This is a part of the work to ensure that tainted images are never
signed with MP keys. A special tainted tag was added to the license file by
https://chromium-review.googlesource.com/c/chromiumos/chromite/+/2560225
and in ensure_not_tainted.sh we detect the presence of this tag.
This script has been manually tested on tainted and non-tainted images.
BUG=chromium:1059363
TEST=manual
BRANCH=none
Change-Id: I17ca27bb7895f268a79cca3ad948808f0f96b8c7
Signed-off-by: Sergey Frolov <sfrolov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2607414
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Allen Webb <allenwebb@google.com>
This reverts commit bc23176959.
The reason for revert is that the signer needs to know the generated
file name, and in case vboot reference alters the name the signer
remains unaware of the change and is still looking for the file named
@CHIP@...
Some other means of figuring out the file name will be required, let's
stick with the @CHIP@ prefix for now.
BRANCH=none
BUG=b:173049030
TEST=none
Change-Id: I23ea65314d49e86fc4edb015e89b6076f87a54dd
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2605238
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: George Engelbrecht <engeg@google.com>
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
When processing Gsc image singing request the signing server is not
aware of which chip the image is being signed for, the output file
name includes the string @CHIP@ and it is the responsibility of the
actual signing scripts to figure out if the image is for Cr50 or Ti50.
The destination image type is determined based no the signing manifest
contents, this patch add code to replace @CHIP@ with the actual image
type.
BRANCH=none
BUG=b:173049030
TEST=invoked the script to sign a Ti50 image locally, verified that
the produced signed image file had the expected name.
Change-Id: Ib1534ce50e0a44d0ec014e8dbee4e4d85c2082c9
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2596695
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
ClusterFuzz still managed to find cases where we try to CRC a GPT
entries buffer that wasn't initialized. Not that that's really an issue
or anything... but this patch should shut it up.
BRANCH=none
BUG=chromium:1155876
TEST=none
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I3d0b4f34693d87b66513f398dd13441aba543c3a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2580110
Reviewed-by: Joel Kitching <kitching@chromium.org>
The major difference between Cr50 and Ti50 signing is that the RW
sections are represented differently: elf files in Cr50 case and ihex
files in Ti50 case.
Other differences include the produced signed final image size and the
offsets of the components in the final image.
The signing script is being updated to figure out all these
differences at run time. A new optional field is introduced in the
signing manifest, the 'generation'. If this field is absent or set to
'h' (for H1), the script proceeds with the Cr50 signing process. If
'generation' is set to 'd' (for D2), the script proceeds with the Ti50
signing process.
Instead of using fixed offsets into the final image, the base
addresses of the components in ihex format are used, the only fixed
value is the base address of the flash image in the chip address space
(0x40000 for H1 vs 0x80000 for D2).
To make this work for H1 the output format of the signed blob produced
by gsc-codesigner is changed from binary to ihex.
BRANCH=none
BUG=b:173049030
TEST=using this script and the signing_istructions.sh module produced
by the real Cr50 signer was able to produce functional images for
both Cr50 and Ti50.
Change-Id: I845be1101b09c9476fa27fbddb72607dc6cea901
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2570009
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
With the advent of D2 memory layout scheme it became impossible to
hardcode the base address of various components of the D2 firmware
image. Luckily, the components are represented as binary blobs in
Intel ihex format, which allows to retrieve the base address of the
component from the ihex records.
The address is composed of two elements: the segment base supplied in
the record type 02 or 04, and the record offset into the segment,
supplied in the data record of type 0.
The segment address is expressed as a 16 bit value, the actual value
shifted right either 4 bits (in case of record type 02) or 16 bits (in
case of record type 04). The data record offset is also a 16 bit
value.
The base address of the blob is calculated as
<segment address> + <first data record offset>
and is available from the first two records in the ihex module.
Detailed information of ihex file format can be found in
https://en.wikipedia.org/wiki/Intel_HEX .
BRANCH=none
BUG=b:173049030
TEST=with the next patch in the stack applied was able to successfully
build a multicomponent ti50 image.
