| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Utility programs in vboot sometimes use subprocess_run to execute
another program like flashrom or cbfstool. This change makes it easier
to debug these utilities by logging executed subprocess and its
arguments.
This change also fixes futility vb2ex_printf() implementation.
Previously use of VB2_DEBUG_RAW() calling vb2ex_printf(NULL, ...) was
unnecessarily trying to print NULL as function name, which was not
intended behavior.
TEST=sign image and look for "Run: cbfstool ..."
BUG=none
BRANCH=none
Signed-off-by: Jakub Czapiga <czapiga@google.com>
Change-Id: I613d4af4af4370425cbbedc2d7de29a488533c6a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3878593
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch moves the connection to the vb2ex_hwcrypto API further down
the stack, into the low-level vb2_digest and vb2_hash APIs. These
functions will now take an extra allow_hwcrypto argument that the caller
can use to deny or allow hwcrypto by policy. If allowed, the function
will try HW crypto first and fall back to the software implementation if
the selected algorithm is not supported. vb2_hwcrypto_allowed() is made
available to external callers as a vb2api function to make that decision
in most cases (for others, like userspace tools and testing, HW crypto
is generally not used anyway and they can just pass `false`).
Since vb2ex_hwcrypto_digest_init() takes a data_size argument for the
total amount of bytes expected, vb2_digest_init() will now also need to
take this extra argument. But since the total data size cannot always be
known in advance, callers are allowed to pass 0 to indicate that the
size is unknown. The software implementations work either way, and HW
crypto implementations will now need to check if data_size is 0 and
return HWCRYPTO_UNSUPPORTED if they cannot handle this case.
While we're touching everything anyway, let's take this opportunity to
retire the vb2_digest_buffer() API in favor of the newer and usually
more convenient vb2_hash_calculate(), so we can limit the amount of
separate APIs we have to support going forward.
BRANCH=none
BUG=b:240624460
TEST=runtests
Signed-off-by: Julius Werner <jwerner@chromium.org>
Cq-Depend: chromium:3854282
Change-Id: I34c3f54e31742619d422d1cd871bdb77ad0439b7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3825558
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes flashrom_get_wp() use the new libflashrom WP interface that
was recently added to flashrom and moves it to host/lib/flashrom_drv.c
with the other libflashrom wrapper functions.
BUG=b:223291615
BRANCH=none
TEST=flashrom --wp-disable; futility update -i image.bin \
futility prints: `Write protection: 0 (disabled; HW=0, SW=0).`
TEST=flashrom --wp-enable; futility update -i image.bin \
futility prints: `Write protection: 0 (disabled; HW=0, SW=1).`
Change-Id: Ib13eeb2f1f718443271b074969ff69e66149f401
Signed-off-by: Nikolai Artemiev <nartemiev@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3540785
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make cbfstool_truncate() fail critically on subprocess execution error.
cbfstool is mandatory, so it should always be available.
If subprocess_run(), then either cbfstool is not available, or code is
incorrect, so it should not return.
BUG=none
TEST=make runfutiltests
BRANCH=none
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: I17089d0cc2512a25f25cafe616caa79845a7e078
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3804563
Commit-Queue: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move VbTryLoadKernel() and VbTryLoadMiniOsKernel() to depthcharge.
In addition, expose LoadKernel() and LoadMiniOsKernel() as
vb2api_load_kernel() and vb2api_load_minos_kernel(), respectively.
Since we remove VbTryLoadKernel() in vb2api_normal_boot(), rename
vb2api_normal_boot() to check_kernel_version() and call it in
vb2api_kernel_finalize().
Also, rename VbSelectAndLoadKernelParams, VbDiskInfo, and
VbExDiskHandle_t as vb2_kernel_params, vb2_disk_info, and
vb2ex_disk_handle_t, respectively.
BUG=b:172339016
BRANCH=none
TEST=make runtests
TEST=FW_NAME=tomato emerge-cherry depthcharge
Cq-Depend: chromium:3758201
Signed-off-by: Hsin-Te Yuan <yuanhsinte@google.com>
Change-Id: Iaf182ca81797fee24c6104dac9d4770ff75c7fb2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3755923
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch reworks whole BIOS image signing to support images with CBFS,
and with ponly RW/A slot. CBFS images will now be truncated to eliminate
unnecessary empty space, and will sign only the part of firmware area
which contains the data, and not empty space.
