| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove the sign_uefi.sh script and call sign_uefi.py instead. This is in
a separate commit from the one adding the Python script in case we need
to revert.
Test command:
platform/vboot_reference/scripts/image_signing/sign_official_build.sh \
base build/images/reven/latest/chromiumos_test_image.bin \
platform/vboot_reference/tests/devkeys \
build/images/reven/latest/chromiumos_test_image.bin.signed
BRANCH=none
BUG=b:261631233
TEST=Run test command above, verify expected files are signed
Change-Id: Icf59b6b1a36acf6332cd6f402ef6072b99c44796
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4083507
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Shell scripts are hard to modify and hard to test, so port sign_uefi.sh
to Python. This is a fairly direct port that attempts to keep all the
behavior the same. In particular, there are no hard errors for missing
EFI/kernel files, or for failing to sign one of those files if it does
exist. It might be good to make the script more strict in the future,
but for now try to match the existing behavior.
Nothing actually calls the new script yet.
Also enable `black_check` in `PRESUBMIT.cfg` to enforce formatting.
BRANCH=none
BUG=b:261631233
TEST=make runtests
TEST=cros lint scripts/image_signing/sign_uefi*.py
Change-Id: I4b9b86607cc403779b0504758dd097b0d7237fef
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4083506
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All AP RO verification platform keys must be signed by the same AP RO
verification root key, this is why the root key pair needs to be
created only once, and used for signing key blocks for all PreMP AP RO
verification platform keys.
This patch adds make_arv_root.sh, a script for generating the root
key, and modifies create_new_keys.sh to use the single root key for
signing all generated platform keys.
By default the root key is placed at the top of the root key
directory, from which all key creation scripts are invoked. It is
possible to specify the desired path for the root key to both
make_arv_root.sh and create_new_keys.sh.
Note that the keyset generated for each board still needs to include
the AP RO verification root public key, added explicit copying.
BRANCH=none
BUG=b:299965578
TEST=ran the following commands in ./scripts:
$ mkdir keys
$ cd keys
$ ../keygeneration/make_arv_root.sh
$ ../keygeneration/create_new_keys.sh --output Nissa
This resulted in creation of directory ./scripts/keys/Nissa with
all generated keys and the AP RO verification root public key copy.
Then ran sign_official_build.sh using Nissa recovery image and the
keys/Nissa directory as inputs, observed successful AP firmware
signing, including signing of RO_GSCVD sections.
Then successfully ran ./tests/futility/test_gscvd.sh
Change-Id: Ic024ccdcdcb751be677934bf559c40b2826c714e
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4058180
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sometimes we want to know if someone disable rootfs verification
on DUT, but we have no evidence in logs.
This CL modify make_dev_ssd.sh, for logging the operations and
the parameters passed to the script in /var/log/messages when
the device is changing itself.
It can help us checking:
1. The operartions done by executing make_dev_sdd.sh
2. Whether someone disable rootfs verification.
3. The time when the rootfs verification was disabled.
BUG=b:140709784
TEST=manual test on TOMATO DUT
Change-Id: I8140e13b0e74a9b2a084954c5153e528045d7c7e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4022414
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: LIU KUAN-FU <iamjeffliu@google.com>
Commit-Queue: LIU KUAN-FU <iamjeffliu@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sign_official_build.sh script uses the presence of the AP RO
verification keys as the indicator that AP RO verification signing is
required. But it is possible to have they keys created, but the AP
firmware image still not have the RO_GSCVD section in FMAP.
Using the presence of RO_GSVD section is a more reliable indicator of
the need to sign for AP RO verification. Let's use it and fail the
signer if the section is present, but the AP RO signing keys are not
found in the keys directory.
BRANCH=none
BUG=b:259965578
TEST=removed the generated arv_root key and tried signing an image
requiring AP RO verification signing, observed the script
terminate with error reporting the missing key
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I4ad3272fb62a91154458d3b770b2c91a2beffc5b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4045049
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a lot of duplication between logging futility invocations and
actual invocations, this copy and paste can easily get out of sync.
This patch removes the duplication.
Also capitalizing 'BIOS' in log messages.
BRANCH=none
BUG=none
TEST=collected logs of invocation this script for signing a nivviks
image, logs before and after are identical modulo temp
file/directory names.
