The rootfs offset was not converted to bytes. This changes fixes that.
BUG=none
TEST=ran it on an image and it found the ext2 magic
Change-Id: I814c3b89bf5246e3ceab851f80c4a4d4d7e63919
Review URL: http://codereview.chromium.org/4071002
Copies the helpers from crosutils.git/common.sh but uses
printf with octals for portability. This should update all
locations where we mount root rw and disable_rw_mounts just before
a final sign.
TEST= in progres; plz help :)
BUG=chromium-os:7972
Change-Id: Ibdd23cb30335942c36d537663aabea605a2f8704
Review URL: http://codereview.chromium.org/3987001
Change-Id: I3f18081bda888a0fa6f56a67d0cef17268014706
BUG=chromium-os:6714
TEST=manual by enabling ROLLBACK_TPM in firmware/Makefile (did not test by compiling under MSVC)
Review URL: http://codereview.chromium.org/3973001
SAFT testing requires changing kernel version to one level
below the current value (set to 1). This change allows
version number set to zero for test purposes.
Change-Id: Ia6f11578d9a6bc8c5544c56413c5589011d6334a
BUG=chromium-os:1976
TEST=manual
Ran `vbutil_kernel --repack --version 0 <other params>'
it used to fail, now it succeeds. This is also verified by
using in http://codereview.chromium.org/3781016 to support
TPM testing.
Review URL: http://codereview.chromium.org/3968006
Provide more clear instruction on how to use the backup files,
and to try more effort to store backup files
BUG=none
TEST=emerge-x86-generic vboot-reference; executed make_dev_firmware and got correct message
Change-Id: I2062f45dd3019d0e56adc18bdd1861991aafe5ed
Review URL: http://codereview.chromium.org/3785014
This matches the calls in firmware version 0037.
BUG=none
TEST=manual
Review URL: http://codereview.chromium.org/3859002
Change-Id: I3b45051dec3f4f45414802b39122c8d52c4d62f1
Found a trailing space in souce comments, remove it for coding style (and to
force ebuild version bump)
BUG=none
TEST=none
Change-Id: Ie7cb295085b73fe9e274a89e5b4ee5eda9aae66f
Review URL: http://codereview.chromium.org/3799006
The make_dev_ssd.sh is made for devinstall shim to
change SSD kernels to be signed by dev keys.
- Kernel A, B will be resigned with dev keys (ignore if A/B seems not bootable)
- Adding param --remove_rootfs_verification can even disable rootfs hash check
This CL also includes some shared refine/fix to make_dev_firmware.sh
BUG=chrome-os-partner:1276
TEST=sudo ./make_dev_ssd.sh; (seeing Kernel A is resigned and B is ignored)
then reboot without developer mode (OK),
rootdev shows /dev/dm-0, rootdev -s shows /dev/sda3
sudo ./make_dev_ssd.sh --remove_rootfs_verification;
then reboot without developer mode (OK), rootdev shows /dev/sda3
Change-Id: Ic20f734b2af42e50a43c19a565a166a39d57a7fd
Review URL: http://codereview.chromium.org/3772013
To extend the usage of tag_image, added --forget_usernames and --leave_core.
Output is also refined to clarify the category of each tag parameters.
BUG=none
TEST=./tag_image.sh --from $PATH_TO_IMAGE; leave_core seems working fine.
Change-Id: I7c6517bc98af260411518c743093ade3124b76b9
Review URL: http://codereview.chromium.org/3796003
The make_dev_firmware.sh is made for devinstall shim to
change firmware rootkey/HWID/BMPFV smoothly.
- HWID will be changed to "$ORIGINAL_FWID DEV" (no change if already postfixed
with DEV)
- rootkey/recoverykey will be changed by keyset from --keys
- FVMAIN/FVMAINB will be resigned by keyset from --keys
- BMPFV will be changed to anything assigned by --bmpfv
If --from and --to are omitted, the system firmware will be changed.
A new ebuild is be created to put all resources (bmpfv and keyset) into devinstall shim (ref: http://codereview.chromium.org/3776003)
BUG=chrome-os-partner:1276
TEST=sudo ./make_dev_firmware.sh --from input_bios.bin --to output_bios.in \
--keys ../../tests/devkeys --bmpfv some_bmpfv.bin
HWID is changed from "XXX MARIO EVT DDDD" to "XXX MARIO EVT DDDD DEV".