This patch also adds more checks for potential errors, and does not
allow for signing incorrect nor uses data from structures, which might
not be valid.
futility sign command tests are also greatly extended to cover a wide
variety of possible errors, which have to be handled correctly.
BUG=b:197114807
TEST=sudo emerge vboot_reference
TEST=build whole chromeos-bootimage after making it and coreboot use
`futility sign --type bios ...`
TEST=make runtests
BRANCH=none
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Cq-Depend: chromium:3707104
Change-Id: I7c84aa38776e8890a87f0e9b7ec7f32d86f82c13
Disallow-Recycled-Builds: test-failures
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3575325
Tested-by: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Auto-Submit: Jakub Czapiga <czapiga@google.com>
Commit-Queue: Jakub Czapiga <czapiga@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:207808292
BRANCH=none
TEST=emerge-octopus and cros deploy'ed
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: I8a8f941f224416d872592d6cc2de4caf058cb5bc
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3512274
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Nikolai Artemiev <nartemiev@google.com>
Commit-Queue: Nikolai Artemiev <nartemiev@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Meteor Lake platform, the pinctrl (gpiochip) driver label is
"INTC1083:00", hence declare it properly.
BUG=b:224325352
TEST=Test pending
Signed-off-by: Subrata Banik <subratabanik@google.com>
Change-Id: I9c1583972e71ae472c8b3f360eda34611c8c8f0c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3520099
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Tested-by: Subrata Banik <subratabanik@chromium.org>
Commit-Queue: Subrata Banik <subratabanik@chromium.org>
Auto-Submit: Subrata Banik <subratabanik@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The updater should always only update the whole image when write
protection is disabled, or partial (RW) when write protection is
enabled. As a result, it should be better to always turn on -N
(--noverify-all) for two reasons: (1) faster partial write, and
(2) prevent failure due to other processors accessing the flash
in parallel.
- Faster partial write:
On recent x86 Chromebooks the flash size is getting bigger and bigger
(for example 32M on Brya) and the RW section size is much smaller
(8M on Brya). So we wasted a lot of time reading and verifying
sections that we don't care (64M versus 16M) if we don't turn on -N.
- Concurrent access:
On recent x86 devices the system flash is shared by two processors -
the CPU and the CSME. Before the ME is locked, CPU can see and access
all regions - including those managed by ME/CSME. As a result, when
the updater is changing the RW_SECTION, the CSME may be updating
CSE_RO or CSE_RW on its own. So if we don't turn on -N, the
verification will fail in CSE regions.
Also revised to only set FLASHROM_FLAG_VERIFY_AFTER_WRITE one time.
BUG=None
TEST=make; build and run tests.
BRANCH=None
Change-Id: I1ebff2d7f00b85037464eff4fa5d4573f867ce44
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3505290
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we have multiple regions to update, invoking flashrom_write_image
multiple times will take much longer because for each write it has to
read the whole flash, write and then verify whole flash (also timer
calibration and programmer init/shutdown every time).
As a result, we want to support writing multiple regions - just like
that flashrom can take arbitrary numbers of "-i REGION".
This change only extended flashrom_write_image, and the firmware updater
is calling flashrom_drv multiple times. That will be addressed in the
follow up changes.
BUG=b:221137867
TEST=build; and run test
BRANCH=None
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Change-Id: Id335cc9f816f1384f1886422efa97fe2c7b81aec
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3490388
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To help debugging:
- Print equivalent flashrom commands when reading and writing.
- Print <sys-flash> instead of <none> in 'Current system:' message.
- Always print the detected model from libcrosid.
- After writing to flash, print a new line.
BUG=None
TEST=make; build and run test
BRANCH=None
Change-Id: I34a73ec1c968a98a9fca649c65863aa43ca39ca8
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3461090
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During the flashrom initialization sequence the return code is not
being checked therefore there's a potential that the code moves
forward with read/write operation even with outstanding error.
This CL checks the return code and bail with error.
BUG=b:217629892
TEST=Test futility update with multiple instances of flashrom running.
BRANCH=None
Signed-off-by: YH Lin <yueherngl@chromium.org>
Change-Id: I0768232f6af35290ad7b3d9f479ee299bf9400e1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3485520
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow for picking the default verbosity with a sentinel
value of -1.
