Previously this was hidden behind an environment variable. With this change, the signing script will always try to sign the firmware update if found. If not, it will still perform the remaining steps (rootfs calculation, kernel partition signature etc.).
Also fixed a few minor bugs with the firmware update code.
BUG=chrome-os-partner:925, chrome-os:3496
TEST=created a ToT semi-official build, and ran the signing script on the image. Verified that the firmware got correctly updated (by running chromeos-firmwareupdate on the device). Also tested on images without the packaged firmware update.
Change-Id: I0921ce36a880e18167a8e3a2b63d8f246693d488
Review URL: http://codereview.chromium.org/3292016
Looks like dumpe2fs is not in the path otherwise. Also added a check to look for it as a pre-requisite.
BUG=none
TEST=none
Change-Id: I329c894597bc1638043a67359465e55b2ce6d0f7
Review URL: http://codereview.chromium.org/3355013
This option will perform verification operations on an image.
1) Check if the RootFS hash is correct.
2) Check if the image will verify using recovery keys (in recovery mode)
3) Check if the image will verify using SSD keys (in non-recovery mode)
2) and 3) are both tested with and without dev mode.
Also re-factor existing code for rootfs calculation and update.
BUG=5830,3496
TEST=manual
Example usage and output follows:
# Verifying an image meant for factory install.
sudo ./sign_official_build.sh verify factory_install_image.sh ../../tests/devkeys/
Verifying RootFS hash...
PASS: RootFS hash is correct
Testing key verification...
With Recovery Key (Recovery Mode ON, Dev Mode OFF): NO
With Recovery Key (Recovery Mode ON, Dev Mode ON): YES
With SSD Key (Recovery Mode OFF, Dev Mode OFF): NO
With SSD Key (Recovery Mode OFF, Dev Mode ON): YES
# Verifying an image meant for recovery mode.
sudo ./sign_official_build.sh verify recovery_image.bin ../../tests/devkeys/
Verifying RootFS hash...
PASS: RootFS hash is correct
Testing key verification...
With Recovery Key (Recovery Mode ON, Dev Mode OFF): YES
With Recovery Key (Recovery Mode ON, Dev Mode ON): YES
With SSD Key (Recovery Mode OFF, Dev Mode OFF): NO
With SSD Key (Recovery Mode OFF, Dev Mode ON): YES
# Verifying an image meant for the SSD drive.
sudo ./sign_official_build.sh verify ssd_image.bin ../../tests/devkeys/
Verifying RootFS hash...
PASS: RootFS hash is correct
Testing key verification...
With Recovery Key (Recovery Mode ON, Dev Mode OFF): NO
With Recovery Key (Recovery Mode ON, Dev Mode ON): NO
With SSD Key (Recovery Mode OFF, Dev Mode OFF): YES
With SSD Key (Recovery Mode OFF, Dev Mode ON): YES
# Image with an incorrect rootfs hash but otherwise validly signed
sudo ./sign_official_build.sh verify ssd_image.bin ../../tests/devkeys/
Verifying RootFS hash...
FAILED: RootFS hash is incorrect.
Expected: ebce345727ca05ea9368d3b8d5ce1c81471d7d3b
Got: 9b092985996bb2422b11487a66929a1a004df4fc
Testing key verification...
With Recovery Key (Recovery Mode ON, Dev Mode OFF): NO
With Recovery Key (Recovery Mode ON, Dev Mode ON): NO
With SSD Key (Recovery Mode OFF, Dev Mode OFF): YES
With SSD Key (Recovery Mode OFF, Dev Mode ON): YES
# Image signed using a different set of keys (but validly signed).
sudo ./sign_official_build.sh verify invalid_image.bin ../../tests/devkeys/
Verifying RootFS hash...
PASS: RootFS hash is correct (70e6f2de0220991fd503a6fcc7edac131b4a48ca)
Testing key verification...
With Recovery Key (Recovery Mode ON, Dev Mode OFF): NO
With Recovery Key (Recovery Mode ON, Dev Mode ON): NO
With SSD Key (Recovery Mode OFF, Dev Mode OFF): NO
With SSD Key (Recovery Mode OFF, Dev Mode ON): YES
Change-Id: I4960cdbbbe93e685346417b882739f9cfd5f6b75
Review URL: http://codereview.chromium.org/3327005
The exact firmware packaging is still very much in flux, not to mention current images don't have the firmware autoupdate package.
