| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace vboot1-style VBERROR_SUCCESS with VB2_SUCCESS
(trivial change since both are equal values).
BUG=b:124141368, chromium:988410
TEST=make clean && make runtests
BRANCH=none
Change-Id: I46e02471a031e9f36ec869d11d0b957d1c1b5769
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1728114
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1722915
Commit-Queue: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to switch over from GCC to clang for userspace utilities. It
comes with a new default warning that we happen to trigger, so silence
that. It also comes with a dumb reachability checker that can't tell
when the use of one variable is guarded by another, so need to
unnecessarily initialize a variable in load_kernel_test.
BRANCH=none
BUG=chromium:991812
TEST=Built for Kevin with clang.
Change-Id: If9fc391ade0243aea1cae8d682e31390dc082f77
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1744667
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of the conversion of error codes from vboot1 to vboot2,
replace all instances of VbError_t with vb2_error_t.
vboot2 currently uses the int type for return values, but we
would like to implement the use of vb2_error_t instead, which is
potentially clearer than simply using an int. Existing functions
will be converted to use vb2_error_t in a subsequent CL.
BUG=b:124141368, chromium:988410
TEST=make clean && make runtests
BRANCH=none
Change-Id: Iee90d9a1f46bcf5f088e981ba6ddbcf886ff0f18
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1728112
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1722914
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove unused BDB code, previously created for a cancelled SoC
project.
BUG=b:124141368, chromium:986177
TEST=make clean && make runtests
BRANCH=none
Change-Id: I91faf97d9850f8afb816fa324ad9a4d9f3842888
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1710336
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update all references to vboot2-style struct vb2_packed_key.
BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none
Change-Id: I55a5f6bf315bdb4b83a998759d3732077283998e
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1675871
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The PCR extension value size should not have been hardcoded, it is
different for different TPM specification versions.
BRANCH=none
BUG=none
TEST=the error message prints the correct expected input size for both
tpm and tpm2 case now.
Change-Id: I8e65181edff1e62bbaae46e622fe67f420cbab25
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1627640
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Deprecate internal usage of GoogleBinaryBlockHeader struct in
favour of vb2_gbb_header struct. Keep the v1 struct around until
we remove references in other repos.
BUG=b:124141368, chromium:954774
TEST=make clean && make runtests
BRANCH=none
Change-Id: I396d2e624bd5dcac9c461cc86e8175e8f7692d26
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1583826
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per go/vboot2-oprom-cleanup, use vboot2 SD flag
DISPLAY_AVAILABLE, instead of the old vboot1 flags
OPROM_MATTERS and OPROM_LOADED.
Remove instances of "OPROM" and update with correct
nomenclature.
Update code and tests for EC software sync and diagnostic
menu to use vboot2 display init model.
OPROM_MATTERS and OPROM_LOADED are now deprecated, and
will be removed when no references remain in depthcharge
and coreboot.
Deprecate VBERROR_DISPLAY_INIT_MISMATCH (previously
OPROM_MISMATCH) and return VBERROR_REBOOT_REQUIRED
directly when needed.
BUG=b:124141368, b:124192753, chromium:948529
TEST=Build image for eve, force EC update,
check that the "critical update" screen shows
TEST=make clean && make runtests
BRANCH=none
Change-Id: I889872f886230f8559d5cce09d0de194da3fcc38
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1605641
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a bunch of more warnings that are already enabled in
coreboot and thus already enabled for firmware builds anyway (because
coreboot just passes its CFLAGS through). Enabling it in the vboot
Makefile means they also apply to host utilities and tests, which sounds
desirable for consistency.
Fix enough of the cruft and bad coding practices that accumulated over
the years of not having warnings enabled to get it to build again (this
includes making functions static, removing dead code, cleaning up
prototypes, etc.).
Also remove -fno-strict-aliasing from the x86 firmware build options,
because it's not clear why it's there (coreboot isn't doing this, so
presumably it's not needed).
BRANCH=None
BUG=None
TEST=make runtests
Change-Id: Ie4a42083c4770a4eca133b22725be9ba85b24184
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1598721
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These utilities used to be a bmpblk dependency way back in the day. Now
that bmpblk utilities have been removed, we don't need them anymore.
BRANCH=None
BUG=None
TEST=make runtests
Change-Id: I73b77b853dc03a7c867b8726de3cdeb01314916e
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1601677
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes the code displaying vboot screens using bitmap
and layout data stored in GBB. bmpblk_utility, and futility
support for BmpBlock is also removed.
