| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:15043
TEST=manual
Change-Id: If6499d9453fd6f754d04076d0e2b6fd25fc636e5
Reviewed-on: http://gerrit.chromium.org/gerrit/562
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
| |
Change-Id: I9a2a29f958e5760dabdaa0f2a2d6ca29029f9f94
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/6893071
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change-Id: I5ed3509a9d4e578cd2e98f493dab59bc2fbd5827
R=dlaurie@chromium.org
BUG=chrome-os-partner:2748
TEST=manual
crossystem fwb_tries=3
(reboot)
crossystem tried_fwb
(should print 1)
crossystem fwb_tries=0
(reboot)
crossystem tried_fwb
(should print 0)
In dev mode...
Boot a kernel signed with the same key as in the firmware
crossystem kernkey_vfy
(should print sig)
Boot a kernel signed with a different key than the firmware
crossystem kernkey_vfy
(should print hash)
Review URL: http://codereview.chromium.org/6711045
|
|
|
|
|
|
|
|
|
| |
Change-Id: Iae764bfeb2c766abb550f338db3d35d1d7eebf1d
BUG=433
TEST=compiled and ran. (QA NOTE: no testing required)
Review URL: http://codereview.chromium.org/6462013
|
|
|
|
|
|
|
|
|
| |
Change-Id: Ibe253963f0424935554fe91f166ef5040a723c6f
BUG=13107
TEST=make && make runtests
Review URL: http://codereview.chromium.org/6698032
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also re-factor the key generation script to its own directory, including wrappers for generating key pairs and keyblocks without needing to start keyset generation process from scratch. (Useful for generating new kernel keyblocks, and for retroactively adding new keys to an existing keyset - as in this case).
Finally, change hard coded algorithm ids and keyblock modes to bash variables, for each changes and telling keyset configuration from a glance.
BUG=chrome-os-partner:2218
TEST=manually tried the following:
1) Generating an entire new keyset.
2) Generating a new key pair and creating a keyblock from an existing key (for generating dev firmware keyblock for existing PVT keysets)
3) Firmware signing via sign_official_build.sh of an image with a firmware payload/
Change-Id: I4e9bb96ac7e5fe4cc0d95af6162ad6d37bbd4bda
Review URL: http://codereview.chromium.org/6594131
|
|
|
|
|
|
|
|
|
| |
Change-Id: Ib8018bfe29eed50766c699d832efe4f1afcabb1a
BUG=none
TEST=make && make runtests
Review URL: http://codereview.chromium.org/6597015
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Did firmware attempt RW slot B before slot A?
2) Did firmware check the kernel keyblock signature, or just its hash?
Added crossystem support as well.
BUG=chrome-os-partner:1657
TEST=make && make runtests
Review URL: http://codereview.chromium.org/6597011
Change-Id: I0d743ae87cedd938ba988170793717d3fdbd8ce9
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The existing keys are kept the same, so that old dev kernels and
firmware remain compatible with new kernels and firmware.
Change-Id: I4177d1868904a477d79b9f2e6de88ed756ed57b4
BUG=chrome-os-partner:2218
TEST=manual:
Build firmware with new keys.
Boot with dev switch on.
Run 'crossystem mainfw_act mainfw_type'.
Should see "A developer"
Boot with dev switch off.
Run 'crossystem mainfw_act mainfw_type'.
Should see "B normal"
Review URL: http://codereview.chromium.org/6580035
|
|
|
|
|
|
|
|
|
| |
BUG=12282
TEST=make && make runtests
Review URL: http://codereview.chromium.org/6469059
Change-Id: I912b53ae33d65305353a747cc0bdd2b1ea62a04f
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:12282
TEST=make && make runtests
Review URL: http://codereview.chromium.org/6532040
Change-Id: I57099de54ed56aa722f1944568bbb58b71b14379
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:11490
TEST=manual
cd src/platform/vboot_reference
make
make runbmptests
Change-Id: Ia887fc1aa1de873c6da6c04995bc0a9ad6b364aa
Review URL: http://codereview.chromium.org/6541001
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:12161
TEST=manual
cd src/platform/vboot_reference
make
make runbmptests
Change-Id: Ic7708474ce7009744c9f12154d1967bdae8e55d2
Review URL: http://codereview.chromium.org/6534025
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This ensures that equivalent yaml files produce identical bmpblock binaries.
BUG=chromium-os:12158
TEST=manual
cd src/platform/vboot_reference
make
make runbmptests
Change-Id: Ic8103ff90e57034d72fb3920a6c198c77768f162
Review URL: http://codereview.chromium.org/6533012
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LZMA has better compression ratio and is also supported in u-boot already.
