This patch implements a relatively simple hash-based verification scheme
for downloaded files (tarballs):
After buildgcc downloads a file or notices that it has already been
downloaded, it hashes the file, and compares the hash against the known
hash stored in util/crossgcc/sum/$filename.cksum. Two errors can occur:
1. The hash file is missing. In this case, crossgcc asks the user to
verify the authenticity of the downloaded file. It also calculates
its hash and stores it in util/crossgcc/sum/$filename.cksum.calc.
If the file is authentic, the user may rename the calculated hash
file to $filename.cksum, so that it can be found the next time
buildgcc is started.
2. The known hash and the calculated hash differ. This is the case that
this patch seeks to protect against, because it may imply that the
downloaded file was unexpectedly changed, either in transit
(Man-in-the-Middle attack) or on the file server that it was
downloaded from. If buildgcc detects such a hash mismatch, it asks
the user to delete the downloaded file and retry, because it can also
be caused by a benign network error. If, however, the error persists,
buildgcc can't continue without risking that the user runs malicious
code, and it stops.
Note: The hash algorithm may be changed in the future, but for now I
left it at SHA-1, to avoid bloating this patch.
Change-Id: I0d5d67b34684d02011a845d00f6f5b6769f43b4f
Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Reviewed-on: https://review.coreboot.org/21592
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Julius made some suggestions to fix/improve commit 46300aa2.
Implement those.
BUG=b:66681446
Change-Id: I6becac9ffdcc65745e88734dfb80d12b581584a1
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/21757
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
The cbmem utility has inherited some workarounds that originated
from the default 1 MiB mapping always working. This 1 MiB mmap
won't necessarily succeed if the 1 MiB encroaches on a subsequent
memory range that has different cacheability.
To fix this, map in only 4 KiB when the table size is not known which is
the case for any forwarding entry or any low table entries on x86. That
smaller mapping is then searched for a valid header. Once a valid header
is found the full table is mapped and parsed allowing a forwarding entry
to take precedence.
Lastly, the lbtable is kept mapped in such that other operations can
just operate on mapping that was previously parsed.
In order to allow multiple in-flight mappings a struct mapping was
added which caused the ripple within the code. However, there shouldn't
be any more reasons for putting weird heuristics for when to fail. If
the tables are bad then it's very much possible that mappings will fail.
Retrying when the exact sizes are already known won't fix those issues.
BUG=b:66681446
Change-Id: Ica0737aada8dc07311eae867e87ef2fd24eae98d
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/21718
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Since the mapping is const just make all the data structure accesses
const.
BUG=b:66681446
Change-Id: I018cf2f2bfea2e736b097ecd1242af19c878ecb5
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/21719
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
vboot images come with multiple regions carrying CBFS file systems. To
expedite hashing (from slow flash memory), the FW_MAIN_* regions are
truncated since they typically have pretty large unused space at the
end that is of no interest.
For test purposes it can be useful to re-engage that space, so add a
command that creates a new empty file entry covering that area (except
for the last 4 bytes for the master header pointer, as usual).
BUG=b:65853903
BRANCH=none
TEST=`cbfstool test.bin expand -r FW_MAIN_A` creates a new empty file of
the expected size on a Chrome OS firmware image.
Change-Id: I160c8529ce4bfcc28685166b6d9035ade4f6f1d1
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/21598
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
- Fix typo in comment
- Aphabetize package list and put each package on a single line
- Add environment variables into coreboot user's .bashrc file
- Add openssl, qemu, and shellcheck to installed packages
Change-Id: I37771be5d3ecaa61d76d99e689b422144a6d7dc6
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/21582
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Chris Ching <chingcodes@chromium.org>
- Update checkpatch.pl to version 0547fa58
(checkpatch: add 6 missing types to --list-types)
- Update spelling.txt to version d9f91f8
(scripts/spelling.txt: add a bunch more spelling mistakes)
- Fix an additional unescaped left brace in a regex - causes warnings
in new versions of perl.
