sudo dev_debug_vboot -c -i /dev/sda fails to verify kernel BLOB even though vbutil_kernel reports successful verification. I therefore cannot boot the USB drive because /var/log/debug_vboot_noisy.log reports the same /dev/sda6 verification failures.
Reported by
dave.kir...@gmail.com,
Aug 7 2017
|
|||
Issue description
Chrome Version: 60.0.3112.80 (Official Build) (32-bit)
Chrome OS Version: 9592.71.0 (Official Build) stable-channel nyan_blaze
Chrome OS Platform: BLAZE F4I-F3F-B2Q-I6N (HP Chromebook 14 G3 Tegra K1)
Network info: 4G Wifi Router
Steps To Reproduce:
(1) Insert a USB drive with a bootable linux OS installed (in my case I'm using a tried and tested version of ChrUbuntu with Tegra R21.5 driver support).
(2) View the USB drives GPT partition information using sudo cgpt show /dev/sda
start size part contents
0 1 PMBR
1 1 Pri GPT header
2 32 Pri GPT table
64 32768 6 Label: "KERN-A"
Type: ChromeOS kernel
UUID: 67100268-3E77-F746-9EAA-5F53B7FF5DEA
Attr: priority=5 tries=10 successful=0
65600 27868465 7 Label: "ROOT-A"
Type: ChromeOS rootfs
UUID: C0B78F89-8414-1544-AB2E-22FC49D28102
30031217 32 Sec GPT table
30031249 1 Sec GPT header
(3) View the SSDs GPT partition information using sudo cgpt show /dev/mmcblk0 (only showing the active KERN-B and ROOT-B partitions in this example to save space).
53248 32768 4 Label: "KERN-B"
Type: ChromeOS kernel
UUID: BF3637D2-3FD7-C14B-A445-63CB593DE4F0
Attr: priority=2 tries=0 successful=1
282624 4194304 5 Label: "ROOT-B"
Type: ChromeOS rootfs
UUID: 5FCA2791-D52D-E44B-ABE6-2B8D4FAE92EF
(4) Create a custom kernel-config file to boot USB /dev/sda7 ROOT-A from KERN-A using editor of choice "console=tty1 debug verbose root=/dev/sda7 rootfstype=ext4 rootwait rw lsm.module_locking=0"
(5) Sign the USB /dev/sda6 KERN-A partition using:
sudo vbutil_kernel --repack /dev/sda6 --oldblob /dev/mmcblk0p4 --keyblock /usr/share/vboot/devkeys/kernel.keyblock --version 1 --signprivate /usr/share/vboot/devkeys/kernel_data_key.vbprivk --config kernel-config --arch arm
(6) Verify the signed USB /dev/sda6 KERN-A partition using:
sudo vbutil_kernel --verify /dev/sda6 --signpubkey /usr/share/vboot/devkeys/kernel_subkey.vbpubk
with following output:
Key block:
Signature: valid
Size: 0x4b8
Flags: 7 !DEV DEV !REC
Data key algorithm: 4 RSA2048 SHA256
Data key version: 1
Data key sha1sum: d6170aa480136f1f29cf339a5ab1b960585fa444
Preamble:
Size: 0xfb48
Header version: 2.2
Kernel version: 1
Body load address: 0x100000
Body size: 0x4d2000
Bootloader address: 0x5d1000
Bootloader size: 0x1000
Flags : 0x0
Body verification succeeded.
Config:
console=tty1 debug verbose root=/dev/sda7 rootfstype=ext4 rootwait rw lsm.module_locking=0
(7) Run sudo dev_debug_vboot -c to unpack the firmware subkeys A, B & Recovery and then verify all KERN partitions
output (Actual Result):
Saving verbose log as /tmp/debug_vboot_pQsV6V18y/noisy.log
Extracting BIOS components...
Pulling root and recovery keys from GBB...
Verify firmware A with root key: OK
TPM=0x00140002, this=0x00140002
Verify firmware B with root key: OK
TPM=0x00140002, this=0x00140002
Examining kernels...
WARNING: Primary GPT header is invalid
WARNING: Secondary GPT header is invalid
Kernel /dev/mmcblk0p2: OK
Verify /dev/mmcblk0p2 with kern_subkey_A.vbpubk: OK
TPM=0x00020001 this=0x00020001
Verify /dev/mmcblk0p2 with kern_subkey_B.vbpubk: OK
TPM=0x00020001 this=0x00020001
Verify /dev/mmcblk0p2 with recoverykey.vbpubk: FAILED
Kernel /dev/mmcblk0p4: OK
Verify /dev/mmcblk0p4 with kern_subkey_A.vbpubk: OK
TPM=0x00020001 this=0x00020001
Verify /dev/mmcblk0p4 with kern_subkey_B.vbpubk: OK
TPM=0x00020001 this=0x00020001
Verify /dev/mmcblk0p4 with recoverykey.vbpubk: FAILED
Kernel /dev/mmcblk0p6: FAILED
Kernel /dev/sda6: OK
Verify /dev/sda6 with kern_subkey_A.vbpubk: FAILED
Verify /dev/sda6 with kern_subkey_B.vbpubk: FAILED
Verify /dev/sda6 with recoverykey.vbpubk: FAILED
Exporting log file as /var/log/debug_vboot_noisy.log
output (Expected Result):
Kernel /dev/sda6: OK
Verify /dev/sda6 with kern_subkey_A.vbpubk: OK
Verify /dev/sda6 with kern_subkey_B.vbpubk: OK
Verify /dev/sda6 with recoverykey.vbpubk: FAILED
Because kern_subkey_(A|B).vbpubk: FAILS twice when verifying /dev/sda6 the USB drive boots to a blank screen when pressing Ctrl-U on the boot screen. This has never occurred previously in the two+ years I been playing about with ChrUbuntu Tegra K1 installs. Usually I see ChrUbuntu boot up.
I can only hypothesise that the failed firmware verifications, which are listed in the regularly updated /var/log/debug_vboot_noisy.log file, is causing the blank screen after pressing Ctrl-U instead of the previously seen ChrUbuntu boot up messages?
How frequently does this problem reproduce? (Always, sometimes, hard to
reproduce?)
Always
What is the impact to the user, and is there a workaround? If so, what is
it?