ARM BIOS will use LZMA to compress BMP files.
BUG=chromium-os:11017
TEST=manual
$ make
$ make runbmptests
Change-Id: I6b791e3284b65eb3085b0de548bd241eab2ee598
Review URL: http://codereview.chromium.org/6523019
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This lets bmpbklk_utility generate BMPBLOCKs with EFIv1-compressed bitmaps.
It also adds the ability to display or unpack BMPBLOCK blobs.
The compression/decompression routines come from the tianocore EDK on
sourceforge and are written in C, so now there's a mix of C and C++, but it
works just fine.
BUG=chromium-os:11491
TEST=manual
cd src/platform/vboot_reference
make
make runbmptests
Review URL: http://codereview.chromium.org/6508006
Change-Id: Ie05e1a3fd42f4694447c8c440b2432af4ac0f601
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:11488
TEST=none
Change-Id: I6ee493037da5746d2db6e840ac6590dd12f37cfe
Review URL: http://codereview.chromium.org/6482001
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is work-in-progress. More tests to come...
Change-Id: Id2e59fd7d0229be3ad90b29b2d0dc035ceeca666
BUG=chromium-os:11766
TEST=manual
Adding an example to the test framework. Use
make
make runbmptests
to ensure it works.
Review URL: http://codereview.chromium.org/6286157
|
|
|
|
|
|
|
|
|
| |
Change-Id: I111e0fb38188e70659d735f0949a7bdb548a258b
BUG=433
TEST=compiled and ran the tests. No QA testing required.
Review URL: http://codereview.chromium.org/6349091
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:11742
TEST=manual
Check out sources, run:
cd src/platform/vboot_reference
make
make runbmptests
It should pass.
Change-Id: I50ebdef26662e7446828315a3f5e2786624508b9
Review URL: http://codereview.chromium.org/6246150
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This lets us reorder the priority of all the kernel partitions with a single
command, instead of a bunch of complicated and error-prone shell script
logic.
Change-Id: I21d39763ec5a748488d5319a987bcfe7c34ce4d0
BUG=chromium-os:9167
TEST=manual
In the chroot, do this:
cd ~/trunk/src/platform/vboot_reference
make
make runtests
make clean
Everything should pass.
Review URL: http://codereview.chromium.org/5352005
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change-Id: I2e325ff9bd53fdaeb69c2d115c30785d6ca09b57
BUG=chromium-os:7178
TEST=manual:
Both in host and chroot environments:
. run `make clean && make && make runtests' in the top
directory
. observe the following being added in the end of the
report:
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
./gen_fuzz_test_cases.sh
Generating test image file...
1+0 records in
1+0 records out
500000 bytes (500 kB) copied, 0.0790024 s, 6.3 MB/s
Generating test bootloader file...
1+0 records in
1+0 records out
50000 bytes (50 kB) copied, 0.00921653 s, 5.4 MB/s
Generating test config file...
1+0 records in
1+0 records out
3000 bytes (3.0 kB) copied, 0.000618682 s, 4.8 MB/s
Generating key blocks...
Generating signed firmware test image...
Generating signed kernel test image...
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Review URL: http://codereview.chromium.org/4687007
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:8621
TEST=See below
1. Build and run tests of vboot (including linktest)
$ make && make runtests
2. Check if *_stub.o are not in vboot_fw.a
$ nm /build/<board>/usr/lib/vboot_fw.a | grep _stub.o
3. Build and boot x86-generic image
$ ./build_packages --board=x86-generic && ./build_image --board=x86-generic
(Then successfully boot the image you just built)
See CL=4372001 for u-boot side changes
Review URL: http://codereview.chromium.org/4266002
Change-Id: Icc2bcc551c998f370e4b737fbe442ebf029cd81c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes dumpRSAPublicKey directly accept a public key in PEM format. This makes it possible to avoid the unnecessary step of generating a self-signed certificate to dump the public key in .keyb format.
The old style certificate input is still accepted.
Using certs (as done previously):
dumpRSAPublicKey -cert <certfile>
Directly using public keys:
dumpRSAPublicKey -pub <pubfile>
Change-Id: Ic35b59aff6613d145d7947212650da281f734b74
BUG=7576
TEST=manual
$ openssl genrsa -F4 -out test.pem 4096
$ openssl rsa -in test.pem -out test.pub
$ dumpRSAPublicKey -pub test.pub >test.pub.keyb
Verify that this matches the output we get using the old style <cert> input.
