Age | Commit message (Collapse) | Author |
|
The code flow is changed slightly to print the timestamp frequency from
either method of determining it.
BUG=b:70432544
TEST=Build and test cbmem -t -V
Change-Id: I02286fa67919e70a3592cdbcc1c9ca2991b7f385
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/22821
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
|
|
The default implementation uses inb/outb, that is not available on ARM
platforms and others. A dummy implementation allows building nvramtool
on these platforms.
Change-Id: I75e4a1a0cbd35ca40f7b108658686839ccf9784a
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
Reviewed-on: https://review.coreboot.org/22562
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
|
|
This patch adds '-p' to the 'add' command. It allows the add
command to specify the size of the padding added with the file
being added. This is useful to reserve an extra space in case
the file is too big to be relocated.
BUG=b:68660966
BRANCH=none
TEST=emerge-fizz coreboot &&
cbfstool image.bin add -n ecrw -f EC_RW.bin -p 0x10 ...
Verify image.bin has extra space in the file header.
Change-Id: I64bc54fd10a453b4da467bc69d9590e61b0f7ead
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://review.coreboot.org/22239
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
Change-Id: I03c38de3a3b88d569d629be7483eb53164cf136a
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/22738
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
|
|
Change-Id: I99cbcba7a086ef950f248888a83cf24a4db4aee9
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/21419
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
|
|
Bootguard:
* Fix Mac support (ME_version can't be detected)
* Skip MSR read on older platforms (as it would fail anyway)
* Refactor MSR error handling
* Print Bootguard state "Unknown" on MSR read error
Change-Id: Iafe3f5c22c6caeedc556933405b9f6d83ec876a1
Signed-off-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-on: https://review.coreboot.org/22598
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
|
|
Forgot the /bin/ part of the executable paths
Change-Id: I87d63ec18338e376787d02bb771471e746a17b62
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/22640
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
|
|
Add a CBSDK tool set template that can be used in edk2 simply by
appending $prefix/share/edk2config/tools_def.txt to Conf/tools_def.txt.
After that, build -t CBSDK uses the coreboot compilers, providing a more
predictable compiler choice.
Change-Id: I76b38c928b831ee6f31450aa0ad59b4f906f394d
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/22570
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
|
|
With this implementation it's possible to detect the state
of bootguard in intel based systems. Currently it's WIP and
in a testphase. Handle it with care!
Changes done:
* Add support for reading msr
* Read ME firmware version
* Print bootguard state for ME > 9.1
* Make argument -s legacy
* Add argument -b for bootguard (and ME) dumping
* Add argument -m for ME dumping
* Opt out early if CPU is non Intel
Change-Id: Ifeec8e20fa8efc35d7db4c6a84be1f118dccfc4a
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Signed-off-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-on: https://review.coreboot.org/16328
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
|
|
Clean the code to fix all errors and warnings.
No functional change.
Changes:
* Fix lines over 80chars
* Fix typos
* Restructure code to reduce indent level
* Move RCBA handling into own files
* Introduce helper functions for RCBA access
* Move GPL string into header
* Fix whitespace in macros
Change-Id: Ib8e3617ebb34c47959d6619dfbc7189045e6b8f7
Signed-off-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-on: https://review.coreboot.org/22521
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
|
|
Taken from
* 6th Generation Intel Processor Families for S-Platform
Volume 2 of 2
* Page 56
* 332688-003EN
Change-Id: I46c8dd77823870b55cc040f7f6c557cb5a2562a1
Signed-off-by: Maximilian Schander <coreboot@mimoja.de>
Reviewed-on: https://review.coreboot.org/22351
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Rizwan Qureshi <rizwan.qureshi@intel.com>
Reviewed-by: Nico Huber <nico.h@gmx.de>
|
|
Both registers behave the same as on the previous generation
Taken from
* 6th Generation Intel Processor Families for S-Platform
Volume 2 of 2
* Page 55 and 62
* 332688-003EN
Change-Id: Id02a38a7ab51003c9d0f16ebb2300a16b66a15f9
Signed-off-by: Maximilian Schander <coreboot@mimoja.de>
Reviewed-on: https://review.coreboot.org/22350
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Rizwan Qureshi <rizwan.qureshi@intel.com>
Reviewed-by: Nico Huber <nico.h@gmx.de>
|
|
Register definitions were taken from
* 6th Generation Intel Processor Families for S-Platform Volume 2 of 2
* Page 117
* 332688-003EN
As well as
* 6th Generation Intel Processor Families for H-Platform Volume 2 of 2
* Page 117
* 332987-002EN
Tested on a 6th gen skylake mobile cpu and capability registers do match up
with the default values.
