Header file changes for wrapper API implementation
Crossystem support for reading recovery reason from VbSharedData, and
explicit support for version 1 VbSharedData structs.
BUG=chromium-os:16970
TEST=make && make runtests; run crossystem on Alex and make sure it still reports recovery_reason in recovery mode.
Change-Id: I15195b899583e425d3c9e8df09842d764528e2cb
Reviewed-on: http://gerrit.chromium.org/gerrit/3203
Reviewed-by: Tom Wai-Hong Tam <waihong@chromium.org>
Reviewed-by: Che-Liang Chiou <clchiou@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
BUG=chromium-os:16925
TEST=run "tpmc getvf" before stopping tcsd and observe that the error message no longer says "forgot to call TlclLibInit()"
Change-Id: I867c010c07286c0aa4cec49dda60524de1c2bec1
Reviewed-on: http://gerrit.chromium.org/gerrit/3147
Tested-by: Luigi Semenzato <semenzato@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
New APIs for the wrapper funtions (VbSelectFirmware() and
VbSelectKernel()) and the APIs for the firmware services they need.
BUG=none
TEST=none
Change-Id: Id8ddc456d062095b12495dd534e21342b5490aee
Reviewed-on: http://gerrit.chromium.org/gerrit/2195
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
Before this commit, u-boot and vboot_reference are inter-dependent on
each other; the former needs to be linked with the latter, and the
latter needs the compiler flags of the former to be built properly.
This commit hard-code u-boot's compiler flags into Makefile, and thus
removes the inter-dependency. Note that this is just a temporarily
measure before we get the compiler flags right.
BUG=chromium-os:16808
TEST=emerge-{tegra2_seaboard,x86-alex} vboot_reference-firmware
Change-Id: Ia3b487b32775afd98fa15db29dbff51ae9d8a94d
Reviewed-on: http://gerrit.chromium.org/gerrit/2947
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
BUG=chromium-os:16456
TEST=manual
To test: run dump_fmap with and without the '-p' option.
Without -p, the output looks like this:
area: 14
area_offset: 0x00110000
area_size: 0x000f0000 (983040)
area_name: RW_SECTION_B
area: 15
area_offset: 0x00110000
area_size: 0x00010000 (65536)
area_name: VBLOCK_B
With -p, the output looks like this:
RW_SECTION_B 1114112 983040
VBLOCK_B 1114112 65536
Change-Id: I53a3527fa92d22fef16563b0a950366a3a3db8a4
Reviewed-on: http://gerrit.chromium.org/gerrit/2545
Tested-by: Rajesh Chenna <rchenna@google.com>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Add support for matching an optional kernel command line parameter that must
be matched via a regular expression.
BUG=none
TEST=manually on R12, R13 and R14 recovery images. Tests pass.
Change-Id: I82c1e6c9bd98f41912ab2054840fb2edec4698d9
Reviewed-on: http://gerrit.chromium.org/gerrit/2474
Reviewed-by: Jim Hebert <jimhebert@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
The script needs to use proper device names when looking for
'hard drive' and USB storage. This change makes these names
platforms specific. Another change is to look for the USB device
when running off SSD and include it in report if found.
BUG=chromium-os:15896
TEST=manual
Ran dev_debug_vboot in the four permutations (on Alex or Kaen,
off USB or SSD), observed expected results reported, for instance
when running off USB stick on Kaen with a valid system installed
on the SSD partitions 2/4:
localhost chronos # dev_debug_vboot
Saving verbose log as /tmp/debug_vboot_IhtMvRsGt/noisy.log
Extracting BIOS image from flash...
Extracting kernel images from drives...
Extracting BIOS components...
Pulling root and recovery keys from GBB...
Verify firmware A with root key... OK
Verify firmware B with root key... OK
Test kernel_subkey_a.vbpubk... OK
Test kernel_subkey_b.vbpubk... OK
Test hd_kern_a.blob... OK
Test hd_kern_b.blob... OK
Test usb_kern_a.blob... OK
Verify hd_kern_a.blob with kernel_subkey_a.vbpubk... OK
Verify hd_kern_b.blob with kernel_subkey_a.vbpubk... FAILED
Verify usb_kern_a.blob with kernel_subkey_a.vbpubk... FAILED
Verify hd_kern_a.blob with kernel_subkey_b.vbpubk... OK
Verify hd_kern_b.blob with kernel_subkey_b.vbpubk... FAILED
Verify usb_kern_a.blob with kernel_subkey_b.vbpubk... FAILED
Verify hd_kern_a.blob with recoverykey.vbpubk... FAILED
Verify hd_kern_b.blob with recoverykey.vbpubk... FAILED
Verify usb_kern_a.blob with recoverykey.vbpubk... OK
exporting log file as /var/log/debug_vboot_noisy.log
On the same system after corrupting the SSD kernel:
localhost tmp # dev_debug_vboot
Saving verbose log as /tmp/debug_vboot_uLSfFS2g9/noisy.log
Extracting BIOS image from flash...