Cannot BOOT ChrUbuntu
SANITY CHECK! - IS THIS BUG RATIONAL? IF SO, WHAT'S CAUSING THIS ANOMALY? BEST WISHES, DRKx
Please provide any additional information below. Attach a screen shot or
log if possible.
Here is /var/log/debug_vboot_noisy.log
Running /usr/bin/dev_debug_vboot
+ date
Mon Aug 7 19:43:45 BST 2017
# DEV_DEBUG_FORCE=()
# OPT_CLEANUP=(yes)
# OPT_BIOS=()
# OPT_FORCE=()
# OPT_IMAGE=()
# OPT_KERNEL=()
# FLAG_SAVE_LOG_FILE=(yes)
+ crossystem --all
Unable to open FDT property recovery-switch
arch = arm # Platform architecture
backup_nvram_request = 1 # Backup the nvram somewhere at the next boot. Cleared on success.
battery_cutoff_request = 0 # Cut off battery and shutdown on next boot.
block_devmode = 0 # Block all use of developer mode
clear_tpm_owner_request = 0 # Clear TPM owner on next boot
clear_tpm_owner_done = 1 # Clear TPM owner done
cros_debug = 1 # OS should allow debug features
dbg_reset = 0 # Debug reset mode request (writable)
debug_build = 0 # OS image built for debug features
dev_boot_usb = 1 # Enable developer mode boot from USB/SD (writable)
dev_boot_legacy = 1 # Enable developer mode boot Legacy OSes (writable)
dev_boot_signed_only = 0 # Enable developer mode boot only from official kernels (writable)
dev_default_boot = disk # default boot from legacy or usb (writable)
devsw_boot = 1 # Developer switch position at boot
devsw_cur = 1 # Developer switch current position
disable_dev_request = 0 # Disable virtual dev-mode on next boot
ecfw_act = RW # Active EC firmware
fmap_base = 0x00100000 # Main firmware flashmap physical address
fwb_tries = 0 # Try firmware B count (writable)
fw_vboot2 = 0 # 1 if firmware was selected by vboot2 or 0 otherwise
fwid = Google_Nyan_Blaze.5771.63.0 # Active firmware ID
fwupdate_tries = 0 # Times to try OS firmware update (writable, inside kern_nv)
fw_tried = A # Firmware tried this boot (vboot2)
fw_try_count = 0 # Number of times to try fw_try_next (writable)
fw_try_next = A # Firmware to try next (vboot2,writable)
fw_result = unknown # Firmware result this boot (vboot2,writable)
fw_prev_tried = A # Firmware tried on previous boot (vboot2)
fw_prev_result = unknown # Firmware result of previous boot (vboot2)
hwid = BLAZE F4I-F3F-B2Q-I6N # Hardware ID
inside_vm = 0 # Running in a VM?
kern_nv = 0x00000000 # Non-volatile field for kernel use
kernkey_vfy = sig # Type of verification done on kernel key block
loc_idx = 0 # Localization index for firmware screens (writable)
mainfw_act = A # Active main firmware
mainfw_type = developer # Active main firmware type
nvram_cleared = 0 # Have NV settings been lost? Write 0 to clear
oprom_needed = 0 # Should we load the VGA Option ROM at boot?
phase_enforcement = (error) # Board should have full security settings applied
recovery_reason = 0 # Recovery mode reason for current boot
recovery_request = 0 # Recovery mode request (writable)
recovery_subcode = 0 # Recovery reason subcode (writable)
recoverysw_boot = 0 # Recovery switch position at boot
recoverysw_cur = 2 # Recovery switch current position
recoverysw_ec_boot = 0 # Recovery switch position at EC boot
ro_fwid = Google_Nyan_Blaze.5771.63.0 # Read-only firmware ID
sw_wpsw_boot = 0 # Firmware write protect software setting enabled at boot (Baytrail only)
tpm_attack = 0 # TPM was interrupted since this flag was cleared
tpm_fwver = 0x00140002 # Firmware version stored in TPM
tpm_kernver = 0x00020001 # Kernel version stored in TPM
tpm_rebooted = 0 # TPM requesting repeated reboot (vboot2)
try_ro_sync = 0 # try read only software sync
tried_fwb = 0 # Tried firmware B before A this boot
vdat_flags = 0x00004c16 # Flags from VbSharedData
vdat_lfdebug = Check A result=12
Check B result=0
Firmware index booted=0x00
TPM combined version at start=0x00140002
Lowest combined version from firmware=0x00140002
# LoadFirmware() debug data (not in print-all)
vdat_lkdebug = Calls to LoadKernel()=1
Call 1:
Boot flags=0x01
Boot mode=2
Test error=0
Return code=0
Debug flags=0x00
Drive sectors=61079552
Sector size=512
Check result=4
Kernel partitions found=1
Kernel 1:
GPT index=4
Start sector=53248
Sector count=32768
Combined version=0x00020001
Check result=19
Debug flags=0x01
# LoadKernel() debug data (not in print-all)
vdat_timers = LFS=88862,198957 LF=198959,269624 LK=1,3105637 # Timer values from VbSharedData
wipeout_request = 0 # Firmware requested factory reset (wipeout)
