We want a quick and human-friendly way to match keys with
signatures, so we decided to give each key a unique GUID and
carry that ID around when signing things.
But then we realized that we could autogenerate a unique
identifier from the .pem file itself, which is even better
because then we can match our binary keypair structs with the
openssl file used to generate them.
This change replaces the GUID id with a sha1sum calculated from
the public key's "keyb" blob.
BUG=none
BRANCH=none
TEST=make runtests
Also:
futility show tests/testkeys/key_rsa4096.pem
futility create tests/testkeys/key_rsa4096.pem foo
futility show foo.vbp*
Note that the GUID is the same for all files.
Change-Id: Ie44e46c83433718b1ff0163c1e7c51ec331b99f9
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/256181
Reviewed-by: Randall Spangler <rspangler@chromium.org>
We use the .pem files to generate our public and private key
files. Since we display the sha1sums of those files to help keep
track of them, we might as well also display the same information
about the RSA .pem files, too.
BUG=chromium:231574
BRANCH=none
TEST=make runtests
futility show tests/testkeys/*.pem
Change-Id: Ibfd1e016d65981d477ed7d117d23dedf48b95873
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/246769
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Because all of our private key structs carry around the openssl
struct rsa_st data blobs, we can use those blobs to extract the
corresponding public key and generate a digest of it.
This lets us match our public and private keys without having to
rely on the filenames. There's no crypto verification without
actually *using* them, of course, but it's handy for quick reference.
BUG=chromium:231574
BRANCH=none
TEST=make runtests
This also adds a test to ensure that all the public and private
keys generated from the same .pem file have the same sha1sums.
Change-Id: If83492437e3ef37f7c4ebca4675336b75f631901
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/246768
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This enhances the futility show command to recognize and identify
our public and private key files, for both the old vboot 1.0
format and the new vboot 2.1 format.
BUG=chromium:231547
BRANCH=ToT
TEST=make runtests
vboot 1.0:
futility show tests/devkeys/*.vbp*
vboot 2.1:
futility create tests/testkeys/key_rsa2048.pem foo
futility show foo.vbp*
Change-Id: I9d7641db03e480b416790a7da6b473215444128a
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/246767
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This command reads a single .pem file and emits the public and
private keys generated from it. It can produce both the old-style
vboot 1.0 keys (.vbpubk and .vbprivk), or the new vboot 2.1
format keys (.vbpubk2 and .vbprik2). The default is the new
format, but you can give futility the --vb1 arg to force the old
format.
A test is included.
BUG=chromium:231547
BRANCH=ToT
TEST=make runtests
Change-Id: I4713dc5bf34151052870f88ba52ddccf9d4dab50
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/246766
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Some Brillo devices may have smaller kernel partition and we need to reduce the
size limit.
BUG=none
BRANCH=none
TEST=make_dev_ssd.sh applied on a Brillo config with 8MB kernel partition.
Change-Id: I9ca37445a6cdb20138f13dbe975c207383a1474c
Reviewed-on: https://chromium-review.googlesource.com/255341
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Mao Huang <littlecvr@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
The host-side futility tool will need to support all extant vboot
implementations. Some legacy futility commands only support the
original vb1 format, but others ("show" or "sign", for example)
may need to be instructed which formats to expect or emit.
This change adds some global args to specify the preferred
formats. It also cleans up a few [unused AFAICT] one-letter args
to avoid conflicts.
BUG=chromium:231574
BRANCH=none
TEST=make runtests
Nothing makes use of this yet, except the "help" command.
Change-Id: Ib79fa12af72b8860b9494e5d9e90b9572c006107
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/246765
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Before, building locally left a file named "vboot_host.pc" in the
top directory.
With this change, it's put into the $BUILD directory where it
belongs.
It still gets installed into the same place, of course.
BUG=chromium:459338
BRANCH=none
TEST=make runtests, and
Run:
make test_setup MINIMAL=
make test_setup MINIMAL=1
find . -name vboot_host.pc
Before this CL:
./build/install_for_test/usr/lib/pkgconfig/vboot_host.pc
./build/install_for_test/lib/pkgconfig/vboot_host.pc
./vboot_host.pc
After this CL:
./build/install_for_test/usr/lib/pkgconfig/vboot_host.pc
./build/install_for_test/lib/pkgconfig/vboot_host.pc
./build/vboot_host.pc
Change-Id: I3a888f72a5753228eec5187178d0da22de782171
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/254712
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Nam Nguyen <namnguyen@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
make runtests -j4 occasionally failed due to missing
dependencies. This helps. Of course, there may be others...
