| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default behavior of dump_kernel_config is changed from using
CROS_32BIT_ENTRY_ADDR to reading from kernel preamble. The main
motivation for this change is in preparation for ARM boards of which
kernel body load address cannot be CROS_32BIT_ENTRY_ADDR. Since we do
not want that all ARM calling sides of dump_kernel_config have to carry
the kloadaddr argument, it would be better to let dump_kernel_config
read this address from the kernel preamble by default.
BUG=chromium-os:28077
TEST=Run dump_kernel_config w/ and w/o this change
Change-Id: I5eddcc35e5970dfce02cc66208438c57351f1c81
Reviewed-on: https://gerrit.chromium.org/gerrit/19660
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Reviewed-by: Don Garrett <dgarrett@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Che-Liang Chiou <clchiou@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the filesystem resizing process starts, it has the TPM open,
which means it can collide with tcsd after the main process exits.
Additionally, improve the debugging around TPM usage for better timing
analysis.
BUG=None
TEST=lumpy build & manual testing
Change-Id: I7028131015fb972c99e8b3d035f58346f08fbd06
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/19535
Reviewed-by: Elly Jones <ellyjones@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the utility needed to mount the encrypted partition at boot
time, as defined by the design document:
https://docs.google.com/a/google.com/document/d/1VQTDXvNsEFcrUOmNC4OmCfJst49Pd_mxZ41nfKu5EPc/edit
This still needs Cryptohome support and chromeos_startup to switch to
using it.
BUG=chromium-os:22172
TEST=lumpy build & manual testing
Change-Id: Ib9f0b4e5ba1a8aeb4737d0c8ec72a8e0dee049da
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/16889
Reviewed-by: Elly Jones <ellyjones@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This started out as a simple fix for a minor bug and turned into a nearly
complete rewrite. Now that it's done I'm not sure it really matters. This
version is a lot cleaner about handling command-line args, but isn't
otherwise noticeably better. Sigh.
BUG=none
TEST=manual
make
make runtests
Change-Id: I9c194e9c0e6418488635989ef666bc83c6e39816
Reviewed-on: https://gerrit.chromium.org/gerrit/18268
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added a test to demonstrate the fix.
BUG=none
TEST=manual
make
make runtests
Change-Id: I06e85b993cbe21088641a62d55a3d3ddb696ba76
Reviewed-on: https://gerrit.chromium.org/gerrit/18240
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I've found a bug in vbutil_kernel, but the names of some of the internal
variables and struct members make it hard to follow (which is probably why
the bug exists). Before I fix it, I need to rename some things so we can see
what's wrong. This does that.
BUG=none (yet)
TEST=manual
make
make runtests
Change-Id: I8646c8acd33c58ccd52668943bcee4d0664716aa
Reviewed-on: https://gerrit.chromium.org/gerrit/18146
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=manual
Compare
dump_fmap -f bios.bin
with
dump_fmap -f bios.bin FW_MAIN_A FW_MAIN_B GBB
Change-Id: Id567113ab5e7121422b89f00d9eb8c0b27942259
Reviewed-on: https://gerrit.chromium.org/gerrit/17179
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Provide TPM_GetRandom function to library callers.
BUG=chromium-os:22172
TEST=lumpy build & manual testing
Change-Id: Id604fd92490ba697033158a580b0b4df1d975932
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/17120
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=manual
Try it on a USB stick. For example,
sudo vbutil_what_keys /dev/sdc
It should work.
Change-Id: I1e5be61d5539bae00717efa0e62c02203129a3c1
Reviewed-on: https://gerrit.chromium.org/gerrit/16358
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:7878
TEST=none
Well, you could test it like so:
flashrom -r /dev/null -i GBB:/tmp/GBB.bin
vbutil_what_keys GBB.bin
except that the current ChromeOS image doesn't include vbutil_what_keys. It
probably should, but that's a different CL.
