| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 87663c3bef0f6b198945cf3eb83632f461a5d6f8.
The parent CL to this commit should be sufficient to resolve the
failure that prevented "crossystem board_id" on ARM from working.
Original change's description:
> crossystem: Add board_id property
>
> futility is one of a few places in ChromeOS that uses "mosys platform
> version". The goal is to remove this command from mosys.
>
> This commit adds a new property to crossystem, "board_id", which
> reads the board revision from SMBIOS/FDT, and replaces the call in
> futility with the appropriate VbGetSystemPropertyInt.
>
> BUG=b:187790074
> BRANCH=none
> TEST="crossystem board_id" on hana and brya
>
> Change-Id: Id69c8e309c0e509a165aa6da2778573ac7de3455
> Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4029537
> Reviewed-by: Julius Werner <jwerner@chromium.org>
BUG=b:187790074
BRANCH=none
TEST="crossystem board_id" on hana and brya
Change-Id: I37b4c622e3c1d294b5be8e0d98ef14175902acc3
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4045047
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit db1b34f559fdbf5584b57007da43e4dddda43c6a.
Reason for revert: seems to break scarlet - b/259702907
Original change's description:
> crossystem: Add board_id property
>
> futility is one of a few places in ChromeOS that uses "mosys platform
> version". The goal is to remove this command from mosys.
>
> This commit adds a new property to crossystem, "board_id", which
> reads the board revision from SMBIOS/FDT, and replaces the call in
> futility with the appropriate VbGetSystemPropertyInt.
>
> BUG=b:187790074
> BRANCH=none
> TEST="crossystem board_id" on hana and brya
>
> Change-Id: Id69c8e309c0e509a165aa6da2778573ac7de3455
> Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4029537
> Reviewed-by: Julius Werner <jwerner@chromium.org>
Bug: b:187790074, b:259702907
Change-Id: Ibdc2525d6f395e2ef63354d36ca02b71543e8079
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4038443
Commit-Queue: Jack Rosenthal <jrosenth@chromium.org>
Tested-by: Jack Rosenthal <jrosenth@chromium.org>
Commit-Queue: Brian Norris <briannorris@chromium.org>
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Owners-Override: Jack Rosenthal <jrosenth@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
futility is one of a few places in ChromeOS that uses "mosys platform
version". The goal is to remove this command from mosys.
This commit adds a new property to crossystem, "board_id", which
reads the board revision from SMBIOS/FDT, and replaces the call in
futility with the appropriate VbGetSystemPropertyInt.
BUG=b:187790074
BRANCH=none
TEST="crossystem board_id" on hana and brya
Change-Id: Id69c8e309c0e509a165aa6da2778573ac7de3455
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4029537
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=none
BUG=none
TEST=cros lint
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: I7710c43c8c70cf257a898f22c42ecbf350e125a2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3925702
Commit-Queue: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Jakub Czapiga <czapiga@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Flag decides whether MINIOS-A or MINIOS-B is booted.
BUG=b:186682292
TEST=make clean && make runtests
TEST=Deploy and run `crossystem minios_priority` commands
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I11460bf1522cde8e98e680b0f00a417e2b4ef9a1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2998513
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vboot 1 is deprecated, so remove "vboot2" annotations in
crossystem help text.
BUG=none
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ic46576b34d3f1ea611d574e5566479b8d29c1e81
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3028643
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fix styling of earlier sections and link to the CrOS os_config guide.
BUG=None
TEST=`crossystem --help` looks nice
BRANCH=None
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Change-Id: I1d5d9b080ee288541619ec4e0e8d550985051558
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2966239
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Standardize on the term "altfw" (short form) and
"alternate bootloader" (long form) in both code and
documentation.
Remove the VbAltFwIndex_t enum, and replace with a
simple uint32_t.
Rename VbExLegacy to vb2ex_run_altfw, and move
to vboot2 namespace.
Rename crossystem param dev_boot_legacy to
dev_boot_altfw, but leave an alias.
Rename crossystem param dev_default_boot value
from legacy to altfw, but leave an alias.
