This mirrors the change made for cros_make_image_bootable.
BUG=chromium-os:9578
TEST=manually ran verify on signed images including those with known rootfs corruptions.
Change-Id: I5dfdf1bfa975fbbbb4e010cd2adc6a3a7f08da15
Review URL: http://codereview.chromium.org/5367004
Change-Id: Ib12405f968af11ad75a6429ae9ebe502dde5bf92
BUG=chrome-os-partner:1591
TEST=make && make runtests
(This is already in the firmware; I'm just copying it back into vboot reference)
Review URL: http://codereview.chromium.org/5312003
http://code.google.com/p/chromium-os/issues/detail?id=9279
This issue disclosed a bug of cgpt. The bug comes from the 'show' command always
reads the primary entry table when '-i partition' is specified. I added an
ANY_VALID constant for GetEntry to automatically select valid entry table.
Also fixed the bugs in cmd_boot.c and cmd_find.c. In cmd_add.c, stop user to
continue if any header/entry table is invalid.
Also fixed the bug that untrusted header size could cause segmentation failure.
Hungte, this is FYI. But welcome to do review.
BUG=chromium-os:9279
TEST=RUNTESTS=1 emerge-x86-generic vboot_reference
Manually tested:
cgpt show /tmp/test -i 1 -b
cgpt show /tmp/test
cgpt add /tmp/test -i 1 -l TEST
cgpt find /tmp/test -l STATE
cgpt boot /tmp/test -i 1
Change-Id: Iaba9c635754096a82b3ec74634af184362d4e264
Change-Id: I6f3e87e3998457676e3388d2a6ed36c0564796d8
Review URL: http://codereview.chromium.org/5115002
Change-Id: I2e325ff9bd53fdaeb69c2d115c30785d6ca09b57
BUG=chromium-os:7178
TEST=manual:
Both in host and chroot environments:
. run `make clean && make && make runtests' in the top
directory
. observe the following being added in the end of the
report:
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
./gen_fuzz_test_cases.sh
Generating test image file...
1+0 records in
1+0 records out
500000 bytes (500 kB) copied, 0.0790024 s, 6.3 MB/s
Generating test bootloader file...
1+0 records in
1+0 records out
50000 bytes (50 kB) copied, 0.00921653 s, 5.4 MB/s
Generating test config file...
1+0 records in
1+0 records out
3000 bytes (3.0 kB) copied, 0.000618682 s, 4.8 MB/s
Generating key blocks...
Generating signed firmware test image...
Generating signed kernel test image...
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Review URL: http://codereview.chromium.org/4687007
BUG=chromium-os:8621
TEST=See below
1. Build and run tests of vboot (including linktest)
$ make && make runtests
2. Check if *_stub.o are not in vboot_fw.a
$ nm /build/<board>/usr/lib/vboot_fw.a | grep _stub.o
3. Build and boot x86-generic image
$ ./build_packages --board=x86-generic && ./build_image --board=x86-generic
(Then successfully boot the image you just built)
See CL=4372001 for u-boot side changes
Review URL: http://codereview.chromium.org/4266002
Change-Id: Icc2bcc551c998f370e4b737fbe442ebf029cd81c
The remove_rootfs_verification was corrupted by several issues:
1. enable_rw_mount (ext2 RO bit hack) should be performed on every rootfs
and only after we successfully resigned the kernel.
2. for latest images, we must first resign again before changing
boot parameter, otherwise verification would fail.
Both fixed and verified.
BUG=chromium-os:8629
TEST=(1)built a ToT image, install by USB boot, then
./make_dev_ssd --remove_rootfs_verification; then reboot.
rootdev shows /dev/sda3 and is writable.
(2)install by factory setup and then wipe so that root = sda5
./make_dev_ssd --remove_rootfs_verification; then reboot.
rootdev shows /dev/sda5 and is writable.
Change-Id: I27d92964f3fbe160a207069a39516a879de64245
Review URL: http://codereview.chromium.org/4525002
Earlier we used to reuse the recovery kernel data key in the installer, however now we make them different, and so installer keyblock nolonger corresponds to the recovery kernel data key. This CL fixes that.