Change-Id: I1e5b6cf30a81a46cb5c8c5d9b10f351dafa9ca87
Reviewed-on: https://gerrit.chromium.org/gerrit/15359
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chrome-os-partner:7878
TEST=manual
Run vbutil_what_keys specifying either a BIOS or disk image signed with the
Stumpy MP keys. It should identify it as such. For example:
vbutil_what_keys chromeos_1675.0.0_stumpy_recovery_dev-channel_mp.bin
or
vbutil_what_keys bios.bin
The output should contain the strings "Stumpy MP" somewhere, if the image or
BIOS is signed with the Stumpy MP keys.
Change-Id: I575b7358ced4234c918eff40cdeb17fe06ab331c
Reviewed-on: https://gerrit.chromium.org/gerrit/15271
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
export them as a library to be used by post installer programs.
A matching change to vboot_reference-9999.ebuild is also required.
TEST=Built, verified library symbols with nm on x86-mario, amd64-generic.
BUG=chromium-os:25381
Change-Id: Icb23838a8cd804e0c66718c6d4d60f639ee6b72f
Reviewed-on: https://gerrit.chromium.org/gerrit/14770
Commit-Ready: Don Garrett <dgarrett@chromium.org>
Reviewed-by: Don Garrett <dgarrett@chromium.org>
Tested-by: Don Garrett <dgarrett@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This implements a platform_family value within the crossystem utility,
as the platform (particularly for ARM) is not easily accessable elsewhere at
runtime.
For the ARM side this contains a table which is used to determine the platform
family based on the /proc/device-tree/compatible entry. Similarly on x86 the
table is used to check against PCI entries. Additional entries can be made
as new platform families emerge.
BUG=chromium-os:24669
TEST=Manual, verified that crossystem runs properly and returns a valid
platform_family value on various platforms (mario, alex, z600, x220, etc).
Change-Id: Id0e973902d27ead471c1243bcc6c3292acc8479d
Reviewed-on: https://gerrit.chromium.org/gerrit/13520
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Olof Johansson <olofj@chromium.org>
Reviewed-by: Olof Johansson <olofj@chromium.org>
Tested-by: Olof Johansson <olofj@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add ability to report a single PCR value via the tpmc utility. Using
/sys/devices/platform/tpm_tis/pcrs is too slow, since it reads all
PCRs before returning. Anything wanting to read PCR0 on a time-critical
path needs maximum speed.
BUG=chromium-os:22172
TEST=install and test x86-alex.
Change-Id: I2d450961d33fa314d54b909135a74aa756279ec6
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/13891
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: I3bc15e18dcb9f89346815615be48729b8966736c
Reviewed-on: https://gerrit.chromium.org/gerrit/13014
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When you enter dev-mode,
Pressing Ctrl-U to boot from USB is DISABLED.
Booting any self-signed kernel from the SSD is ENABLED.
This replaces the "crossystem dev_boot_custom" argument with
"crossystem dev_boot_signed_only", which has the opposite polarity.
So if you want to dev-mode to only boot official kernels, you have to
explictly set it that way. If you leave dev-mode and then come back,
it will go back to the conditions shown above.
BUG=chrome-os-partner:5954
TEST=manual
Just run the factory flow. It was broken; this should fix it (except for any
workarounds that were added while it was broken; those may need to be
reverted).
Change-Id: I13e0edbc0e77c5d6ea609dabf771085006cd1805
Reviewed-on: https://gerrit.chromium.org/gerrit/11853
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Although we're now using a single unified BIOS, it is pretty nice to be able
to get a shell in developer mode while still using verified boot for the
kernel and filesystem. Alex & ZGB implemented this by requiring the dev-mode
user to install a special dev-mode BIOS. We don't do that, but we DO require
setting a special flag with "crossystem" to accomplish the same thing.
In order to allow booting a self-signed kernel, you must boot in developer
mode, open a shell, and run this:
crossystem dev_boot_custom=1
Special note to internal developers: If you're in the habit (as I am) of
booting directly from a USB stick in dev-mode, you'll have to run this:
crossystem dev_boot_custom=1 dev_boot_usb=1
Just using dev_boot_usb=1 is no longer enough, because the USB kernel is
signed using the recovery key and by pressing Ctrl-U, we validate it with
the kernel data key. That worked before this change because any self-signed
kernel was fine, and that's how the USB key was treated. Now it actually
requires a verified signature until you enable dev_boot_custom=1 also.
