History log of /external/vboot_reference/firmware/lib/tpm_bootmode.c
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
f4f395e1ca724ef8795cfe86a9edbf15f14eacd1 23-Oct-2014 Bill Richardson <wfrichar@chromium.org> Extend HWID digest into PCR1 (GBB v1.2 only)

GBB header v1.2 adds a digest of the HWID string to the blob (and
maintains it when updated with the current futility/gbb_utility).

This CL causes VbSelectFirmware() to extend PCR1 with that HWID
digest (only for GBB header v1.2 and later, of course).

Tests are updated.

This also adds a "pcr" command to futility to help determine that
the change is working on the hardware (adds 4K bytes or fewer to
the size of the executable).

BUG=chromium:415714
BRANCH=ToT (and maybe others?)
TEST=make runtests, manual install on HW

To test on hardware, build and update a system with this change
(both the disk image and the RO firmware).

NOTE: The BIOS image must be built in a chroot that is using the
current version of futility. You may need to update your chroot
if your BIOS image still produces v1.1 GBB headers. Check with:

futility show <firmware_image.bin> | grep -B1 'digest:'

Boot the new system with a new test image, then follow these steps:

Read the BIOS:

# flashrom -r /tmp/bios.bin

Make sure the GBB has a valid digest for the HWID.

# futility show /tmp/bios.bin | grep -B1 'digest:'
HWID: SAMUS TEST 8028
digest: 4172d24f40bf72cc0ab8... <valid>
#

Extract only the sha1sum-sized part of the HWID digest:

# futility show /tmp/bios.bin | awk '/digest:/ {print $2}' | colrm 41
4172d24f40bf72cc0ab878b4c589b8fe9cf4405e
#

Simulate extending that value in a PCR using the futility "pcr"
command:

# futility pcr 4172d24f40bf72cc0ab878b4c589b8fe9cf4405e
PCR: 0000000000000000000000000000000000000000
+ 4172d24f40bf72cc0ab878b4c589b8fe9cf4405e
PCR: b6e5ffd2d898a7b15236ad22ca25f53ac1f40776
#

Finally, look at the value of PCR1. It should match the last line
of the futility pcr output:

# head /sys/class/misc/tpm0/device/pcrs | grep PCR-01
PCR-01: B6 E5 FF D2 D8 98 A7 B1 52 36 AD 22 CA 25 F5 3A C1 F4 07 76
#

Change-Id: I09cf855f1a24616cc1a9ddb676670edbc76827d2
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/226408
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/tpm_bootmode.c
7aa250f2db901f523b050ca897237ec1e2be678a 10-Aug-2013 Vadim Bendebury <vbendeb@chromium.org> Fix incorrect format strings

In many cases format strings in vboot_reference do not match their
parameters, which causes all kind of ugly results when examining debug
output.

Enforce proper format verification.

CQ-DEPEND=CL:65396
BRANCH=pit
BUG=none
TEST=manual
. compiled cleanly in vboot_reference, observed debug printouts
making sense.

Change-Id: I58d5ba1f9097ef9922fbaeb7a9946aadf5eb8617
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/65394
/external/vboot_reference/firmware/lib/tpm_bootmode.c
0c3ba249abb1dc60f5ebabccf84ff13206440b83 29-Mar-2013 Bill Richardson <wfrichar@chromium.org> Massive refactoring of external header files.

This reduces the number of exported header files to the minimum needed by
the existing userspace utilities and firmware implementations.

BUG=chromium:221544
BRANCH=none
TEST=manual, trybots
CQ-DEPEND=CL:47019,CL:47022,CL:47023

sudo FEATURES=test emerge vboot_reference
FEATURES=test emerge-$BOARD \
vboot_reference \
chromeos-cryptohome \
chromeos-installer \
chromeos-u-boot \
peach-u-boot \
depthcharge

Change-Id: I2946cc2dbaf5459a6c5eca92ca57d546498e6d85
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/47021
Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/tpm_bootmode.c
612797edfad45e25b1fb0dc398e02e1d7d8286a2 26-Feb-2013 Aaron Durbin <adurbin@chromium.org> fwlib: fix errors with -Wmissing-prototypes

When the fwlib is built with -Wmissing-prototypes and -Werror
there build breakages that occur. Fix these errors by either
including the header file with the correct declaration or provide
the declaration at the top of the c files for global symbols that
are used by tests.

BUG=chrome-os-partner:17695
BRANCH=None
TEST=built fwlib library with -Wmissing-prototypes and -Werror. Also
'make runtests' still passes.

Change-Id: I992516ee2545509054887173bc65234905381e06
Signed-off-by: Aaron Durbin
Reviewed-on: https://gerrit.chromium.org/gerrit/44042
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Aaron Durbin <adurbin@chromium.org>
Tested-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/tpm_bootmode.c
7993f257af87c7c38cdc71b76bc67cde6c3cdbca 30-Jan-2013 Randall Spangler <rspangler@chromium.org> Reformat to kernel style

No code changes, just reformatting.

BUG=none
BRANCH=none
TEST=make runtests

Change-Id: Id690c8334147970784db5ac54933ad1f5a58dcc1
Reviewed-on: https://gerrit.chromium.org/gerrit/42263
Tested-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/tpm_bootmode.c
ad03a439bc97523e03d19aa1dcd568744d60889c 22-Jul-2011 Randall Spangler <rspangler@chromium.org> Cleanup and preparation for inside-wrapper TPM refactoring.

