Putting ctrl+D, ctrl+U, ctrl+L shortcuts
back in from the fw screens.
BUG=b:35585623
BRANCH=None
TEST=reboot and try ctrl+D, etc. in fw screen to
make sure that they have desired effects.
Change-Id: I5ca555658eddabeeea6a2f64794e6839f35d75f7
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/443349
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Since we're now using VB2_DEBUG, no need to explicitly
print out __func__ anymore.
BUG=b:35585623
BRANCH=None
TEST=reboot and make sure still see serial output in
AP console.
Change-Id: Ica524d4e50c61681e466815ffb93d33ceee215aa
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/443348
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Using new base screen only and leaving center
blank for displaying the detachable menu items.
BUG=b:35585623
BRANCH=None
TEST=reboot and make sure icons don't show up
in FW screens.
Change-Id: I705dac43441f386ebceb58533fa0e336541fcd3c
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/442692
Reviewed-by: Randall Spangler <rspangler@chromium.org>
If an FMAP is detected in the rwsig image file, use it
to determine the location of:
- RW region
- RW signature
- public key in RO region
futility show uses that information to verify the signature,
and futility sign uses it is correctly resign the image,
and replace the public key a well.
This also adds tests for this use case. hammer_dev.bin sample
image uses huge RO public key and RW signature regions to make
sure all keys up to RSA-8192 can be used.
BRANCH=none
BUG=chrome-os-partner:62321
TEST=make -j
TEST=./build/futility/futility --debug show \
--pubkey hammer.vbpubk2 hammer.bin
TEST=./build/futility/futility --debug show hammer.bin
TEST=cp hammer.bin hammer.bin.orig
./build/futility/futility --debug sign \
--prikey hammer.vbprik2 hammer.bin
diff hammer.bin hammer.bin.orig => identical
TEST=openssl genrsa -3 -out hammer2.pem 2048
futility create --desc="Hammer 2nd key" hammer2.pem \
hammer2
./build/futility/futility --debug sign \
--version 2 --prikey hammer2.vbprik2 hammer.bin
These 2 commands succeed, but show different keys:
./build/futility/futility --debug show hammer.bin
./build/futility/futility --debug show hammer.bin.orig
TEST=make runtests
Change-Id: I2cebc421eaf97d1b92c9a58afc238d41487d0f6d
Reviewed-on: https://chromium-review.googlesource.com/445536
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
A partition's name would always start with the disk name. And in
/proc/partitions, the partitions are always listed right after the
disk.
Let's filter out devices which are not followed by partitions when
go through the /proc/partitions.
BUG=chrome-os-partner:62955
TEST=run "cgpt find -t kernel" on kevin, no more this warning:
blk_update_request: I/O error, dev mmcblk0rpmb
Change-Id: If200a2476d26b1beaf644838d47ea2e60552855e
Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com>
Reviewed-on: https://chromium-review.googlesource.com/444492
Reviewed-by: Julius Werner <jwerner@chromium.org>
More reliable than simply assuming that VB2_SIG_RSA8192 is the last
signature.
BRANCH=none
BUG=chromium:684354
TEST=rm tests/testkeys/key_*; make genkeys -j
TEST=make runtests -j
Change-Id: I755b3afb50313fcdf292fb3cd5b0dfe09f8593e3
Reviewed-on: https://chromium-review.googlesource.com/438948
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This flag will be used by cr50 to disable case-closed debugging
unlock. Here, we're just defining the flag.
BUG=chrome-os-partner:62205
BRANCH=reef
TEST=build_packages --board=reef chromeos_firmware
Change-Id: If86e112948e1c95a767808b2f92dd8fe35abf46c
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/440846
Reviewed-by: Shelley Chen <shchen@chromium.org>
This tests that futility can correctly create and verify rwsig images.
Note that we do not test RSA 8192, as the signature is longer than
1024 bytes, and the test logic would need to be changed.
BRANCH=none
BUG=chromium:684354
TEST=make runfutiltests
Change-Id: I690e59fe8fa3e273dd81176211c58e1677fa720f
Reviewed-on: https://chromium-review.googlesource.com/438950
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
This calls gen_test_cases.sh in the proper environment.
Also, prevent gen_test_cases.sh from overriding test_file, to
provide stable signature (and avoid large git diff for no reason).
BRANCH=none
BUG=chromium:684354
TEST=make gentestcases -j8; git diff => no changes
Change-Id: I556285fd1a07a4d84f4ebd3fd7881ae06743716e
Reviewed-on: https://chromium-review.googlesource.com/439064
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Prevent scrolling off for low res displays
BUG=chrome-os-partner:61275
BRANCH=None
TEST=reboot snappy and make sure menu doesn't cause
screen to scroll.
