OpenCellular

mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-12-08 17:05:44 +00:00

Author	SHA1	Message	Date
C Shapiro	a52fc548b4	image_signing: Remove legacy unified build feature This feature was originally implemented before go/cros-unibuild-signing. It only provided basis support to continue testing unibuilds, but didn't deal with the actual required model specific cases. Unibuilds have already been migrated away from this, so this feature is now obsolete. BUG=None TEST=~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh recovery ../build/images/coral/latest/recovery_image.bin ../platform/vboot_reference/tests/devkeys BRANCH=None Change-Id: I58b569b97f0bf42a927a851e7bc0559cb1e26200 Reviewed-on: https://chromium-review.googlesource.com/660805 Commit-Ready: C Shapiro <shapiroc@google.com> Tested-by: C Shapiro <shapiroc@google.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-09-12 13:03:23 -07:00
C Shapiro	16426bf166	image_signing: Fix missing root key for unibuilds For model specific signatures, the root key needs to be copied also for the development case where the root key can be flashed into the RO block. BUG=b:65367246 TEST=./build_image --board=coral dev \ && ./mod_image_for_recovery.sh --board=coral \ && ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh \ recovery ../build/images/coral/latest/recovery_image.bin \ ../platform/vboot_reference/tests/devkeys BRANCH=None Change-Id: I116850881d3c183b20e7d75e40deb13122f40c7a Reviewed-on: https://chromium-review.googlesource.com/650546 Commit-Ready: C Shapiro <shapiroc@google.com> Tested-by: C Shapiro <shapiroc@google.com> Reviewed-by: C Shapiro <shapiroc@google.com>	2017-09-05 21:07:18 -07:00
C Shapiro	3f3a496a23	image_signing: Fix loem.ini pattern for unibuilds The grep pattern was too lenient and allowed for matches with the same shared root key id. E.g. NASHER also matched NASHER360 This changes the pattern to match exactly to the end of the line. BUG=b:65284008 TEST=grep -E "[0-9]+ = NASHER$" ~/tmp/loem.ini with actual loem.ini that will exist on the signers BRANCH=None Change-Id: I80a870cd512825d30c7a39e4ac6f3cffc9ea808d Reviewed-on: https://chromium-review.googlesource.com/647800 Commit-Ready: C Shapiro <shapiroc@google.com> Tested-by: C Shapiro <shapiroc@google.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: YH Lin <yueherngl@chromium.org>	2017-09-01 14:41:47 -07:00
C Shapiro	d2ee3ca7c1	image_signing: Don't create empty keyset subdir updater4.sh uses the /keyset subdir from the firmware updater shellball to indicate if it should use model specific keys or not. This won't work for any case where the signers haven't been updated with model specific keys yet. Changed the output for unibuilds to be consistent with non-uni builds where the /keyset subdir won't be created if loem.ini doesn't exist on the signer. BUG=b:65128657 TEST=crrev.com/c/626718 and crrev.com/c/636344 test cases, which cover both the shared and non-shared key use cases BRANCH=None Change-Id: I38db1385fa99ac4a9843a750c336c58b74b127b4 Reviewed-on: https://chromium-review.googlesource.com/642031 Commit-Ready: Simon Glass <sjg@chromium.org> Tested-by: Simon Glass <sjg@chromium.org> Tested-by: C Shapiro <shapiroc@google.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Jason Clinton <jclinton@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-08-30 13:04:21 -07:00
C Shapiro	9b3e2cba5b	[unibuild] Fix issues with model specific fw sign Updated the current coral config to use the fake keys from the loemkeys dev keyset (ACME) and then tested/debugged this flow based on that config. Fixed issue where key_id wasn't eval'd in bash when it was passed to grep because it has ' quotes around it. BUG=b:64842314 TEST=~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh recovery ../build/images/coral/R62-9877.0.2017_08_25_1030-a1/recovery_image.bin ../platform/vboot_reference/tests/loemkeys coral_loem_signed_recovery.bin BRANCH=None Change-Id: I50a58e512e9a83dc2707951f12d709f9006d67ca Reviewed-on: https://chromium-review.googlesource.com/636344 Commit-Ready: C Shapiro <shapiroc@google.com> Tested-by: C Shapiro <shapiroc@google.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-08-25 19:54:10 -07:00
