This is just a cosmetic tweak to make it a bit clearer that
mosys is the underlying interface for these particular vbnv
read/write functions.
BUG=none
BRANCH=none
TEST=it still compiles
Signed-off-by: David Hendricks <dhendrix@chromium.org>
Change-Id: Ide172bfecf608a30489d25026268aedfc421ce4d
Reviewed-on: https://chromium-review.googlesource.com/222062
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This handles VBNV data stored in SPI flash which happens to be
the exact same way we handle VBNV data stored in the EC.
BUG=chrome-os-partner:31529
BRANCH=none
TEST=with CL:221349 applied, crossystem on storm no longer
spews tons of errors
Change-Id: I021d9f430acfac34dff44a927361a5a0e5ae2ff8
Signed-off-by: David Hendricks <dhendrix@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/222061
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This gives recovery mode information on two boots back instead of one,
which may be handy for debugging.
It also allows determining whether a failure of the current boot
should try the other slot or go to recovery, using only information
stored in NV storage.
Added crossystem support for printing the fields, and unit tests.
BUG=chrome-os-partner:32585
BRANCH=none
TEST=make runtests; VBOOT2=1 make runtests
Change-Id: Ia9f4186210d30217b902db7c513ae4ab8851f8f4
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/221230
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
scripts/sign_data.sh is just a wrapper to do this:
./signature_digest_utility $1 $3 \
| openssl rsautl -sign -pkcs -inkey $2
AFAICT, that script is only invoked by the SignatureFile()
function in host/lib/file_keys.c, which is not referenced by
anything. I think I can remove both of those things.
Also remove utility/gbb_utility.cc, which should have been done
long ago in commit 6f39615.
BUG=none
BRANCH=ToT
TEST=make runalltests
Also ran it on daisy_spring-paladin and link-tot-paladin.
Change-Id: I16de5022765806f11bf6144d7ffd8cc849578a68
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/216719
Reviewed-by: Mike Frysinger <vapier@chromium.org>
It doesn't yet handle block devices, but it can display normal files
containing a entire BIOS image, a GBB, a VBLOCK, a .vbpubk, a .vblock,
and a firmware preamble (VbFirmwarePreambleHeader).
The command-line options are not well-documented.
BUG=chromium:224734
BRANCH=ToT
TEST=make runtests
Change-Id: I181f6331ae23599302bbaee3f270e8af9586cf06
Reviewed-on: https://chromium-review.googlesource.com/216032
Commit-Queue: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
The functions that look for the FMAP and its entries should return more
useful values.
BUG=none
BRANCH=ToT
TEST=make runtests
No functional changes.
Change-Id: I4b62ea0de972bceb3d58f4ee8eb82ad065ddcbae
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/214630
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Provide a PublicKeyLooksOkay() function to sanity-check VbPublicKey structs.
This was just part of PublicKeyRead(), but I want to separate the reading
from the checking.
BUG=chromium:224734
BRANCH=ToT
TEST=make runtests
Change-Id: I1dd808e623e2a7fdc2789e02305619111a7b01e6
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/214621
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This CL accesses the partition entry array through its header's
entries_lba value.
Previously, we assume the primary entry array lies on third sector, and
the secondary array lies (1 + 32) sectors from disk end. This assumption
was fine, even Wikipedia assumed the same.
But in order for us to support writing boot code to the third sector (as
required by some Freescale board), the primary entry array must be moved
to another location. Therefore, we must use "entries_lba" to locate the
arrays from now on.
BRANCH=none
BUG=chromium:406432
TEST=unittest
TEST=`cgpt create -p` and then `cgpt show`. Make sure the table
header and entries are properly moved.
Change-Id: Ia9008b0bb204f290b1f6240df562ce7d3a9bbff2
Reviewed-on: https://chromium-review.googlesource.com/213861
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Nam Nguyen <namnguyen@chromium.org>
Tested-by: Nam Nguyen <namnguyen@chromium.org>
Rather than continuing to report different variants of PCH GPIO the same
way use the common name of PCH-LP.