BUG=chrome-os-partner:5954
TEST=manual
Boot once in normal mode, which clears the special flags. Then switch to
developer mode. You should be able to boot and get a root shell.
Run
crossystem dev_boot_usb=1
Obtain a USB recovery image that's keyed differently. For example, if you're
testing with dev-keys, use a PVT-signed image or vice-versa.
Reboot into dev-mode with the USB recovery stick inserted. At the dev-mode
screen, press Ctrl-U. You should hear a single beep, but it should not boot.
Press Ctrl-D to boot from the hard drive, log in to a shell and run
crossystem dev_boot_custom=1
Repeat the previous test. This time when you press Ctrl-U, it should boot
the recovery image. Turn the system off before it does anything.
That's it.
Change-Id: I1811ee9a188974b3f94c83c52b00b60028b86c69
Reviewed-on: https://gerrit.chromium.org/gerrit/11442
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This new version adds a bunch more output, displays the TPM rollback version
values (if it can; Cr-48 doesn't export this info through crossystem), looks
for and validates all kernels on all devices, etc.
It also add some command-line arguments to use to examine files containing
BIOS, kernel, and disk images.
BUG=chromium-os:6676
TEST=manual
Boot, wait a minute or so, then log in and go to chrome://system
Click the Expand button for "verified boot". You should see a bunch of
useful text describing the firmware and kernel partitions.
I tried this on Cr-48, Stumpy, and Kaen.
Change-Id: I2d9aa0fcb0c12cf2b951ce9e2316b89532901125
Reviewed-on: https://gerrit.chromium.org/gerrit/11327
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The rest of the chromiumos build system uses amd64 as the
architecture name for 64bit x86. This adds support for this
name to vbutil.
BUG=chromium-os:21284
TEST=vbutil --arch amd64 should not return unknown architecture
Change-Id: I37531591a7a31486f6447ae611d54569d1ea59d5
Reviewed-on: http://gerrit.chromium.org/gerrit/9959
Tested-by: Sonny Rao <sonnyrao@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This changes the code accept x86.* as an alias for x86 architecture
since both x86 and x86_64 systems will handle things identically
BUG=chromium-os:20336
TEST=try to use update_kernel.sh on a system running an x86_64 kernel
Change-Id: Icf18925bdb8583cd53c6f6254c7493bdec540465
Reviewed-on: http://gerrit.chromium.org/gerrit/7873
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Che-Liang Chiou <clchiou@chromium.org>
Tested-by: Sonny Rao <sonnyrao@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=manual
make
make runtests
Change-Id: I8456c25187e01666cc46bad50813e8a4d268f1bc
Reviewed-on: http://gerrit.chromium.org/gerrit/7409
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The --flags is added to get/set the "flags" field.
BUG=chrome-os-partner:2317
TEST=gbb_utiltiy --get --flags bios.bin # see flags as 0
gbb_utility --set --flags=0x3052 bios.bin
# for version error message for GBB1.0 files,
# and see flag value changed for GBB1.1+ files
gbb_utility --get --flags bios.bin
# flag as 0 for GBB1.0, 0x3052 for GBB1.1+
Change-Id: I7aab62c8fc32ea08b4822e496f543511ff5e5ebc
Reviewed-on: http://gerrit.chromium.org/gerrit/6721
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than [start, size] pair.
BUG=no bug id
TEST=tested on chroot.
Change-Id: I34ec1f654f88f2e9a27b06f07825ff8bf4d9cd8e
Reviewed-on: http://gerrit.chromium.org/gerrit/6573
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Yung-Chieh Lo <yjlou%chromium.org@gtempaccount.com>
Tested-by: Yung-Chieh Lo <yjlou%chromium.org@gtempaccount.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The vboot_api.h doesn't require the BIOS display the ASCII HWID in
a graphical form (ARM U-Boot doesn't know how), so we have to do it
ourselves. This change makes that possible.