BUG=none
BRANCH=ToT
TEST=make runtests -j4
Change-Id: Iff6e96f94b125a16be76d8cf34ce473bf6c65fe5
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/246764
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This shows an error message when cgpt.bin failed to run, with its
reason. Without this patch, "cgpt" would just fail and return -1 in
that case making it difficult to know the reason of the failure.
BUG=chrome-os-partner:36061
TEST=replaced this binary in storm recovery initramfs 6699.0.0 and it
shows the error message if cgpt.bin is not installed.
BRANCH=None
Change-Id: I3ffaba5a63c491ac7d5b16086d5ae21005f40317
Reviewed-on: https://chromium-review.googlesource.com/251868
Reviewed-by: Alex Deymo <deymo@chromium.org>
Commit-Queue: Alex Deymo <deymo@chromium.org>
Trybot-Ready: Alex Deymo <deymo@chromium.org>
Tested-by: Alex Deymo <deymo@chromium.org>
postinst needs access to a kernel that is bootable from legacy BIOS.
futility provides extraction of a bootable vmlinuz from the kernel
partition via the command line. This patch provides a function which
does the same thing and is suitable for static linking into postinst
with minimal additonal code linked in. This way we can avoid issues with
running dynamic executables during postinst.
BRANCH=none
TEST=None
BUG=chromium:455343
Change-Id: Iaec2f48e4d8f78a4bbfcc1636b6ce478e95e9a8e
Reviewed-on: https://chromium-review.googlesource.com/251760
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Per the pep-0394 recommendation, version specific python scripts should
specify the interpreter version.
TEST=Run tests on a system with python3 default
BUG=None
Change-Id: I83e98f3bb0235230293819104570930085788398
Reviewed-on: https://chromium-review.googlesource.com/251132
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Anatol Pomazau <anatol@google.com>
Commit-Queue: Anatol Pomazau <anatol@google.com>
dump_kernel_config utility used mmap() to map a file or block device to
memory and searched from there. This CL removes mmap(), and reads from
the input sequentially. We need this so that working with MTD devices is
possible. We just need to implement another read function.
BUG=chromium:457862
BRANCH=none
TEST=make runtests
TEST=FEATURES=test emerge vboot_reference
Change-Id: I83e98f3bb079879f411d7f2f584b1792131b9b38
Reviewed-on: https://chromium-review.googlesource.com/249270
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Nam Nguyen <namnguyen@chromium.org>
Commit-Queue: Nam Nguyen <namnguyen@chromium.org>
Trybot-Ready: Nam Nguyen <namnguyen@chromium.org>
Kernel preamble flags are set by the signer for passing hints about
the image. Read these flags from the preamble and pass it back to the
caller in kparams structure.
BUG=chrome-os-partner:35861
BRANCH=None
TEST=Compiles and boots to kernel prompt for both CrOS image and bootimg.
Change-Id: I07a8b974dcf3ab5cd93d26a752c989d268c8da99
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/245951
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Furquan Shaikh <furquan@chromium.org>
1. Increase kernel preamble revision from 2.1 to 2.2.
2. Add flags field to kernel preamble.
3. Update futility to accept flags parameter for vbutil_kernel and
cmd_sign for kernel.
4. Pass in an extra flags field to SignKernelBlob and
CreateKernelPreamble.
BUG=chrome-os-partner:35861
BRANCH=None
TEST=1) "make runalltests" completes successfully. 2) vboot_reference
compiles successfully for ryu. 3) Verified flags field in header using
futility show.
Change-Id: If9f06f98778a7339194c77090cbef4807d5e34e2
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/245950
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Furquan Shaikh <furquan@chromium.org>
Minimal Android.mk sufficient to build host tools to compile
futility vbutil_keyblock and vbutil_kernel to sign kernel images.
BUG=none
TEST='mm' from within Android tree compiles
BRANCH=none
Change-Id: Ie46be27cd14a5ca73a23eb52238eb9fd326ccaf4
Signed-off-by: David Riley <davidriley@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/247820
vboot1 kept track of an internal "LoadFirmware() check" value for both
firmware slots and encoded the value for the slot that managed to go
further in the verification flow into a special range of recovery
reasons. vboot2 instead uses the generic "invalid RW" reason for all
firmware verification failures and communicates further information
through the subcode.
While the subcode may be good enough for developers, it's difficult to
communicate failure reasons to "normal" users (like non-firmware
developers) on the TAB screen. Currently we just display a couple of
numbers that people won't know how to interpret and "RW firmware failed
signature check" for any verification error (including rollback, which
might be the most commonly encountered in practice).
