summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* futility: updater: Add --unlock_me optionfactory-nissa-15199.BReka Norman2023-03-297-24/+135
| | | | | | | | | | | | | | | | | | | | | Add a --unlock_me option which unlocks the Intel ME before flashing by: - Unlocking the FLMSTR values in the descriptor. - Disabling GPR0 in the descriptor. This will be used in factory to support Flexible EOM. BRANCH=None BUG=b:273168873 TEST=Flash locked yaviks firmware with --unlock_me. Read firmware back and check that FLMSTR values are unlocked and GPR0 is disabled. Change-Id: Ie29f3c997c82a1bc58fe62f568f257e9dc375d94 Signed-off-by: Reka Norman <rekanorman@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380499 Tested-by: Phoebe Wang <phoebewang@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org>
* futility: Drop external flashrom quarkEdward O'Callaghan2023-03-293-63/+1
| | | | | | | | | | | | | | | | | | This prevents architectural changes required to make futility to make it fast and robust while providing limited to no tangible value. BUG=b:226477133 BRANCH=none TEST=none Change-Id: Ie0ea715fcf60cfb5b2b25037f4421c2dc70c0e5b Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4147407 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4381015 Reviewed-by: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org>
* futility/file_type_*: Use ERROR() macro consistentlyEdward O'Callaghan2023-03-294-47/+40
| | | | | | | | | | | | | | | | | | Fix grammatical issues in ERROR() usage and over usage of contractions. Now errors shall now be prefixed with "ERROR:" and the function name. BUG=b:268397597 TEST=`emerge-nissa vboot_reference`. TEST=`cros_run_unit_tests --host --packages vboot_reference`. TEST=`cros_run_unit_tests --board nissa --packages vboot_reference`. Change-Id: Iba811c4d4714b9af1a3982613b74ca43958d7934 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4349559 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4381014 Reviewed-by: Cheng Yueh <cyueh@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org>
* futility/file_type*: Minor cleanups for maintainabilityEdward O'Callaghan2023-03-296-129/+87
| | | | | | | | | | | | | | | | | | | | Use C99 features to scope indexer to loop constructs and local itermediates within more constrained lexical scopes. Be canonical in predicates of branch conditions. Use const correctness. Apply clang-format where reasonable BUG=b:268397597 TEST=`emerge-nissa vboot_reference`. TEST=`cros_run_unit_tests --host --packages vboot_reference`. TEST=`cros_run_unit_tests --board nissa --packages vboot_reference`. Change-Id: I8ce232f791a95a668ab5017cff628c199c36e917 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4349558 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4381013 Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org>
* sign_official_build: Fix is-reven checkNicholas Bishop2023-03-291-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The `get_is_reven` function added in https://crrev.com/c/4206907 was too restrictive. When run by the signer, the board name has been modified from "reven" to "reven-signed-mp-v2keys". Change the condition to accept either `reven` or `reven-signed*` (note the glob). Allowing plain "reven" is not strictly necessary, but useful for local testing. Tested the updated function by building a reven base image, then making variants with different CHROMEOS_RELEASE_BOARD values: "reven", "reven-signed-mp-v2keys", and "revenator". Running `sign_official_build.sh` on them shows that the first two are identified as reven, and the last one is not. This can be seen by checking if boot*.efi is signed or not, since that should not happen for reven. BRANCH=none BUG=b:274648121 TEST=See above TEST=FEATURES=test emerge-reven vboot_reference Change-Id: I099abf372b71ea3e064e91a57c5e8888de298028 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4358400 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4381012 Tested-by: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org>
* futility: Add `flash` subcommandNikolai Artemiev2023-03-298-1/+408
| | | | | | | | | | | | | | | | | | | | | | | | | Add a new subcommand for getting/setting flash properties such as the flash size and writeprotect configuration. The operations provided by `futility flash` require less information from the user and are less error prone than the equivalents provided by `flashrom`. For example, --wp-enable automatically choses the protection range based on the firmware image and --wp-status gives a warning if the protection range does not match the RO firmware region. BUG=b:268574030 BRANCH=none TEST=`futility flash --{flash-size,wp-enable,wp-disable,wp-status}` Change-Id: I36d7468616a5bcdf3c4542d48652bd24c3377a61 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4279661 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4381011 Commit-Queue: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org>
