From 3ebd8a091dac53aaf7d62779b663dd7beca4f87d Mon Sep 17 00:00:00 2001 From: Robert Zieba Date: Fri, 26 Aug 2022 10:25:28 -0600 Subject: scripts/image_signing/ensure_amd_psp_flags: Ignore non-AMD images This commit updates the `ensure_amd_psp_flags` script so that it will ignore any artifacts that do not contain valid AMD AP images as long as there are no soft-fuse bitsets present for the given board. This allows all logic to be contained within this script. BRANCH=none BUG=b:202397678 TEST=Verified that script still works on AMD artifacts, tested that Intel and ARM artifacts are ignored Change-Id: I17a9414a36fbeb4a0ae9792c2e036deccd089870 Signed-off-by: Robert Zieba Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3860383 Reviewed-by: Mike Frysinger --- scripts/image_signing/ensure_amd_psp_flags.sh | 37 +++++++++++++++++++-------- 1 file changed, 27 insertions(+), 10 deletions(-) (limited to 'scripts') diff --git a/scripts/image_signing/ensure_amd_psp_flags.sh b/scripts/image_signing/ensure_amd_psp_flags.sh index c3472a3c..6c4f07e9 100755 --- a/scripts/image_signing/ensure_amd_psp_flags.sh +++ b/scripts/image_signing/ensure_amd_psp_flags.sh @@ -60,6 +60,32 @@ main() { firmware_bundle="${rootfs}/usr/sbin/chromeos-firmwareupdate" shellball_dir="$(make_temp_dir)" + # Extract our firmware. + if ! extract_firmware_bundle "${firmware_bundle}" "${shellball_dir}"; then + die "Failed to extract firmware bundle" + fi + + # Find our images. + declare -a images + readarray -t images < <(find "${shellball_dir}" -iname 'bios-*') + + # Validate that all our AP FW images are AMD images. + local image + for image in "${images[@]}"; do + # With no args, amdfwread will just attempt to validate the FW header. + # On non-AMD FW this will fail, allowing us to skip non-AMD FW images. + if ! amdfwread "${image}" &> /dev/null; then + if [[ ! -v "REQUIRED_BIT_MASKS[${board}]" && + ! -v "FORBIDDEN_BIT_MASKS[${board}]" ]]; then + # If we have an invalid FW image and don't have bitsets for this board + # then this isn't an AMD board, exit successfully. + exit 0 + else + die "Found invalid AMD AP FW image" + fi + fi + done + # Get the board specific bit masks. local required_bit_mask forbidden_bit_mask @@ -74,16 +100,7 @@ main() { required_bit_mask="${REQUIRED_BIT_MASKS[${board}]}" forbidden_bit_mask="${FORBIDDEN_BIT_MASKS[${board}]}" - # Extract our firmware. - if ! extract_firmware_bundle "${firmware_bundle}" "${shellball_dir}"; then - die "Failed to extract firmware bundle" - fi - - # Find our images and check the soft-fuse bits in each. - declare -a images - readarray -t images < <(find "${shellball_dir}" -iname 'bios-*') - - local image + # Check the soft-fuse bits for image in "${images[@]}"; do local soft_fuse soft_fuse_output forbidden_set missing_set if ! soft_fuse_output="$(amdfwread --soft-fuse "${image}")"; then -- cgit v1.2.1