform model', which should output one of
the supported models below:
unprovisioned_meep sparky orbatrix unprovisioned_fleex grabbiter bobba
unprovisioned_bobba mimrock fleex meep yorp phaser360 sparky360 phaser
bobba360 unprovisioned_phaser bip
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ib17fcb654d1530b94c44cf21aaa28717841f11ed
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1351171
Reviewed-by: Cheng-Han Yang <chenghan@chromium.org>
Reviewed-by: Ting Shen <phoenixshen@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a mock test to handle VB_AUX_FW_NO_DEVICE severity
BUG=chromium:896451
BRANCH=None
TEST=/mnt/host/source/chromite/bin/cros_run_unit_tests
--board=octopus --packages=chromeos-base/vboot_reference
Change-Id: Ifdabdf3cee1130a8c853d57c278f0e557ebbb96f
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1299994
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There were devices shipped as "only device" (no key set) and then became
one of the "white label" family. This is now no longer valid on newer
devices but we have to support the legacy ones, for example Reks.
BUG=chromium:906962
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I437be08726ab2c46229062689bf765ac6837ca5d
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1345610
Reviewed-by: Youcheng Syu <youcheng@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, it is impossible to programmatically enable/disable
Alt OS mode in eve. This is because only EC-RW supports the
kbatboot keyboard matrix functionality. But, as part of the
campfire boot flow, the keyboard matrix is retrieved *immediately*
after jumping into EC-RW. We need to insert a small pause in
order to allow for some entity (autotest/servo) to send a kbatboot
command, simulating the Alt OS keyboard press hotkey.
BUG=b:117140648,b:118786884
TEST=Manually use crossystem to set post_ec_sync_delay=1
Reboot, and wait for the delay to begin
Run `kbatboot 1 4 1` in EC console
Check that AP console contains:
"vb2_post_ec_sync_hooks: post_ec_sync_delay 5000 ms..."
TEST=make clean && make runtests
Note that we are only cherry-picking the changes which affect
crossystem in this CL. Firmware changes will still live in
campfire-eve branch only.
Change-Id: I1305357199d87b80b4edc4e311015106ab07de65
Reviewed-on: https://chromium-review.googlesource.com/c/1256644
Commit-Queue: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Trybot-Ready: Joel Kitching <kitching@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 64d7369976b88b21d8d8a860252023776a2f119e)
Reviewed-on: https://chromium-review.googlesource.com/1328389
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At present we allow the user to press a keypad number to boot into another
bootloader but there is no indication which one is which.
Add a new screen for this. It is entered via Ctrl-L and shows the
available bootloaders, along with the number to press for each. The
contents of the screen is rendered by the bootloader, as usual.
This is supported by two new screens, one for the keyboard UI and one for
the menu UI. Also a new function, VbExGetAltFwIdxMask(), is added to find
out what bootloaders are available.
Note: This CL combines changes for both UIs. The changes may be easier to
review separately.
CQ-DEPEND=CL:1273269
BUG=chromium:837018
BRANCH=none
TEST=FEATURES=test emerge-grunt --nodeps vboot_reference
Change-Id: Ib3227545dc677c8f9587944753e32f3b49647360
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1273268
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For TPM 1.2, to undefine the space is just define a size 0 space.
And all operation should be done under physical presence is set
if NvLocked is set. Iirc, NvLocked is usually set before boot.
For TPM 2.0, support to undefine space regardless platform hierarchy
state. We will use platform authorization when TPMA_NV_PLATFORMCREATE
of that space is set. Otherwise, we will try to use owner
authorization with NULL password.
For owner authorization with customized password is still not
supported in UndefineSpace since it is also not support in
DefineSpaceEx.
BUG=chromium:895549
BRANCH=None
TEST=vboot_reference unit test passed and added new link test for TPM 1.2.
For TPM 2.0, there is no unit test, but passed manually test
with tpmc in the following commit.
Also passed depthcharge unit test for TPM 2.0 and TPM 1.2 board.
Change-Id: I06dcc70c63a88a04d19f3b248666ff2492a1d2b0
Reviewed-on: https://chromium-review.googlesource.com/1291131
Commit-Ready: Meng-Huan Yu <menghuan@chromium.org>
Tested-by: Meng-Huan Yu <menghuan@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The legacy firmware updater can update explicitly only some type of
images by using `--[no]update_main`, `--[no]update_ec`,
`--[no]update_pd`.
Since software sync is introduced, usually it does not make sense to
only update EC or PD; instead the real request is to "ignore provided EC
and PD images and update only host".
The new `--host_only` argument provides an easy way to ignore images in
command line (`--ec_image`, `--pd_image`) and archives (`ec.bin`,
`pd.bin`).
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Idf403680880cd58a00867172ccec97fd60c1b826
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1295210
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For backward compatibility, we need to support the 'output' mode in legacy
firmware updater. The output must select right files according to system
model, and apply all white label transform if needed.
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ib433647317fa97387aa4a7f8f2101b47e6ca2123
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1282084
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For white label devices, we have to select and patch key files (root key
and vblock) by VPD (`whitelabel_tag` or `customization_id`). The white
label tag VPD will be processed and converted to a "signature ID" for
key selection.