Nicolas Boichat	594eb296fe	image_signing: sign_official_build.sh: Add version to rwsig signatures We would like to have different signature versions for hammer (1=dev, 2=premp, 3=mp), so we should pass --version to futility. The default version stays 1. BRANCH=none BUG=b:35587169 TEST=openssl genrsa -3 -out key_hammer.pem 2048 futility create --desc="Hammer fake MP key" key_hammer.pem key_hammer echo firmware_version=2 > key_hammer.version ../vboot_reference/scripts/image_signing/sign_official_build.sh \ accessory_rwsig build/hammer/ec.bin . \ ec-signed.bin key_hammer.version futility show ec-signed.bin => Version: 0x00000002 TEST=Without passing a version file, version is still 1. ../vboot_reference/scripts/image_signing/sign_official_build.sh \ accessory_rwsig build/hammer/ec.bin . ec-signed.bin futility show ec-signed.bin => Version: 0x00000001 Change-Id: I0cd9133404fb0d827bd2f0d3bcc71d5dd274734d Reviewed-on: https://chromium-review.googlesource.com/631757 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-08-25 12:09:04 -07:00
C Shapiro	509339ce2b	[unibuild] Support for unibuild firmware signing For design context, see go/cros-unibuild-signing This adds support for multiple, shared firmware images from a unified build that needs to be signed with different OEM specific keys. It uses a signer_config.csv file (that is generated by pack_firmware.py) to determine which images need to be signed with which keys. BUG=b:64842314 TEST=./build_image --board=coral dev && ./mod_image_for_recovery.sh --board=coral && ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh recovery ../build/images/coral/latest/recovery_image.bin ../platform/vboot_reference/tests/devkeys BRANCH=None Change-Id: Id3711bbe73dfe652184bc046b5f642c30b8d1627 Reviewed-on: https://chromium-review.googlesource.com/626718 Commit-Ready: C Shapiro <shapiroc@google.com> Tested-by: C Shapiro <shapiroc@google.com> Reviewed-by: C Shapiro <shapiroc@google.com>	2017-08-23 08:02:12 -07:00
Mike Frysinger	3f24b902e4	image_signing: convert_recovery_to_ssd.sh: rewrite to be better This converts the script in one commit as nothing uses it directly, so the chances of it breaking overall build is low. - Convert to common.sh for more helpers - Convert echo to info - Convert to loopback devices to speed things up - Fix quoting in a few places - Drop cgpt usage since we use loopback partitions everywhere now BRANCH=None BUG=chromium:714598 TEST=running on an image still works Change-Id: I6608db77792502f35522a6f793ccd800fdd6af4e Reviewed-on: https://chromium-review.googlesource.com/505482 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-08-09 21:46:13 -07:00
Mike Frysinger	ca97b25a33	image_signing: sign_official_build.sh: use loopbacks kernel configs w/boot loader updates This is the last place that uses grab_kernel_config. Convert it over to accessing the kernel directly via loopbacks and delete the helper function entirely. This avoids unnecessary copies and prevents any more code from using it. BRANCH=None BUG=chromium:714598 TEST=dump_config still works Change-Id: I16aa2c2568d15c43bb20b9d5dc18060915047506 Reviewed-on: https://chromium-review.googlesource.com/505481 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-08-03 10:11:42 -07:00
Mike Frysinger	68466c6d0a	image_signing: sign_official_build.sh: use loopbacks for rootfs hash updates This avoids copying GB of data for the rootfs & kernels by using loopback devices instead. BRANCH=None BUG=chromium:714598 TEST=dump_config still works Change-Id: I41cd71db3c567be811c4a59523c797c128a8e493 Reviewed-on: https://chromium-review.googlesource.com/505480 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-07-15 14:45:13 -07:00
Mike Frysinger	8e556f4e23	image_signing: sign_official_build.sh: use loopbacks for dump_config This avoids copying out the kernels just to read their configs. Not super important as the signer doesn't use it, but we want to kill off the grab_kernel_config helper. BRANCH=None BUG=chromium:714598 TEST=dump_config still works Change-Id: I2533b1d4de6980120f277fea3a1d964cb4fbaf0d Reviewed-on: https://chromium-review.googlesource.com/505479 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-07-13 19:46:10 -07:00
Mike Frysinger	06beb42e11	image_signing: sign_official_build.sh: use loopbacks when updating recovery kernels This avoids copying in/out the kernels for their configs and to resign. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: Id13d5099da7f8a73ebd4d4e918188c7eb5b65a12 Reviewed-on: https://chromium-review.googlesource.com/505478 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-07-06 21:13:56 -07:00
