The vboot_api.h doesn't require the BIOS display the ASCII HWID in
a graphical form (ARM U-Boot doesn't know how), so we have to do it
ourselves. This change makes that possible.
Summary of changes:
* bmpblk_font.h defines a structure to map ASCII chars to BMPs
* bmpblk_font utility generates that font structure
* bmpblock format is bumped to version 1.2
- YAML file specifies font to use for $HWID
- make_default_yaml updated to emit the new format
- README updated to describe the difference
BUG=chromium-os:18631
TEST=manual
I've tested this on ARM, like so:
Inside the chroot, build a U-Boot that uses it:
emerge-tegra2_kaen vboot_reference vboot_reference-firmware
emerge-tegra2_kaen tegra-bct tegra2-public-firmware-fdts \
chromeos-u-boot chromeos-bootimage
Outside chroot, but in src/platform/vboot_reference:
make
<copy ./build/utility/bmpblk_font and ./build/utility/bmpblk_utility to
somewhere in your $PATH>
make clean
cd scripts/newbitmaps/fonts
bmpblk_font --outfile ../images/hwid_fonts.bin outdir/*
cd scripts/newbitmaps/images
make arm
cd out_arm
<edit DEFAULT.yaml>
bmpblk_utility -z 2 -c DEFAULT.yaml arm_bmpblock.bin
<use gbb_utility to replace the bitmaps in the U-Boot image, boot it>
The HWID string is displayed.
Change-Id: I782004a0f30c57fa1f3bb246e8c59a02c5e9f561
Reviewed-on: http://gerrit.chromium.org/gerrit/6544
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Also fixes returned value from Memset(). And SafeMemcmp() should
return 0 (equal) if comparing 0 bytes, to match the behavior of memcmp().
BUG=chromium-os:17564
TEST=make && make runtests
Change-Id: Id43e70eecf04815216e1fd952271af35e0a66396
Reviewed-on: http://gerrit.chromium.org/gerrit/6539
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
The current bmpblock_utility doesn't preserve the order of images as
specified in the config yaml file. This doesn't affect the
functioning of the firmware, but does break this overly-restrictive
test.
Filed crosbug.com/19541 to fix this after Bill's current refactoring.
BUG=chromium-os:19541
TEST=make && make runtests
Change-Id: I03fe817bd191fec5f65aad37561a3224b6a2b1e6
Reviewed-on: http://gerrit.chromium.org/gerrit/6512
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
bmpblk_utility correctly supports this field, which can be used by the
factory process to map the localization to the correct locale. We forgot to
put the entries in the DEFAULT.yaml file. This change corrects that for
future releases.
BUG=none
TEST=none
Change-Id: Iea65d7439e6ef8cc8730ec1b862abba87041d93f
Reviewed-on: http://gerrit.chromium.org/gerrit/6424
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
This refactoring will enable us to test and mock them separately from the
rest of the vboot_api functions.
BUG=chromium-os:17564
TEST=manual
Built for ARM, ran "vbexport_test display" at U-Boot prompt. Still works.
Change-Id: I2ddb01d3e981603f371aaa7317184457bdff48ac
Reviewed-on: http://gerrit.chromium.org/gerrit/6422
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
The vboot library needs to decompress the images so that it can handle those
that are special cases (like rendering the HWID). This means that 1) it
needs access to the BIOS' native decompression routine, and 2) that
VbExDisplayImage() only needs to handle the uncompressed native-format image
and doesn't need to know about how the image is packed in the GBB.
BUG=chromium-os:19134
TEST=manual
This requires a change to vboot_api.h, which requires a (simultaneous)
matching change to the BIOS, at least for U-Boot, which builds separately.
I've made that change and run the "vbexport_test display" command from the
modified U-Boot, but that also requires a change to the way U-Boot is built
so that I can get at the U-Boot commandline.
Change-Id: I449fb467cd3a68e742f27ec41b95d52685459d89
Reviewed-on: http://gerrit.chromium.org/gerrit/6129
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
The firmware image packing is now done by cros_bundle_firmware of
cros-devutils package, and we may retire pack_firmware_image.
BUG=none
TEST=emerge vboot_reference && [ ! -x /usr/bin/pack_firmware_image ]
Change-Id: I177508bf8aada822535fe61258cd1a0df52bfac6
Reviewed-on: http://gerrit.chromium.org/gerrit/5979
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
We should detect keyblock from existing firmware and decide if a developer
firmware keyblock should be used.
BUG=chromium-os:18946
TEST=./make_dev_firmware.sh -f zgb.bin -t zgb_dev.bin
# seeing Using keyblocks (developer, normal)...
./make_dev_firmware.sh -f mario.bin -t mario_dev.bin
# seeing Using keyblocks (normal, normal)...
./make_dev_firmware.sh -f arm.bin -t arm_dev.bin
# seeing Using keyblocks (normal, normal)...
Change-Id: I74fa0db980e26a6a19a4393303e8c5b3260c84c7
Reviewed-on: http://gerrit.chromium.org/gerrit/5623
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Since both UEFI BIOS and U-Boot display BMP images (although with different
compression schemes), we might as well just use that format for the master
images.
