| 80e779d50b52cd97c9d5896a3b75fa8118ee488f |
|
04-Feb-2015 |
Furquan Shaikh <furquan@google.com> |
kernel flags: Add flags field to kernel preamble.
1. Increase kernel preamble revision from 2.1 to 2.2.
2. Add flags field to kernel preamble.
3. Update futility to accept flags parameter for vbutil_kernel and
cmd_sign for kernel.
4. Pass in an extra flags field to SignKernelBlob and
CreateKernelPreamble.
BUG=chrome-os-partner:35861
BRANCH=None
TEST=1) "make runalltests" completes successfully. 2) vboot_reference
compiles successfully for ryu. 3) Verified flags field in header using
futility show.
Change-Id: If9f06f98778a7339194c77090cbef4807d5e34e2
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/245950
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Furquan Shaikh <furquan@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| f1f53b3732f235da15a50080db6e7bbd4666e390 |
|
08-Jan-2015 |
Shelley Chen <shchen@chromium.org> |
vboot: Add flag to vbutil_kernel for reconstruction of vmlinuz image
Adding functionality to allow for rebuilding of vmlinuz after it
has been processed into vblock and header stripped. Basically appends
the 16-bit header of a vmlinuz image onto the end of the vblock.
BUG=chromium:438302
BRANCH=none
TEST=Successfully ran "make runalltests".
Also, ran:
1. Repack kernel block (so that 16-bit header is included):
"vbutil_kernel --pack kern_0 ..."
2. Verify kernel: "vbutil_kernel --verify kern_0 ... ". This should
be done before booting into kernel, but not necessary for it to work.
3. Rebuild vmlinuz image:
"vbutil_kernel --get-vmlinuz kern_0 --vmlinuz-out vm.out"
4. Set up kexec with vmlinuz (this should complete with no errors):
"kexec -l vm.out (other kernel cmd line args)"
5. Boot into kernel:
"kexec -e"
Change-Id: Iaa1582a1aedf70b43cdb3a56cde1fb248f1793d4
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/232750
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| 731f8e8a1df73a00f4840120171b07a259a6304a |
|
16-Oct-2014 |
Duncan Laurie <dlaurie@chromium.org> |
vboot: Support SLOW_EC_UPDATE with OPROM_MATTERS
In order to display the slow EC update screen on x86 devices
in normal mode it is necessary to request a reboot where the
VGA Option ROM is loaded.
This needs a bit of plumbing to pass the OPROM_MATTERS and
OPROM_LOADED flags into shared data so they can be consumed
in the VbEcSoftwareSync() function. It also needs the VbInit()
function to not immediately request a reboot if the VGA Option
ROM was loaded in normal mode and the SLOW_EC flag is set as it
will still need to be used during software sync.
A FIXME in VbEcSoftwareSync() is implemented and the comment is
removed, and two extra checks are done. First, if rebooting to
RO then also check if the VGA Option ROM is needed to save an
extra reboot, and second when exiting the software sync function
request a reboot without the VGA Option ROM if it was done in
normal mode and the option rom was needed+loaded.
The request for a reboot from VbEcSoftwareSync() is saved when
doing EC update in case there is an (optional) PD software sync
that may also need to display the screen.
BUG=chrome-os-partner:12257,chrome-os-partner:32379
BRANCH=samus
TEST=all tests pass, manual testing:
1) in normal mode, with EC/PD in RW, ensure that they are rebooted
to RO and the VGA Option ROM is loaded and the wait screen is
displayed, and then the system is rebooted at the end and the
VGA Option ROM is not loaded.
2) same as #1 with EC/PD in RO already, same result
3) same as #1 with system in developer mode, same result except
there is no reboot at the end of software sync
4) same as #1 with system in developer mode and EC/PD in RO,
ensure that there is no extra reboot at the beginning or end of
software sync.
