From 6be3490d4d751eaa4af3823d3fd6eacb55a4b9bf Mon Sep 17 00:00:00 2001 From: Paul Kocialkowski Date: Fri, 6 Nov 2015 19:10:44 +0100 Subject: Replace Chromebook mentions with CrOS, that is more generic Not all CrOS devices are Chromebooks (laptops) or run on ARM, not all RK3288 CrOS devices are Chromebooks, either. We want to support more CrOS devices, including some that are not Chromebooks, such as the ASUS Chromebit! Signed-off-by: Paul Kocialkowski --- .../install/depthcharge/chromebook-flash-replace | 96 --------------------- .../install/depthcharge/cros-flash-replace | 96 +++++++++++++++++++++ ...low-disabling-vboot-firmware-verification.patch | 98 ---------------------- ...low-disabling-vboot-firmware-verification.patch | 98 ++++++++++++++++++++++ 4 files changed, 194 insertions(+), 194 deletions(-) delete mode 100755 resources/libreboot/install/depthcharge/chromebook-flash-replace create mode 100755 resources/libreboot/install/depthcharge/cros-flash-replace delete mode 100644 resources/libreboot/patch/chromebook/0001-chromeos-Allow-disabling-vboot-firmware-verification.patch create mode 100644 resources/libreboot/patch/cros/0001-chromeos-Allow-disabling-vboot-firmware-verification.patch (limited to 'resources/libreboot') diff --git a/resources/libreboot/install/depthcharge/chromebook-flash-replace b/resources/libreboot/install/depthcharge/chromebook-flash-replace deleted file mode 100755 index 4ad3fabd..00000000 --- a/resources/libreboot/install/depthcharge/chromebook-flash-replace +++ /dev/null @@ -1,96 +0,0 @@ -#!/bin/bash - -# replace the requested parts in the flash image with separate parts images -# -# Copyright (C) 2015 Paul Kocialkowski -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -[ "x${DEBUG+set}" = 'xset' ] && set -v - -regex="\([0-9a-fA-F]*\):\([0-9a-fA-F]*\)[[:space:]]*\(.*\)" -block=256 -layout="layout.txt" -flash=$1 - -shift 1 - -if [ ! -f "$flash" ] -then - echo "Usage: $0 [flash image] [image] ..." - exit 1 -fi - -if [ ! -f "$layout" ] -then - echo "Missing layout file: $layout" - exit 1 -fi - -flashsize=$( stat $flash -c "%s" ) - -for image in $@; do - range=$( grep "$image" "$layout" ) - name=$( echo "$range" | sed "s/$regex/\3/g" ) - file="$name.img" - - if [ -z "$range" ] || [ ! -f "$file" ] - then - echo "Invalid image name: $name" - continue - fi - - start=$( echo "$range" | sed "s/$regex/\1/g" ) - start=$( printf "%d\n" "0x$start" ) - stop=$( echo "$range" | sed "s/$regex/\2/g" ) - stop=$( printf "%d\n" "0x$stop" ) - - size=$(( $stop - $start + 1 )) - filesize=$( stat $file -c "%s" ) - - if [ $size -ne $filesize ] - then - echo "Invalid file size: expected $size, read $filesize" - continue - fi - - if [ $size -gt $flashsize ] - then - echo "Image size too big for flash" - continue - fi - - printf "Replacing $image in $flash\n\n" - - if [ $start -gt 0 ] - then - dd if=$flash of=before.img bs=$block count=$(( $start / $block )) - else - touch before.img - fi - - if [ $(( $stop + 1 )) -lt $flashsize ] - then - dd if=$flash of=after.img skip=$(( ($stop + 1) / $block )) bs=$block count=$(( ($flashsize - $stop - 1) / $block )) - else - touch after.img - fi - - cat before.img $file after.img > $flash - - rm before.img after.img - - printf "\n" -done diff --git a/resources/libreboot/install/depthcharge/cros-flash-replace b/resources/libreboot/install/depthcharge/cros-flash-replace new file mode 100755 index 00000000..4ad3fabd --- /dev/null +++ b/resources/libreboot/install/depthcharge/cros-flash-replace @@ -0,0 +1,96 @@ +#!