vboot

mirror of https://github.com/Dasharo/vboot.git synced 2026-03-06 14:48:35 -08:00

Author	SHA1	Message	Date
Robert Zieba	32e861a8d6	security_test_chromeos_image: Add support for ensure_amd_psp_flags This commits adds support for the `ensure_amd_psp_flags` script which only needs to be few on certain AMD boards. BRANCH=none BUG=b:202397678 TEST=Verified that ensure_amd_psp_flags executes correctly Change-Id: I6ae61083113497d1c63b5ed5a0bd608c525a0c6e Signed-off-by: Robert Zieba <robertzieba@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3821000 Reviewed-by: Mike Frysinger <vapier@chromium.org>	2022-09-01 00:07:04 +00:00
Robert Zieba	3ebd8a091d	scripts/image_signing/ensure_amd_psp_flags: Ignore non-AMD images This commit updates the `ensure_amd_psp_flags` script so that it will ignore any artifacts that do not contain valid AMD AP images as long as there are no soft-fuse bitsets present for the given board. This allows all logic to be contained within this script. BRANCH=none BUG=b:202397678 TEST=Verified that script still works on AMD artifacts, tested that Intel and ARM artifacts are ignored Change-Id: I17a9414a36fbeb4a0ae9792c2e036deccd089870 Signed-off-by: Robert Zieba <robertzieba@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3860383 Reviewed-by: Mike Frysinger <vapier@chromium.org>	2022-09-01 00:07:02 +00:00
Steven 'Steve' Kendall	9c40591f3c	add -r alias for --remove_rootfs_verification BUG=none TEST=Ran script with new arg and ensured it disabled verity BRANCH=none Change-Id: I2cf4ca1a0a7b3663b05f7b2ef35fb6f9261b00a9 Signed-off-by: Steven 'Steve' Kendall <skend@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3825117 Reviewed-by: Mike Frysinger <vapier@chromium.org>	2022-08-18 23:21:45 +00:00
Shao-Chuan Lee	ba30719672	make_dev_ssd.sh: skip firmware checks on VM The script doesn't work on betty without --force. And in turn dev_features_rootfs_verification doesn't work as well. BUG=None TEST=copy the script to betty and run BRANCH=none Change-Id: I70f48b97b470bb04fb9f5fff751df83c44d7defe Signed-off-by: Shao-Chuan Lee <shaochuan@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3818089 Reviewed-by: Hung-Te Lin <hungte@chromium.org>	2022-08-16 19:03:34 +00:00
Robert Zieba	c050cbd0f1	scripts/image_signing: Add general security test script This commit adds a general security test script. This allows some logic to be moved out of the signer as well as providing a single entry point for the security tests run by the signer. BRANCH=none BUG=b:202397678 TEST=Verified that correct security tests ran with/without `--keyset-is-mp` Change-Id: Ib4c779a90d2fe9160c278f20d7ec61242f1d68cc Signed-off-by: Robert Zieba <robertzieba@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3820999 Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Mike Frysinger <vapier@chromium.org>	2022-08-16 00:35:23 +00:00
Robert Zieba	9701d6beb5	scripts/image_signing/ensure_amd_psp_flags: Change argument order This commit changes the order of the arguments for this script from `<board> <image>` to `<image> <board>`. This brings the script in-line with the existing ensure scripts. BRANCH=none BUG=b:202397678 TEST=Verified that script works with guybrush image Change-Id: I7bf31eb0b6ab667b1c3c0e71c2388531bb3f1bc0 Signed-off-by: Robert Zieba <robertzieba@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3820998 Reviewed-by: Mike Frysinger <vapier@chromium.org>	2022-08-16 00:35:23 +00:00
Josh Horwich	aa4671712d	signer: continue to use --sb_extract for shellballs crrev.com/c/3665477 started using `--unpack` rather than `--sb_extract` for self-extracting firmware update bundles. Unfortunately, existing prebuilt artifacts used by signer tests are old and only support `--sb_extract`, and hence fail with recent vboot_reference that includes this change. This change simply reverts the option back to `--sb_extract` for unpacking self-extracting bundles. BRANCH=None BUG=b:179170462 BUG=b:202397678 TEST=unittests Change-Id: I528346a5d593caba7ca822820b9a38e994f0ea94 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3792485 Commit-Queue: Josh Horwich <jhorwich@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Prameet Shah <phshah@chromium.org> Tested-by: Josh Horwich <jhorwich@chromium.org> Auto-Submit: Josh Horwich <jhorwich@chromium.org>	2022-07-29 04:18:48 +00:00