Change-Id: Ic5def05bbe39b1e0534ffd53446bbd2a486d6976
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4043440
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to add an additional layer of protection against accidental
releasing of prod signed images with dev public keys and hashes for
which private keys are not secret.
The blobs of the keys and hashes to avoid are available in the Ti50
tarball, this patch adds a check and fails the signing process each
time the prohibited blob is found in the Ti50 binary.
BRANCH=none
BUG=b:254059627
TEST=invoked the script to sign Ti50 images built with and without
'ALLOW_AP_RO_DEV_SIGNING_KEY=1 TI50_DEV=1' defined, Observed
signer failure when signing the image with either variable
defined, reporting the presence of the appropriate blob.
Change-Id: I8497e749807f862f6d20cf33cad4657008a6372a
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4032539
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Allen Webb <allenwebb@google.com>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most of AP firmware images do not include the RO_GSCVD section and are
not supposed to be signed for AP RO verification.
The presence of AP RO verification keys (files prefixed with arv_...)
can be considered an indicator of the need to sign the RO_GSCVD
section.
This patch adds logic to skip signing of AP RO in case the appropriate
signing keys are not present.
BRANCH=none
BUG=b:247645824, cros:1382709
TEST=ran sign_official_build.sh to re-sign a Nissa test tarball,
observed successful completion with log messages confirming
RO_GSCVD signing.
then removed tests/devkeys/arv_root.vbpubk and ran the script
again, observed successful completion and log messages
confirming skipping AP RO verification signing.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Iee5a2adcceb7ecc86f48d7c56755cc10405e5eed
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4024432
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When signing AP RO images, in cases when signer_config.csv manifest
includes the brand code column add a futility invocation to sign the
RO_GSCVD section of the image. If the <path to unpacked>/keyset
directory is found, save the gscvd.<model> blob in that directory.
BRANCH=none
BUG=b:247652363
TEST=built ChromeOS test image for Nissa, then invoked
$ scripts/image_signing/sign_official_build.sh \
base \
~/trunk/src/build/images/nissa/latest/chromiumos_test_image.bin \
tests/devkeys \
/tmp/signed.bin
and observed 'futility gscvd' invocation in the log.
Cq-Depend: 3954963
Change-Id: I55cec75794560662ed2cfb2dac7f44d972a8571f
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3935034
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=none
BRANCH=none
TEST=make runtests
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: If93a65ba58c4973d4b344229c7ee26685395bbbf
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3964274
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Jakub Czapiga <czapiga@google.com>
Tested-by: Jakub Czapiga <czapiga@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:251281342
BRANCH=None
TEST=set_gbb_flags.sh --servo targeting a Nereid succeeded.
Change-Id: Iea83ebacf2bbcdf9da70b38a94017811c07c063e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3929937
Tested-by: Tirath Ramdas <tirath@google.com>
Reviewed-by: Jett Rink <jettrink@chromium.org>
Reviewed-by: Allen Webb <allenwebb@google.com>
Reviewed-by: Sam McNally <sammc@chromium.org>
Commit-Queue: Tirath Ramdas <tirath@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A trap to delete tempfiles was mistakenly masked.
BUG=b:247920664
BRANCH=None
TEST=get_gbb_flags.sh; ls /tmp/tmp.* | wc -l == 0
Change-Id: I3b783395309ea2acb1bc75ffa19df62f81b90450
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3907130
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=None
BRANCH=None
TEST=None
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Change-Id: Ia2d4426ad0807a51d4b0568bd6a750f8fb6021f7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3907132
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commits adds support for the `ensure_amd_psp_flags` script which
only needs to be few on certain AMD boards.
BRANCH=none
BUG=b:202397678
TEST=Verified that ensure_amd_psp_flags executes correctly
Change-Id: I6ae61083113497d1c63b5ed5a0bd608c525a0c6e
Signed-off-by: Robert Zieba <robertzieba@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3821000
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit updates the `ensure_amd_psp_flags` script so that it will
ignore any artifacts that do not contain valid AMD AP images as long as
there are no soft-fuse bitsets present for the given board. This allows
all logic to be contained within this script.