BUG=7202
TEST=manually tested by using the new key generation scripts, and verifying that the old install signing no longer worked. Making the fix again makes the image verify only in dev mode.
Change-Id: Ic83e90397132da9f88b36e69198773350eb3691f
Review URL: http://codereview.chromium.org/4527004
This adds an optional --force argument which is needed if one attempts to change the password on an image where it is already set.
BUG=chrome-os-partner:1460
TEST=manually tested
Change-Id: I56a95fe4d699ce02c7a68e5be14cc7dce0609a54
Review URL: http://codereview.chromium.org/4480001
BUG=chromium-os:8686
TEST=manual
Follow all the steps to validate
http://code.google.com/p/chromium-os/issues/detail?id=8679
While booted from the USB image, open a shell and run (as chronos)
/usr/sbin/chromeos-install
Reboot, and the device should boot the image installed from the USB.
Change-Id: Iedd595de8dbafabb3e9c8b638cb7e75eea02f165
Review URL: http://codereview.chromium.org/4457001
We still need a way to re-sign non-installer images so that they can be
booted directly from USB.
BUG=chromium-os:8679
TEST=manual, from within the build chroot
Obtain a chromiumos_base_image from buildbot or your own build. Ensure that
it's signed with the dev-keys (it should be).
Modify it somehow. For example:
(cros-chroot)$ cd src/platform/vboot_reference/scripts/image_signing
(cros-chroot)$ ./set_chronos_password.sh chromiumos_base_image.bin mypassword
Now resign the image:
(cros-chroot)$ cd src/platform/vboot_reference/scripts/image_signing
(cros-chroot)$ ./sign_official_build.sh usb chromiumos_base_image.bin \
/usr/share/vboot/devkeys usb_image.bin
Then copy the usb_image to a USB stick:
sudo dd if=usb_image of=/dev/WHATEVER
The resulting USB stick should boot in recovery mode, and assuming you
changed the password as shown above, should let you use that password to get
a shell.
Change-Id: I3aaa2b8787c52940249fd15007e075de7e017d78
Review URL: http://codereview.chromium.org/4424003
Maximum output size is the signature size.
BUG=7676
TEST=manual
1) Verified that earlier outbufsize value was more than what the external signer would return.
2) Re-ran run_vbutil_tests.sh
Change-Id: I180cfea7625ee09a51709d8f7735884c32b8b409
Review URL: http://codereview.chromium.org/4251006
BUG=chrome-os-partner:1573
TEST=Manually tested with the latest signed release build. Recovery installer successfully completed and installed the image on the SSD.
Change-Id: I92706e957a1d339db516600ef0d86141d914b0d2
Review URL: http://codereview.chromium.org/4262004
This change makes dumpRSAPublicKey directly accept a public key in PEM format. This makes it possible to avoid the unnecessary step of generating a self-signed certificate to dump the public key in .keyb format.
The old style certificate input is still accepted.
Using certs (as done previously):
dumpRSAPublicKey -cert <certfile>
Directly using public keys:
dumpRSAPublicKey -pub <pubfile>
Change-Id: Ic35b59aff6613d145d7947212650da281f734b74
BUG=7576
TEST=manual
$ openssl genrsa -F4 -out test.pem 4096
$ openssl rsa -in test.pem -out test.pub
$ dumpRSAPublicKey -pub test.pub >test.pub.keyb
Verify that this matches the output we get using the old style <cert> input.
$ openssl req -batch -new -x509 -key test.pem -out test.cert
$ dumpRSAPublicKey -cert test.cert >test.cert.keyb
$ diff test.pub.keyb test.cert.keyb
$
Review URL: http://codereview.chromium.org/4215006
Also provide a bit more output, stop and tell us if it's not running on a
Chrome OS BIOS.
Change-Id: I0e6a5680ec050b3f4d0a5c7adc87ca2441ba6d06
BUG=chromium-os:8236
TEST=manual
From a root shell, run "dev_debug_vboot --cleanup", then look in
/tmp/dev_debug/. You should see only the file noisy.log
Review URL: http://codereview.chromium.org/4108012
This allows signing using a .pem file using an external program.