Josh Horwich	35f4cb0272	signer: Preserve capabilities on Android system image Since crrev.com/c/2511121 we no longer use xattrs when using unsquashfs on the Android system image. A side-effect of this change is the loss of capabilities for a handful of Android binaries such as /system/bin/run-as. This change records the capabilities on the system image and applies them manually to the output system image. BUG=b:179170462 BRANCH=None TEST=unittests TEST=Locally sign hatch (ARC R) and kevin (ARC P) base images and verify signed base image's system.raw.img contents Signed-off-by: Josh Horwich <jhorwich@chromium.org> Change-Id: Ied824d5ebf7a5139e71341abca810b14e67623e0 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3723017 Reviewed-by: Allen Webb <allenwebb@google.com> Tested-by: Josh Horwich <jhorwich@chromium.org> Reviewed-by: Prameet Shah <phshah@chromium.org> Commit-Queue: Josh Horwich <jhorwich@chromium.org> Reviewed-by: Yury Khmel <khmel@google.com> Reviewed-by: Yury Khmel <khmel@chromium.org>	2022-07-12 20:56:19 +00:00
Robert Zieba	6bcf9f7b79	scripts/image_signing: Add ensure_amd_psp_flags script Currently there is no script to ensure that AMD PSP flags are set correctly in a firmware image. This commit adds ensure_amd_psps_flags.sh to handle that functionality. The script can check that certain flags are set as well as checking that certain flags are not set. BRANCH=none BUG=b:202397678 TEST=Ran script with grunt, zork, MI and skyrim images, verified that it responds correctly to PSP flag values Signed-off-by: Robert Zieba <robertzieba@google.com> Change-Id: Ie0864544b9b97704ee901d893b4d833c1ab068b9 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3526100 Reviewed-by: Mike Frysinger <vapier@chromium.org>	2022-06-23 16:53:58 +00:00
Robert Zieba	dff7e6124b	scripts/image_signing: Move `extract_firmware_bundle` to common.sh This commit moves `extract_firmware_bundle` into common.sh as this function is useful for other scripts as well. This commit also updates this function to use the `--unpack` option as `--sb_extract` is now deprecated. BRANCH=none BUG=b:202397678 TEST=Verified that scripts continue to work as expected Signed-off-by: Robert Zieba <robertzieba@google.com> Change-Id: Ib5596968f31a4b3b21fb81877d84b28660824818 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3665477 Reviewed-by: Mike Frysinger <vapier@chromium.org>	2022-06-15 23:05:18 +00:00
Jakub Czapiga	3000736e2d	futility: Remove --devsign and --devkeyblock This feature has not been needed since pre-2012 devices which have long since reached their end of life. We can safely remove it to simplify the code. Also remove ZGB image, as it is no longer needed. BUG=b:197114807 TEST=sudo FEATURES=test emerge vboot_reference BRANCH=none Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Cq-Depend: chromium:3650757 Change-Id: I889dc6300c5cb72bdfcb9c2b66d63e97d3f8c862 Disallow-Recycled-Builds: test-failures Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3578968 Commit-Queue: Jakub Czapiga <czapiga@google.com> Auto-Submit: Jakub Czapiga <czapiga@google.com> Tested-by: Jakub Czapiga <czapiga@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>	2022-05-30 14:12:59 +00:00
Daichi Hirono	fb0ddbbdf6	signer: Reland "Check the list of android image files" Previous change I5e8b4d848f30f53fae58c721c9b7ddcfbfea9852 was reverted because the check did not pass if the signing process adds new files to the image. The new check alerts only when we miss files in the original image. BUG=b:230434967 BRANCH=None TEST=Run ./sign_official_build.sh locally Signed-off-by: Daichi Hirono <hirono@chromium.org> Change-Id: If8e9eeb9568fefcde92d737b356fa84b865b05c9 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3653721 Commit-Queue: Shao-Chuan Lee <shaochuan@chromium.org> Tested-by: Daichi Hirono <hirono@chromium.org> Commit-Queue: Daichi Hirono <hirono@chromium.org> Auto-Submit: Daichi Hirono <hirono@chromium.org> Reviewed-by: Shao-Chuan Lee <shaochuan@chromium.org>	2022-05-27 17:17:21 +00:00
Daichi Hirono	523e7f1dde	Revert "signer: Check the list of android image files" This reverts commit `48532e571b`. Reason for revert: Stable roll blocked due to unit test failures in platform/signing. https://ci.chromium.org/ui/p/chromeos/builders/cq/fullcheckout-presubmit/b8813887760837459473/overview Original change's description: > signer: Check the list of android image files > > BUG=b:230434967 > BRANCH=None > TEST=Run ./sign_official_build.sh locally > > Signed-off-by: Daichi Hirono <hirono@chromium.org> > > Change-Id: I5e8b4d848f30f53fae58c721c9b7ddcfbfea9852 > Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3607891 > Tested-by: Daichi Hirono <hirono@chromium.org> > Commit-Queue: Daichi Hirono <hirono@chromium.org> > Reviewed-by: Shao-Chuan Lee <shaochuan@chromium.org> Bug: b:230434967 Change-Id: I185562d6dcbac4fd30b6dc4c331bd0b1508d58e8 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3644484 Commit-Queue: Daichi Hirono <hirono@chromium.org> Tested-by: Daichi Hirono <hirono@chromium.org> Reviewed-by: Shao-Chuan Lee <shaochuan@chromium.org> Auto-Submit: Daichi Hirono <hirono@chromium.org>	2022-05-18 13:22:16 +00:00
