BUG=5654
TEST=manual
Case 1: Trying a new kernel which works
sudo cgpt add -P10 -T10 -S0 -i4 /dev/sda
Then reboot and
sudo cgpt show /dev/sda
See that tries is now 9 for /dev/sda4 (since the current ChromeOS
doesn't set the successful bit)
Case 2: Trying a new kernel which is bad
sudo dd if=/dev/zero of=/dev/sda4 count=1 conv=notrunc
Then reboot and
sudo cgpt show /dev/sda4
See that success=prio=tries=0 for /dev/sda4.
Review URL: http://codereview.chromium.org/3130040
Reference code drop-in to firmware should make our implementations of Memset() and SafeMemcmp() get used now.
BUG=chrome-os-partner:820
TEST=make && make runtests
Change-Id: If0c06dfad85b67398a118985cdb751d20b2b65a4
Review URL: http://codereview.chromium.org/3173035
I'm getting ready to add a bunch more cgpt tests. This is just to clear the
way.
Change-Id: I5cb781e85938b94da9c59528872ddfd386712726
Review URL: http://codereview.chromium.org/3162023
The exact firmware packaging is still very much in flux, not to mention current images don't have the firmware autoupdate package.
BUG=none
TEST=none
Change-Id: Idc60c2c9a8fbc83e0c786b4d4f96f371cdb4a49f
Review URL: http://codereview.chromium.org/3151027
1) kernel_subkey is one of the input parameters; not read off disk. KeyBlockVerify() now verifies it's not NULL unless we're only using the hash.
2) Added a check for kernel size vs. buffer size.
3) Added a check to make sure kbuf_sectors is nonzero.
BUG=chrome-os-partner:704
TEST=make && make runtests
Review URL: http://codereview.chromium.org/3186013
This is part of the proposed developer-mode installation process, where we
want to detect that whoever is fiddling with the hard drive has already
fiddled with it before. Otherwise, we'll make them wait a bit to prevent
drive-by updates.
BUG=chromium-os:5306
Change-Id: Ifd6dce69180fa818fe14dbc3b1ac3485fb15d1c9
Review URL: http://codereview.chromium.org/3122023
Also, make algorithm unsigned int in most places.
BUG=chrome-os-partner:701
TEST=existing RSA verification tests still pass
Review URL: http://codereview.chromium.org/3136017
The build signing script will now re-sign the chrome os AU payload in the image rootfs using the new keys. In addition, it will recalculate and update the RootFS hash (in the kernel partition) before re-signing the whole image using the new "official" keys.
BUG=3496, 5264
TEST=manual
>>>>>For testing rootfs hash updates
1) Ensure that image was build with the --enable_rootfs_verification flag
2) Mount the root file fs on the input image, and make a minor change to the root fs (e.g. adding a file)
3) Now boot from this image, drop into the shell and look for logs related to dm-bht in the dmesg output.
4) You should see dm-bht complaining about block hash mismatches
$ dmesg | grep dm
..... <dm-bht errors>.......
<errors of the form "dm-bht: Block hash match failed">
4) Now re-sign the modified image using the sign_official_build script. This will re-calculate and update the rootfs hash.
5) Boot from the re-signed image. Look at dmesg output.
6) You should see NO dm-bht errors.
>>>>>For testing re-signing of firmware payload
Grab the firmware autoupdate shellball from /usr/sbin/chromeos-firmwareupdate in the output image's rootfs partition (number 3). Extract the shellball (--sb_extract flag), and grab the firmware bios.bin from the temporary directory.
$ unpack_firmwarefd.sh bios.bin
$ vbutil_firmware --verify firmwareA.vblock --signpubkey KEY_DIR/firmware.vbpubk --fv firmwareA.data
[Verification should succeed]
$ gbb_utility -g bios.bin --rootkey=rootkey --recoverykey=recoverykey
"rootkey" should be the same as KEY_DIR/root_key.vbpubk
"recoverykey" should be the same as KEY_DIR/recovery_key.vbpubk
KEY_DIR: Directory containing the keys used to generate the output image.