BUG=chromium:622501,chrome-os-partner:54619,b:124141368
BRANCH=none
CQ-DEPEND=CL:373123
TEST=Verified screens on eve && emerge-eve chromeos-bootimage &&
make runtests
Change-Id: I1a8dd8ff0162965e81df121d5a87ea64310a0854
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/367882
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change allocates a bit in the nvram that will be used
in a later change to tell the firmware whether to detour
to diagnostic mode during boot.
BUG=b:124358784
BRANCH=None
TEST=Local build and ran "make runtests". Verified with a later
change that the nvram bit takes effect as expected.
Change-Id: If2fd3f46da30fc7375d37b240e3e745819ae0632
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1504758
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also, add (writable) at the end.
BUG=None
TEST=None
Change-Id: I34eb1e8e02ba3c837ba5fa452f9f6da64ce7b6e0
Reviewed-on: https://chromium-review.googlesource.com/1328391
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some user-space applications need to know whether Alt OS is
currently enabled or disabled. Add alt_os_enabled to
crossystem as a read-only flag for this purpose.
It is currently based off of reading VBSD_ALT_OS_SHOW_PICKER
from VbSharedDataHeader. We may want to change that to a
field dedicated to showing Alt OS state in the future
(see b/117195332).
BUG=b:117195332,b:117142023
TEST=emerge-eve vboot_reference && \
cros deploy --force --board=eve dut vboot_reference
Change-Id: Ic9a120e7d24021eb984d501f09ce4d7b6f85d730
Reviewed-on: https://chromium-review.googlesource.com/1328390
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, it is impossible to programmatically enable/disable
Alt OS mode in eve. This is because only EC-RW supports the
kbatboot keyboard matrix functionality. But, as part of the
campfire boot flow, the keyboard matrix is retrieved *immediately*
after jumping into EC-RW. We need to insert a small pause in
order to allow for some entity (autotest/servo) to send a kbatboot
command, simulating the Alt OS keyboard press hotkey.
BUG=b:117140648,b:118786884
TEST=Manually use crossystem to set post_ec_sync_delay=1
Reboot, and wait for the delay to begin
Run `kbatboot 1 4 1` in EC console
Check that AP console contains:
"vb2_post_ec_sync_hooks: post_ec_sync_delay 5000 ms..."
TEST=make clean && make runtests
Note that we are only cherry-picking the changes which affect
crossystem in this CL. Firmware changes will still live in
campfire-eve branch only.
Change-Id: I1305357199d87b80b4edc4e311015106ab07de65
Reviewed-on: https://chromium-review.googlesource.com/c/1256644
Commit-Queue: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Trybot-Ready: Joel Kitching <kitching@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit 64d7369976b88b21d8d8a860252023776a2f119e)
Reviewed-on: https://chromium-review.googlesource.com/1328389
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In chromium:895549, we want to have consistent behavior of
'tpmc def' between TPM 1.2 and TPM 2.0.
In TPM 1.2, define space command will undefine the existing space,
and create a new one. So we make the 'tpmc def' act as this by
default.
Also, provide a option for whom may want to define a new space
only if it is not defined yet. It will return TPM error code
at that case.
BUG=chromium:895549
BRANCH=None
TEST=unit test; manually test:
# For TPM 2.0 use AUTHREAD|AUTHWRITE
tpmc tpmversion | grep 2.0 && export PERM=0x40004
tpmc tpmversion | grep 1.2 && export PERM=0x1
# Define the space
tpmc def 0x1020 0x1 "$PERM"
# Redefine the space, default will overwrite
tpmc def 0x1020 0x1 "$PERM"
# Expected: Success
tpmc def 0x1020 0x1 "$PERM" --no-overwrite
# Expected: output error for the space is already defined.
# For TPM 2.0, it should output:
# command "def" failed with code 0x14c
# the TPM error code is unknown to this program
# For TPM 1.2, it should output:
# The space is existing but --no-overwrite is set.
Change-Id: I9b4e742f2935578443ebcc69e91d0aebc84deed8
Reviewed-on: https://chromium-review.googlesource.com/1298098
Commit-Ready: Meng-Huan Yu <menghuan@chromium.org>
Tested-by: Meng-Huan Yu <menghuan@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For TPM 1.2, the undef command only works when NvLocked is not set
which is usually set before boot, even for recovery mode.
For TPM 2.0, it will automaticly choose the correct authorization
according to the TPMA_NV_PLATFORMCREATE attribute of that index.