Summary of changes:
* bmpblk_font.h defines a structure to map ASCII chars to BMPs
* bmpblk_font utility generates that font structure
* bmpblock format is bumped to version 1.2
- YAML file specifies font to use for $HWID
- make_default_yaml updated to emit the new format
- README updated to describe the difference
BUG=chromium-os:18631
TEST=manual
I've tested this on ARM, like so:
Inside the chroot, build a U-Boot that uses it:
emerge-tegra2_kaen vboot_reference vboot_reference-firmware
emerge-tegra2_kaen tegra-bct tegra2-public-firmware-fdts \
chromeos-u-boot chromeos-bootimage
Outside chroot, but in src/platform/vboot_reference:
make
<copy ./build/utility/bmpblk_font and ./build/utility/bmpblk_utility to
somewhere in your $PATH>
make clean
cd scripts/newbitmaps/fonts
bmpblk_font --outfile ../images/hwid_fonts.bin outdir/*
cd scripts/newbitmaps/images
make arm
cd out_arm
<edit DEFAULT.yaml>
bmpblk_utility -z 2 -c DEFAULT.yaml arm_bmpblock.bin
<use gbb_utility to replace the bitmaps in the U-Boot image, boot it>
The HWID string is displayed.
Change-Id: I782004a0f30c57fa1f3bb246e8c59a02c5e9f561
Reviewed-on: http://gerrit.chromium.org/gerrit/6544
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since the firmware supporting RO normal boot doesn't contains any valid RW
firmware body. Skipping the check avoids unnecessary failure.
BUG=chromium-os:19451
TEST=manual
Picked a firmware supporting RO normal boot and extracted its sections. Ran:
$ vbutil_firmware --verify VBLOCK_A --signpubkey \
> /usr/share/vboot/devkeys/root_key.vbpubk --fv RW_SECTION_A
Key block:
Size: 2232
Flags: 7 (ignored)
Data key algorithm: 7 RSA4096 SHA256
Data key version: 1
Data key sha1sum: e2c1c92d7d7aa7dfed5e8375edd30b7ae52b7450
Preamble:
Size: 2164
Header version: 2.1
Firmware version: 1
Kernel key algorithm: 7 RSA4096 SHA256
Kernel key version: 1
Kernel key sha1sum: 5d2b220899c4403d564092ada3f12d3cc4483223
Firmware body size: 456411
Preamble flags: 1
Preamble requests USE_RO_NORMAL; skipping body verification.
Change-Id: I8b81e679016f2946198396c5627415fe979c0a4f
Reviewed-on: http://gerrit.chromium.org/gerrit/6396
Tested-by: Tom Wai-Hong Tam <waihong@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bmpblk_utility correctly supports this field, which can be used by the
factory process to map the localization to the correct locale. We forgot to
put the entries in the DEFAULT.yaml file. This change corrects that for
future releases.
BUG=none
TEST=none
Change-Id: Iea65d7439e6ef8cc8730ec1b862abba87041d93f
Reviewed-on: http://gerrit.chromium.org/gerrit/6424
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The firmware image packing is now done by cros_bundle_firmware of
cros-devutils package, and we may retire pack_firmware_image.
BUG=none
TEST=emerge vboot_reference && [ ! -x /usr/bin/pack_firmware_image ]
Change-Id: I177508bf8aada822535fe61258cd1a0df52bfac6
Reviewed-on: http://gerrit.chromium.org/gerrit/5979
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: Ic4fe7d9962eee9b819b5517ea375ca0855ce6968
Reviewed-on: http://gerrit.chromium.org/gerrit/5019
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:18383
TEST=compiles for both x86 and ARM; boots on my test system
Change-Id: I6c7dc1dd086fb06e4ad8daa053bccdf61a463240
Reviewed-on: http://gerrit.chromium.org/gerrit/4977
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Tested-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Still need to update gbb_utility and firmware to use the flags.