Vadim Bendebury	e49bfbca21	create_new_gsc_key.sh: generate key file with the requested base name Let's require the user of this script to explicitly provide the base file name of the generated key. BRANCH=none BUG=b:221423468 TEST=verified generating the new key in various directories (local and non local). Verified that the script fails if the user does not supply the required key file base name. Change-Id: Iaf85e5822d06c65ca4b7d51f17579269576e4707 Signed-off-by: Vadim Bendebury <vbendeb@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3630287 Tested-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>	2022-05-06 18:03:20 +00:00
Vadim Bendebury	567d37e7a4	keygeneration: add ability to generate accessory GSC RW signing key pair GSC RW signing requires a 3070 bit RSA key. The codesigner tool when invoked expects the public key in .pem format, the same format is used by the RO codebase when incorporating the public key in the RO image. This patch introduces a new accessory key generating script, which invokes the appropriate opensssl command to generated the required key pair. BUG=b:221423468 BRANCH=none TEST=ran scripts/keygeneration/accessory/create_new_gsc_key.sh and observed two gsc keys generated: ls -l gsc -rw------- 1 vbendeb vbendeb 2451 Apr 21 20:42 gsc_3070.pem -rw-r--r-- 1 vbendeb vbendeb 625 Apr 21 20:42 gsc_3070.pem.pub in the FPGA setup confirmed that Ti50 RW can be signed and verified using the generated key pair. Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: I429c250f60aa1da28aa99f39dff40c3bcda71df6 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3600151 Reviewed-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>	2022-04-30 23:37:57 +00:00
Daichi Hirono	48532e571b	signer: Check the list of android image files BUG=b:230434967 BRANCH=None TEST=Run ./sign_official_build.sh locally Signed-off-by: Daichi Hirono <hirono@chromium.org> Change-Id: I5e8b4d848f30f53fae58c721c9b7ddcfbfea9852 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3607891 Tested-by: Daichi Hirono <hirono@chromium.org> Commit-Queue: Daichi Hirono <hirono@chromium.org> Reviewed-by: Shao-Chuan Lee <shaochuan@chromium.org>	2022-04-27 23:00:54 +00:00
Vadim Bendebury	58bfa1d53c	Revert "keygeneration: add ability to generate GSC RW signing key pairs" This reverts commit `2981c0bacb`, as that patch is not the proper way to generate accessory keys. BUG=b:221423468 BRANCH=none TEST=none Change-Id: I5500424b01ef45cc353468173f60f9b202b92b54 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3600150 Reviewed-by: Mike Frysinger <vapier@chromium.org>	2022-04-23 04:09:58 +00:00
Vadim Bendebury	2981c0bacb	keygeneration: add ability to generate GSC RW signing key pairs GSC RW signing requires an 3070 bit RSA key. The codesigner tool when invoked expects the public key in .pem format, the same format is used by the RO codebase when incorporating the public key in the RO image. This patch introduces a new key option, RSA3070_NOSIG_ALGOID. The keys of this kind are not going to be processed by futility, hence no need to specify the signing algorithm. BUG=b:221423468 BRANCH=none TEST=ran ./create_new_keys.sh and observed two gsc keys generated: $ ls gsc gsc_rw_3070.pem gsc_rw_3070.pem.pub in the FPGA setup confirmed that Ti50 RW can be signed and verified using the generated key pair. Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Change-Id: Ie676ba8043c34900388372270329a4903656d499 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3591642 Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Mike Frysinger <vapier@chromium.org>	2022-04-20 12:10:45 +00:00
Sam McNally	a580477b7e	vboot: Support servo micro and C2D2 for {get,set}_gbb_flags.sh --servo. Detect servo micro and C2D2 servo types and toggle cpu_fw_spi before and after flash access is required. BUG=b:220992685 TEST={get,set}_gbb_flags.sh --servo with C2D2 and servo micro BRANCH=None Cq-Depend: chromium:3470605 Change-Id: I9f8a9bcabe731001ed18150ca1db9820db20e0d3 Signed-off-by: Sam McNally <sammc@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3469747 Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>	2022-04-02 05:51:27 +00:00