Change-Id: I135c2f9960f1f218532c82bafd7acbe362414fc9
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2570008
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
This patch does not yet provide the ability to sign Ti50 images, but
prepares the signing scripts for further modifications to support a
variety of security chip signing flows.
BRANCH=none
BUG=b:173049030
TEST=verified successful signing of a Cr50 image in a test signer
setup
also created a functional Cr50 image invoking
sign_official_build.sh by hand.
Change-Id: Ic103c9fdf7d1c4ea160c7f6849d5ae5a8303c343
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2537078
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Auto-Submit: Vadim Bendebury <vbendeb@chromium.org>
Some devices may have flashed firmware with different platform name in
their early stage (especially in the first build of leading devices),
so we do want to provide an explicit way (not just --force) to skip
checking platform name.
The change CL:2059621 does not help because the loaded system
firmware looks good.
This is implemented as a quirk so we can enable it using a CBFS quirk
file, making it easier to be deployed by auto update.
BRANCH=None
BUG=None
TEST=make runtests
Change-Id: I888d5848921d31c9b7cba1b96c42d38fda71927e
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2573999
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Previously we used a flag in preamble to prevent HW acceleration for SHA
hashing. However we started to use kernel TPM flag for RSA part since we
can use the flag in preamble only after we verified preamble.
No need to keep both for same objective, so deprecate old flag and
change code to use TPM flag.
BUG=b:166038345
BRANCH=zork
TEST=CC=x86_64-pc-linux-gnu-clang make runtests
TEST=boot Ezkinil, check HW acceleration is used for SHA
Signed-off-by: Kangheui Won <khwon@chromium.org>
Change-Id: I81b174dbe285fa3f68a22667b6af14a52b06b112
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2566866
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Initially vb2_hwcrypto_rsa_allowed were meant to only determine if we
can use rsa hardware acceleration. However we're planning to also use
this method for hashing, hence drop rsa from the name.
BUG=b:166038345
BRANCH=zork
TEST=CC=x86_64-pc-linux-gnu-clang make runtests
Signed-off-by: Kangheui Won <khwon@chromium.org>
Change-Id: I9efb05b3d035dcd584a47d006415ea87bf931ad6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2566865
Reviewed-by: Joel Kitching <kitching@chromium.org>
This adds extra verifications to many Android signer operation in order
to narrow down the problem when empty folders are removed from the disk.
BUG=chromium:1154734
TEST=Locally image signing passed. Emulated problem and it was detected.
BRANCH=none
Signed-off-by: Yury Khmel <khmel@google.com>
Change-Id: If8bb9fced290117766bfa9ff76a25fc86ed263dc
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2572240
Reviewed-by: Mike Frysinger <vapier@chromium.org>
According to the gcc docs:
-fPIE
These options are similar to -fpic and -fPIC, but generated position
independent code can be only linked into executables
Example failure when linking against shared library:
FAILED: lib/libbrillo-core.so
x86_64-cros-linux-gnu-clang++ -shared -Wl,-O2 -Wl,--as-needed
-Wl,--gc-sections -Wl,--icf=all -Wl,-z,relro -Wl,-z,noexecstack
-Wl,-z,now -Wl,--as-needed --sysroot=/build/hatch -o
./lib/libbrillo-core.so -Wl,-soname=libbrillo-core.so
@lib/libbrillo-core.so.rsp
ld.lld: error: relocation R_X86_64_PC32 cannot be used against symbol
subprocess_stdin; recompile with -fPIC
>>> defined in
/build/hatch/usr/lib/../lib64/libvboot_host.a(subprocess.o)
>>> referenced by subprocess.c:278 (host/lib/subprocess.c:278)
>>> subprocess.o:(subprocess_run) in archive
/build/hatch/usr/lib/../lib64/libvboot_host.a
BRANCH=none
BUG=b:174578361
TEST=FEATURES="test" emerge-hatch vboot_reference
Change-Id: I5cda8dbe87d20d1b4b659459d861bc04f492e3e5
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2568259
Commit-Queue: Julius Werner <jwerner@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Test for warning flags that older gcc versions don't support
and only use them if supported.
