(somehow that never got committed)
Change-Id: I304e594066c5dd72fc7cf37d31e27b1096ae1a38
BUG=12282
TEST=make && make runtests
Review URL: http://codereview.chromium.org/6610019
Fix try_b processing
And move key block flags check up in LoadFirmware(), which speeds up
boot when the dev switch is off because it doesn't do a signature
check and then throw it out.
BUG=12282
TEST=build firmware, try by hand
Review URL: http://codereview.chromium.org/6596081
Change-Id: I10474e9e0ae324906dfe02a351347d04ce847f67
Change-Id: I19f402904978581eb5ca990ffbdf2f762b48c217
BUG=12282
TEST=make H2C firmware and verify using crossystem utility
(set fwb_tries, reboot, verify that mainfw_act is B)
Review URL: http://codereview.chromium.org/6597018
1) Did firmware attempt RW slot B before slot A?
2) Did firmware check the kernel keyblock signature, or just its hash?
Added crossystem support as well.
BUG=chrome-os-partner:1657
TEST=make && make runtests
Review URL: http://codereview.chromium.org/6597011
Change-Id: I0d743ae87cedd938ba988170793717d3fdbd8ce9
In order to run test cases in both Linux user mode and u-boot command
mode. The API header tlcl.h must be accessed by both ebuilds.
Change-Id: Ic027dc118f26666b88bf54c511e2455a55e4eb8f
BUG=chromium-os:10497
TEST=emerge vboot_reference-firmware successfully
Review URL: http://codereview.chromium.org/6469089
TlclStubInit, TlclCloseDevice, and TlclOpenDevice were void functions but
should return error codes.
BUG=chromium-os:6695
TEST=RUNTESTS=1 make && emerge successfully
Review URL: http://codereview.chromium.org/5796005
Change-Id: I8ddbf8b1f080d98ff6ed42c4a675fbda5b17eef1
This lets us reorder the priority of all the kernel partitions with a single
command, instead of a bunch of complicated and error-prone shell script
logic.
Change-Id: I21d39763ec5a748488d5319a987bcfe7c34ce4d0
BUG=chromium-os:9167
TEST=manual
In the chroot, do this:
cd ~/trunk/src/platform/vboot_reference
make
make runtests
make clean
Everything should pass.
Review URL: http://codereview.chromium.org/5352005
Change-Id: Ib12405f968af11ad75a6429ae9ebe502dde5bf92
BUG=chrome-os-partner:1591
TEST=make && make runtests
(This is already in the firmware; I'm just copying it back into vboot reference)
Review URL: http://codereview.chromium.org/5312003
http://code.google.com/p/chromium-os/issues/detail?id=9279
This issue disclosed a bug of cgpt. The bug comes from the 'show' command always
reads the primary entry table when '-i partition' is specified. I added an
ANY_VALID constant for GetEntry to automatically select valid entry table.
Also fixed the bugs in cmd_boot.c and cmd_find.c. In cmd_add.c, stop user to
continue if any header/entry table is invalid.
Also fixed the bug that untrusted header size could cause segmentation failure.
Hungte, this is FYI. But welcome to do review.
BUG=chromium-os:9279
TEST=RUNTESTS=1 emerge-x86-generic vboot_reference
Manually tested:
cgpt show /tmp/test -i 1 -b
cgpt show /tmp/test
cgpt add /tmp/test -i 1 -l TEST
cgpt find /tmp/test -l STATE
cgpt boot /tmp/test -i 1
Change-Id: Iaba9c635754096a82b3ec74634af184362d4e264
Change-Id: I6f3e87e3998457676e3388d2a6ed36c0564796d8
Review URL: http://codereview.chromium.org/5115002
BUG=chromium-os:8621
TEST=See below
1. Build and run tests of vboot (including linktest)
$ make && make runtests
2. Check if *_stub.o are not in vboot_fw.a
$ nm /build/<board>/usr/lib/vboot_fw.a | grep _stub.o
3. Build and boot x86-generic image
$ ./build_packages --board=x86-generic && ./build_image --board=x86-generic
(Then successfully boot the image you just built)
See CL=4372001 for u-boot side changes
Review URL: http://codereview.chromium.org/4266002
Change-Id: Icc2bcc551c998f370e4b737fbe442ebf029cd81c
Change-Id: I3f18081bda888a0fa6f56a67d0cef17268014706
BUG=chromium-os:6714
TEST=manual by enabling ROLLBACK_TPM in firmware/Makefile (did not test by compiling under MSVC)
Review URL: http://codereview.chromium.org/3973001
This matches the calls in firmware version 0037.
BUG=none
TEST=manual
Review URL: http://codereview.chromium.org/3859002
Change-Id: I3b45051dec3f4f45414802b39122c8d52c4d62f1
Change-Id: I4c9b7a937103f3978cbed6629ee4057018b80eae
More cleanup. Also allow some tests to run even when TPM is already started.
Change-Id: I23558b96a1de55bbeca42dbf2e44f6802a0ec85b
Reorganize and standardize behavior of tests.