* futility/: Replace futil_copy_file_or_die() implEdward O'Callaghan2023-03-295-52/+39
| | | | | | | | | | | | | | | | | | | | | | Replace shell-script C with actual library calls to copy file content. Don't die, dying is bad. Use '0660' as the default dest file perm mask over the default system umask inherited form the environment applied to the source file permissions. Add error handling so we have a idea what happened. BUG=b:268397597 TEST=`emerge-nissa vboot_reference`. TEST=`cros_run_unit_tests --host --packages vboot_reference`. TEST=`cros_run_unit_tests --board nissa --packages vboot_reference`. Change-Id: Ibe4745dbad20504a1ff7e39e10cbf18ed1831354 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4313546 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4381010 Tested-by: Phoebe Wang <phoebewang@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org>
* tpm2_lite: Treat NV_UNINITIALIZED error as BADINDEX for TPM 2.0Julius Werner2023-03-291-0/+5
| | | | | | | | | | | | | | | | | | This patch ports the equivalent of CB:20299 to the vboot version of the TPM library. This should fix a problem that was observed where a created but not written FWMP space gets a device stuck in recovery mode. BRANCH=none BUG=b:272310645 TEST=none Change-Id: If0ef6fdda879b45de0444cdaeb423d01ce109e2c Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4327074 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4381009 Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org>
* OWNERS: Add quasisecEdward O'Callaghan2023-03-291-0/+1
| | | | | | | | | | | | | | | | Futility is an integral part of CrOS FW Update Team's mission. BUG=none TEST=none Change-Id: Ie6591be479268e854288f07b0825d84b086ea492 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4337534 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4381008 Commit-Queue: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org>
* sign_official_build: Don't sign miniOS kernels in factory shimsReka Norman2023-03-291-5/+7
| | | | | | | | | | | | | | | | | | Factory shims contain miniOS kernels, but they are not used, so don't sign them. They will remain in the image signed with dev keys. BRANCH=None BUG=None TEST=Run sign_official_build.sh on factory shim. Logs show miniOS kernels are not signed, and shim still boots. Change-Id: I4a1b72726edb7d780a3f2c2fe783f568a012ee77 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4321706 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4381007 Reviewed-by: Cheng Yueh <cyueh@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org>
* futility: Prefer debug header servo over CCD when both are available.Matthew Blecker2023-03-291-7/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | BRANCH=none BUG=b:270287312 TEST=With atlas DUT + servo_v4p1 + cr50_ccd + servo_micro: $ dut-control -o servo_type # servo_v4p1_with_servo_micro_and_ccd_cr50 $ dut-control cpu_fw_spi # unknown value but control does exist $ dut-control ccd_cpu_fw_spi # error from control not existing $ futility read --servo -v ap-fw.bin # succeeds With atlas DUT + servo_micro: $ dut-control -o servo_type # servo_micro $ dut-control cpu_fw_spi # unknown value but control does exist $ dut-control ccd_cpu_fw_spi # error from control not existing $ futility read --servo -v ap-fw.bin # succeeds With atlas DUT + servo_v4p1 + cr50_ccd: $ dut-control -o servo_type # servo_v4p1_with_ccd_cr50 $ dut-control ccd_cpu_fw_spi # off $ futility read --servo -v ap-fw.bin # succeeds Change-Id: I18e890aaa6c3fa63f2108840b8c344a6adc5a561 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4315198 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4381006 Tested-by: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org>
* vboot_reference: Change flashrom_get_wp signatureNikolai Artemiev2023-03-296-32/+40
| | | | | | | | | | | | | | | | | | | Expose more information about WP state from the flashrom_drv WP status function. The more detailed WP information is required to properly validate the system WP configuration. BUG=b:268574030 TEST=futility update Change-Id: If79b7d8cc68a0583cbf1f7049ac7a2dec088fdd0 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4301750 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4381005 Reviewed-by: Cheng Yueh <cyueh@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org>
* sign_official_build: Support a second recovery keyReka Norman2023-03-291-30/+91
