Provide a way to produce firmware images for any model |
||||||
Issue descriptionIn the factory we need a way to obtain the firmware for a particular model. In the case of shared firmware the firmware update bundle (chromeos-firmwareupdate) may only have a single bios.bin. The easiest solution may be: chromeos-firmwareupdate --model <model> --output-dir <dir> The default model can be the one which actually has bios.bin (unless there is more than one). Specifying anything else will generate the correct bios.bin by putting the root key and vblock fragments into the correct bios.bin and outputting the resulting file. For ec.bin, I believe we can just use the same one, since software sync takes care of it. Is that right?
,
Sep 1 2017
See also crbug.com/750116 which suggests a firmware updater change
,
Sep 1 2017
For ec.bin we have bigger fish to fry if we need to mix different ec.bins with the same bios.bin. That's entirely composited in the coreboot ebuild currently. New solutions would need to be made to deal with that situation. FYI: there's even bigger problems coming down the pike with a signed ec.bin sitting in the coreboot cbfs. :)
,
Sep 1 2017
,
Sep 1 2017
OK so for now I think we can just worry about bios.bin I can see the firmware update getting more complicated as time goes by :-(
,
Sep 7 2017
,
Sep 8 2017
,
Sep 11 2017
,
Sep 16 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/firmware/+/6ebdc96152dd20dabec96c4a4bf04f122003e1e4 commit 6ebdc96152dd20dabec96c4a4bf04f122003e1e4 Author: C Shapiro <shapiroc@chromium.org> Date: Sat Sep 16 19:15:04 2017 pack_dist: Support to extract a signed model image To support factory imaging of machinges, model specific firmware images are needed, which aren't tied to executing the firmware updater shellball. This allows firmware images to be generated with the following: chromeos-firmwareupdate --mode=output --model=coral --output_file=x BUG= chromium:761228 TEST=gen loem signed image, extract firmware updater and verified --mode=output Change-Id: I60ff83f23e19b06b00ba756b504c6a2e5287d715 Reviewed-on: https://chromium-review.googlesource.com/660402 Commit-Ready: C Shapiro <shapiroc@google.com> Tested-by: Simon Glass <sjg@chromium.org> Tested-by: C Shapiro <shapiroc@google.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: C Shapiro <shapiroc@google.com> [modify] https://crrev.com/6ebdc96152dd20dabec96c4a4bf04f122003e1e4/pack_dist/crosutil.sh [modify] https://crrev.com/6ebdc96152dd20dabec96c4a4bf04f122003e1e4/pack_dist/updater4.sh [modify] https://crrev.com/6ebdc96152dd20dabec96c4a4bf04f122003e1e4/pack_dist/common.sh
,
Sep 21 2017
Shall I assign this to myself to add a test?
,
Sep 21 2017
Created ... https://bugs.chromium.org/p/chromium/issues/detail?id=767395 closing this issue
,
Sep 21 2017
,
Sep 26 2017
The test envisaged in crbug.com/767395 is actually a broader test. My intent with pack_firmware is to have coverage for its functionality, independently of other pieces. I'll update a few CLs to address this.
