summaryrefslogtreecommitdiff
path: root/scripts
Commit message (Collapse)AuthorAgeFilesLines
* vboot: gbb_flags_common should treat ccd_ti50 like ccd_cr50stabilize-15174.BTirath Ramdas2022-10-081-1/+1
| | | | | | | | | | | | | | BUG=b:251281342 BRANCH=None TEST=set_gbb_flags.sh --servo targeting a Nereid succeeded. Change-Id: Iea83ebacf2bbcdf9da70b38a94017811c07c063e Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3929937 Tested-by: Tirath Ramdas <tirath@google.com> Reviewed-by: Jett Rink <jettrink@chromium.org> Reviewed-by: Allen Webb <allenwebb@google.com> Reviewed-by: Sam McNally <sammc@chromium.org> Commit-Queue: Tirath Ramdas <tirath@google.com>
* gbb_flags_common.sh: Restore tmpfile cleanup trapEvan Benn2022-09-231-1/+4
| | | | | | | | | | | | | | A trap to delete tempfiles was mistakenly masked. BUG=b:247920664 BRANCH=None TEST=get_gbb_flags.sh; ls /tmp/tmp.* | wc -l == 0 Change-Id: I3b783395309ea2acb1bc75ffa19df62f81b90450 Signed-off-by: Evan Benn <evanbenn@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3907130 Reviewed-by: Yu-Ping Wu <yupingso@chromium.org> Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
* scripts/OWNERS: Fix engeg email chromium -> googleEvan Benn2022-09-231-1/+1
| | | | | | | | | | | | | BUG=None BRANCH=None TEST=None Signed-off-by: Evan Benn <evanbenn@chromium.org> Change-Id: Ia2d4426ad0807a51d4b0568bd6a750f8fb6021f7 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3907132 Reviewed-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: George Engelbrecht <engeg@google.com> Commit-Queue: Mike Frysinger <vapier@chromium.org>
* security_test_chromeos_image: Add support for ensure_amd_psp_flagsRobert Zieba2022-09-011-1/+13
| | | | | | | | | | | | | | This commits adds support for the `ensure_amd_psp_flags` script which only needs to be few on certain AMD boards. BRANCH=none BUG=b:202397678 TEST=Verified that ensure_amd_psp_flags executes correctly Change-Id: I6ae61083113497d1c63b5ed5a0bd608c525a0c6e Signed-off-by: Robert Zieba <robertzieba@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3821000 Reviewed-by: Mike Frysinger <vapier@chromium.org>
* scripts/image_signing/ensure_amd_psp_flags: Ignore non-AMD imagesRobert Zieba2022-09-011-10/+27
| | | | | | | | | | | | | | | | | This commit updates the `ensure_amd_psp_flags` script so that it will ignore any artifacts that do not contain valid AMD AP images as long as there are no soft-fuse bitsets present for the given board. This allows all logic to be contained within this script. BRANCH=none BUG=b:202397678 TEST=Verified that script still works on AMD artifacts, tested that Intel and ARM artifacts are ignored Change-Id: I17a9414a36fbeb4a0ae9792c2e036deccd089870 Signed-off-by: Robert Zieba <robertzieba@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3860383 Reviewed-by: Mike Frysinger <vapier@chromium.org>
* add -r alias for --remove_rootfs_verificationSteven 'Steve' Kendall2022-08-181-1/+2
| | | | | | | | | | | BUG=none TEST=Ran script with new arg and ensured it disabled verity BRANCH=none Change-Id: I2cf4ca1a0a7b3663b05f7b2ef35fb6f9261b00a9 Signed-off-by: Steven 'Steve' Kendall <skend@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3825117 Reviewed-by: Mike Frysinger <vapier@chromium.org>
* make_dev_ssd.sh: skip firmware checks on VMShao-Chuan Lee2022-08-161-3/+15
| | | | | | | | | | | | | | The script doesn't work on betty without --force. And in turn dev_features_rootfs_verification doesn't work as well. BUG=None TEST=copy the script to betty and run BRANCH=none Change-Id: I70f48b97b470bb04fb9f5fff751df83c44d7defe Signed-off-by: Shao-Chuan Lee <shaochuan@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3818089 Reviewed-by: Hung-Te Lin <hungte@chromium.org>
* scripts/image_signing: Add general security test scriptRobert Zieba2022-08-161-0/+99
| | | | | | | | | | | | | | | | | This commit adds a general security test script. This allows some logic to be moved out of the signer as well as providing a single entry point for the security tests run by the signer. BRANCH=none BUG=b:202397678 TEST=Verified that correct security tests ran with/without `--keyset-is-mp` Change-Id: Ib4c779a90d2fe9160c278f20d7ec61242f1d68cc Signed-off-by: Robert Zieba <robertzieba@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3820999 Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Mike Frysinger <vapier@chromium.org>
* scripts/image_signing/ensure_amd_psp_flags: Change argument orderRobert Zieba2022-08-161-3/+3
| | | | | | | | | | | | | | | This commit changes the order of the arguments for this script from `<board> <image>` to `<image> <board>`. This brings the script in-line with the existing ensure scripts. BRANCH=none BUG=b:202397678 TEST=Verified that script works with guybrush image Change-Id: I7bf31eb0b6ab667b1c3c0e71c2388531bb3f1bc0 Signed-off-by: Robert Zieba <robertzieba@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3820998 Reviewed-by: Mike Frysinger <vapier@chromium.org>