BUG=chrome-os-partner:28234
BRANCH=None
TEST=boot on samus and ensure there are no (error) reported
Change-Id: I9321e7bd85b2b3b3ebadc22ac32be6759e85f822
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/210393
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
We've been creating and linking against a library called "libvboot_host.a"
for two different reasons. The main purpose is to build the vboot_reference
tools found in the utility/ directory. But there are some external userspace
programs that would also like to use some functions in this library.
This change establishes libvboot_host.a as the library for use by external
userspace programs only, and creates a new libvboot_util.a library that's
only used inside this source tree to build the vboot utilities.
BUG=chromium:231567
BRANCH=ToT
TEST=manual
Build and run the local tests:
make runalltests
make clean
Build Link firmware and all the utilities:
emerge-link chromeos-base/vboot_reference \
sys-boot/depthcharge \
sys-boot/coreboot \
chromeos-base/chromeos-ec \
chromeos-base/chromeos-firmware-link \
chromeos-base/chromeos-cryptohome \
chromeos-base/update_engine \
chromeos-base/chromeos-installer \
chromeos-base/chromeos-login \
chromeos-base/verity
Build Lumpy utilities, which include the 32-bit cros_installer:
emerge-lumpy chromeos-base/vboot_reference \
chromeos-base/chromeos-login \
chromeos-base/verity \
chromeos-base/update_engine \
chromeos-base/chromeos-installer \
chromeos-base/chromeos-cryptohome
Change-Id: Ie81ff1f74a6356cb8fab7d98471139d7758c4f19
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/207016
Reviewed-by: Randall Spangler <rspangler@chromium.org>
We use a few bytes of battery-backed nvram to save some flags across
reboots. However if the battery discharges completely, these flags are lost.
There aren't any security issues with that since they reset to safe values,
but some of the flags are used to configure how the system boots in
dev-mode.
If a dev-mode user has completely replaced ChromeOS with some other OS, then
she often needs to set the dev_boot_usb and/or dev_boot_legacy flags as well
in order to boot it using Ctrl-U or Ctrl-L. If the battery dies, then those
flags are cleared, and the only way to make the Chromebook boot again is by
going through recovery, which wipes the disk.
This change uses a new NV space in the TPM to back up some of the nvram
flags. These nvram fields will be backed up:
block_devmode
dev_boot_legacy
dev_boot_signed_only
dev_boot_usb
fwupdate_tries
loc_idx
Because writing to the TPM space is slow and limited to an unspecified but
finite number of cycles, we only back up the fields when specifically
requested by the new backup_nvram_request flag. This flag will be set by
crossystem whenever it is used to change any of the fields listed above. The
backup will be attempted at the NEXT boot (because the TPM is locked after
booting), and the backup_nvram_request flag will be cleared if the backup
was successfull.
Note that this CL is for Top of Trunk only. The firmware will create the
required TPM spaces on systems that have never been booted, but we don't yet
have a secure or reliable method to update existing systems.
FYI, on Link, determining that the TPM's backup NV space doesn't exist adds
about 6ms to the boot time. If it does exist, the backup_nvram_request flag
is cleared automatically so it won't check until it's set again.
BUG=chromium:362105
BRANCH=ToT (only!)
TEST=manual
Testing this is a long and involved process. Read on...
First, there are host-side tests for it. In the chroot:
cd src/platform/ec
make runtests
Second, to test on a completely NEW system that was first booted with a BIOS
that contains this CL, do this:
Enter dev-mode
Use crossystem to set values for the fields listed above
Confirm that "backup_nvram_request" is set to 1
Reboot
Use crossystem to confirm that "backup_nvram_request" is now 0
Remove the battery and the AC
Reattach either battery or AC so it will boot again
Use crossystem to confirm that the backed up fields are still good, while
the others have been reset to default values
Switch to normal mode
Remove the battery and the AC
Reattach either battery or AC so it will boot again
Look at the bios info in chrome://system to see what crossystem says
Confirm that the dev_boot_* flags are all 0, while the others are restored
Third, to set things up to test this on an existing system (I used Link),
you have update the BIOS, delete both the Kernel and Firmware NV spaces in
the TPM, then reboot so that the BIOS will create the Backup, Kernel, and
Firmware spaces. It will only do that if they're all missing.
Open it up, disable write-protect, attach a servo, etc.
Switch to dev-mode, log in.
Run make_dev_firmware.sh
Reboot in recovery mode, and insert a USB stick with a test image on it.
