BUG=chromium-os:18631
TEST=manual
Boot to recovery mode screen. HWID should be the same size and shape as the
rest of the text.
Change-Id: Iee0b0611c1319a304d911b710dd7f35ef999a1eb
Reviewed-on: http://gerrit.chromium.org/gerrit/6667
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
The vboot_api.h doesn't require the BIOS display the ASCII HWID in
a graphical form (ARM U-Boot doesn't know how), so we have to do it
ourselves. This change makes that possible.
Summary of changes:
* bmpblk_font.h defines a structure to map ASCII chars to BMPs
* bmpblk_font utility generates that font structure
* bmpblock format is bumped to version 1.2
- YAML file specifies font to use for $HWID
- make_default_yaml updated to emit the new format
- README updated to describe the difference
BUG=chromium-os:18631
TEST=manual
I've tested this on ARM, like so:
Inside the chroot, build a U-Boot that uses it:
emerge-tegra2_kaen vboot_reference vboot_reference-firmware
emerge-tegra2_kaen tegra-bct tegra2-public-firmware-fdts \
chromeos-u-boot chromeos-bootimage
Outside chroot, but in src/platform/vboot_reference:
make
<copy ./build/utility/bmpblk_font and ./build/utility/bmpblk_utility to
somewhere in your $PATH>
make clean
cd scripts/newbitmaps/fonts
bmpblk_font --outfile ../images/hwid_fonts.bin outdir/*
cd scripts/newbitmaps/images
make arm
cd out_arm
<edit DEFAULT.yaml>
bmpblk_utility -z 2 -c DEFAULT.yaml arm_bmpblock.bin
<use gbb_utility to replace the bitmaps in the U-Boot image, boot it>
The HWID string is displayed.
Change-Id: I782004a0f30c57fa1f3bb246e8c59a02c5e9f561
Reviewed-on: http://gerrit.chromium.org/gerrit/6544
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
bmpblk_utility correctly supports this field, which can be used by the
factory process to map the localization to the correct locale. We forgot to
put the entries in the DEFAULT.yaml file. This change corrects that for
future releases.
BUG=none
TEST=none
Change-Id: Iea65d7439e6ef8cc8730ec1b862abba87041d93f
Reviewed-on: http://gerrit.chromium.org/gerrit/6424
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
We should detect keyblock from existing firmware and decide if a developer
firmware keyblock should be used.
BUG=chromium-os:18946
TEST=./make_dev_firmware.sh -f zgb.bin -t zgb_dev.bin
# seeing Using keyblocks (developer, normal)...
./make_dev_firmware.sh -f mario.bin -t mario_dev.bin
# seeing Using keyblocks (normal, normal)...
./make_dev_firmware.sh -f arm.bin -t arm_dev.bin
# seeing Using keyblocks (normal, normal)...
Change-Id: I74fa0db980e26a6a19a4393303e8c5b3260c84c7
Reviewed-on: http://gerrit.chromium.org/gerrit/5623
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Since both UEFI BIOS and U-Boot display BMP images (although with different
compression schemes), we might as well just use that format for the master
images.
We may still need to crop, scale, or compress these master images to the
platform-specific formats, of course. This change also adds an example
Makefile to produce the scaled images for x86 platforms.
BUG=chromium-os:18631
TEST=none
Change-Id: Idd18d66ea46502065c6f3707f625908a892a0cbd
Reviewed-on: http://gerrit.chromium.org/gerrit/5619
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
This change moves the old bitmaps (Mario, Alex, ZGB) and their supporting
scripts into a subdirectory, and creates a new set of images at 1366x768, in
PNG format.
This is preparation for providing a complete set of localized BIOS screens
to use as the master for all new platforms.
The plan is that these master images will be scaled, cropped, and converted
into the correct formats for each target platform, and those binary
bmpblocks saved in their own package. Only if a translation changes should
we need to regenerate the bmpblocks.
These new images do NOT (yet) include locales that cannot be rendered
correctly by ImageMagick, and not all of them have been fully vetted by the
localization team.
BUG=chromium-os:13037
TEST=none
Change-Id: Ic25832aad3c6cc36879db204c2579395014af311
Reviewed-on: http://gerrit.chromium.org/gerrit/5508
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Tom Wai-Hong Tam <waihong@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Parsing fmap information becomes easier after dump_fmap adds "-p" mode, and
prevents the dependency because dump_fmap is in same repo with signing scripts.