Add recovery reason for already in recovery and need to reboot to
recovery to let the TPM init.

Add vboot_struct fields.

Fix type for keyblock flags param to SetTPMBootModeState().

BUG=none
TEST=make && make runtests

Change-Id: I4035bdb377aaebaca03a43799be57977166da739
Reviewed-on: http://gerrit.chromium.org/gerrit/4599
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/tpm_bootmode.c
e49e8af65fce38da7a308305566f8a14f102254a 08-Jul-2011 Randall Spangler <rspangler@chromium.org> Port vboot_reference to use new wrapper API utility functions

Third time's the charm. Now that we've moved to u-boot-next, this
won't break the ARM build.

BUG=chromium-os:17006
TEST=make && make runtests; emerge vboot_reference; emerge-tegra2_seaboard chromeos-bootimage

Change-Id: Ib4fa26c7a23868dd2ffd2b321ee8dc08c66ea322
Original-Change-Id: I771085dcdf79d9592de64f35e3b758111a80dd9f
Original-Reviewed-on: http://gerrit.chromium.org/gerrit/3263
Original-Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/3803
Tested-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
/external/vboot_reference/firmware/lib/tpm_bootmode.c
cfd841d3c2c8bb91e7024c62d0acc8668c5041b3 02-Jul-2011 Randall Spangler <rspangler@chromium.org> Revert "Verified boot wrapper - replace utility functions"

This reverts commit 0184886c8cb35e8e01d610622df448a7cb063e06

(This works with uboot-next, but not uboot, which doesn't implement its half of the new wrapper API. So rolling back to leave uboot working.

Change-Id: I1f9e3c63e5bbdb20b9195cd68787bef89f24afee
Reviewed-on: http://gerrit.chromium.org/gerrit/3588
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/tpm_bootmode.c
f8c65491595a8e849cf61b600b2371357ec75ff4 27-Jun-2011 Randall Spangler <rspangler@chromium.org> Verified boot wrapper - replace utility functions

This is part 3 of the vboot wrapper API refactoring. It replaces the
function calls to utility.c functions with new API calls. (It also
fixes up some integer type mismatches in cryptolib that were causing
warnings on the H2C build; those had been fixed a while ago in H2C but
hadn't been propagated across.)

This is a re-commit of the original; I've verified it compiles on both
x86-alex and tegra2, for both vboot_reference and
vboot_reference-firmware, now that the patch from
1c1a883bc746a6216bb634825d33d80562853020 is checked in.

BUG=chromium-os:17006
TEST=make && make runtests, and emerged on both x86-alex and tegra2

Original-Change-Id: I771085dcdf79d9592de64f35e3b758111a80dd9f
Original-Reviewed-on: http://gerrit.chromium.org/gerrit/3263
Original-Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit bd81b3a7d3b7fe4ca6179ade665e565800ab17fc)

Change-Id: Iefdbfb3d10eb9aa385fb6dfc3bf0896f637cb64b
Reviewed-on: http://gerrit.chromium.org/gerrit/3582
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/tpm_bootmode.c
a7b9481f343fb4a19b5a5ed44c2fda2c59547e84 28-Jun-2011 mukesh agrawal <quiche@chromium.org> Revert "Verified boot wrapper - replace utility functions"

This reverts commit bd81b3a7d3b7fe4ca6179ade665e565800ab17fc.

Change-Id: I2be2c076a37bf0e49569248691fceac417254f0b
Reviewed-on: http://gerrit.chromium.org/gerrit/3295
Reviewed-by: mukesh agrawal <quiche@chromium.org>
Tested-by: mukesh agrawal <quiche@chromium.org>
/external/vboot_reference/firmware/lib/tpm_bootmode.c
bd81b3a7d3b7fe4ca6179ade665e565800ab17fc 27-Jun-2011 Randall Spangler <rspangler@chromium.org> Verified boot wrapper - replace utility functions

This is part 3 of the vboot wrapper API refactoring. It replaces the
function calls to utility.c functions with new API calls. (It also
fixes up some integer type mismatches in cryptolib that were causing
warnings on the H2C build; those had been fixed a while ago in H2C but
hadn't been propagated across.)

BUG=chromium-os:17006
TEST=make && make runtests

Change-Id: I771085dcdf79d9592de64f35e3b758111a80dd9f
Reviewed-on: http://gerrit.chromium.org/gerrit/3263
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/tpm_bootmode.c
4c6e6dac28edfdfc724074b929ec95c6e3104d91 16-Mar-2011 Randall Spangler <rspangler@chromium.org> Fix compiler errors on MSVC

Change-Id: I47fd6d0be5542e5f540a34410b3f694ae0f67fd9

R=gauravsh@chromium.org
BUG=none
TEST=make && make runtests

Review URL: http://codereview.chromium.org/6676039
/external/vboot_reference/firmware/lib/tpm_bootmode.c
b64faaa7f4167344765eb32baebb0aa01a03bc29 16-Mar-2011 Gaurav Shah <gauravsh@chromium.org> Update PCR state with the state of the firmware keyblock flags too.

I re-factored the extend call into its own module, since it doesn't necessarily
need to be couple with rollbackfirmwaresetup.

BUG=chrome-os-partner:2372
TEST=Tried emerge-x86-generic and emerge-arm-generic vboot_reference.

Change-Id: I0d3115b10b686133e63e304570325ebdbd50ae3a

Review URL: http://codereview.chromium.org/6696006
/external/vboot_reference/firmware/lib/tpm_bootmode.c