Change-Id: Ic5641c7c43ab3872dcb321df2629e228e86ddbb6
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/434249
Reviewed-by: Randall Spangler <rspangler@chromium.org>
BUG=chrome-os-partner:61275
BRANCH=None
TEST=reboot and try to make selections in detachable
UI with power button.
Change-Id: I0a3178eb3fa2c8c1ed77d96fdefa948eaea508e5
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/427220
Currently, VB2_DEBUG() will print the function name as a prefix to the
debug output. Add VB2_DEBUG_RAW() to print without that, so that it's
possible to print little bits of debug output. Use this in ec_sync to
hex dump the hashes.
And then clean up all of the debug calls which explicitly did things like:
VB2_DEBUG("%s: foo", __func__);
to just:
VB2_DEBUG("foo");
so they don't double-print the function name
BUG=chromium:683391
BRANCH=none
TEST=build_packages --board=reef chromeos-firmware &&
DEBUG=1 make -j runtests
CQ-DEPEND=CL:430978,CL:431111
Change-Id: I0c35519d2e670d55d65d01eaa60d61f3e3edf419
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/431171
Reviewed-by: Julius Werner <jwerner@chromium.org>
Adding in basic menu support (using arrow keys) for
detachables. This is specifically for the recovery menu.
BUG=chrome-os-partner:61275
BRANCH=None
TEST=reboot into recovery and try booting into developer mode.
Change-Id: I9596cde62f2748928b4b796bde0a0226dc981235
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/424354
Adding in basic menu support (using arrow keys)
for detachables, which do not have keyboards. Thus,
we can only do menu scrolling rather than the old
ctrl+D/U/L way. This is specifically for the developer
warning menu.
BUG=chrome-os-partner:61275
BRANCH=None
TEST=reboot system and try scrolling through menu
Change-Id: I39f56f5ca2fedd47df53ab246ec357d07c9c4af0
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/424353
Reviewed-by: Randall Spangler <rspangler@chromium.org>
If FOR_TEST is defined, 2common.h defines VB2_DEBUG() to be printf();
it should include stdio.h as well.
The HOSTLIB extern linktest links against the vboot1 stub functions,
but not the vboot2 stub functions, so it couldn't find vb2ex_printf().
BUG=chromium:682058
BRANCH=none
TEST=DEBUG=1 make runtests; DEBUG=1 emerge-reef vboot_reference depthcharge
Change-Id: Ibf981a70ca4087ce3d86b02d76e03063b2cfc9e5
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/429310
Commit-Ready: Shelley Chen <shchen@chromium.org>
Reviewed-by: Shelley Chen <shchen@chromium.org>
Enables easy printing of text to display.
Will be used for detachable UI.
BUG=chrome-os-partner:61275
BRANCH=None
TEST=Tested from new vboot_ui_menu.c file
CQ-DEPEND=CL:424357
Change-Id: I668dd57eaafa02fb31f6ac479bcd03a613323f14
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/424090
Reviewed-by: Randall Spangler <rspangler@chromium.org>
The original VBDEBUG macro used doubly-nested parens to work with
MSVC, which didn't support varargs in macros. We now only use more
modern compilers, so replace it with the VB2_DEBUG macro and get rid
of the ugly and fragile double parens.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; build_packages --board=reef chromeos-firmware
Change-Id: Ifc0cb0733b14daaa1fde095fab7da4215a538c77
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/425133
Reviewed-by: Shelley Chen <shchen@chromium.org>
This moves the UI loops out of vboot_api_kernel.c into vboot_ui.c, so
that it'll be easier to support different UIs for different form factors.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; build_packages --board=reef chromeos-firmware; boot reef
Change-Id: I451b15f65aceb427ffdd94b19f44e91ebc10a860
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/414289
Reviewed-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-by: Shelley Chen <shchen@chromium.org>
This cleans up the vboot functions which handle display so they don't
need to pass it around. Eventually, it'll be absorbed by vb2_context.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; build_packages --board=reef chromeos-firmware; boot reef
Change-Id: I58169dfd37abe657f9b9aa339cc72ffa398329e0
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/414288
Reviewed-by: Shelley Chen <shchen@chromium.org>
Previously, the EC software sync process called VbDisplayScreen() from
several function calls deep. Refactor software sync so that the UI
decisions are at a higher level (in ec_sync_all.c) and isolated from
the low-level EC software sync functionality (in ec_sync.c).