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some devices have a second recovery key, which is used to sign: - a second recovery kernel KERN-C in recovery images - a second installer kernel KERN-B in factory images If a device has a second recovery key, use it to sign the second recovery and installer kernels. Otherwise, don't sign the second kernels. If they are present, they'll remain in the image signed with dev keys. BRANCH=None BUG=b:266502803 TEST=- Run replace_recovery_key.sh in devkeys directory to get keys for testing. - Run sign_official_build.sh on a recovery image with KERN-C present. - Set recovery_key.vbpubk in GBB - recovery succeeds using KERN-A. - Set recovery_key.v1.vbpubk in GBB - recovery succeeds using KERN-C. - Run sign_official_build.sh on a factory shim with KERN-B present. - Set recovery_key.vbpubk in GBB - factory shim boots using KERN-A. - Set recovery_key.v1.vbpubk in GBB - factory shim boots using KERN-B. - Run sign_official_build.sh on a base image and check it boots. Change-Id: I39b209e1efd4669128a12751f1c4ee94bb722d67 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4242686 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4381004 Tested-by: Phoebe Wang <phoebewang@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org>
* futility/cmd_gbb_utility.c: Check wp status before flash write()Edward O'Callaghan2023-03-291-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | Check write-protect status before attempting to write to SPI flash. BUG=b:238694831,b:260531154 BRANCH=none TEST=``` [..] SPI Configuration is locked down. FREG0: Flash Descriptor region (0x00000000-0x00000fff) is read-write. FREG1: BIOS region (0x003a0000-0x01ffffff) is read-write. FREG2: Management Engine region (0x00001000-0x0039ffff) is read-write. OK. Found Winbond flash chip "W25Q256JV_M" (32768 kB, Programmer-specific) on host. ERROR: write_to_flash: You must disable write protection before setting flags. ``` Cq-Depend: chromium:4303349 Change-Id: I46d72a8867292599bf1a7287d63c62999df41c8e Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4161094 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4381003 Tested-by: Phoebe Wang <phoebewang@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org>
* scripts/../{g,s}et_gbb_flags.sh: Add delayEdward O'Callaghan2023-03-292-0/+4
| | | | | | | | | | | | | | | | Give some time to the user to reconsider and ween users off a unsupported ABI. BUG=b:260531154 TEST=none Change-Id: I9cfbd032f56d7aa3ba1f19abdd26c15a785cc876 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4269751 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4381002 Tested-by: Phoebe Wang <phoebewang@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org>
* futility: updater: revise DUT type detectionHung-Te Lin2023-03-291-6/+5
| | | | | | | | | | | | | | | | | | | | | | | Some commands like 'cros ap flash' may pass '-p host' to the futility updater, making the updater consider itself running in the remote DUT mode. Other futility commands sharing the flash arguments (e.g., handle_flash_argument) work on files by default and only do flashing if '-p' is specified, but that is not the case for the updater. So we should double check the programmer before deciding the DUT type. BUG=b:271115449 TEST=FEATURES=test emerge vboot_reference BRANCH=None Change-Id: I5be6e4382acffced0ef9cd94f6ede9e9d3fe2efa Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4300000 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4381001 Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org>
* sign_uefi: Add support for crdybootNicholas Bishop2023-03-292-3/+86
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The crdyboot bootloader (see https://chromium.googlesource.com/chromiumos/platform/crdyboot) for the reven board requires some additional handling for signing: * A public key for verifying the kernel must be injected into the `.vbpubk` section. * Then the file must be signed with `sbsign` in the usual way. Testing commands: ``` scripts/keygeneration/make_arv_root.sh arv scripts/keygeneration/create_new_keys.sh \ --arv-root-path arv --uefi --output reven scripts/image_signing/sign_official_build.sh recovery \ ~/chromiumos/src/build/images/reven/latest/chromiumos_image.bin \ reven \ ~/chromiumos/src/build/images/reven/latest/chromiumos_image.signed Then boot the image in a UEFI VM. ``` BRANCH=none BUG=b:256176281 TEST=make runtests TEST=See testing notes above Change-Id: Id454ff0677c397b2c399f39981862ac18c2c9985 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4250562 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4381000 Reviewed-by: Cheng Yueh <cyueh@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org>
* futility: updater: Fix platform_ver property on errorHung-Te Lin2023-03-291-1/+8
| | | | | | | | | | | | | | | | | | | The platform_ver property was expected to be within 0..INT_MAX before the implementation changed from mosys to crossystem (CL:4029537). So we should return 0 instead of -1 on error. BUG=b:271115449 TEST=make; run test BRANCH=None Change-Id: I772ff53a4a13e17e6cfe8099768dba64b8736ec5 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4297882 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380999 Commit-Queue: Cheng Yueh <cyueh@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org>
