| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We used to return the firmware body size as part of vb2api_init_hash().
With persistent context and other recent developments, coreboot is
caching less data itself and relying more on vboot's data structures, so
it may now need this information at more points than just during the
hashing process. So let's create a custom function to return this.
BRANCH=hatch
BUG=b:143994765
TEST=make runtests
Cq-Depend: chromium:1965837
Change-Id: I2bc968cd163016fd0130416c2679724caad895a2
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1965920
Reviewed-by: Mathew King <mathewk@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Publicize check_reboot_for_display() and rename it to
vb2api_need_reboot_for_display() for depthcharge to use.
BRANCH=none
BUG=chromium:1030608
TEST=FEATURES=test emerge-nami vboot_reference
Change-Id: Ie6c734850b67b29c8a098c3f232888f3ab47fddf
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1957726
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For the libflashrom-compatible interface I'm working on, I needed the
ability to process data from the flashrom subprocess in a callback
function.
This adds a new type of subprocess_target, TARGET_CALLBACK, which can
read and write to/from a callback function.
BUG=chromium:478356
BRANCH=none
TEST=provided unit tests
Change-Id: I20b71000fc2b6b297a8617d2b03d0e91813007d1
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1959944
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also remove unused preamble structs in vboot_struct.h.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Change-Id: I8b41f24b55eba91b1f952415eda1b532732848eb
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1844601
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Just resolving some style comments left on CL:1955805. The CL merged
by CQ before I noticed the comments.
BUG=none
BRANCH=none
TEST=compiles
Change-Id: I286343e3ee2ecb4cb6092ca99fa46c4a80442e03
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1957760
Tested-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a powerful library for interacting with processes. We'll be
able to clean up much of the code which manually sets up the pipes and
calls exec* with this well-tested and expressive abstraction.
This code will initially be used in crossystem for calling out to
flashrom instead of relying on mosys.
BUG=chromium:1030473
BRANCH=none
TEST=provided unit tests
Change-Id: I56f28419406d0b1299bb91058dd4500079b2435e
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1955805
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function was added with the sole intended user being
BCB support on the depthcharge side.
Now that BCB is deprecated, we can remove it.
BUG=b:124141368, chromium:956474
TEST=make clean && make runtests
BRANCH=none
Change-Id: I4a99c540951b5e160bf50bcb790091d1df6eefc3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1954975
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none
Change-Id: I7daf97a88c71ff188c5812a30ca71d6c84823ae9
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1844595
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Convert LoadKernel and TryLoadKernel to use vboot2-style error
codes. Error codes are renamed as follows:
VBERROR_NO_KERNEL_FOUND
--> VB2_ERROR_LK_NO_KERNEL_FOUND
VBERROR_INVALID_KERNEL_FOUND
--> VB2_ERROR_LK_INVALID_KERNEL_FOUND
VBERROR_NO_DISK_FOUND
--> VB2_ERROR_LK_NO_DISK_FOUND
Remove these error codes:
VBERROR_LOAD_KERNEL_RECOVERY
Remove VBSD_BOOT_DEV_SWITCH_ON check in vb2_developer_ui
to align vboot_ui and vboot_ui_menu functionality.
VBERROR_LOAD_KERNEL
Unused.
BUG=b:124141368, chromium:988410
TEST=make clean && make runtests
BRANCH=none
Change-Id: I90389c6629cc6055c4a4acbbbdd358bb79b63bf7
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1728297
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
EC software sync should not be performed in recovery mode, as it breaks
the vboot model.
BUG=b:145310842
BRANCH=firmware-hatch-12672.B
TEST=Verify that EC sync is skipped in recovery mode (coreboot & depthcharge)
Change-Id: I771b970b044ed2b13a1cd79f5649af92b0177ac7
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1941037
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stop magically checking get_info_flags by subtracting the
expected value from vbtlk_retval. Introduce two globals
vbtlk_expect_fixed and vbtlk_expect_removable which are
checked when the mocked VbTryLoadKernel function is called.
Update some comment style and fix spacing.
BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none
Change-Id: I038aa03dcff24ec06f68f6a175f992ed99feddb9
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1836612
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In current kernel verification code, secdata reads and writes
are spread throughout the code. vboot2's design is to use
vb2_context.secdata_* for storing the state of secdata spaces,
and have the caller (depthcharge) read/save this field when
necessary.