Change-Id: Id592181efd640f4cd37a986cd1dcc29f3ca45104
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/223718
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| d11086caf05c692815ae6f90aa83a4fc30d50ed7 |
|
25-Jun-2014 |
Daisuke Nojiri <dnojiri@chromium.org> |
vboot2: add a flag to indicate firmware was selected by vboot2
TEST=Done manually on Nyan:
localhost ~ # sudo /tmp/crossystem fw_vboot2
0
localhost ~ # sudo /tmp/crossystem fw_vboot2=1
localhost ~ # sudo /tmp/crossystem fw_vboot2
0
# reboot with vboot2 firmware
localhost ~ # /tmp/crossystem fw_vboot2
1
BUG=none
BRANCH=none
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: I6ed553c48bdfebf07393f6f5f46832a60971314a
Reviewed-on: https://chromium-review.googlesource.com/205664
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
Tested-by: Daisuke Nojiri <dnojiri@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| a53a0b040f45a1086515e7a5c8a8326c0b1d1f74 |
|
11-Jan-2014 |
Luigi Semenzato <semenzato@chromium.org> |
vboot: use recovery button as dev mode switch confirmation
We don't allow ENTER from a USB keyboard as the confirmation
in the switch from normal to developer mode.
For devices that have a physical recovery button, we require
a recovery button press instead. For other devices, we
require that ENTER be pressed on the internal keyboard.
This prevents an "evil keyboard" attack in which a USB keyboard
(or other USB device pretending to be a keyboard) sends a
control-D/ENTER sequence shortly after every boot (followed
by more evil keys). In that situation, when users power-on in
recovery mode, they will be forced to dev mode even if it
was not their intention. Further attacks are easy at
that point.
TESTING. On a panther device:
1. powered on with recovery button pressed -> booted in recovery mode
2. pressed control-D on external USB keyboard -> got to ToDev? screen
3. pressed ENTER -> system beeped
4. pressed recovery button -> system rebooted in DEV mode
... all as expected
Also:
1. powered on with recovery button pressed and HELD recovery button
2. pressed control-D -> system beeped
BUG=chrome-os-partner:21729
TEST=manual (see commit message)
BRANCH=none
CQ-DEPEND=CL:182420,CL:182946,CL:182357
Change-Id: Ib986d00d4567c2d447f8bbff0e5ccfec94596aa7
Reviewed-on: https://chromium-review.googlesource.com/182241
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Tested-by: Luigi Semenzato <semenzato@chromium.org>
Commit-Queue: Luigi Semenzato <semenzato@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| 0c3ba249abb1dc60f5ebabccf84ff13206440b83 |
|
29-Mar-2013 |
Bill Richardson <wfrichar@chromium.org> |
Massive refactoring of external header files.
This reduces the number of exported header files to the minimum needed by
the existing userspace utilities and firmware implementations.
BUG=chromium:221544
BRANCH=none
TEST=manual, trybots
CQ-DEPEND=CL:47019,CL:47022,CL:47023
sudo FEATURES=test emerge vboot_reference
FEATURES=test emerge-$BOARD \
vboot_reference \
chromeos-cryptohome \
chromeos-installer \
chromeos-u-boot \
peach-u-boot \
depthcharge
Change-Id: I2946cc2dbaf5459a6c5eca92ca57d546498e6d85
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/47021
Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| ac8805e7e9bd40c03baf44e37b26f28d9b763ab5 |
|
16-Mar-2013 |
Gabe Black <gabeblack@chromium.org> |
Get rid of some crufty macros.
These were macros that were never used, or that were only set to one thing and
could be substituted up front.
I left in code guarded by the HAVE_ENDIAN_H and HAVE_LITTLE_ENDIAN macros even
though those are never defined because they guard a reportedly significantly
faster implementation of some functionality, at least according to a comment
in the source. It would be a good idea to enable that code path and see if it
really does make a big difference before removing it entirely.
BUG=None
TEST=Built for Link, Daisy, and the host with FEATURES=test. Built depthcharge
for Link and booted in normal mode.
BRANCH=None
Change-Id: I934a4dd0da169ac018ba07350d56924ab88b1acc
Signed-off-by: Gabe Black <gabeblack@google.com>
Reviewed-on: https://gerrit.chromium.org/gerrit/45687
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Gabe Black <gabeblack@chromium.org>
Tested-by: Gabe Black <gabeblack@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| 8fd1aaf66e2b4796d3d0b117ac3aa7860c8de5fd |
|
25-Jan-2013 |
Randall Spangler <rspangler@chromium.org> |
Remove dead ECPreamble code
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: I99d8124a7d5a3a644f0d8d64ad36f51e78d851e5
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/42018
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| a2db67d204c0dd3d152ff54958bf42c5dbe394ff |
|
25-Jan-2013 |
Randall Spangler <rspangler@chromium.org> |
Reformat header files to kernel style
No code changes, just reformatting.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: Id5bac79545e9803d19b45da160c535f7e06465c6
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/42016
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| 9dc62178c97b94e5c308f1c36fd0858c316959e5 |
|
29-Aug-2012 |
Bill Richardson <wfrichar@chromium.org> |
Add VB_INIT_FLAG_SW_WP_ENABLED to VbInit() input flags.