BUG=b:207808292
BRANCH=none
TEST=none
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: Ia3a21e8647fe480c60ea80ecb060466e9d86110a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3461094
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Nikolai Artemiev <nartemiev@google.com>
Commit-Queue: Nikolai Artemiev <nartemiev@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bring sub-process and libflashrom wrapper implementations
under the common host/lib path to later be reconciled.
The WP implementation is left separated out due to the
lack of a libflashrom WP implementation which creates
circular dependencies for the moment.
BUG=b:207808292
BRANCH=none
TEST=none
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: Ic759c4e9828778a0ef1443b163224aef2c7cba54
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3461093
Reviewed-by: Nikolai Artemiev <nartemiev@google.com>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:207808292
BRANCH=none
TEST=none
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: I49bd29dcfe12ad9845213d07bc6bee71980a8cd1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3461092
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Nikolai Artemiev <nartemiev@google.com>
Reviewed-by: Sam McNally <sammc@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:207808292
BRANCH=none
TEST=none
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: Iaf94b5cc8c7b4f4b7859f10b8078e922bc1636d2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3450057
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Nikolai Artemiev <nartemiev@google.com>
Reviewed-by: Sam McNally <sammc@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This attempts to converge the signatures of host/lib/flashrom
with that of 'futility/updater_utils.h:struct firmware_image'.
with the eventual goal of converging the multiple flashrom
wrapper implementations.
BUG=b:207808292
BRANCH=none
TEST=`$ cros_run_unit_tests --board nocturne --packages vboot_reference`
Cq-Depend: chromium:3399963
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Change-Id: I016dacbdca6f1108def0dbc608d83e0066a30023
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3301571
Reviewed-by: Sam McNally <sammc@chromium.org>
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Auto-Submit: Edward O'Callaghan <quasisec@chromium.org>
Commit-Queue: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Alder Lake-N platform, the pinctrl (gpiochip) driver label is
"INTC1057:00", hence declare it properly.
BUG=b:213535859
TEST=run 'crossystem wpsw_cur' and see '0' rather than an error
on ADLRVP platform.
Signed-off-by: Subrata Banik <subratabanik@google.com>
Change-Id: Ie742a43cd37b37a35b16e68fe4be44f9bb08ec5c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3404067
Reviewed-by: Subrata Banik <subratabanik@chromium.org>
Tested-by: Subrata Banik <subratabanik@chromium.org>
Auto-Submit: Subrata Banik <subratabanik@chromium.org>
Reviewed-by: Kangheui Won <khwon@chromium.org>
Commit-Queue: Kangheui Won <khwon@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't need the MOUNT_ENCRYPTED_KEY_PATH after we replaced the stale
TPM simulator with the driver-level TPM simulator.
It's time to remove it.
BUG=b:203195852, b:174807059
BRANCH=none
TEST=crossystem clear_tpm_owner_request=1
Signed-off-by: Yi Chou <yich@google.com>
Change-Id: I7c1c9c16697b1bbda9adea13448fdb9cffd9cc7b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3358669
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Leo Lai <cylai@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The crossystem command would have potential race conditions when we
calling this command in parallel. Add a flock should prevent this
issue.
BUG=b:172876417
BRANCH=none
TEST=Firing multiple crossystem commands, and check result
Signed-off-by: Yi Chou <yich@google.com>
Change-Id: Ia9f8a73d5fd762c79088f350ea05d0dd540f3fc3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3358668
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Leo Lai <cylai@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The help text of the new subcommand is as follows:
-------
This utility creates an RO verification space in the Chrome OS AP
firmware image or allows to validate a previously prepared image
containing the RO verification space.
Usage: futilitygscvd PARAMS <AP FIRMWARE FILE> [<root key hash>]
Creation of RO Verification space:
Required PARAMS:
-R|--ranges STRING Comma separated colon delimited
hex tuples <offset>:<size>, the
areas of the RO covered by the
signature
-r|--root_pub_key <file> The main public key, in .vbpubk
format, used to verify platform
key
-k|--keyblock <file> Signed platform public key in
.keyblock format, used for run
time RO verifcation
-p|--platform_priv <file> Private platform key in .vbprivk
format, used for signing RO
verification data
Optional PARAMS:
[--outfile] OUTFILE Output firmware image containing
RO verification information
Validation of RO Verification space:
The only required parameter is <AP FIRMWARE FILE>, if optional
<root key hash> is given, it is compared to the hash of the body
of the root key found in <AP_FIRMWARE_FILE>.