Change-Id: I636f6c3d045e297f1439d3e88e43f41e03db4c8e
Signed-off-by: Maximilian Schander <coreboot@mimoja.de>
Reviewed-on: https://review.coreboot.org/22345
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
|
|
The warning is printed using Printf syntax but actually Println is used
resulting in printing the format string first and the arguments second:
"%s. (%s) Default:%s WARNING: [...]"
Change-Id: I411fc47832dd7a82752f233c4909b98190340ccb
Signed-off-by: Maximilian Schander <coreboot@mimoja.de>
Reviewed-on: https://review.coreboot.org/22352
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
|
|
- Fix initial tool check.
- Admit that the script is coreboot specfic. Remove coreboot check.
- Fix some whitespace issues.
- Get rid of pushd/popd.
- Add keywords for section logging.
- Move code for getting SLOC into a subroutine.
- Find submodules to get patch count instead of having them hardcoded.
- Update specific change areas for 4.7 release
Change-Id: I115659a75604c24780c09605d7643e83e481f6a1
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/22343
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
|
|
When autoport is run on a system without supported southbridge
it won't populate the coresponding data structure. By sanitiy
checking after PCI detection autoport can exit cleanly and
provide a sufficient error message.
Error was:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x30 pc=0x4be595]
goroutine 1 [running]:
main.FIXMEEC(0xc42014af80, 0x14, 0xc42014afe0, 0x1a, 0xc4200a914f,
0x4, 0xc4200a916f, 0xf, 0xc420149e60, 0x28, ...)
/coreboot/util/autoport/ec_fixme.go:14 +0x105
Change-Id: I6b0fcda76d33b0d3a0379c279f492160ce5add84
Signed-off-by: Maximilian Schander <maxschander@googlemail.com>
Reviewed-on: https://review.coreboot.org/22203
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
|
|
In some cases users may want to build just one toolchain not all. This
patch introduces COREBOOT_CROSSGCC_PARAM, which by default is set to
all_without_gdb so previous behavior is not changed. Users can pass
different parameter eg. COREBOOT_CROSSGCC_PARAM=build-x64 to build just
x64 SDK.
Change-Id: I858ba09644b5b86a4b0e828e4f342aee5083be93
Signed-off-by: Piotr Król <piotr.krol@3mdeb.com>
Reviewed-on: https://review.coreboot.org/22276
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
|
|
In general more ME capabilities are considered harmfull, useless or
unwanted. Therefore an easy overview can be obtained by coloring in red
and green.
Taken from Change with id:
Ifeec8e20fa8efc35d7db4c6a84be1f118dccfc4a
Add bootguard information dump support
https://review.coreboot.org/#/c/16328/
Change-Id: Ia911cc935d512174399aaf93bba982e071942212
Signed-off-by: Maximilian Schander <maxschander@googlemail.com>
Reviewed-on: https://review.coreboot.org/22217
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
|
|
Refining some of the code indentations and cosmetics to
build upon and import some in-review changes.
Change-Id: I0038a146bd899f150518c4832258a42792abaabb
Signed-off-by: Maximilian Schander <maxschander@googlemail.com>
Reviewed-on: https://review.coreboot.org/22216
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
|
|
Change-Id: Id9501f11a79cb314bc407760b22006a3375e669d
Signed-off-by: Maximilian Schander <maxschander@googlemail.com>
Reviewed-on: https://review.coreboot.org/22211
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
|
|
Change-Id: I36866cc793b3ddf9a78fed2e2840958d08327e7d
Signed-off-by: Iru Cai <mytbk920423@gmail.com>
Reviewed-on: https://review.coreboot.org/20486
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
|
|
Users can do it if they need it, but we shouldn't force it on them.
Change-Id: I08007d68a79c302d8f3ca4ed0837ee96d8d3eb1e
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/22213
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
|
|
This patch adds a column to the print command to show the compression
algorithm used for the file.