Extracting kernel images from drives...
Extracting BIOS components...
Pulling root and recovery keys from GBB...
Verify firmware A with root key... OK
Verify firmware B with root key... OK
Test kernel_subkey_a.vbpubk... OK
Test kernel_subkey_b.vbpubk... OK
Test hd_kern_a.blob... FAILED
Test hd_kern_b.blob... OK
Test usb_kern_a.blob... OK
Verify hd_kern_a.blob with kernel_subkey_a.vbpubk... FAILED
Verify hd_kern_b.blob with kernel_subkey_a.vbpubk... FAILED
Verify usb_kern_a.blob with kernel_subkey_a.vbpubk... FAILED
Verify hd_kern_a.blob with kernel_subkey_b.vbpubk... FAILED
Verify hd_kern_b.blob with kernel_subkey_b.vbpubk... FAILED
Verify usb_kern_a.blob with kernel_subkey_b.vbpubk... FAILED
Verify hd_kern_a.blob with recoverykey.vbpubk... FAILED
Verify hd_kern_b.blob with recoverykey.vbpubk... FAILED
Verify usb_kern_a.blob with recoverykey.vbpubk... OK
exporting log file as /var/log/debug_vboot_noisy.log
Change-Id: I4f4cd2377c6acf3db433d629ed0a5c43a5d1a76c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/1938
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
This avoids the need to read the vblock off the stateful partition to
re-construct the right SSD install kernel. The recovery installer can
also perform its verification checks (e.g. rollback to old version)
by directly reading kernel partition B instead of re-constructing it by
mounting the stateful partition.
We still copy the SSD vblock on the stateful for tools that still use
them (by overwriting the SSD kernel vblock). That operation is basically a
no-op now. This unnecessary step will be removed from the tools as part of
separate CLs.
BUG=chromium-os:8378, chrome-os-partner:3309
TEST=signed a new recovery image, made sure it installs
Change-Id: Ic4308fba1355f67a3b2821ae7e8d438bf658b0d1
Reviewed-on: http://gerrit.chromium.org/gerrit/1648
Tested-by: Gaurav Shah <gauravsh@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
This is a temporary workaround for Tegra boards that don't reset the TPM
when the CPU is reset. It makes the firmware more lenient when execution
starts with an already locked TPM.
BUG=chromeos-partner:3574
TEST=none (yet)
Change-Id: If6a060595c1eb41e95e0935f8467de8bb6256b12
Reviewed-on: http://gerrit.chromium.org/gerrit/1429
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Nick Sanders <nsanders@chromium.org>
The error was:
arch/arm/lib/crossystem_arch.c: In function ‘VbReadSharedMemory’:
arch/arm/lib/crossystem_arch.c:134: error: format ‘%d’ expects type ‘int’, but argument 5 has type ‘long unsigned int’
BUG=none
TEST=(outside choot): cd src/platform/vboot_reference; make
Change-Id: I5e1f69abd125fe06cf6ae04a7946568bdbcef83e
Reviewed-on: http://gerrit.chromium.org/gerrit/1547
Tested-by: Doug Anderson <dianders@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
* including fmap header in fmap areas
* initializing blobs by string value
BUG=chromium-os:15633
TEST=emerge-tegra2_{seaboard,kaen} chromeos-bios
Change-Id: Ib87a3f60fb11804888c4bc023d595629e017f589
Reviewed-on: http://gerrit.chromium.org/gerrit/1427
Reviewed-by: Tom Wai-Hong Tam <waihong@chromium.org>
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
The types used in this file are based off of standard Linux header files for
32 bit x86 (i386) under the assumption that the types generated by gcc will be
the right size.
BUG=chrome-os-partner:3895
TEST=Built vboot_reference for x86-mario and saw it succeed.
Change-Id: I948652d4ecd50391ac8797efd91192d4c900a8ca
Reviewed-on: http://gerrit.chromium.org/gerrit/1337
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
Tested-by: Gabe Black <gabeblack@chromium.org>
U-boot and crossystem interpret the same switch state differently
for 'recovery mode' and 'write protect', This change adds the
ability to invert certan GPIO readings such that crossystem and
u-boot return the same values.