wpsw_boot = 0 # Firmware write protect hardware switch position at boot
wpsw_cur = 0 # Firmware write protect hardware switch current position
+ rootdev -s
/dev/mmcblk0p5
+ ls -aCF /root
./ ../ .force_update_firmware
+ ls -aCF /mnt/stateful_partition
./ encrypted.block .tpm_owned
../ encrypted.key .tpm_status
crouton/ home/ .tpm_status.sum
.developer_mode lost+found/ ubuntu/
dev_image/ recovery_logs/ unencrypted/
encrypted/ shutdown_stateful_umount_failure
+ cgpt show /dev/mmcblk0
start size part contents
0 1 PMBR (Boot GUID: 8C625A16-4BB4-5F48-B7ED-4D1748A010D6)
1 1 Pri GPT header
2 32 Pri GPT table
8671232 52375552 1 Label: "STATE"
Type: Linux data
UUID: FC924727-B0D3-BC40-8CC6-3FE67396A60B
20480 32768 2 Label: "KERN-A"
Type: ChromeOS kernel
UUID: 8A91B713-B552-184E-B3BB-00BC1C1529A2
Attr: priority=1 tries=0 successful=1
4476928 4194304 3 Label: "ROOT-A"
Type: ChromeOS rootfs
UUID: 3A9D0B7B-2374-0145-A8DF-7E8A052127F8
53248 32768 4 Label: "KERN-B"
Type: ChromeOS kernel
UUID: BF3637D2-3FD7-C14B-A445-63CB593DE4F0
Attr: priority=2 tries=0 successful=1
282624 4194304 5 Label: "ROOT-B"
Type: ChromeOS rootfs
UUID: 5FCA2791-D52D-E44B-ABE6-2B8D4FAE92EF
16448 1 6 Label: "KERN-C"
Type: ChromeOS kernel
UUID: 2910ACF3-A2F0-8646-8DEE-1CC4765FB391
Attr: priority=0 tries=15 successful=0
16449 1 7 Label: "ROOT-C"
Type: ChromeOS rootfs
UUID: 29879121-A573-694D-84F4-68070BF3FC1E
86016 32768 8 Label: "OEM"
Type: Linux data
UUID: B8263CC8-CC98-F04B-9C5B-A474C20D8347
16450 1 9 Label: "reserved"
Type: ChromeOS reserved
UUID: CAD3000D-838A-C248-B288-6CF6934C2CDA
16451 1 10 Label: "reserved"
Type: ChromeOS reserved
UUID: 82CAEF0E-9122-5F49-8C37-414B5BE0A746
64 16384 11 Label: "RWFW"
Type: ChromeOS firmware
UUID: AE9F0EAF-2AF7-DD47-80B0-E7357298755C
249856 32768 12 Label: "EFI-SYSTEM"
Type: EFI System Partition
UUID: 8C625A16-4BB4-5F48-B7ED-4D1748A010D6
Attr: legacy_boot=1
61079519 32 Sec GPT table
61079551 1 Sec GPT header
+ cgpt show /dev/mmcblk1
WARNING: Primary GPT header is invalid
WARNING: Secondary GPT header is invalid
ERROR: GptSanityCheck() returned 2: GPT_ERROR_INVALID_HEADERS
+ cgpt show /dev/sda
start size part contents
0 1 PMBR
1 1 Pri GPT header
2 32 Pri GPT table
64 32768 6 Label: "KERN-A"
Type: ChromeOS kernel
UUID: 67100268-3E77-F746-9EAA-5F53B7FF5DEA
Attr: priority=5 tries=10 successful=0
65600 27868465 7 Label: "ROOT-A"
Type: ChromeOS rootfs
UUID: C0B78F89-8414-1544-AB2E-22FC49D28102
30031217 32 Sec GPT table
30031249 1 Sec GPT header
+ flashrom -V -p host --wp-status
flashrom v0.9.4 : 2842dd9 : Jun 05 2017 23:54:51 UTC on Linux 3.10.18 (armv7l)
Programmer alias: "host", parameter: "(null)",
flashrom v0.9.4 : 2842dd9 : Jun 05 2017 23:54:51 UTC on Linux 3.10.18 (armv7l)
flashrom was built with libpci 3.4.1, LLVM Clang 5.0.0 (/var/cache/chromeos-cache/distfiles/host/egit-src/clang.git 8ae674d121a0c39b4ae6e83d10caad3fd29dce13) (/var/cache/chromeos-cache/distfiles/host/egit-src/llvm.git 3183fbc849f015fd085ce6724e85ae1de65db4e6), little endian
Command line (4 args): flashrom -V -p host --wp-status
Acquiring lock (timeout=180 sec)...
Opened file lock "/run/lock/firmware_utility_lock"
Lock acquired.
Initializing internal programmer
scanft: Error stat'ing /sys/class/mtd: No such file or directory
linux_mtd_setup: NOR type device not found.
linux_mtd_init: failed.
Initializing linux_spi programmer
find_string: checking path "/sys/bus/spi/devices/spi32765.0/modalias" for contents "spi:spidev"
Found SPI device spi:spidev on spi32765.0
Using device /dev/spidev32765.0
Probing for AMIC A25L05PT, 64 kB: id1 0xef, id2 0x6016
Probing for AMIC A25L05PU, 64 kB: id1 0xef, id2 0x6016
Probing for AMIC A25L10PT, 128 kB: id1 0xef, id2 0x6016
Probing for AMIC A25L10PU, 128 kB: id1 0xef, id2 0x6016
Probing for AMIC A25L20PT, 256 kB: id1 0xef, id2 0x6016
Probing for AMIC A25L20PU, 256 kB: id1 0xef, id2 0x6016
Probing for AMIC A25L40PT, 512 kB: id1 0xef, id2 0x6016
Probing for AMIC A25L40PU, 512 kB: id1 0xef, id2 0x6016
Probing for AMIC A25L80P, 1024 kB: id1 0xef, id2 0x6016
Probing for AMIC A25L16PT, 2048 kB: id1 0xef, id2 0x6016
Probing for AMIC A25L16PU, 2048 kB: id1 0xef, id2 0x6016
Probing for AMIC A25L512, 64 kB: id1 0xef, id2 0x6016
Probing for AMIC A25L010, 128 kB: id1 0xef, id2 0x6016
Probing for AMIC A25L020, 256 kB: id1 0xef, id2 0x6016
Probing for AMIC A25L040, 512 kB: id1 0xef, id2 0x6016