BUG=none
TEST=vboot builds with gcc 4.9, ensured with manual tests that the
test_ccflag operator works correctly.
Change-Id: I14c8cbe9a687981f195d481f744db12d8877a3e0
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2550799
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Commit-Queue: Patrick Georgi <pgeorgi@chromium.org>
They're not needed on the host (except for tests) and they trigger
a bug in GCC 4.9 (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=49132).
This way futility remains buildable with such an old host compiler,
even if firmware builds and serious work (with tests) needs a newer
compiler.
Error message averted (sample):
firmware/2lib/2ui_screens.c:17:32: error: initializer element is not constant
#define MENU_ITEMS(a) ((struct vb2_menu){ \
^
firmware/2lib/2ui_screens.c:1231:10: note: in expansion of macro 'MENU_ITEMS'
.menu = MENU_ITEMS(diagnostics_memory_items),
^
Change-Id: Ic5bd16e4d252df4297d57c5d41436f4322a1445c
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2553422
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Commit-Queue: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
gcc 4.9 doesn't know __has_attribute so don't expose it
for non-clang compilers
Change-Id: I991af712adbd56d64938a35b75b7de468154e3a6
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2553421
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Commit-Queue: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This reverts commit 6208b9aa9c.
Upstream coreboot has raised concerns that relying on GCC 7+ features
for host utilities is too restrictive, so revert this and go back to
customizing fallthrough annotations by compiler. Cleaned out some of the
C++-specific stuff because vboot isn't built with C++.
BRANCH=None
BUG=None
TEST=Built with clang and GCC.
Change-Id: I75d796d289b0a6c249fc8ac2dadb1453be468642
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2547821
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
To support multi-line title for log screens, we need to support
different size of log box in each screen. Therefore, pass the screen and
locale information to vb2ex_prepare_log_screen() so that the number of
lines per page can be determined.
BUG=b:165187866
TEST=emerge-asurada depthcharge
BRANCH=none
Cq-Depend: chromium:2522156
Change-Id: I652d6261ed559a948e7bd578da3ec81d54374039
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2522416
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Skip calling diagnostics_memory_update_screen() action if memory test is
finished to reduce delays in memory diagnostics screens.
BUG=b:168776970, b:171852478
BRANCH=none
TEST=Build locally, boot recovery, select 'run diagnostics',
enter memory test (quick) screen, wait until test is finished,
and observe that the delay reduces while pressing keyboard
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: I4f8dbadc68989112bce418119ff7405ec150a7df
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2423089
If an iteration takes longer than KEY_DELAY_MS, no extra delay.
Otherwise, delay until the iteration time reaches KEY_DELAY_MS.
BUG=b:168776970
BRANCH=none
TEST=Build locally
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: Ia78dbe1cc87d08c02f99f4fc9269929c12c18b77
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2424373
- Do not check if delay is aborted every time since we already have
an individual test item.
- Do not save the last return value of vb2ex_mtime() to allow us to use
vb2ex_mtime() elsewhere.
- Use fuzzy match for `delay finished` test items.
BUG=b:156448738
BRANCH=none
TEST=CC=x86_64-pc-linux-gnu-clang;
make clean && make runtests
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: Ic211955637c67dc35ffd4c12194a8ccb77e1bf9c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2508104
Reviewed-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
For test/vb2_ui_tests.c:
- Rename mock_get_timer_last to mock_get_timer_last_ms.
- Rename mock_time to mock_time_ms.
- Rename mock_time_start to mock_time_start_ms.
For 2lib/2ui.c and 2lib/2ui_screen.c:
- Rename start_time to start_time_ms in struct vb2_ui_context.
- Rename elapsed to elapsed_ms in developer_mode_action().
