firmware_LockedME test report pass when ME is not locked |
||||||||
Issue descriptionlockedME report pass when FW is not ME locked. Here are the content of test_that_results_H1Zkec/results-1-firmware_LockedME/firmware_LockedME/debug/firmware_LockedME.DEBUG (see attach for other logs/output) $ cat firmware_LockedME.DEBUG 08/11 09:14:57.167 DEBUG| test:0363| starting before_iteration_hooks 08/11 09:14:57.248 INFO | base_sysinfo:0392| ChromeOS BOARD = sand_1.1GHz_4GB 08/11 09:14:57.250 DEBUG| utils:0212| Running 'logger "autotest starting iteration /usr/local/autotest/results/default/firmware_LockedME/sysinfo/iteration.1 on sand_1.1GHz_4GB"' 08/11 09:14:57.265 DEBUG| test:0366| before_iteration_hooks completed 08/11 09:14:57.266 DEBUG| test:0380| starting test(run_once()), test details follow () 08/11 09:14:57.268 INFO | firmware_LockedME:0032| See if we have an ME... 08/11 09:14:57.269 DEBUG| utils:0212| Running 'flashrom -p host -V' 08/11 09:14:57.331 INFO | firmware_LockedME:0063| Check for Manufacturing Mode... 08/11 09:14:57.356 DEBUG| utils:0212| Running 'flashrom -p host -r 'bios.bin'' 08/11 09:15:06.138 DEBUG| utils:0212| Running 'dump_fmap -p 'bios.bin'' 08/11 09:15:06.149 INFO | firmware_LockedME:0116| Pull the ME components from the BIOS... 08/11 09:15:06.150 DEBUG| utils:0212| Running 'dump_fmap -x 'bios.bin' SI_DESC DEVICE_EXTENSION' 08/11 09:15:06.162 INFO | firmware_LockedME:0038| Try to write section SI_DESC... 08/11 09:15:06.163 INFO | firmware_LockedME:0040| Try to write section SI_DESC size 4096... 08/11 09:15:06.163 DEBUG| utils:0212| Running 'dd 'if=/dev/urandom' of=newdata count=1 bs=4096' 08/11 09:15:06.176 DEBUG| utils:0212| Running 'flashrom -p host -w 'bios.bin' -i 'SI_DESC:newdata' --fast-verify' 08/11 09:15:15.014 INFO | firmware_LockedME:0054| flashrom exit status 1 08/11 09:15:15.015 INFO | firmware_LockedME:0077| DEVICE_EXTENSION should be all 0xff... 08/11 09:15:15.167 INFO | firmware_LockedME:0038| Try to write section DEVICE_EXTENSION... 08/11 09:15:15.168 INFO | firmware_LockedME:0040| Try to write section DEVICE_EXTENSION size 524288... 08/11 09:15:15.169 DEBUG| utils:0212| Running 'dd 'if=/dev/urandom' of=newdata count=1 bs=524288' 08/11 09:15:15.592 DEBUG| utils:0212| Running 'flashrom -p host -w 'bios.bin' -i 'DEVICE_EXTENSION:newdata' --fast-verify' 08/11 09:15:16.311 INFO | firmware_LockedME:0054| flashrom exit status 255 08/11 09:15:16.312 DEBUG| test:0382| The test has completed successfully 08/11 09:15:16.312 DEBUG| test:0393| starting after_iteration_hooks 08/11 09:15:16.313 DEBUG| utils:0212| Running 'mkdir -p /usr/local/autotest/results/default/firmware_LockedME/sysinfo/iteration.1/var/spool' 08/11 09:15:16.323 DEBUG| utils:0212| Running 'rsync --no-perms --chmod=ugo+r -a --exclude=autoserv* --safe-links --exclude=*.core /var/spool/crash /usr/local/autotest/results/default/firmware_LockedME/sysinfo/iteration.1/var/spool' 08/11 09:15:16.337 DEBUG| utils:0212| Running 'rm -rf /var/spool/crash/*' 08/11 09:15:16.349 DEBUG| utils:0212| Running 'logger "autotest finished iteration /usr/local/autotest/results/default/firmware_LockedME/sysinfo/iteration.1"' 08/11 09:15:16.359 DEBUG| test:0396| after_iteration_hooks completed 08/11 09:15:16.360 DEBUG| logging_manager:0627| Logging subprocess finished 08/11 09:15:16.363 DEBUG| logging_manager:0627| Logging subprocess finished Device info Board and Stage : sand / DVT SKU3 Chrome OS Version : M60 9592.71.0 (Official Build) dev-channel sand test BIOS VERSION : Google_Sand.9042.122.0 / Google_Sand.9042.122.0 EC Version : sand_v1.1.5917-afce3b4 / sand_v1.1.5917-afce3b4 CPU arch : x86_64 CPU model : Intel(R) Celeron(R) CPU N3350 @ 1.10GHz CPU speed : 1101.0000 Total Memory : 3921092 kB Memory Type : 1-45: SK Hynix (Hyundai) | 00000000 | H9HCNNN8KUMLHR VPD info: mlb_serial_number=725006UTMBQC00056 customization_id=ACER-SAND region=us rlz_brand_code=ACBD serial_number=N8GP0WW0067260B0EC7600
