Updated the current coral config to use the fake keys from the loemkeys
dev keyset (ACME) and then tested/debugged this flow based on that
config.
Fixed issue where key_id wasn't eval'd in bash when it was passed to
grep because it has ' quotes around it.
BUG=b:64842314
TEST=~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery
../build/images/coral/R62-9877.0.2017_08_25_1030-a1/recovery_image.bin
../platform/vboot_reference/tests/loemkeys
coral_loem_signed_recovery.bin
BRANCH=None
Change-Id: I50a58e512e9a83dc2707951f12d709f9006d67ca
Reviewed-on: https://chromium-review.googlesource.com/636344
Commit-Ready: C Shapiro <shapiroc@google.com>
Tested-by: C Shapiro <shapiroc@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
We would like to have different signature versions for hammer
(1=dev, 2=premp, 3=mp), so we should pass --version to futility.
The default version stays 1.
BRANCH=none
BUG=b:35587169
TEST=openssl genrsa -3 -out key_hammer.pem 2048
futility create --desc="Hammer fake MP key" key_hammer.pem key_hammer
echo firmware_version=2 > key_hammer.version
../vboot_reference/scripts/image_signing/sign_official_build.sh \
accessory_rwsig build/hammer/ec.bin . \
ec-signed.bin key_hammer.version
futility show ec-signed.bin => Version: 0x00000002
TEST=Without passing a version file, version is still 1.
../vboot_reference/scripts/image_signing/sign_official_build.sh \
accessory_rwsig build/hammer/ec.bin . ec-signed.bin
futility show ec-signed.bin => Version: 0x00000001
Change-Id: I0cd9133404fb0d827bd2f0d3bcc71d5dd274734d
Reviewed-on: https://chromium-review.googlesource.com/631757
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
vb2_public_key_read_keyb cannot be used for VB2.1 public keys
(especially not for 2048 exponent 3 or F4, as their size is the
same so the algorithm cannot be guess).
Instead, do what futility/rwsig does and derive the public key from
the private RSA key.
BRANCH=none
BUG=b:64854892
TEST=make runlongtests
Change-Id: Ie81f40e6076cd0c234012b9af58e39425f8b717c
Signed-off-by: Nicolas Boichat <drinkcat@google.com>
Reviewed-on: https://chromium-review.googlesource.com/628177
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Caveh Jalali <caveh@google.com>
Add tpm_lite library support for the IFX specific TPM_FieldUpgrade
subcommand "FieldUpgradeInfoRequest2". Expose this via tpmc so it can
be used from shell scripts.
BRANCH=none
BUG=chromium:728130
TEST=Builds and tpmc ifxfieldupgradeinfo prints plausible results.
Change-Id: Ie58ebccef7fe90f7fca65d7cd9c78e1f16f9f29a
Reviewed-on: https://chromium-review.googlesource.com/562772
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
For design context, see go/cros-unibuild-signing
This adds support for multiple, shared firmware images from a unified
build that needs to be signed with different OEM specific keys.
It uses a signer_config.csv file (that is generated by pack_firmware.py)
to determine which images need to be signed with which keys.
BUG=b:64842314
TEST=./build_image --board=coral dev
&& ./mod_image_for_recovery.sh --board=coral
&& ~/trunk/src/platform/vboot_reference/scripts/image_signing/sign_official_build.sh
recovery ../build/images/coral/latest/recovery_image.bin
../platform/vboot_reference/tests/devkeys
BRANCH=None
Change-Id: Id3711bbe73dfe652184bc046b5f642c30b8d1627
Reviewed-on: https://chromium-review.googlesource.com/626718
Commit-Ready: C Shapiro <shapiroc@google.com>
Tested-by: C Shapiro <shapiroc@google.com>
Reviewed-by: C Shapiro <shapiroc@google.com>
When user first starts up recovery (3 finger salute), display
usb insert instructions and original insert graphic until user
starts pushing volume buttons. If the user pushes power button
during while the icon is displayed (no menu items), device will
shut down (this is to accomodate users that accidentally enter
the recovery screen and want to exit quickly). Upon user
pressing the volume buttons, the insert icon will disappear
and user will see the menu items and be able to scroll up/down.