System can then boot a USB signed with devkey without developer mode.
Change-Id: Id80126495dcbf4d993a4372af645580cd4b60ca6
Review URL: http://codereview.chromium.org/3822002
If you try to read a file that's all zeros, it tries to read a zero-length
kernel blob, fails to do so (or suceeds with an empty result, depending on
your point of view), and prints
ERROR: Unable to read kernel blob from <file>: Success
That's not very helpful.
This change makes it say
ERROR: No kernel blob found
instead.
Change-Id: I841ec6e288f47cd9b1f8e9ca1e6da0741ad20e9f
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/3764004
Change-Id: I7a77a7cd9d51238da314b09b3ac18b9dabeaa610
BUG=6061
TEST=successfully built and ran the autotest
Review URL: http://codereview.chromium.org/3593012
1. Check for potential integer overflow in sector_bytes * sector_count.
2. Added O_NOFOLLOW to open() call - Is this enough?
3. Passing buffer length to GuidToStr(), PMBRToStr().
4. Use unsigned int in GetEntry() to determine stride.
5. Address conversion between UTF16 and UTF8.
Note: The UTF conversion is complex and troublesome, and needs careful
consideration to get right. For now, I've just forced the interpretation of
the partition name to 7-bit ASCII. That's sufficient for the needs of Chrome
OS, and I can file a new issue to handle UTF correctly.
BUG=chrome-os-partner:705
TEST=manual
Running "make runtests" invokes the tests/run_cgpt_tests.sh script, which checks the behavior and output of the cgpt tool.
Review URL: http://codereview.chromium.org/3594010
Change-Id: I5fd29796d8c929527e0cfbc6d5ccbcdc77502c6b
RFro TPM rollback testing we need to be able to change kernel
version number. This Cl adds this ability to the
vbutil_kernel utility.
Change-Id: I156df9b0d3467043c20a43e1c75e6d0222704f3a
BUG=chromium-os:1976
TEST=manual
1. On a target running off /dev/sda3 (as reported by
'rootdev -s') execute `/usr/bin/dev_debug_vboot' and take
note of the kernel version number in the output section
starting with 'TEST: verify HD kernel A with firmware A key',
under 'Preamble' it should read
'Kernel version: 1'
2. copy the kernel into a file:
dd if=/dev/sda2 of=/tmp/kernel
3.on the desktop (this step requires ssh setup to use the
correct keys to reach the target):
scp tests/devkeys/kernel_data_key.vbprivk <target>:/tmp
3. Modify kernel version
vbutil_kernel --repack /tmp/repacked.k --version 2 --signprivate /tmp/kernel_data_key.vbprivk --oldblob /tmp/kernel
4. Install the updated kernel
dd if=/tmp/repacked.k of=/dev/sda2
5. restart the system
6. Observe that it came up using /dev/sda3 as the root
file system
7. run /usr/bin/dev_debug_vboot and observe that the kernel
version is no set to 2
Review URL: http://codereview.chromium.org/3520019
Fix assert() macro to only be defined #ifdef VBOOT_DEBUG
Change-Id: I4a65c408544cd4319628c4ad20ed46eafebe69c9
BUG=chrome-os-partner:1207
TEST=manual
Review URL: http://codereview.chromium.org/3446025
Also add an option to prevent sign_official_build from attempting to re-sign the firmware.
This is needed because we want both the SSD and RECOVERY images to have the same rootfs for delta updates to work correctly.
BUG=chromium-os:7242
TEST=manually verified that rootfs gets replaced correctly (by verifying the rootfs hash).
Change-Id: I2ca4f2bef938ca14301fed6a0b16c1a7dc2ba6d9
Review URL: http://codereview.chromium.org/3529007
Change-Id: I2e798ac8898852aa44a8979e67dfa4de385a6e34
BUG=none
TEST=ran the autotest on a CRB with special firmware
Review URL: http://codereview.chromium.org/3389029
There are several procedures in Chrome OS post-processing before being released:
stamping, tagging, mod image for URLs, ... and signing.
We need an integrated script to handle all the stamping / tagging.
This CL can handle empty tag files like /root/.force_update_firmware
or /root/.dev_mode.
This CL deprecates http://codereview.chromium.org/3421040 and moved script
from crosutils to vboot_reference. In the future we may isolate the non-signing
post-processing scripts (set_lsb, tag_image, remove_label, ...) into crosutils.
