Ryu will store a hash of the GBB root key in a struct inside its boot
block. Add a vb2_ryu_root_key_hash struct for that.
If 'futility gbb_utility' is used to set the root key, also look for a
root key hash struct and fill it in. No error if not found, because
this needs to work on other platforms where the struct is not present.
This way, we don't need to change the signing scripts.
Added a --roothash option which can be used to check if the root key
hash is found, and if so, whether it's empty, valid, or invalid.
BUG=chromium:511405
BRANCH=ryu
TEST=manual
Take any existing image.bin.
cp image.bin image.orig
gbb_utility --roothash image.bin
- ryu root hash not found
Extract the root key
gbb_utility -k rootkey.bin image.bin
- exported root_key to file: rootkey.bin
Now, append a blank ryu root hash struct to it
echo '0000000: 5274 4b79 4861 7368 0100 0000 3000 0000' | xxd -r >> image.bin
echo '0000000: 0000 0000 0000 0000 0000 0000 0000 0000' | xxd -r >> image.bin
echo '0000000: 0000 0000 0000 0000 0000 0000 0000 0000' | xxd -r >> image.bin
Nothing is set yet
gbb_utility --roothash image.bin
- ryu root hash is unset
Setting the root key also sets the root hash
gbb_utility -s -k rootkey.bin image.bin
- import root_key from rootkey.bin: success
- calculate ryu root hash: success
successfully saved new image to: image.bin
See, it verifies
gbb_utility --roothash image.bin
- ryu root hash verified
Now, append a bad ryu root hash struct to it
cp image.orig image.bin
echo '0000000: 5274 4b79 4861 7368 0100 0000 3000 0000' | xxd -r >> image.bin
echo '0000000: 0001 0000 0000 0000 0000 0000 0000 0000' | xxd -r >> image.bin
echo '0000000: 0000 0000 0000 0000 0000 0000 0000 0000' | xxd -r >> image.bin
See, it fails
gbb_utility --roothash image.bin
- ryu root hash does not verify
Make sure the library doesn't contain the magic string
strings `which futility` | grep RtKyHash
(should be no output)
Change-Id: Ib46f93cac0f2b532bada4b187ae48efcf4926702
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/286237
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
This suppresses following 'maybe-uninitialized' gcc 4.9.2 errors:
CC futility/futility.o
futility/futility.c: In function ‘do_help’:
futility/futility.c:262:2: error: ‘vstr’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
printf("The following %scommands are built-in:\n\n", vstr);
^
cc1: all warnings being treated as errors
host/lib21/host_misc.c: In function ‘vb2_str_to_id’:
host/lib21/host_misc.c:154:14: error: ‘val’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
id->raw[i] = val;
^
cc1: all warnings being treated as errors
BUG=none
BRANCH=none
TEST=compile, run unit tests
Change-Id: I6b9d19f2d6e9deb2010dd22602d2a3310f4db335
Signed-off-by: Anatol Pomazau <anatol@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/265370
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Anatol Pomazau <anatol@google.com>
Tested-by: Anatol Pomazau <anatol@google.com>
vboot currently uses the |SHA256_CTX| name, which is claimed by OpenSSL.
To work around this, it defines OPENSSL_NO_SHA, but that can't be done
at compile time:
The OPENSSL_NO_* defines are set by OpenSSL to reflect the configuration
that it was built with so that users of OpenSSL can disable features as
needed. They can affect the contents of structures any thus the ABI of
the library.
If these defines are set outside of OpenSSL, then the library and the
code that uses it will have incompatible ABIs. At that point it's only
functioning by blind luck.
This change renames the name-collisions so that this hack isn't needed.
This is the same change as was made internally in cl/85758149.
BUG=none
BRANCH=none
TEST=emerge-samus coreboot; make runtests
Change-Id: I709da2507f341896d89d50129ce30ffb111a20d1
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/263506
Reviewed-by: Randall Spangler <rspangler@chromium.org>
The USB Type-C chargers released with Samus ("Pixel (2015)") have
upgradable firmware. Those firmware images are currently signed
by some custom scripts. This adds support for those images to
futility, so that those custom scripts can be replaced.