It is assumed that the external program reads input from stdin, and outputs signed data on stdout. It takes one argument - the file name for the .pem private key reference. See external_rsa_signer.sh for an example external program.
Example usage:
vbutil_keyblock --pack 4096.keyblock \
--datapubkey 4096.vbpubk \
--signprivate_pem 4096.pem \
--pem_algorithm 8 \
--externalsigner "external_rsa_signer.sh"
I have tried to make the change such that it doesn't impact existing tools/interfaces (since these are used at various places). That said, I am aware of the places where we could just extend an old interface an avoid code duplication but thought I'd put that re-factoring in as a TODO for now. Let me know if you disagree and I can merge them (and changing the existing interface).
BUG=7576
TEST=Extended run_vbutil_tests.sh to test vbutil_keyblock packing using an external signer.
To test, make && make runtests (or just run tests/gen_test_keys.sh; tests/run_vbutils_tests.sh)
Review URL: http://codereview.chromium.org/4194003
Change-Id: I7cc52c8293c04ef9ba074794d046c9a4f19f6bdd
This CL modifies the bitmap generation script as follows:
- allow to specify required geometry of the images and to
generate a single set per FWID instead of generating all
geometries for all FWIDs
- store the images and the zip archive in a directory with
the name derived from FWID.
The CL also adds a wrapper, which given the path to the tree
containing already released GBB firmware volumes would find
all valid (as verified by the CRC in the file name) FWIDs
and generate new images for all detected FWIDs.
The geometry of the generated images is based on the FWID
contents, Marios get 1280x800 and ZGAs - 1366x768.
Once this script stops running, the scripts/bitmaps
directory contains a set of subdirectories, one per
generated set of images.
Another script ran by cygwin on a windows machine was used
to pick up all image sets and regenerate GBB firmware
volumes, will be published under a separate CL.
BUG=chrome-os-partner:792
TEST=see below:
Ran the following command:
./process_all_targets.sh ../../../chromeos-internal/third_party/autotest/files/client/site_tests/
After command completed, the following out_* directories showed up:
(bitmaps 144) ls -1d out*
out_ACER_ASPIREONE_001_8012/
out_ACER_ASPIREONE_001_DEV_0393/
out_ACER_ASPIREONE_002_0710/
out_ACER_ASPIREONE_002_DEV_1017/
out_IEC_MARIO_FISH_2330/
out_IEC_MARIO_PONY_6101/
out_IEC_MARIO_PONY_DEV_3342/
out_IEC_MARIO_PONY_DVT_8784/
out_IEC_MARIO_PONY_EVT_3495/
out_IEC_MARIO_PONY_PREDVT_6766/
with typical directory contents as follows:
(bitmaps 145) tree out_ACER_ASPIREONE_001_8012/
out_ACER_ASPIREONE_001_8012/
|-- 1366x768.zip
|-- BlankBmp
| `-- BlankBmp.bmp
|-- DeveloperBmp
| `-- DeveloperBmp.bmp
|-- RecoveryBmp
| `-- RecoveryBmp.bmp
|-- RecoveryMissingOSBmp
| `-- RecoveryMissingOSBmp.bmp
`-- RecoveryNoOSBmp
`-- RecoveryNoOSBmp.bmp
5 directories, 6 files
Review URL: http://codereview.chromium.org/4147008
Change-Id: I58265ddf26f2e93b9057fe6b95fb3c1b98e82e99
Add NVRAM-hogging DOS attack.
Change-Id: Ia178e42539a771747ab8a96560eb2d374ed07904
BUG=none
TEST=passes included test
Review URL: http://codereview.chromium.org/4183005
Change-Id: I4620966554ca26ea91b01e65fd441c9c09db2a83
BUG=chrome-os-parter:792
TEST=none
As with every previous change to the BIOS bitmaps, you'll have to
1) get a new factory-install shim with the bitmaps embedded
2) run the factory-install shim to change the screens on the device
3) boot in developer and/or recovery mode to see the screens
There is no direct test for this particular bug alone.
Review URL: http://codereview.chromium.org/4158003
Reuses the --keyblock argument to output a keyblock if used
during Verify().