BUG=b:156448738
BRANCH=none
TEST=CC=x86_64-pc-linux-gnu-clang;
make clean && make runtests
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: Icabe04003f0dc95f41c9ed8b8e2292f1f64e86bc
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2513417
We want to find the culprit loopback device which isn't detatching on
crbug.com/1141907. We might as well log our cleanup actions anyway, and
this will allow us to see the last loopback processed in production.
BUG=chromium:1141907
TEST=just a log message
BRANCH=None
Signed-off-by: George Engelbrecht <engeg@google.com>
Change-Id: I126efceae4f67993069675c23f6c4af61c7e5667
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2514561
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
Currently this trap initiated function will not save the orginal return
value of the script. Save it and return it on exit.
BUG=chromium:1141907
TEST=unittest and manually on a signer
BRANCH=None
Signed-off-by: George Engelbrecht <engeg@google.com>
Change-Id: Icd807f4d153e4bcc1d309fbcea43c2b3344771ca
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2514560
Reviewed-by: Sean McAllister <smcallis@google.com>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
BUG=chromium:1141907
TEST=unit tests and manual signing run
Signed-off-by: George Engelbrecht <engeg@google.com>
BRANCH=none
Change-Id: I0316f464e138dea9e77b2554a3b31250e8b92c07
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2514559
Reviewed-by: Sean McAllister <smcallis@google.com>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
Commit-Queue: George Engelbrecht <engeg@google.com>
Tested-by: George Engelbrecht <engeg@google.com>
BUG=chromium:1141907
TEST=unit tests and manual signing run
Signed-off-by: George Engelbrecht <engeg@google.com>
BRANCH=none
Change-Id: I39b133ca69e717576140b418fc59dd167f068d59
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2514558
Reviewed-by: Sean McAllister <smcallis@google.com>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
Commit-Queue: George Engelbrecht <engeg@google.com>
Tested-by: George Engelbrecht <engeg@google.com>
Eval will terminate the shell on non-zero error code.
"POSIX says that an error in a special built-in utility
(such as eval) should cause the non-interactive shell to terminate"
This is the case and is causing cleanup to terminate android signing
with a non-zero error when it is clear the intent (given the set +e) is
that we should be best effort here.
BUG=chromium:1141907
TEST=unittest and manually on a signer
Change-Id: Ie6374b292c7982371d549b919b44328ea71a09dd
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2513228
Reviewed-by: George Engelbrecht <engeg@google.com>
Tested-by: George Engelbrecht <engeg@google.com>
We've moved to applying a file based set of selinux policies instead of
taking the ones that were snagged from the image. Remove the policy
attributes and let unsquash do whatever it would do by default.
See https://chat.google.com/room/AAAA45hbdCQ/jkXYe7jMEDk.
BUG=chromium:1141907
TEST=unittests
Change-Id: I0a976fb216e0a07c00c4bb2fb68df6fa1ea00d79
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2511121
Reviewed-by: Yury Khmel <khmel@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yury Khmel <khmel@google.com>
Commit-Queue: George Engelbrecht <engeg@google.com>
Commit-Queue: Yury Khmel <khmel@google.com>
Tested-by: George Engelbrecht <engeg@google.com>
Auto-Submit: George Engelbrecht <engeg@google.com>
We're getting silent errors in here somewhere.
BRANCH=none
BUG=chromium:1141907
TEST=none
Change-Id: I9af0a3ea1696920fe67c915660f82a68c1bddf34
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2504358
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
Commit-Queue: LaMont Jones <lamontjones@chromium.org>
Tested-by: LaMont Jones <lamontjones@chromium.org>
This CL would give VM boards the ability to hard reset TPM.
When clearing TPM ownership on real devices, there are two things
would happen:
1. TPM reset all of its NVRAM data.
2. mount-encrypted can't decrypt old encrypted partition.
The TPM2.0 simulator put its NV space at "/var/lib/trunks/NVChip".
And "/var/lib" is under encrypted partition.
Remove the mount-encrypted key would cause mount-encrypted lost the
encrypted partition on next boot, and it would simply achieve those
two targets.