BUG=none, pure refine to reduce dependency and less error messages
TEST=./resign_firmwarefd.sh mario_bios.bin output.bin \
devkeys/firmware_data_key.vbprivk devkeys/firmware.keyblock \
devkeys/firmware_data_key.vbprivk devkeys/firmware.keyblock \
devkeys/kernel_subkey.vbpubk
# Also verified with modern firmware like ZGB/Alex and ARM.
Change-Id: Ia40ecd9ab641250272952e20ab058e780eb7770b
Reviewed-on: http://gerrit.chromium.org/gerrit/5132
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
When preamble_flag is not assigned manually, resign_firwmarefd should not change
the preamble flag.
BUG=chromium-os:18207
TEST=# Prepare a bios.bin with preamble_flag=1 (ex, ARM firmware)
./resign_firmwarefd.sh bios.bin ..... # do not assign preamble
vbutil_firmware --verify # see preamble_flag=1
# Repeat with firmware having preamble_flag=0 (ex, x86 firmware like ZGB/Alex)
# preamble_flag is 0 after resign_firmwarefd.
Change-Id: I50f88bbf51a28defaf1c4e5383ab856168a128fc
Reviewed-on: http://gerrit.chromium.org/gerrit/5133
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
The two-stop firmware relies on the "flag" field which may be useful for the
resign_firmwarefd.sh.
BUG=chrome-os-partner:5095
TEST=./resign_firmwarefd [params] 1
vbutil_firmware --verify ..... # seeing flag = 1
Change-Id: I56b44ee5b610e36384e15e6eb31286f0f838734b
Reviewed-on: http://gerrit.chromium.org/gerrit/4561
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
The %U is better since arm and x86 both supports it now.
BUG=chromium-os:15683
TEST=./make_dev_ssd.sh # need latest kernel patch
Change-Id: I94a6471788d3496cfa7ef263493e89877bb2b593
Reviewed-on: http://gerrit.chromium.org/gerrit/3551
Reviewed-by: Che-Liang Chiou <clchiou@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Add support for matching an optional kernel command line parameter that must
be matched via a regular expression.
BUG=none
TEST=manually on R12, R13 and R14 recovery images. Tests pass.
Change-Id: I82c1e6c9bd98f41912ab2054840fb2edec4698d9
Reviewed-on: http://gerrit.chromium.org/gerrit/2474
Reviewed-by: Jim Hebert <jimhebert@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
This avoids the need to read the vblock off the stateful partition to
re-construct the right SSD install kernel. The recovery installer can
also perform its verification checks (e.g. rollback to old version)
by directly reading kernel partition B instead of re-constructing it by
mounting the stateful partition.
We still copy the SSD vblock on the stateful for tools that still use
them (by overwriting the SSD kernel vblock). That operation is basically a
no-op now. This unnecessary step will be removed from the tools as part of
separate CLs.
BUG=chromium-os:8378, chrome-os-partner:3309
TEST=signed a new recovery image, made sure it installs
Change-Id: Ic4308fba1355f67a3b2821ae7e8d438bf658b0d1
Reviewed-on: http://gerrit.chromium.org/gerrit/1648
Tested-by: Gaurav Shah <gauravsh@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
This change adds an additional (optional) section to the .yaml file which
can enumerate the names of the locales. If present, these names will be
appended to the end of the bmpblock and the (new) locale_string_offset field
in the BmpBlockHeader will point to it. The names are encoded as a series of
null-terminated ASCII strings. The end of the series is indicated by an
extra null (for example, "en_US\0fr\0\0" names two locales).
The BIOS does not use this information. Factory or OOBE could use it to
select the initiale locale for the BIOS screens from the list of locales
included in the BmpBlock.
BUG=chrome-os-partner:3868
TEST=none
Change-Id: I34fd9ece27343d56ec43772de975ac6f2ad7c9a6
Reviewed-on: http://gerrit.chromium.org/gerrit/1156
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Some tools (such as dumpe2fs) may reside in paths that are not in the system
non-root path.
BUG=chromium-os:13564
TEST=Can now run sign_official_build without sudo.
Change-Id: I48737e7735551c9004a6fa19359da664ca67b423
Reviewed-on: http://gerrit.chromium.org/gerrit/867
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
With version 1.0, the BIOS displays its screens using composited images, but
we still have to create a new bmp image for every HWID. Version 1.1 lets us
render the ASCII HWID string directly, so the BIOS screens don't need
modification just because the HWID changes.
In the yaml file, we just replace the hwid image with a magic string, like
so:
bmpblock: 1.1
[...]
screens:
en_remove:
- [ 0, 0, remove_bg]
- [256, 534, en_model_text]
- [314, 534, $HWID]
- [192, 479, url]
- [195, 453, en_remove_text]
This change modifies the bmpblk_utility to accept and generate both 1.0 and
1.1 versions. It also updates the supporting scripts (most of which aren't
needed anymore) and adds a new DEFAULT.yaml file which can be used as the
basis for all locales.