* lib/flashrom_drv.c: Use correct programmer name for programmer initNikolai Artemiev2023-03-291-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | Fix the call to `flashrom_programmer_init()` in `flashrom_get_wp()`. The programmer name and parameters should be passed separately, e.g: > flashrom_programmer_init("dummy", "emulate=VARIABLE_SIZE,...") However a string containing both the name and parameters was incorrectly used instead, e.g: > flashrom_programmer_init("dummy:emulate=VARIABLE_SIZE,...", "emulate=VARIABLE_SIZE,...") This was not noticed before because it did not cause issues if there were no parameters, e.g. if the programmer was just "host" or "internal" BUG=b:238694831,b:260531154 TEST=cros_run_unit_tests --board octopus --packages vboot_reference Change-Id: I4774a82258acbb8be2b430351ccef203e26e6b27 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4290837 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380998 Commit-Queue: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org>
* 2nvstorage_fields.h: indent vb2_nv_offsetGwendal Grignou2023-03-291-32/+32
| | | | | | | | | | | | | | | | Use Tab to make sure array is indented consistently. BUG=none BRANCH=none TEST=compile. diff -w reports not change. Change-Id: Ifc1a2370ee193124278236a5cfb088d3c5ad712f Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4295785 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380997 Tested-by: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org>
* scripts/image_signing/make_dev_ssd.sh: Replace flashrom callEdward O'Callaghan2023-03-291-3/+1
| | | | | | | | | | | | | | | | | | | Just use futility directly. BUG=b:260531154 TEST=``` localhost ~ # futility gbb -g --flash --rootkey=/tmp/rkey >/dev/null 2>&1 localhost ~ # od /tmp/rkey | head -130 | md5sum | sed 's/ .*$//' a13642246ef93daaf75bd791446fec9b ``` Change-Id: I1aa3b52f568a5e78255b52a15d68258cc9d9aa44 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4269750 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380996 Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org>
* futility/cmd_gbb_utility.c: Allow OR'ing new GBB flagsEdward O'Callaghan2023-03-291-9/+32
| | | | | | | | | | | | | | | | | | | | | It maybe the case that the caller wishes to not clobber the current flags set and merely just OR on the new bits. BUG=b:270074866 TEST=``` # futility gbb --flash --get --flags # futility gbb --flash --set --flags=(+|-)0x1 # futility gbb --flash --get --flags as expected. ``` Change-Id: Ibd56dff986d2075b7b220c531e66b224d488b6e6 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4273505 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380995 Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org>
* Avoid build failures with dumpRSAPublicKey on recent distrosSimon Glass2023-03-291-0/+5
| | | | | | | | | | | | | | | | | | | | | | Emit a warning and continue when OpenSSL is newer than expected. The chroot still uses an older version. This was broken by: 0ca7a9e4 ("firmware: host: futility: Add CBFS metadata hash support") BUG=b:245993083, b:246328810, b:197114807 BRANCH=none TEST=make -C ~/cosarm/src/platform/vboot_reference/ USE_FLASHROM=0 See that the errors become warnings and the build completes Change-Id: Id4e25e4ebad1d9ae1f6ee5425b3e6fe3cbd5d5e5 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4241424 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380994 Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org>
* futility: gbb: Avoid unnecessary search of FMAPYu-Ping Wu2023-03-292-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For commands such as `futility gbb --set --flags=0x140`, futility first reads the GBB section from the flash, modifies the section, and then writes back the section to the flash. The write, however, requires another search of the FMAP section, in order to locate the GBB section in the flash. This unnecessary search can be avoided by reading the FMAP section together with the GBB section. The FMAP data will be stored in the image buffer, so that the FMAP layout can be retrieved directly from the buffer for subsequent writes. This will also prevent the misleading warnings from showing up: Failed to read fmap from buffer. WARNING: flashrom_write_image: could not read fmap from image, r=1, falling back to read from rom BUG=b:260531154 TEST=emerge-corsola vboot_reference TEST=make runtests TEST=No warnings and errors were shown with `futility gbb --set --flash --flags=0x140` BRANCH=none Change-Id: I50029ae5d9c5ecb347f47e980e7c3b772ecc0f18 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4251504 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380993 Tested-by: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org>
* futility: flashrom_drv: Support partial read for multiple regionsYu-Ping Wu2023-03-293-23/+42
| | | | | | | | | | | | | | | | Similar to CL:3490388, support flashrom read for multiple regions. BUG=b:260531154 TEST=emerge-corsola vboot_reference BRANCH=none Change-Id: I1f75832f882004e879bc299be6862db089c2b71d Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4251503 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380992 Reviewed-by: Cheng Yueh <cyueh@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org>