BUG=chromium:895549
BRANCH=None
TEST=No test for TPM 1.2
Manually test for TPM 2.0:
1. Boot with platform hierarchy is disabled, then
# perm: TPMA_NV_AUTHREAD | TPMA_NV_AUTHWRITE
tpmc def 0x1020 0x10 0x40004
tpmc getp 0x1020 # check the space exists, expect success
tpmc undef 0x1020
2. Boot with platform hierarchy is enabled, then run
# perm: TPMA_NV_AUTHREAD | TPMA_NV_AUTHWRITE |
# TPMA_NV_PLATFORMCREATE
tpmc def 0x1020 0x1 0x40040004
tpmc getp 0x1020 # check the space exists, expect success
tpmc undef 0x1020
Change-Id: I1d814287fda3e7c11933eca7334fdc3ab1ebf895
Reviewed-on: https://chromium-review.googlesource.com/1298097
Commit-Ready: Meng-Huan Yu <menghuan@chromium.org>
Tested-by: Meng-Huan Yu <menghuan@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A bunch of the params have '(writable)' at the end of the description
to indicate it's a writable field. However, it's not listed on every
field. Rather than resync all of them, automate it. Throw in the
type for good measure.
The old display:
hwid = LUMPY # Hardware ID
dev_boot_usb = 1 # Enable developer mode boot from USB/SD (writable)
The new display:
hwid = LUMPY # [RO/str] Hardware ID
dev_boot_usb = 1 # [RW/int] Enable developer mode boot from USB/SD
BUG=None
TEST=`crossystem` output looks better
BRANCH=None
Change-Id: I953cf5cb78b52edeece4215c3249b79b26d36f26
Reviewed-on: https://chromium-review.googlesource.com/1224652
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
clear_tpm_owner_request is 23 chars now.
BUG=None
TEST=`crossystem` is aligned
BRANCH=None
Change-Id: I6d077b7311c74c51fd608281ad48b29fc6219937
Reviewed-on: https://chromium-review.googlesource.com/1218502
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A bunch of these fields are slightly missorted.
BUG=None
TEST=`crossystem` is sorted
BRANCH=None
Change-Id: I9e90343f5034e7a8a2d81c9b8eeb4b1d7286f157
Reviewed-on: https://chromium-review.googlesource.com/1218503
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Port CL:1009444 to ToT.
Adds (enable|disable)_alt_os_request flag for AltOS boot flow.
BRANCH=none
BUG=b:70804764
TEST=1. make runtests
2. Manually, set and get new flags via crossystem
Change-Id: Ie7fe2620f736335f11c39cbfe37b3fdf400ff926
Reviewed-on: https://chromium-review.googlesource.com/1014840
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Ting Shen <phoenixshen@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a flag recoverysw_is_virtual for determining whether a
device's recovery switch status (as given by recoverysw_cur) is from a
physical button or a line connected to Servo, without a physical button
(e.g. veyron_minnie).
BRANCH=none
BUG=chromium:845589
TEST=manually tested on cave and veyron_minnie; make runtests
Change-Id: If8e54e1df78b25a52dbf359ce641bea75533d705
Reviewed-on: https://chromium-review.googlesource.com/1157537
Commit-Ready: Tudor Brindus <tbrindus@chromium.org>
Tested-by: Tudor Brindus <tbrindus@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, vbutil_what_keys assumed any input files
of size 8 MB or lower are firmware images. Push that
size up to 16 MB to support larger firmware images,
such as that of eve's.
BUG=None
TEST=vbutil_what_keys on eve image.bin
Change-Id: Iaf07ad3f419f5e79584391a2b846100e3fae61dc
Reviewed-on: https://chromium-review.googlesource.com/1156326
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds a new NV and GBB flag for controlling USB device
mode behavior, adding an additional step to enable UDC on systems
that support it.
Users of this feature will need to first enable developer mode and
then enable UDC separately by running "crossystem dev_enable_udc=1".
Alternatively those without write protect enabled can set a GBB
flag to have UDC enabled by default while in developer mode.
This is based on the security reviewed proposal at
https://docs.google.com/document/d/1b6avd9xvhvljN_NKtctWrClj4mSYZ_uPmp7MmAnPwqs
BUG=b:74339386
BRANCH=poppy
TEST=manual testing on Eve device
Change-Id: I6f440320f28b033639b53246d3034bc8acc37a33
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1010769
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a command that checks whether the well-known secret (SHA1 hash of
20 zero bytes) works for owner authentication. This is accomplished by
sending a DefineSpace command for TPM_NV_INDEX_TRIAL, which will
trigger auth checks but not actually allocate an NVRAM space.
