Age | Commit message (Collapse) | Author |
|
For Chrome OS (or vboot), The PRESERVE flags should be applied on
following sections:
RO_PRESERVE, RO_VPD, RW_PRESERVE, RW_ELOG, RW_NVRAM, RW_SMMSTORE,
RW_VPD, RO_FSG (b:116326638), SI_GBE (chromium:936768),
SI_PDR (chromium:936768)
With the new PRESERVE flag, we don't need RO_PRESERVE and RW_PRESERVE in
the future. But it's still no harm to use it if there are multiple
sections all needing to be preserved.
BUG=chromium:936768
TEST=Builds google/eve and google/kukui inside Chrome OS source tree.
Also boots successfully on eve and kukui devices.
Change-Id: I6664ae3d955001ed14374e2788d400ba5fb9b7f8
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31709
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
Only for those that are x86 and also have a RW_LEGACY region.
The assumption is that all devices touched have 64k block sizes when
choosing size and alignment of the region.
Change-Id: I12addb137604f003d1296f34f555dae219330b18
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/28532
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
Add the necessary files and changes to support vboot.
TEST=Build and run on Galileo Gen2 with a SparkFun CryptoShield
1. Obtain and install a SparkFun CryptoShield.
https://www.sparkfun.com/products/13183
2. Edit src/mainboard/intel/galileo/Kconfig to select
VBOOT_WITH_CRYPTO_SHIELD
3. Use make menuconfig to update the config values and select a
payload that will fit. I used SeaBIOS which does not boot.
4. Build coreboot
5. Use the command file below to generate the signed coreboot image.
6. Flash build/coreboot.rom onto the Galileo board
7. The test is successful if verstage detects that it needs recovery
after Phase 1. This is expected because the image does not contain
the GBB section.
8. Flash build/coreboot.signed.bin onto the Galileo board
9. The test is successful if verstage reaches Phase 4 and selects SLOT
A to load the rest of the files.
commands:
gbb_utility -c 0x100,0x1000,0x7ce80,0x1000 gbb.blob
dd conv=fdatasync ibs=4096 obs=4096 count=1553 \
if=build/coreboot.rom of=build/coreboot.signed.rom
dd conv=fdatasync obs=4096 obs=4096 seek=1553 if=gbb.blob \
of=build/coreboot.signed.rom
dd conv=fdatasync ibs=4096 obs=4096 skip=1680 seek=1680 \
count=368 if=build/coreboot.rom of=build/coreboot.signed.rom
gbb_utility \
--set --hwid='Galileo' \
-r $PWD/keys/recovery_key.vbpubk \
-k $PWD/keys/root_key.vbpubk \
build/coreboot.signed.rom
3rdparty/vboot/scripts/image_signing/sign_firmware.sh \
build/coreboot.signed.rom \
$PWD/keys \
build/coreboot.signed.rom
Change-Id: I02eb0ef647cd34c13a5fe8be0bdbe1bb38524d0c
Signed-off-by: Lee Leahy <leroy.p.leahy@intel.com>
Reviewed-on: https://review.coreboot.org/18821
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
This reverts commit a50ced2eba20a007fa5b486c251c252ad09868cf.
Change-Id: I4f7d3177015bfe280111843014c310e0d333cb17
Signed-off-by: Lee Leahy <leroy.p.leahy@intel.com>
Reviewed-on: https://review.coreboot.org/18814
Tested-by: build bot (Jenkins)
|
|
Add the necessary files and changes to support vboot.
TEST=Build and run on Galileo Gen2 with a SparkFun CryptoShield
1. Obtain and install a SparkFun CryptoShield.
https://www.sparkfun.com/products/13183
2. Edit src/mainboard/intel/galileo/Kconfig to select
VBOOT_WITH_CRYPTO_SHIELD
3. Use make menuconfig to update the config values and select a
payload that will fit. I used SeaBIOS which does not boot.
4. Build coreboot
5. Use the command file below to generate the signed coreboot image.
6. Flash build/coreboot.rom onto the Galileo board
7. The test is successful if verstage detects that it needs recovery
after Phase 1. This is expected because the image does not contain
the GBB section.
8. Flash build/coreboot.signed.bin onto the Galileo board
9. The test is successful if verstage reaches Phase 4 and selects SLOT
A to load the rest of the files.
#!/bin/sh
#
# The necessary tools were built and installed using the following
commands:
#
# pushd 3rdparty/vboot
# make
# sudo make install
# popd
#
# The keys were made using the following command
#
# 3rdparty/vboot/scripts/keygeneration/create_new_keys.sh \
# --4k --4k-root --output $PWD/keys
#
#
# Create the GBB area blob
#
gbb_utility -c 0x100,0x1000,0x7ce80,0x1000 gbb.blob
#
# Add the empty GBB to the coreboot.rom image
#
dd conv=fdatasync ibs=4096 obs=4096 count=1553 \
if=build/coreboot.rom of=build/coreboot.signed.rom
dd conv=fdatasync obs=4096 obs=4096 seek=1553 if=gbb.blob \
of=build/coreboot.signed.rom
dd conv=fdatasync ibs=4096 obs=4096 skip=1680 seek=1680 \
count=368 if=build/coreboot.rom of=build/coreboot.signed.rom
#
# Add the keys and HWID to the GBB
#
gbb_utility \
--set --hwid='Galileo' \
-r $PWD/keys/recovery_key.vbpubk \
-k $PWD/keys/root_key.vbpubk \
build/coreboot.signed.rom
#
# Sign the firmware with the keys
#
3rdparty/vboot/scripts/image_signing/sign_firmware.sh \
build/coreboot.signed.rom \
$PWD/keys \
build/coreboot.signed.rom
Change-Id: I96170412e7bbc2b9c747ff5e2c845f29220353ed
Signed-off-by: Lee Leahy <leroy.p.leahy@intel.com>
Reviewed-on: https://review.coreboot.org/18041
Tested-by: Martin Roth <martinroth@google.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|