This lets us reorder the priority of all the kernel partitions with a single
command, instead of a bunch of complicated and error-prone shell script
logic.
Change-Id: I21d39763ec5a748488d5319a987bcfe7c34ce4d0
BUG=chromium-os:9167
TEST=manual
In the chroot, do this:
cd ~/trunk/src/platform/vboot_reference
make
make runtests
make clean
Everything should pass.
Review URL: http://codereview.chromium.org/5352005
Change-Id: Ib12405f968af11ad75a6429ae9ebe502dde5bf92
BUG=chrome-os-partner:1591
TEST=make && make runtests
(This is already in the firmware; I'm just copying it back into vboot reference)
Review URL: http://codereview.chromium.org/5312003
Change-Id: I2e325ff9bd53fdaeb69c2d115c30785d6ca09b57
BUG=chromium-os:7178
TEST=manual:
Both in host and chroot environments:
. run `make clean && make && make runtests' in the top
directory
. observe the following being added in the end of the
report:
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
./gen_fuzz_test_cases.sh
Generating test image file...
1+0 records in
1+0 records out
500000 bytes (500 kB) copied, 0.0790024 s, 6.3 MB/s
Generating test bootloader file...
1+0 records in
1+0 records out
50000 bytes (50 kB) copied, 0.00921653 s, 5.4 MB/s
Generating test config file...
1+0 records in
1+0 records out
3000 bytes (3.0 kB) copied, 0.000618682 s, 4.8 MB/s
Generating key blocks...
Generating signed firmware test image...
Generating signed kernel test image...
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Review URL: http://codereview.chromium.org/4687007
* Display only the synopsis on stdout
* Keep a verbose log of all activity in the scratch directory.
* Add more checks
* Providing a directory argument will use the images found there instead of
trying to extract them from the system (for use on host machines).
Change-Id: I065a18c9467c625cc33484ee5556d955dc79b01d
BUG=none
TEST=manual
Get a root shell and run "dev_debug_vboot". You should see nicer output.
Review URL: http://codereview.chromium.org/4106001
Change-Id: I3f18081bda888a0fa6f56a67d0cef17268014706
BUG=chromium-os:6714
TEST=manual by enabling ROLLBACK_TPM in firmware/Makefile (did not test by compiling under MSVC)
Review URL: http://codereview.chromium.org/3973001
This matches the calls in firmware version 0037.
BUG=none
TEST=manual
Review URL: http://codereview.chromium.org/3859002
Change-Id: I3b45051dec3f4f45414802b39122c8d52c4d62f1
While trying to debug/test some vbutil_kernel changes
(coming in a different CL) it was noticed that this utility
is not covered by tests, and the script which runs it to set
up further testing (tests/gen_fuzz_test_cases.sh) fails
because of the key format mismatch.
Some investigation has shown that this was left behind when
vboot_reference key storage format was changed.
To make gen_fuzz_test_cases.sh work again a new set of test
keys is required, the keys are generated by
tests/gen_test_keys.sh. This utility had to be changed to
generate the proper set of wrapped public and private keys.
Actually code in tests/gen_test_keys.shgenerate_keys() is
copied in pasted in many scripts in this tree, this has to
be refactored, but under a different CL.
Once the changes were made, two scripts were run:
./tests/gen_test_keys.sh
./gen_test_cases.sh
resulting in the new and updated keys generated.
firmware/stub/tpm_lite_stub.c was edited to fix compilation
warning issued when compiling with debugging enabled.
Change-Id: I26a45cbad00d21a29195f2a89b4df7d3559133fe
BUG=chromium-os:7178
TEST=described below
The following commands succeed:
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
make
make runtests
./tests/gen_fuzz_test_cases.sh
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
note that ./tests/gen_fuzz_test_cases.sh was failing
before this change.
The upcoming CL modifying vbutil_kernel will make sure
gen_fuzz_test_cases.sh is executed when tests are run and
will enhance it to cover vbutil_kernel testing.
Review URL: http://codereview.chromium.org/3423022
Change-Id: I4c9b7a937103f3978cbed6629ee4057018b80eae
More cleanup. Also allow some tests to run even when TPM is already started.
Change-Id: I23558b96a1de55bbeca42dbf2e44f6802a0ec85b
Reorganize and standardize behavior of tests.
Change-Id: Id32fd09211a72deaa66a3dd0f973d35506ff96f2
BUG=433
TEST=ran all the tests I could run without TPM-free BIOS
Review URL: http://codereview.chromium.org/3389004
Change-Id: I4785a6326017c63d83a8eb153d6b90ee82e5f839
BUG=chromeos-partner:222
TEST=manual (build FW, make sure system boots and tpmc prints good values)
Review URL: http://codereview.chromium.org/3367020
Change-Id: I26d7d725cb429394e24be40a2f362b7ff160f4ee
BUG=none
TEST=make && make runtests (and build into test BIOS)
Review URL: http://codereview.chromium.org/3337017
This makes the sequence of pictures shown to the user slightly less
confusing, but the whole process needs a bit more cleanup. Some of the work
has to be done in the BIOS code, not just here. This is better, but it's not
complete.