BUG=b:64400325
BRANCH=None
TEST=boot into recovery. Make sure graphic shown until start
pushing volume buttons.
Change-Id: I4a5001271a0b84d1237d4bbc6a098afa10cb9372
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/617600
Reviewed-by: Julius Werner <jwerner@chromium.org>
call VbExUpdateAuxFw() uncontidionally, instead of when we know we
need to do an update. Vb*AuxFw() already maintains state, so this
doesn't change when we (attempt) to update firmware.
however, this does allow us to iterate over all firmware drivers to
call their .protect() method. previously, we would only call
.protect() after an actual firmware update.
updated unit tests to match the new logic.
BRANCH=none
BUG=b:35585700
TEST=verified i2c tunnels are protected on reef using
ectool i2cprotect N status.
Change-Id: I9244db28ed181f568d117092307293202257735b
Signed-off-by: Caveh Jalali <caveh@google.com>
Reviewed-on: https://chromium-review.googlesource.com/620281
Reviewed-by: Julius Werner <jwerner@chromium.org>
vb2_update_selection considered only KEY_UP and KEY_DOWN inputs to
update the selection. This resulted in volume buttons not working on
firmware screen to update the selection. Add volume buttons as valid
inputs in vb2_update_selection.
BUG=b:64839396
BRANCH=None
TEST=Verified that volume buttons work on firmware screen.
Change-Id: I08bfa91eafb170fb450649a2abaafe7f4d58e17b
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/621787
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Shelley Chen <shchen@chromium.org>
When DUT is already in dev mode, don't let user select the "Enable
Developer Mode" selection in the menu. Add disabled_idx_mask to
VbExDisplayMenu API to allow for disabling of menu items in the future
if needed.
BUG=b:63078243, b:35585623
BRANCH=None
TEST=reboot into recovery with DUT already in dev mode. Make sure
can't scroll to "Enable Developer Mode: entry.
reboot into recovery with DUT in normal mode. Make sure
"Enable Developer Mode" entry is selectable.
CQ-DEPEND=CL:565335
Change-Id: Ic71fe6aa2e41337787a0c2278f729356edb155fd
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/598430
Reviewed-by: Julius Werner <jwerner@chromium.org>
This converts the script in one commit as nothing uses it directly,
so the chances of it breaking overall build is low.
- Convert to common.sh for more helpers
- Convert echo to info
- Convert to loopback devices to speed things up
- Fix quoting in a few places
- Drop cgpt usage since we use loopback partitions everywhere now
BRANCH=None
BUG=chromium:714598
TEST=running on an image still works
Change-Id: I6608db77792502f35522a6f793ccd800fdd6af4e
Reviewed-on: https://chromium-review.googlesource.com/505482
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
The prioritize cmd expected primary gpt header and entries are valid.
Add a validity check to guarantee that.
BUG=b:35585016
TEST=Check on bob, the secondary gpt still valid after these commands:
dd if=/dev/zero of=/dev/mmcblk0 bs=512 count=64
cgpt prioritize /dev/mmcblk0
Change-Id: I853e25211a46fa3ce93cef1e5169b93b0a6430a9
Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com>
Reviewed-on: https://chromium-review.googlesource.com/604814
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This is the last place that uses grab_kernel_config. Convert it over
to accessing the kernel directly via loopbacks and delete the helper
function entirely. This avoids unnecessary copies and prevents any
more code from using it.
BRANCH=None
BUG=chromium:714598
TEST=dump_config still works
Change-Id: I16aa2c2568d15c43bb20b9d5dc18060915047506
Reviewed-on: https://chromium-review.googlesource.com/505481
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
Set current selection to power off after exiting the languages menu.