/bin/bash + +# replace the requested parts in the flash image with separate parts images +# +# Copyright (C) 2015 Paul Kocialkowski +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +[ "x${DEBUG+set}" = 'xset' ] && set -v + +regex="\([0-9a-fA-F]*\):\([0-9a-fA-F]*\)[[:space:]]*\(.*\)" +block=256 +layout="layout.txt" +flash=$1 + +shift 1 + +if [ ! -f "$flash" ] +then + echo "Usage: $0 [flash image] [image] ..." + exit 1 +fi + +if [ ! -f "$layout" ] +then + echo "Missing layout file: $layout" + exit 1 +fi + +flashsize=$( stat $flash -c "%s" ) + +for image in $@; do + range=$( grep "$image" "$layout" ) + name=$( echo "$range" | sed "s/$regex/\3/g" ) + file="$name.img" + + if [ -z "$range" ] || [ ! -f "$file" ] + then + echo "Invalid image name: $name" + continue + fi + + start=$( echo "$range" | sed "s/$regex/\1/g" ) + start=$( printf "%d\n" "0x$start" ) + stop=$( echo "$range" | sed "s/$regex/\2/g" ) + stop=$( printf "%d\n" "0x$stop" ) + + size=$(( $stop - $start + 1 )) + filesize=$( stat $file -c "%s" ) + + if [ $size -ne $filesize ] + then + echo "Invalid file size: expected $size, read $filesize" + continue + fi + + if [ $size -gt $flashsize ] + then + echo "Image size too big for flash" + continue + fi + + printf "Replacing $image in $flash\n\n" + + if [ $start -gt 0 ] + then + dd if=$flash of=before.img bs=$block count=$(( $start / $block )) + else + touch before.img + fi + + if [ $(( $stop + 1 )) -lt $flashsize ] + then + dd if=$flash of=after.img skip=$(( ($stop + 1) / $block )) bs=$block count=$(( ($flashsize - $stop - 1) / $block )) + else + touch after.img + fi + + cat before.img $file after.img > $flash + + rm before.img after.img + + printf "\n" +done diff --git a/resources/libreboot/patch/chromebook/0001-chromeos-Allow-disabling-vboot-firmware-verification.patch b/resources/libreboot/patch/chromebook/0001-chromeos-Allow-disabling-vboot-firmware-verification.patch deleted file mode 100644 index f268922a..00000000 --- a/resources/libreboot/patch/chromebook/0001-chromeos-Allow-disabling-vboot-firmware-verification.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 2178bea1fbef28afbb9ffa2d95673407fac1907e Mon Sep 17 00:00:00 2001 -From: Paul Kocialkowski -Date: Sun, 9 Aug 2015 10:23:38 +0200 -Subject: [PATCH] chromeos: Allow disabling vboot firmware verification when - ChromeOS is enabled - -Some ChromeOS bindings might be wanted without using vboot verification, for -instance to boot up depthcharge from the version of Coreboot installed in the -write-protected part of the SPI flash (without jumping to a RW firmware). - -Vboot firmware verification is still selected by default when ChromeOS is -enabled, but this allows more flexibility since vboot firmware verification is -no longer a hard requirement for ChromeOS (that this particular use case still -allows booting ChromeOS). - -In the future, it would make sense to have all the