-h|--help Print this message
-------
When creating GVD section, the sha256 hash of the root public key
payload is printed on stdout, this is the hash to include in the GSC
image to for the root key verification.
Code converting ASCII hex string into binary is refactored into a misc
function.
BRANCH=none
BUG=b:141191727
TEST=testing included the following steps:
. modified guybrush coreboot to allocate an 8KB RO_GSCVD area in
FMAP and built a guybrush BIOS image
. filled GVD space as described in the source file comments
. verified the created space as described in the source file comments
. verified AP RO integrity on the GSC size using crrev.com/c/3172256
Change-Id: I51a80be5007a32d5286b93499f71da84f41b3d81
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3174570
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Devices which do not use chromeos firmware (e.g., reven) do not have a
GBB section nor firmware to expose this data via ACPI/device-tree.
However, a hwid is still required for auto-update, UMA, etc.
CL:3118810 adds a new property to the schema for /:hwid-override.
This CL makes it so when that property is set, ACPI/device-tree is not
probed for the HWID, and it is instead set via cros_config.
BUG=b:195007267
BRANCH=none
TEST=build image for reven with a hwid override
# crossystem hwid
REVEN-ANAE A6A-A7I
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Change-Id: I3c1255b257f914b02dfb8ba53dd275892df1a526
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3119046
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yong Hong <yhong@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some systems have an active-high GPIO for reading WP status, so support
an inverted name for that.
While we're at it, do this for recovery too, just in case someone needs
it.
BRANCH=none
BUG=b:197258688
TEST=play with servo's `fw_wp_state`, check `crossystem wpsw_cur` on
kevin-kernelnext + DTS change
Signed-off-by: Brian Norris <briannorris@chromium.org>
Change-Id: I28ad566568d6dc62843d0bc9b75cca1fc1a35633
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3108068
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Publicize vb2api_enable_developer_mode, vb2api_allow_recovery and
VbTryLoadKernel, and modify corresponding parts in tests.
Create vb2api_disable_dev_request, vb2api_request_diagnostics for
wrapping vb2_nv_set(ctx, VB2_NV_DISABLE_DEV_REQUEST, 1) and
vb2_nv_set(ctx, VB2_NV_DIAG_REQUEST, 1).
BUG=b:172339016
TEST=export CC=x86_64-pc-linux-gnu-clang DEBUG=1 DETACHABLE=0; \
make -j32 test_setup && make -j32 runtests;
TEST=export CC=x86_64-pc-linux-gnu-clang DEBUG=1 DETACHABLE=1; \
make -j32 test_setup && make -j32 runtests;
TEST=Hayato booted into developer mode
BRANCH=none
Change-Id: I0211a63ed58ce862ee3e17b4835c675544f773a4
Signed-off-by: edisonhello <edisonhello@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3053541
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Flag decides whether MINIOS-A or MINIOS-B is booted.
BUG=b:186682292
TEST=make clean && make runtests
TEST=Deploy and run `crossystem minios_priority` commands
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I11460bf1522cde8e98e680b0f00a417e2b4ef9a1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2998513
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Relocate currently-in-use kernel struct functions out
of lib20 namespace, and into:
* 2struct.c for functions required at runtime
* host_common.c for functions required by host
Relocate firmware struct functions from 2common.c
into 2struct.c
vb2_common.h may be deleted as a result.
This CL is part of a series to merge vboot1 and vboot2.0
kernel verification code; see b/181739551.
BUG=b:181739551
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ic162d9633b6112ddc4a819b3e58d313dc484f304
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2825269
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This was done on OpenBSD 6.8.
Required packages are: e2fsprogs and gcc.
Change-Id: I86ec080e1ddb90053d81f1edd17d3406e7e737c6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2903352
Reviewed-by: Patrick Georgi <pgeorgi@chromium.org>
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Commit-Queue: Patrick Georgi <pgeorgi@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change replaces --diff and --fast-verify for the supported
equivalent flashrom options
BRANCH=none
BUG=b:186479007
TEST=tryjobs
Change-Id: I614ba71c606dbe4e3a1b4988df845bcbbd61dd01
Signed-off-by: Daniel Campello <campello@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2853623
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Standardize on the term "altfw" (short form) and
"alternate bootloader" (long form) in both code and
documentation.