* host/lib/flashrom_drv.c: Move flag to avoid locked ME issueEdward O'Callaghan2023-03-291-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | Older Intel DUT's have a ME in "locked" mode in the descriptor and while the write_flash() attempts to write back to flash to a specific region it needs to read the FMAP to obtain the region name. This read overlaps with the "locked" region and thus the following is observed in logs: ``` FREG2: Management Engine region (0x00001000-0x001fffff) is locked. [..] read_flash: cannot read inside Management Engine region (0x001000..0x1fffff). ``` BUG=b:269199980 TEST=builds. Change-Id: If7bebf28cd4d34cc4074700184233c83edbd2409 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4248344 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380991 Commit-Queue: Cheng Yueh <cyueh@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org>
* {g,s}et_gbb_flags.sh: Fix removal notice messageYu-Ping Wu2023-03-292-2/+2
| | | | | | | | | | | | | | | | | Fix the futility command in the removal notice message, by adding the missing `--flash` option. BUG=b:260531154 TEST=Ran set_gbb_flags.sh BRANCH=none Change-Id: Ic1846929661a47c40b65e67ea76f776493ee2d9c Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4251505 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380990 Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org>
* vboot_reference-sys: Use --blocklist-type when invoking bindgenBob Haarman2023-03-291-3/+3
| | | | | | | | | | | | | | | | | | Previous versions of bindgen used --blacklist-type, newer versions of bindgen use --blocklist-type. This change updates our build script to use the new spelling. BRANCH=none BUG=b:264938287 TEST=emerge-amd64-generic dev-rust/vboot_reference-sys Change-Id: I15bf4591177af89693d9f02fd3ec2a3c27c92cbb Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4250779 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380989 Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org>
* vboot_reference-sys: Fix needless-borrow lintsBob Haarman2023-03-291-11/+11
| | | | | | | | | | | | | | | | | Pre-submit hooks pointed out several unnecessary borrows in the build script. This fixes those. BRANCH=none BUG=None TEST=cq Change-Id: I92987004db3573084fa91db3b72f09b7b7327cfb Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4250778 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380988 Commit-Queue: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org>
* 2sha256_arm: Fix data abort issueYidi Lin2023-03-292-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the following CPU exception when enabling ARMV8_CRYPTO_EXT. [DEBUG] exception _sync_sp_el0 [DEBUG] ELR = 0x000000000025f390 ESR = 0x96000010 [DEBUG] FAR = 0x000000000c000000 SPSR = 0x2000000c [DEBUG] X00 = 0x000000000026cf20 X01 = 0x000000000bffffe0 [DEBUG] X02 = 0x00000000ffd042de X03 = 0xffffffffffffffff [DEBUG] X04 = 0x000000000026cf88 X05 = 0x0000000000054ff8 [DEBUG] X06 = 0x0000000000000002 X07 = 0x000000000000000a [DEBUG] X08 = 0x000000000025f5f0 X09 = 0x000000000026cf30 [DEBUG] X10 = 0x000000000010b4ee X11 = 0x00000000000001fc [DEBUG] X12 = 0x0000000000000080 X13 = 0x0000000000125110 [DEBUG] X14 = 0x0000000000124f10 X15 = 0x0000000000125310 [DEBUG] X16 = 0x0000000000267580 X17 = 0x749ffa8d9d5f02ca [DEBUG] X18 = 0x0000000000125110 X19 = 0x0000000000000000 [DEBUG] X20 = 0x000000000026cf20 X21 = 0x000000000010b760 [DEBUG] X22 = 0x000000000026cf48 X23 = 0x0000000000000000 [DEBUG] X24 = 0x0000000000000000 X25 = 0x00000000000a3800 [DEBUG] X26 = 0x000000000026c970 X27 = 0x000000000026c802 [DEBUG] X28 = 0x0000000000000000 X29 = 0x0000000000000000 [DEBUG] X30 = 0x000000000025f1e0 SP = 0x000000000010b650 The issue happens when the buffer size processed by `vb2ex_hwcrypto_digest_extend` is equal to VB2_SHA256_BLOCK_SIZE. `vb2_sha256_transform_hwcrypto` is called twice in `vb2ex_hwcrypto_digest_extend`. The first call processes the whole buffer. The second call still processes the buffer even if `remaining_blocks` is equal to 0. This causes `block_nb`(see X02) underflow in the assembly code. Then ld1 instruction accesses an unexpected memory address(see X01) and raises CPU exception. Fix the issue by checking `block_nb` value before calling to `sha256_ce_transform`. BRANCH=corsola BUG=b:263514393 TEST=flash image-geralt*.bin and no CPU exception raised Change-Id: I9b74d60413b3cc571950e15c0d2b901bc4063385 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4242678 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380987 Reviewed-by: Cheng Yueh <cyueh@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org>