Since our recovery reason space is big enough (and we don't reuse old
numbers anyway), we might as well reuse the more precise numbers (and
strings) from vboot1 to communicate the failure reason, even if we don't
implement its "which slot came further" algorithm. This patch translates
the most common/useful VBSD_LF_CHECK numbers into plain VB2_RECOVERY
reasons and uses them where appropriate.
CQ-DEPEND=CL:248400
BRANCH=veyron
BUG=None
TEST=make runtests VBOOT2=1
test_that my_jerry firmware_CorruptBothFwSigAB
firmware_CorruptBothFwBodyAB firmware_RollbackFirmware
(Confirmed that matched recovery reasons are the more precise ones in
the 0x10-0x1F range.)
Change-Id: I51ecf1b820d1faa40405cb84377380d6f3f6ca1d
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/248392
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
The following works from a Mac with these changes:
make Q= ARCH=arm HAVE_MACOS=1 `pwd`/build/futility/futility
Only vbutil_keyblock and vbutil_kernel have been exercised.
BUG=none
TEST='make Q= ARCH=arm HAVE_MACOS=1 `pwd`/build/futility/futility'
BRANCH=none
Signed-off-by: David Riley <davidriley@chromium.org>
Change-Id: Ie69cfee0c650d4ff96be6322083a2fea1543ee39
Reviewed-on: https://chromium-review.googlesource.com/246773
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Commit-Queue: David Riley <davidriley@chromium.org>
vboot2 added a few new recovery reasons (and abolished many old ones).
In the current vboot2/vboot1 hybrid architecture used on Veyron, the
vboot1 kernel verification part controls the status display when
pressing the TAB key, which may try to show recovery reasons set by the
vboot2 firmware verification part. These currently result in the not
very helpful "We have no idea what this means", so lets hack a few more
strings into vboot1 which will be otherwise harmless. Also add the
recovery_subcode field to the display, which is used much more
extensively by vboot2 and often very useful in firguring out what really
went wrong.
BRANCH=veyron
BUG=None
TEST=Manually set a few recovery reasons and subcodes through crossystem
and made sure they get displayed correctly on my Jerry.
Change-Id: I3f3e6c6ae6e7981337841c0c5e3cd767628472c3
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/248391
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
The kernel chromeos_arm platform device provides the recovery status
with the consideration of active polarity.
Thus make crossystem to read from chromeos_arm device first. If this
is not available, read directly from gpio pin status.
BUG=chrome-os-partner:36425
BRANCH=none
TEST=ran on kitty,
'crossystem recoverysw_cur' return 0 with recovery switch off
'crossystem recoverysw_cur' return 1 with recovery switch on
Change-Id: Ie20630d7d07aeadf24044cd3ffc495df7cdd8a4a
Signed-off-by: Ken Chang <kenc@nvidia.com>
Reviewed-on: https://chromium-review.googlesource.com/246883
Tested-by: Titan Lee <titanlee@nvidia.com>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Titan Lee <titanlee@nvidia.com>
The length of the signature is 8 bytes. We've been checking 9
bytes instead, pretty much forever. All the tests have passed
because although the signature we're looking for is an 8-byte
string followed by a '\0', the next field in the header contains
the revision number 0x00010000, so the 9th byte is always zero.
We should follow the spec, though.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: I7cc6370250fa36a193f4a9fa5bc0099aea465618
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/247331
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This patch adds a check to vboot2 secdata accessor functions that
returns an error if vb2_secdata_init() has not yet been called or
failed for some reason. This avoids a problem where vboot may
misinterpret random garbage (e.g. from transient read failures) as
valid secdata in recovery mode and write it back to the TPM (bricking
the device in a way that requires manual repair).
Also removes VB2_ERROR_SECDATA_VERSION check. This check was not
terribly useful since there should be no way a vboot2 device could ever
have secdata version 1 (and if it did, it should still fail CRC checks).
This error can trigger for cases when secdata contains random garbage
(e.g. all zeroes) and prevent the much more appropriate
VB2_ERROR_SECDATA_CRC error from even being checked for, which just
creates confusion and makes it harder to determine the real problem.
BRANCH=veyron
BUG=chrome-os-partner:34871
TEST=Emulated TPM read errors by just manually memset()ing secdata to 0
in coreboot, verified that vboot does not write back to the TPM and the
device will start working fine again once the disruption is removed.
Change-Id: I76bcbdbcd8106a0d34717cc91a8f2d7cda303c3f
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/244846
Forgot to update the bitsizes in the variable constants.