BUG=chrome-os-partner:3264
TEST=none (manual)
Change-Id: I012349393848393928282
Reviewed-on: http://gerrit.chromium.org/gerrit/378
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
BUG=chromium-os:14904
TEST=manual:
./create_new_keys.sh
verify that keys are created
edit key.versions to change versions to 10 20 30 40
./create_new_keys.sh
verify that keys are created with versions from the file
Change-Id: I459018267883557237ab4cc0de9b443242739346
make_dev_ssd is a powerful command bug may confuse developers by its behavior.
Adding sanity checks can prevent developers throwing their system into
un-bootable ste.
BUG=chromium-os:14219
TEST=./make_dev_ssd.sh -i some_images; # no check, pass
./make_dev_ssd.sh # see alert for live partitions
(with non-developer firmware) ./make_dev_ssd.sh --partitions 2 # seeing firmware warning
(with developer firmware) ./make_dev_ssd.sh --partitions 2 # pass, no warning
(with dev-signed normal firmware) ./make_dev_ssd.sh --partitions 2 # pass, no warning
./make_dev_ssd.sh -f # seeing 5 second condown alert screen and then continue
Change-Id: I7ae134c03899b2dc4a6d95f6d9091c38e6f8cf65
R=rspangler@chromium.org
Review URL: http://codereview.chromium.org/6870026
Also adding support for the xx-YY variants to the make_yaml_from_hwids
script, which required that I rename those directories from xx-YY to xx_YY.
Providing a default locale ordering for all locales, which is roughly
geographical.
Change-Id: I4919728a0a876b649cef9dec3a023d0263efe794
R=rspangler@chromium.org
BUG=chromium-os:13037
TEST=none
Review URL: http://codereview.chromium.org/6878074
Developers may turn on developer switch, enter shell, and then try to run
make_dev_ssd without switching to developer firmware / dev root key.
And that would make the system showing "NO GOOD" or "INSERT" screen
after reboot.
For sanity check, we should check if firmware type is "developer" before running
make_dev_ssd.
BUG=none
TEST=(using normale firmware) make_dev_ssd # seeing the error messages
sudo chromeos-firmwareupdate --mode=todev; sudo reboot
(using developer firmware) make_dev_ssd # not seeing error
Change-Id: Id62959c91c39b0bbcca604c9e83fd087e3727b8b
R=rspangler@chromium.org
Review URL: http://codereview.chromium.org/6840047
Change the boot default option in partition 12 (ESP) when we want to disable
rootfs verification.
BUG=chromium-os:12424
TEST=./make_dev_ssd --remove_rootfs_verification --recovery_key -i USB_IMAGE
# the image is bootable by H2C and H2C BIOS(EFI).
# Not tried on non-EFI (syslinux) firmware, but it should work.
Change-Id: I7533bb73597041bbdc8cc57e4e8baaf6ca242309
R=wfrichar@chromium.org
Review URL: http://codereview.chromium.org/6813109
When we do perform firmware updates, we'd like to change the kernel subkey to ensure that new firmware and Chrome OS image stay in sync. This CL adds a scripts which makes it possible to do this revving in an automated manner.
The current versions rollback versions corresponding to the keyset are stored in key.versions. If we change the kernel subkey (to enforce firmware/Chrome OS lockstep), we must also update the firmware version. Similarly, since we modify the kernel subkey, we also generate a new set of kernel data keys. Thus, we also increment the kernel key version.
Change-Id: I364ab50bda115991dd4f69331d37291f66abbf36
BUG=chrome-os-partner:3274, chromium-os:8016
TEST=Manually tested using a newly generated keyset.
Review URL: http://codereview.chromium.org/6824059
There are lots of new and changed files here, but they're mostly localized
text strings and prerendered bitmaps of them.
There are a few that still need rendering by hand. These locales don't work
with ImageMagick:
ar el fa hi iw ja ko th vi zh-CN zh-TW
Change-Id: I1777f985460d46d5aedbb3fbc2fd3c159439c454
R=rspangler@chromium.org
BUG=chromium-os:13037
TEST=none
Review URL: http://codereview.chromium.org/6825032
Change-Id: Icf9abbff05f9b29664216079b5c008cb7906a4f6
BUG=chrome-os-partner:3229
TEST=manually on an image.
Review URL: http://codereview.chromium.org/6813047
Adding --recovery_key enables make_dev_ssd to process recovery images (including
USB bootable images).
R=gauravsh@chromium.org
BUG=chromium-os:12424
TEST=./make_dev_ssd.sh --remove_rootfs_verification --recovery_key -i /dev/sdd
# then use the USB to boot on a H2C device - success.
Review URL: http://codereview.chromium.org/6799007
Change-Id: Ie983f08ff8eba9472800b2f4097915ce380a0c50
This should let the signer catch errors where there are errors parsing verity output. And failing verification if rootfs hash verification is turned off for whatever reason.