Previously, we were just defaulting to selecting the 0 index. However,
this won't work anymore if we hide the "Enable Developer Mode" entry
in the recovery menu due to that entry being at the 0th index.
BUG=b:63078243, b:35585623
BRANCH=None
TEST=Boot into recovery when machine in normal mode.
Select languages menu, make language selection and make sure
that when return to recovery menu, power off item is selected.
Change-Id: I479c2270ca99197fd8c44386ab1ca4526ae7d64a
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/565527
Reviewed-by: Randall Spangler <rspangler@chromium.org>
For detachables, the short delay is to fast to them to read/choose
options. Setting timeout to 30 seconds once user starts scrolling
through the menu. If no action is taken by the user, will retain
the short delay timeout.
BUG=b:63056097, b:35585623
BRANCH=None
TEST=reboot with gbb flag bit 1 enabled and ensure using short delay.
reboot and press volume button and make sure using long delay.
reboot and make sure short delay performed again upon reboot.
reboot and make sure gbb flag bit 1 = 0 and make sure long delay
still working as expected.
Change-Id: I31e3ca8aff6b29abca70ca9587deae7f6443d837
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/563817
Reviewed-by: Randall Spangler <rspangler@chromium.org>
The sw_wpsw_boot field only ever worked correctly on some platforms. It
also isn't used anywhere in the codebase (only other reference is a
comment about how it doesn't always work in factory_installer.sh), and
it's no longer clear what it was meant for in the first place
(b/35510092 hints at needing it for some planned feature that was never
implemented). Let's get rid of it to avoid confusing people.
If userspace tools need to know the software write-protect state, they
can instead run flashrom directly. For feedback reports, this output is
already included in the "verified boot" section.
BRANCH=none
BUG=chromium:508269,chromium:742685
TEST=none
Change-Id: I8975b1e2c8e604b4cb48d092c13b923b4db2d207
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/575389
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This avoids copying out the kernels just to read their configs.
Not super important as the signer doesn't use it, but we want to
kill off the grab_kernel_config helper.
BRANCH=None
BUG=chromium:714598
TEST=dump_config still works
Change-Id: I2533b1d4de6980120f277fea3a1d964cb4fbaf0d
Reviewed-on: https://chromium-review.googlesource.com/505479
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
this adds calls to depthcharge (using callbacks) to do auxiliary
firmware updates. in particular, this is intended to trigger TCPC
updates, but other programmables could also be updated.
no firmware updates take place until a board file has actually
registered a firmware update "driver". board file updates to follow.
TEST="COV=1 make" passes.
depthcharge boots on snappy.
with additional follow-on CLs, we can update the ps8751.
the companion depthcharge changes are here:
https://chromium-review.googlesource.com/c/498150/
the working design doc is here:
https://docs.google.com/a/google.com/document/d/1uzS0b3O3Us1QI2Sx7LDkjEfHmuhYB2BolrAoNwCVoc0/edit?usp=sharing
these features depend on vboot API updates:
CQ-DEPEND=CL:498150
BUG=b:35586896
BRANCH=none
Change-Id: If0d634eab08b429a8e7e80f5fe11eab3705bba0f
Signed-off-by: Caveh Jalali <caveh@google.com>
Reviewed-on: https://chromium-review.googlesource.com/505260
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
This changes the kernel config reading and the stateful vblock updating
to use loopback devices. This avoids having to copy out the kernels
many times over just to read them.
BRANCH=None
BUG=chromium:714598
TEST=signing images still works
Change-Id: Ibb49791a7db998e45b35ed15ddc12126e669c730
Reviewed-on: https://chromium-review.googlesource.com/505477
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Partition size on 4TB drive can overflow 32-bit integers. Running "cgpt
show /dev/sda" prints negative number for the state partition (sda1).
BRANCH=none
BUG=none
TEST=Run "cgpt show /dev/sda" with 4TB drive.