BUG=b:179458327
TEST=make clean && make runtests
TEST=emerge vboot_reference and check output for:
crossystem dev_boot_legacy=0
crossystem dev_boot_altfw=0
crossystem dev_default_boot=legacy
crossystem dev_default_boot=altfw
BRANCH=none
Cq-Depend: chromium:2641196
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I289df63d992a3d9ae3845c59779ecbd115b18ee2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2641346
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fmap_base utility no longer needed since b:157897361
BUG=chromium:1091253
BRANCH=none
TEST=Compiled, cros_workon_make test,
and cros deploy to kindred device to confirm
there was no fmap_parameter.
Change-Id: Idc89c82555531030beaf8f84ce483a5f49a86fbe
Signed-off-by: Aaron Massey <aaronmassey@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2241386
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Commit-Queue: Jack Rosenthal <jrosenth@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename enumerators of the vb2_dev_default_boot_target enum as follows,
because the term USB is not quite accurate (we can also boot from an SD
card).
VB2_DEV_DEFAULT_BOOT_TARGET_DISK
--> VB2_DEV_DEFAULT_BOOT_TARGET_INTERNAL
VB2_DEV_DEFAULT_BOOT_TARGET_USB
--> VB2_DEV_DEFAULT_BOOT_TARGET_EXTERNAL
Also perform similar renaming for the following.
enum vb2_nv_param:
VB2_NV_DEV_BOOT_USB
--> VB2_NV_DEV_BOOT_EXTERNAL
enum vb2_secdata_fwmp_flags:
VB2_SECDATA_FWMP_DEV_ENABLE_USB
--> VB2_SECDATA_FWMP_DEV_ENABLE_EXTERNAL
constants:
VB2_NV_DEV_FLAG_USB
--> VB2_NV_DEV_FLAG_EXTERNAL
functions:
vb2_dev_boot_usb_allowed
--> vb2_dev_boot_external_allowed
BRANCH=none
BUG=none
TEST=make runtests
Change-Id: Iad16fcf34d76da08c6d8a81e150c7fde927c743b
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2237622
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
wpsw_boot is being deprecated, so just use wpsw_cur.
BUG=b:124141368, chromium:950273
TEST=make clean && make runtests
BRANCH=none
Change-Id: Iae63b2a76b19629a9ecd9b87e5dd6367767860b3
Cq-Depend: chromium:2066154, chromium:2068241, chromium:2068209
Cq-Depend: chromium:2068297, chromium:2067229, chromium:2067231
Cq-Depend: chromium:2068242
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2066192
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create a function-local copy of VbSharedDataKernelCall rather
than using the memory built-in to VBSD. Stop making any
reference to vboot1 VBSD from LoadKernel.
BUG=b:124141368, chromium:1038260
TEST=make clean && make runtests
BRANCH=none
Change-Id: I5dabfb33a0eb05c1f40509dcf00a4c5751af1ef5
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2053182
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of chromium:943150, virtual recovery switch functionality is
being deprecated. Physical presence should be chosen by specifying one
of the following USE flags:
- physical_presence_keyboard
- physical_presence_recovery
- physical_presence_power
Fields VDAT_INT_DEPRECATED_DEVSW_VIRTUAL and VDAT_INT_RECSW_VIRTUAL are
also removed from VdatIntField.
BRANCH=none
BUG=chromium:943150
TEST=make runtests
Cq-Depend: chromium:2004370
Change-Id: I4342a2607538d1b4480d601073eb531e93e74b38
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2037268
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When setting crossystem parameters with various errors, the error
message was always "Parameter dev_default_boot is read-only". Display
various error messages based on the types of errors.
BRANCH=none
BUG=chromium:965799
TEST=emerge-nami vboot_reference
Change-Id: I185ce5f9c142da538f86b6c6c298f5a76377e395
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1982431
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stardardize on inconsistency between "keyblock" and "key block"
both in code, comments, and textual output.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ib8819a2426c1179286663f21f0d254f3de9d94a4
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1786385
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These timers have not been used in eons, and an alternative
already exists (coreboot's tstamp_table).
BUG=b:124141368, chromium:1014102
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ic0d3e14028315d6f343388c7c1c9d105b7bd58a2
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1860254
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:124141368, b:131663912, b:139392536
TEST=make clean && make runtests
BRANCH=none
Change-Id: I91eab08130786188b0a7c514b35574c611863b03
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1758147
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Commit-Queue: Furquan Shaikh <furquan@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per go/vboot2-oprom-cleanup, use vboot2 SD flag
DISPLAY_AVAILABLE, instead of the old vboot1 flags
OPROM_MATTERS and OPROM_LOADED.