NOTE: In order to fiddle with the TPM, we'll *always* have to boot in
recovery mode, since that's the only time the TPM is left unlocked. That's
NOT the same as pressing Ctrl-U at the scary boot screen. The rest of
these steps assume you've booted in recovery mode and are running from the
test image on the USB stick.
Run
make_dev_ssd.sh --remove_rootfs_verification --recovery_key
Reboot (recovery mode)
Run
mv /etc/init/tcsd.conf /etc/init/tcsd.conf.disabled
Reboot (recovery mode).
Run "tpmc getvf". It should say
deactivated 0
disableForceClear 0
physicalPresence 1
physicalPresenceLock 0
bGlobalLock 0
Run "tpmc geto". It should say
Owned: no
Now you'll need to build the "tpm-nvtool" utility. In the chroot:
cd src/third_party/tpm/nvtool
make
Copy that to the DUT, in /usr/local/bin.
Now run
tcsd
tpm-nvtool --list | grep Index
You may see a number of spaces, but you should at least see these:
# NV Index 0x00001007
# NV Index 0x00001008
Run
tpm_takeownership
It will prompt you for two passwords (and confirm each one). Respond with
something you can remember like "google".
Run
tpm-nvtool --release --index 0x1007 --owner_password "google"
tpm-nvtool --release --index 0x1008 --owner_password "google"
Verify that it worked with
tpm-nvtool --list | grep Index
Power off.
Using servo, flash the new BIOS that has this CL in it.
Power on, normally this time (not recovery mode). If all goes well, it
should create the correct NV spaces and boot into the SSD. Copy tpm-nvtool
into this image too, and run
tpm-nvtool --list | grep Index
You should now see at least these spaces:
# NV Index 0x00001007
# NV Index 0x00001008
# NV Index 0x00001009
Now you're ready to test the backup/recover feature.
Change-Id: I00031fa0774720147327e2ae0f37e26b34b86341
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/202138
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Currently, this does nothing. It just sets a flag that nothing looks at.
Don't get all wound up - we haven't abandoned our principles. This will
eventually be used to allow enterprise-enrolled customers to prevent
unauthorized use of developer mode in the Chrome OS devices that THEY OWN.
This is not Google deciding to turn a feature off, it's allowing the OWNER
to control the use of the feature. In some situations, the owner can be held
liable for what others do with the owner's equipment. This will help the
owner avoid those situations while their device is out of their immediate
control.
BUG=none
BRANCH=ToT
TEST=manual
Set the flag with:
crossystem block_devmode=1
Clear it with:
crossystem block_devmode=0
Retrieve the value ("0" or "1") like so:
val=$(crossystem block_devmode)
echo "the flag is $val"
or just test it directly like so:
if crossystem 'block_devmode?1' ; then
echo "devmode is blocked"
else
echo "devmode is allowed"
fi
It should be persistent across reboots.
Change-Id: I097f15b307e1c3a2a9db595e9495028a2eea6309
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/197771
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Teach crossystem the tegra124 compatibility string so that it can identify the
platform for tegra124 based systems.
I called the platform Tegra5 to fit in with what seems to be the naming scheme
for the other Tegra SOCs.
BUG=chrome-os-partner:25355
TEST=Built and ran on nyan and saw the "platform_family" setting return Tegra5
instead of (error).
BRANCH=None
Change-Id: I1044f958ecdac37ad285fdc3d53e7bc36ca69315
Signed-off-by: Gabe Black <gabeblack@google.com>
Reviewed-on: https://chromium-review.googlesource.com/184051
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Gabe Black <gabeblack@chromium.org>
Commit-Queue: Gabe Black <gabeblack@chromium.org>
BayTrail systems have 3 banks of gpios. Therefore,
the Linux kernel exposes these 3 banks as 3 gpiochip
entries. The kernel driver expects the 3 banks to be
exposed with specific UIDs associated with a specific
banks. ChromeOS firmware maps gpios within a given
bank using the bank's MMIO offset. In summary:
Bank Type | UID | Offset
----------+-----+-------
SCORE | 1 | 0x0000
NCORE | 2 | 0x1000
SUS | 3 | 0x2000
BUG=chrome-os-partner:24408
BUG=chrome-os-partner:24324
BRANCH=None
TEST=Built. 'crossystem wpsw_cur' works correctly.
