From 84785f4d60bdebd616d8a06440c69bcf690ba284 Mon Sep 17 00:00:00 2001 From: Ruben Rodriguez Buchillon Date: Fri, 15 Dec 2017 14:48:08 +0800 Subject: vboot: introduce get_gbb_flags.sh introduce get_gbb_flags.sh command to make automatic annotation of power measurements easier. Also, fix issue where declaring local variables on same line as executing a command would obfuscate error code, thus not triggering set -c and continuing execution. https://github.com/koalaman/shellcheck/wiki/SC2155 Usage: $ /usr/share/vboot/bin/get_gbb_flags.sh [...] ChromeOS GBB set flags: 0x00000329. $ /usr/share/vboot/bin/get_gbb_flags.sh -e [...] ChromeOS GBB set flags: 0x00000329. ChromeOS GBB set flags listed: GBB_FLAG_DEV_SCREEN_SHORT_DELAY GBB_FLAG_FORCE_DEV_SWITCH_ON GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK GBB_FLAG_FAFT_KEY_OVERIDE GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC BUG=chromium:760267 BRANCH=none TEST=manual emerge-soraka vboot_reference cros deploy vboot_reference (on DUT) /usr/share/vboot/bin/get_gbb_flags.sh -e Change-Id: Idb3b993706c03e7f2831eed2cef12a04b9469fea (cherry picked from commit 1c6897da76e9f642fa5505df7cc8b91400fd617d) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1985504 Reviewed-by: Cheng-Han Yang Commit-Queue: Cheng-Han Yang Tested-by: Cheng-Han Yang --- Makefile | 4 +- scripts/image_signing/gbb_flags_common.sh | 58 ++++++++++++++++++++++ scripts/image_signing/get_gbb_flags.sh | 54 +++++++++++++++++++++ scripts/image_signing/set_gbb_flags.sh | 81 +++++++++---------------------- 4 files changed, 138 insertions(+), 59 deletions(-) create mode 100644 scripts/image_signing/gbb_flags_common.sh create mode 100755 scripts/image_signing/get_gbb_flags.sh diff --git a/Makefile b/Makefile index a5fb328d..86bf521e 100644 --- a/Makefile +++ b/Makefile @@ -647,7 +647,9 @@ SIGNING_SCRIPTS_DEV = \ scripts/image_signing/resign_firmwarefd.sh \ scripts/image_signing/make_dev_firmware.sh \ scripts/image_signing/make_dev_ssd.sh \ - scripts/image_signing/set_gbb_flags.sh + scripts/image_signing/gbb_flags_common.sh \ + scripts/image_signing/set_gbb_flags.sh \ + scripts/image_signing/get_gbb_flags.sh # Installed, but not made executable. SIGNING_COMMON = scripts/image_signing/common_minimal.sh diff --git a/scripts/image_signing/gbb_flags_common.sh b/scripts/image_signing/gbb_flags_common.sh new file mode 100644 index 00000000..9a8d1cb4 --- /dev/null +++ b/scripts/image_signing/gbb_flags_common.sh @@ -0,0 +1,58 @@ +#!/bin/sh +# +# Copyright 2017 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +# +# This script provides tools to read or change GBB flags on a live system. + +SCRIPT_BASE="$(dirname "$0")" +. "${SCRIPT_BASE}/common_minimal.sh" +load_shflags || exit 1 + +# Globals +# ---------------------------------------------------------------------------- + +# Values from vboot_reference/firmware/include/gbb_header.h +GBBFLAGS_DESCRIPTION_PREFIX=" + Defined flags (some values may be not supported by all systems): + + " +GBBFLAGS_LIST=" + GBB_FLAG_DEV_SCREEN_SHORT_DELAY 0x00000001 + GBB_FLAG_LOAD_OPTION_ROMS 0x00000002 + GBB_FLAG_ENABLE_ALTERNATE_OS 0x00000004 + GBB_FLAG_FORCE_DEV_SWITCH_ON 0x00000008 + GBB_FLAG_FORCE_DEV_BOOT_USB 0x00000010 + GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK 0x00000020 + GBB_FLAG_ENTER_TRIGGERS_TONORM 0x00000040 + GBB_FLAG_FORCE_DEV_BOOT_LEGACY 0x00000080 + GBB_FLAG_FAFT_KEY_OVERIDE 0x00000100 + GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC 0x00000200 + GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY 0x00000400 + GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC 0x00000800 + GBB_FLAG_DISABLE_LID_SHUTDOWN 0x00001000 + GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP 0x00002000 + GBB_FLAG_ENABLE_SERIAL 0x00004000 + " + +GBBFLAGS_DESCRIPTION_SUFFIX=" + To get a developer-friendly device, try 0x11 (short_delay + boot_usb). + For factory-related tests (always DEV), try 0x39. + For early development (disable EC/PD software sync), try 0xa39. + " +GBBFLAGS_DESCRIPTION="${GBBFLAGS_DESCRIPTION_PREFIX}${GBBFLAGS_LIST}" +GBBFLAGS_DESCRIPTION="${GBBFLAGS_DESCRIPTION}${GBBFLAGS_DESCRIPTION_SUFFIX}" + +FLAGS_HELP="Manages Chrome OS Firmware GBB Flags value. + + Usage: $0 [option_flags] GBB_FLAGS_VALUE + ${GBBFLAGS_DESCRIPTION}" + +flashrom_read() { + flashrom -p host -i GBB -r "$@" +} + +flashrom_write() { + flashrom -p host -i GBB --fast-verify -w "$@" +} diff --git a/scripts/image_signing/get_gbb_flags.sh b/scripts/image_signing/get_gbb_flags.sh new file mode 100755 index 00000000..a6aa89a1 --- /dev/null +++ b/scripts/image_signing/get_gbb_flags.sh @@ -0,0 +1,54 @@ +#!/bin/sh +# +# Copyright 2017 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +# +# This script can change GBB flags in system live firmware or a given image +# file. + +SCRIPT_BASE="$(dirname "$0")" +. "${SCRIPT_BASE}/gbb_flags_common.sh" + +# DEFINE_string name default_value description flag +DEFINE_string file "" "Path to firmware image. Default to system firmware." "f" +DEFINE_boolean explicit ${FLAGS_FALSE} "Print list of what flags are set." "e" + +set -e + +main() { + if [ $# -ne 0 ]; then + flags_help + exit 1 + fi + + local image_file="${FLAGS_file}" + + if [ -z "${FLAGS_file}" ]; then + image_file="$(make_temp_file)" + flashrom_read "${image_file}" + fi + + # Process file. + + # Keep 'local' declaration split from assignment so return code is checked. + local gbb_flags + gbb_flags="$(futility gbb -g --flags "${image_file}")" + local raw_gbb_flags="$(echo "${gbb_flags}" | egrep -o "0x[0-9]+")" + printf "Chrome OS GBB set ${gbb_flags}\n" + + if [ "${FLAGS_explicit}" = "${FLAGS_TRUE}" ]; then + printf "Chrome OS GBB set flags listed:\n" + echo "${GBBFLAGS_LIST}" | while read -r flag code; do + if [ $((code & raw_gbb_flags)) -ne 0 ]; then + printf "${flag}\n" + fi + done + fi +} + +# Parse command line. +FLAGS "$@" || exit 1 +eval set -- "${FLAGS_ARGV}" + +main "$@" diff --git a/scripts/image_signing/set_gbb_flags.sh b/scripts/image_signing/set_gbb_flags.sh index cadb39b2..11da707c 100755 --- a/scripts/image_signing/set_gbb_flags.sh +++ b/scripts/image_signing/set_gbb_flags.sh @@ -8,51 +8,14 @@ # file. SCRIPT_BASE="$(dirname "$0")" -. "$SCRIPT_BASE/common_minimal.sh" -load_shflags || exit 1 +. "${SCRIPT_BASE}/gbb_flags_common.sh" # DEFINE_string name default_value description flag DEFINE_string file "" "Path to firmware image. Default to system firmware." "f" -DEFINE_boolean check_wp $FLAGS_TRUE "Check write protection states first." "" +DEFINE_boolean check_wp ${FLAGS_TRUE} "Check write protection states first." "" -# Globals -# ---------------------------------------------------------------------------- set -e -# Values from vboot_reference/firmware/include/gbb_header.h -GBBFLAGS_DESCRIPTION=" - Defined flags (some values may be not supported by all systems): - - GBB_FLAG_DEV_SCREEN_SHORT_DELAY 0x00000001 - GBB_FLAG_LOAD_OPTION_ROMS 0x00000002 - GBB_FLAG_ENABLE_ALTERNATE_OS 0x00000004 - GBB_FLAG_FORCE_DEV_SWITCH_ON 0x00000008 - GBB_FLAG_FORCE_DEV_BOOT_USB 0x00000010 - GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK 0x00000020 - GBB_FLAG_ENTER_TRIGGERS_TONORM 0x00000040 - GBB_FLAG_FORCE_DEV_BOOT_LEGACY 0x00000080 - GBB_FLAG_FAFT_KEY_OVERIDE 0x00000100 - GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC 0x00000200 - GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY 0x00000400 - GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC 0x00000800 - GBB_FLAG_DISABLE_LID_SHUTDOWN 0x00001000 - GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP 0x00002000 - GBB_FLAG_ENABLE_SERIAL 0x00004000 - - To get a developer-friendly device, try 0x11 (short_delay + boot_usb). - For factory-related tests (always DEV), try 0x39. - For early development (disable EC/PD software sync), try 0xa39. -" - -FLAGS_HELP="Changes ChromeOS Firmware GBB Flags value. - - Usage: $0 [option_flags] GBB_FLAGS_VALUE - $GBBFLAGS_DESCRIPTION" - -FLASHROM_COMMON_OPT="-p host" -FLASHROM_READ_OPT="$FLASHROM_COMMON_OPT -i GBB -r" -FLASHROM_WRITE_OPT="$FLASHROM_COMMON_OPT -i GBB --fast-verify -w" - # Check write protection # ---------------------------------------------------------------------------- check_write_protection() { @@ -60,17 +23,18 @@ check_write_protection() { if ! crossystem "wpsw_boot?0"; then hw_wp="on" fi - local wp_states="$(flashrom $FLASHROM_COMMON_OPT --wp-status 2>/dev/null \ - | grep WP)" - local wp_disabled="$(echo "$wp_states" | grep "WP:.*is disabled.")" - local wp_zero_len="$(echo "$wp_states" | grep "WP:.*, len=0x00000000")" - if [ -z "$wp_disabled" -a -z "$wp_zero_len" ]; then + # Keep 'local' declaration split from assignment so return code is checked. + local wp_states + wp_states="$(flashrom -p host --wp-status 2>/dev/null | grep WP)" + local wp_disabled="$(echo "${wp_states}" | grep "WP:.*is disabled.")" + local wp_zero_len="$(echo "${wp_states}" | grep "WP:.*, len=0x00000000")" + if [ -z "${wp_disabled}" -a -z "${wp_zero_len}" ]; then sw_wp="on" fi - if [ -n "$hw_wp" -a -n "$sw_wp" ]; then - return $FLAGS_FALSE + if [ -n "${hw_wp}" -a -n "${sw_wp}" ]; then + return ${FLAGS_FALSE} fi - return $FLAGS_TRUE + return ${FLAGS_TRUE} } # Main @@ -82,20 +46,22 @@ main() { fi local value="$(($1))" - local image_file="$FLAGS_file" + local image_file="${FLAGS_file}" - if [ -z "$FLAGS_file" ]; then + if [ -z "${FLAGS_file}" ]; then image_file="$(make_temp_file)" - flashrom $FLASHROM_READ_OPT "$image_file" + flashrom_read "${image_file}" fi # Process file - local old_value="$(futility gbb -g --flags "$image_file")" - printf "Setting GBB flags from %s to 0x%x.." "$old_value" "$value" >&2 - futility gbb -s --flags="$value" "$image_file" - - if [ -z "$FLAGS_file" ]; then - if [ "$FLAGS_check_wp" = "$FLAGS_TRUE" ]; then + # Keep 'local' declaration split from assignment so return code is checked. + local old_value + old_value="$(futility gbb -g --flags "${image_file}")" + printf "Setting GBB flags from %s to 0x%x.." "${old_value}" "${value}" + futility gbb -s --flags="${value}" "${image_file}" + + if [ -z "${FLAGS_file}" ]; then + if [ "${FLAGS_check_wp}" = "${FLAGS_TRUE}" ]; then if ! check_write_protection; then echo "" echo "WARNING: System GBB Flags are NOT changed!!!" @@ -103,13 +69,12 @@ main() { exit 1 fi fi - flashrom $FLASHROM_WRITE_OPT "$image_file" + flashrom_write "$image_file" fi } # Parse command line FLAGS "$@" || exit 1 -ORIGINAL_PARAMS="$@" eval set -- "$FLAGS_ARGV" main "$@" -- cgit v1.2.1