Vadim Bendebury	4abb7e065d	sign_gsc_firmware: drop version number check for node locked images With introduction of Ti50 images the version of the eraseflashinfo capable images must change, which will prevent signing scripts from accepting Ti50 images from node locked signing. Enforcing the version number is proving to be a larger pain that in is worth: we do need to modify the version once in a while, and it takes a lot of effort and time to propagate the version adjustment through signing stages. We already have a quorum requirement for eraseflashinfo capable node locked images, this provides enough guarantee from accidental signing or malicious signing of such an image, version number enforcement does not add security. BRANCH=none BUG=b:219774807 TEST=none Change-Id: Ifd5ac17540595d71210445e6ad573c81fc25a47a Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3553419 Reviewed-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org>	2022-03-30 17:06:35 +00:00
Sam McNally	e35fb64df2	vboot: Add --programmer and --servo flags to {get,set}_gbb_flags.sh. Allow custom programmers to be used instead of host for getting and setting GBB flags via a --programmer/-p flag similar to the same flag for futility. Also support --servo with the same semantics as the futility flag - detecting the programmer to use from the current servod instance mirroring the logic in futility. Only CCD is supported at this stage. When reading, include the FMAP section as well as the GBB section. For writes over CCD, avoiding rescanning for the FMAP can save up to 1.8s. BUG=None TEST={get,set}_gbb_flags.sh --servo with and without servod running BRANCH=None Change-Id: Iecedf4c3d0cad6923aed4405ef4a72910f3f9f05 Signed-off-by: Sam McNally <sammc@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3455562 Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>	2022-02-17 00:48:05 +00:00
Jeffery Miller	5e0626d006	make_dev_ssd.sh: Update grub defaultA and defaultB Update the defaultA=2 and defaultB=3 grub settings to remove verification. In change I930d0f3f1a3f8f54edd1dce7f8259e3c261af9a1 the default options for grub were changed to be defaultA and defaultB instead of 'set default=2'. Update the removal to support these new configuration settings. BRANCH=none BUG=b:186240229 TEST=on a reven build run `/usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification --force`; reboot and confirm verity is disabled Change-Id: I70ceed432c29865715c525a6ae13f0e7da8ee0ba Signed-off-by: Jeffery Miller <jefferymiller@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3445175 Reviewed-by: Nicholas Bishop <nicholasbishop@google.com> Reviewed-by: Hung-Te Lin <hungte@chromium.org> Commit-Queue: Nicholas Bishop <nicholasbishop@google.com>	2022-02-11 15:18:44 +00:00
Evan Benn	fef4a4ae92	sign_official_build: Sign hps_firmware BUG=b:204378599 TEST=None BRANCH=None Signed-off-by: Evan Benn <evanbenn@chromium.org> Cq-Depend: chrome-internal:4473134 Change-Id: I2316ec9e75e854352350e90055e717a258c43f6e Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3388968 Tested-by: Evan Benn <evanbenn@chromium.org> Auto-Submit: Evan Benn <evanbenn@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Evan Benn <evanbenn@chromium.org>	2022-02-08 02:12:10 +00:00
Evan Benn	4d163c53d8	accessory: script to generate hps keys hps uses ed25519 keys so generate a pair of that type. BUG=b:214495498 TEST=./create_new_hps_key.sh BRANCH=none Signed-off-by: Evan Benn <evanbenn@chromium.org> Change-Id: I3f63ea5852b8e5959b7577e8b988284da043b449 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3394031 Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Evan Benn <evanbenn@chromium.org> Tested-by: Evan Benn <evanbenn@chromium.org>	2022-01-26 13:54:20 +00:00
Ting Shen	5ef3cdf48b	accessory: make create_new_hammer_like_keys generates correct key name create_new_hammer_like_keys.sh generates a key pair with hard-coded filename "key_hammerlike.*". And we usually ask the croskeymanagers team to manually rename it to the correct device name (e.g. b:213403966). The manual step sometimes confuses people. Modify the script to make create_new_hammer_like_keys.sh takes an extra keyname argument and generates the correct filename at once. BUG=b:213922329 TEST=1) normal usage ./create_new_hammer_like_keys.sh foo 2) error (two keyname provided) ./create_new_hammer_like_keys.sh foo bar 3) error (missing keyname) ./create_new_hammer_like_keys.sh 4) also check efs keygen ./create_new_ec_efs_key.sh BRANCH=none Change-Id: I2a2e24b77961ea2d744ac65d835446a74381e004 Signed-off-by: Ting Shen <phoenixshen@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3398389 Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@chromium.org> Tested-by: Ting Shen <phoenixshen@chromium.org> Commit-Queue: Ting Shen <phoenixshen@chromium.org>	2022-01-21 07:04:23 +00:00

1 2 3 4 5 ...

534 Commits