New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 856763 link

Starred by 1 user
Status: Closed
Owner:
tbrindus@chromium.org
Email to this user bounced
Closed: Aug 15
Cc:
ahass...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Feature

Blocking:
issue 845589



Sign in to add a comment

Mechanism for handling configuration files during recovery/powerwash

Reported by tbrindus@chromium.org, Jun 26 2018 
For features like chromium:793878 we need some way to copy configuration files from a recovery image to the stateful partition of the target device, as well as have a utility to securely erase them later on, after they have been applied on the device.


Some care should be taken that the files are permanently destroyed (we'd need to overwrite them before removing the inode, otherwise they'd still be accessible), and that any related data is not present in the ext4 journal.

Comment 1 by tbrindus@chromium.org, Jun 26 2018

Description: Show this description

Comment 2 by ahass...@chromium.org, Jun 26 2018

Blocking: 845589
Labels: -Pri-3 OS-Chrome Pri-1
Project Member

Comment 3 by bugdroid1@chromium.org, Jun 27 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/55c0638621cad8fe002f420d317242d963d598f9

commit 55c0638621cad8fe002f420d317242d963d598f9
Author: Tudor Brindus <tbrindus@chromium.org>
Date: Wed Jun 27 20:52:39 2018

installer: Copy OOBE auto-config to target device during recovery

If a recovery media was provisioned with auto-config data (oobe_auto_config/),
we should copy it over to the target device during recovery.

BUG= chromium:856763 
TEST=no errors during recovery; config is on target device after reboot

Change-Id: Id8103e1987897952fb3de24853e402438f0259f2
Reviewed-on: https://chromium-review.googlesource.com/1079488
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Tudor Brindus <tbrindus@chromium.org>
Reviewed-by: Amin Hassani <ahassani@chromium.org>

[modify] https://crrev.com/55c0638621cad8fe002f420d317242d963d598f9/installer/chromeos-install
Project Member

Comment 4 by bugdroid1@chromium.org, Jul 2 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/348749186de1d9d14ae1ef3ad50f90683eb0a5bb

commit 348749186de1d9d14ae1ef3ad50f90683eb0a5bb
Author: Tudor Brindus <tbrindus@google.com>
Date: Mon Jul 02 22:32:41 2018

installer: Add chromeos-saferemove script and dependency on secure-erase-file

BUG= chromium:856763 
TEST=package builds
CQ-DEPEND=CL:1114350

Change-Id: Ib01ab30f355b1c34b223f6ad0fc8ca4824c3d576
Reviewed-on: https://chromium-review.googlesource.com/1117821
Commit-Ready: Tudor Brindus <tbrindus@chromium.org>
Tested-by: Tudor Brindus <tbrindus@chromium.org>
Reviewed-by: Amin Hassani <ahassani@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/348749186de1d9d14ae1ef3ad50f90683eb0a5bb/chromeos-base/chromeos-installer/chromeos-installer-9999.ebuild
Project Member

Comment 5 by bugdroid1@chromium.org, Jul 2 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/5c6516422880b6830cd2f99e29f12b03b6e53623

commit 5c6516422880b6830cd2f99e29f12b03b6e53623
Author: Tudor Brindus <tbrindus@chromium.org>
Date: Mon Jul 02 22:32:42 2018

installer: Add script to delete OOBE autoconfig data after it has been applied

This commit adds a utility to recursively securely erase all contents of
/mnt/stateful_partition/oobe_auto_config with secure_erase_file, before
deleting the top-level directory.