* signer: continue to use --sb_extract for shellballsJosh Horwich2022-07-291-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | crrev.com/c/3665477 started using `--unpack` rather than `--sb_extract` for self-extracting firmware update bundles. Unfortunately, existing prebuilt artifacts used by signer tests are old and only support `--sb_extract`, and hence fail with recent vboot_reference that includes this change. This change simply reverts the option back to `--sb_extract` for unpacking self-extracting bundles. BRANCH=None BUG=b:179170462 BUG=b:202397678 TEST=unittests Change-Id: I528346a5d593caba7ca822820b9a38e994f0ea94 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3792485 Commit-Queue: Josh Horwich <jhorwich@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Prameet Shah <phshah@chromium.org> Tested-by: Josh Horwich <jhorwich@chromium.org> Auto-Submit: Josh Horwich <jhorwich@chromium.org>
* signer: Preserve capabilities on Android system imageJosh Horwich2022-07-121-1/+58
| | | | | | | | | | | | | | | | | | | | | | | | | | | Since crrev.com/c/2511121 we no longer use xattrs when using unsquashfs on the Android system image. A side-effect of this change is the loss of capabilities for a handful of Android binaries such as /system/bin/run-as. This change records the capabilities on the system image and applies them manually to the output system image. BUG=b:179170462 BRANCH=None TEST=unittests TEST=Locally sign hatch (ARC R) and kevin (ARC P) base images and verify signed base image's system.raw.img contents Signed-off-by: Josh Horwich <jhorwich@chromium.org> Change-Id: Ied824d5ebf7a5139e71341abca810b14e67623e0 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3723017 Reviewed-by: Allen Webb <allenwebb@google.com> Tested-by: Josh Horwich <jhorwich@chromium.org> Reviewed-by: Prameet Shah <phshah@chromium.org> Commit-Queue: Josh Horwich <jhorwich@chromium.org> Reviewed-by: Yury Khmel <khmel@google.com> Reviewed-by: Yury Khmel <khmel@chromium.org>
* scripts/image_signing: Add ensure_amd_psp_flags scriptRobert Zieba2022-06-231-0/+115
| | | | | | | | | | | | | | | | | Currently there is no script to ensure that AMD PSP flags are set correctly in a firmware image. This commit adds ensure_amd_psps_flags.sh to handle that functionality. The script can check that certain flags are set as well as checking that certain flags are not set. BRANCH=none BUG=b:202397678 TEST=Ran script with grunt, zork, MI and skyrim images, verified that it responds correctly to PSP flag values Signed-off-by: Robert Zieba <robertzieba@google.com> Change-Id: Ie0864544b9b97704ee901d893b4d833c1ab068b9 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3526100 Reviewed-by: Mike Frysinger <vapier@chromium.org>
* scripts/image_signing: Move `extract_firmware_bundle` to common.shRobert Zieba2022-06-152-19/+19
| | | | | | | | | | | | | | | | This commit moves `extract_firmware_bundle` into common.sh as this function is useful for other scripts as well. This commit also updates this function to use the `--unpack` option as `--sb_extract` is now deprecated. BRANCH=none BUG=b:202397678 TEST=Verified that scripts continue to work as expected Signed-off-by: Robert Zieba <robertzieba@google.com> Change-Id: Ib5596968f31a4b3b21fb81877d84b28660824818 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3665477 Reviewed-by: Mike Frysinger <vapier@chromium.org>
* futility: Remove --devsign and --devkeyblockJakub Czapiga2022-05-305-51/+5
| | | | | | | | | | | | | | | | | | | | | This feature has not been needed since pre-2012 devices which have long since reached their end of life. We can safely remove it to simplify the code. Also remove ZGB image, as it is no longer needed. BUG=b:197114807 TEST=sudo FEATURES=test emerge vboot_reference BRANCH=none Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Cq-Depend: chromium:3650757 Change-Id: I889dc6300c5cb72bdfcb9c2b66d63e97d3f8c862 Disallow-Recycled-Builds: test-failures Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3578968 Commit-Queue: Jakub Czapiga <czapiga@google.com> Auto-Submit: Jakub Czapiga <czapiga@google.com> Tested-by: Jakub Czapiga <czapiga@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
* signer: Reland "Check the list of android image files"Daichi Hirono2022-05-271-0/+19
| | | | | | | | | | | | | | | | | | | | | | Previous change I5e8b4d848f30f53fae58c721c9b7ddcfbfea9852 was reverted because the check did not pass if the signing process adds new files to the image. The new check alerts only when we miss files in the original image. BUG=b:230434967 BRANCH=None TEST=Run ./sign_official_build.sh locally Signed-off-by: Daichi Hirono <hirono@chromium.org> Change-Id: If8e9eeb9568fefcde92d737b356fa84b865b05c9 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3653721 Commit-Queue: Shao-Chuan Lee <shaochuan@chromium.org> Tested-by: Daichi Hirono <hirono@chromium.org> Commit-Queue: Daichi Hirono <hirono@chromium.org> Auto-Submit: Daichi Hirono <hirono@chromium.org> Reviewed-by: Shao-Chuan Lee <shaochuan@chromium.org>