Change-Id: I251f86285ce9733f7ca90ed1ebef536f4fe5c07c
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/179513
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Up until recently the x86 systems had a single contiguous
set of gpio numbers exported through /sys/class/gpio
as /sys/class/gpiochip<X> values. BayTrail systems have
3 sets of gpio numbers. Therefore, there needs to be a
translation/look-up function based on chipset. The existing
chipsets have a 1:1 mapping, but this patch lays the ground-
work for chipset-specific translation.
BUG=chrome-os-partner:24324
BUG=chrome-os-partner:24440
BUG=chrome-os-partner:24408
BRANCH=None
TEST=Built. Ran on Rambi.
Change-Id: I32bcd975aea421f86a0220ee30332f48fe727656
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/179512
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
BayTrail is a valid chromeos platform. Therefore, allow
it to be returned for 'platform_family'.
BUG=chrome-os-partner:24324
BUG=chrome-os-partner:24440
BRANCH=None
TEST=Built. 'crossystem platform_family' reports 'BayTrail'.
Change-Id: I8d0b835f5f40e7f34adb4f91bd974c428bbaf6da
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/179511
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
This adds a VB_MAX_STRING_PROPERTY for callers that don't
want to guess at how big to make their buffers.
Additionally, it changes the size parameter to VbGetPropertyString()
from int to size_t.
BUG=None
TEST=compile the code
BRANCH=none
Change-Id: I22809d48e13b535593cb22a56444e2dcb27791a5
Reviewed-on: https://chromium-review.googlesource.com/175039
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Richard Barnette <jrbarnette@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Richard Barnette <jrbarnette@chromium.org>
Querying "debug_build" allows the caller to determine whether the
image has requested debug, independent of the setting of the
dev_mode switch.
BUG=chromium:308678
BRANCH=none
TEST=use the new command option on both base and dev images
Change-Id: I369f26d75156f2e88d9f6f467efbf8f633e78bda
Reviewed-on: https://chromium-review.googlesource.com/174107
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Richard Barnette <jrbarnette@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Commit-Queue: Richard Barnette <jrbarnette@chromium.org>
Add checks that the vboot library does not leak memory. This works by
tracking VbExMalloc() calls and making sure that they have an associated
VbExFree().
Adjust host_signature to use VbExFree() instead of free(), so that this
scheme works correctly for existing code.
BUG=chrome-os-partner:21115
BRANCH=pit
TEST=FEATURES=test emerge-peach_pit vboot_reference
Change-Id: I6ccccfbcc162fc43fb75862cd0eddad78ce8b18a
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/66175
A few places in the code through up warnings when building with strict
compiler flags. Correct these.
BUG=chrome-os-partner:21115
BRANCH=pit
TEST=manual
Build with:
FEATURES=test emerge-peach_pit vboot_reference
and see that iot now succeeds. Warnings include:
host/arch/arm/lib/crossystem_arch.c: In function 'ReadFdtValue':
host/arch/arm/lib/crossystem_arch.c:93:8: error: ignoring return value of 'fread', declared with attribute warn_unused_result [-Werror=unused-result]
Change-Id: I765723636e5f8979b794925c7b610081b2849026
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/66174
At present the kernel tests produce valgrind errors since the GPT data is
sometimes accessed before it is read. This is unnecessary, so update the
code to avoid this.
BUG=chrome-os-partner:21115
BRANCH=pit
TEST=manual
valgrind --leak-check=full ./build/tests/vboot_kernel_tests
See that we no longer get valgrind errors.
Change-Id: I9e9660e38a62a735cf01a37c2d81ddb5ab8b1528
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/66173
In several places the existing code assumes LBA, but was improperly converted
to use byte offsets, so multiply by the sector size to correct it and maintain
the same interface between MTD & GPT.
Also, since we will need to cgpt create on /dev/fts, which isn't a stat()able
device, allow providing the disk size on the commandline.