Probing for AMIC A25L080, 1024 kB: id1 0xef, id2 0x6016
Probing for AMIC A25L016, 2048 kB: id1 0xef, id2 0x6016
Probing for AMIC A25L032, 4096 kB: id1 0xef, id2 0x6016
Probing for AMIC A25LQ032, 4096 kB: id1 0xef, id2 0x6016
Probing for Atmel ATMEL_AT25SL128A, 16384 kB: id1 0xef, id2 0x6016
Probing for Atmel AT25DF021, 256 kB: id1 0xef, id2 0x6016
Probing for Atmel AT25DF041A, 512 kB: id1 0xef, id2 0x6016
Probing for Atmel AT25DF081, 1024 kB: id1 0xef, id2 0x6016
Probing for Atmel AT25DF081A, 1024 kB: id1 0xef, id2 0x6016
Probing for Atmel AT25DF161, 2048 kB: id1 0xef, id2 0x6016
Probing for Atmel AT25DF321, 4096 kB: id1 0xef, id2 0x6016
Probing for Atmel AT25DF321A, 4096 kB: id1 0xef, id2 0x6016
Probing for Atmel AT25DF641(A), 8192 kB: id1 0xef, id2 0x6016
Probing for Atmel AT25DQ161, 2048 kB: id1 0xef, id2 0x6016
Probing for Atmel AT25F512B, 64 kB: id1 0xef, id2 0x6016
Probing for Atmel AT25FS010, 128 kB: id1 0xef, id2 0x6016
Probing for Atmel AT25FS040, 512 kB: id1 0xef, id2 0x6016
Probing for Atmel AT26DF041, 512 kB: id1 0xef, id2 0x6016
Probing for Atmel AT26DF081A, 1024 kB: id1 0xef, id2 0x6016
Probing for Atmel AT26DF161, 2048 kB: id1 0xef, id2 0x6016
Probing for Atmel AT26DF161A, 2048 kB: id1 0xef, id2 0x6016
Probing for Atmel AT26F004, 512 kB: id1 0xef, id2 0x6016
Probing for Atmel AT45CS1282, 16896 kB: id1 0xef, id2 0x6016
Probing for Atmel AT45DB011D, 128 kB: id1 0xef, id2 0x6016
Probing for Atmel AT45DB021D, 256 kB: id1 0xef, id2 0x6016
Probing for Atmel AT45DB041D, 512 kB: id1 0xef, id2 0x6016
Probing for Atmel AT45DB081D, 1024 kB: id1 0xef, id2 0x6016
Probing for Atmel AT45DB161D, 2048 kB: id1 0xef, id2 0x6016
Probing for Atmel AT45DB321C, 4224 kB: id1 0xef, id2 0x6016
Probing for Atmel AT45DB321D, 4096 kB: id1 0xef, id2 0x6016
Probing for Atmel AT45DB642D, 8192 kB: id1 0xef, id2 0x6016
Probing for EMST F25L008A, 1024 kB: id1 0xef, id2 0x6016
Probing for Eon EN25B05, 64 kB: id1 0xef, id2 0x6016
Probing for Eon EN25B05T, 64 kB: id1 0xef, id2 0x6016
Probing for Eon EN25B10, 128 kB: id1 0xef, id2 0x6016
Probing for Eon EN25B10T, 128 kB: id1 0xef, id2 0x6016
Probing for Eon EN25B20, 256 kB: id1 0xef, id2 0x6016
Probing for Eon EN25B20T, 256 kB: id1 0xef, id2 0x6016
Probing for Eon EN25B40, 512 kB: id1 0xef, id2 0x6016
Probing for Eon EN25B40T, 512 kB: id1 0xef, id2 0x6016
Probing for Eon EN25B80, 1024 kB: id1 0xef, id2 0x6016
Probing for Eon EN25B80T, 1024 kB: id1 0xef, id2 0x6016
Probing for Eon EN25B16, 2048 kB: id1 0xef, id2 0x6016
Probing for Eon EN25B16T, 2048 kB: id1 0xef, id2 0x6016
Probing for Eon EN25B32, 4096 kB: id1 0xef, id2 0x6016
Probing for Eon EN25B32T, 4096 kB: id1 0xef, id2 0x6016
Probing for Eon EN25B64, 8192 kB: id1 0xef, id2 0x6016
Probing for Eon EN25B64T, 8192 kB: id1 0xef, id2 0x6016
Probing for Eon EN25D16, 2048 kB: id1 0xef, id2 0x6016
Probing for Eon EN25F05, 64 kB: id1 0xef, id2 0x6016
Probing for Eon EN25F10, 128 kB: id1 0xef, id2 0x6016
Probing for Eon EN25F20, 256 kB: id1 0xef, id2 0x6016
Probing for Eon EN25F40, 512 kB: id1 0xef, id2 0x6016
Probing for Eon EN25F80, 1024 kB: id1 0xef, id2 0x6016
Probing for Eon EN25F16, 2048 kB: id1 0xef, id2 0x6016
Probing for Eon EN25F32, 4096 kB: id1 0xef, id2 0x6016
Probing for Eon EN25Q40, 512 kB: id1 0xef, id2 0x6016
Probing for Eon EN25Q80(A), 1024 kB: id1 0xef, id2 0x6016
Probing for Eon EN25Q32(A)(B), 4096 kB: id1 0xef, id2 0x6016
Probing for Eon EN25Q64, 8192 kB: id1 0xef, id2 0x6016
Probing for Eon EN25Q128, 16384 kB: id1 0xef, id2 0x6016
Probing for Eon EN25Q40, 512 kB: id1 0xef, id2 0x6016
Probing for Eon EN25Q80(A), 1024 kB: id1 0xef, id2 0x6016
Probing for Eon EN25Q32(A/B), 4096 kB: id1 0xef, id2 0x6016
Probing for Eon EN25Q64, 8192 kB: id1 0xef, id2 0x6016
Probing for Eon EN25Q128, 16384 kB: id1 0xef, id2 0x6016
Probing for Eon EN25QH16, 2048 kB: id1 0xef, id2 0x6016
Probing for Eon EN25S64, 8192 kB: id1 0xef, id2 0x6016
Probing for GigaDevice GD25Q20, 256 kB: id1 0xef, id2 0x6016
Probing for GigaDevice GD25Q40, 512 kB: id1 0xef, id2 0x6016
Probing for GigaDevice GD25LQ40, 512 kB: id1 0xef, id2 0x6016
Probing for GigaDevice GD25Q80, 1024 kB: id1 0xef, id2 0x6016
Probing for GigaDevice GD25Q16, 2048 kB: id1 0xef, id2 0x6016
Probing for GigaDevice GD25Q32, 4096 kB: id1 0xef, id2 0x6016
Probing for GigaDevice GD25Q64, 8192 kB: id1 0xef, id2 0x6016