BRANCH=none
BUG=b:202397678
TEST=Verified that script still works on AMD artifacts, tested that
Intel and ARM artifacts are ignored
Change-Id: I17a9414a36fbeb4a0ae9792c2e036deccd089870
Signed-off-by: Robert Zieba <robertzieba@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3860383
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=none
TEST=Ran script with new arg and ensured it disabled verity
BRANCH=none
Change-Id: I2cf4ca1a0a7b3663b05f7b2ef35fb6f9261b00a9
Signed-off-by: Steven 'Steve' Kendall <skend@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3825117
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The script doesn't work on betty without --force. And in turn
dev_features_rootfs_verification doesn't work as well.
BUG=None
TEST=copy the script to betty and run
BRANCH=none
Change-Id: I70f48b97b470bb04fb9f5fff751df83c44d7defe
Signed-off-by: Shao-Chuan Lee <shaochuan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3818089
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a general security test script. This allows
some logic to be moved out of the signer as well as providing a single
entry point for the security tests run by the signer.
BRANCH=none
BUG=b:202397678
TEST=Verified that correct security tests ran with/without
`--keyset-is-mp`
Change-Id: Ib4c779a90d2fe9160c278f20d7ec61242f1d68cc
Signed-off-by: Robert Zieba <robertzieba@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3820999
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit changes the order of the arguments for this script from
`<board> <image>` to `<image> <board>`. This brings the script in-line
with the existing ensure scripts.
BRANCH=none
BUG=b:202397678
TEST=Verified that script works with guybrush image
Change-Id: I7bf31eb0b6ab667b1c3c0e71c2388531bb3f1bc0
Signed-off-by: Robert Zieba <robertzieba@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3820998
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
crrev.com/c/3665477 started using `--unpack` rather than
`--sb_extract` for self-extracting firmware update bundles.
Unfortunately, existing prebuilt artifacts used by signer tests are
old and only support `--sb_extract`, and hence fail with recent
vboot_reference that includes this change.
This change simply reverts the option back to `--sb_extract` for
unpacking self-extracting bundles.
BRANCH=None
BUG=b:179170462
BUG=b:202397678
TEST=unittests
Change-Id: I528346a5d593caba7ca822820b9a38e994f0ea94
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3792485
Commit-Queue: Josh Horwich <jhorwich@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Prameet Shah <phshah@chromium.org>
Tested-by: Josh Horwich <jhorwich@chromium.org>
Auto-Submit: Josh Horwich <jhorwich@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since crrev.com/c/2511121 we no longer use xattrs when using
unsquashfs on the Android system image. A side-effect of this change
is the loss of capabilities for a handful of Android binaries such as
/system/bin/run-as.
This change records the capabilities on the system image and applies
them manually to the output system image.
BUG=b:179170462
BRANCH=None
TEST=unittests
TEST=Locally sign hatch (ARC R) and kevin (ARC P) base images and
verify signed base image's system.raw.img contents
Signed-off-by: Josh Horwich <jhorwich@chromium.org>
Change-Id: Ied824d5ebf7a5139e71341abca810b14e67623e0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3723017
Reviewed-by: Allen Webb <allenwebb@google.com>
Tested-by: Josh Horwich <jhorwich@chromium.org>
Reviewed-by: Prameet Shah <phshah@chromium.org>
Commit-Queue: Josh Horwich <jhorwich@chromium.org>
Reviewed-by: Yury Khmel <khmel@google.com>
Reviewed-by: Yury Khmel <khmel@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently there is no script to ensure that AMD PSP flags are set
correctly in a firmware image. This commit adds ensure_amd_psps_flags.sh
to handle that functionality. The script can check that certain flags
are set as well as checking that certain flags are not set.
BRANCH=none
BUG=b:202397678
TEST=Ran script with grunt, zork, MI and skyrim images, verified that
it responds correctly to PSP flag values
Signed-off-by: Robert Zieba <robertzieba@google.com>
Change-Id: Ie0864544b9b97704ee901d893b4d833c1ab068b9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3526100
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit moves `extract_firmware_bundle` into common.sh as this
function is useful for other scripts as well. This commit also updates
this function to use the `--unpack` option as `--sb_extract` is now
deprecated.