Mike Frysinger	3abb4fe45e	image_signing: sign_official_build.sh: switch initial image signing to loopbacks This changes the kernel config reading and the stateful vblock updating to use loopback devices. This avoids having to copy out the kernels many times over just to read them. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: Ibb49791a7db998e45b35ed15ddc12126e669c730 Reviewed-on: https://chromium-review.googlesource.com/505477 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>	2017-06-23 22:56:47 -07:00
Hung-Te Lin	01dc818924	Change invocation of "gbb_utility" to "futility gbb" Replace commands using gbb_utility by the new 'gbb' futility command. BRANCH=none BUG=None TEST=USE=test emerge-$BOARD vboot_reference Change-Id: I8c1547d295a955373413482509a33964b0e0c06f Signed-off-by: Hung-Te Lin <hungte@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/538442 Reviewed-by: Stefan Reinauer <reinauer@google.com>	2017-06-21 23:38:08 -07:00
C Shapiro	4007d6ff21	Unified build support for multi-firmware signing Unified builds break down multiple firmware images for each model; however, the signing script didn't have support for this. This updates the signing script to iterate over all models in a unified build and sign each firmware image separately. BUG=chromium:734485 TEST=sign_official_build.sh recovery for reef and reef-uni BRANCH=none Change-Id: Ia2b5b8bd36ac77aeb7944362186d1d5739e6ff3d Reviewed-on: https://chromium-review.googlesource.com/540131 Commit-Ready: C Shapiro <shapiroc@google.com> Tested-by: C Shapiro <shapiroc@google.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Jason Clinton <jclinton@chromium.org>	2017-06-20 13:38:10 -07:00
Mike Frysinger	2d160adf72	image_signing: sign_official_build.sh: switch verification to loopbacks Rather than copy out the rootfs to a temp file and perform checks on that, run the checks directly on the image. This saves us from having to copy many GB worth of data which can be expensive on the VMs (slow disk I/O). BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: Ie7d1c432aacb69e57b6c5fd9ab810b8d0b054860 Reviewed-on: https://chromium-review.googlesource.com/505476 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-06-15 15:17:17 -07:00
Marco Chen	04b3835b69	Add a script to generate a keypair for signing Rose RW firmware. Rose decided to leverage the key format of Hammer therefore this script calls Hammer's one to generate a key pair and renames them to key_rose*. BUG=b:37693819 TEST=None BRANCH=None Change-Id: I1f31afe89a00895434a169401ab76b594ad0a403 Reviewed-on: https://chromium-review.googlesource.com/529504 Commit-Ready: Wei-Ning Huang <wnhuang@chromium.org> Tested-by: Marco Chen <marcochen@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-06-12 06:47:41 -07:00
Mike Frysinger	4df2f6f4e2	keygeneration: make helper script executable BUG=b:35587169 TEST=None BRANCH=None Change-Id: I2098f39dd17893c5e30ed495eaa87935efbcb0ee Reviewed-on: https://chromium-review.googlesource.com/526613 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Marco Chen <marcochen@chromium.org>	2017-06-10 03:10:21 -07:00
Marco Chen	670ca01555	Add a script to generate a keypair for signing accessory RW firmware. BUG=b:35587169 TEST=None BRANCH=None Change-Id: Ibb309c34ca22d30138cb62d698eafb6ee77add8c Reviewed-on: https://chromium-review.googlesource.com/520368 Commit-Ready: Marco Chen <marcochen@chromium.org> Tested-by: Marco Chen <marcochen@chromium.org> Reviewed-by: Vincent Palatin <vpalatin@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-06-06 08:52:17 -07:00
Mike Frysinger	fda1300464	keygeneration: add some output helpers These use the same forms as in other shell projects in CrOS. BUG=b:35587169 TEST=ran create_new_android_keys.sh and new output works BRANCH=None Change-Id: Id75fd77203795d7837537f12ab948376a7ad105e Reviewed-on: https://chromium-review.googlesource.com/520786 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>	2017-06-01 23:49:33 -07:00