Change-Id: I1e3f239a5b6afab31accdd8f0a737b8685530e8d
BUG=chrome-os-partner:3093, chrome-os-partner:3104
TEST=manually on a badly signed image (verification fails now)
Review URL: http://codereview.chromium.org/6720043
To make the output of kernel_config from make_dev_ssd more close to the original
images, we should eliminate the trailing newline/space.
BUG=chromium-os:13516
TEST=make_dev_ssd.sh # succcess
Change-Id: I17f030f8815dea22b04058456d98db6911888ef6
R=rspangler@chromium.org,clchiou@chromium.org
Review URL: http://codereview.chromium.org/6735009
The script to resign firmware (resign_firmwarefd.sh) has changed its syntax, due to the new "dev
firmware" design.
BUG=chromium-os:13375
TEST=./make_dev_firmware.sh
# seeing the "changed firmware to Developer Keys" message.
Change-Id: Id553f3ce1641f13e732bd5e208cb2fb00ca9c078
R=rspangler@chromium.org,gauravsh@chromium.org
Review URL: http://codereview.chromium.org/6727019
Thought I might as well put this is in the repo since I use it very often.
Change-Id: Iecbb2340dce1522b15aab8eefb3b2c346cb7c24f
BUG=none
TEST=manually signed an image.
Review URL: http://codereview.chromium.org/6698014
BUG=chromium-os:13100
TEST=none (BIOS team will test by using it)
Change-Id: Ifedeac1a0d13d36a069531bfaba4bdb7b3457406
Review URL: http://codereview.chromium.org/6696013
Change-Id: I17e1a5abcc4f2fab970a587b338594a7d51ecb2e
BUG=chromium-os:13026
TEST=manually tested all signing modes(usb, ssd, recovery, install), input image was not modified in each case.
Review URL: http://codereview.chromium.org/6686004
* Just make new "bmp" files as necessary
BUG=chrome-os-partner:2558
TEST=runs as expected
Change-Id: I3046630ea3e3f0a40429bb63a986c6044b83c6a6
Review URL: http://codereview.chromium.org/6623008
make_dev_firmware should trust system firmware blobs instead of using its own
prebuilt binaries.
BUG=chromium-os:12400
TEST=1. make a build with .49+ BIOS, and create the firmware updater
2. install the new BIOS, turn on developer switch and reboot
3. an ugly "DEV" screen (in .49) is shown on screen
4. run the new make_dev_firmware.sh
5. reboot. seeing the ugly DEV instead of the prebuilt blue screen
(verified successfully)
Change-Id: If75d2821170649fa869db6a82d879b697f7588e6
Review URL: http://codereview.chromium.org/6614006
Also re-factor the key generation script to its own directory, including wrappers for generating key pairs and keyblocks without needing to start keyset generation process from scratch. (Useful for generating new kernel keyblocks, and for retroactively adding new keys to an existing keyset - as in this case).
Finally, change hard coded algorithm ids and keyblock modes to bash variables, for each changes and telling keyset configuration from a glance.
BUG=chrome-os-partner:2218
TEST=manually tried the following:
1) Generating an entire new keyset.
2) Generating a new key pair and creating a keyblock from an existing key (for generating dev firmware keyblock for existing PVT keysets)
3) Firmware signing via sign_official_build.sh of an image with a firmware payload/
Change-Id: I4e9bb96ac7e5fe4cc0d95af6162ad6d37bbd4bda
Review URL: http://codereview.chromium.org/6594131
Change-Id: I0b364103e3b93d7fd3deebd72b4cb58239729aeb
BUG=chrome-os-partner:416
TEST=manual
Be sure you're running BIOS 49 or later, including the read-only portion.
Follow the instructions in
src/platform/vboot_reference/scripts/newbitmaps/{README,HWID.txt}
Review URL: http://codereview.chromium.org/6588093
Add bitmap_viewer program (to run OUTSIDE of chroot) and example bitmaps (to
be replaced by the REAL bitmaps for each platform).
BUG=chromium-os:10949
TEST=none
These are just nonessential tools and examples. No regression testing needed.
Change-Id: I7f9aab30809251e4c62d71bfa73293d0b4d97196
Review URL: http://codereview.chromium.org/6598046
Change-Id: I6435a4b0f40a571f8e44830e6d32f42d2d3213ff
BUG=none
TEST=manually tested with a signed image and comparing the kernel, and rootfs partitions.
Review URL: http://codereview.chromium.org/6533015