BRANCH=none
BUG=chromium:221745
TEST=make runtests; cgpt create -s 12345 on MTD image
Change-Id: Icc89a4505aba9a3dfc39b176a372f6e12d106aed
Reviewed-on: https://gerrit.chromium.org/gerrit/62675
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Albert Chaulk <achaulk@chromium.org>
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
Firmware images reading its own FMAP structure may have FMAP signature in code
and cause dump_fmap to parse incorrectly. Since currently there is only one
major version for FMAP (and the structure defined in fmap.h also applies only to
current version), we can improve that by checking major version number to skip
signatures in firmware code.
BUG=chromium:236347
TEST=emerge vboot_reference; dump_fmap /build/daisy/firmware/image.bin # success
BRANCH=none
Change-Id: I1d8f49bb88357e7a3a945fbdba9d9a7c4e177ac4
Reviewed-on: https://gerrit.chromium.org/gerrit/59362
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: David Hendricks <dhendrix@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Gabe Black <gabeblack@chromium.org>
Haswell CPUs are paired with the LynxPoint chipset and this
needs to be a valid controller name for crossystem.
BUG=chrome-os-partner:19263
BRANCH=none
TEST=manual
This was tested on a wtm2 system to ensure that a GPIO
defined in chromeos ACPI that is exported by the kernel at
/sys/devices/platform/chromeos_acpi/GPIO.# is used by crossystem
and the GPIO is exported in /sys/class/gpio and read.
$ cat /sys/devices/platform/chromeos_acpi/GPIO.1/GPIO.2
34
$ cat /sys/class/gpio/gpio196/value
1
$ crossystem wpsw_cur
1
Change-Id: I04064109e99270d7d26b27182b17fffbf47b025b
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/50224
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
- Refactor cgpt_prioitize.c to completely remove gpt-specific code.
- Refactor cgpt_add.c to isolate gpt-dependence to one helper function
and the backup/restore logic
- Change several common apis to take a struct drive* rather than a GptData*,
this provides a path to cleanly implement mtd versions
BUG=chromium:221745
TEST=no functional changes, existing tests cover this
BRANCH=none
Change-Id: I27ed166aae390aa5dc83062f62939e45122edc76
Original-Change-Id: I1b0a73509efbf22411c4ae5cf044feede0a49a33
Reviewed-on: https://gerrit.chromium.org/gerrit/46548
Tested-by: Albert Chaulk <achaulk@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Albert Chaulk <achaulk@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/49788
"cros_debug" is usually the last token of kernel command line on UEFI/legacy
BIOS systems.
However, kernel command line may end with new line ("\n") and that may cause
strcmp to fail (i.e., can't detect "cros_debug" if it's the last parameter in
command line), so we need to add that into strtok delimiters.
BRANCH=none
BUG=chromium:222248
TEST=crossystem cros_debug # display 1 on UEFI system with cros_debug
Change-Id: I9aed1562291469118acbadcc5211ff5c45eb9feb
Reviewed-on: https://gerrit.chromium.org/gerrit/46106
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
We should use only arm, x86, and x86_64; currently we also use i386 to
mean x86, and amd64 to mean x86_64.
BUG=chromium-os:26317
BRANCH=none
TEST=manual
sudo FEATURES=test emerge vboot_reference
FEATURES=test emerge-link vboot_reference chromeos-u-boot chromeos-installer
FEATURES=test emerge-daisy vboot_reference chromeos-u-boot chromeos-installer
FEATURES=test emerge-x86-alex vboot_reference chromeos-installer
make && make runtests (both inside and outside chroot)
Change-Id: I4fb64fafa9c48a76ded862e074776cab9ea54ab3
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/41838
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
This just adds a one-byte field in the nvstorage region for use in debugging
hard-to-catch errors. There's no official meaning or expectation for this
field. It's just a handy place to emit some information.
BUG=chrome-os-partner:11534
BRANCH=parrot
TEST=manual
Just change the value and ensure that it persists across a (working) reboot.
It's only updated at specific points under very exacting error conditions,
so all we really want to test is that it works as a place to store some
extra info.
crossystem recovery_subcode
crossystem recovery_subcode=14
reboot
crossystem recovery_subcode
The recovery_subcode byte is at index [6] of the VbNv.raw bytes that appear
when you press TAB, so you can find it there too:
VbNv.raw: 60 20 00 00 00 00 0e 00 00 00 00 00 00 00 00 65
Decimal 14 == 0x0e
Change-Id: I1930b8f81a03ab838dbee99a8d72c35a444efdfd
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/39803
Reviewed-by: Randall Spangler <rspangler@chromium.org>
devsw_cur is really a meaningless concept on systems with virtual dev
switches; it exists primarily to support factory test of physical
developer switches. However, some plugins use this instead of the
preferred devsw_boot, and it's easier to modify crossystem than the
plugins at this point in time.