* sign_official_build: Silence shellcheck sed lintsNicholas Bishop2023-03-291-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | Silence all current instances of "SC2001 (style): See if you can use ${variable//search/replace} instead." Replacing complicated `sed` calls without tests in place would likely lead to mistakes, so leave them alone for now. The lint is not disabled globally though, so new uses can still be flagged. BRANCH=none BUG=None TEST=cros lint scripts/image_signing/sign_official_build.sh TEST=scripts/image_signing/sign_official_build.sh recovery \ TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.bin TEST= tests/devkeys TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.signed Change-Id: I228e78033f891ee09db40b937b4d7a7750de8c18 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4245621 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380986 Reviewed-by: Cheng Yueh <cyueh@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org>
* sign_official_build: Fix shellcheck quoting lintsNicholas Bishop2023-03-291-5/+5
| | | | | | | | | | | | | | | | | | | | | Fix all instances of "SC2046 (warning): Quote this to prevent word splitting." BRANCH=none BUG=None TEST=cros lint scripts/image_signing/sign_official_build.sh TEST=scripts/image_signing/sign_official_build.sh recovery \ TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.bin TEST= tests/devkeys TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.signed Change-Id: I46a7f3ed0b65e930e7fb95cd97954377a9a09e20 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4245620 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380985 Reviewed-by: Cheng Yueh <cyueh@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org>
* sign_official_build: Fix shellcheck echo lintsNicholas Bishop2023-03-291-4/+3
| | | | | | | | | | | | | | | | | | | | | Fix all instances of "SC2005 (style): Useless echo? Instead of 'echo $(cmd)', just use 'cmd'." BRANCH=none BUG=None TEST=cros lint scripts/image_signing/sign_official_build.sh TEST=scripts/image_signing/sign_official_build.sh recovery \ TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.bin TEST= tests/devkeys TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.signed Change-Id: Ia11a30187cb79077aeee4c626dc41de9bee5a12b Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4245619 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380984 Tested-by: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org>
* futility: updater: detect DUT typeHung-Te Lin2023-03-294-3/+34
| | | | | | | | | | | | | | | | | | | | | Detect if we are going to update a remote DUT (by checking if the flash parameter has been changed), and ignore all the local system properties if needed. This should help 'updating a Chromebook from a Chromebox via servo' to behave the same as updating from a non-ChromeOS Linux desktop. BUG=b:247428499,b:255617349 TEST=make; run test BRANCH=None Change-Id: I4aa0e98efa21179708d8b593fc619b7f7b65f418 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4181582 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380983 Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org>
* futility: updater: refactor: always pass updater config to DUT APIsHung-Te Lin2023-03-296-26/+36
| | | | | | | | | | | | | | | | | | | | | To support local and remote DUTs, we need to always pass the updater configuration (including flash programmer information) for DUT related calls. No functional changes but this is required for DUT detection in the future. BUG=b:247428499,b:255617349 TEST=make; run test BRANCH=None Change-Id: I91bdc95f3073d1e94030246790db83645fbd63ac Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4235306 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380982 Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org>
* futility: updater: remove quirks for AUE boardsHung-Te Lin2023-03-291-18/+4
| | | | | | | | | | | | | | | | | Remove quirks defined for boards derived from rambi, storm, strago, and veyron. Also updated reference design names for the derived platforms. BUG=None TEST=make; run test BRANCH=None Change-Id: I71f391cc7ef7ceff8ae6a93be599390910aba20c Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4235305 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380981 Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org>
* futility: updater: drop vboot1 supportHung-Te Lin2023-03-294-109/+78
| | | | | | | | | | | | | | | | | As CL:4211436 mentioned, all vboot1 boards are now AUE and it is time to drop vboot1 logic to simplify the updater. BUG=b:124141368,b:172342538 TEST=make; run test BRANCH=None Change-Id: Ice445158abd2b6465dad7cade10ce88b46d3c981 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4235302 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380980 Commit-Queue: Cheng Yueh <cyueh@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org>
* futility: updater: support getting WPSW from any DUTsHung-Te Lin2023-03-291-1/+2
| | | | | | | | | | | | | | | | | | | From b:255617349#comment133, the --wp-* commands should work with any servo, including servo-micro; so we should pass the right DUT programmer (e.g., cfg->image.programmer) instead of PROG_HOST when retrieving software write protection status (WPSW). BUG=b:255617349 TEST=make; run test BRANCH=None Change-Id: Iff5a105da8bed06bbd714a72a7d06d2b64b3dcd4 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4235303 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380979 Commit-Queue: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org>