Remove instances of "OPROM" and update with correct
nomenclature.
Update code and tests for EC software sync and diagnostic
menu to use vboot2 display init model.
OPROM_MATTERS and OPROM_LOADED are now deprecated, and
will be removed when no references remain in depthcharge
and coreboot.
Deprecate VBERROR_DISPLAY_INIT_MISMATCH (previously
OPROM_MISMATCH) and return VBERROR_REBOOT_REQUIRED
directly when needed.
BUG=b:124141368, b:124192753, chromium:948529
TEST=Build image for eve, force EC update,
check that the "critical update" screen shows
TEST=make clean && make runtests
BRANCH=none
Change-Id: I889872f886230f8559d5cce09d0de194da3fcc38
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1605641
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a bunch of more warnings that are already enabled in
coreboot and thus already enabled for firmware builds anyway (because
coreboot just passes its CFLAGS through). Enabling it in the vboot
Makefile means they also apply to host utilities and tests, which sounds
desirable for consistency.
Fix enough of the cruft and bad coding practices that accumulated over
the years of not having warnings enabled to get it to build again (this
includes making functions static, removing dead code, cleaning up
prototypes, etc.).
Also remove -fno-strict-aliasing from the x86 firmware build options,
because it's not clear why it's there (coreboot isn't doing this, so
presumably it's not needed).
BRANCH=None
BUG=None
TEST=make runtests
Change-Id: Ie4a42083c4770a4eca133b22725be9ba85b24184
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1598721
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change allocates a bit in the nvram that will be used
in a later change to tell the firmware whether to detour
to diagnostic mode during boot.
BUG=b:124358784
BRANCH=None
TEST=Local build and ran "make runtests". Verified with a later
change that the nvram bit takes effect as expected.
Change-Id: If2fd3f46da30fc7375d37b240e3e745819ae0632
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1504758
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Also, add (writable) at the end.
BUG=None
TEST=None
Change-Id: I34eb1e8e02ba3c837ba5fa452f9f6da64ce7b6e0
Reviewed-on: https://chromium-review.googlesource.com/1328391
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some user-space applications need to know whether Alt OS is
currently enabled or disabled. Add alt_os_enabled to
crossystem as a read-only flag for this purpose.
It is currently based off of reading VBSD_ALT_OS_SHOW_PICKER
from VbSharedDataHeader. We may want to change that to a
field dedicated to showing Alt OS state in the future
(see b/117195332).
BUG=b:117195332,b:117142023
TEST=emerge-eve vboot_reference && \
cros deploy --force --board=eve dut vboot_reference
Change-Id: Ic9a120e7d24021eb984d501f09ce4d7b6f85d730
Reviewed-on: https://chromium-review.googlesource.com/1328390
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, it is impossible to programmatically enable/disable
Alt OS mode in eve. This is because only EC-RW supports the
kbatboot keyboard matrix functionality. But, as part of the
campfire boot flow, the keyboard matrix is retrieved *immediately*
after jumping into EC-RW. We need to insert a small pause in
order to allow for some entity (autotest/servo) to send a kbatboot
command, simulating the Alt OS keyboard press hotkey.
BUG=b:117140648,b:118786884
TEST=Manually use crossystem to set post_ec_sync_delay=1
Reboot, and wait for the delay to begin
Run `kbatboot 1 4 1` in EC console
Check that AP console contains:
"vb2_post_ec_sync_hooks: post_ec_sync_delay 5000 ms..."
TEST=make clean && make runtests
Note that we are only cherry-picking the changes which affect
crossystem in this CL. Firmware changes will still live in
campfire-eve branch only.
Change-Id: I1305357199d87b80b4edc4e311015106ab07de65
Reviewed-on: https://chromium-review.googlesource.com/c/1256644
Commit-Queue: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Trybot-Ready: Joel Kitching <kitching@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 64d7369976b88b21d8d8a860252023776a2f119e)
Reviewed-on: https://chromium-review.googlesource.com/1328389
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A bunch of the params have '(writable)' at the end of the description
to indicate it's a writable field. However, it's not listed on every
field. Rather than resync all of them, automate it. Throw in the
type for good measure.