We need to know not only whether the HW WP pin is asserted, but whether the
flash chip has configured its software protection registers to actually
protect anything. This flag can be used to indicate that.
BUG=chrome-os-partner:13265
BRANCH=link
TEST=none
This just adds the flag. Nothing actually sets the flag yet, so there's
nothing to test.
Change-Id: Icba9945fb56eb3a4681486c630cbbdc9232485ef
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/31642
Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| f217520215e7e3d2f5ca006992ab5002927c4f87 |
|
07-Aug-2012 |
Bill Richardson <wfrichar@chromium.org> |
vboot: add flag to indicate that the EC is slow to program
Some EC's are slow to program their firmware. This could happen at any boot
as part of software sync. This adds the VB_INIT_FLAG_EC_SLOW_UPDATE input
flag to VbInit(), so that vboot knows to display the EC-is-being-programmed
screen when that flag is set.
BUG=chrome-os-partner:12255
TEST=none
This isn't activated yet by anything, so there's nothing to test.
Change-Id: Id4d12e463fcdee017b7c52b53a2facefc33b745f
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/29370
Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| da8d32dc8d0fb5ebcfffa305f4a3ecb2dd7c79ac |
|
03-Aug-2012 |
Randall Spangler <rspangler@chromium.org> |
Crossystem should return at-boot switch positions from VbSharedData
This is more reliable than reading them through FDT/ACPI, since it reflects
the positions as shown to verified boot code.
Notes:
1. This affects ALL platforms with virtual dev switches (x86 AND arm)
2. The fix should have no effect on older platforms, but I haven't tested those.
BUG=chrome-os-partner:11805
TEST=manual
1. boot in normal mode.
devsw_boot = 0 # Developer switch position at boot
recovery_reason = 0 # Recovery mode reason for current boot
recoverysw_boot = 0 # Recovery switch position at boot
wpsw_boot = 1 # Firmware write protect hardware switch position at boot
2. boot in developer mode.
localhost ~ # crossystem
devsw_boot = 1 # Developer switch position at boot
recovery_reason = 0 # Recovery mode reason for current boot
recoverysw_boot = 0 # Recovery switch position at boot
wpsw_boot = 1 # Firmware write protect hardware switch position at boot
3. boot in developer-recovery mode using keyboard combo.
devsw_boot = 1 # Developer switch position at boot
recovery_reason = 2 # Recovery mode reason for current boot
recoverysw_boot = 1 # Recovery switch position at boot
wpsw_boot = 1 # Firmware write protect hardware switch position at boot
4. disable WP and reboot. wpsw_boot should be 0.
Change-Id: If4156b5e14c6923c5b331c7e5feaabbffe1dad37
Reviewed-on: https://gerrit.chromium.org/gerrit/29199
Commit-Ready: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| d4faa060cc6445cf532e3f9c9cd785e0726f1b82 |
|
17-Jul-2012 |
Randall Spangler <rspangler@chromium.org> |
Partial EC software sync implementation
Doesn't check the EC hash, but does jump to the correct image, for now
assuming the hash is good.
BUG=chrome-os-partner:11087
TEST=manual
- Power+refresh. System boots. EC is in RO (verify via 'ectool version')
- Create a BIOS signed *without* RO-normal.
- Power+refresh. System boots. EC ends up in A.
- ectool eventgetb. Event 0x2000 IS present, indicating EC has rebooted
- ectool eventclearb -1
- Power button to shut down, then power button to power back on.
- ectool eventgetb. Event 0x2000 is NOT present.
- crossystem recovery_request=123 && reboot. System reboots to recovery mode
and EC is in read-only (verify via EC console 'sysinfo')
- Power off and on. System boots. EC ends up in A again.