BUG=chrome-os-partner:12928
BRANCH=none (affects all current products, but is an OS-level change, not FW)
TEST=manual
- On link, 'crossystem devsw_cur devsw_boot' with dev switch on -> '1 1'
- On link, 'crossystem devsw_cur devsw_boot' with dev switch off -> '0 0'
- On lumpy or earlier, 'crossystem devsw_cur' should return current dev
switch position; check this by toggling the physical switch without
rebooting and see that the reported value follows the switch value.
Change-Id: Ie7416e5cb03c133572c32af677b55ed18884dfb8
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/34531
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Older firmware does not provide nonvolatile-context-storage FDT
property, and crossystem complains about it.
This is harmless; so just make it quiet.
Signed-off-by: Che-Liang Chiou <clchiou@chromium.org>
BRANCH=none
BUG=chrome-os-partner:14475
TEST=manual, see blow
Run crossystem and make sure its output does not contain
"Unable to open FDT property nonvolatile-context-storage"
messages.
Check crossystem still works by comparing its output w/ and w/o this
change.
Change-Id: I0b8f40775833457a75d801f185344e931ac08847
Reviewed-on: https://gerrit.chromium.org/gerrit/33896
Commit-Ready: Che-Liang Chiou <clchiou@chromium.org>
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This option is disabled per default and can be enabled with
crossystem dev_boot_legacy=1
or by setting the GBB flag
GBB_FLAG_FORCE_DEV_BOOT_LEGACY 0x00000080
BUG=chrome-os-partner:6108
TEST=crossystem dev_boot_legacy=1
boot to dev mode screen, press CTRL-L, see SeaBIOS start
(other CLs needed)
BRANCH=link
Signed-off-by: Stefan Reinauer <reinauer@chromium.org>
Change-Id: I593d2be7cff5ca07b8d08012c4514a172bd75a38
Reviewed-on: https://gerrit.chromium.org/gerrit/31265
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
Tested-by: Stefan Reinauer <reinauer@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Stefan Reinauer <reinauer@chromium.org>
We may have multiple storage types (disk or mkbp) of VbNvContext.
crossystem should switch the type and choose the corresponding device
driver.
After patching U-Boot, you may check storage type:
[ "mkbp" = "$(cat /proc/device-tree/firmware/chromeos/nonvolatile-context-storage)" ]
And cross-verify crossystem with mosys:
$ mosys nvram vboot read
70000000000000000000000000000020
$ crossystem recovery_request
0
$ crossystem recovery_request=123
$ mosys nvram vboot read
70007b0000000000000000000000005d
$ mosys nvram vboot write 70000000000000000000000000000020
$ crossystem recovery_request
0
More importantly, crossystem should also work with older version of
firmware, which does not pass down this information.
Signed-off-by: Che-Liang Chiou <clchiou@chromium.org>
BRANCH=none
BUG=chrome-os-partner:13766
TEST=Check storage type on a Snow device:
[ "mkbp" = "$(cat /proc/device-tree/firmware/chromeos/nonvolatile-context-storage)" ]
Make sure that FAFT is still happy:
./run_remote_tests.sh --remote $ADDR --board daisy 'firmware_TryFwB/control$'
./run_remote_tests.sh --remote $ADDR --board daisy 'firmware_TryFwB/control.dev$'
More importantly, check crossystem worked well even when ChromeOS
is booted from an older version of firmware.
Change-Id: I3989a8c181efe03cd9f06127743763e0ad97e281
Reviewed-on: https://gerrit.chromium.org/gerrit/32470
Reviewed-by: Che-Liang Chiou <clchiou@chromium.org>
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Commit-Ready: Che-Liang Chiou <clchiou@chromium.org>
We need to know not only whether the HW WP pin is asserted, but whether the
flash chip has configured its software protection registers to actually
protect anything. This flag can be used to indicate that.