BRANCH=none
BUG=b:202397678
TEST=Verified that scripts continue to work as expected
Signed-off-by: Robert Zieba <robertzieba@google.com>
Change-Id: Ib5596968f31a4b3b21fb81877d84b28660824818
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3665477
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This feature has not been needed since pre-2012 devices which have long
since reached their end of life. We can safely remove it to simplify the
code.
Also remove ZGB image, as it is no longer needed.
BUG=b:197114807
TEST=sudo FEATURES=test emerge vboot_reference
BRANCH=none
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Cq-Depend: chromium:3650757
Change-Id: I889dc6300c5cb72bdfcb9c2b66d63e97d3f8c862
Disallow-Recycled-Builds: test-failures
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3578968
Commit-Queue: Jakub Czapiga <czapiga@google.com>
Auto-Submit: Jakub Czapiga <czapiga@google.com>
Tested-by: Jakub Czapiga <czapiga@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previous change I5e8b4d848f30f53fae58c721c9b7ddcfbfea9852
was reverted because the check did not pass if the
signing process adds new files to the image.
The new check alerts only when we miss files in the original image.
BUG=b:230434967
BRANCH=None
TEST=Run ./sign_official_build.sh locally
Signed-off-by: Daichi Hirono <hirono@chromium.org>
Change-Id: If8e9eeb9568fefcde92d737b356fa84b865b05c9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3653721
Commit-Queue: Shao-Chuan Lee <shaochuan@chromium.org>
Tested-by: Daichi Hirono <hirono@chromium.org>
Commit-Queue: Daichi Hirono <hirono@chromium.org>
Auto-Submit: Daichi Hirono <hirono@chromium.org>
Reviewed-by: Shao-Chuan Lee <shaochuan@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 48532e571bf79f32af972f6096681c11674c3825.
Reason for revert: Stable roll blocked due to unit test failures in platform/signing.
https://ci.chromium.org/ui/p/chromeos/builders/cq/fullcheckout-presubmit/b8813887760837459473/overview
Original change's description:
> signer: Check the list of android image files
>
> BUG=b:230434967
> BRANCH=None
> TEST=Run ./sign_official_build.sh locally
>
> Signed-off-by: Daichi Hirono <hirono@chromium.org>
>
> Change-Id: I5e8b4d848f30f53fae58c721c9b7ddcfbfea9852
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3607891
> Tested-by: Daichi Hirono <hirono@chromium.org>
> Commit-Queue: Daichi Hirono <hirono@chromium.org>
> Reviewed-by: Shao-Chuan Lee <shaochuan@chromium.org>
Bug: b:230434967
Change-Id: I185562d6dcbac4fd30b6dc4c331bd0b1508d58e8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3644484
Commit-Queue: Daichi Hirono <hirono@chromium.org>
Tested-by: Daichi Hirono <hirono@chromium.org>
Reviewed-by: Shao-Chuan Lee <shaochuan@chromium.org>
Auto-Submit: Daichi Hirono <hirono@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's require the user of this script to explicitly provide the base
file name of the generated key.
BRANCH=none
BUG=b:221423468
TEST=verified generating the new key in various directories (local and
non local).
Verified that the script fails if the user does not supply the
required key file base name.
Change-Id: Iaf85e5822d06c65ca4b7d51f17579269576e4707
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3630287
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GSC RW signing requires a 3070 bit RSA key. The codesigner tool when
invoked expects the public key in .pem format, the same format is used
by the RO codebase when incorporating the public key in the RO image.
This patch introduces a new accessory key generating script, which
invokes the appropriate opensssl command to generated the required key
pair.
BUG=b:221423468
BRANCH=none
TEST=ran scripts/keygeneration/accessory/create_new_gsc_key.sh and
observed two gsc keys generated:
ls -l *gsc*
-rw------- 1 vbendeb vbendeb 2451 Apr 21 20:42 gsc_3070.pem
-rw-r--r-- 1 vbendeb vbendeb 625 Apr 21 20:42 gsc_3070.pem.pub
in the FPGA setup confirmed that Ti50 RW can be signed and
verified using the generated key pair.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I429c250f60aa1da28aa99f39dff40c3bcda71df6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3600151
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:230434967
BRANCH=None
TEST=Run ./sign_official_build.sh locally
Signed-off-by: Daichi Hirono <hirono@chromium.org>
Change-Id: I5e8b4d848f30f53fae58c721c9b7ddcfbfea9852
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3607891
Tested-by: Daichi Hirono <hirono@chromium.org>
Commit-Queue: Daichi Hirono <hirono@chromium.org>
Reviewed-by: Shao-Chuan Lee <shaochuan@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 2981c0bacbaa0446562aaa04f23e3e9f07c86069, as that
patch is not the proper way to generate accessory keys.