The old display:
hwid = LUMPY # Hardware ID
dev_boot_usb = 1 # Enable developer mode boot from USB/SD (writable)
The new display:
hwid = LUMPY # [RO/str] Hardware ID
dev_boot_usb = 1 # [RW/int] Enable developer mode boot from USB/SD
BUG=None
TEST=`crossystem` output looks better
BRANCH=None
Change-Id: I953cf5cb78b52edeece4215c3249b79b26d36f26
Reviewed-on: https://chromium-review.googlesource.com/1224652
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
clear_tpm_owner_request is 23 chars now.
BUG=None
TEST=`crossystem` is aligned
BRANCH=None
Change-Id: I6d077b7311c74c51fd608281ad48b29fc6219937
Reviewed-on: https://chromium-review.googlesource.com/1218502
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A bunch of these fields are slightly missorted.
BUG=None
TEST=`crossystem` is sorted
BRANCH=None
Change-Id: I9e90343f5034e7a8a2d81c9b8eeb4b1d7286f157
Reviewed-on: https://chromium-review.googlesource.com/1218503
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Port CL:1009444 to ToT.
Adds (enable|disable)_alt_os_request flag for AltOS boot flow.
BRANCH=none
BUG=b:70804764
TEST=1. make runtests
2. Manually, set and get new flags via crossystem
Change-Id: Ie7fe2620f736335f11c39cbfe37b3fdf400ff926
Reviewed-on: https://chromium-review.googlesource.com/1014840
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Ting Shen <phoenixshen@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a flag recoverysw_is_virtual for determining whether a
device's recovery switch status (as given by recoverysw_cur) is from a
physical button or a line connected to Servo, without a physical button
(e.g. veyron_minnie).
BRANCH=none
BUG=chromium:845589
TEST=manually tested on cave and veyron_minnie; make runtests
Change-Id: If8e54e1df78b25a52dbf359ce641bea75533d705
Reviewed-on: https://chromium-review.googlesource.com/1157537
Commit-Ready: Tudor Brindus <tbrindus@chromium.org>
Tested-by: Tudor Brindus <tbrindus@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds a new NV and GBB flag for controlling USB device
mode behavior, adding an additional step to enable UDC on systems
that support it.
Users of this feature will need to first enable developer mode and
then enable UDC separately by running "crossystem dev_enable_udc=1".
Alternatively those without write protect enabled can set a GBB
flag to have UDC enabled by default while in developer mode.
This is based on the security reviewed proposal at
https://docs.google.com/document/d/1b6avd9xvhvljN_NKtctWrClj4mSYZ_uPmp7MmAnPwqs
BUG=b:74339386
BRANCH=poppy
TEST=manual testing on Eve device
Change-Id: I6f440320f28b033639b53246d3034bc8acc37a33
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1010769
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default value is "disk", and should be mentionned as an option.
BRANCH=none
BUG=none
TEST=emerge-poppy -av vboot_reference
Change-Id: I9ddfe155f1dbaf019b74c1bab7b5ce5539545e7f
Reviewed-on: https://chromium-review.googlesource.com/989375
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This just adds the kernel_max_rollforward field to the nvstorage
libraries and crossystem. The firmware does not use it yet; that's
coming in a subsequent CL.
16 of the fields's 32 bits are taken from unused bytes of the kernel
field. This has no effect on existing usage.
BUG=chromium:783997
BRANCH=none
TEST=make runtests
Also manual testing. In a root shell:
crossystem kernel_max_rollforward --> Should default to 0
crossystem kernel_max_rollforward=0xfffffffe
crossystem kernel_max_rollforward --> Should be 0xfffffffe
(Note that setting it to 0xffffffff is indistinguishable from the
-1 value that the crossystem library uses to indicate error, so
0xffffffff isn't actually usable as a max rollforward limit. But
0xfffffffe is, and if we ever get so close to the limit that we
need to use 0xffffffff, something has already gone horribly wrong
with our versioning strategy...)