We may still need to crop, scale, or compress these master images to the
platform-specific formats, of course. This change also adds an example
Makefile to produce the scaled images for x86 platforms.
BUG=chromium-os:18631
TEST=none
Change-Id: Idd18d66ea46502065c6f3707f625908a892a0cbd
Reviewed-on: http://gerrit.chromium.org/gerrit/5619
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
This change moves the old bitmaps (Mario, Alex, ZGB) and their supporting
scripts into a subdirectory, and creates a new set of images at 1366x768, in
PNG format.
This is preparation for providing a complete set of localized BIOS screens
to use as the master for all new platforms.
The plan is that these master images will be scaled, cropped, and converted
into the correct formats for each target platform, and those binary
bmpblocks saved in their own package. Only if a translation changes should
we need to regenerate the bmpblocks.
These new images do NOT (yet) include locales that cannot be rendered
correctly by ImageMagick, and not all of them have been fully vetted by the
localization team.
BUG=chromium-os:13037
TEST=none
Change-Id: Ic25832aad3c6cc36879db204c2579395014af311
Reviewed-on: http://gerrit.chromium.org/gerrit/5508
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Tom Wai-Hong Tam <waihong@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Parsing fmap information becomes easier after dump_fmap adds "-p" mode, and
prevents the dependency because dump_fmap is in same repo with signing scripts.
BUG=none, pure refine to reduce dependency and less error messages
TEST=./resign_firmwarefd.sh mario_bios.bin output.bin \
devkeys/firmware_data_key.vbprivk devkeys/firmware.keyblock \
devkeys/firmware_data_key.vbprivk devkeys/firmware.keyblock \
devkeys/kernel_subkey.vbpubk
# Also verified with modern firmware like ZGB/Alex and ARM.
Change-Id: Ia40ecd9ab641250272952e20ab058e780eb7770b
Reviewed-on: http://gerrit.chromium.org/gerrit/5132
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
When preamble_flag is not assigned manually, resign_firwmarefd should not change
the preamble flag.
BUG=chromium-os:18207
TEST=# Prepare a bios.bin with preamble_flag=1 (ex, ARM firmware)
./resign_firmwarefd.sh bios.bin ..... # do not assign preamble
vbutil_firmware --verify # see preamble_flag=1
# Repeat with firmware having preamble_flag=0 (ex, x86 firmware like ZGB/Alex)
# preamble_flag is 0 after resign_firmwarefd.
Change-Id: I50f88bbf51a28defaf1c4e5383ab856168a128fc
Reviewed-on: http://gerrit.chromium.org/gerrit/5133
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
BUG=chrome-os-partner:4879
TEST=manual (just try it)
NOTE: You must use a BIOS that exports the correct ACPI tables.
Change-Id: I027680a203f3a566edf9ed82fb1fe1a9fa4c4f0f
Reviewed-on: http://gerrit.chromium.org/gerrit/4957
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
This is OFF by default, and must be turned on via the gbb_utility.
BUG=chrome-os-partner:2317
TEST=manual
Build a firmware image and flash it. Should have the same 30-sec
delay as it does now. Pressing TAB should show GBB flags = 0x0.
Modify the firmware image using gbb_utility to set GBB flags to 1 and
reboot. Dev delay should be 2 sec. Pressing TAB should show GBB
flags = 0x00000001.
Change-Id: If96ab9e7d0d142a9cd9a2c6af3849421d073de5e
Reviewed-on: http://gerrit.chromium.org/gerrit/4829
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
Still need to update gbb_utility and firmware to use the flags.
BUG=chrome-os-partner:2317
TEST=make && make runtests
Change-Id: I16c77a175c78efa3212a00bbf94d68384ef1829f
Reviewed-on: http://gerrit.chromium.org/gerrit/4817
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
When we're trying a new firmware B with a new kernel subkey, if it
can't find any kernels there may still be a kernel which the old
firmware A likes. So instead of going to recovery mode, just reboot
so we fall back to firmware A. If firmware A doesn't find any valid
kernels we'll still go to recovery mode.
BUG=chrome-os-partner:1657
TEST=manual:
Do a firmware+OS update which involves kernel subkey rotation. After
installing the new firmware but before rebooting into the new OS,
corrupt the new kernel so that it'll fail validation. Then reboot.
On previous firmware, this would go to recovery mode. Now it should
simply reboot and be back in firmware A / kernel A.
Change-Id: I12796f428fd6969ea5ef36f39c4f58cb0a2bff0d
Reviewed-on: http://gerrit.chromium.org/gerrit/4770
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
When compiling for coreboot the printf format helpers are not
available (they come from the Insyde tree).