Change-Id: If0b3ecc92716020a06031866849d83411d7f0db8
BUG=chrome-os-partner:903
TEST=manual
Review URL: http://codereview.chromium.org/3249009
Add some extra cases to SanityCheckTest() to test both header and entries
being garbled at either end of the disk.
Add DuplicateUniqueGuidTest() to check that GPTs having duplicate
UniqueGuids in the entries are rejected. We can only check this per-disk, of
course.
Made some changes to the library to enforce the UniqueGuid requirement that
I just started testing for.
BUG=chromium-os:4854
Review URL: http://codereview.chromium.org/3135044
Change-Id: I86458faf9cc99aa3f29aac0d5b144dbd05067181
BUG=5654
TEST=manual
Case 1: Trying a new kernel which works
sudo cgpt add -P10 -T10 -S0 -i4 /dev/sda
Then reboot and
sudo cgpt show /dev/sda
See that tries is now 9 for /dev/sda4 (since the current ChromeOS
doesn't set the successful bit)
Case 2: Trying a new kernel which is bad
sudo dd if=/dev/zero of=/dev/sda4 count=1 conv=notrunc
Then reboot and
sudo cgpt show /dev/sda4
See that success=prio=tries=0 for /dev/sda4.
Review URL: http://codereview.chromium.org/3130040
Reference code drop-in to firmware should make our implementations of Memset() and SafeMemcmp() get used now.
BUG=chrome-os-partner:820
TEST=make && make runtests
Change-Id: If0c06dfad85b67398a118985cdb751d20b2b65a4
Review URL: http://codereview.chromium.org/3173035
1) kernel_subkey is one of the input parameters; not read off disk. KeyBlockVerify() now verifies it's not NULL unless we're only using the hash.
2) Added a check for kernel size vs. buffer size.
3) Added a check to make sure kbuf_sectors is nonzero.
BUG=chrome-os-partner:704
TEST=make && make runtests
Review URL: http://codereview.chromium.org/3186013
This is part of the proposed developer-mode installation process, where we
want to detect that whoever is fiddling with the hard drive has already
fiddled with it before. Otherwise, we'll make them wait a bit to prevent
drive-by updates.
BUG=chromium-os:5306
Change-Id: Ifd6dce69180fa818fe14dbc3b1ac3485fb15d1c9
Review URL: http://codereview.chromium.org/3122023
Also, make algorithm unsigned int in most places.
BUG=chrome-os-partner:701
TEST=existing RSA verification tests still pass
Review URL: http://codereview.chromium.org/3136017
Changed TlclRead / TlclWrite to take void* / const void* to reduce typecasts.
Much restructuring of rollback_index.c.
Fixed a version-packing bug in rollback_index.c (& --> |)
BUG:chrome-os-partner:304
TEST:manual testing of all code flows on CRB
Review URL: http://codereview.chromium.org/3084030
Make vbutil_keyblock handle unsigned blocks. Also enable --unpack option and
add tests for it.
Modify vbutil_kernel to allow unsigned keyblocks, correct usage message,
and fix the --debug option which was somehow disabled.
Update load_kernel_test to accept /dev/null for the public key, to test
non-signed kernel keyblocks.
Review URL: http://codereview.chromium.org/3124004
Also fix a few comments, and make extra debugging work when compiled
in firmware.
BUG=none
TEST=make && make runtests; all pass
Review URL: http://codereview.chromium.org/3007036
Since the kernel vblocks are always padded out to a fixed size, the unused (padded) memory was ending up containing random bytes, leading to vbutil_kernel generating vblocks that are not bit-identical when run with the same inputs.
BUG=none
TEST=see below
1) Use vbutil_kernel with the same set of inputs to generate two alternative vblocks.
2) Compare the 2 files - they must be bitwise identical space. The padding bytes must all be set to 0.
3) Generate a new signed image using the resign_image.sh script under scripts/image_signing. This signed image should be boot and install successfully on a maching running our custom firmware using the same set of root, firmware, and kernel keys.
Review URL: http://codereview.chromium.org/3076033
Also add a script for splitting a firmware image into component firmware data, vblocks and the GBB.
Note: The script uses fmap_decode, a utility to parse flashmap of a firmware image, and a part of the flashmap project:
http://code.google.com/p/flashmap/
BUG=3496
TEST=Tested with newer builds of firmware images with flashmaps enabled. Steps to verify:
1) Use script to re-sign an existing image with a new set of keys.
2) Use unpack_firmwarefd.sh to get individual firmware data and vblocks.
3) Use vbutil_firmware with the new keys. Verification should succeed with
the newer keys but fail with the older ones.
Review URL: http://codereview.chromium.org/3026018
LoadKernel already returns the partition number for the selected kernel.
This change makes it also return the GPT Entry's UniqueGuid, which will
eventually be passed to the kernel itself, so the kernel can determine which
of several possible devices it has booted from. It doesn't know for certain
because the BIOS and the kernel may enumerate the devices in a different
order.
BUG=chromium-os:4984
Review URL: http://codereview.chromium.org/3056014
Do not directly manipulate global structs. Work on the local copy instead.
In firmware-land, globals are a bad idea.
Review URL: http://codereview.chromium.org/3027011