Change-Id: I39682d1bf7215c62a4b20613d029e78194b98826
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/27574
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| 88d9375f50726fb26f1d4fcb909aa15256e24a17 |
|
11-Jul-2012 |
Bill Richardson <wfrichar@chromium.org> |
Ensure that the VGA is enabled/disabled as needed.
On some systems, we require the VGA option ROM to be loaded before VbInit()
is called so we can display BIOS screens. If that hasn't happened, we
request it and reboot. Alternatively, if we don't need the option ROM
(normal mode) but we've already loaded it, we un-request it and reboot just
in case there are security vulnerabilities that might be exposed.
Not all systems need preloaded option ROMs. There is an additional input
flag that indicates whether this matters or not.
BUG=chrome-os-partner:8789
TEST=manual
Using keyboard-based dev-mode, switch between normal and dev mode and back.
It should work as expected.
Change-Id: Id1d662014d47ab648c73db4b1647520801f3a0b8
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/27125
Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| 17b8224ea582b2ba90b30a3e8e2d913e49c7818a |
|
27-Jun-2012 |
Bill Richardson <wfrichar@chromium.org> |
Add bits to request and acknowledge Option ROM loading.
For fastest boot, we don't want to load the VGA Option ROM every time, but
only when we need it. Coreboot does that loading, but it can't always know
when it's needed (with keyboard-based dev-mode, coreboot can't tell if we're
in dev-mode or not). By the time we get to U-Boot, it's too late, so we need
two extra bits - one for vboot to tell coreboot to load the Option ROM and
another for coreboot to let vboot know it's been done.
BUG=chrome-os-partner:8789
TEST=manual
The only visible change is that crossystem will now have an "oprom_needed"
flag that can be set or cleared. Nothing actually pays attention to it yet,
though.
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: I521a6afdfb8ea17a8148b32eeb858844c981de9c
Reviewed-on: https://gerrit.chromium.org/gerrit/26272
Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| ec8df1628cd9cf236bf912dee7d4365d7977e697 |
|
07-Jun-2012 |
Bill Richardson <wfrichar@chromium.org> |
Support virtual dev-switch (keyboard-based dev-mode)
BUG=chrome-os-partner:9706
TEST=manual
Currently, Link is the only platform that enables this feature.
To enter dev-mode:
Boot into recovery mode using the magic key chord. At the Insert screen,
press Ctrl-D. You'll be asked if you want to enter developer mode. If you
then press ENTER, it will reboot with dev-mode enabled. If you press SPACE
or ESC, it will return to the Insert screen.
If you enter recovery mode through any other means, or if dev-mode is
already enabled, pressing Ctrl-D at the Insert screen will have no effect.
To return to normal mode:
Reboot. At the Dev screen, press ENTER or SPACE. It will reboot to
recovery mode and ask you if you want to return to normal mode. If you
press ESC or power off, you'll still be in dev-mode. Press ENTER or SPACE,
and it will reboot into normal mode (of course, if you've messed up your
images while in dev-mode, you'll just come right back to recovery mode
again).
You can also request a direct return to normal mode by running
crossystem disable_dev_request=1
and rebooting.
Change-Id: I435905855a6c39932ee466cc046bdc4c4c860f98
Reviewed-on: https://gerrit.chromium.org/gerrit/24160
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| 2448d3b3bc8e80232e7943c16b41eaab19faa1a2 |
|
03-May-2012 |
Bill Richardson <wfrichar@chromium.org> |
Create vbutil_ec tool for signing EC firmware.
This just adds the vbutil_ec tool (and a simple test of the library
functions related to it).
BUG=chrome-os-partner:7459, chromium-os:27142
TEST=manual
make
make runtests
Change-Id: I2a2c4e7cfb8ac6ce2229c5de4252a5cc89321fa5
Reviewed-on: https://gerrit.chromium.org/gerrit/21868
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| 916cf1e977f02f54dff6ab8f25c03a94c9657ef0 |
|
24-Apr-2012 |
Che-Liang Chiou <clchiou@chromium.org> |
Omit body load address check
Omit this check because this check is not really necessary and it is
dealing more harms than goods to ARM boards.
While body load address is configurable, it is not quite possible to fix
all the build scripts and runtime scripts to carry this address; so in
reality all scripts use the default body load address.
The problem is, this default address is not friendly to ARM boards, and
it virtually makes this check fails on ARM boards.