This is one in a series of changes which are more clearly separating
out the UI, to make it easier to support multiple UI across a range of
devices.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; build_packages --board=reef chromeos-firmware; boot reef
Change-Id: I40597abeb5b0cc8f5d8fc2098e4acbed4bf59bf6
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/411921
Reviewed-by: Shelley Chen <shchen@chromium.org>
1. Use mrc_metadata structure with new fields for header checksum and
data checksum.
2. Use region file metadata to ensure there is only one metadata block
present and only one slot in recovery MRC cache. Use the offset and size
based on values in metadata block.
BUG=chrome-os-partner:61306
BRANCH=None
TEST=Verified that recovery MRC cache is verified using futility.
Change-Id: I68b2d75ea70fdaef6c87cdaa6ce97656e8a8bddc
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/424213
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Passing the vb2 context around allows using more of the vb2 functions in
future changes, and prepares for a future where we directly use the
context as it was set up in firmware verification.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I8efa606dbdec5d195b66eb899e76fdc84337ad36
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/404997
Reviewed-by: Shelley Chen <shchen@chromium.org>
This was previously done inside vboot_api_kernel. But it has nothing to
do with kernel verification; that's just the only place where we could
easily put it given that vboot (currently) owns the firmware UI.
No outwardly-visible functionality changes.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I8a434eb4449a5a86b129ecac61ad81d0ad55549c
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/404920
Currently make_dev_firmware will abort if the stored TPM version is
higher and ask user to reset TPM; however that is not very feasible
because:
(1) If the device is still MP-signed, external users can't boot
dev-signed factory shim or recovery or test images.
(2) Even if the user is able to reset TPM, the stored TPM version
will be increased again when user boots into the image for
running make_dev_firmware.
As a result, the right flow is to allow user (with warning and
instructions) resign firmware with dev-keys, boot into recovery mode due
to anti-rollback check, and then boot any dev-signed image to reset TPM.
BRANCH=none
BUG=None
TEST=./make_dev_firmware.sh # see warning message.
Change-Id: Ifd4cd9912ab505427c985154b3f469e1485789b2
Reviewed-on: https://chromium-review.googlesource.com/419898
Commit-Ready: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Provide 'phase_enforcement' field that indicates if a
system should have its full security features enabled while
in the factory. The backend implementation currently is only
for x86 using chromeos_acpi.
On reef:
$ grep ^ /sys/devices/platform/chromeos_acpi/GPIO.*/*
/sys/devices/platform/chromeos_acpi/GPIO.2/GPIO.0:4
/sys/devices/platform/chromeos_acpi/GPIO.2/GPIO.1:1
/sys/devices/platform/chromeos_acpi/GPIO.2/GPIO.2:10
/sys/devices/platform/chromeos_acpi/GPIO.2/GPIO.3:INT3452:00
BUG=chrome-os-partner:59951
BRANCH=None
TEST=Tested on reef with accompanying coreboot patches and flipping
internal pulls to see the correct setting.
Change-Id: Id5401d795cff8874a038f2456121549713a11237
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/418899
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
We had two places extracting the board value from lsb-release and parsing
the output by hand. Unify them to use the same parsing logic to avoid
desynchronized behavior.
We also create a new get_boardvar_from_lsb_release helper to unify the
board name -> variable name mangling logic.
BUG=chromium:667192
TEST=`./security_test_image --board samus` still detects the correct board
BRANCH=None
Change-Id: If88a8ae59b9c9fd45ddd796653a0173ed0186d2d
Reviewed-on: https://chromium-review.googlesource.com/414224
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
When some of the space re-creation procedure failed, chromeos-tpm-recovery
should exit with non-zero value and not saying TPM is successfully recovered.
However, there are few known issues:
- 0x1009 is not needed in TPM2.
- The space is not created in TPM2.
- tlcl does not support define spaces with policies yet (crosbug.com/p/59594).
As a result, we want to return failure only if writing any of the two
spaces (0x1007, 0x1008) fails.
This change also revised chromeos-tpm-recovery so it won't exit with unbound
variable error due to early exit without having daemon_was_running variable.
BRANCH=None
BUG=chrome-os-partner:60099
TEST=For boards with TPM and TPM2, do:
build_image --board $BOARD factory_install;
Boot factory install shim, select 'I' and get TPM recovered.
Change-Id: I3f79b02cdf77ac61cf1361033c489604dcd603f2
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/412543
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