,
Sep 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/firmware/+/0ce010b0b414f27734c9e09ddbb2af736a91f027 commit 0ce010b0b414f27734c9e09ddbb2af736a91f027 Author: Simon Glass <sjg@chromium.org> Date: Tue Sep 26 23:14:04 2017 pack_firmware: Add a test for -V output When the firmware updater is run with the first argument -V it outputs version information for the firmware it contains and a list of file checksums. At present there is no test for this. Add one. BUG= chromium:761228 , chromium:690573 TEST=PYTHONPATH=~/c python pack_firmware_unittest.py && \ PYTHONPATH=~/c python pack_firmware_functest.py Change-Id: I184343472aab76581e7a94a379280814118ad445 Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/684534 Reviewed-by: Jason Clinton <jclinton@chromium.org> Reviewed-by: C Shapiro <shapiroc@google.com> [modify] https://crrev.com/0ce010b0b414f27734c9e09ddbb2af736a91f027/pack_firmware_functest.py
,
Sep 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/firmware/+/54e567ec23fa7e4ad6fe0f0e19e6b55dc2a5e30d commit 54e567ec23fa7e4ad6fe0f0e19e6b55dc2a5e30d Author: Simon Glass <sjg@chromium.org> Date: Tue Sep 26 23:14:05 2017 pack_firmware: Move test setup into a function We plan to use the same arguments to the firmware packer in several tests. In preparation for this, move the new setup code into a new function. BUG= chromium:761228 , chromium:690573 TEST=PYTHONPATH=~/c python pack_firmware_unittest.py && \ PYTHONPATH=~/c python pack_firmware_functest.py Change-Id: Iaa192b54b0b300ea1c99f544386324d7458dd71d Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/684535 Reviewed-by: Jason Clinton <jclinton@chromium.org> Reviewed-by: C Shapiro <shapiroc@google.com> [modify] https://crrev.com/54e567ec23fa7e4ad6fe0f0e19e6b55dc2a5e30d/pack_firmware_functest.py
,
Sep 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/firmware/+/89ac5dc83cc7851368971bb731c8591bc3c22501 commit 89ac5dc83cc7851368971bb731c8591bc3c22501 Author: Simon Glass <sjg@chromium.org> Date: Tue Sep 26 23:14:05 2017 pack_firmware: Add a test for the 'output' mode Running the firmware updater with mode 'output' writes out the firmware files to the given directory. Add a simple test for this. It does not currently cover the updater's replacement of root key / vblock regions, so the contents of these are ignored. BUG= chromium:761228 , chromium:690573 TEST=PYTHONPATH=~/c python pack_firmware_unittest.py && \ PYTHONPATH=~/c python pack_firmware_functest.py Change-Id: I445df67cdc72761316d8c1a92e52c84898340c8e Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/684536 Reviewed-by: Jason Clinton <jclinton@chromium.org> Reviewed-by: C Shapiro <shapiroc@google.com> [modify] https://crrev.com/89ac5dc83cc7851368971bb731c8591bc3c22501/pack_firmware_functest.py
,
Sep 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/firmware/+/3330e07b88f36c3e678cdddc1edd9ed0fb227fff commit 3330e07b88f36c3e678cdddc1edd9ed0fb227fff Author: Simon Glass <sjg@chromium.org> Date: Tue Sep 26 23:14:05 2017 pack_firmware: Add a test for signed firmware output The firmware updater now supports a mode where it outputs signed firmware for a given model. This works by starting with a base image and inserting the rootkey/vblock regions (generated by the signer) into the image. Add a test that this works correctly. For this we use predefined rootkey / vblock files. These are compressed to save ~240KB of space in the repo. We don't currently have a test of signer functionality (see for example crbug.com/767395) but this test checks that the firware updater operates as intended. Since the 'output' and 'autoupdate' modes use the same code to generate the image for a model, this test has the happy side benefit of adding test coverage for this important part of the autoupdate mode. BUG= chromium:761228 , chromium:690573 TEST=PYTHONPATH=~/c python pack_firmware_unittest.py && \ PYTHONPATH=~/c python pack_firmware_functest.py Change-Id: I9182966440d471d730e4e5ff545144a5bec0cc51 Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/684537 Reviewed-by: Jason Clinton <jclinton@chromium.org> Reviewed-by: C Shapiro <shapiroc@google.com> [add] https://crrev.com/3330e07b88f36c3e678cdddc1edd9ed0fb227fff/functest/vblock_A.reef.gz [add] https://crrev.com/3330e07b88f36c3e678cdddc1edd9ed0fb227fff/functest/vblock_B.electro.gz [add] https://crrev.com/3330e07b88f36c3e678cdddc1edd9ed0fb227fff/functest/vblock_B.reef.gz [add] https://crrev.com/3330e07b88f36c3e678cdddc1edd9ed0fb227fff/functest/rootkey.electro [add] https://crrev.com/3330e07b88f36c3e678cdddc1edd9ed0fb227fff/functest/rootkey.reef [modify] https://crrev.com/3330e07b88f36c3e678cdddc1edd9ed0fb227fff/pack_firmware_functest.py [add] https://crrev.com/3330e07b88f36c3e678cdddc1edd9ed0fb227fff/functest/vblock_A.electro.gz