BUG=chrome-os-partner:13265
BRANCH=link
TEST=none
This just adds the flag. Nothing actually sets the flag yet, so there's
nothing to test.
Change-Id: Icba9945fb56eb3a4681486c630cbbdc9232485ef
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/31642
Reviewed-by: Randall Spangler <rspangler@chromium.org>
These fields are part of the version 1 struct, but were mistakenly
labeled as version 2 fields. Since ZGB firmware produces a version 1
struct, crossystem was treating the fields as unavailable.
BUG=chromium-os:33685
TEST=crossystem tpm_fwver tpm_kernver
BRANCH=none (OS utility change, not firmware, and affects only Alex/ZGB)
Change-Id: Ic857ee2da9a7ae7f0d42317b711bf102d068de64
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/30904
Tested-by: Sonny Rao <sonnyrao@chromium.org>
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
The value of the ChromeOS write protect switch is now provided through the new
chromeos_arm platform device which avoids the mismatch between U-Boot and
kernel GPIO numbering.
BUG=chrome-os-partner:11297
TEST=gmerge-ed onto a snow and verified that crossystem got the right value of
the write protect switch.
BRANCH=snow
Change-Id: I466370e4f6bf2d14c067518a9d620e9e60142a0b
Signed-off-by: Gabe Black <gabeblack@google.com>
Reviewed-on: https://gerrit.chromium.org/gerrit/30534
Reviewed-by: Simon Glass <sjg@chromium.org>
Commit-Ready: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This adds two new flags to crossystem:
clear_tpm_owner_request
clear_tpm_owner_done
The first one requests that the firmware clear the TPM owner on the
next boot. When the firmware does this, it will set
clear_tpm_owner_request=0, and set clear_tpm_owner_done=1. The OS can
use the done-flag as a hint that trusted things guarded by the TPM are
no longer trustable.
BUG=chromium-os:31974
TEST=manual
crossystem
// both flags initially 0
crossystem clear_tpm_owner_request=1
crossystem clear_tpm_owner_done=1
// request=1, done=0; done can be cleared but not set by crossystem
reboot
tpmc getownership
// owned=no
crossystem
// request=0, done=1
crossystem clear_tpm_owner_done=0
crossystem
// both flags 0 again
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Change-Id: I49f83f3c39c3efc3945116c51a241d255c2e42cd
Reviewed-on: https://gerrit.chromium.org/gerrit/25646
This is to avoid confusion with the canonical common.mk file that is
a CrOS build system.
BUG=chromium-os:33327
TEST=`cros_run_unit_tests --board x86-alex -p vboot_reference` still works
Change-Id: I4b6719d58a4a8ab44b62c23c0e2c45b154374958
Reviewed-on: https://gerrit.chromium.org/gerrit/29578
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
This is more reliable than reading them through FDT/ACPI, since it reflects
the positions as shown to verified boot code.
Notes:
1. This affects ALL platforms with virtual dev switches (x86 AND arm)
2. The fix should have no effect on older platforms, but I haven't tested those.
BUG=chrome-os-partner:11805
TEST=manual
1. boot in normal mode.
devsw_boot = 0 # Developer switch position at boot
recovery_reason = 0 # Recovery mode reason for current boot
recoverysw_boot = 0 # Recovery switch position at boot
wpsw_boot = 1 # Firmware write protect hardware switch position at boot
2. boot in developer mode.
localhost ~ # crossystem
devsw_boot = 1 # Developer switch position at boot
recovery_reason = 0 # Recovery mode reason for current boot
recoverysw_boot = 0 # Recovery switch position at boot
wpsw_boot = 1 # Firmware write protect hardware switch position at boot
3. boot in developer-recovery mode using keyboard combo.
devsw_boot = 1 # Developer switch position at boot
recovery_reason = 2 # Recovery mode reason for current boot
recoverysw_boot = 1 # Recovery switch position at boot
wpsw_boot = 1 # Firmware write protect hardware switch position at boot
4. disable WP and reboot. wpsw_boot should be 0.
Change-Id: If4156b5e14c6923c5b331c7e5feaabbffe1dad37
Reviewed-on: https://gerrit.chromium.org/gerrit/29199
Commit-Ready: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