Review URL: http://codereview.chromium.org/3083025
Changed TlclRead / TlclWrite to take void* / const void* to reduce typecasts.
Much restructuring of rollback_index.c.
Fixed a version-packing bug in rollback_index.c (& --> |)
BUG:chrome-os-partner:304
TEST:manual testing of all code flows on CRB
Review URL: http://codereview.chromium.org/3084030
Also, update the usage with examples.
BUG=5581
TEST=tested with "quoted arguments with spaces"
Change-Id: I4d3db4f9d4bf254069f08e8154d650d6ce4551f0
Review URL: http://codereview.chromium.org/3164010
Also, rename the script to reflect its specific purpose.
BUG=5580
TEST=ran on an image, installed and tested with new password
Review URL: http://codereview.chromium.org/3175003
Make vbutil_keyblock handle unsigned blocks. Also enable --unpack option and
add tests for it.
Modify vbutil_kernel to allow unsigned keyblocks, correct usage message,
and fix the --debug option which was somehow disabled.
Update load_kernel_test to accept /dev/null for the public key, to test
non-signed kernel keyblocks.
Review URL: http://codereview.chromium.org/3124004
Also fix a few comments, and make extra debugging work when compiled
in firmware.
BUG=none
TEST=make && make runtests; all pass
Review URL: http://codereview.chromium.org/3007036
Since the kernel vblocks are always padded out to a fixed size, the unused (padded) memory was ending up containing random bytes, leading to vbutil_kernel generating vblocks that are not bit-identical when run with the same inputs.
BUG=none
TEST=see below
1) Use vbutil_kernel with the same set of inputs to generate two alternative vblocks.
2) Compare the 2 files - they must be bitwise identical space. The padding bytes must all be set to 0.
3) Generate a new signed image using the resign_image.sh script under scripts/image_signing. This signed image should be boot and install successfully on a maching running our custom firmware using the same set of root, firmware, and kernel keys.
Review URL: http://codereview.chromium.org/3076033
The script sign_official_build.sh does the appropriate signing depending on whether an ssd, recovery or factory-install image is desired.
Also re-factors some common functionality into common.sh.
BUG=3496
TEST=manual
I haven't had a chance to test this on an actual machine running our firmware but will do that before I actually check-in. Thoughts I'd atleast get this out to get the review going.
Review URL: http://codereview.chromium.org/3066034
Forgot to propagate the use of area_offset= pattern for ouput parsing to the unpacking script.
BUG=none
TEST=Tested by running on a firmware image with flashmap enabled. Correctly parsed the section offsets and sizes and output them to files.
Review URL: http://codereview.chromium.org/3050019
Also add a script for splitting a firmware image into component firmware data, vblocks and the GBB.
Note: The script uses fmap_decode, a utility to parse flashmap of a firmware image, and a part of the flashmap project:
http://code.google.com/p/flashmap/
BUG=3496
TEST=Tested with newer builds of firmware images with flashmaps enabled. Steps to verify:
1) Use script to re-sign an existing image with a new set of keys.
2) Use unpack_firmwarefd.sh to get individual firmware data and vblocks.
3) Use vbutil_firmware with the new keys. Verification should succeed with
the newer keys but fail with the older ones.
Review URL: http://codereview.chromium.org/3026018
For use on our signing servers. May merge this with other scripts once we drill down the right workflow.
BUG=3496
TEST=Just a wrapper around vbutil_kernel and works as intended.
Review URL: http://codereview.chromium.org/3020023
LoadKernel already returns the partition number for the selected kernel.
This change makes it also return the GPT Entry's UniqueGuid, which will
eventually be passed to the kernel itself, so the kernel can determine which
of several possible devices it has booted from. It doesn't know for certain
because the BIOS and the kernel may enumerate the devices in a different
order.
BUG=chromium-os:4984
Review URL: http://codereview.chromium.org/3056014
load_kernel_test was failing because it wasn't setting
params->kernel_buffer_size before calling LoadKernel(). This fixes that,
plus adds some checks to LoadKernel so that it will notice bad params if it
happens again.
Review URL: http://codereview.chromium.org/3060004
