History log of /external/vboot_reference/firmware/lib/vboot_kernel.c
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
b7d1f03e368b146d11eab511cd6a573a528bc728 04-Feb-2015 Furquan Shaikh <furquan@google.com> kernel flags: Pass back kernel premable flags in kparams

Kernel preamble flags are set by the signer for passing hints about
the image. Read these flags from the preamble and pass it back to the
caller in kparams structure.

BUG=chrome-os-partner:35861
BRANCH=None
TEST=Compiles and boots to kernel prompt for both CrOS image and bootimg.

Change-Id: I07a8b974dcf3ab5cd93d26a752c989d268c8da99
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/245951
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Furquan Shaikh <furquan@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
3f4d8d05ba4e32990c8584bd47cdf082d4604232 02-Dec-2014 Dan Ehrenberg <dehrenberg@chromium.org> vboot: Plumb the two disk sizes and external GPT param through

This patch reinstates the external GPT support which was previously
committed and reverted. Improvements since last time include:
- Cleaned-up internal interface based on code review
- Function correctly on legacy bootloaders (e.g., depthcharge before
NAND-related patches are added)
- Better comments
- Treat new field values = 0 -> not use new feature
- Tests are added to ensure external GPT flag is passed down properly
The original commit had change-id
I5a77e417aea8ee9442d18c200d1b073aa5375ecf
Its commit message is reproduced below, and then an additional test.
----
To support an external GPT, disks have two new attributes:
- A binary flag indicating whether the GPT is in the same address
space as the payloads or a separate one.
- The number of sectors of the streaming portion of storage, as
opposed to the portion containing the GPT.
These have been added elsewhere to GptData (in cgptlib) and BlockDev
(in depthcharge). This patch adds the plumbing between those, including
in the DiskInfo interface between the firmware and vboot.
BUG=chromium:425677
BRANCH=none
TEST=Interactively wrote the GPT with cgpt and observed the following
boot with depthcharge to read the GPT from SPI and then read from
the proper locations in NAND flash.
TEST=make runalltests passes.
TEST=boots from USB with depthcharge from HEAD.

Change-Id: Ia7956517a7b9da0301f01fac5a10204f6d78cf4f
Signed-off-by: Dan Ehrenberg <dehrenberg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/234640
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
b3d38f5c620da89662deb1a08971c5025d6c1132 09-Dec-2014 Dan Ehrenberg <dehrenberg@chromium.org> vboot: GPT interface cleanup

- Rename drive_sectors to streaming_drive_sectors, to contrast with
gpt_drive_sectors
- Replace stored_on_device field with flags field for future
extensibility

BUG=chromium:433433
TEST=make runtests
BRANCH=none

Change-Id: I785a3b735b8eb96f647a334659329db3ee43eb80
Signed-off-by: Dan Ehrenberg <dehrenberg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/234283
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
79a9e0e63fd1001a3f9615f96c09acba5f20250d 15-Nov-2014 Julius Werner <jwerner@chromium.org> Revert "vboot: Plumb the two disk sizes and 'gpt on device' param through"

This reverts commit 5040a945dfd0dd305d3ca8e923b8bf0bd5c6528e.

This patch breaks booting any image (both fixed and
removable) on Veyron_Pinky (and presumably every other
non-NAND board?). By the power vested in me through the
office of ChromeOS tree sheriff (well, five hours early
but whatever) it is hereby reverted!

BUG=chromium:425677
BRANCH=none
TEST=Can successfully boot on Veyron_Pinky again.

Change-Id: I9323a3d5e34491337fc7eb09dd00d845ac42997d
Reviewed-on: https://chromium-review.googlesource.com/229963
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
Tested-by: Julius Werner <jwerner@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
5040a945dfd0dd305d3ca8e923b8bf0bd5c6528e 05-Nov-2014 Dan Ehrenberg <dehrenberg@chromium.org> vboot: Plumb the two disk sizes and 'gpt on device' param through

To support an external GPT, disks have two new attributes:
- A binary flag indicating whether the GPT is in the same address
space as the payloads or a separate one.
- The number of sectors of the streaming portion of storage, as
opposed to the portion containing the GPT.
These have been added elsewhere to GptData (in cgptlib) and BlockDev
(in depthcharge). This patch adds the plumbing between those, including
in the DiskInfo interface between the firmware and vboot.

BUG=chromium:425677
BRANCH=none
TEST=Interactively wrote the GPT with cgpt and observed the following
boot with depthcharge to read the GPT from SPI and then read from
the proper locations in NAND flash.
make runalltests passes.

Signed-off-by: Dan Ehrenberg <dehrenberg@chromium.org>
Change-Id: I5a77e417aea8ee9442d18c200d1b073aa5375ecf
Reviewed-on: https://chromium-review.googlesource.com/228943
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
6ee52d9a929d00e871e7316240b54f381146fbc6 24-Oct-2014 Nam T. Nguyen <namnguyen@chromium.org> vboot: cgpt: Support writing GPT structs to NOR flash

This CL allows the GPT headers and partition entry arrays to be stored
in a NOR flash device. Instead of treating both the NOR and NAND devices
as one (in a sandwich way), this CL writes and reads the GPT structs
independently of the actual device that houses the partitions.
Therefore, the first usable LBA of the partitions will be at 0, and the
last usable LBA is at the end of the NAND.

+------------------------+
| NOR houses GPT structs |
+------------------------+
|
0 | Index into
v v
+------------------------+
| NAND houses partitions |
+------------------------+

Note that the "my_lba", "alternate_lba", "entries_lba" in the GPT headers
are no longer meaningful.

Consumers of cgptlib will have to set "stored_on_device" to either
GPT_STORED_ON_DEVICE or GPT_STORED_OFF_DEVICE, and "gpt_drive_sectors"
to the number of 512-byte sectors available to store GPT structs.

The NOR read and write operations are done by "flashrom".

BUG=chromium:425677
BRANCH=none
TEST=unittest
TEST=build with DEBUG, cgpt create/add/show on a stumpy-moblab

Change-Id: I083b3c94da3b0bb3da1a7b10c6969774080a2afd
Reviewed-on: https://chromium-review.googlesource.com/226800
Reviewed-by: Nam Nguyen <namnguyen@chromium.org>
Commit-Queue: Nam Nguyen <namnguyen@chromium.org>
Tested-by: Nam Nguyen <namnguyen@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
7c2beb08380410ca6847abdac23e11ded2d1b625 22-Oct-2014 Dan Ehrenberg <dehrenberg@chromium.org> cgpt: Separate out certain GPT manipluation functions

For kernel NAND support, some vboot/cgptlib functionality is
needed from depthcharge. This patch moves certain function
declarations to a new header in firmware/include and puts
their definitions in a common place.

TEST=make runalltests passes and packages build
BRANCH=none
BUG=chromium:403432

Change-Id: Idd42b1f9f531651d78bb4afb80ca90c24aae93d9
Reviewed-on: https://chromium-review.googlesource.com/224996
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Daniel Ehrenberg <dehrenberg@chromium.org>
Tested-by: Daniel Ehrenberg <dehrenberg@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
4184e626336fa8d794a21208387226f154d77d0f 09-Oct-2014 Randall Spangler <rspangler@chromium.org> Use VbExStream APIs to read the kernel partition

This is necessary to support reading the kernel from raw NAND flash,
where the driver may need to skip over bad sectors, and absolute
sector addressing is thus not practical.