BUG=none
TEST=none
Change-Id: Idc60c2c9a8fbc83e0c786b4d4f96f371cdb4a49f
Review URL: http://codereview.chromium.org/3151027
The build signing script will now re-sign the chrome os AU payload in the image rootfs using the new keys. In addition, it will recalculate and update the RootFS hash (in the kernel partition) before re-signing the whole image using the new "official" keys.
BUG=3496, 5264
TEST=manual
>>>>>For testing rootfs hash updates
1) Ensure that image was build with the --enable_rootfs_verification flag
2) Mount the root file fs on the input image, and make a minor change to the root fs (e.g. adding a file)
3) Now boot from this image, drop into the shell and look for logs related to dm-bht in the dmesg output.
4) You should see dm-bht complaining about block hash mismatches
$ dmesg | grep dm
..... <dm-bht errors>.......
<errors of the form "dm-bht: Block hash match failed">
4) Now re-sign the modified image using the sign_official_build script. This will re-calculate and update the rootfs hash.
5) Boot from the re-signed image. Look at dmesg output.
6) You should see NO dm-bht errors.
>>>>>For testing re-signing of firmware payload
Grab the firmware autoupdate shellball from /usr/sbin/chromeos-firmwareupdate in the output image's rootfs partition (number 3). Extract the shellball (--sb_extract flag), and grab the firmware bios.bin from the temporary directory.
$ unpack_firmwarefd.sh bios.bin
$ vbutil_firmware --verify firmwareA.vblock --signpubkey KEY_DIR/firmware.vbpubk --fv firmwareA.data
[Verification should succeed]
$ gbb_utility -g bios.bin --rootkey=rootkey --recoverykey=recoverykey
"rootkey" should be the same as KEY_DIR/root_key.vbpubk
"recoverykey" should be the same as KEY_DIR/recovery_key.vbpubk
KEY_DIR: Directory containing the keys used to generate the output image.
Review URL: http://codereview.chromium.org/3083025
Also, update the usage with examples.
BUG=5581
TEST=tested with "quoted arguments with spaces"
Change-Id: I4d3db4f9d4bf254069f08e8154d650d6ce4551f0
Review URL: http://codereview.chromium.org/3164010
Also, rename the script to reflect its specific purpose.
BUG=5580
TEST=ran on an image, installed and tested with new password
Review URL: http://codereview.chromium.org/3175003
The script sign_official_build.sh does the appropriate signing depending on whether an ssd, recovery or factory-install image is desired.
Also re-factors some common functionality into common.sh.
BUG=3496
TEST=manual
I haven't had a chance to test this on an actual machine running our firmware but will do that before I actually check-in. Thoughts I'd atleast get this out to get the review going.
Review URL: http://codereview.chromium.org/3066034
Forgot to propagate the use of area_offset= pattern for ouput parsing to the unpacking script.
BUG=none
TEST=Tested by running on a firmware image with flashmap enabled. Correctly parsed the section offsets and sizes and output them to files.
Review URL: http://codereview.chromium.org/3050019
Also add a script for splitting a firmware image into component firmware data, vblocks and the GBB.
Note: The script uses fmap_decode, a utility to parse flashmap of a firmware image, and a part of the flashmap project:
http://code.google.com/p/flashmap/
BUG=3496
TEST=Tested with newer builds of firmware images with flashmaps enabled. Steps to verify:
1) Use script to re-sign an existing image with a new set of keys.
2) Use unpack_firmwarefd.sh to get individual firmware data and vblocks.
3) Use vbutil_firmware with the new keys. Verification should succeed with
the newer keys but fail with the older ones.
Review URL: http://codereview.chromium.org/3026018
For use on our signing servers. May merge this with other scripts once we drill down the right workflow.
BUG=3496
TEST=Just a wrapper around vbutil_kernel and works as intended.
Review URL: http://codereview.chromium.org/3020023
Also created a new directory in the vboot_reference source where all signing scripts and related miscellanea will go.
Review URL: http://codereview.chromium.org/2925011
Refactor and restructure reference code into individual self-contain modules. I have revamped the way the code is structured to make it easy to determine which parts belong in the firmware and which are used by userland tools.
common/ - common utilities and stub functions (Firmware)
cryptolib/ - crypto library (Firmware)
misclibs/ - miscellaneous userland libraries (Userland)
sctips/ - Miscellaenous scripts (Userland)
tests/ - Tests (Userland)
vfirmware/ - Verified Firmware Implementation
vfirmware/firmware_image_fw.c (Firmware)
vfirmware/firmware_image.c (Userland)
vkernel/ - Verified Kernel Implementation
vkernel/kernel_image_fw.c (Firmware)
vkernel/kernel_image.c (Userland)
Review URL: http://codereview.chromium.org/1581005