Probing for GigaDevice GD25Q127C/GD25Q128C, 16384 kB: id1 0xef, id2 0x6016
Probing for GigaDevice GD25LQ32, 4096 kB: id1 0xef, id2 0x6016
Probing for GigaDevice GD25LQ64, 8192 kB: id1 0xef, id2 0x6016
Probing for GigaDevice GD25LQ128C, 16384 kB: id1 0xef, id2 0x6016
Probing for Macronix MX25L512(E)/MX25V512(C), 64 kB: id1 0xef, id2 0x6016
Probing for Macronix MX25L1005(C)/MX25L1006E, 128 kB: id1 0xef, id2 0x6016
Probing for Macronix MX25L2005(C), 256 kB: id1 0xef, id2 0x6016
Probing for Macronix MX25L4005(A/C), 512 kB: id1 0xef, id2 0x6016
Probing for Macronix MX25L8005/MX25V8005, 1024 kB: id1 0xef, id2 0x6016
Probing for Macronix MX25L1605, 2048 kB: id1 0xef, id2 0x6016
Probing for Macronix MX25L1635D, 2048 kB: id1 0xef, id2 0x6016
Probing for Macronix MX25L1635E, 2048 kB: id1 0xef, id2 0x6016
Probing for Macronix MX25L3205, 4096 kB: id1 0xef, id2 0x6016
Probing for Macronix MX25L3235D, 4096 kB: id1 0xef, id2 0x6016
Probing for Macronix MX25U3235E/F, 4096 kB: id1 0xef, id2 0x6016
Probing for Macronix MX25L6406E, 8192 kB: id1 0xef, id2 0x6016
Probing for Macronix MX25L6495F, 8192 kB: id1 0xef, id2 0x6016
Probing for Macronix MX25U6435E/F, 8192 kB: id1 0xef, id2 0x6016
Probing for Macronix MX25U25635F, 16384 kB: id1 0xef, id2 0x6016
Probing for Macronix MX25L12805, 16384 kB: id1 0xef, id2 0x6016
Probing for Numonyx M25PE10, 128 kB: id1 0xef, id2 0x6016
Probing for Numonyx M25PE20, 256 kB: id1 0xef, id2 0x6016
Probing for Numonyx M25PE40, 512 kB: id1 0xef, id2 0x6016
Probing for Numonyx M25PE80, 1024 kB: id1 0xef, id2 0x6016
Probing for Numonyx M25PE16, 2048 kB: id1 0xef, id2 0x6016
Probing for Numonyx N25Q064..1E, 8192 kB: id1 0xef, id2 0x6016
Probing for Numonyx N25Q064..3E, 8192 kB: id1 0xef, id2 0x6016
Probing for Numonyx N25Q256..3E, 16384 kB: id1 0xef, id2 0x6016
Probing for PMC Pm25LV010, 128 kB: id1 0xef, id2 0x6016
Probing for PMC Pm25LV016B, 2048 kB: id1 0xef, id2 0x6016
Probing for PMC Pm25LV020, 256 kB: id1 0xef, id2 0x6016
Probing for PMC Pm25LV040, 512 kB: id1 0xef, id2 0x6016
Probing for PMC Pm25LV080B, 1024 kB: id1 0xef, id2 0x6016
Probing for PMC Pm25LV512, 64 kB: id1 0xef, id2 0x6016
Probing for Sanyo LF25FW203A, 2048 kB: id1 0xef, id2 0x6016
Probing for Spansion S25FL004A, 512 kB: id1 0xef, id2 0x6016
Probing for Spansion S25FL004A, 512 kB: id1 0xef, id2 0x6016
Probing for Spansion S25FL008A, 1024 kB: id1 0xef, id2 0x6016
Probing for Spansion S25FL016A, 2048 kB: id1 0xef, id2 0x6016
Probing for Spansion S25FL032A, 4096 kB: id1 0xef, id2 0x6016
Probing for Spansion S25FL064A, 8192 kB: id1 0xef, id2 0x6016
Probing for Spansion S25FL116K, 2048 kB: id1 0xef, id2 0x6016
Probing for Spansion S25FS128S Large Sectors, 16384 kB: 0xef 0x60 0x16 0x00 0x00 0x00.
Probing for Spansion S25FS128S Small Sectors, 16384 kB: 0xef 0x60 0x16 0x00 0x00 0x00.
Probing for Spansion S25FL256S Large Sectors, 16384 kB: 0xef 0x60 0x16 0x00 0x00 0x00.
Probing for Spansion S25FL256S Small Sectors, 16384 kB: 0xef 0x60 0x16 0x00 0x00 0x00.
Probing for Spansion S25FL128S_UL Uniform 128 kB Sectors, 16384 kB: 0xef 0x60 0x16 0x00 0x00 0x00.
Probing for Spansion S25FL128S_US Uniform 64 kB Sectors, 16384 kB: 0xef 0x60 0x16 0x00 0x00 0x00.
Probing for SST SST25LF040A, 512 kB: probe_spi_res2: id1 0x15, id2 0x15
Probing for SST SST25LF080A, 1024 kB: probe_spi_res2: id1 0x15, id2 0x15
Probing for SST SST25VF010, 128 kB: id1 0xef, id2 0x15
Probing for Spansion S25FL032A, 4096 kB: id1 0xef, id2 0x6016
Probing for Spansion S25FL064A, 8192 kB: id1 0xef, id2 0x6016
Probing for SST SST25VF010.REMS, 128 kB: id1 0xef, id2 0x15
Probing for SST SST25VF016B, 2048 kB: id1 0xef, id2 0x6016
Probing for SST SST25VF032B, 4096 kB: id1 0xef, id2 0x6016
Probing for SST SST25VF064C, 8192 kB: id1 0xef, id2 0x6016
Probing for SST SST25VF040, 512 kB: id1 0xef, id2 0x15
Probing for SST SST25VF040B, 512 kB: id1 0xef, id2 0x6016
Probing for SST SST25VF040B.REMS, 512 kB: id1 0xef, id2 0x15
Probing for SST SST25VF080B, 1024 kB: id1 0xef, id2 0x6016
Probing for ST M25P05-A, 64 kB: id1 0xef, id2 0x6016
Probing for ST M25P05, 64 kB: Ignoring RES in favour of RDID.
Probing for ST M25P10-A, 128 kB: id1 0xef, id2 0x6016
Probing for ST M25P10, 128 kB: Ignoring RES in favour of RDID.
Probing for ST M25P20, 256 kB: id1 0xef, id2 0x6016
Probing for ST M25P40, 512 kB: id1 0xef, id2 0x6016
Probing for ST M25P40-old, 512 kB: Ignoring RES in favour of RDID.