,
Sep 27 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/firmware/+/fd1cc50938ec23aec3ee29b2c4157df0797a64a9 commit fd1cc50938ec23aec3ee29b2c4157df0797a64a9 Author: Simon Glass <sjg@chromium.org> Date: Wed Sep 27 19:57:55 2017 pack_firmware: Run flashrom with 'sudo' in chroot When running tests from the ebuild, /usr/sbin/flashrom does not start up because it cannot access the lock file: Cannot open lockfile /run/lock/firmware_utility_lockCould not acquire lock. The invocation silently fails and is not detected by the firmware update script and this causes it to fail to insert the expected keys. The update script normally runs as root on a device, so this problem is avoided in practice. For tests, trying to invoke the updater itself with 'sudo' causes the following error: ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored. For tests the easiest fix is to invoke flashrom with 'sudo'. Update the fake flashrom script to do this. BUG= chromium:761228 , chromium:690573 TEST=FEATURES=test emerge-reef-uni chromeos-firmware-update FEATURES=test sudo -E emerge-reef-uni chromeos-firmware-update Change-Id: I296596445bd92ff926e2e7dca59d839c10b65e31 Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/686994 Reviewed-by: Jason Clinton <jclinton@chromium.org> [modify] https://crrev.com/fd1cc50938ec23aec3ee29b2c4157df0797a64a9/functest/flashrom [modify] https://crrev.com/fd1cc50938ec23aec3ee29b2c4157df0797a64a9/pack_firmware_functest.py
,
Sep 27 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/firmware/+/9756e2ed5cf5be52a794f5d6a561e8b5ecc94e79 commit 9756e2ed5cf5be52a794f5d6a561e8b5ecc94e79 Author: Simon Glass <sjg@chromium.org> Date: Wed Sep 27 19:57:55 2017 pack_firmware: Refactor _SetupArgs() to return expected files We have code which figures out the expected files in a firmware update. Move this into _SetupArgs() which has two benefits: - There is no need to return the model anymore - We can return the list of expected files which will be used by more than one test BUG= chromium:761228 , chromium:690573 TEST=PYTHONPATH=~/c python pack_firmware_unittest.py && \ PYTHONPATH=~/c python pack_firmware_functest.py Change-Id: Ib53f930554d80fc4185a171c61eefcabc2099a6b Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/686995 Reviewed-by: Jason Clinton <jclinton@chromium.org> Reviewed-by: C Shapiro <shapiroc@google.com> [modify] https://crrev.com/9756e2ed5cf5be52a794f5d6a561e8b5ecc94e79/pack_firmware_functest.py
,
Sep 27 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/firmware/+/3d07c3814c57688a0c3d08c233669349e66e97a5 commit 3d07c3814c57688a0c3d08c233669349e66e97a5 Author: Simon Glass <sjg@chromium.org> Date: Wed Sep 27 19:57:55 2017 pack_firmware: Split -V testing into its own test This test was originally tacked onto the end of the unified build test to save run time, but really that does not seem very important. Split it out into its own test in preparation for adding a special case for this code path. This allows us to see what is actually needed to make -V work (it doesn't need to run the fake scripts so does not need environment variables to be set up). BUG= chromium:761228 , chromium:690573 TEST=PYTHONPATH=~/c python pack_firmware_unittest.py && \ PYTHONPATH=~/c python pack_firmware_functest.py Change-Id: I4f099bef2dc48dbab11dc63194cfb7d3873a747b Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/686996 Reviewed-by: Jason Clinton <jclinton@chromium.org> Reviewed-by: C Shapiro <shapiroc@google.com> [modify] https://crrev.com/3d07c3814c57688a0c3d08c233669349e66e97a5/pack_firmware_functest.py
,
Sep 27 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/firmware/+/6f755ff0fea3a797285b35778465a30309078108 commit 6f755ff0fea3a797285b35778465a30309078108 Author: Simon Glass <sjg@chromium.org> Date: Wed Sep 27 19:57:55 2017 pack_firmware: Simplify the -V test This test sets up a lot of environment variables that are not needed by the firmware upgrade script for the -V case. Separate out the code to make it clearer what is needed. BUG= chromium:761228 , chromium:690573 TEST=PYTHONPATH=~/c python pack_firmware_unittest.py && \ PYTHONPATH=~/c python pack_firmware_functest.py Change-Id: Id651373b8eb3d343c54be6f0dd0fe8674a98e726 Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/686997 Reviewed-by: Jason Clinton <jclinton@chromium.org> Reviewed-by: C Shapiro <shapiroc@google.com> [modify] https://crrev.com/6f755ff0fea3a797285b35778465a30309078108/pack_firmware_functest.py |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by sjg@chromium.org
, Sep 1 2017