BUG=chromium-os:28077
TEST=emerge-{daisy,x86-alex} vboot_reference
TEST=load_kernel_test -b 1 chromiumos_image.bin
TEST=run verified boot on Daisy
Change-Id: I1a1cc0aedf254e2a2b680046812ab7154f26dea7
Reviewed-on: https://gerrit.chromium.org/gerrit/20947
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Che-Liang Chiou <clchiou@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| fa9d7782e837848a1aeb0e95295fa48ac23f7a26 |
|
09-Nov-2011 |
Bill Richardson <wfrichar@chromium.org> |
Dev-mode only boots official kernels by default
Although we're now using a single unified BIOS, it is pretty nice to be able
to get a shell in developer mode while still using verified boot for the
kernel and filesystem. Alex & ZGB implemented this by requiring the dev-mode
user to install a special dev-mode BIOS. We don't do that, but we DO require
setting a special flag with "crossystem" to accomplish the same thing.
In order to allow booting a self-signed kernel, you must boot in developer
mode, open a shell, and run this:
crossystem dev_boot_custom=1
Special note to internal developers: If you're in the habit (as I am) of
booting directly from a USB stick in dev-mode, you'll have to run this:
crossystem dev_boot_custom=1 dev_boot_usb=1
Just using dev_boot_usb=1 is no longer enough, because the USB kernel is
signed using the recovery key and by pressing Ctrl-U, we validate it with
the kernel data key. That worked before this change because any self-signed
kernel was fine, and that's how the USB key was treated. Now it actually
requires a verified signature until you enable dev_boot_custom=1 also.
BUG=chrome-os-partner:5954
TEST=manual
Boot once in normal mode, which clears the special flags. Then switch to
developer mode. You should be able to boot and get a root shell.
Run
crossystem dev_boot_usb=1
Obtain a USB recovery image that's keyed differently. For example, if you're
testing with dev-keys, use a PVT-signed image or vice-versa.
Reboot into dev-mode with the USB recovery stick inserted. At the dev-mode
screen, press Ctrl-U. You should hear a single beep, but it should not boot.
Press Ctrl-D to boot from the hard drive, log in to a shell and run
crossystem dev_boot_custom=1
Repeat the previous test. This time when you press Ctrl-U, it should boot
the recovery image. Turn the system off before it does anything.
That's it.
Change-Id: I1811ee9a188974b3f94c83c52b00b60028b86c69
Reviewed-on: https://gerrit.chromium.org/gerrit/11442
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| f02bbb4635175d6c3ba8f6557802f37e20160533 |
|
24-Aug-2011 |
Randall Spangler <rspangler@chromium.org> |
Add tests for utility.h and sysincludes.h macros
BUG=chromium-os:17564
TEST=make && make runtests
Change-Id: Id0a834c2b234d5f9cbbb37a69426e2b97c734d0a
Reviewed-on: http://gerrit.chromium.org/gerrit/6608
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| ad03a439bc97523e03d19aa1dcd568744d60889c |
|
22-Jul-2011 |
Randall Spangler <rspangler@chromium.org> |
Cleanup and preparation for inside-wrapper TPM refactoring.
Add recovery reason for already in recovery and need to reboot to
recovery to let the TPM init.
Add vboot_struct fields.
Fix type for keyblock flags param to SetTPMBootModeState().
BUG=none
TEST=make && make runtests
Change-Id: I4035bdb377aaebaca03a43799be57977166da739
Reviewed-on: http://gerrit.chromium.org/gerrit/4599
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| 8bf0d5ff0ff77aaf496507bbe8d65a5f3027c80c |
|
14-Jul-2011 |
Randall Spangler <rspangler@chromium.org> |
Add vboot support for RO-normal code path.
BUG=chromium-os:17304
TEST=make && make runtests
Change-Id: I4d0f8afd516649fba67119845ec1c4479ba54c43
Reviewed-on: http://gerrit.chromium.org/gerrit/4065
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| a712e01ae783351e921031aab59ff1b7583d683d |
|
13-Jul-2011 |
Randall Spangler <rspangler@chromium.org> |
Add support for flags in the firmware preamble.
The old (v2.0) parser is compatible with new (v2.1) structs. That is,
this won't break existing firmware or vbutil_firmware.