Change-Id: I008f412e6ed3c0b59beb9881268585af69d1ff2e
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/765572
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:765499
TEST=unittests pass
BRANCH=None
Change-Id: I5c5118c44897d89e5116a9fce49bacbf16704dd8
Reviewed-on: https://chromium-review.googlesource.com/668658
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sw_wpsw_boot field only ever worked correctly on some platforms. It
also isn't used anywhere in the codebase (only other reference is a
comment about how it doesn't always work in factory_installer.sh), and
it's no longer clear what it was meant for in the first place
(b/35510092 hints at needing it for some planned feature that was never
implemented). Let's get rid of it to avoid confusing people.
If userspace tools need to know the software write-protect state, they
can instead run flashrom directly. For feedback reports, this output is
already included in the "verified boot" section.
BRANCH=none
BUG=chromium:508269,chromium:742685
TEST=none
Change-Id: I8975b1e2c8e604b4cb48d092c13b923b4db2d207
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/575389
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide 'phase_enforcement' field that indicates if a
system should have its full security features enabled while
in the factory. The backend implementation currently is only
for x86 using chromeos_acpi.
On reef:
$ grep ^ /sys/devices/platform/chromeos_acpi/GPIO.*/*
/sys/devices/platform/chromeos_acpi/GPIO.2/GPIO.0:4
/sys/devices/platform/chromeos_acpi/GPIO.2/GPIO.1:1
/sys/devices/platform/chromeos_acpi/GPIO.2/GPIO.2:10
/sys/devices/platform/chromeos_acpi/GPIO.2/GPIO.3:INT3452:00
BUG=chrome-os-partner:59951
BRANCH=None
TEST=Tested on reef with accompanying coreboot patches and flipping
internal pulls to see the correct setting.
Change-Id: Id5401d795cff8874a038f2456121549713a11237
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/418899
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add "inside_vm" command to crossystem.
x86: If there is no HWID and mainfw_type is "nonchrome", report that the
host is a VM. If HWID is present, it's not a VM.
ARM: Detection not implemented and so far no ARM VMs exist, always
report that the system is not a VM
BUG=chromium:632303
TEST=emerge-cyan vboot_reference and test binary on cyan QEMU and HW
BRANCH=none
Change-Id: I18f5cb24b68e51f3097d9aafd9f0db0e610d322a
Reviewed-on: https://chromium-review.googlesource.com/367240
Commit-Ready: Nicolas Norvez <norvez@chromium.org>
Tested-by: Nicolas Norvez <norvez@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new crossystem value "battery_cutoff_request" to indicate that
next reboot should cut-off battery and shutdown during firmware stage.
This request is primarily for factories to ship devices in an safe
state. Previously we have done same thing by running "ectool battery-cutoff"
but that creates a problem which "ectool" (and the one to request for
cut-off) must live in developer mode while the device must be shipped
in normal mode. The mode transition was solved by setting
"disable_dev_request=1", but that flag is may get lost on x86 systems
(having NV storage in CMOS) when the battery is cut-off .
From the experience from Ryu, such settings (dev mode transition and
battery cut-off) should be done together inside firmware execution so we
can create a new flag, battery_cutoff_request, to finalize device
properly.
BRANCH=none
BUG=chromium:601705
TEST=emerge-chell depthcharge vboot_reference chromeos-bootimage
crossystem battery_cutoff_request=1
# Unplug AC adapter
reboot
# See device rebooted and then shutdown immediately.
# Press power button and system won't boot.
# Attach AC adapter and now system boots.
CQ-DEPEND=CL:337596,CL:338193
Change-Id: I73ccae15b337cd65786106646546c67c155b8fa6
Reviewed-on: https://chromium-review.googlesource.com/337602
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This flag will be used by the firmware updater to indicate that RO
software sync should be attempted.
BUG=chrome-os-partner:48703
BRANCH=None
TEST=make runtests
Change-Id: I42090ac47da45c724e66334648ab447ad3c21178
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/320621
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I don't even know what this is. It seems to have marked some kind of
debug buffer provided by H2C BIOS on pre-Daisy Chromebooks and has not
been touched since it was copied in here when crossystem was first
added. I can't find any references in our codebase so I doubt anybody
would miss it. Let's remove it so the '(error)' fields returned there on
any modern Chromebook stop confusing our vendors.