Name Offset Type Size Comp
fallback/romstage 0x0 stage 56236 none
ecrw 0xf2380 raw 62162 LZMA (131072 decompressed)
BUG=b:66956286
BRANCH=none
TEST=Run 'cbfstool image.bin print'
Change-Id: I4bbb60ab467adac4ae5486ddafec86ad9682a40e
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://review.coreboot.org/22196
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
|
|
Using ifdtool to change layout on a 'ifd v2' file causes an error
about region type 5 not being valid.
The limit to check against is dynamic depending on ifd version, not
static.
Change-Id: Id4cdce4eac18fb0d171d1bdfa2044340bf93056a
Signed-off-by: Youness Alaoui <youness.alaoui@puri.sm>
Reviewed-on: https://review.coreboot.org/21962
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
|
|
This was tested on Librem 13 v2.
Change-Id: I4b56ed8a8a394da2ac5e4bfde6916aa1d39b2654
Signed-off-by: Youness Alaoui <youness.alaoui@puri.sm>
Reviewed-on: https://review.coreboot.org/21961
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
|
|
The new test lets git check if $top is actually a git repo, instead of
just looking for clues.
BUG=chromium:776174
BRANCH=none
TEST=`mv .git .foo; mkdir .git; util/genbuild_h/genbuild_h.sh` provides
a valid build.h instead of failing because git is unhappy about the
.git directory.
Change-Id: I7fcc64d66e0b59fca1479b4c142fd0559aa984f4
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/22107
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Martin Roth <martinroth@google.com>
|
|
I noticed that the "last known good" field for the ThinkPad R400 pointed
nowhere. Instead of
https://www.coreboot.org/Supported_Motherboards#lenovo.2Ft400
it pointed to
https://www.coreboot.org/Supported_Motherboards#lenovo.2Fr400
which does not exist because if a board is marked as a "Clone of"
another one in board_info.txt, towiki uses the original board's reports
to derive the "last known good" date and color.
Change-Id: Ie235ca8e8691f49d041de7c5770eae77cdd444a7
Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Reviewed-on: https://review.coreboot.org/21906
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
|
|
bc is one of the standard posix utilities. I'm surprised that it's
not in the debian docker image by default.
Change-Id: I02f2d5296e7f87876b236af119965d1f4e6a0bc0
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/21889
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
|
|
Also change the tarball from .tar.bz2 to .tar.xz.
Change-Id: I25134dbadf07a2f0cb356c8ac8f2c612a957d176
Signed-off-by: Iru Cai <mytbk920423@gmail.com>
Reviewed-on: https://review.coreboot.org/20806
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
|
|
> Could you make in a separate, independent change a update from the
> completely outdated LIBELF (from mr511.de/software/libelf ) to recent
> libelf? Those highly outdated libelf from this unmaintained mr511.de
> webpage should not be used any more since years. There are also a ton
> of security issues like for example: CVE-2017-7607, CVE-2017-7608, ...
> CVE-2017-7613. Recent version of this software is included in the
> elfutils that are available here: https://sourceware.org/elfutils/ ->
> download link:
> https://sourceware.org/elfutils/ftp/0.170/elfutils-0.170.tar.bz2
Remove the obsolete patch, which doesn’t apply anymore, and only
affected the build system, which is different now.
Increment the buildgcc version string as a tool version is changed.
TEST=Running `make crossgcc-i386` succeeds.
Change-Id: Iadd320a18c5d9fe2a82a347e39f01d8b7f8806c2
Signed-off-by: Paul Menzel <paulepanter@users.sourceforge.net>
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
Reviewed-on: https://review.coreboot.org/21435
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
|
|
This patch address problem with Tianocore compilation in coreboot-sdk
container. Without it compilation fails asking for nasm installation.
Change-Id: I546f9d42b380799d1cd80a70f33be2a768745080
Signed-off-by: Piotr Król <piotr.krol@3mdeb.com>
Reviewed-on: https://review.coreboot.org/21924
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Martin Roth <martinroth@google.com>
|
|
`TZ='UTC'` is not a portable setting for the TZ environment variable.
POSIX says you’re supposed to use something like `TZ='UTC0'` instead.