The impact is relatively minor. Vboot only did two reads per kernel
anyway, one for the first 64KB of the partition and a second for the
rest of the kernel data.

Firmware which uses vboot will need to implement the streaming APIs.
Or, as a really easy workaround, just copy the implementation from
firmware/stub/vboot_api_stub_stream.c, which translates from the new
streaming API to the old sector-based disk API.

BUG=chromium:403432
BRANCH=none
TEST=make runtests; passes.
CQ-DEPEND=CL:221992, CL:222885, CL:222945

Change-Id: I7437b489650c95c09ac68b67d4d86f9e15c2fa73
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/222410
Reviewed-by: Daniel Ehrenberg <dehrenberg@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
162f7885964b39419419f07a576fc390068678a9 01-Oct-2014 Duncan Laurie <dlaurie@chromium.org> vboot_kernel: Validate GPT header before using

In AllocAndReadGptData() the code was changed to use the GPT header
to determine the LBA of the GPT entries. This change did not account
for devices that have an invalid header and it can attempt to read
from invalid block addresses on a device.

This commit happened here:
a2d72f7 vboot: cgpt: Refer to partition entries by entries_lba.
https://chromium-review.googlesource.com/213861

The subsequent steps in vboot, LoadKernel->GptInit->GptRepair will
fix a missing header and entries, so it is only necessary for one of
the headers to be valid.

This is commonly the case with a new USB stick that has an image
written to it as only the primary header will be valid in this case.
However it is also true if the primary header has been corrupted and
the secondary header is still valid.

The code has been changed to call CheckHeader() on the primary and
secondary headers before attempting to use the 'entries_lba' field
to read the entries from the device. AllocAndReadGptData() now only
fails if both headers are invalid.

A number of new unit tests are created to check for these failure
conditions. In order to support this I had to extend the vboot_kernel
test infrastructure to have a buffer for the mocked disk data instead
of just ignoring reads and writes. This is because many of the existing
tests assumed they could have an invalid GPT header and still pass.
Now that the header is checked it is necessary for a valid header to
be created before the tests can pass.

BUG=chrome-os-partner:32386
BRANCH=samus,auron
TEST=All unit tests pass when running 'make runtests'
In addition real-world testing was done by corrupting the primary
and/or secondary headers of USB stick to ensure that it will
successfully boot if one of the headers is valid.

Change-Id: I7f840a44742fa3ba9a124df29ab5749e4c5a40c1
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/220757
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Nam Nguyen <namnguyen@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
88458d9b5281aca162821a369707781ac9abb44e 28-Aug-2014 Nam T. Nguyen <namnguyen@chromium.org> vboot_reference: Rename *_SECTOR to *_SECTORS

This CL renames GPT_PMBR_SECTOR to GPT_PMBR_SECTORS and GPT_HEADER_SECTOR to
GPT_HEADER_SECTORS to better indicate that these are constants for sizes, not
location.

BRANCH=None
BUG=None
TEST=unittest

Change-Id: I26ed6d45d77dcb1eb714135edbb9e4124b54e953
Reviewed-on: https://chromium-review.googlesource.com/214830
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Nam Nguyen <namnguyen@chromium.org>
Commit-Queue: Nam Nguyen <namnguyen@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
a2d72f70c18905aba25eb0971f6f601dd1fa5a60 23-Aug-2014 Nam T. Nguyen <namnguyen@chromium.org> vboot: cgpt: Refer to partition entries by entries_lba.

This CL accesses the partition entry array through its header's
entries_lba value.

Previously, we assume the primary entry array lies on third sector, and
the secondary array lies (1 + 32) sectors from disk end. This assumption
was fine, even Wikipedia assumed the same.

But in order for us to support writing boot code to the third sector (as
required by some Freescale board), the primary entry array must be moved
to another location. Therefore, we must use "entries_lba" to locate the
arrays from now on.

BRANCH=none
BUG=chromium:406432
TEST=unittest
TEST=`cgpt create -p` and then `cgpt show`. Make sure the table
header and entries are properly moved.

Change-Id: Ia9008b0bb204f290b1f6240df562ce7d3a9bbff2
Reviewed-on: https://chromium-review.googlesource.com/213861
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Nam Nguyen <namnguyen@chromium.org>
Tested-by: Nam Nguyen <namnguyen@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
527ba810eff4006cf69579f6b96cb4350cb1e189 25-Jul-2013 Simon Glass <sjg@chromium.org> Implementation of Region API

At present reading data from storage in Vboot is a little fragmented. For
the firmware image, we expect the boot loader to handle this. For the disk
we have a block-level API. For the GBB (which also sits in the firmware
image) we expect the entire thing to be read before Vboot is called.

Add the concept of a region, and an API to read from a region. At present,
and most pressing, is reading from a GBB region. In the future this could
be extended to other parts of the firmware or even the disk.

Move all access to the GBB into this API so that the boot loader can provide
either a GBB region in one large contiguous chunk, or a function to deal with
read requests from vboot.

The call to VbExRegionRead() is behind a flag since not all boot loaders
support it yet.

The main change for boot loaders which don't support this new API is that
vboot will do more behind the scenes. For example, it will allocate memory
for chunks of data that it reads from the GBB, rather than just accessing it
directly. This approach is considerably simpler than trying to pass char **
everywhere and have vboot decide whether something needs to be allocated or
not.

The tests are updated, mainly to include setting up a GBB structure
accessible from VbCommonParams, which is now required by the firmware and
kernel functions. In normal operation this is set up at the start of
VbLoadFIrmware() and VbSelectAndLoadKernel() but for tests which call
children of these functions directly, the GBB structure must be set up
manually by the test.

BUG=chrome-os-partner:21115
BRANCH=none
TEST=manual
FEATURES=test sudo -E emerge vboot_reference

Change-Id: If2b8bbe467fdbd643239d8d9b5d7aa98df4d286f
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: David Hendricks <dhendrix@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/63336
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/167361
/external/vboot_reference/firmware/lib/vboot_kernel.c
8fa13ad6f727d44fdc0ae1d2bde5f54b32dab9b9 29-Aug-2013 Yoshiki Iguchi <yoshiki@chromium.org> Revert "Implementation of Region API"

This reverts commit 1d3c804b6b9d2ffb6953a7ee98fabfd548915ad7.

This patch breaks cbuildbot on internal paladins bots.

Change-Id: Icf7f9d9bbb56b092035888eaa3e249ffd23fac16
(cherry picked from commit 3a60335ebb1530e5fd9d5da3bc6214949bc59caf)
Reviewed-on: https://chromium-review.googlesource.com/167451
Reviewed-by: Yoshiki Iguchi <yoshiki@chromium.org>
Commit-Queue: Yoshiki Iguchi <yoshiki@chromium.org>
Tested-by: Yoshiki Iguchi <yoshiki@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
1d3c804b6b9d2ffb6953a7ee98fabfd548915ad7 25-Jul-2013 Simon Glass <sjg@chromium.org> Implementation of Region API

At present reading data from storage in Vboot is a little fragmented. For
the firmware image, we expect the boot loader to handle this. For the disk
we have a block-level API. For the GBB (which also sits in the firmware
image) we expect the entire thing to be read before Vboot is called.

Add the concept of a region, and an API to read from a region. At present,
and most pressing, is reading from a GBB region. In the future this could
be extended to other parts of the firmware or even the disk.