,
Aug 11 2017
After remove the write protection, the test now failed with .122
08/11 10:13:08.580 WARNI| test:0616| The test failed with the following exception
Traceback (most recent call last):
File "/usr/local/autotest/common_lib/test.py", line 610, in _exec
_call_test_function(self.execute, *p_args, **p_dargs)
File "/usr/local/autotest/common_lib/test.py", line 818, in _call_test_function
return func(*args, **dargs)
File "/usr/local/autotest/common_lib/test.py", line 471, in execute
dargs)
File "/usr/local/autotest/common_lib/test.py", line 348, in _call_run_once_with_retry
postprocess_profiled_run, args, dargs)
File "/usr/local/autotest/common_lib/test.py", line 381, in _call_run_once
self.run_once(*args, **dargs)
File "/usr/local/autotest/tests/firmware_LockedME/firmware_LockedME.py", line 129, in run_once
self.try_to_rewrite('SI_DESC')
File "/usr/local/autotest/tests/firmware_LockedME/firmware_LockedME.py", line 53, in try_to_rewrite
raise error.TestFail('%s is writable, ME is unlocked' % sectname)
TestFail: SI_DESC is writable, ME is unlocked
So may be this is now a new requirement to remove WP before running ME lock.
,
Aug 11 2017
+lhui please update test case to have WP remove before running tests.
,
Aug 15 2017
if the region is locked, the MElock will always pass # mosys eeprom map | grep WP_RO host_firmware | WP_RO | 0x00000000 | 0x00400000 | # flashrom -p host --wp-enable --wp-range 0x00000000 0x00400000 flashrom v0.9.4 : 2842dd9 : Jun 05 2017 23:54:51 UTC on Linux 4.4.64-09098-g4504f6dcbb08 (x86_64) flashrom v0.9.4 : 2842dd9 : Jun 05 2017 23:54:51 UTC on Linux 4.4.64-09098-g4504f6dcbb08 (x86_64) coreboot table found at 0x7ab39000. WARNING: SPI Configuration Lockdown activated. spi_send_command called, but SPI is unsupported on this hardware. Please report a bug at flashrom@flashrom.org SUCCESS # flashrom -p host --wp-status flashrom v0.9.4 : 2842dd9 : Jun 05 2017 23:54:51 UTC on Linux 4.4.64-09098-g4504f6dcbb08 (x86_64) flashrom v0.9.4 : 2842dd9 : Jun 05 2017 23:54:51 UTC on Linux 4.4.64-09098-g4504f6dcbb08 (x86_64) coreboot table found at 0x7ab39000. WARNING: SPI Configuration Lockdown activated. WP: status: 0x34 WP: status.srp0: 0 WP: write protect is disabled. WP: write protect range: spi_send_command called, but SPI is unsupported on this hardware. Please report a bug at flashrom@flashrom.org start=0x00000000, len=0x00400000 noted the start and len value match the WP_RO values. This indicate the region is locked. With ME unlocked on firmware .122, lockedME test will always passed.
,
Sep 25 2017
+venkataraju see c#4, the WP_RO is locked even wp-status reported as disabled. +lhui, please double check you setting when running ME lock to ensure WP is truelly disabled.
,
Nov 16 2017
,
Nov 28 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/autotest/+/85542e0acc3c4c2a71df927b8f72cfd6edce7e47 commit 85542e0acc3c4c2a71df927b8f72cfd6edce7e47 Author: venkata srinivasa raju penmetcha <venkataraju@google.com> Date: Tue Nov 28 06:50:43 2017 firmware_LockedME: Check for SW WP status Prior to Apollolake only the contents of SI_DESC was used to protect SI_DESC. Starting with Apollolake, the SPI flash part can also protect SI_DESC, so this adds a check for software write protect. BUG= chromium:754760 TEST=test_that --board=soraka 172.22.18.16 firmware_LockedME with dut having wp on and off. Change-Id: If50a3db7903e380331d7a47cb7d577a8807754b1 Reviewed-on: https://chromium-review.googlesource.com/719427 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: Venkata Srinivasa Raju Penmetcha <venkataraju@chromium.org> Reviewed-by: Kevin Shelton <kmshelton@chromium.org> [modify] https://crrev.com/85542e0acc3c4c2a71df927b8f72cfd6edce7e47/client/site_tests/firmware_LockedME/firmware_LockedME.py
,
Nov 28 2017
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by dchan@chromium.org
, Aug 11 2017