Centralize secdata reads/writes into the functions of
secdata_tpm.c, previously known as rollback_index.c.
Functions which directly read/write to the TPM space are modified
to use vb2_secdata_*_get and vb2_secdata_*_set.
The secure spaces get read/flushed by functions in
vboot_api_kernel.c. These calls and the underlying functions
from secdata_tpm.c will eventually be relocated to depthcharge.
Create a new external function vb2ex_commit_data, which commits
any modified nvdata/secdata. Currently the depthcharge
implementation of this function only writes nvdata, but once
secdata TPM drivers have been migrated from vboot_reference to
depthcharge, it will also commit these data spaces.
This CL also removes the VbExNvStorageRead call from
vb2_kernel_setup, and the data is instead read in depthcharge
CL:1819379, right before calling VbSelectAndLoadKernel.
As such, both the VbExNvStorageRead and VbExNvStorageWrite
functions may be removed.
Finally, create a vb2_secdata_kernel_lock function, which should
be used right before attempting to leave vboot (by booting an OS
or chainloading to another firmware). This should eventually be
exposed as a vb2ex_ API function and relocated to depthcharge.
BUG=b:124141368, chromium:972956, chromium:1006689
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ifbfb21122af0bf85e22a6d3a0d48a1db7f7c25b7
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1819380, chromium:1939168
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1728298
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than depending on the architecture and environment to
provide the correct memory alignment (__BIGGEST_ALIGNMENT__),
hardcode to 8, which should be sufficient for all cases.
(Previously, by using __BIGGEST_ALIGNMENT__, this is set to
16 in all known cases, which is unnecessarily large.)
Update vb2_workbuf tests to be more flexible according to
VB2_WORKBUF_ALIGN value.
BUG=b:124141368
TEST=make clean && make runtests
TEST=Try values of VB2_WORKBUF_ALIGN=2,4,8,16,32,64
BRANCH=none
Change-Id: I819586119fa3102fa423a01e0737e6864c05d752
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1911921
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After storing the GBB header on the workbuf, the offset of wb.buf
is stored into workbuf_used by incorrectly using ctx as the
pointer base, rather than sd (which corresponds to the start of
the workbuf). This subtracts 8 bytes from the correct value of
workbuf_used, and leaves the last 8 bytes of the GBB header
vulnerable to being overwritten with any VB2_WORKBUF_ALIGN values
less than 16.
Also update the relevant vb2_misc_tests check to account for
GBB headers with non-aligned sizes (currently it is 128 bytes).
BUG=b:124141368, chromium:1027846
TEST=Test with various VB2_WORKBUF_ALIGN values
BRANCH=none
Change-Id: I862d29155ce08df6911c277f8ce8c703ffaf1df7
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1932276
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=b:143094352
BRANCH=none
TEST=make clean && make runtests
Change-Id: I3665bfb10c66e2fbe3906e99cc72346748123cfb
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1873879
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This callback is redundant, because vboot takes the buffer pointer and
just passes it straight into vb2ex_ec_update_image(), so clearly the
platform must be able to find the image on its own. Remove it, and also
remove the arguments to vb2ex_ec_update_image which were the image and
its size.
BUG=none
BRANCH=none
TEST=make runtests
Cq-Depend: chromium:1910562
Change-Id: I35548cc0bde761cf08337489af0772bbdf46de4d
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1877065
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the logic for updating auxfw is entangled with the logic
for performing EC software sync. This patch attempts to split them
apart, so that they can be used separately. VbSelectAndLoadKernel()
currently still performs both, EC first and then auxfw. The intended
use-case for this functionality is to perform EC software sync only in
coreboot's romstage. Unit tests were updated to ensure functionality
is effectively unchanged.
BUG=b:143094352, chromium:1016688
BRANCH=none
TEST=make clean && make runtests
Change-Id: I7bdf38694cfed83b18dd8189b8516780184ecc8e
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1867314
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove devidx argument from internal and external functions.
Rename external API functions to vboot2 scheme (vb2ex_...).
Rename external EC-related data types to vboot2 scheme (vb2_...).