Although `TZ='UTC'` works when GLIBC is used, this is not necessarily
true on other POSIX platforms. [1][2]
[1] http://lists.alioth.debian.org/pipermail/reproducible-builds/Week-of-Mon-20170918/009289.html
[2] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_03
Change-Id: I1dca0b84de0ec0af3a103e2cbbf731512eb59497
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
Reviewed-on: https://review.coreboot.org/21721
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Reviewed-by: Martin Roth <martinroth@google.com>
|
|
buildgcc -B (--bootstrap-only) builds only a bootstrap compiler. That
useful if you want to package the cross compilers: first build the
bootstrap compiler, then all required cross compilers in a separate
directory (using the bootstrap compiler through an adjusted PATH).
Change-Id: I089b51d1b898d4cf530845ba51283997fd229451
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/21683
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
|
|
util/scripts/gerrit-rebase and cross-repo-cherrypick serve the same
purpose and we don't need two of everything.
Change-Id: I66a71033a8a29249d214db4c31a67f8a0725163c
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/21926
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
|
|
It does the opposite to "expand", removing a trailing empty file from
CBFS. It also returns the size of the CBFS post processing on stdout.
BUG=b:65853903
BRANCH=none
TEST=`cbfstool test.bin truncate -r FW_MAIN_A` removes the trailing
empty file in FW_MAIN_A. Without a trailing empty file, the region is
left alone (tested using COREBOOT which comes with a master header
pointer).
Change-Id: I0c747090813898539f3428936afa9d8459adee9c
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/21608
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
Change http to https on many URLs and update llvm.org URLs in buildgcc.
The old URLs are deprecated and now switched to a http forwarder that
can be attacked by MITM attacks.
Change-Id: I68d4fe1a6236ed8540803e11cfc84e44a1d1ca35
Signed-off-by: Doug Gale <doug16k@gmail.com>
Reviewed-on: https://review.coreboot.org/21729
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Reviewed-by: Martin Roth <martinroth@google.com>
|
|
The idea behind this not to enforce a license on autogenerated code
but is simply out of convenience in the case one wants to make the
result public (in which case it needs to have these license headers).
Change-Id: I1d6b48762b1249bb0becb178a30e1396bf6978fc
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/19510
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
|
|
This generates better gpio.c files where structs are initialised as
static to be able to drop some entries since those would be
initialised as 0.
This makes these files less cluttered since only relevant things are
shown:
* GPIO direction, level, invert, blink depend on GPIO mode
* GPIO level is read only on input
* GPIO invert is only valid on input
* only show when GPIO are inverted, blinking, reset by RSMRST#
Change-Id: I83382d38a4a3b7ed11b8e7077cc5fbe154e261a7
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/19508
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Reviewed-by: Nico Huber <nico.h@gmx.de>
|
|
The AMD firmware directory can go in a number of different locations.
This patch allows amdfwtool to write the directory correctly for those
different locations.
If the --location switch is not added to the command line, the default
location at ROM base address + 0x20000 is used as before.
BUG=b:65484600
TEST=Set PSP firmware location, compare amdfw.rom to previously built
version. Verify new location pointers.
Change-Id: Ief32e5e37d56088946b623d305c6e93bfd6abeaf
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/21865
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
This patch implements a relatively simple hash-based verification scheme
for downloaded files (tarballs):
After buildgcc downloads a file or notices that it has already been
downloaded, it hashes the file, and compares the hash against the known
hash stored in util/crossgcc/sum/$filename.cksum. Two errors can occur:
1. The hash file is missing. In this case, crossgcc asks the user to
verify the authenticity of the downloaded file. It also calculates
its hash and stores it in util/crossgcc/sum/$filename.cksum.calc.
If the file is authentic, the user may rename the calculated hash
file to $filename.cksum, so that it can be found the next time
buildgcc is started.
2. The known hash and the calculated hash differ. This is the case that
this patch seeks to protect against, because it may imply that the
downloaded file was unexpectedly changed, either in transit
(Man-in-the-Middle attack) or on the file server that it was
downloaded from. If buildgcc detects such a hash mismatch, it asks
the user to delete the downloaded file and retry, because it can also
be caused by a benign network error. If, however, the error persists,
buildgcc can't continue without risking that the user runs malicious
code, and it stops.
Note: The hash algorithm may be changed in the future, but for now I
left it at SHA-1, to avoid bloating this patch.