BUG=none
TEST=manually:
(1) Build a general dev image without firmware updates (default behavior of build_image for x86-generic ToT)
(2) Enter chroot and then execute:
cd ~/trunk/src/platform/vboot_reference/scripts;
./tag_image.sh \
--from ~/trunk/src/build/images/x86-generic/latest/chromiumos_image.bin
Expected: output message:
Update Firmware: disabled
Developer Mode: Enabled
(3) ./tag_image.sh --update_firmware=1 --dev_mode=0 \
--from ~/trunk/src//build/images/x86-generic/latest/chromiumos_image.bin
Expected: output message:
Update Firmware: disabled => Enabled
Developer Mode: Enabled => disabled
Manually verify:
pushd ../../build/images/x86-generic/latest
unpack_partitions.sh chromiumos_image.bin
sudo mount -o loop,ro part_3 rootfs
ls -l rootfs/root/.force_update_firmware # this file should exist
ls -l rootfs/root/.dev_mode # this file should NOT exist (i.e., error)
sudo umount rootfs
(4) ./tag_image.sh --update_firmware=0 --dev_mod=1 \
--from ~/trunk/src/build/images/x86-generic/latest/chromiumos_image.bin
Expected: output message:
Update Firmware: Enabled => disabled
Developer Mode: disabled => Enabled
Manually verify:
pushd ../../build/images/x86-generic/latest
unpack_partitions.sh chromiumos_image.bin
sudo mount -o loop,ro part_3 rootfs
ls -l rootfs/root/.force_update_firmware # this file should NOT exist (i.e., error)
ls -l rootfs/root/.dev_mode # this file should exist
sudo umount rootfs
Change-Id: I96af3c7201372bb904426d10cff142467a1fa2e7
Review URL: http://codereview.chromium.org/3604001
While trying to debug/test some vbutil_kernel changes
(coming in a different CL) it was noticed that this utility
is not covered by tests, and the script which runs it to set
up further testing (tests/gen_fuzz_test_cases.sh) fails
because of the key format mismatch.
Some investigation has shown that this was left behind when
vboot_reference key storage format was changed.
To make gen_fuzz_test_cases.sh work again a new set of test
keys is required, the keys are generated by
tests/gen_test_keys.sh. This utility had to be changed to
generate the proper set of wrapped public and private keys.
Actually code in tests/gen_test_keys.shgenerate_keys() is
copied in pasted in many scripts in this tree, this has to
be refactored, but under a different CL.
Once the changes were made, two scripts were run:
./tests/gen_test_keys.sh
./gen_test_cases.sh
resulting in the new and updated keys generated.
firmware/stub/tpm_lite_stub.c was edited to fix compilation
warning issued when compiling with debugging enabled.
Change-Id: I26a45cbad00d21a29195f2a89b4df7d3559133fe
BUG=chromium-os:7178
TEST=described below
The following commands succeed:
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
make
make runtests
./tests/gen_fuzz_test_cases.sh
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
note that ./tests/gen_fuzz_test_cases.sh was failing
before this change.
The upcoming CL modifying vbutil_kernel will make sure
gen_fuzz_test_cases.sh is executed when tests are run and
will enhance it to cover vbutil_kernel testing.
Review URL: http://codereview.chromium.org/3423022
If we just want to read the current lsb-release, we shouldn't need to break rootfs verification.
Change-Id: I5ba6ddbd9f5801783a568b6806392184b683f628
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/3563001
BUG=chromium-os:7071
TEST=none (will be tested when BIOS is updated)
Change-Id: I7e765175b23dc08adb260a41abf81ba4b999eb34
Review URL: http://codereview.chromium.org/3443030
Also change tpmc to return the TPM error code, or 255.
Change-Id: Ie5fc107ff50efd4480c2a47b91f3b8a93b4f95e3
BUG=none
TEST=ran it on a TPM
Review URL: http://codereview.chromium.org/3479003
Change-Id: Idb081dccdcba17005cd3edc059e58b78316c3dbe
BUG=none
TEST=ran the ebuild (separate CL) and verified that the targets are created
Review URL: http://codereview.chromium.org/3480004
BUG=chrome-os-partner:1097
TEST=manual + independently verified by drewry@
1) Extract rootfs from the original image.