Change-Id: Ic443099e90a46280f18d58799afc72d00dc83793
Signed-off-by: Martin Roth <gaumless@gmail.com>
Reviewed-on: https://review.coreboot.org/21581
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Chris Ching <chingcodes@chromium.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
If results are uploaded the temporary directory in which they are
stored gets deleted, yet we currently point to the deleted directory in
the output.
This patch fixes it so that we point to the actual location in the local
repository where uploaded results are found.
Change-Id: I1f42c3296ec1d19fcfa4911307e07e67de289895
Signed-off-by: David Hendricks <david.hendricks@gmail.com>
Reviewed-on: https://review.coreboot.org/21415
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Add find_fcba(), find_frba(), find_fmba(), find_fpsba()
and find_fmsba() to replace those copy-pasted addressings.
This commit is one separated from the original I6d05418c.
Change-Id: I98965711e4cb9792e5cc86cc4c1035559e0274f5
Signed-off-by: Bill XIE <persmule@gmail.com>
Reviewed-on: https://review.coreboot.org/21511
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Redesign some array-like structures as true arrays,
and rewrite functions to dump them as loops.
This commit is one separated from the original I6d05418c.
Change-Id: I161c9a2ae83d26e658d67d0804e943fff95fe076
Signed-off-by: Bill XIE <persmule@gmail.com>
Reviewed-on: https://review.coreboot.org/21510
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
There is no reason to keep a separate region_filenames array,
so I merge it into region_name(s).
This commit is one separated from the original I6d05418c.
Change-Id: I38489c6d3b3c161e9b0281188e6cdd0b62e38335
Signed-off-by: Bill XIE <persmule@gmail.com>
Reviewed-on: https://review.coreboot.org/21509
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Const-correct some functions which do not write back,
and use pointers to access existing region_t variables.
The last changeset is dismantled this time.
This commit is only focused on const-correctness.
Change-Id: I6d05418c8b32fa31dcd038a3e56f9aefe13fa9c4
Signed-off-by: Bill XIE <persmule@gmail.com>
Reviewed-on: https://review.coreboot.org/21288
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This allows the user to specify a custom path for cbmem on the DUT.
Change-Id: I2c28737d6efaae238fd6831cd3d00b2142b39a4c
Signed-off-by: David Hendricks <david.hendricks@gmail.com>
Reviewed-on: https://review.coreboot.org/21565
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Sometimes the BUG/BRANCH/TEST metadata isn't separated by a newline
from the later git/gerrit metadata, which messes up further processing.
Add that newline to minimize the amount of human intervention required.
Change-Id: I37171bf6764b64e0ab0e81297a03f4d8b7744256
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/21534
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
An internal index `i` was previously allocated as
Elf64_Half which is uint16_t. Bumping to uint64_t
increases the number of allowed symbols and prevents
a segfault in processing a larger ramstage.debug file.
Also introduce a separate counter for the number of sections.
Change-Id: I9ad2f64c452cef2e7bf957f766600891cb5ae798
Signed-off-by: Damien Zammit <damien@zamaudio.com>
Reviewed-on: https://review.coreboot.org/21360
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
We don't actually care for them on our testers, just that the files
can be built.
Change-Id: Ib656a085d70e2aeb1601f1943ad8581af3133839
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/21420
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
The regular build doesn't build it, so it fails every now and then due
to changes in its dependencies.
Make sure we notice these early.
Change-Id: I0603b22887487d8871611d91e6f8ab0ec210bff1
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: https://review.coreboot.org/21390
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Adds -A --any-toolchain option to abuild
This is handy for those who want to test compiling
all board configs with abuild using a non-coreboot toolchain
Change-Id: Idd599b0d2c324ad88ba3c83cdf3b180eb6d1fc80
Signed-off-by: Damien Zammit <damien@zamaudio.com>
Reviewed-on: https://review.coreboot.org/21352
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Add a missing line-break escape and, rather cosmetic, guard execution of
$CXX which we allow but don't force to be set.
Change-Id: Icf6d3b7de4b7999b8214489f28997964c490d1e9
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/21307
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Jenkins is giving warnings due tainted variables from the environment
and command line:
Insecure $ENV{PATH} while running setgid at util/lint/checkpatch.pl line
907, <$conststructs> line 39.