* Revert "signer: Check the list of android image files"Daichi Hirono2022-05-181-16/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 48532e571bf79f32af972f6096681c11674c3825. Reason for revert: Stable roll blocked due to unit test failures in platform/signing. https://ci.chromium.org/ui/p/chromeos/builders/cq/fullcheckout-presubmit/b8813887760837459473/overview Original change's description: > signer: Check the list of android image files > > BUG=b:230434967 > BRANCH=None > TEST=Run ./sign_official_build.sh locally > > Signed-off-by: Daichi Hirono <hirono@chromium.org> > > Change-Id: I5e8b4d848f30f53fae58c721c9b7ddcfbfea9852 > Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3607891 > Tested-by: Daichi Hirono <hirono@chromium.org> > Commit-Queue: Daichi Hirono <hirono@chromium.org> > Reviewed-by: Shao-Chuan Lee <shaochuan@chromium.org> Bug: b:230434967 Change-Id: I185562d6dcbac4fd30b6dc4c331bd0b1508d58e8 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3644484 Commit-Queue: Daichi Hirono <hirono@chromium.org> Tested-by: Daichi Hirono <hirono@chromium.org> Reviewed-by: Shao-Chuan Lee <shaochuan@chromium.org> Auto-Submit: Daichi Hirono <hirono@chromium.org>
* create_new_gsc_key.sh: generate key file with the requested base namestabilize-14816.84.Bstabilize-14816.82.Bstabilize-14816.138.Bstabilize-14816.131.Bstabilize-14803.Bstabilize-14790.Brelease-R103-14816.BVadim Bendebury2022-05-061-5/+14
| | | | | | | | | | | | | | | | | | | | Let's require the user of this script to explicitly provide the base file name of the generated key. BRANCH=none BUG=b:221423468 TEST=verified generating the new key in various directories (local and non local). Verified that the script fails if the user does not supply the required key file base name. Change-Id: Iaf85e5822d06c65ca4b7d51f17579269576e4707 Signed-off-by: Vadim Bendebury <vbendeb@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3630287 Tested-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* keygeneration: add ability to generate accessory GSC RW signing key pairVadim Bendebury2022-04-301-0/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | | GSC RW signing requires a 3070 bit RSA key. The codesigner tool when invoked expects the public key in .pem format, the same format is used by the RO codebase when incorporating the public key in the RO image. This patch introduces a new accessory key generating script, which invokes the appropriate opensssl command to generated the required key pair. BUG=b:221423468 BRANCH=none TEST=ran scripts/keygeneration/accessory/create_new_gsc_key.sh and observed two gsc keys generated: ls -l *gsc* -rw------- 1 vbendeb vbendeb 2451 Apr 21 20:42 gsc_3070.pem -rw-r--r-- 1 vbendeb vbendeb 625 Apr 21 20:42 gsc_3070.pem.pub in the FPGA setup confirmed that Ti50 RW can be signed and verified using the generated key pair. Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: I429c250f60aa1da28aa99f39dff40c3bcda71df6 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3600151 Reviewed-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>
* signer: Check the list of android image filesDaichi Hirono2022-04-271-0/+16
| | | | | | | | | | | | | | BUG=b:230434967 BRANCH=None TEST=Run ./sign_official_build.sh locally Signed-off-by: Daichi Hirono <hirono@chromium.org> Change-Id: I5e8b4d848f30f53fae58c721c9b7ddcfbfea9852 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3607891 Tested-by: Daichi Hirono <hirono@chromium.org> Commit-Queue: Daichi Hirono <hirono@chromium.org> Reviewed-by: Shao-Chuan Lee <shaochuan@chromium.org>
* Revert "keygeneration: add ability to generate GSC RW signing key pairs"Vadim Bendebury2022-04-232-34/+1
| | | | | | | | | | | | | | This reverts commit 2981c0bacbaa0446562aaa04f23e3e9f07c86069, as that patch is not the proper way to generate accessory keys. BUG=b:221423468 BRANCH=none TEST=none Change-Id: I5500424b01ef45cc353468173f60f9b202b92b54 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3600150 Reviewed-by: Mike Frysinger <vapier@chromium.org>
* keygeneration: add ability to generate GSC RW signing key pairsVadim Bendebury2022-04-202-1/+34
| | | | | | | | | | | | | | | | | | | | | | | | | GSC RW signing requires an 3070 bit RSA key. The codesigner tool when invoked expects the public key in .pem format, the same format is used by the RO codebase when incorporating the public key in the RO image. This patch introduces a new key option, RSA3070_NOSIG_ALGOID. The keys of this kind are not going to be processed by futility, hence no need to specify the signing algorithm. BUG=b:221423468 BRANCH=none TEST=ran ./create_new_keys.sh and observed two gsc keys generated: $ ls *gsc* gsc_rw_3070.pem gsc_rw_3070.pem.pub in the FPGA setup confirmed that Ti50 RW can be signed and verified using the generated key pair. Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: Ie676ba8043c34900388372270329a4903656d499 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3591642 Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Mike Frysinger <vapier@chromium.org>