Remove the VbAltFwIndex_t enum, and replace with a
simple uint32_t.
Rename VbExLegacy to vb2ex_run_altfw, and move
to vboot2 namespace.
Rename crossystem param dev_boot_legacy to
dev_boot_altfw, but leave an alias.
Rename crossystem param dev_default_boot value
from legacy to altfw, but leave an alias.
BUG=b:179458327
TEST=make clean && make runtests
TEST=emerge vboot_reference and check output for:
crossystem dev_boot_legacy=0
crossystem dev_boot_altfw=0
crossystem dev_default_boot=legacy
crossystem dev_default_boot=altfw
BRANCH=none
Cq-Depend: chromium:2641196
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I289df63d992a3d9ae3845c59779ecbd115b18ee2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2641346
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After implemented the driver-level TPM2.0 simulator on VM boards, the
mount-encrypted would use the vTPM to encrypted the file system.
We would need to remove the TPM simulator NVChip when we want to
hard reset the TPM on VM.
And we don't need to remove the mount-encrypted key after we landed
the driver-level TPM simulator on all VM boards.
BUG=b:174807059
BRANCH=none
TEST=crossystem clear_tpm_owner_request=1
TEST=crossystem clear_tpm_owner_request // showing the right value
Cq-Depend: chromium:2576865, chromium:2638953
Signed-off-by: Yi Chou <yich@google.com>
Change-Id: Iba2c9b93ed9e558a9163542dfc1fbcb738c1d83d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2576867
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lib20/packed_key.c functions are currently called throughout
2lib namespace, so move to 2lib/2packed_key.c.
Move function declarations from vb2_common.h to 2packed_key.h,
and include 2packed_key.h from 2common.h.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I151b2d41cbbfa1bfd03de301bd4ee69c49e81f3b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2635220
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 6208b9aa9c4e8b7c9ff8063965c9f9aa519c1740.
Upstream coreboot has raised concerns that relying on GCC 7+ features
for host utilities is too restrictive, so revert this and go back to
customizing fallthrough annotations by compiler. Cleaned out some of the
C++-specific stuff because vboot isn't built with C++.
BRANCH=None
BUG=None
TEST=Built with clang and GCC.
Change-Id: I75d796d289b0a6c249fc8ac2dadb1453be468642
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2547821
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL would give VM boards the ability to hard reset TPM.
When clearing TPM ownership on real devices, there are two things
would happen:
1. TPM reset all of its NVRAM data.
2. mount-encrypted can't decrypt old encrypted partition.
The TPM2.0 simulator put its NV space at "/var/lib/trunks/NVChip".
And "/var/lib" is under encrypted partition.
Remove the mount-encrypted key would cause mount-encrypted lost the
encrypted partition on next boot, and it would simply achieve those
two targets.
BUG=b:170785530
BRANCH=none
TEST=crossystem clear_tpm_owner_request=1
Cq-Depend: chromium:2501904
Signed-off-by: Yi Chou <yich@google.com>
Change-Id: Ifeff0cf03bf76706849905816d22024f3d1b952f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2470577
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
As promised, it's October 2020, nyan_kitty went AUE with M85, and M86
just got pushed stable. That means we can now delete this code :)
BUG=chromium:1090803
BRANCH=none
TEST=compiles
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Change-Id: I5a15ef1e1ad02885af135d8e42d02d492bdd6c05
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2469604
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For utilities reading text file, it is easier to process as ASCIIZ input
if vb2_readfile can always return a buffer ends with '\0' so we don't
need to pass and check the size.
BUG=None
TEST=make clean && make runtests
BRANCH=None
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Change-Id: Ib6294969fb325b9b7899e6295fb1817ad91a9952
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2426092
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The name of a gpiochip can in theory be up to NAME_MAX characters long
(usually 255), which exceeds the length of the 30 byte buffer allocated
for it. In practice we won't need more than the 30 bytes, but the
smaller buffer trips a -Wformat-truncation warning from GCC that makes
the build fail. Make the buffer bigger to keep GCC happy.
BUG=none
BRANCH=none
TEST=make utillib compiles on BeagleBone Black
Change-Id: I528f395033f58057846e717ff126e7a5dca504e3
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2393193
Tested-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Commit-Queue: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Built on FreeBSD 12.1-RELEASE, 13-CURRENT, using gcc9 installed from
packages.