Probing for ST M25P80, 1024 kB: id1 0xef, id2 0x6016
Probing for ST M25P16, 2048 kB: id1 0xef, id2 0x6016
Probing for ST M25P32, 4096 kB: id1 0xef, id2 0x6016
Probing for ST M25P64, 8192 kB: id1 0xef, id2 0x6016
Probing for ST M25P128, 16384 kB: id1 0xef, id2 0x6016
Probing for ST M25PX16, 2048 kB: id1 0xef, id2 0x6016
Probing for ST M25PX32, 4096 kB: id1 0xef, id2 0x6016
Probing for ST M25PX64, 8192 kB: id1 0xef, id2 0x6016
Probing for ST M25PX32, 4096 kB: id1 0xef, id2 0x6016
Probing for ST M25PX64, 8192 kB: id1 0xef, id2 0x6016
Probing for Winbond W25Q40EW, 512 kB: id1 0xef, id2 0x6016
Probing for Winbond W25Q80, 1024 kB: id1 0xef, id2 0x6016
Probing for Winbond W25Q16, 2048 kB: id1 0xef, id2 0x6016
Probing for Winbond W25Q32, 4096 kB: id1 0xef, id2 0x6016
Probing for Winbond W25Q32DW, 4096 kB: id1 0xef, id2 0x6016
Chip status register is 80
Found Winbond flash chip "W25Q32DW" (4096 kB, SPI) on linux_spi.
Probing for Winbond W25Q64, 8192 kB: id1 0xef, id2 0x6016
Probing for Winbond W25Q64DW, 8192 kB: id1 0xef, id2 0x6016
Probing for Winbond W25Q128.V, 16384 kB: id1 0xef, id2 0x6016
Probing for Winbond W25Q128FW, 16384 kB: id1 0xef, id2 0x6016
Probing for Winbond W25Q128J, 16384 kB: id1 0xef, id2 0x6016
Probing for Winbond W25X10, 128 kB: id1 0xef, id2 0x6016
Probing for Winbond W25X20, 256 kB: id1 0xef, id2 0x6016
Probing for Winbond W25X40, 512 kB: id1 0xef, id2 0x6016
Probing for Winbond W25X80, 1024 kB: id1 0xef, id2 0x6016
Probing for Winbond W25X16, 2048 kB: id1 0xef, id2 0x6016
Probing for Winbond W25X32, 4096 kB: id1 0xef, id2 0x6016
Probing for Winbond W25X64, 8192 kB: id1 0xef, id2 0x6016
Probing for AMIC unknown AMIC SPI chip, 0 kB: id1 0xef, id2 0x6016
Probing for Atmel unknown Atmel SPI chip, 0 kB: id1 0xef, id2 0x6016
Probing for Eon unknown Eon SPI chip, 0 kB: id1 0xef, id2 0x6016
Probing for Macronix unknown Macronix SPI chip, 0 kB: id1 0xef, id2 0x6016
Probing for PMC unknown PMC SPI chip, 0 kB: id1 0xef, id2 0x6016
Probing for SST unknown SST SPI chip, 0 kB: id1 0xef, id2 0x6016
Probing for ST unknown ST SPI chip, 0 kB: id1 0xef, id2 0x6016
Probing for Sanyo unknown Sanyo SPI chip, 0 kB: id1 0xef, id2 0x6016
Probing for Generic Variable Size SPI chip, 64 kB: Probing for Generic unknown SPI chip (RDID), 0 kB: id1 0xef, id2 0x6016
Probing for Generic unknown SPI chip (REMS), 0 kB: id1 0xef, id2 0x15
No -i argument is specified, set ignore_fmap.
WP: status: 0x0080
WP: status.srp0: 1
WP: status.srp1: 0
WP: write protect is enabled.
WP: write protect range: start=0x00000000, len=0x00000000
restore_power_management: Re-enabling power management.
# Extracting BIOS components...
+ flashrom -p host -r /dev/null -iGBB:GBB -iFMAP:FMAP -iVBLOCK_A:VBLOCK_A -iVBLOCK_B:VBLOCK_B -iFW_MAIN_A:FW_MAIN_A -iFW_MAIN_B:FW_MAIN_B
flashrom v0.9.4 : 2842dd9 : Jun 05 2017 23:54:51 UTC on Linux 3.10.18 (armv7l)
flashrom v0.9.4 : 2842dd9 : Jun 05 2017 23:54:51 UTC on Linux 3.10.18 (armv7l)
Reading flash... SUCCESS
+ futility dump_fmap FMAP
hit at 0x00000000
fmap_signature __FMAP__
fmap_version: 1.0
fmap_base: 0x0
fmap_size: 0x00400000 (4194304)
fmap_name: FMAP
fmap_nareas: 22
area: 1
area_offset: 0x00000000
area_size: 0x00200000 (2097152)
area_name: WP_RO
area: 2
area_offset: 0x00000000
area_size: 0x001f0000 (2031616)
area_name: RO_SECTION
area: 3
area_offset: 0x00000000
area_size: 0x00100000 (1048576)
area_name: COREBOOT
area: 4
area_offset: 0x00100000
area_size: 0x00001000 (4096)
area_name: FMAP
area: 5
area_offset: 0x00101000
area_size: 0x000eef00 (978688)
area_name: GBB
area: 6
area_offset: 0x001eff00
area_size: 0x00000100 (256)
area_name: RO_FRID
area: 7
area_offset: 0x001f0000
area_size: 0x00010000 (65536)
area_name: RO_VPD
area: 8
area_offset: 0x00200000
area_size: 0x00078000 (491520)
area_name: RW_SECTION_A
area: 9
area_offset: 0x00200000
area_size: 0x00002000 (8192)
area_name: VBLOCK_A
area: 10
area_offset: 0x00202000
area_size: 0x00056000 (352256)
area_name: FW_MAIN_A
area: 11
area_offset: 0x00258000
area_size: 0x0001ff00 (130816)
area_name: EC_MAIN_A
area: 12
area_offset: 0x00277f00
area_size: 0x00000100 (256)
area_name: RW_FWID_A
area: 13
area_offset: 0x00278000
area_size: 0x00004000 (16384)
area_name: RW_SHARED
area: 14
area_offset: 0x00278000
area_size: 0x00004000 (16384)
area_name: SHARED_DATA
area: 15
area_offset: 0x0027c000
area_size: 0x00004000 (16384)
area_name: RW_ELOG
area: 16
area_offset: 0x00280000
area_size: 0x00078000 (491520)
area_name: RW_SECTION_B
area: 17
area_offset: 0x00280000
area_size: 0x00002000 (8192)
area_name: VBLOCK_B
area: 18
area_offset: 0x00282000
area_size: 0x00056000 (352256)
area_name: FW_MAIN_B
area: 19
area_offset: 0x002d8000
area_size: 0x0001ff00 (130816)
area_name: EC_MAIN_B
area: 20
area_offset: 0x002f7f00
area_size: 0x00000100 (256)
area_name: RW_FWID_B
area: 21
area_offset: 0x002f8000
area_size: 0x00008000 (32768)
area_name: RW_VPD
area: 22
area_offset: 0x00300000
area_size: 0x00100000 (1048576)