* vboot: Support servo micro and C2D2 for {get,set}_gbb_flags.sh --servo.stabilize-14682.BSam McNally2022-04-023-10/+20
| | | | | | | | | | | | | | | Detect servo micro and C2D2 servo types and toggle cpu_fw_spi before and after flash access is required. BUG=b:220992685 TEST={get,set}_gbb_flags.sh --servo with C2D2 and servo micro BRANCH=None Cq-Depend: chromium:3470605 Change-Id: I9f8a9bcabe731001ed18150ca1db9820db20e0d3 Signed-off-by: Sam McNally <sammc@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3469747 Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
* sign_gsc_firmware: drop version number check for node locked imagesVadim Bendebury2022-03-301-12/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | With introduction of Ti50 images the version of the eraseflashinfo capable images must change, which will prevent signing scripts from accepting Ti50 images from node locked signing. Enforcing the version number is proving to be a larger pain that in is worth: we do need to modify the version once in a while, and it takes a lot of effort and time to propagate the version adjustment through signing stages. We already have a quorum requirement for eraseflashinfo capable node locked images, this provides enough guarantee from accidental signing or malicious signing of such an image, version number enforcement does not add security. BRANCH=none BUG=b:219774807 TEST=none Change-Id: Ifd5ac17540595d71210445e6ad573c81fc25a47a Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3553419 Reviewed-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org>
* vboot: Add --programmer and --servo flags to {get,set}_gbb_flags.sh.stabilize-quickfix-14526.91.Bstabilize-14528.Bstabilize-14526.89.Bstabilize-14526.84.Bstabilize-14526.73.Bstabilize-14526.67.Bstabilize-14526.57.Brelease-R100-14526.BSam McNally2022-02-173-8/+63
| | | | | | | | | | | | | | | | | | | | | Allow custom programmers to be used instead of host for getting and setting GBB flags via a --programmer/-p flag similar to the same flag for futility. Also support --servo with the same semantics as the futility flag - detecting the programmer to use from the current servod instance mirroring the logic in futility. Only CCD is supported at this stage. When reading, include the FMAP section as well as the GBB section. For writes over CCD, avoiding rescanning for the FMAP can save up to 1.8s. BUG=None TEST={get,set}_gbb_flags.sh --servo with and without servod running BRANCH=None Change-Id: Iecedf4c3d0cad6923aed4405ef4a72910f3f9f05 Signed-off-by: Sam McNally <sammc@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3455562 Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
* make_dev_ssd.sh: Update grub defaultA and defaultBJeffery Miller2022-02-111-2/+3
| | | | | | | | | | | | | | | | | | | | | Update the defaultA=2 and defaultB=3 grub settings to remove verification. In change I930d0f3f1a3f8f54edd1dce7f8259e3c261af9a1 the default options for grub were changed to be defaultA and defaultB instead of 'set default=2'. Update the removal to support these new configuration settings. BRANCH=none BUG=b:186240229 TEST=on a reven build run `/usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification --force`; reboot and confirm verity is disabled Change-Id: I70ceed432c29865715c525a6ae13f0e7da8ee0ba Signed-off-by: Jeffery Miller <jefferymiller@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3445175 Reviewed-by: Nicholas Bishop <nicholasbishop@google.com> Reviewed-by: Hung-Te Lin <hungte@chromium.org> Commit-Queue: Nicholas Bishop <nicholasbishop@google.com>
* sign_official_build: Sign hps_firmwareEvan Benn2022-02-081-0/+3
| | | | | | | | | | | | | | | | BUG=b:204378599 TEST=None BRANCH=None Signed-off-by: Evan Benn <evanbenn@chromium.org> Cq-Depend: chrome-internal:4473134 Change-Id: I2316ec9e75e854352350e90055e717a258c43f6e Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3388968 Tested-by: Evan Benn <evanbenn@chromium.org> Auto-Submit: Evan Benn <evanbenn@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Evan Benn <evanbenn@chromium.org>
* accessory: script to generate hps keysEvan Benn2022-01-261-0/+64
| | | | | | | | | | | | | | | | hps uses ed25519 keys so generate a pair of that type. BUG=b:214495498 TEST=./create_new_hps_key.sh BRANCH=none Signed-off-by: Evan Benn <evanbenn@chromium.org> Change-Id: I3f63ea5852b8e5959b7577e8b988284da043b449 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3394031 Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Evan Benn <evanbenn@chromium.org> Tested-by: Evan Benn <evanbenn@chromium.org>