A new (v2.1) parser parsing an old (v2.0) struct will return 0 for the
flags.
This will be used to support the RO-normal code path in a subsequent CL.
BUG=chromium-os:17304
TEST=added unit tests; make && make runtests
Change-Id: I73bcd8acd3330b0d7d143061b5ef838e6d79cf1a
Reviewed-on: http://gerrit.chromium.org/gerrit/4030
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| 9619112a574b975476667545e3a326052fa0c50b |
|
08-Jul-2011 |
Randall Spangler <rspangler@chromium.org> |
Vboot wrapper - add recovery reason, refactor timing
Pressing Tab at a firmware screen now displays real data, including
the recovery reason, HWID, and contents of VbNvStorage.
Entry point start/end time tracking in VbSharedData now refers to the
new wrapper APIs.
Added capability for calling firmware to request recovery mode (for
example, if it's unable to initialize RAM, can't find the SSD, etc.).
Previously, calling firmware had no (good) way to do this other than
faking the recovery button being pressed.
BUG=chromium-os:17018
TEST=emerge on x86 and tegra2_seaboard
Change-Id: I7d377f279842b30a10d945d13571c41c464633f1
Reviewed-on: http://gerrit.chromium.org/gerrit/3814
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| 1b1998dff0002f20b3f27a21e6e79d8951e64684 |
|
02-Jul-2011 |
Randall Spangler <rspangler@chromium.org> |
Vboot wrapper initial implementation
Patch 1: Initial change
Patch 2: Fix comment in vboot_struct.h
Patch 3: Revert files unintentionally reverted
Patch 4: (rebase)
Patch 5: (rebase)
Patch 6: Revert files unintentionally reverted (again)
Patch 7: Fix mocked tlcl for ARM build
BUG=chromium-os:17010
TEST=make && make runtests; works on H2C; emerge-tegra2_seaboard chromeos-bootimage compiles
Change-Id: I6e5ce72d41b9297c07a3f330a881eba68cfabee2
Reviewed-on: http://gerrit.chromium.org/gerrit/3593
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| 7adcc60e6f5f6db081b9ad6e02288335502a0d77 |
|
25-Jun-2011 |
Randall Spangler <rspangler@chromium.org> |
Vboot wrapper API - crossystem and header files
Header file changes for wrapper API implementation
Crossystem support for reading recovery reason from VbSharedData, and
explicit support for version 1 VbSharedData structs.
BUG=chromium-os:16970
TEST=make && make runtests; run crossystem on Alex and make sure it still reports recovery_reason in recovery mode.
Change-Id: I15195b899583e425d3c9e8df09842d764528e2cb
Reviewed-on: http://gerrit.chromium.org/gerrit/3203
Reviewed-by: Tom Wai-Hong Tam <waihong@chromium.org>
Reviewed-by: Che-Liang Chiou <clchiou@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/include/vboot_struct.h
|
| 7141571d55373fc2a84a70b5663409a653f8049d |
|
21-Mar-2011 |
Randall Spangler <rspangler@chromium.org> |
Print LoadKernel() debug data from VbSharedData
Change-Id: I60cf9c4dd07e83b1ed1a5bac8a3ce8c2a54df45b
R=reinauer@chromium.org
BUG=chrome-os-partner:2748
TEST=manually check output of 'crossystem vdat_lkdebug'
Review URL: http://codereview.chromium.org/6685097
/external/vboot_reference/firmware/include/vboot_struct.h
|
| 17c712672f2c3a6d928c9bffde5b09c8baa1ba24 |
|
18-Mar-2011 |
Randall Spangler <rspangler@chromium.org> |
Add VbSharedData debug output to LoadKernel()
Change-Id: Id2837c83877520067e46e2434460349ef001b7b9
R=dlaurie@chromium.org
BUG=chrome-os-partner:2748
TEST=nmake uefi64; boot in normal and recovery modes
Review URL: http://codereview.chromium.org/6688035
/external/vboot_reference/firmware/include/vboot_struct.h
|
| 5ac39bfff0d9e2ad2c3e1fe9b3fd3f314b50a472 |
|
18-Mar-2011 |
Randall Spangler <rspangler@chromium.org> |
Add TPM version checking
Change-Id: Ic32b7bcf0bc5501e21dc84e79419a256d9b0d095
R=semenzato@chromium.org,reinauer@chromium.org
BUG=chrome-os-partner:2832
TEST=manual
crossystem tpm_fwver tpm_kernver
On a debug system, this will return 0x00010001 0x00010001
Review URL: http://codereview.chromium.org/6685075
/external/vboot_reference/firmware/include/vboot_struct.h
|
| f4ba19d81d4fefa0dba4efbdd57dc863138fde3a |
|
18-Mar-2011 |
Randall Spangler <rspangler@chromium.org> |
Add VbSharedData field parsing
R=reinauer@chromium.org
BUG=chrome-os-partner:2578
TEST=manual
crossystem vdat_timers
should show 'LFS=0,0 LF=number1,number2 LK=number3,number4'
where number1 < number2 < number3 < number4
crossystem vdat_lfdebug
run from a dev mode console, should show
'check=12,0 index=0x00 tpmver=(hex number) lowestver=(hex number)'
crossystem vdat_flags
run from a dev mode console, flags should be 0x04.