To support that, updater has to fetch current (system) image if the
matched model is following white label (so we can read VPD from it).
For developers who want to load and use particular files, they can use
--signature_id to override VPD values.
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I3630bae28d1a8493b56d0e5efd29f3c61a470379
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1278420
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For devices using Unified Build, we have to select and load images from
archive by model configuration (setvars.sh). The system model can be
retrieved by $(mosys platform model), but for developers who want to
simulate or get images for particular platform, a command line argument
--model is needed.
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I8f4a6735b34bc694a05808b001c7309623b2afa3
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1278419
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We use this in a few places, so add a constant.
BUG=chromium:837018
BRANCH=none
TEST=FEATURES=test emerge-grunt --nodeps vboot_reference
Change-Id: I7182d0ac52c23c01397de08683ad83b818486f91
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1286221
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In RMA or factory reinstall flow, we will want to make sure device will
next boot into developer mode, which was usually enforced by GBB flags.
In updater4, this is done by updater using flags defined in target
image. We should keep same behavior.
BUG=b:117866155
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Idb6337d453d606dbf88b2a2b82961f21125b7fef
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1288211
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For devices not using Unified Build, the firmware updater may contain a
single set of firmware images. To make the manifest more consistent for
both cases (Unified Build or not), we want to change to model name to
be the platform name from FWID if available.
This does not make sense because for these devices, usually platform =
board = model, and it helps to make sure programs parsing manifest won't
try to use the hard coded name 'default' (which does not always work in
Unified Build).
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I6d56336f3b30981e3e936fa63dec7dd45d74b31a
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1278418
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For white label projects, the firmware updater has to select correct
root key and corresponding vblock files per different LOEM. In Unified
build, multiple models may share same firmware base image, with
different key files (per OEM). As a result, we have to apply the key
files before using the firmware image files.
This change adds the "patch" information when building manifest, and
prints the correct key hash in `--manifest` mode.
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ib5e31af5262a0989a5a474d0683c83121f24cc78
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1270323
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The firmware updater packages used to rely on a pre-generated VERSION
file to report what files were included and their image versions. Its
format was hard to parse, and may be out-dated if people repack without
updating VERSION file.
The firmware updater today has the ability to read and parse version,
key hash, ... etc everything we need, so it seems more reasonable to
just let firmware updater scan updater package and print the information
in JSON format, so it will be very easy to fetch latest information.
To make sure the output is purely JSON, the start and end messages are
now sent to stderr instead of stdout.
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ifa468fbb3adf798c7931f015258e6c6ce93de993
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1260804
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A firmware update is usually released as a package with multiple images,
instructions, signed vblocks and other files. To work with that, a new
argument '--archive' is added.
The --archive accepts a directory or file, and will determine the
correct driver automatically. For resources (for example --image) in
relative path, updater should find files from archive.
Note in current implementation, only ZIP is supported for file type
drivers (and need the system to have libzip already installed).
BUG=chromium:875551
TEST=TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I6a91cbe73fb4ee203c5fa4607f6651a39ba854d5
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1253229
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ignore a power button push until after we have seen it released,
to avoid shutting down immediately if the power button is held
down on startup.
BUG=b:116819414,chromium:670492
BRANCH=grunt
TEST=manual:
1) Press and hold esc+refresh+power.
2) Depthcharge shows INSERT screen and does not power off.
3) Release esc+refresh+power.
4) Press and release power.
5) Depthcharge powers off.
TEST=test_that --fast -b grunt $grunt_ip firmware_ECLidShutdown
TEST=FEATURES=test emerge-grunt --nodeps vboot_reference
Change-Id: I7421a4b1a1b8a7894f0e7d1c7927ffc52d9faac0
Signed-off-by: Edward Hill <ecgh@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1256023
Reviewed-by: Raul E Rangel <rrangel@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`futility` used to print debug messages to stdout, but there is a side
effect that stdout may be buffered and then flush later than stderr.
For example, when calling futility via ssh, we will see flashrom
messages before any of futility's own messages.
Also, many people want to get flashrom verbose messages (-V).
With this change, when calling ERROR and DEBUG, we will always output to
stderr. This also enables better parameter type checking.
`-d` and `-v` both contribute to verbosity, that will be converted to
-V's when calling flashrom.
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I1d22a8054fc43cdc5e6c7415e131cc9826fbff0c
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1251145
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"Can we make futility support stdin like flashrom? I typically flash with:
ssh root@DUT flashrom -p host - < foo.bin"
Yes we can:
ssh root@DUT futility update -i - < foo.bin
BUG=chromium:875551
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: Ib1ee5d4c882620e3b6f56fd5e4692b4829cf025a
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1251141
Reviewed-by: Raul E Rangel <rrangel@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'SMM store' must be preserved during firmware update. On newer systems,
this can be done by preserving FMAP section 'SMMSTORE' (CL:1221210).
For Eve, the SMM store did not have its own FMAP section and needs to be
reserved by explicit cbfstool calls.
BRANCH=None
BUG=b:70682365
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: Ica043f51de0170b5c40f61d059437b9572025e2e
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1250464
Reviewed-by: Joel Kitching <kitching@chromium.org>
|