* accessory: make create_new_hammer_like_keys generates correct key namestabilize-14477.BTing Shen2022-01-212-7/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | create_new_hammer_like_keys.sh generates a key pair with hard-coded filename "key_hammerlike.*". And we usually ask the croskeymanagers team to manually rename it to the correct device name (e.g. b:213403966). The manual step sometimes confuses people. Modify the script to make create_new_hammer_like_keys.sh takes an extra keyname argument and generates the correct filename at once. BUG=b:213922329 TEST=1) normal usage ./create_new_hammer_like_keys.sh foo 2) error (two keyname provided) ./create_new_hammer_like_keys.sh foo bar 3) error (missing keyname) ./create_new_hammer_like_keys.sh 4) also check efs keygen ./create_new_ec_efs_key.sh BRANCH=none Change-Id: I2a2e24b77961ea2d744ac65d835446a74381e004 Signed-off-by: Ting Shen <phoenixshen@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3398389 Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@chromium.org> Tested-by: Ting Shen <phoenixshen@chromium.org> Commit-Queue: Ting Shen <phoenixshen@chromium.org>
* image_signing: Use "-b 256K" option for zstd squashfs compressionSatoshi Niwa2021-12-241-1/+1
| | | | | | | | | | | | | | | | | project-cheets-private CL: crrev/i/4381092 BUG=b:208763957 TEST=arc.AppLoadingPerf, etc. BRANCH=none Signed-off-by: Satoshi Niwa <niwa@google.com> Cq-Depend: chrome-internal:4381092 Change-Id: I95fe539294793f6894a8e4cd8e2bde4bbcf43c04 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3351476 Reviewed-by: Ryo Hashimoto <hashimoto@chromium.org> Tested-by: Satoshi Niwa <niwa@chromium.org> Auto-Submit: Satoshi Niwa <niwa@chromium.org> Commit-Queue: Satoshi Niwa <niwa@chromium.org>
* vboot_reference: shortcut for enable earlycon and serial consoleHsin-Yi Wang2021-12-091-1/+51
| | | | | | | | | | | | | | | | Add a shortcut to enable and disable earlycon and serial console. Earlycon requires to setup the correct parameter in stdout-path for ARM/ARM64 or SPCR table for x86. BRANCH=none BUG=b:168171144 TEST=./make_dev_ssd.sh -i $image --enable_earlycon (--disable_console) Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org> Change-Id: Ifc39c825bf0830bca9d72668b8451aff64708071 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2423643 Reviewed-by: Stephen Boyd <swboyd@chromium.org>
* gscvd: add dedicated test keysVadim Bendebury2021-12-032-0/+6
| | | | | | | | | | | | | | | | | | | | | | | This patch extends create_new_keys.sh to generate two additional key pairs to use for AP RO verification signing. Both new pairs are RSA4096/SHA256. The script was ran to generate a new set of keys and the produced AP RO verification key pairs were copied into tests/devkeys. BRANCH=none BUG=b:141191727 TEST=re-signed guybrush AP firmware image following the process described in cmd_gscvd.c comments, created a Cr50 image incorporating the new root public key hash, updated the DUT AP and Cr50 firmware and observed successful AP RO validation. Change-Id: I03cba1446fc5ffdfef662c5ce1ea3e61950477d4 Signed-off-by: Vadim Bendebury <vbendeb@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3297447 Tested-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
* image_signing: skip signing of boot*.efi on reven boardstabilize-14345.Bstabilize-14336.Bstabilize-14333.BNicholas Bishop2021-11-082-6/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The reven board's first stage bootloader (bootia32.efi/bootx64.efi) is signed by Microsoft so that it can boot with the default UEFI Secure Boot keys. These two files should not be modified by the signing scripts. Implement this by adding a third argument to sign_uefi.sh, "efi_glob". This argument is set to "*.efi" by default, maintaining the existing behavior. If the key dir matches "*Reven*", the glob is changed to "grub*.efi". Tested by running sign_official_build.sh on a reven base image, once with a keys dir matching "*Reven*", once with it not matching. When the keys dir matches Reven, grub*.efi is signed but boot*.efi is not. When the keys dir does not match Reven, both grub*.efi and boot*.efi are signed: Matching "*Reven*": platform/vboot_reference/scripts/image_signing/sign_official_build.sh \ base build/images/reven/latest/chromiumos_base_image.bin \ platform/vboot_reference/tests/Reven \ build/images/reven/latest/chromiumos_base_image.bin.signed Not matching: platform/vboot_reference/scripts/image_signing/sign_official_build.sh \ base build/images/reven/latest/chromiumos_base_image.bin \ platform/vboot_reference/tests/devkeys \ build/images/reven/latest/chromiumos_base_image.bin.signed BUG=b:205145491 TEST=Build a reven base image and test as described above BRANCH=none Change-Id: Iec2800c276ca82bfd6e5b465ff821b11e0b0bb08 Signed-off-by: Nicholas Bishop <nicholasbishop@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3262479 Reviewed-by: Joseph Sussman <josephsussman@google.com>
* COIL: Remove "slave"Yu-Ping Wu2021-10-291-15/+17