Mike Frysinger	b568c66bd7	image_signing: ensure_secure_kernelparams.sh: use loopback devices for speed Rather than read out the whole kernel partition just to dump the kernel config, set the image up via a loopback device and read from there. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I3797a0e77315e8baf6f481f31c44b889ac6d098a Reviewed-on: https://chromium-review.googlesource.com/505475 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-05-23 23:59:31 -07:00
Mike Frysinger	9d11bb1b1d	image_signing: unify output helpers We have `err_die` and `die` helpers that do the same thing, but some scripts just have to know which one to use based on their runtime. Just unify them as the more common `die` so all scripts can use it. Similarly, we provide info, warn, and error to dev scripts, but not to the runtime ones. Add small stubs in common_minimal.sh so the API is consistent. BRANCH=None BUG=chromium:718184 TEST=scripts still work Change-Id: Id44fb27900c37f4e357d20817f909e4534d1c5b3 Reviewed-on: https://chromium-review.googlesource.com/507990 Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org> Commit-Queue: Mike Frysinger <vapier@chromium.org>	2017-05-19 04:13:09 +00:00
Mike Frysinger	b660356d51	image_signing: fix key insert logic We don't want to override the common trap as the common sh files already have handlers installed to clean up files/mounts. Re-use those helpers to avoid leaking loopback mounts. BRANCH=None BUG=chromium:718184 TEST=signing images still works Change-Id: I749ce5075194356219fea51152154fdc5a2e3b99 Reviewed-on: https://chromium-review.googlesource.com/505575 Reviewed-by: Eric Caruso <ejcaruso@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Mike Frysinger <vapier@chromium.org>	2017-05-16 17:43:14 +00:00
Mike Frysinger	36e030df80	image_signing: strip_boot_from_image.sh: convert to info/error helpers This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I48edde260e1d1db88f65624c7ff46ad2ac1cc2f4 Reviewed-on: https://chromium-review.googlesource.com/498100 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-13 15:25:43 -07:00
Mike Frysinger	9e7caccd35	image_signing: resign_image.sh: drop unused script This script hasn't been executed by image_signing or the cros-signer code, and cs/ doesn't turn up any hits. Scrub it from the codebase. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: Ief4256a8ceab753d5c1fd6d0f3d81609e11f62a9 Reviewed-on: https://chromium-review.googlesource.com/500329 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-13 11:53:20 -07:00
Mike Frysinger	3c8496cc86	image_signing: sign_official_build.sh: convert to info/error helpers This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I4097fd58f349dc84c242dd12d6a94e12f387a1f0 Reviewed-on: https://chromium-review.googlesource.com/498232 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-13 11:53:20 -07:00
Mike Frysinger	ad16cf327e	image_signing: ensure_sane_lsb-release.sh: convert to info/error helpers This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I7351e1ff63bb7e88e4449dd2718685fef7ec031d Reviewed-on: https://chromium-review.googlesource.com/498267 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-13 01:04:43 -07:00
Mike Frysinger	5fa64e2eae	image_signing: ensure_no_nonrelease_files.sh: convert to info/error helpers This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I666d3f5beee4b4e3e9903d546ef66917990a659e Reviewed-on: https://chromium-review.googlesource.com/498231 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-12 22:49:01 -07:00
Mike Frysinger	eb7c7632fe	image_signing: make_dev_ssd.sh: convert to info/error helpers This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I96e20f38b6a51ad4dc8064fa3fb3d4302c47888f Reviewed-on: https://chromium-review.googlesource.com/497302 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-12 20:58:06 -07:00
Mike Frysinger	3a6d6f886e	image_signing: common.sh: prefix helper messages with $PROG by default This makes the output easier to follow when multiple scripts are being run. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I072994dd07cf559a60e8a139eaeaf000cbbf72e3 Reviewed-on: https://chromium-review.googlesource.com/497301 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-11 01:58:55 -07:00
Mike Frysinger	f68d76c1cd	image_signing: do not fail when chronos does not exist If the device doesn't create a chronos user, don't throw errors. For some embedded systems, they don't need a chronos user. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I4604beae1e647e024a04583471b8a7d0d4f188fa Reviewed-on: https://chromium-review.googlesource.com/500027 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-11 01:58:53 -07:00