$ openssl req -batch -new -x509 -key test.pem -out test.cert
$ dumpRSAPublicKey -cert test.cert >test.cert.keyb
$ diff test.pub.keyb test.cert.keyb
$
Review URL: http://codereview.chromium.org/4215006
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
files to vbutil_keyblock.
This allows signing using a .pem file using an external program.
It is assumed that the external program reads input from stdin, and outputs signed data on stdout. It takes one argument - the file name for the .pem private key reference. See external_rsa_signer.sh for an example external program.
Example usage:
vbutil_keyblock --pack 4096.keyblock \
--datapubkey 4096.vbpubk \
--signprivate_pem 4096.pem \
--pem_algorithm 8 \
--externalsigner "external_rsa_signer.sh"
I have tried to make the change such that it doesn't impact existing tools/interfaces (since these are used at various places). That said, I am aware of the places where we could just extend an old interface an avoid code duplication but thought I'd put that re-factoring in as a TODO for now. Let me know if you disagree and I can merge them (and changing the existing interface).
BUG=7576
TEST=Extended run_vbutil_tests.sh to test vbutil_keyblock packing using an external signer.
To test, make && make runtests (or just run tests/gen_test_keys.sh; tests/run_vbutils_tests.sh)
Review URL: http://codereview.chromium.org/4194003
Change-Id: I7cc52c8293c04ef9ba074794d046c9a4f19f6bdd
|
|
|
|
|
|
|
|
|
|
|
| |
recovery key.
BUG=chromium-os:7202
TEST=none
Change-Id: I9dd798ab9fc4cfd660c4f5dd4d970180c917dd9d
Review URL: http://codereview.chromium.org/3824005
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The make_dev_ssd.sh is made for devinstall shim to
change SSD kernels to be signed by dev keys.
- Kernel A, B will be resigned with dev keys (ignore if A/B seems not bootable)
- Adding param --remove_rootfs_verification can even disable rootfs hash check
This CL also includes some shared refine/fix to make_dev_firmware.sh
BUG=chrome-os-partner:1276
TEST=sudo ./make_dev_ssd.sh; (seeing Kernel A is resigned and B is ignored)
then reboot without developer mode (OK),
rootdev shows /dev/dm-0, rootdev -s shows /dev/sda3
sudo ./make_dev_ssd.sh --remove_rootfs_verification;
then reboot without developer mode (OK), rootdev shows /dev/sda3
Change-Id: Ic20f734b2af42e50a43c19a565a166a39d57a7fd
Review URL: http://codereview.chromium.org/3772013
|
|
|
|
|
|
|
|
|
| |
Change-Id: I63fcb58b8415dd08417585f53bde655ca83e1f48
BUG=none
TEST=compiled locally and emerged for x86-generic
Review URL: http://codereview.chromium.org/3535006
|
|
|
|
|
|
|
|
|
| |
Change-Id: I4d781bad6e638d681e930b70ed94fa3ec694ab0a
BUG=none
TEST=compiled locally and with emerge-x86-generic.
Review URL: http://codereview.chromium.org/3551014
|
|
|
|
|
|
|
|
|
| |
Change-Id: I2e798ac8898852aa44a8979e67dfa4de385a6e34
BUG=none
TEST=ran the autotest on a CRB with special firmware
Review URL: http://codereview.chromium.org/3389029
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While trying to debug/test some vbutil_kernel changes
(coming in a different CL) it was noticed that this utility
is not covered by tests, and the script which runs it to set
up further testing (tests/gen_fuzz_test_cases.sh) fails
because of the key format mismatch.
Some investigation has shown that this was left behind when
vboot_reference key storage format was changed.
To make gen_fuzz_test_cases.sh work again a new set of test
keys is required, the keys are generated by
tests/gen_test_keys.sh. This utility had to be changed to
generate the proper set of wrapped public and private keys.
Actually code in tests/gen_test_keys.shgenerate_keys() is
copied in pasted in many scripts in this tree, this has to
be refactored, but under a different CL.
Once the changes were made, two scripts were run:
./tests/gen_test_keys.sh
./gen_test_cases.sh
resulting in the new and updated keys generated.
firmware/stub/tpm_lite_stub.c was edited to fix compilation
warning issued when compiling with debugging enabled.
Change-Id: I26a45cbad00d21a29195f2a89b4df7d3559133fe
BUG=chromium-os:7178
TEST=described below
The following commands succeed:
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
make
make runtests
./tests/gen_fuzz_test_cases.sh
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
note that ./tests/gen_fuzz_test_cases.sh was failing
before this change.