BUG=b:221423468
BRANCH=none
TEST=none
Change-Id: I5500424b01ef45cc353468173f60f9b202b92b54
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3600150
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GSC RW signing requires an 3070 bit RSA key. The codesigner tool when
invoked expects the public key in .pem format, the same format is used
by the RO codebase when incorporating the public key in the RO image.
This patch introduces a new key option, RSA3070_NOSIG_ALGOID. The keys
of this kind are not going to be processed by futility, hence no need
to specify the signing algorithm.
BUG=b:221423468
BRANCH=none
TEST=ran ./create_new_keys.sh and observed two gsc keys generated:
$ ls *gsc*
gsc_rw_3070.pem gsc_rw_3070.pem.pub
in the FPGA setup confirmed that Ti50 RW can be signed and
verified using the generated key pair.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Ie676ba8043c34900388372270329a4903656d499
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3591642
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Detect servo micro and C2D2 servo types and toggle cpu_fw_spi before and
after flash access is required.
BUG=b:220992685
TEST={get,set}_gbb_flags.sh --servo with C2D2 and servo micro
BRANCH=None
Cq-Depend: chromium:3470605
Change-Id: I9f8a9bcabe731001ed18150ca1db9820db20e0d3
Signed-off-by: Sam McNally <sammc@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3469747
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With introduction of Ti50 images the version of the eraseflashinfo
capable images must change, which will prevent signing scripts from
accepting Ti50 images from node locked signing.
Enforcing the version number is proving to be a larger pain that in is
worth: we do need to modify the version once in a while, and it takes
a lot of effort and time to propagate the version adjustment through
signing stages.
We already have a quorum requirement for eraseflashinfo capable node
locked images, this provides enough guarantee from accidental signing
or malicious signing of such an image, version number enforcement does
not add security.
BRANCH=none
BUG=b:219774807
TEST=none
Change-Id: Ifd5ac17540595d71210445e6ad573c81fc25a47a
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3553419
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow custom programmers to be used instead of host for getting and
setting GBB flags via a --programmer/-p flag similar to the same flag
for futility. Also support --servo with the same semantics as the
futility flag - detecting the programmer to use from the current servod
instance mirroring the logic in futility. Only CCD is supported at this
stage.
When reading, include the FMAP section as well as the GBB section. For
writes over CCD, avoiding rescanning for the FMAP can save up to 1.8s.
BUG=None
TEST={get,set}_gbb_flags.sh --servo with and without servod running
BRANCH=None
Change-Id: Iecedf4c3d0cad6923aed4405ef4a72910f3f9f05
Signed-off-by: Sam McNally <sammc@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3455562
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the defaultA=2 and defaultB=3 grub settings to
remove verification.
In change I930d0f3f1a3f8f54edd1dce7f8259e3c261af9a1 the default
options for grub were changed to be defaultA and defaultB instead
of 'set default=2'. Update the removal to support these new
configuration settings.
BRANCH=none
BUG=b:186240229
TEST=on a reven build run `/usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification
--force`; reboot and confirm verity is disabled
Change-Id: I70ceed432c29865715c525a6ae13f0e7da8ee0ba
Signed-off-by: Jeffery Miller <jefferymiller@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3445175
Reviewed-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Nicholas Bishop <nicholasbishop@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:204378599
TEST=None
BRANCH=None
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Cq-Depend: chrome-internal:4473134
Change-Id: I2316ec9e75e854352350e90055e717a258c43f6e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3388968
Tested-by: Evan Benn <evanbenn@chromium.org>
Auto-Submit: Evan Benn <evanbenn@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Evan Benn <evanbenn@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
hps uses ed25519 keys so generate a pair of that type.