Mike Frysinger	0dfff398fc	image_signing: swap_rootfs.sh: drop unused script This script hasn't been executed by image_signing or the cros-signer code, and cs/ doesn't turn up any hits. Scrub it from the codebase. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: Ic9cf90929f949a7f6b4e41e5b819d6f786c1c833 Reviewed-on: https://chromium-review.googlesource.com/500328 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-05-10 11:58:28 -07:00
Mike Frysinger	1aabe7111e	image_signing: output pubkey in DER format BRANCH=None BUG=chromium:718184 TEST=new imageloader works Change-Id: I430ed616954c820d3d1607eefd4f8e1c60863a8f Reviewed-on: https://chromium-review.googlesource.com/497914 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Greg Kerr <kerrnel@chromium.org>	2017-05-10 11:58:19 -07:00
Mike Frysinger	f3df71d44c	image_signing: set_channel: use new lsbval helper Minor clean up to the logic. BUG=None TEST=`./set_channel recovery_image.bin stable-channel` changed the lsb-release file to stable BRANCH=None Change-Id: Idf12b643f88e373b528b50e269537b861052b448 Reviewed-on: https://chromium-review.googlesource.com/414225 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org>	2017-05-07 09:45:58 -07:00
Mike Frysinger	febef2af40	image_signing: fix signing of zip/crx files Restore the search logic for manifests in subdirs. BRANCH=None BUG=chromium:697645 TEST=signed adb/fastboot zip archives Change-Id: I07a417216ea463cb00d6ead7cd3b61d6e6fa507d Reviewed-on: https://chromium-review.googlesource.com/494207 Commit-Ready: Hsinyu Chao <hychao@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Eric Caruso <ejcaruso@chromium.org>	2017-05-04 06:07:01 -07:00
Eric Caruso	1919b169bf	image_signing: change files sign_oci_container looks for Since we're packing containers in a format imageloader understands, we need to consume imageloader's manifest and produce a signature it knows to look for. BRANCH=ToT BUG=chromium:697645 TEST=package adb container, verify imageloader.sig.2 is present Change-Id: Ied9cdacf1d448a094c1b171bc2bf3b2ae54eb517 Reviewed-on: https://chromium-review.googlesource.com/457102 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-04-26 16:19:51 -07:00
Victor Hsieh	cfbc083efe	Preserve compress method when re-sign Android image TEST=sign_android_image.sh rootfs /path/to/tests/devkeys/android # unsquash -s still shows gzip (previous script always use lzo) BUG=chromium:705247 BRANCH=none Change-Id: If95686d293123a069ce36bc53cbea3a08aa3e7ab Reviewed-on: https://chromium-review.googlesource.com/461205 Commit-Ready: Victor Hsieh <victorhsieh@chromium.org> Tested-by: Victor Hsieh <victorhsieh@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2017-03-28 17:16:52 -07:00
Mike Frysinger	62461d719f	image_signing: support signing of OCI containers BUG=chromium:660209 TEST=`./sign_official_build.sh oci-container fastboot/ ../tests/devkeys` works TEST=signing an image inserted the container pubkey BRANCH=None Change-Id: I75793b03e93f2c18b1495a3ec729ad04d2e17401 Reviewed-on: https://chromium-review.googlesource.com/427538 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>	2017-01-14 20:19:06 -08:00
Hung-Te Lin	d140800050	scripts: Add "-p host" to make_dev_firmware.sh. Always add "-p host" for flashrom to find right programmer. BRANCH=None BUG=chrome-os-partner:60894 TEST=./make_dev_firmware.sh Change-Id: Iee66e143e77ea258a2a9ff3757d9446b7cf37dbc Reviewed-on: https://chromium-review.googlesource.com/419860 Commit-Ready: Hung-Te Lin <hungte@chromium.org> Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Ting Shen <phoenixshen@chromium.org>	2016-12-28 00:55:50 -08:00
Ting Shen	e5500a319b	set_gbb_flags: add '-p host' to flashrom command BRANCH=none BUG=chrome-os-partner:60894 TEST=set_gbb_flags 0 Change-Id: I22f372590bfe7705d4312588f971ad37f229a216 Reviewed-on: https://chromium-review.googlesource.com/418519 Commit-Ready: Ting Shen <phoenixshen@chromium.org> Tested-by: Ting Shen <phoenixshen@chromium.org> Reviewed-by: David Hendricks <dhendrix@chromium.org>	2016-12-20 06:47:09 -08:00