Note that due to space considerations, the usbpd firmware images
don't have room for handy things like an FMAP or headers for the
signatures. Accordingly, all the normally variable factors (image
size, signature algorithms, etc.) are hard coded and the image
itself just looks like a bunch of random numbers. Because of
this:
1. There's no way to recognize this type of file, and nothing to
display about it.
2. You have to give the "--type usbpd1" arg to the sign command.
3. I'm designating this file type "v1" because I hope that the
firmware for any future adapters will be more readily
identifiable.
BUG=chromium:231574
BRANCH=none
TEST=make runtests
This adds a new test that signs usbpd1 firmware images using
futility, and compares the result to the same files signed by the
custom scripts, ensuring that they are bitwise identical.
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: Idbe061db5b3c8e474ada47b40bcbe04bbecdba3a
Reviewed-on: https://chromium-review.googlesource.com/262899
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This moves the functions that handle BIOS file types into a
separate set of source files. BIOSes are constructed from other
components arranged in particular ways, so they shouldn't be
mixed in with the code specifically for those components.
BUG=chromium:231574
BRANCH=none
TEST=make runtests
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: I15c3fec61498925f9b8c672092fd97e7ea2d90e9
Reviewed-on: https://chromium-review.googlesource.com/262898
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This declares the options for the sign and show commands in a
header file.
We want to split the code for logically separate file types into
separate source files, but we don't want to have multiple
option-parsing routines, so that we can be sure we're using the
same option names consistently (for example, --hash_alg always
takes the same args and means the same thing).
BUG=chromium:231574
BRANCH=none
TEST=make runtests
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: I939bd19ba199b4c44eb41cff3571cff88df9a181
Reviewed-on: https://chromium-review.googlesource.com/262896
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This allows the user to manually specify the type of an input
file, since not all file types can be reliably identified.
This also adds a test to ensure that futility doesn't coredump if
you give it the wrong type (although I'm sure it's not exhaustive).
BUG=chromium:231574
BRANCH=none
TEST=make runtests
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: I9d909305d9989fe7299e744c585de380109cf8cd
Reviewed-on: https://chromium-review.googlesource.com/262895
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Instead of calling futil_traverse() to iterate through a preset
list of functions, this establishes a separate show() and sign()
function for each type of file.
The only significant change is that walking through the FMAP areas
within BIOS images is done in BIOS-specific functions instead of
that being the "normal" case with every other type of file
skipping that traversal.
This is a refactoring only. There is no externally visible change.
BUG=chromium:231574
BRANCH=none
TEST=make runtests
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: I7080afb43e35308c8bb618793c8382c2efb3d6a1
Reviewed-on: https://chromium-review.googlesource.com/262894
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This is preparation for a refactoring of how files are traversed.
file_type.inc will specify functions to recognize, show, or sign
each type of file.
This change puts the recognizer functions in file_type.inc, but
just stubs out the show and sign commands.
BUG=chromium:231574
BRANCH=none
TEST=make runtests
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: I1596a21319a8fb1182537abdf9be0196bef4b84b
Reviewed-on: https://chromium-review.googlesource.com/262893
Reviewed-by: Randall Spangler <rspangler@chromium.org>
It's more useful to see the debug messages interleaved with the
regular output instead of going to a separate stream.
BUG=none
BRANCH=none
TEST=make runtests
Try:
futility --debug show tests/futility/data/bios_zgb_mp.bin | less
Change-Id: I43526821fc93b2af4d6d01b3bc2465e5b9672e26
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/262717
Reviewed-by: Randall Spangler <rspangler@chromium.org>
The help message for the sign command is much too long. This
breaks it into several subcategories.