BUG=b:214495498
TEST=./create_new_hps_key.sh
BRANCH=none
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Change-Id: I3f63ea5852b8e5959b7577e8b988284da043b449
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3394031
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Evan Benn <evanbenn@chromium.org>
Tested-by: Evan Benn <evanbenn@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
create_new_hammer_like_keys.sh generates a key pair with hard-coded
filename "key_hammerlike.*". And we usually ask the croskeymanagers
team to manually rename it to the correct device name (e.g.
b:213403966). The manual step sometimes confuses people.
Modify the script to make create_new_hammer_like_keys.sh takes an extra
keyname argument and generates the correct filename at once.
BUG=b:213922329
TEST=1) normal usage
./create_new_hammer_like_keys.sh foo
2) error (two keyname provided)
./create_new_hammer_like_keys.sh foo bar
3) error (missing keyname)
./create_new_hammer_like_keys.sh
4) also check efs keygen
./create_new_ec_efs_key.sh
BRANCH=none
Change-Id: I2a2e24b77961ea2d744ac65d835446a74381e004
Signed-off-by: Ting Shen <phoenixshen@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3398389
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Tested-by: Ting Shen <phoenixshen@chromium.org>
Commit-Queue: Ting Shen <phoenixshen@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
project-cheets-private CL: crrev/i/4381092
BUG=b:208763957
TEST=arc.AppLoadingPerf, etc.
BRANCH=none
Signed-off-by: Satoshi Niwa <niwa@google.com>
Cq-Depend: chrome-internal:4381092
Change-Id: I95fe539294793f6894a8e4cd8e2bde4bbcf43c04
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3351476
Reviewed-by: Ryo Hashimoto <hashimoto@chromium.org>
Tested-by: Satoshi Niwa <niwa@chromium.org>
Auto-Submit: Satoshi Niwa <niwa@chromium.org>
Commit-Queue: Satoshi Niwa <niwa@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a shortcut to enable and disable earlycon and serial console.
Earlycon requires to setup the correct parameter in stdout-path for
ARM/ARM64 or SPCR table for x86.
BRANCH=none
BUG=b:168171144
TEST=./make_dev_ssd.sh -i $image --enable_earlycon (--disable_console)
Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
Change-Id: Ifc39c825bf0830bca9d72668b8451aff64708071
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2423643
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch extends create_new_keys.sh to generate two additional key
pairs to use for AP RO verification signing. Both new pairs are
RSA4096/SHA256.
The script was ran to generate a new set of keys and the produced AP
RO verification key pairs were copied into tests/devkeys.
BRANCH=none
BUG=b:141191727
TEST=re-signed guybrush AP firmware image following the process
described in cmd_gscvd.c comments, created a Cr50 image
incorporating the new root public key hash, updated the DUT AP
and Cr50 firmware and observed successful AP RO validation.
Change-Id: I03cba1446fc5ffdfef662c5ce1ea3e61950477d4
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3297447
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The reven board's first stage bootloader (bootia32.efi/bootx64.efi) is
signed by Microsoft so that it can boot with the default UEFI Secure
Boot keys. These two files should not be modified by the signing
scripts.
Implement this by adding a third argument to sign_uefi.sh,
"efi_glob". This argument is set to "*.efi" by default, maintaining the
existing behavior. If the key dir matches "*Reven*", the glob is changed
to "grub*.efi".
Tested by running sign_official_build.sh on a reven base image, once
with a keys dir matching "*Reven*", once with it not matching. When the
keys dir matches Reven, grub*.efi is signed but boot*.efi is not. When
the keys dir does not match Reven, both grub*.efi and boot*.efi are
signed:
Matching "*Reven*":
platform/vboot_reference/scripts/image_signing/sign_official_build.sh \
base build/images/reven/latest/chromiumos_base_image.bin \
platform/vboot_reference/tests/Reven \
build/images/reven/latest/chromiumos_base_image.bin.signed
Not matching:
platform/vboot_reference/scripts/image_signing/sign_official_build.sh \
base build/images/reven/latest/chromiumos_base_image.bin \
platform/vboot_reference/tests/devkeys \
build/images/reven/latest/chromiumos_base_image.bin.signed
BUG=b:205145491
TEST=Build a reven base image and test as described above
BRANCH=none
Change-Id: Iec2800c276ca82bfd6e5b465ff821b11e0b0bb08
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3262479
Reviewed-by: Joseph Sussman <josephsussman@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the context of device mapper (dm), use "mapped device".