Change-Id: Id32fd09211a72deaa66a3dd0f973d35506ff96f2
BUG=433
TEST=ran all the tests I could run without TPM-free BIOS
Review URL: http://codereview.chromium.org/3389004
Change-Id: Id353323d268835cbcc1fb13c8669cee420c8fb6a
BUG=chrome-os-partner:1046
TEST=manual
Make sure your chromeos install on the hard drive has 2 good kernel
partitions. Do:
sudo cgpt show /dev/sda
If partition 2 has success=1, do:
sudo dd if=/dev/sda2 of=/dev/sda4 bs=1M
sudo dd if=/dev/sda3 of=/dev/sda5 bs=1M
cgpt add -i 4 -S 1 -P 2
(if instead partition 4 has success=1, do:)
sudo dd if=/dev/sda4 of=/dev/sda2 bs=1M
sudo dd if=/dev/sda5 of=/dev/sda3 bs=1M
cgpt add -i 2 -S 1 -P 2
Reboot and do the following:
sudo cgpt show /dev/sda
If the partition you just marked active still has success=1
priority=2, the bug is fixed. If it has success=0 priority=0, the bug
is still there.
Review URL: http://codereview.chromium.org/3324014
Change-Id: I4785a6326017c63d83a8eb153d6b90ee82e5f839
BUG=chromeos-partner:222
TEST=manual (build FW, make sure system boots and tpmc prints good values)
Review URL: http://codereview.chromium.org/3367020
Change-Id: I26d7d725cb429394e24be40a2f362b7ff160f4ee
BUG=none
TEST=make && make runtests (and build into test BIOS)
Review URL: http://codereview.chromium.org/3337017
This makes the sequence of pictures shown to the user slightly less
confusing, but the whole process needs a bit more cleanup. Some of the work
has to be done in the BIOS code, not just here. This is better, but it's not
complete.
Change-Id: If0b3ecc92716020a06031866849d83411d7f0db8
BUG=chrome-os-partner:903
TEST=manual
Review URL: http://codereview.chromium.org/3249009
BUG=2083
TEST=manual
Compiled with DISABLE_ROLLBACK unset. I need help testing this change - in particular, if the PCR 0 value is actually different in dev mode off vs. dev mode on. This can be done by invoking 'tpm_pcrread -p 0' at the shell. tpm_pcrread is part of the tpm_tools package.
Change-Id: I0728fb776a0c9cb90d885e7a1c76ff6a1a41a17b
Review URL: http://codereview.chromium.org/3195018
Add some extra cases to SanityCheckTest() to test both header and entries
being garbled at either end of the disk.
Add DuplicateUniqueGuidTest() to check that GPTs having duplicate
UniqueGuids in the entries are rejected. We can only check this per-disk, of
course.
Made some changes to the library to enforce the UniqueGuid requirement that
I just started testing for.
BUG=chromium-os:4854
Review URL: http://codereview.chromium.org/3135044
Change-Id: I86458faf9cc99aa3f29aac0d5b144dbd05067181
BUG=5654
TEST=manual
Case 1: Trying a new kernel which works
sudo cgpt add -P10 -T10 -S0 -i4 /dev/sda
Then reboot and
sudo cgpt show /dev/sda
See that tries is now 9 for /dev/sda4 (since the current ChromeOS
doesn't set the successful bit)
Case 2: Trying a new kernel which is bad
sudo dd if=/dev/zero of=/dev/sda4 count=1 conv=notrunc
Then reboot and
sudo cgpt show /dev/sda4
See that success=prio=tries=0 for /dev/sda4.
Review URL: http://codereview.chromium.org/3130040
Reference code drop-in to firmware should make our implementations of Memset() and SafeMemcmp() get used now.
BUG=chrome-os-partner:820
TEST=make && make runtests
Change-Id: If0c06dfad85b67398a118985cdb751d20b2b65a4
Review URL: http://codereview.chromium.org/3173035
1) kernel_subkey is one of the input parameters; not read off disk. KeyBlockVerify() now verifies it's not NULL unless we're only using the hash.
2) Added a check for kernel size vs. buffer size.
3) Added a check to make sure kbuf_sectors is nonzero.
BUG=chrome-os-partner:704
TEST=make && make runtests
Review URL: http://codereview.chromium.org/3186013
Also, make algorithm unsigned int in most places.
BUG=chrome-os-partner:701
TEST=existing RSA verification tests still pass
Review URL: http://codereview.chromium.org/3136017
Changed TlclRead / TlclWrite to take void* / const void* to reduce typecasts.
Much restructuring of rollback_index.c.
Fixed a version-packing bug in rollback_index.c (& --> |)
BUG:chrome-os-partner:304
TEST:manual testing of all code flows on CRB
Review URL: http://codereview.chromium.org/3084030
Make vbutil_keyblock handle unsigned blocks. Also enable --unpack option and
add tests for it.
Modify vbutil_kernel to allow unsigned keyblocks, correct usage message,
and fix the --debug option which was somehow disabled.
Update load_kernel_test to accept /dev/null for the public key, to test
non-signed kernel keyblocks.
Review URL: http://codereview.chromium.org/3124004