Change-Id: I56f3b43594028695745de8c5a1626d940a3b4c5b
Reviewed-on: https://chromium-review.googlesource.com/546879
Commit-Ready: Erdi Chen <erdi@google.com>
Tested-by: Erdi Chen <erdi@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
BUG=b:35585623
BRANCH=None
TEST=Reboot into recovery, scroll to language menu
and make sure that you can scroll and select
other languages.
Change-Id: I6fe7f0550b05e33eaeef928cd23932f5a40fe9ad
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/544897
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Currently with detachable menu, when debug info is
displayed, the current selection is not highlighted.
Changing call in VbDisplayDebugInfo from
VbDisplaySecreen to VbDisplayMenu to ensure
selection is highlighted. This will have no effect
on firmware screens for non-detachables.
BUG=b:35585623
BRANCH=None
TEST=Compile with and without USE=detachable_ui
Reboot and display debug info. Make sure
that for detachable menu, selection remains
highlighted and for non-detachable screens,
The screen displays as usual.
Change-Id: I0a7a2c4e0ae3ffb82e13dc92a319288d4ccb3997
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/541758
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Replace commands using gbb_utility by the new 'gbb' futility command.
BRANCH=none
BUG=None
TEST=USE=test emerge-$BOARD vboot_reference
Change-Id: I8c1547d295a955373413482509a33964b0e0c06f
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/538442
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Some tests mock library functions. This previously worked due to adding
CFLAGS += -Xlinker --allow-multiple-definition
to the test binaries. But the new version of binutils seems to need
the default implementation to be weak if compiled with -O2 in some
cases. Add test_mockable for use with functions where this is now
needed.
BUG=chromium:723906
BRANCH=none
TEST=Add CFLAGS += -O2 to the makefile, then make -j runtests
Tests break before this change with -O2, and work afterwards
Change-Id: I95996a3e1086251442055765295a75de4c20ee3c
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/527601
Commit-Ready: Manoj Gupta <manojgupta@chromium.org>
Tested-by: Rahul Chaudhry <rahulchaudhry@chromium.org>
Reviewed-by: Rahul Chaudhry <rahulchaudhry@chromium.org>
Unified builds break down multiple firmware images for each model;
however, the signing script didn't have support for this.
This updates the signing script to iterate over all models in a unified
build and sign each firmware image separately.
BUG=chromium:734485
TEST=sign_official_build.sh recovery for reef and reef-uni
BRANCH=none
Change-Id: Ia2b5b8bd36ac77aeb7944362186d1d5739e6ff3d
Reviewed-on: https://chromium-review.googlesource.com/540131
Commit-Ready: C Shapiro <shapiroc@google.com>
Tested-by: C Shapiro <shapiroc@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
'gbb_utility' is the command name before it has been merged to futility.
However, it's pretty long and redundant today if we have to type
'futility gbb_utility ...'. New features of futility are now implemented
as sub-commands (futility cmd) instead of symlinks (for example,
'create', 'show', 'sign', 'verify') so it seems reasonable to just
change gbb_utility to a sub-command style name 'gbb'.
Meanwhile, for backward compatibility, the 'gbb_utility' name is still
supported so symlinks will still work.
BRANCH=none
BUG=None
TEST=emerge vboot_reference; futility gbb
Change-Id: I4de59bcc564576420ab71157cb166fc8a42e85ad
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/538398
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Rather than copy out the rootfs to a temp file and perform checks on that,
run the checks directly on the image. This saves us from having to copy
many GB worth of data which can be expensive on the VMs (slow disk I/O).
BRANCH=None
BUG=chromium:714598
TEST=signing images still works
Change-Id: Ie7d1c432aacb69e57b6c5fd9ab810b8d0b054860
Reviewed-on: https://chromium-review.googlesource.com/505476
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
1. Current assumption in the validation function is that there is only
1 metadata block present in the cache. However, this is not always
true (e.g. KBL boards). Thus, update the check to ensure that only 1
metadata block is actually used if multiple such blocks are present.
2. Add a check to ensure that the offset provided is not greater than
the file size.