BUG=b:179221734
TEST=make runtests
BRANCH=none
Change-Id: I9245d8482e59db93bfe6cdcaafa503038ae5c9e3
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3246662
Reviewed-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fstrim relies on the underlying device supporting it and on our
instances we're on lvm devices. Since we're fstrim'ing a mounted
loopback the ability to call fstrim is inherited by the parent device.
Something has changed in the kernel (see bug) that stopped us from
making the trim call on the loopback partition.
sfill with these options should accomplish the same thing (single
write with all zeros) as well as cleaning up inode space.
BRANCH=main
BUG=b:200038130
TEST=signer full tests with this commit.
Signed-off-by: engeg <engeg@google.com>
Change-Id: I8c71adfd59c11b5142aa367fb20222fc4b03a2ba
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3167191
Tested-by: George Engelbrecht <engeg@google.com>
Auto-Submit: George Engelbrecht <engeg@google.com>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Reviewed-by: Jared Loucks <jaredloucks@google.com>
Reviewed-by: Greg Edelston <gredelston@google.com>
Commit-Queue: George Engelbrecht <engeg@google.com>
Commit-Queue: Greg Edelston <gredelston@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
More permanent fix todo, need to unblock reven-release.
BUG=b:199136347
TEST=shellcheck
BRANCH=none
Change-Id: I2b124f88aa2c5c70124888e2d64bd5a2c41f1a96
Signed-off-by: Jack Neus <jackneus@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3149594
Reviewed-by: George Engelbrecht <engeg@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
partnum variable isn't defined.
BUG=none
TEST=none
Signed-off-by: Jae Hoon Kim <kimjae@chromium.org>
BRANCH=none
Change-Id: Ie4ce809e4331d04c10c60f0e9c1b883124018038
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3146295
Tested-by: Jae Hoon Kim <kimjae@chromium.org>
Auto-Submit: Jae Hoon Kim <kimjae@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: George Engelbrecht <engeg@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 1376cfbfdd3b0cbc14da190c744604c4f3d29a23.
Reason for revert: bad code (missing [[)
Original change's description:
> reven signing: skip install_gsetup_certs
>
> BUG=b:199136347,b:194500280
> TEST=none
> BRANCH=none
>
> Change-Id: Iba90c1f4dcc2fadf9cbadac1948d5037b0feb278
> Signed-off-by: Jack Neus <jackneus@google.com>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3145774
> Reviewed-by: George Engelbrecht <engeg@google.com>
Bug: b:199136347,b:194500280
Change-Id: I9b1df358a18d043eb0d20d18ed17e1bafbd9e5f3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3146076
Auto-Submit: Jack Neus <jackneus@google.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: George Engelbrecht <engeg@google.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: George Engelbrecht <engeg@google.com>
Tested-by: George Engelbrecht <engeg@google.com>
Tested-by: Jack Neus <jackneus@google.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=b:199136347,b:194500280
TEST=none
BRANCH=none
Change-Id: Iba90c1f4dcc2fadf9cbadac1948d5037b0feb278
Signed-off-by: Jack Neus <jackneus@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3145774
Reviewed-by: George Engelbrecht <engeg@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reasons that miniOS partitions might be empty is that the feature is not
enabled yet, but the partitions exist as it's using the newer
disk_layout_v3.
BUG=b:199021334
TEST=# run tests
Signed-off-by: Jae Hoon Kim <kimjae@chromium.org>
BRANCH=none
Change-Id: I2a6b68240428ab2f01394230840ff116c720b3df
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3145770
Tested-by: Jae Hoon Kim <kimjae@chromium.org>
Auto-Submit: Jae Hoon Kim <kimjae@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the missing line continuation backslash, caused by CL:3046439.
BUG=b:198232639
TEST=./sign_official_build.sh recovery ${IMAGE} tests/devkeys/ ${OUTPUT}
TEST=./sign_official_build.sh factory ${IMAGE} tests/devkeys/ ${OUTPUT}
BRANCH=none
Change-Id: I587747e33c47afc85264052c9ca59081d5524a72
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3134894
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
|