BUG=chromium-os:15393
TEST=manual
Running crossystem on the target with developer u-boot image:
- observe that recoverysw_cur reading matches recoverysw_boot and
wpsw_cur reading matches_wpsw_boot.
- try rebooting with recovery or developer mode buttons pressed,
observe the change in reported values of devsw_boot and
recoverysw_boot.
- observe reported values of devsw_cur and recoverysw_cur
following pressing of the buttons.
Change-Id: I628f59b60008719bbff1722d23154ce934af6c36
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/1193
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This change adds an additional (optional) section to the .yaml file which
can enumerate the names of the locales. If present, these names will be
appended to the end of the bmpblock and the (new) locale_string_offset field
in the BmpBlockHeader will point to it. The names are encoded as a series of
null-terminated ASCII strings. The end of the series is indicated by an
extra null (for example, "en_US\0fr\0\0" names two locales).
The BIOS does not use this information. Factory or OOBE could use it to
select the initiale locale for the BIOS screens from the list of locales
included in the BmpBlock.
BUG=chrome-os-partner:3868
TEST=none
Change-Id: I34fd9ece27343d56ec43772de975ac6f2ad7c9a6
Reviewed-on: http://gerrit.chromium.org/gerrit/1156
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Some tools (such as dumpe2fs) may reside in paths that are not in the system
non-root path.
BUG=chromium-os:13564
TEST=Can now run sign_official_build without sudo.
Change-Id: I48737e7735551c9004a6fa19359da664ca67b423
Reviewed-on: http://gerrit.chromium.org/gerrit/867
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
Also add --pad as a valid option to --repack and --verify, so that
kernels with larger-than-normal padding can be verified.
BUG=chromium-os:13720
TEST=see bug 13720
Using the supplied kernel images from the bug,
vbutil_kernel --verify 007 --debug
vbutil_kernel --verify 008 --debug
These should now fail with an error that the key block extends past the padding.
Next, supply a large enough padding size that the key block and
preamble fit. For example:
vbutil_kernel --verify 007 --pad 0x900000 --debug
vbutil_kernel --verify 008 --pad 0x900000 --debug
These should now make it past the padding check, and fail on a
subsequent test (for example, no kernel blob found).
Change-Id: I7ec32b4def29970e302bf922b96d3e206d97fe82
Reviewed-on: http://gerrit.chromium.org/gerrit/810
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
BUG=chrome-os-partner:3309
TEST=manual:
1. Extract a kernel partition from an image, for example, using
unpack_partitions.sh. Or if running this on a device, use /dev/sda2
or /dev/sda4 for the kernel filename.
2. vbutil_kernel --verify part_2
3. Note the data key version and kernel version printed. For example,
Data key version: 1
Kernel version: 3
4. Test specifying the same version. This should succeed.
vbutil_kernel --verify part_2 --minversion 0x00010003
5. Test specifying a higher data key version. This should fail with a
data key version error.
vbutil_kernel --verify part_2 --minversion 0x00020003
6. Test specifying a higher kernel version. This should fail with a
kernel version error.
vbutil_kernel --verify part_2 --minversion 0x00010004
Change-Id: I7b69041cf41527fc59ad29995135f30d9f496fac
Reviewed-on: http://gerrit.chromium.org/gerrit/792
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
BUG=chrome-os-partner:3698
TEST=manual
1. Run the firmware key/version autoupdate test; this rolls forward your stored TPM version numbers.
2. Put back the original firmware.
3. Reboot.
4. Press TAB at recovery screen.
5. Should see Recovery Reason 0x14.
Change-Id: I7791f594dbd8919e74d1e6b97b99775cf1e73d1d
Reviewed-on: http://gerrit.chromium.org/gerrit/567
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
With version 1.0, the BIOS displays its screens using composited images, but
we still have to create a new bmp image for every HWID. Version 1.1 lets us
render the ASCII HWID string directly, so the BIOS screens don't need
modification just because the HWID changes.
In the yaml file, we just replace the hwid image with a magic string, like
so:
bmpblock: 1.1
[...]
screens:
en_remove:
- [ 0, 0, remove_bg]
- [256, 534, en_model_text]
- [314, 534, $HWID]
- [192, 479, url]
- [195, 453, en_remove_text]
This change modifies the bmpblk_utility to accept and generate both 1.0 and
1.1 versions. It also updates the supporting scripts (most of which aren't
needed anymore) and adds a new DEFAULT.yaml file which can be used as the
basis for all locales.