| | | | | | | | | | | | | | In the context of device mapper (dm), use "mapped device". BUG=b:179221734 TEST=make runtests BRANCH=none Change-Id: I9245d8482e59db93bfe6cdcaafa503038ae5c9e3 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3246662 Reviewed-by: Chen-Yu Tsai <wenst@chromium.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org>
* strip_boot_from_image: use sfill instead of fstrimstabilize-14235.BGeorge Engelbrecht2021-09-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | fstrim relies on the underlying device supporting it and on our instances we're on lvm devices. Since we're fstrim'ing a mounted loopback the ability to call fstrim is inherited by the parent device. Something has changed in the kernel (see bug) that stopped us from making the trim call on the loopback partition. sfill with these options should accomplish the same thing (single write with all zeros) as well as cleaning up inode space. BRANCH=main BUG=b:200038130 TEST=signer full tests with this commit. Signed-off-by: engeg <engeg@google.com> Change-Id: I8c71adfd59c11b5142aa367fb20222fc4b03a2ba Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3167191 Tested-by: George Engelbrecht <engeg@google.com> Auto-Submit: George Engelbrecht <engeg@google.com> Reviewed-by: Jason Clinton <jclinton@chromium.org> Reviewed-by: Jared Loucks <jaredloucks@google.com> Reviewed-by: Greg Edelston <gredelston@google.com> Commit-Queue: George Engelbrecht <engeg@google.com> Commit-Queue: Greg Edelston <gredelston@google.com>
* sign_official_build: disable gsetup for revenstabilize-14217.BJack Neus2021-09-081-1/+5
| | | | | | | | | | | | | More permanent fix todo, need to unblock reven-release. BUG=b:199136347 TEST=shellcheck BRANCH=none Change-Id: I2b124f88aa2c5c70124888e2d64bd5a2c41f1a96 Signed-off-by: Jack Neus <jackneus@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3149594 Reviewed-by: George Engelbrecht <engeg@google.com>
* vboot/sign_offical_build: Unused variableJae Hoon Kim2021-09-081-1/+1
| | | | | | | | | | | | | | | | partnum variable isn't defined. BUG=none TEST=none Signed-off-by: Jae Hoon Kim <kimjae@chromium.org> BRANCH=none Change-Id: Ie4ce809e4331d04c10c60f0e9c1b883124018038 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3146295 Tested-by: Jae Hoon Kim <kimjae@chromium.org> Auto-Submit: Jae Hoon Kim <kimjae@chromium.org> Reviewed-by: George Engelbrecht <engeg@google.com> Commit-Queue: George Engelbrecht <engeg@google.com>
* Revert "reven signing: skip install_gsetup_certs"Jack Neus2021-09-071-7/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 1376cfbfdd3b0cbc14da190c744604c4f3d29a23. Reason for revert: bad code (missing [[) Original change's description: > reven signing: skip install_gsetup_certs > > BUG=b:199136347,b:194500280 > TEST=none > BRANCH=none > > Change-Id: Iba90c1f4dcc2fadf9cbadac1948d5037b0feb278 > Signed-off-by: Jack Neus <jackneus@google.com> > Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3145774 > Reviewed-by: George Engelbrecht <engeg@google.com> Bug: b:199136347,b:194500280 Change-Id: I9b1df358a18d043eb0d20d18ed17e1bafbd9e5f3 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3146076 Auto-Submit: Jack Neus <jackneus@google.com> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: George Engelbrecht <engeg@google.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Reviewed-by: George Engelbrecht <engeg@google.com> Tested-by: George Engelbrecht <engeg@google.com> Tested-by: Jack Neus <jackneus@google.com>
* reven signing: skip install_gsetup_certsJack Neus2021-09-071-2/+7
| | | | | | | | | | | BUG=b:199136347,b:194500280 TEST=none BRANCH=none Change-Id: Iba90c1f4dcc2fadf9cbadac1948d5037b0feb278 Signed-off-by: Jack Neus <jackneus@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3145774 Reviewed-by: George Engelbrecht <engeg@google.com>
* vboot/sign_official_build: Skip re-signing empty miniOS partitionsJae Hoon Kim2021-09-071-7/+16
| | | | | | | | | | | | | | | | | | Reasons that miniOS partitions might be empty is that the feature is not enabled yet, but the partitions exist as it's using the newer disk_layout_v3. BUG=b:199021334 TEST=# run tests Signed-off-by: Jae Hoon Kim <kimjae@chromium.org> BRANCH=none Change-Id: I2a6b68240428ab2f01394230840ff116c720b3df Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3145770 Tested-by: Jae Hoon Kim <kimjae@chromium.org> Auto-Submit: Jae Hoon Kim <kimjae@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Commit-Queue: Julius Werner <jwerner@chromium.org>
* vboot/sign_official_build: Fix missing backslashYu-Ping Wu2021-09-011-2/+2
| | | | | | | | | | | | | | | Add the missing line continuation backslash, caused by CL:3046439. BUG=b:198232639 TEST=./sign_official_build.sh recovery ${IMAGE} tests/devkeys/ ${OUTPUT} TEST=./sign_official_build.sh factory ${IMAGE} tests/devkeys/ ${OUTPUT} BRANCH=none Change-Id: I587747e33c47afc85264052c9ca59081d5524a72 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3134894 Reviewed-by: Julius Werner <jwerner@chromium.org> Commit-Queue: Julius Werner <jwerner@chromium.org>