* futility: updater: refactor DUT system info retrievalHung-Te Lin2023-03-298-171/+207
| | | | | | | | | | | | | | | | | | | | | | | | | | When developers (or the lab) runs 'futility update' on a Chromebox to update a remote DUT connected via servo, the updater will incorrectly recognize the Chromebox as the 'host' = 'system' = 'DUT', selecting wrong config and setting wrong cookies. To fix that, we want to isolate and refactor how we identify and access 'host' and 'DUT'. The first step is to rename and move the 'system property' related functions to 'dut properties' in the `updater_dut.c`. No functional changes in this patch. Only renamed functions and moved the implementation to different places. BUG=b:247428499,b:255617349 TEST=make; run test BRANCH=None Change-Id: I5c1f9bb67a14fbcdd80958597290a2789f4c2dac Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4181581 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380978 Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org>
* sign_official_build: Fix shellcheck brace lintsNicholas Bishop2023-03-291-11/+12
| | | | | | | | | | | | | | | | | | | | | Fix all instances of "SC2250 (style): Prefer putting braces around variable references even when not strictly required." BRANCH=none BUG=None TEST=cros lint scripts/image_signing/sign_official_build.sh TEST=scripts/image_signing/sign_official_build.sh recovery \ TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.bin TEST= tests/devkeys TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.signed Change-Id: I94bf368cad1d970e44ba16ed21cad48c13b5b9fb Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4237838 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380977 Commit-Queue: Cheng Yueh <cyueh@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org>
* sign_official_build: Fix some shellcheck quoting lintsNicholas Bishop2023-03-291-13/+15
| | | | | | | | | | | | | | | | | | | | | Fix all instances of "SC2248 (style): Prefer double quoting even when variables don't contain special characters." BRANCH=none BUG=None TEST=cros lint scripts/image_signing/sign_official_build.sh TEST=scripts/image_signing/sign_official_build.sh recovery \ TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.bin TEST= tests/devkeys TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.signed Change-Id: I1240fc581aa82c78f60b347f5d885fffbef3130c Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4237837 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380976 Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org>
* sign_official_build: Fix some shellcheck quoting lintsNicholas Bishop2023-03-291-27/+29
| | | | | | | | | | | | | | | | | | | | | Fix all instances of "SC2086 (info): Double quote to prevent globbing and word splitting." BRANCH=none BUG=None TEST=cros lint scripts/image_signing/sign_official_build.sh TEST=scripts/image_signing/sign_official_build.sh recovery \ TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.bin TEST= tests/devkeys TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.signed Change-Id: Ia28dfea7d4f7ecfc6ac587f85d6ced78c937a59a Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4237836 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380975 Reviewed-by: Cheng Yueh <cyueh@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org>
* sign_official_build: Fix shellcheck lints for local varsNicholas Bishop2023-03-291-43/+85
| | | | | | | | | | | | | | | | | | | | | Fix all instances of "SC2155 (warning): Declare and assign separately to avoid masking return values." BRANCH=none BUG=None TEST=cros lint scripts/image_signing/sign_official_build.sh TEST=scripts/image_signing/sign_official_build.sh recovery \ TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.bin TEST= tests/devkeys TEST= ~/chromiumos/src/build/images/reven/latest/chromiumos_image.signed Change-Id: I789cb55821af5a5fc161c5de871fbf806df2bb3f Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4237835 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380974 Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org>
* PRESUBMIT: disable automatic git cl presubmitMike Frysinger2023-03-291-0/+1
| | | | | | | | | | | | | | BRANCH=None BUG=None TEST=`repo upload` still works Change-Id: I844bb2b92b9b2aca53c8d312f83757542932fe98 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4241937 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380973 Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org>
* get_gbb_flags.sh: Use futility gbb --explicitEvan Benn2023-03-291-16/+7
| | | | | | | | | | | | | | | | | Replace the shell script implementation of explicit with the futility implementation. BUG=b:260531154 BRANCH=None TEST=get_gbb_flag.sh -e --file=/tmp/bios Change-Id: I6f9079152e0e1e2d1a4f462bb2661ef4e8273c75 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4161093 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380972 Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org>