Insecure dependency in piped open while running setgid at
util/lint/checkpatch.pl line 907, <$conststructs> line 39.
This should fix those warnings.
Change-Id: I6a09915d13547bf9a86c011d44cbcd39c46f3fec
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/21293
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
This patch has been provided by Mentor Chih-Chyang Chang
on behalf of Andes Technology. It fixes using the coreboot
toolchain to compile the Chrome EC code base on the ITE8320
embedded controller.
The new patch incorporates a fix for the issue previously
fixed by patches/gcc-6.3.0_nds32.patch, so that patch can
be removed.
patches/gcc-6.3.0_riscv.patch needs to be slightly adjusted
to still apply cleanly (configure scripts only).
Change-Id: I0033888360f13ba951b692b3242aab6697ca61b3
Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-on: https://review.coreboot.org/20901
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
In case there is no mode selected, sys and cpu variables are not
initialized, causing a segfault on exit (goto done).
Change-Id: I4a183c267e306598627c1612f4633f1e19019f3c
Signed-off-by: Maciej Suminski <maciej.suminski@cern.ch>
Reviewed-on: https://review.coreboot.org/21026
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Pratikkumar V Prajapati <pratikkumar.v.prajapati@intel.com>
Passing a string containing output from strerror() to perror() causes
double error message display. It is also causing segfaults when the
error message is longer than temp_string capacity.
To fix the problems, sterror() call has been removed so the error
message is printed only once. This could be enough to avoid segfaults,
but it is a good practice to limit output size with snprintf().
Change-Id: I5ccc37e404f278cafae0a451c5acaa27d7907cce
Signed-off-by: Maciej Suminski <maciej.suminski@cern.ch>
Reviewed-on: https://review.coreboot.org/21025
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Relevant changes (commit 2e8761e):
* Add an option to truncate the ME image file
* Add full support for Skylake (ME 11) and following, including
modules removal, truncation informations and partition
relocation
* Add two options to generate a shrinked ME image file and the
corresponding descriptor with a modified flash layout
* Update README.md
* Bug fixes
Also add a link to the usage guide in the Kconfig help.
Change-Id: I690c5d558139f64f38babf3c0988b53834ba8b37
Signed-off-by: Nicola Corna <nicola@corna.info>
Reviewed-on: https://review.coreboot.org/20915
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
- fix the error caused by signed integer extension
- fix fopen mode
- one minor style fix
Change-Id: Iacc4ea50515ea219bc1868dae0446d576e8dce0c
Signed-off-by: Iru Cai <mytbk920423@gmail.com>
Reviewed-on: https://review.coreboot.org/21013
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
The final newline check is taking longer than we'd like to run. Since
it runs on every commit as part of the pre-commit check, we want that
to run faster than it currently does.
Remove LINT_SKIP_NEWLINE_CHECK as it's no longer needed.
Change-Id: Ie945dd6caba84e0d23af499d43367d70b1696089
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/20872
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
The current signed-off-by check doesn't really work well as a lint
stable test being run by the pre-commit git hook. This test looks
at the PREVIOUS commit instead of the staged commit, which works well
on the server. In looking for a way to check the staged commit message,
I found the commit-msg hook, which is the correct way to check the
staged message.
- Update the commit message check from a lint-stable test to a
lint-extended test.
- Add the check for signed-off-by to the commit-msg hook
Change-Id: I8be8aef25730d988c7cf1586ae66ecb839d5f756
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/20920
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Chris Ching <chingcodes@chromium.org>
Apparently the script's output text is unclear.
Emphasize the file name, keeping the dot to close the sentence.
Change-Id: I1f214b71629eda5fc54e5671ce63e58948343656
Signed-off-by: Idwer Vollering <vidwer@gmail.com>
Reviewed-on: https://review.coreboot.org/21012
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Nico Huber <nico.h@gmx.de>
- Add lint-extended as a valid option
- Call lint-extend from what-jenkins-does and test-lint
- When logging to a junit.xml file, name the file extended-junit.xml
so it doesn't conflict with the stable junit.xml file.