area_name: RW_LEGACY
# Pulling root and recovery keys from GBB...
+ futility gbb_utility -g --rootkey rootkey.vbpubk --recoverykey recoverykey.vbpubk GBB
- exported root_key to file: rootkey.vbpubk
- exported recovery_key to file: recoverykey.vbpubk
+ futility vbutil_key --unpack rootkey.vbpubk
Public Key file: rootkey.vbpubk
Algorithm: 11 RSA8192 SHA512
Key Version: 1
Key sha1sum: c788cee8c798669fe4822b7544dd3e399ce22604
+ futility vbutil_key --unpack recoverykey.vbpubk
Public Key file: recoverykey.vbpubk
Algorithm: 11 RSA8192 SHA512
Key Version: 1
Key sha1sum: 26900310befce802836cca982f819aa72445e190
# Verify firmware A with root key:
+ futility vbutil_firmware --verify VBLOCK_A --signpubkey rootkey.vbpubk --fv FW_MAIN_A --kernelkey kern_subkey_A.vbpubk
Key block:
Size: 2232
Flags: 7 (ignored)
Data key algorithm: 8 RSA4096 SHA512
Data key version: 20
Data key sha1sum: f40b8da3bbafbc49b226c363331b5fea467340b2
Preamble:
Size: 2164
Header version: 2.1
Firmware version: 2
Kernel key algorithm: 7 RSA4096 SHA256
Kernel key version: 2
Kernel key sha1sum: 8be2f49f984ce99d7c30940dc54a2e1e7932bf68
Firmware body size: 111912
Preamble flags: 0
Body verification succeeded.
# OK
# TPM=0x00140002, this=0x00140002
# Verify firmware B with root key:
+ futility vbutil_firmware --verify VBLOCK_B --signpubkey rootkey.vbpubk --fv FW_MAIN_B --kernelkey kern_subkey_B.vbpubk
Key block:
Size: 2232
Flags: 7 (ignored)
Data key algorithm: 8 RSA4096 SHA512
Data key version: 20
Data key sha1sum: f40b8da3bbafbc49b226c363331b5fea467340b2
Preamble:
Size: 2164
Header version: 2.1
Firmware version: 2
Kernel key algorithm: 7 RSA4096 SHA256
Kernel key version: 2
Kernel key sha1sum: 8be2f49f984ce99d7c30940dc54a2e1e7932bf68
Firmware body size: 111912
Preamble flags: 0
Body verification succeeded.
# OK
# TPM=0x00140002, this=0x00140002
# Examining kernels...
# copying /dev/mmcblk0p2 to kern_0...
+ dd if=/dev/mmcblk0p2 of=kern_0
32768+0 records in
32768+0 records out
16777216 bytes (17 MB, 16 MiB) copied, 0.224664 s, 74.7 MB/s
# Kernel /dev/mmcblk0p2:
+ futility vbutil_keyblock --unpack kern_0
Key block file: kern_0
Signature ignored
Flags: 7 !DEV DEV !REC
Data key algorithm: 4 RSA2048 SHA256
Data key version: 2
Data key sha1sum: 832c60acee15b84a7051528028872fa54e3655aa
# OK
# Verify /dev/mmcblk0p2 with kern_subkey_A.vbpubk:
+ futility vbutil_kernel --verify kern_0 --signpubkey kern_subkey_A.vbpubk
Key block:
Signature: valid
Size: 0x4b8
Flags: 7 !DEV DEV !REC
Data key algorithm: 4 RSA2048 SHA256
Data key version: 2
Data key sha1sum: 832c60acee15b84a7051528028872fa54e3655aa
Preamble:
Size: 0xfb48
Header version: 2.2
Kernel version: 1
Body load address: 0x100000
Body size: 0x4d2000
Bootloader address: 0x5d1000
Bootloader size: 0x1000
Flags : 0x0
Body verification succeeded.
Config:
console= loglevel=7 init=/sbin/init cros_secure oops=panic panic=-1 root=/dev/dm-0 rootwait ro dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 dm="1 vroot none ro 1,0 2539520 verity payload=PARTUUID=%U/PARTNROFF=1 hashtree=PARTUUID=%U/PARTNROFF=1 hashstart=2539520 alg=sha1 root_hexdigest=78a5d0f3505146b97841942a9992369a5aa77da7 salt=38e18c9c0490a7c8840bb9c2ee5f227c9022b6841ac1c807fe439ebb45e0cce9" noinitrd vt.global_cursor_default=0 kern_guid=%U
# OK
# TPM=0x00020001 this=0x00020001
# Verify /dev/mmcblk0p2 with kern_subkey_B.vbpubk:
+ futility vbutil_kernel --verify kern_0 --signpubkey kern_subkey_B.vbpubk
Key block:
Signature: valid
Size: 0x4b8
Flags: 7 !DEV DEV !REC
Data key algorithm: 4 RSA2048 SHA256
Data key version: 2
Data key sha1sum: 832c60acee15b84a7051528028872fa54e3655aa
Preamble:
Size: 0xfb48
Header version: 2.2
Kernel version: 1
Body load address: 0x100000
Body size: 0x4d2000
Bootloader address: 0x5d1000
Bootloader size: 0x1000
Flags : 0x0
Body verification succeeded.
