Putting ctrl+D, ctrl+U, ctrl+L shortcuts
back in from the fw screens.
BUG=b:35585623
BRANCH=None
TEST=reboot and try ctrl+D, etc. in fw screen to
make sure that they have desired effects.
Change-Id: I5ca555658eddabeeea6a2f64794e6839f35d75f7
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/443349
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Since we're now using VB2_DEBUG, no need to explicitly
print out __func__ anymore.
BUG=b:35585623
BRANCH=None
TEST=reboot and make sure still see serial output in
AP console.
Change-Id: Ica524d4e50c61681e466815ffb93d33ceee215aa
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/443348
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Using new base screen only and leaving center
blank for displaying the detachable menu items.
BUG=b:35585623
BRANCH=None
TEST=reboot and make sure icons don't show up
in FW screens.
Change-Id: I705dac43441f386ebceb58533fa0e336541fcd3c
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/442692
Reviewed-by: Randall Spangler <rspangler@chromium.org>
More reliable than simply assuming that VB2_SIG_RSA8192 is the last
signature.
BRANCH=none
BUG=chromium:684354
TEST=rm tests/testkeys/key_*; make genkeys -j
TEST=make runtests -j
Change-Id: I755b3afb50313fcdf292fb3cd5b0dfe09f8593e3
Reviewed-on: https://chromium-review.googlesource.com/438948
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This flag will be used by cr50 to disable case-closed debugging
unlock. Here, we're just defining the flag.
BUG=chrome-os-partner:62205
BRANCH=reef
TEST=build_packages --board=reef chromeos_firmware
Change-Id: If86e112948e1c95a767808b2f92dd8fe35abf46c
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/440846
Reviewed-by: Shelley Chen <shchen@chromium.org>
Prevent scrolling off for low res displays
BUG=chrome-os-partner:61275
BRANCH=None
TEST=reboot snappy and make sure menu doesn't cause
screen to scroll.
Change-Id: Ic5641c7c43ab3872dcb321df2629e228e86ddbb6
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/434249
Reviewed-by: Randall Spangler <rspangler@chromium.org>
BUG=chrome-os-partner:61275
BRANCH=None
TEST=reboot and try to make selections in detachable
UI with power button.
Change-Id: I0a3178eb3fa2c8c1ed77d96fdefa948eaea508e5
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/427220
Currently, VB2_DEBUG() will print the function name as a prefix to the
debug output. Add VB2_DEBUG_RAW() to print without that, so that it's
possible to print little bits of debug output. Use this in ec_sync to
hex dump the hashes.
And then clean up all of the debug calls which explicitly did things like:
VB2_DEBUG("%s: foo", __func__);
to just:
VB2_DEBUG("foo");
so they don't double-print the function name
BUG=chromium:683391
BRANCH=none
TEST=build_packages --board=reef chromeos-firmware &&
DEBUG=1 make -j runtests
CQ-DEPEND=CL:430978,CL:431111
Change-Id: I0c35519d2e670d55d65d01eaa60d61f3e3edf419
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/431171
Reviewed-by: Julius Werner <jwerner@chromium.org>
Adding in basic menu support (using arrow keys) for
detachables. This is specifically for the recovery menu.
BUG=chrome-os-partner:61275
BRANCH=None
TEST=reboot into recovery and try booting into developer mode.
Change-Id: I9596cde62f2748928b4b796bde0a0226dc981235
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/424354
Adding in basic menu support (using arrow keys)
for detachables, which do not have keyboards. Thus,
we can only do menu scrolling rather than the old
ctrl+D/U/L way. This is specifically for the developer
warning menu.
BUG=chrome-os-partner:61275
BRANCH=None
TEST=reboot system and try scrolling through menu
Change-Id: I39f56f5ca2fedd47df53ab246ec357d07c9c4af0
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/424353
Reviewed-by: Randall Spangler <rspangler@chromium.org>
If FOR_TEST is defined, 2common.h defines VB2_DEBUG() to be printf();
it should include stdio.h as well.
The HOSTLIB extern linktest links against the vboot1 stub functions,
but not the vboot2 stub functions, so it couldn't find vb2ex_printf().
BUG=chromium:682058
BRANCH=none
TEST=DEBUG=1 make runtests; DEBUG=1 emerge-reef vboot_reference depthcharge
Change-Id: Ibf981a70ca4087ce3d86b02d76e03063b2cfc9e5
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/429310
Commit-Ready: Shelley Chen <shchen@chromium.org>
Reviewed-by: Shelley Chen <shchen@chromium.org>
Enables easy printing of text to display.
Will be used for detachable UI.