The specifier is use in a very limited number of places, it is
probably better to typecast the variable being printed to avoid
compilation errors. This CL accomplishes just that.
BUG=none
TEST=manual:
run the following commands:
emerge-x86-alex -C sys-boot/chromeos-coreboot \
sys-boot/chromeos-u-boot\
chromeos-base/vboot_reference \
chromeos-base/vboot_reference-firmware
emerge-x86-alex chromeos-bootimage
observe the second one succeed.
Change-Id: If19e3a583eb759ba5a21863d1b9b28636c7f00b0
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/4690
This also fixes one place where TPM error codes were getting lost.
BUG=chromium-os:18132
TEST=make && make runtests
Change-Id: I83c74e1103805f166d1dc7448be7d67bd46d15b3
Reviewed-on: http://gerrit.chromium.org/gerrit/4659
Tested-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Try #2, now that ARM has the fix from http://gerrit.chromium.org/gerrit/4667
This cleans up the TPM calls inside vboot_reference.
* TPM calls share mode code between boot modes.
* Better handling for TPM_E_MUST_REBOOT, particularly in recovery mode.
* TAB screen shows current TPM versions.
No changes required to the wrapper API; these changes are internal to vboot.
BUG=chromium-os:18084
TEST=make && make runtests; built for both alex and tegra2-seaboard
Original-Change-Id: I2a52066f2889210af83409872b10f9d6380470af
(cherry picked from commit da55560cddcf7a1aa8a881cdf52792a21a01e766)
Change-Id: I120797145772116f09b8125b9e56fdbb11dc16b3
Reviewed-on: http://gerrit.chromium.org/gerrit/4671
Tested-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This cleans up the TPM calls inside vboot_reference.
* TPM calls share mode code between boot modes.
* Better handling for TPM_E_MUST_REBOOT, particularly in recovery mode.
* TAB screen shows current TPM versions.
No changes required to the wrapper API; these changes are internal to vboot.
BUG=chromium-os:18084
TEST=make && make runtests; built for both alex and tegra2-seaboard
Change-Id: I2a52066f2889210af83409872b10f9d6380470af
Reviewed-on: http://gerrit.chromium.org/gerrit/4611
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
The two-stop firmware relies on the "flag" field which may be useful for the
resign_firmwarefd.sh.
BUG=chrome-os-partner:5095
TEST=./resign_firmwarefd [params] 1
vbutil_firmware --verify ..... # seeing flag = 1
Change-Id: I56b44ee5b610e36384e15e6eb31286f0f838734b
Reviewed-on: http://gerrit.chromium.org/gerrit/4561
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Add recovery reason for already in recovery and need to reboot to
recovery to let the TPM init.
Add vboot_struct fields.
Fix type for keyblock flags param to SetTPMBootModeState().
BUG=none
TEST=make && make runtests
Change-Id: I4035bdb377aaebaca03a43799be57977166da739
Reviewed-on: http://gerrit.chromium.org/gerrit/4599
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
U-Boot should not parse the raw contents of VbNvStorage, and so cannot
read the recovery reason from the VbNvStorage. On the other hand, it is
easy for crossystem to read the recovery reason from the VbNvStorage
itself.
After this change is merged, U-Boot will stop providing the (incorrect)
recovery reason in the device tree.
BUG=chromium-os:17876,chromium-os:17852
TEST=press recovery button and see crossystem reports recovery_reason=2
Change-Id: I236667f0b4f2e25da193cf6b6f7db3871d1e093f
Reviewed-on: http://gerrit.chromium.org/gerrit/4396
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Now indicates it covers SD as well (it did already, but now it's clearer).
BUG=chromium-os:17907
TEST=run `crossystem`; look at new descriptions
Change-Id: I4e4d8502b0dc5a29eb403039535b7512941ab4fa
Reviewed-on: http://gerrit.chromium.org/gerrit/4408
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
The problem is that the recovery request was only being cleared when
the firmware found a good image, not after a failed attempt was
ignored.
BUG=chromium-os:17846
TEST=see bug for manual test procedure
Change-Id: I4c6b026bef477839def9bf2b0fed626a9922650f
Reviewed-on: http://gerrit.chromium.org/gerrit/4352
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Tested-by: Randall Spangler <rspangler@chromium.org>
BUG=chrome-os-partner:5031
TEST=manual
1. crossystem dev_boot_usb=0
2. Boot with dev switch on and bootable USB device inserted
3. Press Tab. Should show dev_boot_usb: 0
4. Press Ctrl+U. Should beep twice
5. crossystem dev_boot_usb=1
6. Boot with dev switch on and nothing in USB/SD
7. Press Tab. Should show dev_boot_usb: 1
8. Press Ctrl+U. Should beep once
Change-Id: Ie9b73f86d68337b48c1b859c7c6d76fcb72d13c2
Reviewed-on: http://gerrit.chromium.org/gerrit/4312
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