TEST=built, ran on a kernel; check if it worked for cgpt find -M :)
BUG=chromium-os:7451
Change-Id: Ibf1365dbdaeaf87442e0d12d048bc070f35662ad
Review URL: http://codereview.chromium.org/4160001
* Display only the synopsis on stdout
* Keep a verbose log of all activity in the scratch directory.
* Add more checks
* Providing a directory argument will use the images found there instead of
trying to extract them from the system (for use on host machines).
Change-Id: I065a18c9467c625cc33484ee5556d955dc79b01d
BUG=none
TEST=manual
Get a root shell and run "dev_debug_vboot". You should see nicer output.
Review URL: http://codereview.chromium.org/4106001
Display keyblock information, even if not checking the signature.
Change-Id: Ie96ac39e2598fdfdc49898f92fd528edefd36313
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/3602014
TBR=none
The rootfs offset was not converted to bytes. This changes fixes that.
BUG=none
TEST=ran it on an image and it found the ext2 magic
Change-Id: I814c3b89bf5246e3ceab851f80c4a4d4d7e63919
Review URL: http://codereview.chromium.org/4071002
Copies the helpers from crosutils.git/common.sh but uses
printf with octals for portability. This should update all
locations where we mount root rw and disable_rw_mounts just before
a final sign.
TEST= in progres; plz help :)
BUG=chromium-os:7972
Change-Id: Ibdd23cb30335942c36d537663aabea605a2f8704
Review URL: http://codereview.chromium.org/3987001
Change-Id: I3f18081bda888a0fa6f56a67d0cef17268014706
BUG=chromium-os:6714
TEST=manual by enabling ROLLBACK_TPM in firmware/Makefile (did not test by compiling under MSVC)
Review URL: http://codereview.chromium.org/3973001
SAFT testing requires changing kernel version to one level
below the current value (set to 1). This change allows
version number set to zero for test purposes.
Change-Id: Ia6f11578d9a6bc8c5544c56413c5589011d6334a
BUG=chromium-os:1976
TEST=manual
Ran `vbutil_kernel --repack --version 0 <other params>'
it used to fail, now it succeeds. This is also verified by
using in http://codereview.chromium.org/3781016 to support
TPM testing.
Review URL: http://codereview.chromium.org/3968006
Provide more clear instruction on how to use the backup files,
and to try more effort to store backup files
BUG=none
TEST=emerge-x86-generic vboot-reference; executed make_dev_firmware and got correct message
Change-Id: I2062f45dd3019d0e56adc18bdd1861991aafe5ed
Review URL: http://codereview.chromium.org/3785014
This matches the calls in firmware version 0037.
BUG=none
TEST=manual
Review URL: http://codereview.chromium.org/3859002
Change-Id: I3b45051dec3f4f45414802b39122c8d52c4d62f1
Found a trailing space in souce comments, remove it for coding style (and to
force ebuild version bump)
BUG=none
TEST=none
Change-Id: Ie7cb295085b73fe9e274a89e5b4ee5eda9aae66f
Review URL: http://codereview.chromium.org/3799006
The make_dev_ssd.sh is made for devinstall shim to
change SSD kernels to be signed by dev keys.
- Kernel A, B will be resigned with dev keys (ignore if A/B seems not bootable)
- Adding param --remove_rootfs_verification can even disable rootfs hash check
This CL also includes some shared refine/fix to make_dev_firmware.sh
BUG=chrome-os-partner:1276
TEST=sudo ./make_dev_ssd.sh; (seeing Kernel A is resigned and B is ignored)
then reboot without developer mode (OK),
rootdev shows /dev/dm-0, rootdev -s shows /dev/sda3
sudo ./make_dev_ssd.sh --remove_rootfs_verification;
then reboot without developer mode (OK), rootdev shows /dev/sda3
Change-Id: Ic20f734b2af42e50a43c19a565a166a39d57a7fd
Review URL: http://codereview.chromium.org/3772013
To extend the usage of tag_image, added --forget_usernames and --leave_core.
Output is also refined to clarify the category of each tag parameters.