Change-Id: Ifa8bb343c7e916c1b545cf6c1e4bd0a18ea391cd
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2382790
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mosys used to have code (below), which led me to believe that we
always try and leave the last entry unfilled:
memset(blank, 0xff, VBNV_BLOCK_SIZE);
for (index = 0; index < len / VBNV_BLOCK_SIZE; index++) {
unsigned int offset = index * VBNV_BLOCK_SIZE;
if (!memcmp(blank, &data[offset], VBNV_BLOCK_SIZE))
break;
}
if (index == 0) {
lprintf(LOG_ERR, "VBNV is uninitialized\n");
return -1;
} else if (index >= len) { <---- SEE NOTE
lprintf(LOG_ERR, "VBNV is full\n"); <--- unreachable
return -1;
} else {
return index - 1;
}
The statement at "SEE NOTE" will always be false, so this code fooled
me to believe that we consider VBNV without a row of 0xFF*16 to be
empty.
And so I implemented and wrote unit tests for what I believed the
correct behavior to be :/
Anyway, this is causing us issues since AP firmware does not implement
it that way. So allow the last row to be filled.
BUG=chromium:1112578
BRANCH=none
TEST=unit tests
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Change-Id: Ib3da78eddef69a688d081cdb5391a25000dac9d3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2402385
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Google is working to change its source code to use more inclusive
language. To that end, replace the term "sanity" with inclusive
alternatives.
BUG=b:163883397
BRANCH=None
TEST=grep -ir sanity
TEST=make runtests
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: I708a044d89050c442f14fb11a8ae5e98490d56af
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2353420
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This prevents linker errors regarding multiple definitions.
Change-Id: I62d6132c20ca2b9620a9f3b1539a1a0109c5aa26
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2318026
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Jack Rosenthal <jrosenth@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Good security practice. Set to 077; resultant file permissions are:
-rw-------
BUG=b:160717634
BRANCH=none
TEST=unit tests
Change-Id: Ib3b853c824be4c98e7b9ddd31797104ec4ab67a9
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2302962
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's some code that is architecture specific, but looking at
it, it's code for Chrome OS devices that just happens to be
split along ISA lines.
When building on systems that we don't ship crossystems integration for,
these parts are replaced by stubs that always return error conditions,
which allows building on unsupported ISA (such as POWER).
The issue was reported at https://ticket.coreboot.org/issues/145
where a coreboot user wanted to build a vboot-enabled coreboot
configuration (which builds futility for the signing part) on a
POWER host system, which failed because we lack an implementation
of the crossystem interfaces for POWER.
BUG=none
BRANCH=none
TEST=Built upstream coreboot with a vboot-enabled target inside
qemu-user-ppc64. Doing so works with these patches applied
while it failed without them.
Change-Id: I4aaeb56d4521c426a520bc9a1bb49497bec86c35
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2270096
Commit-Queue: Patrick Georgi <pgeorgi@chromium.org>
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently this had perror to print the error message, but we can get
rid of this and the constructor function reasonably if we switch to
VB2_DEBUG.
This was changed since the Loonix team cannot rely on glibc-specific
behaviors, and passing argv to constructor functions is
glibc-specific. See the notes on cl/316913250 for a little bit of
background.
BUG=none
BRANCH=none
TEST=unit tests
Change-Id: I5de76306d5a8615fdc3afcfb772a2eb32557aa87
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2251039
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This relands CL:2218891, which was reverted as the "mkbp" case was
forgotten, and lit all sorts of stuff on fire when the CQ skipped
hardware tests and the lab was accidentally soaked in gasoline.
The devices which this affected are re-enabled in the lab, the CQ is
now configured to enable hardware tests, so let's land it again ;)
BUG=chromium:1032351,chromium:1030473,chromium:789276
BRANCH=none
TEST=On scarlet and nyan_kitty, read and write using crossystem
Change-Id: Ife4d17eeca484a2784f7e2b2f7c22fef27b9d083
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2251049
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fmap_base utility no longer needed since b:157897361
BUG=chromium:1091253
BRANCH=none
TEST=Compiled, cros_workon_make test,
and cros deploy to kindred device to confirm
there was no fmap_parameter.
Change-Id: Idc89c82555531030beaf8f84ce483a5f49a86fbe
Signed-off-by: Aaron Massey <aaronmassey@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2241386
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Commit-Queue: Jack Rosenthal <jrosenth@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We caused a boot-speed regression as we are currently verifying the
entire flash chip after any write.