BUG=chrome-os-partner:61275
BRANCH=None
TEST=Tested from new vboot_ui_menu.c file
CQ-DEPEND=CL:424357
Change-Id: I668dd57eaafa02fb31f6ac479bcd03a613323f14
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/424090
Reviewed-by: Randall Spangler <rspangler@chromium.org>
The original VBDEBUG macro used doubly-nested parens to work with
MSVC, which didn't support varargs in macros. We now only use more
modern compilers, so replace it with the VB2_DEBUG macro and get rid
of the ugly and fragile double parens.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; build_packages --board=reef chromeos-firmware
Change-Id: Ifc0cb0733b14daaa1fde095fab7da4215a538c77
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/425133
Reviewed-by: Shelley Chen <shchen@chromium.org>
This moves the UI loops out of vboot_api_kernel.c into vboot_ui.c, so
that it'll be easier to support different UIs for different form factors.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; build_packages --board=reef chromeos-firmware; boot reef
Change-Id: I451b15f65aceb427ffdd94b19f44e91ebc10a860
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/414289
Reviewed-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-by: Shelley Chen <shchen@chromium.org>
This cleans up the vboot functions which handle display so they don't
need to pass it around. Eventually, it'll be absorbed by vb2_context.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; build_packages --board=reef chromeos-firmware; boot reef
Change-Id: I58169dfd37abe657f9b9aa339cc72ffa398329e0
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/414288
Reviewed-by: Shelley Chen <shchen@chromium.org>
Previously, the EC software sync process called VbDisplayScreen() from
several function calls deep. Refactor software sync so that the UI
decisions are at a higher level (in ec_sync_all.c) and isolated from
the low-level EC software sync functionality (in ec_sync.c).
This is one in a series of changes which are more clearly separating
out the UI, to make it easier to support multiple UI across a range of
devices.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; build_packages --board=reef chromeos-firmware; boot reef
Change-Id: I40597abeb5b0cc8f5d8fc2098e4acbed4bf59bf6
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/411921
Reviewed-by: Shelley Chen <shchen@chromium.org>
Passing the vb2 context around allows using more of the vb2 functions in
future changes, and prepares for a future where we directly use the
context as it was set up in firmware verification.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I8efa606dbdec5d195b66eb899e76fdc84337ad36
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/404997
Reviewed-by: Shelley Chen <shchen@chromium.org>
This was previously done inside vboot_api_kernel. But it has nothing to
do with kernel verification; that's just the only place where we could
easily put it given that vboot (currently) owns the firmware UI.
No outwardly-visible functionality changes.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I8a434eb4449a5a86b129ecac61ad81d0ad55549c
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/404920
Most of the indexes used in practice, have AUTHREAD set with null
password authentication. The only index, for which READ_STCLEAR is
set and TlclReadLock() is called is the one used by mount-encrypted.
It has AUTHREAD with empty password and should be lockable after
platform hierarchy is disabled. So, use null password authorization
instead of platform authorization in TlclReadLock().
BUG=chrome-os-partner:54708
BRANCH=none
TEST=Start with OOBE, corporate enroll, reboot, verify that the system
doesn't go back to OOBE. Check mount-encrypted.log on start: it
should contain "Read-locking NVRAM area succeeded".
Change-Id: Iaac78ba4dd048edac992adfab6fb94b69b2e989a
Reviewed-on: https://chromium-review.googlesource.com/410780
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Now that LoadKernel() uses a stream API for its partition data, it
doesn't care about those fields. They're blindly passed to
cgptlib_internal, which does similar checks in CheckParameters() and
CheckHeader(). So, don't duplicate the checks.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I72375496e5df7b7c17df25d358f2555fe41fe520
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/407053
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
LoadKernel() was a big function which did everything from looping over
partitions on a drive to loading the data within them to calling the
low-level verification functions on that data. Split it apart into more
manageable chunks. This also reduces indentation of the inner parts of
the code, whic increases readability.
No outwardly-visible functionality changes.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: Iea79e70163f5d9f1a9d0d897e4a9bacc925a742d
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/404919
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
There is no direct concept of physical presence in TPM2, the platform
hierarchy could be used to manage access to various NVRAM spaces
instead. The kernel NVRAM space does not have to be explicitly locked,
disabling platform hierarchy is enough to prevent writes into this
space.
BRANCH=none
BUG=chrome-os-partner:59651
TEST=verified that the system boots fine in both normal and recovery
modes; using tpmc confirmed that the kernel space is readable in
both and writeable only in recovery mode.
Change-Id: I3cd8344ad897d061f6b07424f1589a7b547a161f
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/410127
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Implement TlclGetPermissions, which sends a TPM2_NV_ReadPublic command
and returns the attributes of the NV Index (TPM2 Spec, Part 3, Section 31.6).