Move all access to the GBB into this API so that the boot loader can provide
either a GBB region in one large contiguous chunk, or a function to deal with
read requests from vboot.

The call to VbExRegionRead() is behind a flag since not all boot loaders
support it yet.

The main change for boot loaders which don't support this new API is that
vboot will do more behind the scenes. For example, it will allocate memory
for chunks of data that it reads from the GBB, rather than just accessing it
directly. This approach is considerably simpler than trying to pass char **
everywhere and have vboot decide whether something needs to be allocated or
not.

The tests are updated, mainly to include setting up a GBB structure
accessible from VbCommonParams, which is now required by the firmware and
kernel functions. In normal operation this is set up at the start of
VbLoadFIrmware() and VbSelectAndLoadKernel() but for tests which call
children of these functions directly, the GBB structure must be set up
manually by the test.

BUG=chrome-os-partner:21115
BRANCH=none
TEST=manual
FEATURES=test sudo -E emerge vboot_reference

Change-Id: I2c19e9dc2ed602d0642bbf4f7d27f79fe9fad873
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/63336
Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
47779880b28f2c549dd3349d8f28d68a0f784eb4 16-Aug-2013 Simon Glass <sjg@chromium.org> Improve kernel tests to pass valgrind

At present the kernel tests produce valgrind errors since the GPT data is
sometimes accessed before it is read. This is unnecessary, so update the
code to avoid this.

BUG=chrome-os-partner:21115
BRANCH=pit
TEST=manual
valgrind --leak-check=full ./build/tests/vboot_kernel_tests

See that we no longer get valgrind errors.

Change-Id: I9e9660e38a62a735cf01a37c2d81ddb5ab8b1528
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/66173
/external/vboot_reference/firmware/lib/vboot_kernel.c
981cb2acdc2f26ae27732a4e590c326787936381 12-Aug-2013 Simon Glass <sjg@chromium.org> Enable vboot for sandbox and improve debugging/format strings

Some functions of vboot are disabled for sandbox because sandbox could not
support them. This has changed, so remove the sandbox #ifdefs in the code.

Some printf() strings cause warnings on sandbox - mostly that uin64_t is
not 'long long' on a 64-bit machine. The existing format strings in U-Boot
do not seem to take account of this, so add casts to remove the warnings.

Also add a few more debug strings to make it easier to see what is happening
in the vboot flow.

BUG=chrome-os-partner:21115
BRANCH=pit
TEST=manual
crosfw -b sandbox -V

See there are no warnings.

Change-Id: I86f90a693e4bd23fcacf6d48297dd32229348dd4
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/65621
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
0c3ba249abb1dc60f5ebabccf84ff13206440b83 29-Mar-2013 Bill Richardson <wfrichar@chromium.org> Massive refactoring of external header files.

This reduces the number of exported header files to the minimum needed by
the existing userspace utilities and firmware implementations.

BUG=chromium:221544
BRANCH=none
TEST=manual, trybots
CQ-DEPEND=CL:47019,CL:47022,CL:47023

sudo FEATURES=test emerge vboot_reference
FEATURES=test emerge-$BOARD \
vboot_reference \
chromeos-cryptohome \
chromeos-installer \
chromeos-u-boot \
peach-u-boot \
depthcharge

Change-Id: I2946cc2dbaf5459a6c5eca92ca57d546498e6d85
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/47021
Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
ac8805e7e9bd40c03baf44e37b26f28d9b763ab5 16-Mar-2013 Gabe Black <gabeblack@chromium.org> Get rid of some crufty macros.

These were macros that were never used, or that were only set to one thing and
could be substituted up front.

I left in code guarded by the HAVE_ENDIAN_H and HAVE_LITTLE_ENDIAN macros even
though those are never defined because they guard a reportedly significantly
faster implementation of some functionality, at least according to a comment
in the source. It would be a good idea to enable that code path and see if it
really does make a big difference before removing it entirely.

BUG=None
TEST=Built for Link, Daisy, and the host with FEATURES=test. Built depthcharge
for Link and booted in normal mode.
BRANCH=None

Change-Id: I934a4dd0da169ac018ba07350d56924ab88b1acc
Signed-off-by: Gabe Black <gabeblack@google.com>
Reviewed-on: https://gerrit.chromium.org/gerrit/45687
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Gabe Black <gabeblack@chromium.org>
Tested-by: Gabe Black <gabeblack@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
7993f257af87c7c38cdc71b76bc67cde6c3cdbca 30-Jan-2013 Randall Spangler <rspangler@chromium.org> Reformat to kernel style

No code changes, just reformatting.

BUG=none
BRANCH=none
TEST=make runtests

Change-Id: Id690c8334147970784db5ac54933ad1f5a58dcc1
Reviewed-on: https://gerrit.chromium.org/gerrit/42263
Tested-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
49cb0d3471e768da11fe76b65769bd57dca38bd7 29-Jan-2013 Randall Spangler <rspangler@chromium.org> Add kernel tests

BUG=chromium-os:38139
BRANCH=none
TEST=make runtests

Change-Id: Iee7c965d5c29063259c66d0ccb117c60f4f4a92e
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/42314
/external/vboot_reference/firmware/lib/vboot_kernel.c
640b1c420748049c796b3f9d59406e38ff8f4774 22-Nov-2012 Bill Richardson <wfrichar@chromium.org> Add more recovery_reason codes

There are several places where the same recovery_reason was used to report
slightly different points of failure. Let's create some new codes instead.

Remember that recovery mode is handled by RO firmware, so if an updated RW
firmware uses one of the new error codes, pressing TAB at the recovery
screen will say "We have no idea what this means". That's not a bug. This CL
deprecates the original codes, so the fact that the RO firmware doesn't
recognize it just means it's a new code reported by a new RW BIOS.

BUG=chromium-os:36562
TEST=manual
BRANCH=parrot

Run

make && make runtests

It should pass. You can test some of the error cases on actual hardware by
using

crossystem recovery_reason=86
reboot

and pressing TAB at the recovery screen. For that example you should see the
message

recovery_reason: 0x56 TPM lock error in rewritable firmare

Change-Id: I123c781e6c6f6fe0284c4fd49f5f5a855eece7df
Reviewed-on: https://gerrit.chromium.org/gerrit/38652
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
b7b865cfee68190babd971ab9a897bdabbab075f 24-Aug-2012 Stefan Reinauer <reinauer@chromium.org> Support alternative GPT header signature

In order to dual boot Windows and ChromeOS, Windows must
not find a GPT partition table on the disk. So change
ChromeOS to cope with an alternative signature "CHROMEOS"
instead of the standard "EFI PART"

BUG=chrome-os-partner:6108
TEST=rebuild chromeos, install it,
run cgpt legacy /dev/sda
dd if=/dev/sda of=/tmp/x bs=1k
hexdump -C /tmp/X
see the string CHROMEOS
BRANCH=link
Signed-off-by: Stefan Reinauer <reinauer@chromium.org>

Change-Id: Ia88eff33b9880bd73a78c1b8e026c1f8298c4557
Reviewed-on: https://gerrit.chromium.org/gerrit/31264
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Stefan Reinauer <reinauer@chromium.org>
Tested-by: Stefan Reinauer <reinauer@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
59576e11e5120513f37658628b2b3bbf9827d471 13-Aug-2012 Taylor Hutt <thutt@chromium.org> twostop: Skip kernel verification when built for U-Boot sandbox

It's not yet possible to verify the kernel in an Chromium OS image
with the Sandbox Version of U-Boot due to the lack of keys. For now,
stub out the verification process and behave as if everything is ok:
Sandbox U-Boot is only interested in the selected kernel and boot mode
at this point.