Flashrom has an option --fast-verify which verifies only the region
written, which is significantly faster. It also looks like this is
the way mosys used to handle flashrom writes, so we can align with the
old behavior this way.
BUG=chromium:1091903
BRANCH=none
TEST=unit tests, and boot speed regression went away (on octopus)
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Change-Id: If8d2288cb0c08e8644b6e05f7b174c3c21542f94
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2242738
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename enumerators of the vb2_dev_default_boot_target enum as follows,
because the term USB is not quite accurate (we can also boot from an SD
card).
VB2_DEV_DEFAULT_BOOT_TARGET_DISK
--> VB2_DEV_DEFAULT_BOOT_TARGET_INTERNAL
VB2_DEV_DEFAULT_BOOT_TARGET_USB
--> VB2_DEV_DEFAULT_BOOT_TARGET_EXTERNAL
Also perform similar renaming for the following.
enum vb2_nv_param:
VB2_NV_DEV_BOOT_USB
--> VB2_NV_DEV_BOOT_EXTERNAL
enum vb2_secdata_fwmp_flags:
VB2_SECDATA_FWMP_DEV_ENABLE_USB
--> VB2_SECDATA_FWMP_DEV_ENABLE_EXTERNAL
constants:
VB2_NV_DEV_FLAG_USB
--> VB2_NV_DEV_FLAG_EXTERNAL
functions:
vb2_dev_boot_usb_allowed
--> vb2_dev_boot_external_allowed
BRANCH=none
BUG=none
TEST=make runtests
Change-Id: Iad16fcf34d76da08c6d8a81e150c7fde927c743b
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2237622
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 9a923c7dba003a5ddbc55937469c975689effa62.
Reason for revert: https://crbug.com/1093191
Original change's description:
> crossystem: arm: switch to VBNV using flashrom from mosys
>
> Most ARM platforms will store VBNV in SPI flash by calling out to
> mosys, which in turn calls out to flashrom.
>
> The set of parent CLs to this commit port this functionality from
> mosys directly to vboot's host libraries. This CL switches to use the
> new functionality.
>
> (The CL to switch is provided as a separate CL for ARM only so it's an
> easy and clean revert should something go wrong.)
>
> BUG=chromium:1032351,chromium:1030473,chromium:789276
> BRANCH=none
> TEST=On scarlet, read and write VBNV using crossystem
>
> Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
> Change-Id: I1949522b665170ebeb35f3c46177f1957980d6a3
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2218891
> Reviewed-by: Joel Kitching <kitching@chromium.org>
Bug: chromium:1032351, chromium:1030473, chromium:789276
Change-Id: I3ccb6c6653e24e61072ee9227e870a2f211cd114
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2237617
Reviewed-by: Shik Chen <shik@chromium.org>
Commit-Queue: Shik Chen <shik@chromium.org>
Commit-Queue: Stimim Chen <stimim@chromium.org>
Tested-by: Stimim Chen <stimim@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most ARM platforms will store VBNV in SPI flash by calling out to
mosys, which in turn calls out to flashrom.
The set of parent CLs to this commit port this functionality from
mosys directly to vboot's host libraries. This CL switches to use the
new functionality.
(The CL to switch is provided as a separate CL for ARM only so it's an
easy and clean revert should something go wrong.)
BUG=chromium:1032351,chromium:1030473,chromium:789276
BRANCH=none
TEST=On scarlet, read and write VBNV using crossystem
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Change-Id: I1949522b665170ebeb35f3c46177f1957980d6a3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2218891
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, x86 platforms with vboot2 will backup VBNV in SPI flash
using mosys, which will in turn execute flashrom to preform the
underlying operation.
The set of parent CLs to this commit port this functionality from
mosys directly to vboot's host libraries. This CL switches to use the
new functionality.
(The CL to switch is provided as a separate CL for x86 only so it's an
easy and clean revert should something go wrong.)
BUG=chromium:1032351,chromium:1030473,chromium:789276
BRANCH=none
TEST=On octupus, write VBNV using crossystem and manually inspect
RW_NVRAM region in SPI flash.
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Change-Id: I9f945dca99ebd394abea1490fa25d3763834bfa1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2218890
Reviewed-by: Joel Kitching <kitching@chromium.org>
|