separate components that -CONFIG_CHROMEOS enables have their own config options, so that they can be -enabled separately. - -Change-Id: Ia4057a56838aa05dcf3cb250ae1a27fd91402ddb -Signed-off-by: Paul Kocialkowski ---- - src/lib/bootmode.c | 2 ++ - src/soc/rockchip/rk3288/Kconfig | 2 +- - src/vendorcode/google/chromeos/Kconfig | 2 +- - src/vendorcode/google/chromeos/vboot2/Kconfig | 4 ++++ - 4 files changed, 8 insertions(+), 2 deletions(-) - -diff --git a/src/lib/bootmode.c b/src/lib/bootmode.c -index f2ff72a..13c0130 100644 ---- a/src/lib/bootmode.c -+++ b/src/lib/bootmode.c -@@ -80,8 +80,10 @@ void gfx_set_init_done(int done) - int display_init_required(void) - { - /* For Chrome OS always honor vboot_skip_display_init(). */ -+#if CONFIG_VBOOT_VERIFY_FIRMWARE - if (IS_ENABLED(CONFIG_CHROMEOS)) - return !vboot_skip_display_init(); -+#endif - - /* By default always initialize display. */ - return 1; -diff --git a/src/soc/rockchip/rk3288/Kconfig b/src/soc/rockchip/rk3288/Kconfig -index bc484e3..74a63e7 100644 ---- a/src/soc/rockchip/rk3288/Kconfig -+++ b/src/soc/rockchip/rk3288/Kconfig -@@ -35,7 +35,7 @@ config SOC_ROCKCHIP_RK3288 - - if SOC_ROCKCHIP_RK3288 - --config CHROMEOS -+config VBOOT_VERIFY_FIRMWARE - select VBOOT_STARTS_IN_BOOTBLOCK - select SEPARATE_VERSTAGE - select RETURN_FROM_VERSTAGE -diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig -index 8309d19..694e0d7 100644 ---- a/src/vendorcode/google/chromeos/Kconfig -+++ b/src/vendorcode/google/chromeos/Kconfig -@@ -31,7 +31,6 @@ config CHROMEOS - select BOOTMODE_STRAPS - select ELOG - select COLLECT_TIMESTAMPS -- select VBOOT_VERIFY_FIRMWARE - help - Enable ChromeOS specific features like the GPIO sub table in - the coreboot table. NOTE: Enabling this option on an unsupported -@@ -129,6 +128,7 @@ config VIRTUAL_DEV_SWITCH - - config VBOOT_VERIFY_FIRMWARE - bool "Verify firmware with vboot." -+ default y if CHROMEOS - default n - depends on HAVE_HARD_RESET - help -diff --git a/src/vendorcode/google/chromeos/vboot2/Kconfig b/src/vendorcode/google/chromeos/vboot2/Kconfig -index 930b009..610a847 100644 ---- a/src/vendorcode/google/chromeos/vboot2/Kconfig -+++ b/src/vendorcode/google/chromeos/vboot2/Kconfig -@@ -16,6 +16,8 @@ - ## Foundation, Inc. - ## - -+if VBOOT_VERIFY_FIRMWARE -+ - config VBOOT_STARTS_IN_BOOTBLOCK - bool "Vboot starts verifying in bootblock" - default n -@@ -133,3 +135,5 @@ config VBOOT_DYNAMIC_WORK_BUFFER - ram to allocate the vboot work buffer. That means vboot verification - is after memory init and requires main memory to back the work - buffer. -+ -+endif # VBOOT_VERIFY_FIRMWARE --- -1.9.1 - diff --git a/resources/libreboot/patch/cros/0001-chromeos-Allow-disabling-vboot-firmware-verification.patch b/resources/libreboot/patch/cros/0001-chromeos-Allow-disabling-vboot-firmware-verification.patch new file mode 100644 index 00000000..f268922a --- /dev/null +++ b/resources/libreboot/patch/cros/0001-chromeos-Allow-disabling-vboot-firmware-verification.patch @@ -0,0 +1,98 @@ +From 2178bea1fbef28afbb9ffa2d95673407fac1907e Mon Sep 17 00:00:00 2001 +From: Paul Kocialkowski +Date: Sun, 9 Aug 2015 10:23:38 +0200 +Subject: [PATCH] chromeos: Allow disabling vboot firmware verification