BUG=chromium-os:32603
TEST=With this change, it's possible to get valid answers from
vboot_twostop command with Sanbox U-Boot.

Change-Id: I3b1142889657315675eacd3a1d1448aeee7ccb62
Signed-off-by: Taylor Hutt <thutt@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/30256
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
b321dbb6bc819d4b7b5a2831dbda0816d3f772d8 02-Aug-2012 Vadim Bendebury <vbendeb@chromium.org> Get kernel size/load address from vboot headers

Presently kernel load address and buffer size are programmed in the
u-boot device tree. There is no reason for this: the address and size
are part of the vboot encapsulation headers. Duplicating this
information hardcoded in the device tree does not bring any benefit
and is in fact harmful, as it is easy to get out of sync.

A better way of doing things is to derive kernel load address and size
from the appropriate vboot header. ARM people object to this, as they
want the very same kernel blob operate on devices with DRAM mapped to
different address ranges.

The suggested solution is to exclude the kernel memory section from
the device tree on the platforms where the load address could be
safely taken from the vboot header. In this case u-boot will pass
address of zero to vboot, which will know to derive the address/size
from the appropriate header. vboot then rewrites fields of the u-boot
supplied structure with actual address and size of the kernel blob.

There is no sanity check yet, as it is presumed that there is enough
memory to load any kernel and u-boot does not use the space above
0x100000 for at least 16 megabytes (the kernel partition size). On x86
platform the check could be verify that the top of the kernel space is
well below the stack.

BUG=chrome-os-partner:11994
TEST=manual
. with the appropriate u-boot change run a Link target through a
FAFT cycle, observe it succeed.

Change-Id: I3c2c2cefb1e31d16ac497a01894bf32638479ed7
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/29038
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Doug Anderson <dianders@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
c0e3742996a84d3c503cfa002b09a0831bcb2c32 08-Jun-2012 Randall Spangler <rspangler@chromium.org> Remove unused test fields from VbNvStorage

Confirmed via codesearch that these fields are not used outside of
vboot_reference itself, and the only use inside vboot_reference is one
test which checked that the test error generation itself worked.

BUG=chromium-os:31668
TEST=make && make runtests

Signed-off-by: Randall Spangler <rspangler@chromium.org>
Change-Id: Ic393e126ca2853f7aaff19ffd6fcdbdb1c47689f
Reviewed-on: https://gerrit.chromium.org/gerrit/24895
Reviewed-by: Simon Glass <sjg@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
916cf1e977f02f54dff6ab8f25c03a94c9657ef0 24-Apr-2012 Che-Liang Chiou <clchiou@chromium.org> Omit body load address check

Omit this check because this check is not really necessary and it is
dealing more harms than goods to ARM boards.

While body load address is configurable, it is not quite possible to fix
all the build scripts and runtime scripts to carry this address; so in
reality all scripts use the default body load address.

The problem is, this default address is not friendly to ARM boards, and
it virtually makes this check fails on ARM boards.

BUG=chromium-os:28077
TEST=emerge-{daisy,x86-alex} vboot_reference
TEST=load_kernel_test -b 1 chromiumos_image.bin
TEST=run verified boot on Daisy

Change-Id: I1a1cc0aedf254e2a2b680046812ab7154f26dea7
Reviewed-on: https://gerrit.chromium.org/gerrit/20947
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Ready: Che-Liang Chiou <clchiou@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
7272a6951107251a5c9b26330c506319a92a54b3 17-Nov-2011 Bill Richardson <wfrichar@chromium.org> Dev-mode allows booting self-signed kernels by default.

When you enter dev-mode,

Pressing Ctrl-U to boot from USB is DISABLED.
Booting any self-signed kernel from the SSD is ENABLED.

This replaces the "crossystem dev_boot_custom" argument with
"crossystem dev_boot_signed_only", which has the opposite polarity.
So if you want to dev-mode to only boot official kernels, you have to
explictly set it that way. If you leave dev-mode and then come back,
it will go back to the conditions shown above.

BUG=chrome-os-partner:5954
TEST=manual

Just run the factory flow. It was broken; this should fix it (except for any
workarounds that were added while it was broken; those may need to be
reverted).

Change-Id: I13e0edbc0e77c5d6ea609dabf771085006cd1805
Reviewed-on: https://gerrit.chromium.org/gerrit/11853
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
fa9d7782e837848a1aeb0e95295fa48ac23f7a26 09-Nov-2011 Bill Richardson <wfrichar@chromium.org> Dev-mode only boots official kernels by default

Although we're now using a single unified BIOS, it is pretty nice to be able
to get a shell in developer mode while still using verified boot for the
kernel and filesystem. Alex & ZGB implemented this by requiring the dev-mode
user to install a special dev-mode BIOS. We don't do that, but we DO require
setting a special flag with "crossystem" to accomplish the same thing.

In order to allow booting a self-signed kernel, you must boot in developer
mode, open a shell, and run this:

crossystem dev_boot_custom=1

Special note to internal developers: If you're in the habit (as I am) of
booting directly from a USB stick in dev-mode, you'll have to run this:

crossystem dev_boot_custom=1 dev_boot_usb=1

Just using dev_boot_usb=1 is no longer enough, because the USB kernel is
signed using the recovery key and by pressing Ctrl-U, we validate it with
the kernel data key. That worked before this change because any self-signed
kernel was fine, and that's how the USB key was treated. Now it actually
requires a verified signature until you enable dev_boot_custom=1 also.

BUG=chrome-os-partner:5954
TEST=manual

Boot once in normal mode, which clears the special flags. Then switch to
developer mode. You should be able to boot and get a root shell.

Run

crossystem dev_boot_usb=1

Obtain a USB recovery image that's keyed differently. For example, if you're
testing with dev-keys, use a PVT-signed image or vice-versa.

Reboot into dev-mode with the USB recovery stick inserted. At the dev-mode
screen, press Ctrl-U. You should hear a single beep, but it should not boot.

Press Ctrl-D to boot from the hard drive, log in to a shell and run

crossystem dev_boot_custom=1

Repeat the previous test. This time when you press Ctrl-U, it should boot
the recovery image. Turn the system off before it does anything.

That's it.

Change-Id: I1811ee9a188974b3f94c83c52b00b60028b86c69
Reviewed-on: https://gerrit.chromium.org/gerrit/11442
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
89c1a3b3efc0bdb0aee3641e2a62f8aee13b0d3c 10-Oct-2011 Stefan Reinauer <reinauer@chromium.org> Fix potential NULL pointer dereference in vboot_kernel.c

In the unlikely case that params is not set or the LoadKernelParams
structure is not initialized correctly, LoadKernel will exit before
initializing shcall. However, in LoadKernelExit it will be used to
stire the function's return code, thus potentially dereferencing a
NULL pointer.

BUG=chrome-os-partner:6307
TEST=compile tested.