Config:
console= loglevel=7 init=/sbin/init cros_secure oops=panic panic=-1 root=/dev/dm-0 rootwait ro dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 dm="1 vroot none ro 1,0 2539520 verity payload=PARTUUID=%U/PARTNROFF=1 hashtree=PARTUUID=%U/PARTNROFF=1 hashstart=2539520 alg=sha1 root_hexdigest=78a5d0f3505146b97841942a9992369a5aa77da7 salt=38e18c9c0490a7c8840bb9c2ee5f227c9022b6841ac1c807fe439ebb45e0cce9" noinitrd vt.global_cursor_default=0 kern_guid=%U
# OK
# TPM=0x00020001 this=0x00020001
# Verify /dev/mmcblk0p2 with recoverykey.vbpubk:
+ futility vbutil_kernel --verify kern_0 --signpubkey recoverykey.vbpubk
Error verifying key block.
# FAILED
# copying /dev/mmcblk0p4 to kern_1...
+ dd if=/dev/mmcblk0p4 of=kern_1
32768+0 records in
32768+0 records out
16777216 bytes (17 MB, 16 MiB) copied, 0.229723 s, 73.0 MB/s
# Kernel /dev/mmcblk0p4:
+ futility vbutil_keyblock --unpack kern_1
Key block file: kern_1
Signature ignored
Flags: 7 !DEV DEV !REC
Data key algorithm: 4 RSA2048 SHA256
Data key version: 2
Data key sha1sum: 832c60acee15b84a7051528028872fa54e3655aa
# OK
# Verify /dev/mmcblk0p4 with kern_subkey_A.vbpubk:
+ futility vbutil_kernel --verify kern_1 --signpubkey kern_subkey_A.vbpubk
Key block:
Signature: valid
Size: 0x4b8
Flags: 7 !DEV DEV !REC
Data key algorithm: 4 RSA2048 SHA256
Data key version: 2
Data key sha1sum: 832c60acee15b84a7051528028872fa54e3655aa
Preamble:
Size: 0xfb48
Header version: 2.2
Kernel version: 1
Body load address: 0x100000
Body size: 0x4d2000
Bootloader address: 0x5d1000
Bootloader size: 0x1000
Flags : 0x0
Body verification succeeded.
Config:
console= loglevel=7 init=/sbin/init cros_secure oops=panic panic=-1 root=/dev/dm-0 rootwait ro dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 dm="1 vroot none ro 1,0 2539520 verity payload=PARTUUID=%U/PARTNROFF=1 hashtree=PARTUUID=%U/PARTNROFF=1 hashstart=2539520 alg=sha1 root_hexdigest=81e2802fa31bfa2c5bd1d125ea2b317a10414542 salt=341e074a731f557f30ad19e4f93aa6011183b42fdfe4a23589a321034e2592c8" noinitrd vt.global_cursor_default=0 kern_guid=%U
# OK
# TPM=0x00020001 this=0x00020001
# Verify /dev/mmcblk0p4 with kern_subkey_B.vbpubk:
+ futility vbutil_kernel --verify kern_1 --signpubkey kern_subkey_B.vbpubk
Key block:
Signature: valid
Size: 0x4b8
Flags: 7 !DEV DEV !REC
Data key algorithm: 4 RSA2048 SHA256
Data key version: 2
Data key sha1sum: 832c60acee15b84a7051528028872fa54e3655aa
Preamble:
Size: 0xfb48
Header version: 2.2
Kernel version: 1
Body load address: 0x100000
Body size: 0x4d2000
Bootloader address: 0x5d1000
Bootloader size: 0x1000
Flags : 0x0
Body verification succeeded.
Config:
console= loglevel=7 init=/sbin/init cros_secure oops=panic panic=-1 root=/dev/dm-0 rootwait ro dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 dm="1 vroot none ro 1,0 2539520 verity payload=PARTUUID=%U/PARTNROFF=1 hashtree=PARTUUID=%U/PARTNROFF=1 hashstart=2539520 alg=sha1 root_hexdigest=81e2802fa31bfa2c5bd1d125ea2b317a10414542 salt=341e074a731f557f30ad19e4f93aa6011183b42fdfe4a23589a321034e2592c8" noinitrd vt.global_cursor_default=0 kern_guid=%U
# OK
# TPM=0x00020001 this=0x00020001
# Verify /dev/mmcblk0p4 with recoverykey.vbpubk:
+ futility vbutil_kernel --verify kern_1 --signpubkey recoverykey.vbpubk
Error verifying key block.
# FAILED
# copying /dev/mmcblk0p6 to kern_2...
+ dd if=/dev/mmcblk0p6 of=kern_2
1+0 records in
1+0 records out
512 bytes copied, 0.00267367 s, 191 kB/s
# Kernel /dev/mmcblk0p6:
+ futility vbutil_keyblock --unpack kern_2
Invalid key block file: kern_2
vbutil_keyblock: Error reading key block.
# FAILED
+ od -Ax -tx1 kern_2 | head
000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*
000200
# copying /dev/sda6 to kern_3...
+ dd if=/dev/sda6 of=kern_3
32768+0 records in
32768+0 records out
16777216 bytes (17 MB, 16 MiB) copied, 0.204517 s, 82.0 MB/s
# Kernel /dev/sda6:
+ futility vbutil_keyblock --unpack kern_3
Key block file: kern_3
Signature ignored
Flags: 7 !DEV DEV !REC
Data key algorithm: 4 RSA2048 SHA256
Data key version: 1
Data key sha1sum: d6170aa480136f1f29cf339a5ab1b960585fa444
# OK
# Verify /dev/sda6 with kern_subkey_A.vbpubk:
+ futility vbutil_kernel --verify kern_3 --signpubkey kern_subkey_A.vbpubk
Error verifying key block.
# FAILED
# Verify /dev/sda6 with kern_subkey_B.vbpubk:
+ futility vbutil_kernel --verify kern_3 --signpubkey kern_subkey_B.vbpubk
Error verifying key block.
# FAILED
# Verify /dev/sda6 with recoverykey.vbpubk:
+ futility vbutil_kernel --verify kern_3 --signpubkey recoverykey.vbpubk
Error verifying key block.
# FAILED
,
Sep 25 2017
,
Sep 26
Issue has not been modified or commented on in the last 365 days, please re-open or file a new bug if this is still an issue. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||
►
Sign in to add a comment |
|||
Comment 1 by dave.kir...@gmail.com
, Sep 6 2017