* signer: Handle zstd squashfs compressionstabilize-14163.Bfactory-keeby-14162.Bfactory-14162.BSatoshi Niwa2021-08-171-0/+2
| | | | | | | | | | | | | | | | BUG=b:193618692 TEST=sign_official_build.sh can handle zstd-compressed Android image BRANCH=none Signed-off-by: Satoshi Niwa <niwa@google.com> Cq-Depend: chrome-internal:4024687 Change-Id: Ie01e93e49da9b32245055f7e4b6fa4fb3fbefd8e Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3066801 Tested-by: Satoshi Niwa <niwa@chromium.org> Reviewed-by: Kazuhiro Inaba <kinaba@chromium.org> Reviewed-by: Yury Khmel <khmel@chromium.org> Auto-Submit: Satoshi Niwa <niwa@chromium.org> Commit-Queue: Satoshi Niwa <niwa@chromium.org>
* vboot/sign_official_build: fix verity path in commentNicholas Bishop2021-08-131-1/+1
| | | | | | | | | | | | | verity is now in platform2. BUG=chromium:886953 TEST=none BRANCH=none Change-Id: I55b8a88540b781658a02819de749ab2d20984658 Signed-off-by: Nicholas Bishop <nicholasbishop@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3087641 Reviewed-by: Julius Werner <jwerner@chromium.org>
* signer: Implement retry logic for signing Android imageYury Khmel2021-07-291-15/+53
| | | | | | | | | | | | | | | | This retries signing android image in case of integrity check failure. The reason of failure is still unknown. BUG=b:175081695 TEST=Locally image signing passed with adding temporary code that emulates random diff file error. Confirmed recovery happened and signing finished successfully. BRANCH=none Signed-off-by: Yury Khmel <khmel@google.com> Change-Id: Iffc23145cae21f4f468b987d015f45fec95f29d0 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3057193 Reviewed-by: Mike Frysinger <vapier@chromium.org>
* Reland "vboot/sign_official_build: re-sign miniOS partitions"Joel Kitching2021-07-231-3/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a reland of 43325cb9b2568c4a03c849f3474fcee8de3ae893 Looks like this was reverted incorrectly in CL:3044633, culprit turned out to be an unrelated flake (see b/194293181). Original change's description: > vboot/sign_official_build: re-sign miniOS partitions > > sign_official_build.sh needs to be taught how to re-sign miniOS > partitions, depending on whether the particular image at hand > contains them or not. > > BUG=b:188121855 > TEST=make clean && make runtests > BRANCH=none > > Cq-Depend: chromium:3027786 > Signed-off-by: Joel Kitching <kitching@google.com> > Change-Id: Iaf847e14588011dd0fea6b59405091ae36ef038f > Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2989640 > Tested-by: Joel Kitching <kitching@chromium.org> > Reviewed-by: Mike Frysinger <vapier@chromium.org> > Commit-Queue: Joel Kitching <kitching@chromium.org> Bug: b:188121855 Signed-off-by: Julius Werner <jwerner@google.com> Change-Id: I2e29a6e85f7d41ad365365ffb7e694f0c291d4f3 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3046439 Reviewed-by: Sergey Frolov <sfrolov@google.com> Reviewed-by: Joel Kitching <kitching@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> Tested-by: Julius Werner <jwerner@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
* Revert "vboot/sign_official_build: re-sign miniOS partitions"stabilize-14106.BSergey Frolov2021-07-221-62/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 43325cb9b2568c4a03c849f3474fcee8de3ae893. Reason for revert: b/194293181 suspect Original change's description: > vboot/sign_official_build: re-sign miniOS partitions > > sign_official_build.sh needs to be taught how to re-sign miniOS > partitions, depending on whether the particular image at hand > contains them or not. > > BUG=b:188121855 > TEST=make clean && make runtests > BRANCH=none > > Cq-Depend: chromium:3027786 > Signed-off-by: Joel Kitching <kitching@google.com> > Change-Id: Iaf847e14588011dd0fea6b59405091ae36ef038f > Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2989640 > Tested-by: Joel Kitching <kitching@chromium.org> > Reviewed-by: Mike Frysinger <vapier@chromium.org> > Commit-Queue: Joel Kitching <kitching@chromium.org> Bug: b:188121855 Change-Id: Ieb936a21d5ae09ed84eb65c9a3a3198a5b5b22a5 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3044633 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Sergey Frolov <sfrolov@google.com>
* vboot/sign_official_build: re-sign miniOS partitionsJoel Kitching2021-07-191-3/+62
| | | | | | | | | | | | | | | | | | sign_official_build.sh needs to be taught how to re-sign miniOS partitions, depending on whether the particular image at hand contains them or not. BUG=b:188121855 TEST=make clean && make runtests BRANCH=none Cq-Depend: chromium:3027786 Signed-off-by: Joel Kitching <kitching@google.com> Change-Id: Iaf847e14588011dd0fea6b59405091ae36ef038f Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2989640 Tested-by: Joel Kitching <kitching@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org>
* Detect compression type and use the same one for re-packing the imageSatoshi Niwa2021-07-081-6/+14