Change-Id: I691c6b5054d8f77296de86834b3125de06e0e398
Reviewed-on: http://gerrit.chromium.org/gerrit/9791
Tested-by: Stefan Reinauer <reinauer@google.com>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Ready: Stefan Reinauer <reinauer@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
57e91f713f7e647e79ecdf7a6de878f638661e05 26-Jul-2011 Randall Spangler <rspangler@chromium.org> Move VbNvContext setup/teardown to vboot wrapper funcs

BUG=chromium-os:18226
TEST=make && make runtests

Change-Id: Ie22e99a9796866e646ed92158410bc7a2fdf90f6
Reviewed-on: http://gerrit.chromium.org/gerrit/4754
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
68626a6d1b2f4b311d24dbbc5dd7c54d3aaba7ef 26-Jul-2011 Vadim Bendebury <vbendeb@chromium.org> Fix vboot_reference-firmware compilation error when building for coreboot.

When compiling for coreboot the printf format helpers are not
available (they come from the Insyde tree).

The specifier is use in a very limited number of places, it is
probably better to typecast the variable being printed to avoid
compilation errors. This CL accomplishes just that.

BUG=none
TEST=manual:
run the following commands:

emerge-x86-alex -C sys-boot/chromeos-coreboot \
sys-boot/chromeos-u-boot\
chromeos-base/vboot_reference \
chromeos-base/vboot_reference-firmware
emerge-x86-alex chromeos-bootimage

observe the second one succeed.

Change-Id: If19e3a583eb759ba5a21863d1b9b28636c7f00b0
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/4690
/external/vboot_reference/firmware/lib/vboot_kernel.c
dfb0175a5b077e2c3c2809ee71c9b3368d91dbd9 25-Jul-2011 Randall Spangler <rspangler@chromium.org> Refactor LoadFirmware() and LoadKernel() to return VbError_t

BUG=chromium-os:18161
TEST=make && make runtests

Change-Id: I1f60654fef84e26ee15fa8bdaacdb87fb1ddf69e
Reviewed-on: http://gerrit.chromium.org/gerrit/4676
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
22e7bb2b8e73614d7171cc8d1d51c9bd21f22f54 22-Jul-2011 Randall Spangler <rspangler@chromium.org> Refactor TPM calls into vboot wrapper

Try #2, now that ARM has the fix from http://gerrit.chromium.org/gerrit/4667

This cleans up the TPM calls inside vboot_reference.
* TPM calls share mode code between boot modes.
* Better handling for TPM_E_MUST_REBOOT, particularly in recovery mode.
* TAB screen shows current TPM versions.

No changes required to the wrapper API; these changes are internal to vboot.

BUG=chromium-os:18084
TEST=make && make runtests; built for both alex and tegra2-seaboard

Original-Change-Id: I2a52066f2889210af83409872b10f9d6380470af
(cherry picked from commit da55560cddcf7a1aa8a881cdf52792a21a01e766)

Change-Id: I120797145772116f09b8125b9e56fdbb11dc16b3
Reviewed-on: http://gerrit.chromium.org/gerrit/4671
Tested-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
64b2ba41cc5b9125c78b6372eb7f9ed51f4b65a6 25-Jul-2011 Elly Jones <ellyjones@chromium.org> Revert "Refactor TPM calls into vboot wrapper"

This reverts commit da55560cddcf7a1aa8a881cdf52792a21a01e766. This commit caused http://build.chromium.org/p/chromiumos/builders/arm%20tegra2%20binary/builds/6301 to fail.

Change-Id: Ie132c1e600ab28f97337ecfe0e7cff053987717d
Reviewed-on: http://gerrit.chromium.org/gerrit/4661
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Tested-by: Elly Jones <ellyjones@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
4bc713d0df70117a6459fb1ac0ca248eef774c66 22-Jul-2011 Randall Spangler <rspangler@chromium.org> Refactor TPM calls into vboot wrapper

This cleans up the TPM calls inside vboot_reference.
* TPM calls share mode code between boot modes.
* Better handling for TPM_E_MUST_REBOOT, particularly in recovery mode.
* TAB screen shows current TPM versions.

No changes required to the wrapper API; these changes are internal to vboot.

BUG=chromium-os:18084
TEST=make && make runtests; built for both alex and tegra2-seaboard

Change-Id: I2a52066f2889210af83409872b10f9d6380470af
Reviewed-on: http://gerrit.chromium.org/gerrit/4611
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
64ca788195a368ec8d23555b7a180674931846a2 12-Jul-2011 Randall Spangler <rspangler@chromium.org> Add support for merged normal+dev firmware

BUG=chromium-os:17457
TEST=make && make runtests

When this is merged into an actual firmware build, can test it:
* dev switch off -> no dev screen, won't boot self-signed kernel
* dev switch on --> dev warning screen, will boot self-signed kernel
(e.g., it acts like the Cr-48)

Change-Id: I985428256e48b7e05dd4d8fe582a0c0103bf5fb2
Reviewed-on: http://gerrit.chromium.org/gerrit/3901
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
9619112a574b975476667545e3a326052fa0c50b 08-Jul-2011 Randall Spangler <rspangler@chromium.org> Vboot wrapper - add recovery reason, refactor timing

Pressing Tab at a firmware screen now displays real data, including
the recovery reason, HWID, and contents of VbNvStorage.

Entry point start/end time tracking in VbSharedData now refers to the
new wrapper APIs.

Added capability for calling firmware to request recovery mode (for
example, if it's unable to initialize RAM, can't find the SSD, etc.).
Previously, calling firmware had no (good) way to do this other than
faking the recovery button being pressed.

BUG=chromium-os:17018
TEST=emerge on x86 and tegra2_seaboard

Change-Id: I7d377f279842b30a10d945d13571c41c464633f1
Reviewed-on: http://gerrit.chromium.org/gerrit/3814
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
1b1998dff0002f20b3f27a21e6e79d8951e64684 02-Jul-2011 Randall Spangler <rspangler@chromium.org> Vboot wrapper initial implementation

Patch 1: Initial change
Patch 2: Fix comment in vboot_struct.h
Patch 3: Revert files unintentionally reverted
Patch 4: (rebase)
Patch 5: (rebase)
Patch 6: Revert files unintentionally reverted (again)
Patch 7: Fix mocked tlcl for ARM build

BUG=chromium-os:17010
TEST=make && make runtests; works on H2C; emerge-tegra2_seaboard chromeos-bootimage compiles

Change-Id: I6e5ce72d41b9297c07a3f330a881eba68cfabee2
Reviewed-on: http://gerrit.chromium.org/gerrit/3593
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
e49e8af65fce38da7a308305566f8a14f102254a 08-Jul-2011 Randall Spangler <rspangler@chromium.org> Port vboot_reference to use new wrapper API utility functions

Third time's the charm. Now that we've moved to u-boot-next, this
won't break the ARM build.

BUG=chromium-os:17006
TEST=make && make runtests; emerge vboot_reference; emerge-tegra2_seaboard chromeos-bootimage

Change-Id: Ib4fa26c7a23868dd2ffd2b321ee8dc08c66ea322
Original-Change-Id: I771085dcdf79d9592de64f35e3b758111a80dd9f
Original-Reviewed-on: http://gerrit.chromium.org/gerrit/3263
Original-Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/3803
Tested-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
cfd841d3c2c8bb91e7024c62d0acc8668c5041b3 02-Jul-2011 Randall Spangler <rspangler@chromium.org> Revert "Verified boot wrapper - replace utility functions"

This reverts commit 0184886c8cb35e8e01d610622df448a7cb063e06

(This works with uboot-next, but not uboot, which doesn't implement its half of the new wrapper API. So rolling back to leave uboot working.

