~funderscore blog cgit wiki get in touch
aboutsummaryrefslogtreecommitdiff
blob: cca18af6e2fa161e1beea374a9444980c17984dc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# SPDX-License-Identifier: GPL-2.0+
# Copyright (c) 2018 Google, Inc
# Written by Simon Glass <sjg@chromium.org>
#

# Support for a Chromium OS Google Binary Block, used to record read-only
# information mostly used by firmware.

from collections import OrderedDict

from u_boot_pylib import command
from binman.entry import Entry, EntryArg

from dtoc import fdt_util
from u_boot_pylib import tools

# Build GBB flags.
# (src/platform/vboot_reference/firmware/include/gbb_header.h)
gbb_flag_properties = {
  'dev-screen-short-delay': 0x1,
  'load-option-roms': 0x2,
  'enable-alternate-os': 0x4,
  'force-dev-switch-on': 0x8,
  'force-dev-boot-usb': 0x10,
  'disable-fw-rollback-check': 0x20,
  'enter-triggers-tonorm': 0x40,
  'force-dev-boot-legacy': 0x80,
  'faft-key-override': 0x100,
  'disable-ec-software-sync': 0x200,
  'default-dev-boot-legacy': 0x400,
  'disable-pd-software-sync': 0x800,
  'disable-lid-shutdown': 0x1000,
  'force-dev-boot-fastboot-full-cap': 0x2000,
  'enable-serial': 0x4000,
  'disable-dwmp': 0x8000,
}


class Entry_gbb(Entry):
    """An entry which contains a Chromium OS Google Binary Block

    Properties / Entry arguments:
        - hardware-id: Hardware ID to use for this build (a string)
        - keydir: Directory containing the public keys to use
        - bmpblk: Filename containing images used by recovery

    Chromium OS uses a GBB to store various pieces of information, in particular
    the root and recovery keys that are used to verify the boot process. Some
    more details are here:

        https://www.chromium.org/chromium-os/firmware-porting-guide/2-concepts

    but note that the page dates from 2013 so is quite out of date. See
    README.chromium for how to obtain the required keys and tools.
    """
    def __init__(self, section, etype, node):
        super().__init__(section, etype, node)
        self.hardware_id, self.keydir, self.bmpblk = self.GetEntryArgsOrProps(
            [EntryArg('hardware-id', str),
             EntryArg('keydir', str),
             EntryArg('bmpblk', str)])

        # Read in the GBB flags from the config
        self.gbb_flags = 0
        flags_node = node.FindNode('flags')
        if flags_node:
            for flag, value in gbb_flag_properties.items():
                if fdt_util.GetBool(flags_node, flag):
                    self.gbb_flags |= value

    def ObtainContents(self):
        gbb = 'gbb.bin'
        fname = tools.get_output_filename(gbb)
        if not self.size:
            self.Raise('GBB must have a fixed size')
        gbb_size = self.size
        bmpfv_size = gbb_size - 0x2180
        if bmpfv_size < 0:
            self.Raise('GBB is too small (minimum 0x2180 bytes)')
        keydir = tools.get_input_filename(self.keydir)

        stdout = self.futility.gbb_create(
            fname, [0x100, 0x1000, bmpfv_size, 0x1000])
        if stdout is not None:
            stdout = self.futility.gbb_set(
                fname,
                hwid=self.hardware_id,
                rootkey='%s/root_key.vbpubk' % keydir,
                recoverykey='%s/recovery_key.vbpubk' % keydir,
                flags=self.gbb_flags,
                bmpfv=tools.get_input_filename(self.bmpblk))

        if stdout is not None:
            self.SetContents(tools.read_file(fname))
        else:
            # Bintool is missing; just use the required amount of zero data
            self.record_missing_bintool(self.futility)
            self.SetContents(tools.get_bytes(0, gbb_size))

        return True

    def AddBintools(self, btools):
        super().AddBintools(btools)
        self.futility = self.AddBintool(btools, 'futility')