BRANCH=None
BUG=chromium:551715
TEST=Built for Falco and Jerry.
Change-Id: Ie2baec536b50bb192eb4cd3e48df212cce53561a
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/311346
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bernie Thompson <bhthompson@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This field doesn't seem to be used for anyone and it keeps adding work
for people trying to bring up new platforms. If we ever needed something
like this again, we'd probably prefer to have it in mosys now anyway.
Let's get rid of it.
BRANCH=None
BUG=chromium:551715
TEST=Built for Falco and Jerry.
Change-Id: I6b96e255968fdd22a345d4a75bfdc1e79d3f5896
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/311345
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bernie Thompson <bhthompson@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In developer mode, this option will make the system try to boot into
a legacy OS first after the 30 second timeout. This removes the need to
press a key during boot to try legacy mode and the need to remove the
write protect screw to boot legacy as default.
BUG=chromium:310697
BRANCH=none
TEST=make runtests
Change-Id: I9a9f64c14ad015e21d08eec36e8fc187189cd2f2
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/304077
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a TPM goes from the disabled state to the enabled state, it must
reboot after being enabled, before it can be initialized. In vboot1,
TLCL was part of vboot and this was handled internally. In vboot2, the
caller must set a context flag, so that vboot can decide whether to
allow the reboot, or whether to go directly to recovery mode. This
check is necessary to handle the following cases:
1) The device is booting normally, but the TPM needs a reboot. This
should simply reboot, without going to recovery mode.
2) The device is booting in recovery mode, but the TPM needs a reboot.
If this is the first time it asked us, allow the reboot.
3) The TPM asked for a reboot last time, so we did. And it's still
asking. Don't reboot, because that runs the risk that whatever is wrong
won't be fixed next boot either, and we'll get stuck in a reboot loop
that will prevent recovery. Boot into recovery mode.
Add a new NvStorage bit to track whether the TPM requested a reboot on
the previous boot. That's better than what we did in vboot1, where we
used a special recovery request. Vboot1 couldn't track getting stuck in
a reboot loop in normal mode, only in recovery mode. The new code can
catch both.
BUG=chrome-os-partner:45462
BRANCH=ryu
TEST=make runtests
Change-Id: I2ee54af107275ccf64a6cb41132b7a0fc02bb983
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/300572
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sw_wpsw_boot was made for some feature that was almost never completed, and
only makes sense on Baytrail platforms. To prevent confusion we should address
that in the crossystem description.
BRANCH=none
BUG=chromium:508269
TEST=make test
Change-Id: I1fbc7a0e9e8c1f8503ae8ae9dfb6e80c8da892e3
Reviewed-on: https://chromium-review.googlesource.com/284425
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
AFAICT this property is not really used by anything. All factory
scripts that need detailed memory info get it from mosys. Most
platforms display "unknown" which causes confusion whenever
a bug is filed to support crossystem on a new platform.
BUG=chrome-os-partner:36176
BRANCH=none
TEST=no more "unknown" ddr-type shown in crossystem output on speedy
Signed-off-by: David Hendricks <dhendrix@chromium.org>
Change-Id: I97e66c362e9d88c843128a411512d5a76ac5f87d
Reviewed-on: https://chromium-review.googlesource.com/263982
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For test purposes it should be possible to clear the wipeout request
raised by firmware.
BRANCH=none
BUG=chrome-os-partner:36059
TEST=verified that crossystem wipeout_request=0 changes the bit from 1
to 0, and wipeout_request=1 does not change it from 0 to 1.
Change-Id: Ic45ec03ed3e40e6fee4244804b8c231ee88af95b
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/262466
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commands reads/sets a bit in the kernel-reserved area
of the vboot context nvram. The bit can also be set by the
driver during execution of a TPM command, to check if the
command is interrupted by a panic or power loss. Under
some circumstances, this correlates with the TPM assuming
it is under attack.
BUG=chromium:431360
TEST=try "crossystem tpm_attack" and variations
BRANCH=none
Change-Id: I87215d5a0becfb5c01e0b69867a339bfe6fd0b68
Reviewed-on: https://chromium-review.googlesource.com/261339
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Luigi Semenzato <semenzato@chromium.org>
Tested-by: Luigi Semenzato <semenzato@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It has become necessary to be able to "factory reset" certain devices
on firmware request. The best mechanism for this is NVRAM, as the
request needs to be detected very early in the boot process, before
other means of communications with the upper layers are available.