Change-Id: I1f9e3c63e5bbdb20b9195cd68787bef89f24afee
Reviewed-on: http://gerrit.chromium.org/gerrit/3588
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
f8c65491595a8e849cf61b600b2371357ec75ff4 27-Jun-2011 Randall Spangler <rspangler@chromium.org> Verified boot wrapper - replace utility functions

This is part 3 of the vboot wrapper API refactoring. It replaces the
function calls to utility.c functions with new API calls. (It also
fixes up some integer type mismatches in cryptolib that were causing
warnings on the H2C build; those had been fixed a while ago in H2C but
hadn't been propagated across.)

This is a re-commit of the original; I've verified it compiles on both
x86-alex and tegra2, for both vboot_reference and
vboot_reference-firmware, now that the patch from
1c1a883bc746a6216bb634825d33d80562853020 is checked in.

BUG=chromium-os:17006
TEST=make && make runtests, and emerged on both x86-alex and tegra2

Original-Change-Id: I771085dcdf79d9592de64f35e3b758111a80dd9f
Original-Reviewed-on: http://gerrit.chromium.org/gerrit/3263
Original-Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit bd81b3a7d3b7fe4ca6179ade665e565800ab17fc)

Change-Id: Iefdbfb3d10eb9aa385fb6dfc3bf0896f637cb64b
Reviewed-on: http://gerrit.chromium.org/gerrit/3582
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
a7b9481f343fb4a19b5a5ed44c2fda2c59547e84 28-Jun-2011 mukesh agrawal <quiche@chromium.org> Revert "Verified boot wrapper - replace utility functions"

This reverts commit bd81b3a7d3b7fe4ca6179ade665e565800ab17fc.

Change-Id: I2be2c076a37bf0e49569248691fceac417254f0b
Reviewed-on: http://gerrit.chromium.org/gerrit/3295
Reviewed-by: mukesh agrawal <quiche@chromium.org>
Tested-by: mukesh agrawal <quiche@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
bd81b3a7d3b7fe4ca6179ade665e565800ab17fc 27-Jun-2011 Randall Spangler <rspangler@chromium.org> Verified boot wrapper - replace utility functions

This is part 3 of the vboot wrapper API refactoring. It replaces the
function calls to utility.c functions with new API calls. (It also
fixes up some integer type mismatches in cryptolib that were causing
warnings on the H2C build; those had been fixed a while ago in H2C but
hadn't been propagated across.)

BUG=chromium-os:17006
TEST=make && make runtests

Change-Id: I771085dcdf79d9592de64f35e3b758111a80dd9f
Reviewed-on: http://gerrit.chromium.org/gerrit/3263
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
c90e7e8cd99a70f207249d8d4a78a80cc0f44c3f 18-May-2011 Randall Spangler <rspangler@chromium.org> Fix indentation; no code change.

BUG=none
TEST=none (since nothing changed)

Change-Id: Ifea9a0c0105e70d9cea2b173d0991849770dc14b
Reviewed-on: http://gerrit.chromium.org/gerrit/1067
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/lib/vboot_kernel.c
700fc49a7e38531745f1afd7d7fb714e51ec92d4 17-Apr-2011 Randall Spangler <rspangler@chromium.org> Do not advance kernel version in TPM if we are in firmware B trying a new firmware

Change-Id: If5b6390d011d743689cf96e49202358397663651

R=bleung@chromium.org,dlaurie@chromium.org,sumit@chromium.org
BUG=chrome-os-partner:3367
TEST=make && make runtests

Review URL: http://codereview.chromium.org/6871044
/external/vboot_reference/firmware/lib/vboot_kernel.c
cabe6b3514f3228b350a7d07d6cc7cb39eecaaf6 18-Mar-2011 Randall Spangler <rspangler@chromium.org> Use VbSharedData instead of VbNvStorage for fwb_tries and kernkey_vfy

Change-Id: I5ed3509a9d4e578cd2e98f493dab59bc2fbd5827

R=dlaurie@chromium.org
BUG=chrome-os-partner:2748
TEST=manual

crossystem fwb_tries=3
(reboot)
crossystem tried_fwb
(should print 1)

crossystem fwb_tries=0
(reboot)
crossystem tried_fwb
(should print 0)

In dev mode...
Boot a kernel signed with the same key as in the firmware
crossystem kernkey_vfy
(should print sig)
Boot a kernel signed with a different key than the firmware
crossystem kernkey_vfy
(should print hash)

Review URL: http://codereview.chromium.org/6711045
/external/vboot_reference/firmware/lib/vboot_kernel.c
17c712672f2c3a6d928c9bffde5b09c8baa1ba24 18-Mar-2011 Randall Spangler <rspangler@chromium.org> Add VbSharedData debug output to LoadKernel()

Change-Id: Id2837c83877520067e46e2434460349ef001b7b9

R=dlaurie@chromium.org
BUG=chrome-os-partner:2748
TEST=nmake uefi64; boot in normal and recovery modes

Review URL: http://codereview.chromium.org/6688035
/external/vboot_reference/firmware/lib/vboot_kernel.c
5ac39bfff0d9e2ad2c3e1fe9b3fd3f314b50a472 18-Mar-2011 Randall Spangler <rspangler@chromium.org> Add TPM version checking

Change-Id: Ic32b7bcf0bc5501e21dc84e79419a256d9b0d095

R=semenzato@chromium.org,reinauer@chromium.org
BUG=chrome-os-partner:2832
TEST=manual

crossystem tpm_fwver tpm_kernver
On a debug system, this will return 0x00010001 0x00010001

Review URL: http://codereview.chromium.org/6685075
/external/vboot_reference/firmware/lib/vboot_kernel.c
ad6824ba4fc18c4eba4e98ba2b2e476dfcedbbae 17-Mar-2011 Randall Spangler <rspangler@chromium.org> Added timing data to VbSharedData.

Change-Id: I8d52765227fd3355431bebc77dfbe0106c889eca

BUG=chrome-os-partner:2748
TEST=compiles; will be porting to H2C next

Review URL: http://codereview.chromium.org/6672068
/external/vboot_reference/firmware/lib/vboot_kernel.c
0222355d8af3ec1ae3d7d63cec45f47a16a28262 16-Mar-2011 Randall Spangler <rspangler@chromium.org> Fix LoadKernel() not returning LOAD_KERNEL_RECOVERY

Change-Id: Ib147be7442b93ef429a9796e2b76bee27347e0b3

R=adlr@chromium.org
BUG=13150
TEST=manual

On a current firmware (0052G1+), use 'crossystem vbtest_errfunc=3
vbtest_errno=3' to force a reboot to recovery mode. Then use
'crossystem recovery_reason' to check the recovery reason.

It should be 71. It's not. (You'll get a range of other error reasons
due to a different firmware bug.)

Review URL: http://codereview.chromium.org/6670040
/external/vboot_reference/firmware/lib/vboot_kernel.c
55db6a67176a4933427d2ee556180f6e814f60d9 16-Mar-2011 Stefan Reinauer <reinauer@chromium.org> only update tpm if version if not default value

Change-Id: I697de80aa2f0454164cd3651e5a53d06e60a837e

BUG=2782
TEST=in progress

Review URL: http://codereview.chromium.org/6677067
/external/vboot_reference/firmware/lib/vboot_kernel.c
99ca3466ba097cceacaff0129e9060578a8fcb20 15-Mar-2011 Randall Spangler <rspangler@chromium.org> LoadFirmware() and LoadKernel() handling for test errors

Change-Id: Icecfcab8f5cc30e80da7a2d77a1b1729f5094fee

R=wfrichar@chromium.org
BUG=13107
TEST=make && make runtests

Review URL: http://codereview.chromium.org/6673048
/external/vboot_reference/firmware/lib/vboot_kernel.c
95c4031ce903258036beeed0705d25c7e9d25da0 10-Mar-2011 Randall Spangler <rspangler@chromium.org> This is necessary to pass additional information about whether firmware A or B is being run. This change also passes the GBB directly into LoadFirmware() and LoadKernel().