Hung-Te Lin	1a0679c1a4	scripts: Change anti-rollback check from error to warning for make_dev_firmware. Currently make_dev_firmware will abort if the stored TPM version is higher and ask user to reset TPM; however that is not very feasible because: (1) If the device is still MP-signed, external users can't boot dev-signed factory shim or recovery or test images. (2) Even if the user is able to reset TPM, the stored TPM version will be increased again when user boots into the image for running make_dev_firmware. As a result, the right flow is to allow user (with warning and instructions) resign firmware with dev-keys, boot into recovery mode due to anti-rollback check, and then boot any dev-signed image to reset TPM. BRANCH=none BUG=None TEST=./make_dev_firmware.sh # see warning message. Change-Id: Ifd4cd9912ab505427c985154b3f469e1485789b2 Reviewed-on: https://chromium-review.googlesource.com/419898 Commit-Ready: Hung-Te Lin <hungte@chromium.org> Tested-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Mattias Nissler <mnissler@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org>	2016-12-14 06:03:12 -08:00
Mike Frysinger	1e9245dfff	image_signing: unify board extraction logic from lsb-release We had two places extracting the board value from lsb-release and parsing the output by hand. Unify them to use the same parsing logic to avoid desynchronized behavior. We also create a new get_boardvar_from_lsb_release helper to unify the board name -> variable name mangling logic. BUG=chromium:667192 TEST=`./security_test_image --board samus` still detects the correct board BRANCH=None Change-Id: If88a8ae59b9c9fd45ddd796653a0173ed0186d2d Reviewed-on: https://chromium-review.googlesource.com/414224 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>	2016-11-29 17:41:03 -08:00
Randall Spangler	46a382d613	vboot: Remove vboot1 cryptolib padding source The old vboot1 cryptolib hard-coded many of its padding arrays in a padding.c file. Use the equivalent vboot2 apis instead. This change is almost exclusively on the host and test side; the only firmware impact is on a single line of debug output. BUG=chromium:611535 BRANCH=none TEST=make runtests; emerge-kevin coreboot depthcharge Change-Id: If689ffd92f0255847bea2424950da4547b2c0df3 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/400902 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>	2016-11-06 02:33:02 +00:00
Qiang Xu	a1001da565	Strip out bootcache config when removing rootfs verification For a device with bootcache support (such as parrot), the kernel config contains bootcache args (reference: device_map_args in build_kernel_image.sh). When removing rootfs verification, bootcache should be disabled, equivalently we should remove bootcache args. BRANCH=vboot_reference BUG=chromium:590606 TEST=tested on parrot device with ./build_image --board=parrot test. After installing the image on device, (1) run sudo /usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification (2) reboot The bootloop bug is fixed. Change-Id: I56ca5f2d98e00e1117611959a67ce72338ec7377 Reviewed-on: https://chromium-review.googlesource.com/395386 Commit-Ready: Qiang Xu <warx@chromium.org> Tested-by: Qiang Xu <warx@chromium.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Qiang Xu <warx@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2016-10-13 17:26:38 -07:00
Hung-Te Lin	fefc682bb7	scripts: Improve make_dev_firmware and allow working with more MP firmware. Verified boot has "TPM anti-rollback check" that prohibits booting firmware if the device has been installed with a firmware that has higher signing version. This is causing problems when people are trying to use make_dev_firmware script on MP devices (which usually has a higher version than DEV keyset, which is always 1). Previously, make_dev_firmware won't alert about this so developers will first see boot failure, figure out what happened, and then either uprev the devkeys folder manually (which we don't provide scripts on DUT so it's hard), or reset the device by using factory reset shim. Since make_dev_firmware already knows all information, it should check and increase version number automatically. This change has implemented checking and increasing 'firmware version'. The 'data key version' is also checked, but increasing that is more complicated and we probably don't have all required tools yet on DUT, so it is only checked. Also added one flag --[no]mod_hwid so MP device users can keep their HWID easier, when they need to switch back and forth between DEV / real MP firmware. BRANCH=none BUG=none TEST=Grab a firmware from daisy mp-v4.bin and do ./make_dev_firmware.sh -f bios.bin -t out.bin --nomod_hwid Change-Id: If81ef60e6debdcd1c6d899b5a2c03bdacb4fd4f7 Signed-off-by: Hung-Te Lin <hungte@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/390871 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org>	2016-10-01 00:02:43 -07:00