BUG=none
TEST=./tag_image.sh --from $PATH_TO_IMAGE; leave_core seems working fine.
Change-Id: I7c6517bc98af260411518c743093ade3124b76b9
Review URL: http://codereview.chromium.org/3796003
The make_dev_firmware.sh is made for devinstall shim to
change firmware rootkey/HWID/BMPFV smoothly.
- HWID will be changed to "$ORIGINAL_FWID DEV" (no change if already postfixed
with DEV)
- rootkey/recoverykey will be changed by keyset from --keys
- FVMAIN/FVMAINB will be resigned by keyset from --keys
- BMPFV will be changed to anything assigned by --bmpfv
If --from and --to are omitted, the system firmware will be changed.
A new ebuild is be created to put all resources (bmpfv and keyset) into devinstall shim (ref: http://codereview.chromium.org/3776003)
BUG=chrome-os-partner:1276
TEST=sudo ./make_dev_firmware.sh --from input_bios.bin --to output_bios.in \
--keys ../../tests/devkeys --bmpfv some_bmpfv.bin
HWID is changed from "XXX MARIO EVT DDDD" to "XXX MARIO EVT DDDD DEV".
System can then boot a USB signed with devkey without developer mode.
Change-Id: Id80126495dcbf4d993a4372af645580cd4b60ca6
Review URL: http://codereview.chromium.org/3822002
If you try to read a file that's all zeros, it tries to read a zero-length
kernel blob, fails to do so (or suceeds with an empty result, depending on
your point of view), and prints
ERROR: Unable to read kernel blob from <file>: Success
That's not very helpful.
This change makes it say
ERROR: No kernel blob found
instead.
Change-Id: I841ec6e288f47cd9b1f8e9ca1e6da0741ad20e9f
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/3764004
Change-Id: I7a77a7cd9d51238da314b09b3ac18b9dabeaa610
BUG=6061
TEST=successfully built and ran the autotest
Review URL: http://codereview.chromium.org/3593012
1. Check for potential integer overflow in sector_bytes * sector_count.
2. Added O_NOFOLLOW to open() call - Is this enough?
3. Passing buffer length to GuidToStr(), PMBRToStr().
4. Use unsigned int in GetEntry() to determine stride.
5. Address conversion between UTF16 and UTF8.
Note: The UTF conversion is complex and troublesome, and needs careful
consideration to get right. For now, I've just forced the interpretation of
the partition name to 7-bit ASCII. That's sufficient for the needs of Chrome
OS, and I can file a new issue to handle UTF correctly.
BUG=chrome-os-partner:705
TEST=manual
Running "make runtests" invokes the tests/run_cgpt_tests.sh script, which checks the behavior and output of the cgpt tool.
Review URL: http://codereview.chromium.org/3594010
Change-Id: I5fd29796d8c929527e0cfbc6d5ccbcdc77502c6b
RFro TPM rollback testing we need to be able to change kernel
version number. This Cl adds this ability to the
vbutil_kernel utility.
Change-Id: I156df9b0d3467043c20a43e1c75e6d0222704f3a
BUG=chromium-os:1976
TEST=manual
1. On a target running off /dev/sda3 (as reported by
'rootdev -s') execute `/usr/bin/dev_debug_vboot' and take
note of the kernel version number in the output section
starting with 'TEST: verify HD kernel A with firmware A key',
under 'Preamble' it should read
'Kernel version: 1'
2. copy the kernel into a file:
dd if=/dev/sda2 of=/tmp/kernel
3.on the desktop (this step requires ssh setup to use the
correct keys to reach the target):
scp tests/devkeys/kernel_data_key.vbprivk <target>:/tmp
3. Modify kernel version
vbutil_kernel --repack /tmp/repacked.k --version 2 --signprivate /tmp/kernel_data_key.vbprivk --oldblob /tmp/kernel
4. Install the updated kernel
dd if=/tmp/repacked.k of=/dev/sda2
5. restart the system
6. Observe that it came up using /dev/sda3 as the root
file system
7. run /usr/bin/dev_debug_vboot and observe that the kernel
version is no set to 2
Review URL: http://codereview.chromium.org/3520019