BUG=b:62654773
BRANCH=None
TEST=Verified that "futility validate_rec_mrc" works fine with the
image provided in bug. Also, verified this works fine for poppy.
Change-Id: I84b55d1daf884326a2e970e2ac73110c5eeeaa45
Signed-off-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/537074
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Rose decided to leverage the key format of Hammer therefore this script calls
Hammer's one to generate a key pair and renames them to key_rose*.
BUG=b:37693819
TEST=None
BRANCH=None
Change-Id: I1f31afe89a00895434a169401ab76b594ad0a403
Reviewed-on: https://chromium-review.googlesource.com/529504
Commit-Ready: Wei-Ning Huang <wnhuang@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
This was old code that switched locale when pressing up
arrow.
BUG=b:35585623
BRANCH=None
TEST=Boot to recovery and make sure up arrow doesn't
change the locale.
Change-Id: Ibb4d2785170a2e36d599e4af56de3dfd922c5957
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/517283
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Handle displaying of language menu.
BUG=b:35585623
BRANCH=None
TEST=Reboot and select Language from menu, select language
and make sure displays menu items in current language.
Change-Id: I518021c5278895e95cb4afdde044091c5bec7233
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/477093
Reviewed-by: Randall Spangler <rspangler@chromium.org>
In dev mode, after 30 seconds of inactivity, we'll get
the usual loud beep and automatic boot from disk.
BUG=b:35585623
BRANCH=None
TEST=reboot and make sure that fw screen timeout only occurs
after 30 seconds of inactivity.
Change-Id: Id6552f7213a52ed8c0f083a8388719a8fe79fa77
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/457841
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Rather than read out the whole kernel partition just to dump the kernel
config, set the image up via a loopback device and read from there.
BRANCH=None
BUG=chromium:714598
TEST=signing images still works
Change-Id: I3797a0e77315e8baf6f481f31c44b889ac6d098a
Reviewed-on: https://chromium-review.googlesource.com/505475
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
In the current implementation, if the boot from USB fails after pressing
Ctrl-U or selecting "Boot USB Image", only a blank screen is shown instead of
a menu. There is no option for the user to do anything else except wait for the
timeout, after which boot from fixed disk is attempted. This does not seem like
an intuitive boot flow.
Hence, if the USB boot fails display the current menu, allowing the user to
attempt something else.
BUG=None
BRANCH=None
TEST= verfied that menu is displayed on USB boot failure from developer screen.
Change-Id: Ide3967be7bba3d87c8a545a0f4ed52da44150fd0
Signed-off-by: Rizwan Qureshi <rizwan.qureshi@intel.com>
Reviewed-on: https://chromium-review.googlesource.com/509671
Commit-Ready: Rizwan Qureshi <rizwan.qureshi@intel.corp-partner.google.com>
Tested-by: Rizwan Qureshi <rizwan.qureshi@intel.corp-partner.google.com>
Reviewed-by: Shelley Chen <shchen@chromium.org>
We have `err_die` and `die` helpers that do the same thing, but some
scripts just have to know which one to use based on their runtime.
Just unify them as the more common `die` so all scripts can use it.
Similarly, we provide info, warn, and error to dev scripts, but not
to the runtime ones. Add small stubs in common_minimal.sh so the
API is consistent.
BRANCH=None
BUG=chromium:718184
TEST=scripts still work
Change-Id: Id44fb27900c37f4e357d20817f909e4534d1c5b3
Reviewed-on: https://chromium-review.googlesource.com/507990
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
We don't want to override the common trap as the common sh files already
have handlers installed to clean up files/mounts. Re-use those helpers
to avoid leaking loopback mounts.
BRANCH=None
BUG=chromium:718184
TEST=signing images still works
Change-Id: I749ce5075194356219fea51152154fdc5a2e3b99
Reviewed-on: https://chromium-review.googlesource.com/505575
Reviewed-by: Eric Caruso <ejcaruso@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