BUG=b:124141368, chromium:1016688, chromium:1017093, b:112198832, b:143094352
TEST=make clean && make runtests
BRANCH=none
Cq-Depend: chromium:1910562
Change-Id: I4ca9858a0f91a0365288c04cdb90aad0efdd7647
Signed-off-by: Joel Kitching <kitching@google.com>
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1872255
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also standardize on position and spacing of __attribute__.
BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ic61d6193c2413824837a51af98eb2dcd9ea4ab85
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1902843
Commit-Queue: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All devices which have a PD chip running CrOS EC code have already shipped,
and there is no intention to go back to using an "EC" for a TCPC anymore.
BUG=b:143762298,chromium:1017093
BRANCH=none
TEST=make runtests
Change-Id: I177c00581089de59e4f35608b97ef5432e8b492b
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1895712
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move vb2_context to live inside of vb2_shared_data, instead of
in a separate memory space allocated by the caller.
See design doc:
http://go/vboot2-persistent-context
BUG=b:124141368, chromium:994060
TEST=make clean && make runtests
BRANCH=none
Change-Id: If2421756572a43ba58b9da9f00e56a8f26ad3ad5
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1874753, chromium:1902339
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1716351
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After informing EC of the mode chosen by vboot, it is stored
in a global and never accessed again. Remove this function,
its calls, and its tests.
Also note some significant issues which existed:
(1) Using accessor VbGetMode for tests, rather than just
overriding VbExEcEnteringMode when needed.
(2) The tests checking the value sent to VbExEcEnteringMode
(vboot_api_kernel2_tests and vboot_detach_menu_tests)
actually call the function themselves.
BUG=b:124141368, chromium:1014379
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ib8e510a1e1c663bb3f8238a9ad15e3e64d7350b0
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1864533
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1830239
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you read the manpage for printf *really* closely, it seems that the
%#x token only prints the 0x prefix for non-zero values. Huh... never
knew that (and our firmware implementations in fact don't honor that,
but glibc does). Anyway, I think we're fine with either behavior but
this broke the expected output for one of our futility tests, which this
patch fixes (originally broken in CL:1840191).
BRANCH=None
BUG=None
TEST=make runtests
Change-Id: Id54ff6f56e02333ab01b09b75deb16f47da01bc3
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1885411
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes a sanitizer issue in cgpt where a GPT entries array may
have been passed even though it was not loaded from disk (parsing an
uninitialized buffer). The GPT library seems to have been written with
the assumption that both headers and entries would always be loaded and
it could recover even if only the primary header and the secondary
entries were valid. In practice, this doesn't really work because the
caller doesn't know how to read entries for an invalid header.
Therefore, change the code so that entries are only assumed to be loaded
for valid headers.
Also fix some minor problems with loading GPTs by aligning sizes up (not
down) to the next sector boundary and making sure we always allocate the
maximum amount of space for entry arrays, even if the current header may
not need that much (in case a repair wants to overwrite it).
This practically reverts CL:276766 which becomes obsolete (and was
really just a dirty hack to hide an underlying problem).
BRANCH=none
BUG=chromium:1017797
TEST=make runtests
Change-Id: I86c601dc074261d53f013b98ae214efdc44f3563
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1885098
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Keep const (default) and non-const (_mutable suffix) versions
of `data` field accessors for vb2_signature and vb2_packed_key.
No need for separate 2packed_key.c file -- just static inline
the functions.
vb2_verify_packed_key_inside should return type vb2_error_t.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Change-Id: I96722a746f26abbb6e19a365ce74f0bfda0da381
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1786386
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move ec_sync.c to vboot2 namespace. Keep its API in vboot_api.h
for the time being.
BUG=b:124141368, chromium:1016688, b:112198832, b:143094352
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ia925e93ecdcdb1a2a2724336774f48dbe0439743
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1872254
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Sean Abraham <seanabraham@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since these pre-historic functions have already been updated to
return vb2_error_t values, their error codes should be merged
into vb2_return_code just like was done for vboot1 error codes
in CL:1722913.
BUG=b:124141368, chromium:988410
TEST=make clean && make runtests
BRANCH=none
Change-Id: I5c64eca088a5f130fa5b420f94c85d04955948d2
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1776292
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use _Static_assert() instead.
BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none
Change-Id: I42a18442a8bff1ab346f8ba784e9e6fc0366de9a
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1786388
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move from vboot20 to vboot2.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ib1fe0e2cfb0865fffe33ad35e7bd67d416da4589
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1776291
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stardardize on inconsistency between "keyblock" and "key block"
both in code, comments, and textual output.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ib8819a2426c1179286663f21f0d254f3de9d94a4
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1786385
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All of the functions in lib20/api.c are actively used in coreboot
verstage firmware verification. Fold the functions and their
test suite into 2lib.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Change-Id: I2dbad2715246a8a16ee85dac553a751ae1590afa
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1659991
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also standardize on using hex for printing ASCII key values
across vboot_ui.c and vboot_ui_menu.c.
BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ib10288d95e29c248ebe807d99108aea75775b155
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1840191
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The reason for having a separate REC_DISK_DELAY and REC_KEY_DELAY has
long been lost in time... in fact, with our current coreboot firmware
stack, polling for keys will always also poll for disks, so we're
already polling for disks in the inner loop anyway. Removing this
distinction will resolve some weirdness in certain error cases.
An unintended side effect is that the usual recovery mode console spam
goes from annoying at 4 times a second to unbearable at 50 times a
second. Let's just remove it instead and get the console output more in
line with what our developer and BROKEN screens show (i.e. nothing,
unless there's any change or user input).
BRANCH=None
BUG=chromium:1009850
TEST=Booted Kevin
Change-Id: Ie1754646e7d17a661c9adebf43483df1785e6127
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1856831
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Right now TryLoadKernel() always sets a recovery reason when it did not
manage to load a kernel for any reason. In many cases (e.g. we're
already in recovery mode, or we're trying to boot off some random USB
stick in dev mode) we don't actually want that to happen, so there are
four different instances of code unconditionally clearing the recovery
reason again right after calling TryLoadKernel().
This is confusing and there's a far simpler solution: only set the
recovery reason when we're booting off a fixed disk. We never want to
set it when trying to boot a removable disk anyway, so centralizing this
distinction right in TryLoadKernel() makes the logic easier to follow.
BRANCH=None
BUG=None
TEST=make runtests, played around with a Kevin
Change-Id: I9d56356b0f3547b3690be2c24cf6936e57e4cf1f
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1859687
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LoadKernel() currently contains code that sets the recovery reason
directly (via direct nvdata access, bypassing the usual
VbSetRecoveryReason() helper) whenever it has a problem loading a
kernel. This seems to be an ancient vestige from the time when
LoadKernel() (and not VbSelectAndLoadKernel()) was still the external
API. In our current use, VbTryLoadKernel() will always immediately
override any recovery reason set this way.
This patch removes this pointless code to avoid confusion. Instead,
TryLoadKernel() is expanded to be able to tell the difference between
LoadKernel() return codes and set a more precise recovery reason based
on that.
BRANCH=None
BUG=chromium:692715
TEST=make runtests
Change-Id: Idd8bd6e16d5ef1472aa3b2b66468248726d5c889
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1859686
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch deprecates a bunch of recovery reasons we no longer use and
removes the display strings associated with them.
BRANCH=None
BUG=None
TEST=make runtests
Change-Id: I0350784f810c68d52bc972575b8c3f57539b8094
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1863624
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds fuzzers for vb2_load_fw_keyblock() and
vb2_load_fw_preamble(). I'm new at fuzzing so please let me know if I
did something dumb.
BRANCH=None
BUG=None
TEST=Ran them manually with cros_fuzz.
Change-Id: Ica39fcf4a3d250e69c51214afcee9e9815667ff8
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1867969
Commit-Queue: Manoj Gupta <manojgupta@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of returning vb2_error_t, use VB2_DIE to exit on error.
BUG=b:124141368, chromium:972956, chromium:1006689,
TEST=make clean && make runtests
BRANCH=none
Change-Id: I9497eebb0b8815734fdf875ba4f9ef5eda5e82fd
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1833365
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove VbSetRecoveryRequest and use vb2api_fail instead.
When failure is encountered in kernel verification, it's very
possible that there is a bug in updated RW firmware. The other
firmware slot should always be attempted before falling back to
recovery mode. Call vb2api_fail to invoke this behaviour, rather
than setting the recovery request directly with
VbSetRecoveryRequest.
BUG=b:124141368, chromium:1007999
TEST=make clean && make runtests
BRANCH=none
Change-Id: I69c457f37d1f58c1eef33dec436fb77b2a77030f
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1833364
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vboot1 FWB_TRIED flag is unused and replaced by vboot2
TRY_COUNT.