when + ChromeOS is enabled + +Some ChromeOS bindings might be wanted without using vboot verification, for +instance to boot up depthcharge from the version of Coreboot installed in the +write-protected part of the SPI flash (without jumping to a RW firmware). + +Vboot firmware verification is still selected by default when ChromeOS is +enabled, but this allows more flexibility since vboot firmware verification is +no longer a hard requirement for ChromeOS (that this particular use case still +allows booting ChromeOS). + +In the future, it would make sense to have all the separate components that +CONFIG_CHROMEOS enables have their own config options, so that they can be +enabled separately. + +Change-Id: Ia4057a56838aa05dcf3cb250ae1a27fd91402ddb +Signed-off-by: Paul Kocialkowski +--- + src/lib/bootmode.c | 2 ++ + src/soc/rockchip/rk3288/Kconfig | 2 +- + src/vendorcode/google/chromeos/Kconfig | 2 +- + src/vendorcode/google/chromeos/vboot2/Kconfig | 4 ++++ + 4 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/lib/bootmode.c b/src/lib/bootmode.c +index f2ff72a..13c0130 100644 +--- a/src/lib/bootmode.c ++++ b/src/lib/bootmode.c +@@ -80,8 +80,10 @@ void gfx_set_init_done(int done) + int display_init_required(void) + { + /* For Chrome OS always honor vboot_skip_display_init(). */ ++#if CONFIG_VBOOT_VERIFY_FIRMWARE + if (IS_ENABLED(CONFIG_CHROMEOS)) + return !vboot_skip_display_init(); ++#endif + + /* By default always initialize display. */ + return 1; +diff --git a/src/soc/rockchip/rk3288/Kconfig b/src/soc/rockchip/rk3288/Kconfig +index bc484e3..74a63e7 100644 +--- a/src/soc/rockchip/rk3288/Kconfig ++++ b/src/soc/rockchip/rk3288/Kconfig +@@ -35,7 +35,7 @@ config SOC_ROCKCHIP_RK3288 + + if SOC_ROCKCHIP_RK3288 + +-config CHROMEOS ++config VBOOT_VERIFY_FIRMWARE + select VBOOT_STARTS_IN_BOOTBLOCK + select SEPARATE_VERSTAGE + select RETURN_FROM_VERSTAGE +diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig +index 8309d19..694e0d7 100644 +--- a/src/vendorcode/google/chromeos/Kconfig ++++ b/src/vendorcode/google/chromeos/Kconfig +@@ -31,7 +31,6 @@ config CHROMEOS + select BOOTMODE_STRAPS + select ELOG + select COLLECT_TIMESTAMPS +- select VBOOT_VERIFY_FIRMWARE + help + Enable ChromeOS specific features like the GPIO sub table in + the coreboot table. NOTE: Enabling this option on an unsupported +@@ -129,6 +128,7 @@ config VIRTUAL_DEV_SWITCH + + config VBOOT_VERIFY_FIRMWARE + bool "Verify firmware with vboot." ++ default y if CHROMEOS + default n + depends on HAVE_HARD_RESET + help +diff --git a/src/vendorcode/google/chromeos/vboot2/Kconfig b/src/vendorcode/google/chromeos/vboot2/Kconfig +index 930b009..610a847 100644 +--- a/src/vendorcode/google/chromeos/vboot2/Kconfig ++++ b/src/vendorcode/google/chromeos/vboot2/Kconfig +@@ -16,6 +16,8 @@ + ## Foundation, Inc. + ## + ++if VBOOT_VERIFY_FIRMWARE ++ + config VBOOT_STARTS_IN_BOOTBLOCK + bool "Vboot starts verifying in bootblock" + default n +@@ -133,3 +135,5 @@ config VBOOT_DYNAMIC_WORK_BUFFER + ram to allocate the vboot work buffer. That means vboot verification + is after memory init and requires main memory to back the work + buffer. ++ ++endif # VBOOT_VERIFY_FIRMWARE +-- +1.9.1 + -- cgit v1.2.3-70-g09d2