Change-Id: I976c11c82c3d665a4feb88226e919f16c2440f60

BUG=chrome-os-partner:1657
TEST=manual - see below

make && make runtests

Then test verifying a test image in both dev mode (-b1, no key specified) and recovery mode (key specified)

build/utility/load_kernel_test -b1 ~/b/USB_images/0.11.224.0-alex/chromiumos_test_image.bin

build/utility/load_kernel_test ~/b/USB_images/0.11.224.0-alex/chromiumos_test_image.bin tests/devkeys/recovery_key.vbpubk

And make sure the firmware with this change actually boots to USB and SSD.

NOTE: u-boot-next needs to change to work with this change. will attempt a follow-up CL with that change

Review URL: http://codereview.chromium.org/6626045
/external/vboot_reference/firmware/lib/vboot_kernel.c
c324fbfb6d37aa62b0e6e2f22dae7c949896ddef 04-Mar-2011 Randall Spangler <rspangler@chromium.org> Only advance kernel version when the booted partition has a valid key block

Change-Id: I879c18cc139f8a02bcaa6eb80437eaf836a5e851

BUG=chrome-os-partner:2597
TEST=manual

install pvt-signed image
flip dev switch on and boot
install dev-signed firmware
reboot
reboot
sudo bash
stop tcsd
tpmc read 0x1008 0x0d

bytes 6-10 should be 1 0 1 0, not FF FF FF FF

Review URL: http://codereview.chromium.org/6626020
/external/vboot_reference/firmware/lib/vboot_kernel.c
8478ece80f50b4b890458559f82fc1f9a6fd0b54 03-Mar-2011 Randall Spangler <rspangler@chromium.org> Fix missing brackets

Change-Id: I9d4fefdd128c087f9495055dbf3b6aa63ac62fd2

BUG=none
TEST=make && make runtests

Review URL: http://codereview.chromium.org/6610023
/external/vboot_reference/firmware/lib/vboot_kernel.c
640fb51d866e7ac8a92f61a2f69145bfe6b13699 03-Mar-2011 Randall Spangler <rspangler@chromium.org> Reapply patch from http://codereview.chromium.org/6594092/

(somehow that never got committed)

Change-Id: I304e594066c5dd72fc7cf37d31e27b1096ae1a38

BUG=12282
TEST=make && make runtests

Review URL: http://codereview.chromium.org/6610019
/external/vboot_reference/firmware/lib/vboot_kernel.c
a8e0f94b94c2181a95a984fbcd8de80c3ca1b8c9 14-Feb-2011 Randall Spangler <rspangler@chromium.org> Support dev vs consumer firmware in vboot_reference

Change-Id: I5a42ba017974b3d591abc574ef7b9b7c9ac579e8

BUG=chrome-os-partner:1824
TEST=make && make runtests

Review URL: http://codereview.chromium.org/6462010
/external/vboot_reference/firmware/lib/vboot_kernel.c
6078ca3398f5e72360fb16b1f66049b2aa7ea73c 19-Oct-2010 Randall Spangler <rspangler@chromium.org> Add profile macro calls

This matches the calls in firmware version 0037.

BUG=none
TEST=manual

Review URL: http://codereview.chromium.org/3859002

Change-Id: I3b45051dec3f4f45414802b39122c8d52c4d62f1
/external/vboot_reference/firmware/lib/vboot_kernel.c
77ae389799d56bd4fea3230aec7fc9510901bc9e 10-Sep-2010 Randall Spangler <rspangler@chromium.org> fix clearing kernel attributes

Change-Id: Id353323d268835cbcc1fb13c8669cee420c8fb6a

BUG=chrome-os-partner:1046
TEST=manual

Make sure your chromeos install on the hard drive has 2 good kernel
partitions. Do:

sudo cgpt show /dev/sda

If partition 2 has success=1, do:

sudo dd if=/dev/sda2 of=/dev/sda4 bs=1M
sudo dd if=/dev/sda3 of=/dev/sda5 bs=1M
cgpt add -i 4 -S 1 -P 2

(if instead partition 4 has success=1, do:)

sudo dd if=/dev/sda4 of=/dev/sda2 bs=1M
sudo dd if=/dev/sda5 of=/dev/sda3 bs=1M
cgpt add -i 2 -S 1 -P 2

Reboot and do the following:

sudo cgpt show /dev/sda

If the partition you just marked active still has success=1
priority=2, the bug is fixed. If it has success=0 priority=0, the bug
is still there.

Review URL: http://codereview.chromium.org/3324014
/external/vboot_reference/firmware/lib/vboot_kernel.c
60563ee0afadf9ff7e08291b233f1f5298658b94 31-Aug-2010 Bill Richardson <wfrichar@chromium.org> Always treat invalid images as nonexistant now.

This makes the sequence of pictures shown to the user slightly less
confusing, but the whole process needs a bit more cleanup. Some of the work
has to be done in the BIOS code, not just here. This is better, but it's not
complete.

Change-Id: If0b3ecc92716020a06031866849d83411d7f0db8

BUG=chrome-os-partner:903
TEST=manual

Review URL: http://codereview.chromium.org/3249009
/external/vboot_reference/firmware/lib/vboot_kernel.c
741d2b2f8d8f155c4960214fc40097eb143b6ef0 21-Aug-2010 Randall Spangler <rspangler@chromium.org> Fix LoadKernel() failing to update GPT flags.

BUG=5654

TEST=manual

Case 1: Trying a new kernel which works
sudo cgpt add -P10 -T10 -S0 -i4 /dev/sda
Then reboot and
sudo cgpt show /dev/sda
See that tries is now 9 for /dev/sda4 (since the current ChromeOS
doesn't set the successful bit)

Case 2: Trying a new kernel which is bad
sudo dd if=/dev/zero of=/dev/sda4 count=1 conv=notrunc
Then reboot and
sudo cgpt show /dev/sda4
See that success=prio=tries=0 for /dev/sda4.

Review URL: http://codereview.chromium.org/3130040
/external/vboot_reference/firmware/lib/vboot_kernel.c
4bb5e4bad4bb8dc1e0c3210e36f4a21e85acb06a 19-Aug-2010 Randall Spangler <rspangler@chromium.org> Security fixes for LoadKernel()

1) kernel_subkey is one of the input parameters; not read off disk. KeyBlockVerify() now verifies it's not NULL unless we're only using the hash.

2) Added a check for kernel size vs. buffer size.

3) Added a check to make sure kbuf_sectors is nonzero.

BUG=chrome-os-partner:704
TEST=make && make runtests

Review URL: http://codereview.chromium.org/3186013
/external/vboot_reference/firmware/lib/vboot_kernel.c
138acfe1ba4b567f470c67e22a8d9e2225beafb0 18-Aug-2010 Randall Spangler <rspangler@chromium.org> Fix KeyBlockVerify() to take an explicit param for whether to use hash only.