Successful command execution thus indicates that authorization was
successful. tpmc exposes the status via its exit status. This will be
used in the tpm-firmware-updater driver script to verify that the TPM
is in upgradable state.
BRANCH=None
BUG=chromium:788719
TEST=compiles
Change-Id: I630831127e0e01186650412a92643c2153fbe2ee
Reviewed-on: https://chromium-review.googlesource.com/978171
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new TlclGetSpaceInfo function returns more detailed information
about a defined NVRAM space. The existing TlclGetPermissions function
is now using TlclGetSpaceInfo behind the scenes.
BRANCH=None
BUG=chromium:788719
TEST=New unit tests.
Change-Id: I6c4f490d575788b696fd742a69e81e2767ec50f1
Reviewed-on: https://chromium-review.googlesource.com/937705
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds two new functions and their corresponding TPM commands to create
delegation families and list the delegation family table, respectively.
This isn't sufficient to meaningfully manage delegation families, but good
enough for the (ab)use case of storing flags in delegation family labels, which
we are going to do in order to strengthen encrypted stateful to guarantee
recreation of the encrypted file system after TPM clear..
BRANCH=None
BUG=chromium:788719
TEST=new unit tests
Change-Id: I31beb662784a8fff450b485c7cabc553944d7772
Reviewed-on: https://chromium-review.googlesource.com/817199
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a TlclDefineSpaceEx function that allows to pass additional
parameters when creating NVRAM spaces, i.e. owner authorization as
well as PCR bindings.
BRANCH=None
BUG=chromium:788719
TEST=New unit tests.
Change-Id: I73404c05528a89604fea3bcb1f00741fb865ba77
Reviewed-on: https://chromium-review.googlesource.com/814114
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Trybot-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the ability to take TPM ownership. This requires two new commands:
TPM_OIAP to start an auth session and TPM_TakeOwnership to establish
ownership. TPM_TakeOwnership requires an auth session and proper
command authentication to work, which is also added.
BRANCH=None
BUG=chromium:788719
TEST=new unit tests
Change-Id: Ib70144eedb0b1c7c43b26c06529d33ccbaa51a0e
Reviewed-on: https://chromium-review.googlesource.com/790414
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Trybot-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a TlclReadPubek library function to read the public endorsement
key.
BRANCH=None
BUG=chromium:788719
TEST=New unit tests.
Change-Id: I5f23b76b88198d656f4ba5782d2b4f25aaa082b1
Reviewed-on: https://chromium-review.googlesource.com/790413
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Trybot-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default value is "disk", and should be mentionned as an option.
BRANCH=none
BUG=none
TEST=emerge-poppy -av vboot_reference
Change-Id: I9ddfe155f1dbaf019b74c1bab7b5ce5539545e7f
Reviewed-on: https://chromium-review.googlesource.com/989375
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that vb2_shared_data / vb2_context provides all the same data to
lower-level kernel verification code that cparams did, stop passing
cparams down to those functions.
No change in functionality.
BUG=chromium:611535
BRANCH=none
TEST=make -j runtests; build bob firmware and boot it
Change-Id: I86eb1801ee96d8b56404b74843a8d09e3122567f
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/852814
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The region API was a way for firmware and kernel verification to get
at various blocks of caller-provided data. In practice, we only used
it internally as a way to get at parts of the GBB. Prune it down to
access only the bits of GBB we still need, from the buffer we already
know we have.
In the long run we should use the same vb2ex_read_resource() API that
vb2 firmware verification does, but that should be done in a follow-up
CL since it'll need to be coordinated with support in depthcharge.
No change in functionality.
BUG=chromium:611535
BRANCH=none
TEST=make -j runtests; build bob firmware and boot it
Change-Id: I5715cb8d88274164a1a73ed4a56bbd93af46f9bf
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/852798
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, firmware verification uses entirely vb2 structs, including
vb2_shared_data. This goes through an ugly translation to the old vb1
VbSharedData to pass it to depthcharge. The vboot kernel verification
maintains an equally ugly translation back to the vb2 struct
internally.
Eventually, we want to get rid of all that and use vb2 all the way
down to what crossystem picks up from the OS.