BUG=none
BRANCH=none
TEST=make runtests
futility help sign
futility help sign pubkey
futility help sign fwblob
futility help sign bios
futility help sign vmlinuz
futility help sign kernel
Change-Id: I3e12b2cfdfb17a77c171f925a53748efb1d6c440
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/260496
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Instead of a separate help function for each command, let's just
require each command to handle a --help option. This will make it
easier to layer the commands (for example, "sign" could have
several subcommand variants, each with its own help).
BUG=none
BRANCH=none
TEST=make runtests
I also compared the result of running "futility help CMD" before
and after this change. The help still shows up correctly.
Change-Id: I5c58176f32b41b0a2c2b8f0afb17dddd80fddc70
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/260495
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Some of the help messages are getting pretty long. We should
allow each command to provide additional help details only when
asked.
BUG=none
BRANCH=none
TEST=make runtests
I also compared the help messages for all commands, both before
and after this change to ensure that nothing was different.
Change-Id: Ibe92ec80f99d286886fe020c9d826a5a05556471
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/260494
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Some commands look for a --debug option, others don't. The
feature is implemented globally, so let's parse it as a global
option.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: I3b169e4a1b93443786913276651113d1c915a834
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/258500
Reviewed-by: Randall Spangler <rspangler@chromium.org>
We want a quick and human-friendly way to match keys with
signatures, so we decided to give each key a unique GUID and
carry that ID around when signing things.
But then we realized that we could autogenerate a unique
identifier from the .pem file itself, which is even better
because then we can match our binary keypair structs with the
openssl file used to generate them.
This change replaces the GUID id with a sha1sum calculated from
the public key's "keyb" blob.
BUG=none
BRANCH=none
TEST=make runtests
Also:
futility show tests/testkeys/key_rsa4096.pem
futility create tests/testkeys/key_rsa4096.pem foo
futility show foo.vbp*
Note that the GUID is the same for all files.
Change-Id: Ie44e46c83433718b1ff0163c1e7c51ec331b99f9
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/256181
Reviewed-by: Randall Spangler <rspangler@chromium.org>
We use the .pem files to generate our public and private key
files. Since we display the sha1sums of those files to help keep
track of them, we might as well also display the same information
about the RSA .pem files, too.
BUG=chromium:231574
BRANCH=none
TEST=make runtests
futility show tests/testkeys/*.pem
Change-Id: Ibfd1e016d65981d477ed7d117d23dedf48b95873
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/246769
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Because all of our private key structs carry around the openssl
struct rsa_st data blobs, we can use those blobs to extract the
corresponding public key and generate a digest of it.
This lets us match our public and private keys without having to
rely on the filenames. There's no crypto verification without
actually *using* them, of course, but it's handy for quick reference.
BUG=chromium:231574
BRANCH=none
TEST=make runtests
This also adds a test to ensure that all the public and private
keys generated from the same .pem file have the same sha1sums.
Change-Id: If83492437e3ef37f7c4ebca4675336b75f631901
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/246768
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This enhances the futility show command to recognize and identify
our public and private key files, for both the old vboot 1.0
format and the new vboot 2.1 format.
BUG=chromium:231547
BRANCH=ToT
TEST=make runtests
vboot 1.0:
futility show tests/devkeys/*.vbp*
vboot 2.1:
futility create tests/testkeys/key_rsa2048.pem foo
futility show foo.vbp*
Change-Id: I9d7641db03e480b416790a7da6b473215444128a
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/246767
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This command reads a single .pem file and emits the public and
private keys generated from it. It can produce both the old-style
vboot 1.0 keys (.vbpubk and .vbprivk), or the new vboot 2.1
format keys (.vbpubk2 and .vbprik2). The default is the new
format, but you can give futility the --vb1 arg to force the old
format.
A test is included.
BUG=chromium:231547
BRANCH=ToT
TEST=make runtests
Change-Id: I4713dc5bf34151052870f88ba52ddccf9d4dab50
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/246766
Reviewed-by: Randall Spangler <rspangler@chromium.org>
The host-side futility tool will need to support all extant vboot
implementations. Some legacy futility commands only support the
original vb1 format, but others ("show" or "sign", for example)
may need to be instructed which formats to expect or emit.