Remove related test cases.
Rewrite a special case for preventing kernel version roll-forward
with combined firmware+kernel updates.
BUG=b:124141368, chromium:1010389, b:35575422
TEST=make clean && make runtests
BRANCH=none
Change-Id: I9300def8bb426868b5e4d687d9c86e85c0c9b2c0
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1833369
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a fuzzer binary to exercise GPT parsing.
BUG=chromium:1014101
TEST=Build and run fuzzer.
BRANCH=none
Change-Id: Idecc0ddf491e976d4e01f5778e51a01ac317d961
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1859595
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: Manoj Gupta <manojgupta@chromium.org>
Commit-Queue: Manoj Gupta <manojgupta@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TYPE_BASIC_DATA (called TYPE_LINUX_DATA before) is used by both
Windows and Linux systems, and has caused problems when dual-booting.
Modern Linux systems have been changed to TYPE_LINUX_FS.
In Chrome OS, we usually find the stateful partition by number (1)
instead of searching by type, so it should be fine simply replacing
default mapping in the cgpt tool.
BUG=chromium:944389
TEST=sudo emerge vboot_reference; make runtests
BRANCH=None
Change-Id: If18ff5180cbae5cdea8104f36203cffcf34db934
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1535456
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Matt Delco <delco@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously used for fastboot.
BUG=b:124141368, chromium:995172
TEST=make clean && make runtests
BRANCH=none
Change-Id: I960932526bbd4482707125700cfa63e94c9f356b
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1776290
Commit-Queue: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As previously discussed with jwerner@, API functions should not
distinguish between "internal" and "external" versions.
BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none
Change-Id: Iea4fb430dbd56110639f52bdb7d8d3aaae7ee293
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1830240
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Should have no extra line breaks in between local includes,
and should be sorted alphabetically.
BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none
Change-Id: I83c25d30d7376712857314965a7d93f57190aa3f
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1776281
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Makes it easier to prevent different parts of vboot from reading
secdata structs without using accessor functions.
BUG=b:124141368, chromium:972956
TEST=make clean && make runtests
BRANCH=none
Change-Id: I407e1409409c6aab0c1f311f7715ce159497961b
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1776280
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement FWMP support in vboot2. Currently, the data structure
is just accessed directly, checking to see whether its `flags`
member contains particular flags. We'd like to change this to
follow the same scheme as secdata_firmware and secdata_kernel.
This CL also updates some functions, comments, and tests related
to secdata_firmware and secdata_kernel to ensure consistency
between code for the secdata spaces.
BUG=b:124141368, chromium:972956
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ia0d67532cc6e077e170ffb25d0bc587b1d53edf3
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1773088
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sometimes vboot needs to make assertions to work sanely without
always having to return VB2_ERROR_* values. Add VB2_ASSERT and
VB2_DIE macros to deal with these cases.
Convert existing VbAssert macro to use either VB2_ASSERT or
TEST_* macros depending on the case.
Implement testing infrastructure to check that aborts are being
triggered correctly. The TEST_ASSERT macro should be used.
BUG=b:124141368, chromium:1005700
TEST=make clean && make runtests
BRANCH=none
Change-Id: I298384ba50842a94a311df7f868f807bf2109cff
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1813277
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1800112
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These secure spaces are now used for more than just rollback
versions and should be renamed thus.
Note: Originally this rename operation was batched into the CL
which rewrites the functions in rollback_index/secdata_tpm, but
it made reviewing in Gerrit a pain, since it couldn't pick up on
the file renames, and instead showed them as deletes/adds.
Doing the rename separately helps ensure all references to
rollback_index are updated, and gives us a better review
experience in Gerrit.
BUG=b:124141368, chromium:972956
TEST=make clean && make runtests
BRANCH=none
Change-Id: I51e5c731e0d7a071d384c28da56e7adce64ba943
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1776279
Commit-Queue: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is possible that set_vendor_data will not be null terminated if
strlen(vendor_data_value) >= sizeof(set_vendor_data). Leave an extra
byte at the end to prevent this.
BUG=none
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ic21d74e9f3f36557ab1083001ab8af8ee42426e4
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 198908
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1752933
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