BUG=chrome-os-partner:3264
TEST=none (manual)
Change-Id: I012349393848393928282
Reviewed-on: http://gerrit.chromium.org/gerrit/378
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
This CL builds upon earlier firmware and kernel changes (see CLs
related to the same bug, chromium-os:12522).
ARM firmware now simulates both Nvram storage and VDAT buffer, the
structures the x86 version uses extensively to communicate back and
forth between firmware/kernel/userland.
So, to make crossystem work on arm, all what's needed is to provide
architecture specific interface to Nvram and VDAT simulation, and
architecture specific processing for variables which are accessed on
ARM platforms in a different way.
The few discrepancies and platform specifics which had to be addressed
for ARM specifically are as follows:
- the Nvram contents are cached in the shared memory and available for
reading as part of /sys/kernel/debug/chromeos_arm. When writing
Nvram, the same file needs to be written, but only the 16 bytes
(representing the Nvram contents) are aacepted.
- the VDAT buffer also comes from the shared memory (as part of the
same sysfs file)
- when crossystem starts, it needs to read in this shared memory
contents, a` weak' function VbArchInit() is being added such that it
is provided on ARM platforms only, on x86 an empty stub is called.
- current developer/recovery request/ro firmware switch states are
retrieved through GPIO drivers. The GPIO numbers are defined in the
file, the GPIO driver is supposed to be configured before
crsossystem can operate.
- the BINF values are supplied through an array within shared memory,
it would be easy to refactor both x86 and ARM use the same code to
process BINF values, but with this submission the code is duplicated
to minimize x86 impact.
- the following crossystem variables do not have ARM equivalents,
thier values are reported as '(error)':
recoverysw_ec_boot
savedmem_base
savedmem_size
BUG=chromium-os:12522
TEST=manual:
. bring up a kaen system
. execute the following script to enable the appropriate GPIOSs:
for gpio in 56 59 168; do echo $gpio > /sys/class/gpio/export; done
. run `crossystem' and observe reasonable output values
. to verify that it reads GPIOs properly, try
echo $(./crossystem recoverysw_cur)
with the miniservo 'GOOG_REC' button pressed and released, observe
different readings (note that the state of the button is reversed,
the released button is reported as '1')
. to verify the write capabilities, note that the nvram contents can
be accessed using the following shell commands
echo 3 > /proc/sys/vm/drop_caches
2>/dev/null dd if=/dev/mmcblk0 of=/tmp/blk bs=16 count=1 && \
od -t x1 /tmp/blk | head -1
(the first command cause the device cache dropped, and the second
command accesses the device contents.
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
localhost var # echo $(./crossystem fwb_tries)
10
localhost var # echo 3 > /proc/sys/vm/drop_caches
localhost var # 2>/dev/null dd if=/dev/mmcblk0 of=/tmp/blk bs=16 count=1 && od -t x1 /tmp/blk | head -1
0000000 60 0a 00 be 00 00 00 00 00 00 00 02 00 00 00 a2
localhost var # ./crossystem fwb_tries=9
localhost var # echo $(./crossystem fwb_tries)
9
localhost var # echo 3 > /proc/sys/vm/drop_caches
localhost var # 2>/dev/null dd if=/dev/mmcblk0 of=/tmp/blk bs=16 count=1 && od -t x1 /tmp/blk | head -1
0000000 60 09 00 be 00 00 00 00 00 00 00 02 00 00 00 8a
localhost var #
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Change-Id: Ie4c6ff44441d98a42b1057953208fdb90c08f46d
Reviewed-on: http://gerrit.chromium.org/gerrit/113
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
BUG=chromium-os:14904
TEST=manual:
./create_new_keys.sh
verify that keys are created
edit key.versions to change versions to 10 20 30 40
./create_new_keys.sh
verify that keys are created with versions from the file
Change-Id: I459018267883557237ab4cc0de9b443242739346
make_dev_ssd is a powerful command bug may confuse developers by its behavior.
Adding sanity checks can prevent developers throwing their system into
un-bootable ste.