BUG=chrome-os-partner:2317
TEST=make && make runtests
Change-Id: I16c77a175c78efa3212a00bbf94d68384ef1829f
Reviewed-on: http://gerrit.chromium.org/gerrit/4817
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:18226
TEST=make && make runtests
Change-Id: Ie22e99a9796866e646ed92158410bc7a2fdf90f6
Reviewed-on: http://gerrit.chromium.org/gerrit/4754
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Tested-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:14029
TEST=make && make runtests, and manually check:
crossystem fwupdate_tries=3
crossystem fwupdate_tries kern_nv
(should print 3 0x00000003)
crossystem kern_nv=0
(should fail)
crossystem fwupdate_tries kern_nv
(should print 3 0x00000003)
crossystem fwupdate_tries=0
crossystem fwupdate_tries kern_nv
(should print 0 0x00000000)
Change-Id: I906ad41a36378b93e0c3330d8f94b7d69aafa536
Reviewed-on: http://gerrit.chromium.org/gerrit/4751
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:18161
TEST=make && make runtests
Change-Id: I1f60654fef84e26ee15fa8bdaacdb87fb1ddf69e
Reviewed-on: http://gerrit.chromium.org/gerrit/4676
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Try #2, now that ARM has the fix from http://gerrit.chromium.org/gerrit/4667
This cleans up the TPM calls inside vboot_reference.
* TPM calls share mode code between boot modes.
* Better handling for TPM_E_MUST_REBOOT, particularly in recovery mode.
* TAB screen shows current TPM versions.
No changes required to the wrapper API; these changes are internal to vboot.
BUG=chromium-os:18084
TEST=make && make runtests; built for both alex and tegra2-seaboard
Original-Change-Id: I2a52066f2889210af83409872b10f9d6380470af
(cherry picked from commit da55560cddcf7a1aa8a881cdf52792a21a01e766)
Change-Id: I120797145772116f09b8125b9e56fdbb11dc16b3
Reviewed-on: http://gerrit.chromium.org/gerrit/4671
Tested-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
| |
This reverts commit da55560cddcf7a1aa8a881cdf52792a21a01e766. This commit caused http://build.chromium.org/p/chromiumos/builders/arm%20tegra2%20binary/builds/6301 to fail.
Change-Id: Ie132c1e600ab28f97337ecfe0e7cff053987717d
Reviewed-on: http://gerrit.chromium.org/gerrit/4661
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Tested-by: Elly Jones <ellyjones@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This cleans up the TPM calls inside vboot_reference.
* TPM calls share mode code between boot modes.
* Better handling for TPM_E_MUST_REBOOT, particularly in recovery mode.
* TAB screen shows current TPM versions.
No changes required to the wrapper API; these changes are internal to vboot.
BUG=chromium-os:18084
TEST=make && make runtests; built for both alex and tegra2-seaboard
Change-Id: I2a52066f2889210af83409872b10f9d6380470af
Reviewed-on: http://gerrit.chromium.org/gerrit/4611
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: I2a976f6e876ff7751a746ea89211795ab454e65d
Reviewed-on: http://gerrit.chromium.org/gerrit/4458
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Now indicates it covers SD as well (it did already, but now it's clearer).
BUG=chromium-os:17907
TEST=run `crossystem`; look at new descriptions
Change-Id: I4e4d8502b0dc5a29eb403039535b7512941ab4fa
Reviewed-on: http://gerrit.chromium.org/gerrit/4408
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:17304
TEST=make && make runtests
Change-Id: I4d0f8afd516649fba67119845ec1c4479ba54c43
Reviewed-on: http://gerrit.chromium.org/gerrit/4065
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The old (v2.0) parser is compatible with new (v2.1) structs. That is,
this won't break existing firmware or vbutil_firmware.
A new (v2.1) parser parsing an old (v2.0) struct will return 0 for the
flags.
This will be used to support the RO-normal code path in a subsequent CL.