The upcoming CL modifying vbutil_kernel will make sure
gen_fuzz_test_cases.sh is executed when tests are run and
will enhance it to cover vbutil_kernel testing.
Review URL: http://codereview.chromium.org/3423022
|
|
|
|
|
|
|
|
|
| |
Change-Id: I2b0fdab305fc3b7286679ac133daed62523fb241
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/3423009
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change-Id: I4c9b7a937103f3978cbed6629ee4057018b80eae
More cleanup. Also allow some tests to run even when TPM is already started.
Change-Id: I23558b96a1de55bbeca42dbf2e44f6802a0ec85b
Reorganize and standardize behavior of tests.
Change-Id: Id32fd09211a72deaa66a3dd0f973d35506ff96f2
BUG=433
TEST=ran all the tests I could run without TPM-free BIOS
Review URL: http://codereview.chromium.org/3389004
|
|
|
|
|
|
|
|
|
|
|
| |
Update list of scripts and test binaries - slightly more involved since the test runner scripts and the test binaries themselves reside in different directories.
BUG=none
TEST=manual (Ran make, went into the tests/ directory and ran the tests)
Change-Id: I97bd36d806726f6005e35490173cfcd0300add95
Review URL: http://codereview.chromium.org/3326014
|
|
|
|
|
|
|
|
|
| |
Change-Id: I70e54f59b540e9115bb6bd77ae51f49a1f4ab671
BUG=chromeos-partner:1029
TEST=make && make runtests
Review URL: http://codereview.chromium.org/3315014
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add some extra cases to SanityCheckTest() to test both header and entries
being garbled at either end of the disk.
Add DuplicateUniqueGuidTest() to check that GPTs having duplicate
UniqueGuids in the entries are rejected. We can only check this per-disk, of
course.
Made some changes to the library to enforce the UniqueGuid requirement that
I just started testing for.
BUG=chromium-os:4854
Review URL: http://codereview.chromium.org/3135044
Change-Id: I86458faf9cc99aa3f29aac0d5b144dbd05067181
|
|
|
|
|
|
| |
Review URL: http://codereview.chromium.org/3116025
Change-Id: Ideb82562f6b1c3ce5cd9e0b79de250d0a7bd976e
|
|
|
|
|
|
|
|
|
| |
I'm getting ready to add a bunch more cgpt tests. This is just to clear the
way.
Change-Id: I5cb781e85938b94da9c59528872ddfd386712726
Review URL: http://codereview.chromium.org/3162023
|
|
|
|
|
|
|
|
|
| |
Fix VerifyMemberInside().
BUG=chrome-os-partner:703
TEST=make && make runtests
Review URL: http://codereview.chromium.org/3126013
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
firmware and one for kernel.
Changed TlclRead / TlclWrite to take void* / const void* to reduce typecasts.
Much restructuring of rollback_index.c.
Fixed a version-packing bug in rollback_index.c (& --> |)
BUG:chrome-os-partner:304
TEST:manual testing of all code flows on CRB
Review URL: http://codereview.chromium.org/3084030
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make vbutil_keyblock handle unsigned blocks. Also enable --unpack option and
add tests for it.
Modify vbutil_kernel to allow unsigned keyblocks, correct usage message,
and fix the --debug option which was somehow disabled.
Update load_kernel_test to accept /dev/null for the public key, to test
non-signed kernel keyblocks.
Review URL: http://codereview.chromium.org/3124004
|
|
|
|
|
|
| |
Also test of the effects of the self test.
Review URL: http://codereview.chromium.org/3077016
|
|
|
|
| |
Review URL: http://codereview.chromium.org/3091004
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/3018024
|
|
|
|
|
|
|
|
|
|
|
| |
Also renamed verify preamble functions, now that they do not need the
'2' at the end to differentiate them from the now-deleted original
implementation.
BUG=4501
TEST=Ran make runtests; all pass.
Review URL: http://codereview.chromium.org/3027009
|
|
|
|
|
|
| |
Temporarily disable TPM in developer mode.
Review URL: http://codereview.chromium.org/3041005
|
|
|
|
| |
Review URL: http://codereview.chromium.org/2919010
|
|
|
|
|
|
| |
emerge ...
Review URL: http://codereview.chromium.org/2962002
|
|
|
|
| |
Review URL: http://codereview.chromium.org/2937001
|
|
|
|
| |
Review URL: http://codereview.chromium.org/2951002
|