But before we can do that, we need to finish translating kernel
verification code to use the new vb2 structs. This is a step on that
path, using vb2_shared_data equivalents where present and hiding the
old vb1 shared data struct as a member of vb2_shared_data so at least
the vboot functions don't need to pass around cparams to get at it.
This will be followed by more CLs which convert more vboot internals
to use vb2 structs directly, and eventually coreboot/depthcharge CLs
which pass the vb2 structs from firmware verification directly to
kernel verification.
No change in functionality.
BUG=chromium:611535
BRANCH=none
TEST=make -j runtests; build bob firmware and boot it
Change-Id: I5df8ce81ba3c3ac3f2cb4229db5461757cd89d8d
Reviewed-on: https://chromium-review.googlesource.com/852856
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove the old vboot1 vboot_nvstorage library (VbNv*() functions) and
use the vboot2 library (vb2_nv_*()) instead. This is needed in
preparation for moving to 64-byte records; no sense in implementing
that change twice...
Should be (better be) no change in system behavior.
BUG=chromium:789276
BRANCH=none
TEST=make runtests
compare output of crossystem before/after change (should be identical)
Change-Id: I10f9975b0824263064b9a74a3c6daadcecc085d3
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/794732
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This just adds the kernel_max_rollforward field to the nvstorage
libraries and crossystem. The firmware does not use it yet; that's
coming in a subsequent CL.
16 of the fields's 32 bits are taken from unused bytes of the kernel
field. This has no effect on existing usage.
BUG=chromium:783997
BRANCH=none
TEST=make runtests
Also manual testing. In a root shell:
crossystem kernel_max_rollforward --> Should default to 0
crossystem kernel_max_rollforward=0xfffffffe
crossystem kernel_max_rollforward --> Should be 0xfffffffe
(Note that setting it to 0xffffffff is indistinguishable from the
-1 value that the crossystem library uses to indicate error, so
0xffffffff isn't actually usable as a max rollforward limit. But
0xfffffffe is, and if we ever get so close to the limit that we
need to use 0xffffffff, something has already gone horribly wrong
with our versioning strategy...)
Change-Id: I008f412e6ed3c0b59beb9881268585af69d1ff2e
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/765572
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Extend TlclGetVersion to return vendor specific data, if
requested.
2) Extend 'tpmc getver' to include vendor specific data.
BRANCH=none
BUG=chromium:771561
TEST=unit tests, running 'tpmc getver'
Change-Id: Ic04c242d4e6f33b45a80479be9ab9777b317ebe2
Reviewed-on: https://chromium-review.googlesource.com/706240
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium:765499
TEST=unittests pass
BRANCH=None
Change-Id: I5c5118c44897d89e5116a9fce49bacbf16704dd8
Reviewed-on: https://chromium-review.googlesource.com/668658
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add tpm_lite library support for the IFX specific TPM_FieldUpgrade
subcommand "FieldUpgradeInfoRequest2". Expose this via tpmc so it can
be used from shell scripts.
BRANCH=none
BUG=chromium:728130
TEST=Builds and tpmc ifxfieldupgradeinfo prints plausible results.
Change-Id: Ie58ebccef7fe90f7fca65d7cd9c78e1f16f9f29a
Reviewed-on: https://chromium-review.googlesource.com/562772
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sw_wpsw_boot field only ever worked correctly on some platforms. It
also isn't used anywhere in the codebase (only other reference is a
comment about how it doesn't always work in factory_installer.sh), and
it's no longer clear what it was meant for in the first place
(b/35510092 hints at needing it for some planned feature that was never
implemented). Let's get rid of it to avoid confusing people.
If userspace tools need to know the software write-protect state, they
can instead run flashrom directly. For feedback reports, this output is
already included in the "verified boot" section.
BRANCH=none
BUG=chromium:508269,chromium:742685
TEST=none
Change-Id: I8975b1e2c8e604b4cb48d092c13b923b4db2d207
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/575389
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This command exposes the vendor and TPM firmware version.
BRANCH=none
BUG=chromium:728130
TEST=Builds and tpmc getversion prints plausible results.