This change adds some global args to specify the preferred
formats. It also cleans up a few [unused AFAICT] one-letter args
to avoid conflicts.
BUG=chromium:231574
BRANCH=none
TEST=make runtests
Nothing makes use of this yet, except the "help" command.
Change-Id: Ib79fa12af72b8860b9494e5d9e90b9572c006107
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/246765
Reviewed-by: Randall Spangler <rspangler@chromium.org>
dump_kernel_config utility used mmap() to map a file or block device to
memory and searched from there. This CL removes mmap(), and reads from
the input sequentially. We need this so that working with MTD devices is
possible. We just need to implement another read function.
BUG=chromium:457862
BRANCH=none
TEST=make runtests
TEST=FEATURES=test emerge vboot_reference
Change-Id: I83e98f3bb079879f411d7f2f584b1792131b9b38
Reviewed-on: https://chromium-review.googlesource.com/249270
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Nam Nguyen <namnguyen@chromium.org>
Commit-Queue: Nam Nguyen <namnguyen@chromium.org>
Trybot-Ready: Nam Nguyen <namnguyen@chromium.org>
1. Increase kernel preamble revision from 2.1 to 2.2.
2. Add flags field to kernel preamble.
3. Update futility to accept flags parameter for vbutil_kernel and
cmd_sign for kernel.
4. Pass in an extra flags field to SignKernelBlob and
CreateKernelPreamble.
BUG=chrome-os-partner:35861
BRANCH=None
TEST=1) "make runalltests" completes successfully. 2) vboot_reference
compiles successfully for ryu. 3) Verified flags field in header using
futility show.
Change-Id: If9f06f98778a7339194c77090cbef4807d5e34e2
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/245950
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Furquan Shaikh <furquan@chromium.org>
The following works from a Mac with these changes:
make Q= ARCH=arm HAVE_MACOS=1 `pwd`/build/futility/futility
Only vbutil_keyblock and vbutil_kernel have been exercised.
BUG=none
TEST='make Q= ARCH=arm HAVE_MACOS=1 `pwd`/build/futility/futility'
BRANCH=none
Signed-off-by: David Riley <davidriley@chromium.org>
Change-Id: Ie69cfee0c650d4ff96be6322083a2fea1543ee39
Reviewed-on: https://chromium-review.googlesource.com/246773
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Commit-Queue: David Riley <davidriley@chromium.org>
A truncated BIOS with an otherwise valid FMAP that now points way
off the end of the file shouldn't cause coredumps.
BUG=none
BRANCH=ToT
TEST=make runtests
Change-Id: Idf96e1e6a381bf0fe0b1cb2d16e3dad39ce7a0dc
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/245500
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This moves the what-kind-of-file-is-this logic into a separate
file, and makes it work by calling distinct recognizers until one
hits. A new "-t" option to the show command prints what it's
doing.
BUG=chromium:228932
BRANCH=ToT
TEST=make runtests
Change-Id: Id8f60bdf3fe6a9adf41b4555b3448a261fa52fea
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/245122
Reviewed-by: Randall Spangler <rspangler@chromium.org>
The vb2_verify_fw command is used only in a host-side test. It
doesn't need to be built into futility. This makes it a separate
executable used just for that test.
BUG=chromium:231547
BRANCH=none
TEST=make VBOOT2=1 runtests
Note that tests/vb2_firmware_tests.sh still passes, now using an
external vb2_verify_fw executable instead of a futility command.
Change-Id: Iee58df065e7a762369c5e691f6c2093de9122ed2
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/243630
Trying to repack an invalid kernel blob should notice and
complain that the blob is invalid instead of just segfaulting.
BUG=chromium:452353
BRANCH=ToT
TEST=manual
See the bug report for an example test case. Many more tests are
being added as futility development continues.
Change-Id: I2bbfb8ab41a0f596b25a76f76f74d7b47b7e4a17
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/243583
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
We were assuming 8-byte alignment for buffers. That's not true on
32-bit architectures. We should make the alignment requirements
explicit (and correct) for all architectures.