BUG=chromium-os:17304
TEST=added unit tests; make && make runtests
Change-Id: I73bcd8acd3330b0d7d143061b5ef838e6d79cf1a
Reviewed-on: http://gerrit.chromium.org/gerrit/4030
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:17457
TEST=make && make runtests
When this is merged into an actual firmware build, can test it:
* dev switch off -> no dev screen, won't boot self-signed kernel
* dev switch on --> dev warning screen, will boot self-signed kernel
(e.g., it acts like the Cr-48)
Change-Id: I985428256e48b7e05dd4d8fe582a0c0103bf5fb2
Reviewed-on: http://gerrit.chromium.org/gerrit/3901
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Tested-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:17433
TEST=make && make runtests. Additional manual tests:
0. Insert a valid dev-signed USB key.
1. Boot with dev switch off.
`crossystem dev_boot_usb` should print 0.
2. Flip dev switch on.
`crossystem dev_boot_usb` should print 0.
Ctrl+U at dev screen should beep, but not boot USB.
3. Type `crossystem dev_boot_usb=1`. Should succeed.
`crossystem dev_boot_usb` should print 1.
4. Reboot system.
At the dev mode warning, press Ctrl+U
System should boot from USB key
`crossystem dev_boot_usb` should print 0.
5. Flip dev switch off.
`crossystem dev_boot_usb` should print 0.
6. Flip dev switch on.
`crossystem dev_boot_usb` should print 0.
Note that this does not apply to Cr-48, Alex, or ZGB.
Change-Id: Idf85fdd642f38f531c89e5fa5b1679e84936d4da
Reviewed-on: http://gerrit.chromium.org/gerrit/3875
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Tested-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patch 1: Initial change
Patch 2: Fix comment in vboot_struct.h
Patch 3: Revert files unintentionally reverted
Patch 4: (rebase)
Patch 5: (rebase)
Patch 6: Revert files unintentionally reverted (again)
Patch 7: Fix mocked tlcl for ARM build
BUG=chromium-os:17010
TEST=make && make runtests; works on H2C; emerge-tegra2_seaboard chromeos-bootimage compiles
Change-Id: I6e5ce72d41b9297c07a3f330a881eba68cfabee2
Reviewed-on: http://gerrit.chromium.org/gerrit/3593
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is part 2 of the wrapper API refactor. It adds stub
implementations for the host, and changes the host-side utilities to
use them. Firmware implementation is unchanged in this CL (other than
a few updates to macros).
BUG=chromium_os:16997
TEST=make && make runtests
Change-Id: I63989bd11de1f2239ddae256beaccd31bfb5acef
Reviewed-on: http://gerrit.chromium.org/gerrit/3256
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=none
Change-Id: I8a2e0d07384f0437064b964c6b292af9c3a67ea1
Reviewed-on: http://gerrit.chromium.org/gerrit/2802
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=chromium-os:16456
TEST=manual
To test: run dump_fmap with and without the '-p' option.
Without -p, the output looks like this:
area: 14
area_offset: 0x00110000
area_size: 0x000f0000 (983040)
area_name: RW_SECTION_B
area: 15
area_offset: 0x00110000
area_size: 0x00010000 (65536)
area_name: VBLOCK_B
With -p, the output looks like this:
RW_SECTION_B 1114112 983040
VBLOCK_B 1114112 65536
Change-Id: I53a3527fa92d22fef16563b0a950366a3a3db8a4
Reviewed-on: http://gerrit.chromium.org/gerrit/2545
Tested-by: Rajesh Chenna <rchenna@google.com>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The script needs to use proper device names when looking for
'hard drive' and USB storage. This change makes these names
platforms specific. Another change is to look for the USB device
when running off SSD and include it in report if found.
BUG=chromium-os:15896
TEST=manual
Ran dev_debug_vboot in the four permutations (on Alex or Kaen,
off USB or SSD), observed expected results reported, for instance
when running off USB stick on Kaen with a valid system installed
on the SSD partitions 2/4:
localhost chronos # dev_debug_vboot
Saving verbose log as /tmp/debug_vboot_IhtMvRsGt/noisy.log
Extracting BIOS image from flash...
Extracting kernel images from drives...
Extracting BIOS components...
Pulling root and recovery keys from GBB...