Change-Id: I0d5d67b34684d02011a845d00f6f5b6769f43b4f
Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Reviewed-on: https://review.coreboot.org/21592
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
|
|
Julius made some suggestions to fix/improve commit 46300aa2.
Implement those.
BUG=b:66681446
Change-Id: I6becac9ffdcc65745e88734dfb80d12b581584a1
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/21757
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
The cbmem utility has inherited some workarounds that originated
from the default 1 MiB mapping always working. This 1 MiB mmap
won't necessarily succeed if the 1 MiB encroaches on a subsequent
memory range that has different cacheability.
To fix this, map in only 4 KiB when the table size is not known which is
the case for any forwarding entry or any low table entries on x86. That
smaller mapping is then searched for a valid header. Once a valid header
is found the full table is mapped and parsed allowing a forwarding entry
to take precedence.
Lastly, the lbtable is kept mapped in such that other operations can
just operate on mapping that was previously parsed.
In order to allow multiple in-flight mappings a struct mapping was
added which caused the ripple within the code. However, there shouldn't
be any more reasons for putting weird heuristics for when to fail. If
the tables are bad then it's very much possible that mappings will fail.
Retrying when the exact sizes are already known won't fix those issues.
BUG=b:66681446
Change-Id: Ica0737aada8dc07311eae867e87ef2fd24eae98d
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/21718
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
|
|
Since the mapping is const just make all the data structure accesses
const.
BUG=b:66681446
Change-Id: I018cf2f2bfea2e736b097ecd1242af19c878ecb5
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/21719
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
|
|
Change-Id: Ia14bbdfe973cec4b366879cd2ed5602b43754260
Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Reviewed-on: https://review.coreboot.org/21653
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Ronald G. Minnich <rminnich@gmail.com>
|
|
vboot images come with multiple regions carrying CBFS file systems. To
expedite hashing (from slow flash memory), the FW_MAIN_* regions are
truncated since they typically have pretty large unused space at the
end that is of no interest.
For test purposes it can be useful to re-engage that space, so add a
command that creates a new empty file entry covering that area (except
for the last 4 bytes for the master header pointer, as usual).
BUG=b:65853903
BRANCH=none
TEST=`cbfstool test.bin expand -r FW_MAIN_A` creates a new empty file of
the expected size on a Chrome OS firmware image.
Change-Id: I160c8529ce4bfcc28685166b6d9035ade4f6f1d1
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/21598
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
- Fix typo in comment
- Aphabetize package list and put each package on a single line
- Add environment variables into coreboot user's .bashrc file
- Add openssl, qemu, and shellcheck to installed packages
Change-Id: I37771be5d3ecaa61d76d99e689b422144a6d7dc6
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/21582
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Chris Ching <chingcodes@chromium.org>
|
|
- Update checkpatch.pl to version 0547fa58
(checkpatch: add 6 missing types to --list-types)
- Update spelling.txt to version d9f91f8
(scripts/spelling.txt: add a bunch more spelling mistakes)
- Fix an additional unescaped left brace in a regex - causes warnings
in new versions of perl.
Change-Id: Ic443099e90a46280f18d58799afc72d00dc83793
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/21581
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Chris Ching <chingcodes@chromium.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
|
|
If results are uploaded the temporary directory in which they are
stored gets deleted, yet we currently point to the deleted directory in
the output.
This patch fixes it so that we point to the actual location in the local
repository where uploaded results are found.
Change-Id: I1f42c3296ec1d19fcfa4911307e07e67de289895
Signed-off-by: David Hendricks <david.hendricks@gmail.com>
Reviewed-on: https://review.coreboot.org/21415
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
|
|
Add find_fcba(), find_frba(), find_fmba(), find_fpsba()
and find_fmsba() to replace those copy-pasted addressings.
This commit is one separated from the original I6d05418c.
Change-Id: I98965711e4cb9792e5cc86cc4c1035559e0274f5
Signed-off-by: Bill XIE <persmule@gmail.com>
Reviewed-on: https://review.coreboot.org/21511
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
|
|
Redesign some array-like structures as true arrays,
and rewrite functions to dump them as loops.
This commit is one separated from the original I6d05418c.
Change-Id: I161c9a2ae83d26e658d67d0804e943fff95fe076
Signed-off-by: Bill XIE <persmule@gmail.com>
Reviewed-on: https://review.coreboot.org/21510
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
|