BUG=chromium:452179
BRANCH=ToT
CQ-DEPEND=CL:243380
TEST=manual
USE=vboot2 FEATURES=test emerge-x86-alex vboot_reference
Change-Id: I120f23e9c5312d7c21ff9ebb6eea2bac1e430e37
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/243362
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Adding functionality to allow for rebuilding of vmlinuz after it
has been processed into vblock and header stripped. Basically appends
the 16-bit header of a vmlinuz image onto the end of the vblock.
BUG=chromium:438302
BRANCH=none
TEST=Successfully ran "make runalltests".
Also, ran:
1. Repack kernel block (so that 16-bit header is included):
"vbutil_kernel --pack kern_0 ..."
2. Verify kernel: "vbutil_kernel --verify kern_0 ... ". This should
be done before booting into kernel, but not necessary for it to work.
3. Rebuild vmlinuz image:
"vbutil_kernel --get-vmlinuz kern_0 --vmlinuz-out vm.out"
4. Set up kexec with vmlinuz (this should complete with no errors):
"kexec -l vm.out (other kernel cmd line args)"
5. Boot into kernel:
"kexec -e"
Change-Id: Iaa1582a1aedf70b43cdb3a56cde1fb248f1793d4
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/232750
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
The verify_kernel command is used only in a host-side test. It
doesn't need to be built into futility. This makes it a separate
executable used just for that test.
BUG=chromium:231547
BRANCH=none
TEST=make runtests
Note that the load_kernel_tests.sh still passes, using the
external verify_kernel executable.
Change-Id: I309d2561d65af7eb4f3708e9bc024852238deeec
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/235480
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Now that the underlying bug is fixed (commit 64ef69c), this
replaces the old vbutil_kernel command implementation with the
new one that we rolled back in commit f1dba02.
BUG=chromium:418647
BRANCH=none
TEST=make runtests
I've also built an image with this change, installed it on a
Chromebook, ran make_dev_ssd.sh, make_dev_firmware.sh, recovered,
etc. Everything still works.
Change-Id: I8996e674a24b5d994658a6be2973ef3623cd659b
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/235429
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This patch reinstates the external GPT support which was previously
committed and reverted. Improvements since last time include:
- Cleaned-up internal interface based on code review
- Function correctly on legacy bootloaders (e.g., depthcharge before
NAND-related patches are added)
- Better comments
- Treat new field values = 0 -> not use new feature
- Tests are added to ensure external GPT flag is passed down properly
The original commit had change-id
I5a77e417aea8ee9442d18c200d1b073aa5375ecf
Its commit message is reproduced below, and then an additional test.
----
To support an external GPT, disks have two new attributes:
- A binary flag indicating whether the GPT is in the same address
space as the payloads or a separate one.
- The number of sectors of the streaming portion of storage, as
opposed to the portion containing the GPT.
These have been added elsewhere to GptData (in cgptlib) and BlockDev
(in depthcharge). This patch adds the plumbing between those, including
in the DiskInfo interface between the firmware and vboot.
BUG=chromium:425677
BRANCH=none
TEST=Interactively wrote the GPT with cgpt and observed the following
boot with depthcharge to read the GPT from SPI and then read from
the proper locations in NAND flash.
TEST=make runalltests passes.
TEST=boots from USB with depthcharge from HEAD.
Change-Id: Ia7956517a7b9da0301f01fac5a10204f6d78cf4f
Signed-off-by: Dan Ehrenberg <dehrenberg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/234640
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
When re-signing a kernel partition and writing the result into a
new file, make sure we only emit the vblock and kernel blob
instead of creating a new file that's the size of the entire
partition.
Also add a test for that.
BUG=chromium:418647
BRANCH=none
TEST=make runtests
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: I2c42aec6816e7e7abbeed360089c9b51fdcfe786
Reviewed-on: https://chromium-review.googlesource.com/233039
Reviewed-by: Randall Spangler <rspangler@chromium.org>
When modifying a kernel partition in-place, make sure we only
sign enough bytes to cover the kernel blob, not the entire
partition.