Victor Hsieh	31cf713244	Revert "Change debug key signatures" The lab use test image (non-signed) to run CTS, so we still need to switch key to make a test pass (which blacklist Google's dev key). This reverts commit `b94145a309`. TEST=None BUG=b:29915721,b:31373710 Change-Id: I0873d13b606f3e49b9d055e9dd081d3dacd97c65 Reviewed-on: https://chromium-review.googlesource.com/388636 Commit-Ready: Victor Hsieh <victorhsieh@chromium.org> Tested-by: Victor Hsieh <victorhsieh@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2016-09-26 11:59:22 -07:00
Luis Hector Chavez	42b74d2677	Preserve file capabilities while signing Android The version of unsquashfs that is shipped with Trusty does not correctly file capabilities, even though the target filesystem supports them. This change forces the Android signer script to prefer the pre-built binaries for mksquashfs/unsquashfs in order for the file capabilities to be preserved. BUG=b:31630024 BRANCH=none TEST=Called sign_android_image.sh locally, saw capabilities preserved across repeated invocations. CQ-DEPEND=CL:*289356 Change-Id: I13e8782edb699eb4ce8bcf82885bd474f4351430 Reviewed-on: https://chromium-review.googlesource.com/387867 Commit-Ready: Luis Hector Chavez <lhchavez@google.com> Tested-by: Luis Hector Chavez <lhchavez@google.com> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2016-09-23 21:09:16 -07:00
Mike Frysinger	6f2ea5b731	keygeneration: create_new_keys: add key-name/output options We use these features on the signer, so move the logic here so it's in the public code. BUG=None TEST=`./create_new_keys.sh --key-name hihya --output foo --android` worked BRANCH=None Change-Id: I85d6fdbafd99a1b94bc90e26cbc17ba801614914 Reviewed-on: https://chromium-review.googlesource.com/388673 Reviewed-by: David Riley <davidriley@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org>	2016-09-22 19:58:27 +00:00
Mike Frysinger	df39d0ac27	keygeneration: add --android option to generate keys BUG=b:29915721 TEST=`./create_new_keys.sh --android` includes android keys BRANCH=None Change-Id: Ibb00b87921435ac5b70a297324ddf60563dc08d8 Reviewed-on: https://chromium-review.googlesource.com/386905 Reviewed-by: Victor Hsieh <victorhsieh@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org>	2016-09-20 20:48:21 +00:00
Bill Richardson	afa7350dcc	make_dev_firmware.sh should use key.versions file The 'key.versions' file is used by the image signing scripts to ensure that newly generated keys and re-signed buildbot images have the correct version numbers to avoid rollback in officially-signed Chrome OS images. If a skilled user is re-keying her Chromebook to use personal keys in normal mode (which requires disabling WP and changing the GBB and VBLOCK_A/B), she can avoid clearing the TPM rollback counters if make_dev_firmware.sh will obtain the firmware_version from the key.versions file in her personal key directory. BUG=none BRANCH=none TEST=make runtests, manual tests Extract an MP-signed BIOS from a Chromebook Peppy. flashrom -p host -r peppy.bin Resign it without this CL: make_dev_firmware.sh -f peppy.bin -k tests/devkeys -t dev_peppy.bin Resign it with this CL: make_dev_firmware.sh -f peppy.bin -k tests/devkeys -t dev_peppy_new.bin Confirm no difference: cmp dev_peppy.bin dev_peppy_new.bin Temporarily edit tests/devkeys/key.versions to contain firmware_key_version=2 firmware_version=3 kernel_key_version=4 kernel_version=5 Resign again: make_dev_firmware.sh -f peppy.bin -k tests/devkeys -t dev_peppy_new2.bin Confirm that the only difference is the firmware version in VBLOCK_A/B: futility show dev_peppy_new*.bin Change-Id: I133f1b58fb969eaeb239a44a4800750c4eee1d5f Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/383887 Reviewed-by: Mike Frysinger <vapier@chromium.org>	2016-09-12 17:36:22 -07:00

1 2 3 4 5 ...

343 Commits