Change-Id: I7e4156844b8c60790e03a0e43564610bb0c8f386
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/16362
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Chris Ching <chingcodes@chromium.org>
The checkpatch script takes a while to run, so don't add it to the
lint-stable checks which run pre-commit.
Change-Id: I907176c21c057564495b75133ba10b0761c9fe7b
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/16360
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Chris Ching <chingcodes@chromium.org>
Using sys/cdefs.h would come to mind,
however this include would not solve the build error.
Built and runtime tested on FreeBSD 12.0-CURRENT, r322031
Change-Id: I6ec9bc7fea72aa69a41439e002f381bd5e5b6bc6
Signed-off-by: Idwer Vollering <vidwer@gmail.com>
Reviewed-on: https://review.coreboot.org/20924
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Currently the only testing we had was 'what-jenkins-does' and
'make lint'. While the lint testing is suitable for developers,
the 'what-jenkins-does' target really isn't, as it was designed
specifically for testing on jenkins.
This adds the infrastructure for basic tests that are more suitable
for the developer. Extended tests and improvements will follow.
Add the coreboot-builds directories to .gitignore.
TODO:
- Save/restore .config
- Update test-abuild to use existing COREBOOT_BUILD_DIR variable
Change-Id: I19e1256d79531112ff84e47a307f55791533806f
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/20874
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Chris Ching <chingcodes@google.com>
In preparation for expanding the testing, move the test targets
out of the top level Makefile.inc and into a separate
subdirectory.
Change-Id: Ie252c7555223f9ce76b54e6f7b66d03f3cf60500
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/20873
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Chris Ching <chingcodes@google.com>
- Check for original LinuxBIOS header from LANL
- Check for the BSD style license used in x86emu
- Add top level checks for src/cpu and src/vboot
- Add drivers dir check for aspeed, emulation, and sil
- Add mainboard dir check for digitallogic
Change-Id: Ie1ef6a39fd1d184815d22235d43780caedb2ca95
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/19122
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Chris Ching <chingcodes@google.com>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
The newline lint check takes forever as it checks every file
in the git repo -- not just the files changed. To add insult to
injury these checks are performed on every commit. Allow one to
skip this check by setting the LINT_SKIP_NEWLINE_CHECK environment
variable.
Change-Id: I1cd5c50627b73d68b0da2fcb2d9546eb874a7959
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/20903
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
the __must_check function attribute is pretty much straight from the
linux kernel - used to encourage callers to consume function return
values.
Change-Id: I1812d957b745d6bebe2a8d34a9c4862316aa8530
Signed-off-by: Caveh Jalali <caveh@google.com>
Reviewed-on: https://review.coreboot.org/20881
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Taken from crosstool-ng and and re-applied to 0.8.13
Change-Id: I43ad23b66ec10915cc68be8c395825f4f9161725
Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-on: https://review.coreboot.org/20800
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Ronald G. Minnich <rminnich@gmail.com>
Among other improvements, the new GDB has a new GDB/CLI
command to erase flash memory and a few Python scripting
enhancements.
Change-Id: Ie3852d5bc74617d3e05509e19bbd1caa281da3e0
Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-on: https://review.coreboot.org/20799
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Martin Roth <martinroth@google.com>
Add support for setting addresses of blobs only, and using address in
memory when ROM is mapped
Change-Id: I053c55253eee00558071d15923e3eb17b1e8410c
Signed-off-by: Iru Cai <mytbk920423@gmail.com>
Reviewed-on: https://review.coreboot.org/20474
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
We recently changed all PACKED, __PACKED, __attribute__((packed)) ... to
__packed to gain some consistency. In cbfstool we use compiler.h to
provide that where necessary.
The cross compiler I use doesn't provide __packed by itself, but liblz4
doesn't compensate for that. Therefore include compiler.h, and to avoid
adding dependencies to non-liblz4 code, do so through the command line.
Change-Id: I581e45639ac3e103af7c16793e8effe2e632dec7
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/20836
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>