A previously unused NVRAM bit (bit 0x08 at offset zero) is taken for
this purpose.
A new flag is introduced to allow the firmware to signal the need to
assert this bit.
A new variable name/parameter ('wipeout_request') added to crossystem
to provide user space access to the setting of the dedicated NVRAM
bit.
BRANCH=storm
BUG=chrome-os-partner:37219
TEST=with all the patches applied, on storm, holding the recovery
button at startup for 10 seconds, causes 'crossystem
wipeout_request' to report '1'.
Change-Id: If1f6f061ce5b3f357b92aaa74cb129671dc30446
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/259857
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CL:221230 added the new NVRAM fields fw_prev_tried and fw_prev_result.
It also provided support in the crossystem library to decode these
values, but it forgot to add them to the table of allowed crossystem
options so they actually cannot be queried by the command line tool. Fix
that since this information is useful to debug failures after updating.
BRANCH=R41
BUG=chrome-os-partner:36183
TEST=make runtests VBOOT2=1. cros deployed onto Jerry and confirmed
fw_prev_tried and fw_prev_result are correct.
Change-Id: I8bad7266379d959f5370b7ebeefbbba939c5de06
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/245143
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows testing vboot2. These fields are ignored by original
vboot firmware.
BUG=chromium:370082
BRANCH=none
TEST=manual
crossystem -> fw_tried=A, fw_result=unknown, fw_try_next=A
crossystem fw_tried=B
echo $? -> 1
crossystem -> fw_tried=A, fw_result=unknown, fw_try_next=A
crossystem fw_try_next=B
crossystem -> fw_tried=A, fw_result=unknown, fw_try_next=B
crossystem fw_try_next=beats_me
echo $? -> 1
crossystem -> fw_tried=A, fw_result=unknown, fw_try_next=B
crossystem fw_try_next=A
crossystem -> fw_tried=A, fw_result=unknown, fw_try_next=A
crossystem fw_result=trying
crossystem -> fw_tried=A, fw_result=trying, fw_try_next=A
crossystem fw_result=bupkis
echo $? -> 1
crossystem -> fw_tried=A, fw_result=trying, fw_try_next=A
crossystem fw_result=success
crossystem -> fw_tried=A, fw_result=success, fw_try_next=A
crossystem fw_result=failure
crossystem -> fw_tried=A, fw_result=failure, fw_try_next=A
crossystem fw_result=unknown
crossystem -> fw_tried=A, fw_result=unknown, fw_try_next=A
crossystem -> fw_try_count = 0, fwb_tries = 0
crossystem fw_try_count=6
crossystem -> fw_try_count = 6, fwb_tries = 6
crossystem fwb_tries=0
crossystem -> fw_try_count = 0, fwb_tries = 0
Change-Id: I1532f3384f8c05de2a7ff3f35abcc35d18049491
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/205475
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TEST=Done manually on Nyan:
localhost ~ # sudo /tmp/crossystem fw_vboot2
0
localhost ~ # sudo /tmp/crossystem fw_vboot2=1
localhost ~ # sudo /tmp/crossystem fw_vboot2
0
# reboot with vboot2 firmware
localhost ~ # /tmp/crossystem fw_vboot2
1
BUG=none
BRANCH=none
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: I6ed553c48bdfebf07393f6f5f46832a60971314a
Reviewed-on: https://chromium-review.googlesource.com/205664
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
Tested-by: Daisuke Nojiri <dnojiri@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We use a few bytes of battery-backed nvram to save some flags across
reboots. However if the battery discharges completely, these flags are lost.
There aren't any security issues with that since they reset to safe values,
but some of the flags are used to configure how the system boots in
dev-mode.
If a dev-mode user has completely replaced ChromeOS with some other OS, then
she often needs to set the dev_boot_usb and/or dev_boot_legacy flags as well
in order to boot it using Ctrl-U or Ctrl-L. If the battery dies, then those
flags are cleared, and the only way to make the Chromebook boot again is by
going through recovery, which wipes the disk.