Review URL: http://codereview.chromium.org/6685068
Change-Id: Id7b958ae300d10cdcdc1b17a1bb17b7e5069166f
/external/vboot_reference/firmware/include/vboot_struct.h
|
| ad6824ba4fc18c4eba4e98ba2b2e476dfcedbbae |
|
17-Mar-2011 |
Randall Spangler <rspangler@chromium.org> |
Added timing data to VbSharedData.
Change-Id: I8d52765227fd3355431bebc77dfbe0106c889eca
BUG=chrome-os-partner:2748
TEST=compiles; will be porting to H2C next
Review URL: http://codereview.chromium.org/6672068
/external/vboot_reference/firmware/include/vboot_struct.h
|
| 95c4031ce903258036beeed0705d25c7e9d25da0 |
|
10-Mar-2011 |
Randall Spangler <rspangler@chromium.org> |
This is necessary to pass additional information about whether firmware A or B is being run. This change also passes the GBB directly into LoadFirmware() and LoadKernel().
Change-Id: I976c11c82c3d665a4feb88226e919f16c2440f60
BUG=chrome-os-partner:1657
TEST=manual - see below
make && make runtests
Then test verifying a test image in both dev mode (-b1, no key specified) and recovery mode (key specified)
build/utility/load_kernel_test -b1 ~/b/USB_images/0.11.224.0-alex/chromiumos_test_image.bin
build/utility/load_kernel_test ~/b/USB_images/0.11.224.0-alex/chromiumos_test_image.bin tests/devkeys/recovery_key.vbpubk
And make sure the firmware with this change actually boots to USB and SSD.
NOTE: u-boot-next needs to change to work with this change. will attempt a follow-up CL with that change
Review URL: http://codereview.chromium.org/6626045
/external/vboot_reference/firmware/include/vboot_struct.h
|
| c324fbfb6d37aa62b0e6e2f22dae7c949896ddef |
|
04-Mar-2011 |
Randall Spangler <rspangler@chromium.org> |
Only advance kernel version when the booted partition has a valid key block
Change-Id: I879c18cc139f8a02bcaa6eb80437eaf836a5e851
BUG=chrome-os-partner:2597
TEST=manual
install pvt-signed image
flip dev switch on and boot
install dev-signed firmware
reboot
reboot
sudo bash
stop tcsd
tpmc read 0x1008 0x0d
bytes 6-10 should be 1 0 1 0, not FF FF FF FF
Review URL: http://codereview.chromium.org/6626020
/external/vboot_reference/firmware/include/vboot_struct.h
|
| f7bdfbbb98654c3b1911dd4f884f17160d5ff2d3 |
|
12-Jan-2011 |
Che-Liang Chiou <clchiou@chromium.org> |
Expose vboot_struct.h to u-boot
BUG=chromium-os:1302
TEST=cat <<EOF | sh
sudo emerge vboot_reference &&
emerge-tegra2_seaboard vboot_reference-firmware &&
[ -f /build/tegra2_seaboard/usr/include/vboot/vboot_struct.h ] &&
echo 'Succeed!'
EOF
Review URL: http://codereview.chromium.org/6187005
Change-Id: I363daa7ed49c49fee3b3ed0fae06857142fe5cb4
/external/vboot_reference/firmware/include/vboot_struct.h
|