* set/get_gbb_flags.sh: Use futility instead of flashromEvan Benn2023-03-293-103/+33
| | | | | | | | | | | | | | | | | | | | | futility gbb can now read and write from flash or file. BUG=b:260531154 BRANCH=None TEST=SERVOD_NAME=damu get_gbb_flags.sh -e --servo TEST=get_gbb_flags.sh -e TEST=get_gbb_flags.sh -e --file /tmp/bios TEST=set_gbb_flags.sh 0x0 TEST=set_gbb_flags.sh 0x0 --servo TEST=set_gbb_flags.sh 0x0 /tmp/bios Change-Id: I5cc1a893171195c09f7363b3e99f676806049d0d Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4161091 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380971 Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org>
* sign_official_build: Sign reven recovery images like base imagesNicholas Bishop2023-03-291-1/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reven generates recovery images for use with the ChromeOS Recovery Utility. Since those images are used to install Reven, they should be signed like base images rather than recovery images (i.e. kern-a/root-a should be signed with the normal key, not the recovery key). With our current boot stack this difference doesn't actually matter since it boots with the kernel image on the ESP, but with crdyboot we'll boot with the ChromeOS kernel partitions, so they need to be signed correctly. BRANCH=none BUG=b:256621033 TEST=USE=crdyboot build_packages TEST=build_image TEST=platform/vboot_reference/scripts/image_signing/sign_official_build.sh TEST= recovery build/images/reven/latest/chromiumos_image.bin TEST= platform/vboot_reference/tests/devkeys TEST= build/images/reven/latest/chromiumos_image.bin.signed TEST=Boot in a UEFI VM Change-Id: Ie3f6dd829a8bc15eeffc1d7fe1fc07e14cb30ef0 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4206908 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380970 Reviewed-by: Cheng Yueh <cyueh@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org>
* sign_official_build: Make reven check more explicitNicholas Bishop2023-03-291-5/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new get_is_reven() function which uses get_board_from_lsb_release() to determine the board name. This replaces a glob check against the KEY_DIR with an exact string match to prevent future accidents (e.g. if a key set named "Revenator" was added), and also checking against the board name makes local testing easier (since the test devkeys can be used without copying to a new "Reven" directory). Also removed a todo about getting "is reven?" from a config in the signing repo. The linked bug is closed, and the TODO is 16 months old now so it's probably fine as-is. BRANCH=none BUG=b:256621033 TEST=platform/vboot_reference/scripts/image_signing/sign_official_build.sh TEST= recovery build/images/reven/latest/chromiumos_image.bin TEST= platform/vboot_reference/tests/devkeys TEST= build/images/reven/latest/chromiumos_image.bin.signed Change-Id: I3586b607447b0f55a4a253d9a4d9c7212889c7d6 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4206907 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380969 Commit-Queue: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org>
* vboot: add arm64 SHA256 extension supportYidi Lin2023-03-297-96/+298
| | | | | | | | | | | | | | | | | | | | | | | | Copy sha256_armv8a_ce_a64.S from [1] and make some small changes to make it fit in vboot_reference build environment. With this CL, the boot time gets 126ms improvement on Tentacruel. The `vboot kernel verification` is reduced to 12ms. [1] https://github.com/OP-TEE/optee_os/blob/master/core/arch/arm/crypto/sha256_armv8a_ce_a64.S BRANCH=corsola BUG=b:263514393 TEST=make install_dut_test; ./build/tests/vb2_sha256_x86_tests TEST=check `cbmem -t` on Tentacruel Change-Id: Ic9abeae9687b2162d7ddadd46111ec20f34e771c Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4170144 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380968 Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Reviewed-by: Cheng Yueh <cyueh@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org>
* sign_official_release: relax board name for guybrushVadim Bendebury2023-03-291-5/+4
| | | | | | | | | | | | | | | | | | | | To address the case where the signer could be modifying the original contents of the board name by adding the release stage, check for presence of the base board name in the string instead of checking for exact matcn. BRANCH=none BUG=b:263378945 TEST=attempted local signing, observed expected messages in the output log. Change-Id: Idddd33cdbbc91497bfbc94b3757adb0f24f1a1f0 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4228431 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4380967 Reviewed-by: Cheng Yueh <cyueh@chromium.org> Auto-Submit: Phoebe Wang <phoebewang@chromium.org> Commit-Queue: Cheng Yueh <cyueh@chromium.org> Tested-by: Phoebe Wang <phoebewang@chromium.org>
View Lorry Controller Status