BUG=b:170785530
BRANCH=none
TEST=crossystem clear_tpm_owner_request=1
Cq-Depend: chromium:2501904
Signed-off-by: Yi Chou <yich@google.com>
Change-Id: Ifeff0cf03bf76706849905816d22024f3d1b952f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2470577
Reviewed-by: Joel Kitching <kitching@chromium.org>
The firmware updater now looks at CBFS 'FW_MAIN_A' (RW A) and if a text
file 'updater_quirks' is found, the contents will be fetched to setup
default quirks.
This helps sharing same customization across multiple firmware images
(for different models) shared by same unibuild OS image. Without that,
we have to maintain a large list of hard-coded model names in firmware
updater source.
BRANCH=none
BUG=b:169284414
TEST=make runtests
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Change-Id: I938bffe9f16bc3adee0dc3efb6976efe581c6d8c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2426093
Reviewed-by: Karthikeyan Ramasubramanian <kramasub@chromium.org>
If we fail reading a GPT header, we memset() the respective buffer to 0
to avoid operating on uninitialized bytes. We should do the same for the
GPT entries array.
BRANCH=None
BUG=chromium:1137521
TEST=make runtests
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I1019eaf5e9ab05cd9953a15874f4931766952d88
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2469601
Reviewed-by: Joel Kitching <kitching@chromium.org>
In recent Intel platforms, updating Management Engine (ME) while SoC is in
S0 state is an unsupported use-case. To work-around this issue for the
devices that are in development, specifically during firmware update,
this quirk is added to preserve the ME region. In the subsequent boot,
ME region is updated as part of boot firmware update upstart script.
BUG=b:165590952
BRANCH=None
TEST=With the quirk enabled, ensured that the ME is preserved under the
following scenario:
chromeos-firmwareupdate --mode=autoupdate
chromeos-firmwareupdate --mode=recovery
futility update --mode=autoupdate -a /usr/sbin/chromeos-firmwareupdate
futility update --mode=recovery -a /usr/sbin/chromeos-firmwareupdate
In other scenarios, ME region is not preserved.
Change-Id: I81a52d11d1fb363b7e07ef3439b927449456b28a
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2465286
Tested-by: Karthikeyan Ramasubramanian <kramasub@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Karthikeyan Ramasubramanian <kramasub@chromium.org>
To support loading quirks from external files, we want to skip tab (\t)
and new line characters (\n, \r).
BRANCH=none
BUG=b:169284414
TEST=make runtests
Change-Id: If314d6cf36907837ce9c36b73337976ee0c6fad1
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2467305
Reviewed-by: Karthikeyan Ramasubramanian <kramasub@chromium.org>
Commit-Queue: Karthikeyan Ramasubramanian <kramasub@chromium.org>
This follows steps we have in build image phase to have parity in image
packing.
* Discard reapply selinex context. This looks not needed once
re-signing should not change selinux context. Instead we could do
similar to build image, pass file context to mksquashfs
* Apply mksquashfs params based on image type, container/vm. This
fixes proper block size and image compression algorithm
* Remove old image before packing to prevent mksquashfs merge attempt
BUG=b:170400225
BUG=b:170220295
BUG=b:170219920
BRANCH=none
TEST=locally signed vm (kohaku) and container (hana): arc.Optin*,
arc.Preopt*. Also checked final image size. With this CL it is
reduced to 150Mb(vm) and very close to original image size
(delta is less than 0.1%)
Signed-off-by: Yury Khmel <khmel@chromium.org>
Change-Id: I7037bea68fc2969345a8fabc3c6a9b9b690f02d1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2462005
Reviewed-by: Yusuke Sato <yusukes@chromium.org>
Reviewed-by: George Engelbrecht <engeg@google.com>
Tested-by: Yury Khmel <khmel@google.com>
Auto-Submit: Yury Khmel <khmel@google.com>
Commit-Queue: Yury Khmel <khmel@google.com>
As promised, it's October 2020, nyan_kitty went AUE with M85, and M86
just got pushed stable. That means we can now delete this code :)
BUG=chromium:1090803
BRANCH=none
TEST=compiles
Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Change-Id: I5a15ef1e1ad02885af135d8e42d02d492bdd6c05
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2469604
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
Add three macros in 2api.h for bitmask operations:
- VB2_SET_BIT(mask, index)
- VB2_CLR_BIT(mask, index)
- VB2_GET_BIT(mask, index)
These macros will be used in corresponding depthcharge CLs.