BUG=chromium:454651
TEST=`./create_new_keys.sh` still generates 8k keys
TEST=`./create_new_keys.sh --4k` now generates 4k keys
BRANCH=None
Change-Id: Ie285649f4d58ad2e2cba71f4cab737cc2235e3ab
Reviewed-on: https://chromium-review.googlesource.com/245890
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
While we do this, clean up:
- use braces everywhere
- convert local vars from $VAR to $var
- parse all command line args properly
- run in `set -e` mode
BUG=chromium:454651
TEST=`./create_new_keys.sh` still generates sane keys
TEST=`./create_new_keys.sh --help` shows help output
TEST=`./create_new_keys.sh --asdfasdf` shows an error
TEST=`./create_new_keys.sh` outside chroot (w/out vboot binaries) aborts after first failure
BRANCH=None
Change-Id: I1ba0db0b24c0f2f10cf397b47115f0e98384d991
Reviewed-on: https://chromium-review.googlesource.com/245317
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Oops. Somehow the Makefile stopped including the generated
dependencies. As long as we're building from scratch this didn't
matter, but rebuilding following local changes wouldn't always
work. Let's fix it.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: I80bd30d1847734a288cddf61f28bb33ae9906525
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/245501
Reviewed-by: Randall Spangler <rspangler@chromium.org>
A truncated BIOS with an otherwise valid FMAP that now points way
off the end of the file shouldn't cause coredumps.
BUG=none
BRANCH=ToT
TEST=make runtests
Change-Id: Idf96e1e6a381bf0fe0b1cb2d16e3dad39ce7a0dc
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/245500
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This patchs adds a new vb2_shared_data field to store the current
rollback prevention version number stored in secdata (TPM). This
information needs to be retrieved from there by coreboot (current
hack) or vboot2 kernel verification (bright shiny future) so it can be
passed along to the operating system and user space.
BRANCH=veyron
BUG=chrome-os-partner:35941
TEST=make runtests. Booted Jerry in recovery mode (with corresponding
coreboot patch), ensured that crossystem tpm_fwver still shows the
correct value.
Change-Id: I2a0c3e51b158a35ac129d2abce19b40c6c6381a6
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/244601
Reviewed-by: Randall Spangler <rspangler@chromium.org>
this api allows firmware to get the digest indicating boot mode status.
BUG=chromium:451609
TEST=VBOOT2=1 make run2tests
BRANCH=tot
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: Idca7bc5f6aed947689ad7cf219805aad35047c7d
Reviewed-on: https://chromium-review.googlesource.com/244542
This moves the what-kind-of-file-is-this logic into a separate
file, and makes it work by calling distinct recognizers until one
hits. A new "-t" option to the show command prints what it's
doing.
BUG=chromium:228932
BRANCH=ToT
TEST=make runtests
Change-Id: Id8f60bdf3fe6a9adf41b4555b3448a261fa52fea
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/245122
Reviewed-by: Randall Spangler <rspangler@chromium.org>
CL:221230 added the new NVRAM fields fw_prev_tried and fw_prev_result.
It also provided support in the crossystem library to decode these
values, but it forgot to add them to the table of allowed crossystem
options so they actually cannot be queried by the command line tool. Fix
that since this information is useful to debug failures after updating.
BRANCH=R41
BUG=chrome-os-partner:36183
TEST=make runtests VBOOT2=1. cros deployed onto Jerry and confirmed
fw_prev_tried and fw_prev_result are correct.
Change-Id: I8bad7266379d959f5370b7ebeefbbba939c5de06
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/245143
Reviewed-by: Randall Spangler <rspangler@chromium.org>
The signing scripts pass a bunch of args around, including paths
to the keys used to sign dev-mode-specific firmware. That was
only used on Alex and ZGB, so all the newer systems don't have
those keys and the script falls over.
This uses the normal firmware keys if the dev-firmware keys don't
exist. This was an oversight with the original CL that touched
resign_firmwarefd.sh
BUG=chromium:453901
BRANCH=ToT
TEST=manual
Download a newer signed recovery image, say for nyan, and save it as
scripts/image_signing/nyan-recovery-mp.bin
Temporarily delete the developer firmware keys from the devkeys:
rm -f tests/devkeys/dev_firmware*
Now try resigning the recovery image:
cd scripts/image_signing
./sign_official_build.sh recovery nyan-recovery-mp.bin \
../../tests/devkeys/ signed.bin \
../../tests/devkeys/key.versions
It should work.