Fix VerifyMemberInside().

BUG=chrome-os-partner:703
TEST=make && make runtests

Review URL: http://codereview.chromium.org/3126013
/external/vboot_reference/firmware/lib/vboot_kernel.c
666802822b771c05e435973b767e494a4fff2747 16-Aug-2010 Randall Spangler <rspangler@chromium.org> Change rollback interface so kernel/firmware version numbers are
packed in the calling code rather than in rollback_index.

Review URL: http://codereview.chromium.org/3114013
/external/vboot_reference/firmware/lib/vboot_kernel.c
63dffcb52b56f27d5315de249d20958b94eed47f 06-Aug-2010 Randall Spangler <rspangler@chromium.org> Enable TPM in developer mode again.

Also fix a few comments, and make extra debugging work when compiled
in firmware.

BUG=none
TEST=make && make runtests; all pass

Review URL: http://codereview.chromium.org/3007036
/external/vboot_reference/firmware/lib/vboot_kernel.c
5deb67f22507481cf5cb8f991976a9969fa90a22 24-Jul-2010 Bill Richardson <wfrichar@chromium.org> Make LoadKernel() pass back the kernel partition's UniqueGuid.

LoadKernel already returns the partition number for the selected kernel.
This change makes it also return the GPT Entry's UniqueGuid, which will
eventually be passed to the kernel itself, so the kernel can determine which
of several possible devices it has booted from. It doesn't know for certain
because the BIOS and the kernel may enumerate the devices in a different
order.

BUG=chromium-os:4984

Review URL: http://codereview.chromium.org/3056014
/external/vboot_reference/firmware/lib/vboot_kernel.c
e272940ec513ec00c295aecdfb6e799c07261d90 22-Jul-2010 Bill Richardson <wfrichar@chromium.org> Fix load_kernel_test, add check to LoadKernel to detect bad args.

load_kernel_test was failing because it wasn't setting
params->kernel_buffer_size before calling LoadKernel(). This fixes that,
plus adds some checks to LoadKernel so that it will notice bad params if it
happens again.

Review URL: http://codereview.chromium.org/3060004
/external/vboot_reference/firmware/lib/vboot_kernel.c
ae029d910967067d588a3d56dcf19a20b34a1c86 20-Jul-2010 Randall Spangler <rspangler@chromium.org> Fix checking boot flags in developer mode.

Should only check in recovery or normal modes.

BUG=http://code.google.com/p/chrome-os-partner/issues/detail?id=497

Review URL: http://codereview.chromium.org/2806058
/external/vboot_reference/firmware/lib/vboot_kernel.c
87c13d806b1f58542b0fc0893144de45d31cabd2 19-Jul-2010 Randall Spangler <rspangler@chromium.org> Added size param to VerifyData()

Also renamed verify preamble functions, now that they do not need the
'2' at the end to differentiate them from the now-deleted original
implementation.

BUG=4501
TEST=Ran make runtests; all pass.

Review URL: http://codereview.chromium.org/3027009
/external/vboot_reference/firmware/lib/vboot_kernel.c
3e1081fb71385d72fd3a522599c35b516dda7a37 19-Jul-2010 Randall Spangler <rspangler@chromium.org> Add lots of debugging to TPM library.

Temporarily disable TPM in developer mode.

Review URL: http://codereview.chromium.org/3041005
/external/vboot_reference/firmware/lib/vboot_kernel.c
7a786b73e769ba9be6823adc4980d7c9a992f55e 08-Jul-2010 Randall Spangler <rspangler@chromium.org> added reboot return codes to load kernel and firmware

Review URL: http://codereview.chromium.org/2844044
/external/vboot_reference/firmware/lib/vboot_kernel.c
c4a011a725dca20ce6952137df2b0f312eeb31b7 30-Jun-2010 Randall Spangler <rspangler@chromium.org> TBR: wfrichar

Fix LoadKernel() checking key block flags

BUG=none
TEST=none
/external/vboot_reference/firmware/lib/vboot_kernel.c
3ecaf776d82d29573be083b2e5c6ddc5b9f49c70 25-Jun-2010 vbendeb <vbendeb@chromium.org> Make vboot_reference build in MSVC command line environment.

This is a mostly NOOP change which modifies the source code
to compile cleanly in the MSVC command line build
environment.

A new makefile is introduced (msc/nmakefile) along with a
README.txt in the same directory explaining how to build
the code in the DOS window. As of this submission the build
is running in a 32 bit environment, the intention is to use
the same makefile for 64 bit builds in the future.

Enabling high compilation warnings level allowed to
identify a couple of bugs in the code which are being fixed.

Not all sources are being compiled in the MSVC environment,
only those in firmware/ and most of those in test/
subdirectories. The benchmark calculations require porting
of the timer facilities and are being postponed.

TEST

Built in DOS and linux environments. Ran unit tests in
linux environment.

Review URL: http://codereview.chromium.org/2809037
/external/vboot_reference/firmware/lib/vboot_kernel.c
d6aad3a0888ad57383036dacdfc4c01f0c3b56e3 24-Jun-2010 Randall Spangler <rspangler@chromium.org> Ignore TPM return codes in recovery mode

Review URL: http://codereview.chromium.org/2844024
/external/vboot_reference/firmware/lib/vboot_kernel.c
e2ec98412e3a6e24620f8d8730c50c79b7ce7d25 24-Jun-2010 Randall Spangler <rspangler@chromium.org> Add VBDEBUG macro for debug output.

Replaced in firmware/ lib; not replaced in host-side utils/tests.

Review URL: http://codereview.chromium.org/2810026
/external/vboot_reference/firmware/lib/vboot_kernel.c
1078838fff3554c0c4bcae771984cb2164bd7359 24-Jun-2010 Randall Spangler <rspangler@chromium.org> Refactor rollback interface for LoadKernel(), LoadFirmware().

Review URL: http://codereview.chromium.org/2861020
/external/vboot_reference/firmware/lib/vboot_kernel.c
b9d60a52b7760d32d3592a76dccb6d6cefd85272 23-Jun-2010 Randall Spangler <rspangler@chromium.org> Even more integration fixes.

Review URL: http://codereview.chromium.org/2849021
/external/vboot_reference/firmware/lib/vboot_kernel.c
81d0996901387619cc782ca258fcb4a9f3f591e7 23-Jun-2010 Randall Spangler <rspangler@chromium.org> Assorted integration fixes.

MSVC does not like bitfields with extra bits in them, so it made the GptEntry struct too big.

Fixed a missing return value in LoadFirmware().

Added some debug output.

Fixed calls to SetupTPM().

Tested with 'make && make runtests'. No errors.

Review URL: http://codereview.chromium.org/2865014
/external/vboot_reference/firmware/lib/vboot_kernel.c
beb5bae09f7c7153a1a89946026ba2af8cf3c838 22-Jun-2010 Randall Spangler <rspangler@chromium.org> Fixes to compiler warnings in MSVC

Review URL: http://codereview.chromium.org/2851015
/external/vboot_reference/firmware/lib/vboot_kernel.c
620c38cf34eadcd222535b01fb71c5e9fbc1cb80 17-Jun-2010 Randall Spangler <rspangler@chromium.org> Remove unused files, and tidy the directory structure of the remaining ones.

Review URL: http://codereview.chromium.org/2815011
/external/vboot_reference/firmware/lib/vboot_kernel.c