| | | | | | | | | | | | | | | | | | | | | After crrev/i/3949327, compression type is not simply determined by ARC type. BUG=b:180894807 TEST=sign_official_build.sh and check the log message BRANCH=none Signed-off-by: Satoshi Niwa <niwa@google.com> Cq-Depend: chromium:2999963 Cq-Depend: chrome-internal:3949327 Change-Id: I4b1bf452e0d033b4bb8c2f2c1f91819741f9885c Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2999823 Tested-by: Satoshi Niwa <niwa@chromium.org> Reviewed-by: Yury Khmel <khmel@chromium.org> Reviewed-by: Satoshi Niwa <niwa@chromium.org> Reviewed-by: Kazuhiro Inaba <kinaba@chromium.org> Auto-Submit: Satoshi Niwa <niwa@chromium.org> Commit-Queue: Satoshi Niwa <niwa@chromium.org>
* vboot: introduce minios_kernel.keyblockJoel Kitching2021-07-052-6/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | miniOS requires a distinct kernel data key, whose dev key pair is added in this CL as minios_kernel_data_key.vb{pub,priv}k. A distinct keyblock is also required. The keyblock should set the kernel keyblock flag MINIOS_1. Other keyblocks are modified appropriately to set MINIOS_0. Keyblocks were generated using the following commands: $ futility vbutil_keyblock --flags 23 --datapubkey tests/devkeys/ec_data_key.vbpubk --signprivate tests/devkeys/ec_root_key.vbprivk --pack tests/devkeys/ec.keyblock Keyblock file: tests/devkeys/ec.keyblock Signature valid Flags: 23 !DEV DEV !REC !MINIOS Data key algorithm: 7 RSA4096 SHA256 Data key version: 1 Data key sha1sum: 5833470fe934be76753cb6501dbb8fbf88ab272b $ futility vbutil_keyblock --flags 23 --datapubkey tests/devkeys/firmware_data_key.vbpubk --signprivate tests/devkeys/root_key.vbprivk --pack tests/devkeys/firmware.keyblock Keyblock file: tests/devkeys/firmware.keyblock Signature valid Flags: 23 !DEV DEV !REC !MINIOS Data key algorithm: 7 RSA4096 SHA256 Data key version: 1 Data key sha1sum: e2c1c92d7d7aa7dfed5e8375edd30b7ae52b7450 $ futility vbutil_keyblock --flags 27 --datapubkey tests/devkeys/recovery_kernel_data_key.vbpubk --signprivate tests/devkeys/recovery_key.vbprivk --pack tests/devkeys/recovery_kernel.keyblock Keyblock file: tests/devkeys/recovery_kernel.keyblock Signature valid Flags: 27 !DEV DEV REC !MINIOS Data key algorithm: 11 RSA8192 SHA512 Data key version: 1 Data key sha1sum: e78ce746a037837155388a1096212ded04fb86eb $ futility vbutil_keyblock --flags 43 --datapubkey tests/devkeys/minios_kernel_data_key.vbpubk --signprivate tests/devkeys/recovery_key.vbprivk --pack tests/devkeys/minios_kernel.keyblock Keyblock file: tests/devkeys/minios_kernel.keyblock Signature valid Flags: 43 !DEV DEV REC MINIOS Data key algorithm: 8 RSA4096 SHA512 Data key version: 1 Data key sha1sum: 65441886bc54cbfe3a7308b650806f4b61d8d142 $ futility vbutil_keyblock --flags 23 --datapubkey tests/devkeys/kernel_data_key.vbpubk --signprivate tests/devkeys/kernel_subkey.vbprivk --pack tests/devkeys/kernel.keyblock Keyblock file: tests/devkeys/kernel.keyblock Signature valid Flags: 23 !DEV DEV !REC !MINIOS Data key algorithm: 4 RSA2048 SHA256 Data key version: 1 Data key sha1sum: d6170aa480136f1f29cf339a5ab1b960585fa444 $ futility vbutil_keyblock --flags 26 --datapubkey tests/devkeys/installer_kernel_data_key.vbpubk --signprivate tests/devkeys/recovery_key.vbprivk --pack tests/devkeys/installer_kernel.keyblock Keyblock file: tests/devkeys/installer_kernel.keyblock Signature valid Flags: 26 DEV REC !MINIOS Data key algorithm: 11 RSA8192 SHA512 Data key version: 1 Data key sha1sum: e78ce746a037837155388a1096212ded04fb86eb BUG=b:188121855 TEST=make clean && make runtests BRANCH=none Signed-off-by: Joel Kitching <kitching@google.com> Change-Id: I5b3e4def83ff29ca156b3c84dfcb8398f4985e67 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2965485 Tested-by: Joel Kitching <kitching@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org>
* vboot/sign_official_build: fix up dependenciesJoel Kitching2021-07-031-24/+23
| | | | | | | | | | | | | | | | Update dependencies list, and use ${FUTILITY} rather than calling futility directly. BUG=b:188121855 TEST=make clean && make runtests BRANCH=none Signed-off-by: Joel Kitching <kitching@google.com> Change-Id: I8a28465937ca82ea9e18edc5d613570a561a3e0e Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2989639 Reviewed-by: Joel Kitching <kitching@chromium.org> Tested-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org>
* vboot/sign_official_build: remove kernel and recovery_kernelJoel Kitching2021-07-031-60/+0
| | | | | | | | | | | | | | | | | These two types are simply thin wrappers around vbutil_kernel and are no longer used. BUG=b:188121855 TEST=make clean && make runtests BRANCH=none Signed-off-by: Joel Kitching <kitching@google.com> Change-Id: Ia9a13f2992eb9de9f6c65525739da5f8e945cb3e Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2989638 Tested-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
View Lorry Controller Status