BUG= chromium:856763 
TEST=no errors during running; file contents not accessible to software
  post-deletion
CQ-DEPEND=CL:1117821

Change-Id: Ibea6c9e21f69d33d691ae5e47a6b3b5ed119c8d8
Reviewed-on: https://chromium-review.googlesource.com/1114350
Commit-Ready: Tudor Brindus <tbrindus@chromium.org>
Tested-by: Tudor Brindus <tbrindus@chromium.org>
Reviewed-by: Amin Hassani <ahassani@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>

[add] https://crrev.com/5c6516422880b6830cd2f99e29f12b03b6e53623/installer/chromeos-saferemove
Project Member

Comment 6 by bugdroid1@chromium.org, Jul 3 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/d7d5cf31fbfb1eecce029e3baac07c3a319a0231

commit d7d5cf31fbfb1eecce029e3baac07c3a319a0231
Author: Tudor Brindus <tbrindus@chromium.org>
Date: Tue Jul 03 21:59:28 2018

installer: Grab OOBE auto-config from unencrypted/

This commit moves the expected location of OOBE auto-config data from
/stateful/oobe_auto_config to /stateful/unencrypted/oobe_autoconfig.

BUG= chromium:856763 
TEST=no errors during recovery; config is on target device after reboot

Change-Id: I08eb483224e0f8b75136cbeb087f0c0a35fb652c
Reviewed-on: https://chromium-review.googlesource.com/1123068
Commit-Ready: Tudor Brindus <tbrindus@chromium.org>
Tested-by: Tudor Brindus <tbrindus@chromium.org>
Reviewed-by: Amin Hassani <ahassani@chromium.org>

[modify] https://crrev.com/d7d5cf31fbfb1eecce029e3baac07c3a319a0231/installer/chromeos-install
Project Member

Comment 7 by bugdroid1@chromium.org, Jul 12 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/542d8aea4e9b383fc05dcd6cb3ce645ef68e380a

commit 542d8aea4e9b383fc05dcd6cb3ce645ef68e380a
Author: Tudor Brindus <tbrindus@chromium.org>
Date: Thu Jul 12 18:35:43 2018

installer: Keep chromeos-saferemove from exiting with 1 under normal operation

It is possible that chromeos-saferemove exit with 1 if the calling user
does not have permissions on the parent directory of the last directory
in `SAFE_REMOVE_PATHS` -- in this case, the data has already been
removed, but the script will report an error because the directory node
itself could not be removed.

BUG= chromium:856763 
TEST=0 exit code when running with undeletable directory

Change-Id: I9f9a5ae2d2d4d1075d507924aefc60db902a29ba
Reviewed-on: https://chromium-review.googlesource.com/1125096
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Tudor Brindus <tbrindus@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/542d8aea4e9b383fc05dcd6cb3ce645ef68e380a/installer/chromeos-saferemove

Comment 8 by benhenry@chromium.org, Aug 3

Status: Assigned (was: Untriaged)
This bug has an owner, thus, it's been triaged. Changing status to "assigned".
Project Member

Comment 9 by bugdroid1@chromium.org, Aug 7 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/3d7c5b84d46a5b9b2f384bb9e26eeab6d052beef

commit 3d7c5b84d46a5b9b2f384bb9e26eeab6d052beef
Author: Tudor Brindus <tbrindus@chromium.org>
Date: Tue Aug 07 14:31:23 2018

Revert "installer: Copy OOBE auto-config to target device during recovery"

This reverts commit 55c0638621cad8fe002f420d317242d963d598f9.

We are no longer pursuing copying over configuration files off the
recovery media to the target device (instead, we read them from the USB
directly).

BUG= chromium:856763 
TEST=no errors during recovery

Change-Id: I62910c1c87a33f4c86279098fa01903ecb829178
Reviewed-on: https://chromium-review.googlesource.com/1164634
Commit-Ready: Tudor Brindus <tbrindus@chromium.org>
Tested-by: Tudor Brindus <tbrindus@chromium.org>
Reviewed-by: Amin Hassani <ahassani@chromium.org>

[modify] https://crrev.com/3d7c5b84d46a5b9b2f384bb9e26eeab6d052beef/installer/chromeos-install

Comment 10 by tbrindus@chromium.org, Aug 15

Status: Closed (was: Assigned)

Sign in to add a comment