BUG=chromium-os:14219
TEST=./make_dev_ssd.sh -i some_images; # no check, pass
./make_dev_ssd.sh # see alert for live partitions
(with non-developer firmware) ./make_dev_ssd.sh --partitions 2 # seeing firmware warning
(with developer firmware) ./make_dev_ssd.sh --partitions 2 # pass, no warning
(with dev-signed normal firmware) ./make_dev_ssd.sh --partitions 2 # pass, no warning
./make_dev_ssd.sh -f # seeing 5 second condown alert screen and then continue
Change-Id: I7ae134c03899b2dc4a6d95f6d9091c38e6f8cf65
R=rspangler@chromium.org
Review URL: http://codereview.chromium.org/6870026
Also adding support for the xx-YY variants to the make_yaml_from_hwids
script, which required that I rename those directories from xx-YY to xx_YY.
Providing a default locale ordering for all locales, which is roughly
geographical.
Change-Id: I4919728a0a876b649cef9dec3a023d0263efe794
R=rspangler@chromium.org
BUG=chromium-os:13037
TEST=none
Review URL: http://codereview.chromium.org/6878074
Change-Id: I836796c45849c03172f2a4947f39302616d03f1b
BUG=none
TEST=manual - run on test platform, see alphabetized variables.
Review URL: http://codereview.chromium.org/6877054
Add the missing return statement to allow to tell between
different recovery reasons on legacy firmware.
Change-Id: I287e9d91dde040dd0edbe23422dc8914f81cc9f2
BUG=chromium-os:14295
TEST=manual
On a system with a chromeOS Flash USB drive plugged in:
- preserve currently running firmware
- corrupt both RW firmware sections
- restart the system (it comes up in recovery mode)
- login
- run `crossystem recovery_reason' and observe the result:
it used to print '66' before the fix, prints '3' after the fix.
- restore the firmware
Review URL: http://codereview.chromium.org/6879051
Developers may turn on developer switch, enter shell, and then try to run
make_dev_ssd without switching to developer firmware / dev root key.
And that would make the system showing "NO GOOD" or "INSERT" screen
after reboot.
For sanity check, we should check if firmware type is "developer" before running
make_dev_ssd.
BUG=none
TEST=(using normale firmware) make_dev_ssd # seeing the error messages
sudo chromeos-firmwareupdate --mode=todev; sudo reboot
(using developer firmware) make_dev_ssd # not seeing error
Change-Id: Id62959c91c39b0bbcca604c9e83fd087e3727b8b
R=rspangler@chromium.org
Review URL: http://codereview.chromium.org/6840047
Change the boot default option in partition 12 (ESP) when we want to disable
rootfs verification.
BUG=chromium-os:12424
TEST=./make_dev_ssd --remove_rootfs_verification --recovery_key -i USB_IMAGE
# the image is bootable by H2C and H2C BIOS(EFI).
# Not tried on non-EFI (syslinux) firmware, but it should work.
Change-Id: I7533bb73597041bbdc8cc57e4e8baaf6ca242309
R=wfrichar@chromium.org
Review URL: http://codereview.chromium.org/6813109
When we do perform firmware updates, we'd like to change the kernel subkey to ensure that new firmware and Chrome OS image stay in sync. This CL adds a scripts which makes it possible to do this revving in an automated manner.
The current versions rollback versions corresponding to the keyset are stored in key.versions. If we change the kernel subkey (to enforce firmware/Chrome OS lockstep), we must also update the firmware version. Similarly, since we modify the kernel subkey, we also generate a new set of kernel data keys. Thus, we also increment the kernel key version.
Change-Id: I364ab50bda115991dd4f69331d37291f66abbf36
BUG=chrome-os-partner:3274, chromium-os:8016
TEST=Manually tested using a newly generated keyset.
Review URL: http://codereview.chromium.org/6824059
Change-Id: I1c4240ebe5783ca923c310061e2a76947aa6601b
R=reinauer@chromium.org
BUG=chromium-os:14030
TEST=manual
On a Mario:
crossystem fwupdate_tries=3
crossystem fwupdate_tries # should be 3
cat /mnt/stateful_partition/.need_firmware_update # should be 3
crossystem fwupdate_tries=0
crossystem fwupdate_tries # should be 0
cat /mnt/stateful_partition/.need_firmware_update # should complain file doesn't exist
On a newer platform:
crossystem fwupdate_tries=3
crossystem fwupdate_tries # should be 3
cat /mnt/stateful_partition/.need_firmware_update # should complain file doesn't exist
crossystem fwupdate_tries=0
crossystem fwupdate_tries # should be 0
cat /mnt/stateful_partition/.need_firmware_update # should complain file doesn't exist
Review URL: http://codereview.chromium.org/6825047