This change uses a new NV space in the TPM to back up some of the nvram
flags. These nvram fields will be backed up:
block_devmode
dev_boot_legacy
dev_boot_signed_only
dev_boot_usb
fwupdate_tries
loc_idx
Because writing to the TPM space is slow and limited to an unspecified but
finite number of cycles, we only back up the fields when specifically
requested by the new backup_nvram_request flag. This flag will be set by
crossystem whenever it is used to change any of the fields listed above. The
backup will be attempted at the NEXT boot (because the TPM is locked after
booting), and the backup_nvram_request flag will be cleared if the backup
was successfull.
Note that this CL is for Top of Trunk only. The firmware will create the
required TPM spaces on systems that have never been booted, but we don't yet
have a secure or reliable method to update existing systems.
FYI, on Link, determining that the TPM's backup NV space doesn't exist adds
about 6ms to the boot time. If it does exist, the backup_nvram_request flag
is cleared automatically so it won't check until it's set again.
BUG=chromium:362105
BRANCH=ToT (only!)
TEST=manual
Testing this is a long and involved process. Read on...
First, there are host-side tests for it. In the chroot:
cd src/platform/ec
make runtests
Second, to test on a completely NEW system that was first booted with a BIOS
that contains this CL, do this:
Enter dev-mode
Use crossystem to set values for the fields listed above
Confirm that "backup_nvram_request" is set to 1
Reboot
Use crossystem to confirm that "backup_nvram_request" is now 0
Remove the battery and the AC
Reattach either battery or AC so it will boot again
Use crossystem to confirm that the backed up fields are still good, while
the others have been reset to default values
Switch to normal mode
Remove the battery and the AC
Reattach either battery or AC so it will boot again
Look at the bios info in chrome://system to see what crossystem says
Confirm that the dev_boot_* flags are all 0, while the others are restored
Third, to set things up to test this on an existing system (I used Link),
you have update the BIOS, delete both the Kernel and Firmware NV spaces in
the TPM, then reboot so that the BIOS will create the Backup, Kernel, and
Firmware spaces. It will only do that if they're all missing.
Open it up, disable write-protect, attach a servo, etc.
Switch to dev-mode, log in.
Run make_dev_firmware.sh
Reboot in recovery mode, and insert a USB stick with a test image on it.
NOTE: In order to fiddle with the TPM, we'll *always* have to boot in
recovery mode, since that's the only time the TPM is left unlocked. That's
NOT the same as pressing Ctrl-U at the scary boot screen. The rest of
these steps assume you've booted in recovery mode and are running from the
test image on the USB stick.
Run
make_dev_ssd.sh --remove_rootfs_verification --recovery_key
Reboot (recovery mode)
Run
mv /etc/init/tcsd.conf /etc/init/tcsd.conf.disabled
Reboot (recovery mode).
Run "tpmc getvf". It should say
deactivated 0
disableForceClear 0
physicalPresence 1
physicalPresenceLock 0
bGlobalLock 0
Run "tpmc geto". It should say
Owned: no
Now you'll need to build the "tpm-nvtool" utility. In the chroot:
cd src/third_party/tpm/nvtool
make
Copy that to the DUT, in /usr/local/bin.
Now run
tcsd
tpm-nvtool --list | grep Index
You may see a number of spaces, but you should at least see these:
# NV Index 0x00001007
# NV Index 0x00001008
Run
tpm_takeownership
It will prompt you for two passwords (and confirm each one). Respond with
something you can remember like "google".
Run
tpm-nvtool --release --index 0x1007 --owner_password "google"
tpm-nvtool --release --index 0x1008 --owner_password "google"
Verify that it worked with
tpm-nvtool --list | grep Index
Power off.
Using servo, flash the new BIOS that has this CL in it.
Power on, normally this time (not recovery mode). If all goes well, it
should create the correct NV spaces and boot into the SSD. Copy tpm-nvtool
into this image too, and run
tpm-nvtool --list | grep Index
You should now see at least these spaces:
# NV Index 0x00001007
# NV Index 0x00001008
# NV Index 0x00001009
Now you're ready to test the backup/recover feature.
Change-Id: I00031fa0774720147327e2ae0f37e26b34b86341
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/202138
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
|