Split disabled_item_mask into:
- disabled_item_mask: Disabled style, but still visible and selectable.
- hidden_item_mask: Not visible.
Ignore selecting on disabled menu items.
Set appropriate disabled_item_mask for page up/down buttons in log
screen.
Revise tests of hidden_item_mask and add unit tests of disabled_item_mask.
BUG=b:163301076, b:146399181
BRANCH=none
TEST=CC=x86_64-pc-linux-gnu-clang;
make clean && make runtests
TEST=CC=x86_64-pc-linux-gnu-clang; DETACHABLE=1;
make clean && make runtests
TEST=CC=x86_64-pc-linux-gnu-clang; PHYSICAL_PRESENCE_KEYBOARD=1;
make clean && make runtests
TEST=CC=x86_64-pc-linux-gnu-clang; DIAGNOSTIC_UI=1;
make clean && make runtests
TEST=Build locally, navigate to debug info screen with <TAB>,
select page up or page down, and observe that nothing happens.
Cq-Depend: chromium:2432168
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: I1607af53f6e2b5c1cde568cb24606314051d2380
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2426154
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
Save parameters `timer_disabled` and `error_code` in mocked
vb2ex_displayed_ui calls to check whether the consecutive calls are
duplicate or not.
The unit tests of these parameters will be added in following CLs.
BRANCH=none
BUG=b:146399181, b:156448738
TEST=CC=x86_64-pc-linux-gnu-clang;
make clean && make runtests
TEST=CC=x86_64-pc-linux-gnu-clang; DETACHABLE=1;
make clean && make runtests
TEST=CC=x86_64-pc-linux-gnu-clang; PHYSICAL_PRESENCE_KEYBOARD=1;
make clean && make runtests
TEST=FEATURES=test PKGDIR=/build/puff/test-packages
/mnt/host/source/chromite/bin/parallel_emerge
--sysroot=/build/puff --jobs=32 vboot_reference
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: I2b7c9b6b05d2427e938394ff9d0769fbde81f773
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2449310
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
This supports new set of certificates plat_mac_permissions.xml and adds
handling media and network_stack certificates.
BRANCH=none
BUG=b:169458218
TEST=Sign test image from goldeneye per instructions in bug, deploy
it to device (kohaku) pass tast.arc.Optin.vm test
Signed-off-by: Yury Khmel <khmel@chromium.org>
Change-Id: I61c4e327eaa605ed60c0c80b3598c0f4fb6e5f5f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2447430
Tested-by: Yury Khmel <khmel@google.com>
Auto-Submit: Yury Khmel <khmel@google.com>
Reviewed-by: George Engelbrecht <engeg@google.com>
Commit-Queue: Yury Khmel <khmel@google.com>
For utilities reading text file, it is easier to process as ASCIIZ input
if vb2_readfile can always return a buffer ends with '\0' so we don't
need to pass and check the size.
BUG=None
TEST=make clean && make runtests
BRANCH=None
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Change-Id: Ib6294969fb325b9b7899e6295fb1817ad91a9952
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2426092
Reviewed-by: Joel Kitching <kitching@chromium.org>
Add vb2ex_hwcrypto_modexp support to accelerate only calculation part of
RSA and we can handle the rest. Instead of relying on opaque hardware
accleration for all RSA verification process, this will enable us to
maintain our security level while enhancing overall speed of
verification.
BRANCH=zork
BUG=b:169157796
TEST=make runtests
Signed-off-by: Kangheui Won <khwon@chromium.org>
Change-Id: I6f9fc919c4215964158815a58a9f1b338c2a76a4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2444809
Reviewed-by: Julius Werner <jwerner@chromium.org>
Sergey Frolov