BUG=chrome-os-partner:58873
BUG=chrome-os-partner:55210
BRANCH=none
TEST=Run "tpmc def" with various permissions to define new indexes,
verify that "tpmc getp" returns matching permissions for them.
Change-Id: I2ad7163332ae8793cd717875645f19baef513b26
Reviewed-on: https://chromium-review.googlesource.com/409618
Commit-Ready: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Some tpm command wrappers ignore TPM return code, they should not
report success in case TPM operation failed.
BRANCH=none
BUG=chrome-os-partner:55668
TEST=verified that tpmc on reef does not silently ignore tpm write
errors any more.
Change-Id: Id8955e3757948a3fd0972f88b569fb8828be7715
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/406516
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
1) Callers of VbExTpmSendReceive often use the same buffer for
TPM command and response. So, debug-print the command before
sending to avoid it being overwritten with the response before
printing.
2) VbExTpmSendReceive only prints execution time in debug mode.
Execute gettimeofday() only when debug mode is enabled.
3) Avoid printing "DEBUG: " prefix before every byte in the
command/response.
BUG=none
BRANCH=none
TEST=emerge-$BOARD vboot_reference with and without DEBUG=1,
run tpmc commands, check the output.
Change-Id: I1bfe9a21e1a78227996eb7310a3584a9e5b73a87
Reviewed-on: https://chromium-review.googlesource.com/409613
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Implement TlclDefineSpace, which sends a TPM2_NV_DefineSpace command
to define the attributes of an NV Index and cause the TPM to reserve
space to hold the data associated with the NV Index (TPM2 Spec, Part 2,
Section 31.3.1).
Also, update TlclWrite and TlclWriteLock calls to use the platform
authorization only for NV Indexes in TPM and Platform ranges, and
use empty password authorization otherwise. This allows (1) working with
the Off-Disk Early-Access Key Storage used by mount-encrypted through
Tlcl API; and (2) testing Tlcl NV define/write/write-lock operations
with platform hierarchy disabled.
BUG=chrome-os-partner:55210
BUG=chrome-os-partner:59361
BRANCH=none
TEST=After clearing the TPM owner run "tpmc def 0x800001 0x3 0x0" to
create a TPM index of size 3, which can be read and written to
with empty password. Verify that "tpmc write 0x800001 12 34 56"
succeeds and "tpmc read 0x800001 0x3" prints "12 34 56" as NVRAM
space contents.
Change-Id: I185cf8380ef1579d0e9e4d8cead5a30ceda3ead9
Reviewed-on: https://chromium-review.googlesource.com/405792
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@google.com>
This new recovery reason will instruct the calling firmware in
vboot_select_and_load_kernel to reboot the device (under the assumption
that training of memory has already been performed by the firmware). On
seeing the return code VBERROR_REBOOT_REQUESTED, calling firmware should
perform a reboot.
BUG=chrome-os-partner:59352
BRANCH=None
TEST=make -j runtests successful
Change-Id: I110a735e612665cb2378bd71ca01a111edaf58e3
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/407656
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Previously, vb2_unpack_key() actually unpacked a key buffer. Callers
that had a vb2_packed_key had to typecast it back to a uint8_t buffer to
unpack it. Rename vb2_unpack_key() to vb2_unpack_key_buffer(), and make
vb2_unpack_key() unpack a vb2_packed_key.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge;
emerge-samus and boot it
Change-Id: I9ee38a819c59cc58a72ead78cf5ddf3d0f301ae7
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400906
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Originally, vboot1 code used VbExMalloc() and VbExFree() since it needed
to talk to EFI firmware that didn't have standard malloc() and free().
Now, coreboot and depthcharge implement them as wrappers around those
standard calls. vboot2 code already calls them directly, so let vboot1
code do that too.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I49ad0e32e38d278dc3589bfaf494bcf0e4b0a4bd
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400905
Now that the vboot1 cryptolib code is gone, nothing uses stateful_util.
Remove it and its unit tests.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I75b6014be00c5266545db10e87c1d9485fd1444b
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400904
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
At this point, all that's left are a few constants in the cryptolib
header files, and they're only used by host-side code. So move them to
a host-side header file and get rid of cryptolib.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I2235f0e84e13fef313afe54e749b73744b157884
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400903
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
The old vboot1 cryptolib hard-coded many of its padding arrays in a
padding.c file. Use the equivalent vboot2 apis instead.
This change is almost exclusively on the host and test side; the only
firmware impact is on a single line of debug output.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: If689ffd92f0255847bea2424950da4547b2c0df3
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400902
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