Change-Id: Iec556a298e025e10bda00121b40a25d8dc3839d1
Reviewed-on: https://chromium-review.googlesource.com/565287
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL 1.1 has made significant non-backwards compatible changes to its
API as outlined in:
https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes
BRANCH=none
BUG=chromium:738114
TEST=cros_workon --host start vboot_reference
TEST=w/ openssl-1.0.2k: sudo emerge vboot_reference
TEST=w/ openssl-1.1.0e: sudo emerge vboot_reference
=> both build ok
$ futility version
=> command runs without error
TEST=cros_workon --board=soraka start vboot_reference coreboot
TEST=w/ openssl-1.0.2k: emerge-soraka vboot_reference coreboot
TEST=w/ openssl-1.1.0e: emerge-soraka vboot_reference coreboot
=> All build ok
Change-Id: I37cfc8cbb04a092eab7b0b3224f475b82609447c
Reviewed-on: https://chromium-review.googlesource.com/557739
Commit-Ready: Daniel Kurtz <djkurtz@chromium.org>
Tested-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace commands using gbb_utility by the new 'gbb' futility command.
BRANCH=none
BUG=None
TEST=USE=test emerge-$BOARD vboot_reference
Change-Id: I8c1547d295a955373413482509a33964b0e0c06f
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/538442
Reviewed-by: Stefan Reinauer <reinauer@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
BRANCH=ToT
TEST=ensure Rowan PreMP keys are correctly output by
'vbutil_what_keys chromeos_9547.0.0_rowan_recovery_canary-
channel_premp.bin'
Change-Id: I292425106a0b2d8e42f8a31de18edd0e63618842
Reviewed-on: https://chromium-review.googlesource.com/514984
Commit-Ready: Patrick Berny <pberny@chromium.org>
Tested-by: Patrick Berny <pberny@chromium.org>
Reviewed-by: Patrick Berny <pberny@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This also adds the required tests (keys, testcases), and some
additional tests in vb2_rsa_utility_tests.c that were not
added when 2048-bit exponent 3 support was added.
BRANCH=none
BUG=chromium:684354
TEST=make runtests
Change-Id: I56d22302c2254ef500b9d2d290a79d8c8bc39942
Reviewed-on: https://chromium-review.googlesource.com/449060
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This also adds the required tests (keys, testcases).
BRANCH=none
BUG=chromium:684354
TEST=make runtests
Change-Id: I5e148f8792ea325f813d76089271f3c4bcc2935d
Reviewed-on: https://chromium-review.googlesource.com/438951
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This cleans up the vboot functions which handle display so they don't
need to pass it around. Eventually, it'll be absorbed by vb2_context.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; build_packages --board=reef chromeos-firmware; boot reef
Change-Id: I58169dfd37abe657f9b9aa339cc72ffa398329e0
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/414288
Reviewed-by: Shelley Chen <shchen@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Passing the vb2 context around allows using more of the vb2 functions in
future changes, and prepares for a future where we directly use the
context as it was set up in firmware verification.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I8efa606dbdec5d195b66eb899e76fdc84337ad36
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/404997
Reviewed-by: Shelley Chen <shchen@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide 'phase_enforcement' field that indicates if a
system should have its full security features enabled while
in the factory. The backend implementation currently is only
for x86 using chromeos_acpi.
On reef:
$ grep ^ /sys/devices/platform/chromeos_acpi/GPIO.*/*
/sys/devices/platform/chromeos_acpi/GPIO.2/GPIO.0:4
/sys/devices/platform/chromeos_acpi/GPIO.2/GPIO.1:1
/sys/devices/platform/chromeos_acpi/GPIO.2/GPIO.2:10
/sys/devices/platform/chromeos_acpi/GPIO.2/GPIO.3:INT3452:00
BUG=chrome-os-partner:59951
BRANCH=None
TEST=Tested on reef with accompanying coreboot patches and flipping
internal pulls to see the correct setting.
Change-Id: Id5401d795cff8874a038f2456121549713a11237
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/418899
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When some of the space re-creation procedure failed, chromeos-tpm-recovery
should exit with non-zero value and not saying TPM is successfully recovered.
However, there are few known issues:
- 0x1009 is not needed in TPM2.
- The space is not created in TPM2.
- tlcl does not support define spaces with policies yet (crosbug.com/p/59594).
As a result, we want to return failure only if writing any of the two
spaces (0x1007, 0x1008) fails.
This change also revised chromeos-tpm-recovery so it won't exit with unbound
variable error due to early exit without having daemon_was_running variable.
BRANCH=None
BUG=chrome-os-partner:60099
TEST=For boards with TPM and TPM2, do:
build_image --board $BOARD factory_install;
Boot factory install shim, select 'I' and get TPM recovered.
Change-Id: I3f79b02cdf77ac61cf1361033c489604dcd603f2
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/412543
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|