Change-Id: I474811158cb33e16ad09c16b0db825c40217dd70
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/245151
Reviewed-by: Mike Frysinger <vapier@chromium.org>
The vboot 2.0 stuff is deprecated, so let's not index that when
building cross-references (cscope.files and TAGS).
BUG=none
BRANCH=ToT
TEST=manual
make xrefs
Change-Id: If3a9c42f869308acd929e32d5290e3354f5c3555
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/244751
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This accurately reflects what's really happening. Vboot 2.0 is
backwards-compatible with the binary structs used in vboot 1.0,
while vboot 2.1 will not be.
When building firmware, vboot_reference should be invoked in one
of three ways:
TARGET OUTPUT VERSION
fwlib vboot_fw.a 1.0
fwlib20 vboot_fw20.a 2.0
fwlib21 vboot_fw21.a 2.1
BUG=chromium:228932
BRANCH=ToT
CQ-DEPEND=CL:243981
TEST=manual
emerge-veyron_pinky coreboot
emerge-samus coreboot
emerge-daisy_spring chromeos-u-boot
make runtests
Change-Id: I98d8ea6b48e5922a470e744d56699cad43eabb3d
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/243980
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Old images don't put kernel on partition 4 and rely on vblock for installation.
The signer script has to support both old and new images, by testing if kernel
partition has valid data.
BRANCH=signer
BUG=chromium:449450
TEST=(get old image without kernel blob on partition 4)
sign_official_build.sh usb image.bin ../../tests/devkeys signed.bin \
../../tests/devkeys/key.versions
Change-Id: I92542ffb162660d86c30d9598fe1ca59ff69afe4
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/243874
Reviewed-by: Mike Frysinger <vapier@chromium.org>
For each mount_image_partition, we have to unmount explicitly before doing other
changes (especially when using dd) to image. Otherwise system may flush data
when releaseing loop device and cause output image to be corrupted.
BUG=chromium:449450
TEST=sign_official_build.sh factory factory_install_shim.bin \
../../../tests/devkeys signed.bin ../../../tests/devkeys/key.versions
sign_official_build.sh verify signed.bin
BRANCH=signer
Change-Id: I20756d9769c3737e25cfea348a9a4d64cc43b202
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/243496
Reviewed-by: Mike Frysinger <vapier@chromium.org>
The vb2_verify_fw command is used only in a host-side test. It
doesn't need to be built into futility. This makes it a separate
executable used just for that test.
BUG=chromium:231547
BRANCH=none
TEST=make VBOOT2=1 runtests
Note that tests/vb2_firmware_tests.sh still passes, now using an
external vb2_verify_fw executable instead of a futility command.
Change-Id: Iee58df065e7a762369c5e691f6c2093de9122ed2
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/243630
Trying to repack an invalid kernel blob should notice and
complain that the blob is invalid instead of just segfaulting.
BUG=chromium:452353
BRANCH=ToT
TEST=manual
See the bug report for an example test case. Many more tests are
being added as futility development continues.
Change-Id: I2bbfb8ab41a0f596b25a76f76f74d7b47b7e4a17
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/243583
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
We were assuming 8-byte alignment for buffers. That's not true on
32-bit architectures. We should make the alignment requirements
explicit (and correct) for all architectures.
BUG=chromium:452179
BRANCH=ToT
CQ-DEPEND=CL:243380
TEST=manual
USE=vboot2 FEATURES=test emerge-x86-alex vboot_reference
Change-Id: I120f23e9c5312d7c21ff9ebb6eea2bac1e430e37
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/243362
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Following changes are done to the cgptlib API in order to allow backend
component of fastboot to perform erase and write operations on
partitions and manipulate GPT entries:
GptFindNthEntry - Returns the nth entry in GPT that matches provided
GUID.
GptGetEntrySizeLba - Returns size of a partition in lba.
GptGetEntrySizeBytes - Returns size of a partition in bytes.
GptUpdateKernelWithEntry - Given kernel entry is updated using the
provided update_type. GptUpdateKernelEntry calls this function with
entry for current_kernel.
Add flags GPT_UPDATE_ENTRY_RESET and GPT_UPDATE_ENTRY_INVALID for
calls to GptUpdateKernelEntry. These operations are used by write
image and erase partition respectively.
BUG=chrome-os-partner:35861
BRANCH=None
TEST=Compiles successfully and all the newly added functions work as expected.
Change-Id: I82c87e4c97de2d207e80209dbd4922b4bcd5880a
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/240268
Trybot-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Commit-Queue: Furquan Shaikh <furquan@chromium.org>