Verify firmware A with root key... OK
Verify firmware B with root key... OK
Test kernel_subkey_a.vbpubk... OK
Test kernel_subkey_b.vbpubk... OK
Test hd_kern_a.blob... OK
Test hd_kern_b.blob... OK
Test usb_kern_a.blob... OK
Verify hd_kern_a.blob with kernel_subkey_a.vbpubk... OK
Verify hd_kern_b.blob with kernel_subkey_a.vbpubk... FAILED
Verify usb_kern_a.blob with kernel_subkey_a.vbpubk... FAILED
Verify hd_kern_a.blob with kernel_subkey_b.vbpubk... OK
Verify hd_kern_b.blob with kernel_subkey_b.vbpubk... FAILED
Verify usb_kern_a.blob with kernel_subkey_b.vbpubk... FAILED
Verify hd_kern_a.blob with recoverykey.vbpubk... FAILED
Verify hd_kern_b.blob with recoverykey.vbpubk... FAILED
Verify usb_kern_a.blob with recoverykey.vbpubk... OK
exporting log file as /var/log/debug_vboot_noisy.log
On the same system after corrupting the SSD kernel:
localhost tmp # dev_debug_vboot
Saving verbose log as /tmp/debug_vboot_uLSfFS2g9/noisy.log
Extracting BIOS image from flash...
Extracting kernel images from drives...
Extracting BIOS components...
Pulling root and recovery keys from GBB...
Verify firmware A with root key... OK
Verify firmware B with root key... OK
Test kernel_subkey_a.vbpubk... OK
Test kernel_subkey_b.vbpubk... OK
Test hd_kern_a.blob... FAILED
Test hd_kern_b.blob... OK
Test usb_kern_a.blob... OK
Verify hd_kern_a.blob with kernel_subkey_a.vbpubk... FAILED
Verify hd_kern_b.blob with kernel_subkey_a.vbpubk... FAILED
Verify usb_kern_a.blob with kernel_subkey_a.vbpubk... FAILED
Verify hd_kern_a.blob with kernel_subkey_b.vbpubk... FAILED
Verify hd_kern_b.blob with kernel_subkey_b.vbpubk... FAILED
Verify usb_kern_a.blob with kernel_subkey_b.vbpubk... FAILED
Verify hd_kern_a.blob with recoverykey.vbpubk... FAILED
Verify hd_kern_b.blob with recoverykey.vbpubk... FAILED
Verify usb_kern_a.blob with recoverykey.vbpubk... OK
exporting log file as /var/log/debug_vboot_noisy.log
Change-Id: I4f4cd2377c6acf3db433d629ed0a5c43a5d1a76c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/1938
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* including fmap header in fmap areas
* initializing blobs by string value
BUG=chromium-os:15633
TEST=emerge-tegra2_{seaboard,kaen} chromeos-bios
Change-Id: Ib87a3f60fb11804888c4bc023d595629e017f589
Reviewed-on: http://gerrit.chromium.org/gerrit/1427
Reviewed-by: Tom Wai-Hong Tam <waihong@chromium.org>
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds an additional (optional) section to the .yaml file which
can enumerate the names of the locales. If present, these names will be
appended to the end of the bmpblock and the (new) locale_string_offset field
in the BmpBlockHeader will point to it. The names are encoded as a series of
null-terminated ASCII strings. The end of the series is indicated by an
extra null (for example, "en_US\0fr\0\0" names two locales).
The BIOS does not use this information. Factory or OOBE could use it to
select the initiale locale for the BIOS screens from the list of locales
included in the BmpBlock.
BUG=chrome-os-partner:3868
TEST=none
Change-Id: I34fd9ece27343d56ec43772de975ac6f2ad7c9a6
Reviewed-on: http://gerrit.chromium.org/gerrit/1156
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=emerge vboot_reference && load_firmware_test -b 1 image.bin
Change-Id: Iec4730dad335770eb04151fe66875dfb09ceedca
Reviewed-on: http://gerrit.chromium.org/gerrit/916
Reviewed-by: Che-Liang Chiou <clchiou@chromium.org>
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
|