2) run tune2fs -l <original rootfs> on it. Observe filesystem features has no "needs_recovery"
3) run sign_official_build.sh
4) Extract new rootfs
6) run tune2fs -l <new rootfs>. "needs_recovery" should still not be there (it was before this fix)
Change-Id: I3a03245886844d3dbfe1f8b2b73ce624ec67808f
Review URL: http://codereview.chromium.org/3436010
Change-Id: I4c9b7a937103f3978cbed6629ee4057018b80eae
More cleanup. Also allow some tests to run even when TPM is already started.
Change-Id: I23558b96a1de55bbeca42dbf2e44f6802a0ec85b
Reorganize and standardize behavior of tests.
Change-Id: Id32fd09211a72deaa66a3dd0f973d35506ff96f2
BUG=433
TEST=ran all the tests I could run without TPM-free BIOS
Review URL: http://codereview.chromium.org/3389004
The fmap_decode tool from flashmap project is deprecated.
mosys provides more functionality and fit better into the
host environment.
BUG=chromium-os:6264
TEST=manually
Change-Id: I513d36c8a8f657fdb4cb10d08a867876c32d36b6
Review URL: http://codereview.chromium.org/3388002
Previously this was hidden behind an environment variable. With this change, the signing script will always try to sign the firmware update if found. If not, it will still perform the remaining steps (rootfs calculation, kernel partition signature etc.).
Also fixed a few minor bugs with the firmware update code.
BUG=chrome-os-partner:925, chrome-os:3496
TEST=created a ToT semi-official build, and ran the signing script on the image. Verified that the firmware got correctly updated (by running chromeos-firmwareupdate on the device). Also tested on images without the packaged firmware update.
Change-Id: I0921ce36a880e18167a8e3a2b63d8f246693d488
Review URL: http://codereview.chromium.org/3292016
Change-Id: Id353323d268835cbcc1fb13c8669cee420c8fb6a
BUG=chrome-os-partner:1046
TEST=manual
Make sure your chromeos install on the hard drive has 2 good kernel
partitions. Do:
sudo cgpt show /dev/sda
If partition 2 has success=1, do:
sudo dd if=/dev/sda2 of=/dev/sda4 bs=1M
sudo dd if=/dev/sda3 of=/dev/sda5 bs=1M
cgpt add -i 4 -S 1 -P 2
(if instead partition 4 has success=1, do:)
sudo dd if=/dev/sda4 of=/dev/sda2 bs=1M
sudo dd if=/dev/sda5 of=/dev/sda3 bs=1M
cgpt add -i 2 -S 1 -P 2
Reboot and do the following:
sudo cgpt show /dev/sda
If the partition you just marked active still has success=1
priority=2, the bug is fixed. If it has success=0 priority=0, the bug
is still there.
Review URL: http://codereview.chromium.org/3324014
This adds some tools to help us figure out why a particular kernel isn't
booting. Often we suspect it's because it was signed with the wrong keys, or
has flags restricting its use to certain boot modes. This change adds some
tools to extract and display all the keys from the BIOS, and try them on the
various kernels. We also display the sha1sum of all the keys we find, to
make comparing them easier.
Change-Id: I38e447bf95cb6c3a0b87aa949611bb135f2f94b4
BUG=chromeos-partner:888
TEST=manual
To test, obtain a root shell, and run dev_debug_vboot. You should see lots
of useful information go by.
Review URL: http://codereview.chromium.org/3303018
Change-Id: I4785a6326017c63d83a8eb153d6b90ee82e5f839
BUG=chromeos-partner:222
TEST=manual (build FW, make sure system boots and tpmc prints good values)
Review URL: http://codereview.chromium.org/3367020
Change-Id: I26d7d725cb429394e24be40a2f362b7ff160f4ee
BUG=none
TEST=make && make runtests (and build into test BIOS)
Review URL: http://codereview.chromium.org/3337017
Looks like dumpe2fs is not in the path otherwise. Also added a check to look for it as a pre-requisite.
BUG=none
TEST=none
Change-Id: I329c894597bc1638043a67359465e55b2ce6d0f7
Review URL: http://codereview.chromium.org/3355013
Update list of scripts and test binaries - slightly more involved since the test runner scripts and the test binaries themselves reside in different directories.
BUG=none
TEST=manual (Ran make, went into the tests/ directory and ran the tests)
Change-Id: I97bd36d806726f6005e35490173cfcd0300add95
Review URL: http://codereview.chromium.org/3326014