Also added a test for that case.
BUG=chromium:418647
BRANCH=none
TEST=make runtests
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: Id89ff3845fe5178ee13f431d99868821fcad3248
Reviewed-on: https://chromium-review.googlesource.com/233038
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This reverts commit 5040a945df.
This patch breaks booting any image (both fixed and
removable) on Veyron_Pinky (and presumably every other
non-NAND board?). By the power vested in me through the
office of ChromeOS tree sheriff (well, five hours early
but whatever) it is hereby reverted!
BUG=chromium:425677
BRANCH=none
TEST=Can successfully boot on Veyron_Pinky again.
Change-Id: I9323a3d5e34491337fc7eb09dd00d845ac42997d
Reviewed-on: https://chromium-review.googlesource.com/229963
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
Tested-by: Julius Werner <jwerner@chromium.org>
To support an external GPT, disks have two new attributes:
- A binary flag indicating whether the GPT is in the same address
space as the payloads or a separate one.
- The number of sectors of the streaming portion of storage, as
opposed to the portion containing the GPT.
These have been added elsewhere to GptData (in cgptlib) and BlockDev
(in depthcharge). This patch adds the plumbing between those, including
in the DiskInfo interface between the firmware and vboot.
BUG=chromium:425677
BRANCH=none
TEST=Interactively wrote the GPT with cgpt and observed the following
boot with depthcharge to read the GPT from SPI and then read from
the proper locations in NAND flash.
make runalltests passes.
Signed-off-by: Dan Ehrenberg <dehrenberg@chromium.org>
Change-Id: I5a77e417aea8ee9442d18c200d1b073aa5375ecf
Reviewed-on: https://chromium-review.googlesource.com/228943
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
GBB header v1.2 adds a digest of the HWID string to the blob (and
maintains it when updated with the current futility/gbb_utility).
This CL causes VbSelectFirmware() to extend PCR1 with that HWID
digest (only for GBB header v1.2 and later, of course).
Tests are updated.
This also adds a "pcr" command to futility to help determine that
the change is working on the hardware (adds 4K bytes or fewer to
the size of the executable).
BUG=chromium:415714
BRANCH=ToT (and maybe others?)
TEST=make runtests, manual install on HW
To test on hardware, build and update a system with this change
(both the disk image and the RO firmware).
NOTE: The BIOS image must be built in a chroot that is using the
current version of futility. You may need to update your chroot
if your BIOS image still produces v1.1 GBB headers. Check with:
futility show <firmware_image.bin> | grep -B1 'digest:'
Boot the new system with a new test image, then follow these steps:
Read the BIOS:
# flashrom -r /tmp/bios.bin
Make sure the GBB has a valid digest for the HWID.
# futility show /tmp/bios.bin | grep -B1 'digest:'
HWID: SAMUS TEST 8028
digest: 4172d24f40bf72cc0ab8... <valid>
#
Extract only the sha1sum-sized part of the HWID digest:
# futility show /tmp/bios.bin | awk '/digest:/ {print $2}' | colrm 41
4172d24f40bf72cc0ab878b4c589b8fe9cf4405e
#
Simulate extending that value in a PCR using the futility "pcr"
command:
# futility pcr 4172d24f40bf72cc0ab878b4c589b8fe9cf4405e
PCR: 0000000000000000000000000000000000000000
+ 4172d24f40bf72cc0ab878b4c589b8fe9cf4405e
PCR: b6e5ffd2d898a7b15236ad22ca25f53ac1f40776
#
Finally, look at the value of PCR1. It should match the last line
of the futility pcr output:
# head /sys/class/misc/tpm0/device/pcrs | grep PCR-01
PCR-01: B6 E5 FF D2 D8 98 A7 B1 52 36 AD 22 CA 25 F5 3A C1 F4 07 76
#
Change-Id: I09cf855f1a24616cc1a9ddb676670edbc76827d2
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/226408
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
