commit | eb2fa0800cc6c98d3fc743f5d14601b09cfa0893 | [log] [tgz] |
---|---|---|
author | Daisuke Nojiri <dnojiri@chromium.org> | Wed Sep 09 15:37:26 2020 |
committer | Commit Bot <commit-bot@chromium.org> | Thu Sep 10 23:42:15 2020 |
tree | 9b119d2bf1a8adda71beea2e74ae3c59bc2f7e44 | |
parent | c49054d7c409699f5a7c51c42d28f09990fb6ad1 [diff] |
COIL: Add unblocked_terms.txt to block keywords Currently the global blocked_terms.txt (in repohooks) are in effect. Since it's identical to the global unblocked_terms.txt, nothing is being blocked. This patch adds a local unblocked_terms.txt, which overrides the global list. Thus, future CLs which contain the words listed in the global blocked_terms.txt but not in the local unblocked_terms.txt will be rejected. For more details: https://chromium.googlesource.com/chromiumos/repohooks/#Blocked-and-Unblocked-Word-List BUG=b:165908442 TEST=Run repohook. Change-Id: Iee1e920c2cd38daf092e4fd8f12de5d65aa770bc Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/firmware/+/2401638 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org> Auto-Submit: Daisuke Nojiri <dnojiri@chromium.org>
This repository contains the firmware updater (chromeos-firmwareupdate
) that will update firmware images related to verified boot, usually host (also known as AP, BIOS or MAIN) and EC (Embedded Controller).
Auto update is one of the most important feature in Chrome OS. Updating firmware is one of the most complicated process, since all Chromebooks come with firmware that implemented verified boot and must be able to update in background silently.
The firmware updater was made as an self-extracting archive with firmware images, updating logic, even utility programs.
In all modes, updater will try to preserve a list of known firmware data, for example the VPD sections (
RO_VPD
,RW_VPD
), and components inGBB
section likeHWID
.
Usually you can find the updater in /usr/sbin/chromeos-firmwareupdate
on a Chrome OS device (or the rootfs partition of a disk image).
To look at its contents (firmware images and versions) in machine friendly way:
chromeos-firmwareupdate --manifest
Currently we also support a human readable form:
chromeos-firmwareupdate -V
Usually for people who wants to “update all my firmware to right states”, do:
chromeos-firmwareupdate --mode=recovery
The
recovery
mode will try to update RO+RW if your write protection is not enabled, otherwise only RW.
If your are not sure about write protection status but you only want RW to be updated, run:
chromeos-firmwareupdate --mode=recovery --wp=1
The
--wp
argument will override you real write protection status.
If your want everything (RO and RW) to be updated and would like the updater to check WP state for you:
chromeos-firmwareupdate --mode=factory
The ChromeOS Auto Update (update_engine
) runs updater in a different way - a two-step trial process.
If you want to simulate and test that, do:
chromeos-firmwareupdate --mode=autoupdate --wp=1
The updater is provided by the virtual/chromeos-firmware
package in Chromium OS source tree, which will be replaced and includes the chromeos-base/chromeos-firmware-${BOARD}
package in private board overlays.
To build an updater locally, in chroot run:
emerge-${BOARD} chromeos-firmware-${BOARD}
If your board overlay has defined USE flags bootimage
or cros_ec
, chromeos-firwmare-${BOARD}
package will add dependency to firmware and EC source packages (chromeos-bootimage
and chromeos-ec
), and have the firmware images in /build/${BOARD}/firmware/{image,ec}.bin
.
In other words, you can remove
bootimage
andcros_ec
in branches that you don't need firmware from source, for example the factory branches or ToT, especially if there are external partners who only has access to particular board private overlays. To do that, find themake.conf
in board overlay and addUSE="-bootimage -cros_ec"
.
The firmware updater packages lives in private board overlays: src/private-overlays/overlay-${BOARD}-private/chromeos-base/chromeos-firmware-${BOARD}/chromeos-firmware-${BOARD}-9999.ebuild
. Find a template here in chromiumos-base/chromeos-firmware-null.
Usually there are few fields you have to fill:
A reference to the Main (AP) firmware image, which usually comes from emerge-${BOARD} chromeos-booimage
then /build/${BOARD}/firmware/image.bin
.
Usually this implies both RO and RW. See CROS_FIRMWARE_MAIN_RW_IMAGE
below for more information.
You have to run
ebuild-${BOARD} chromeos-firmware-${BOARD}.ebuild manifest
whenever you've changed the image files (CROS_FIRMWARE_*_IMAGE
).
A reference to the Main (AP) firmware image and only used for RW sections.
If this value is set, CROS_FIRMWARE_MAIN_IMAGE
will be used for RO and this will be used for RW.
A reference to the Embedded Controller (EC) firmware image, which usually comes from emerge-${BOARD} chromeos-ec
then /build/${BOARD}/firmware/ec.bin
.
The firmware updater is built by running pack_firmware.py
, which collects firmware image files, and then archived in ZIP format with a special bootstrap SFX script pack/sfx2.sh
.
For details about package format, check pack/README.md.
Here's a detailed list of how each updater mode works:
--mode=autoupdate
: Invoked by update_engine
when a payload is installed.
update_engine
will invoke chromeos-setgoodfirmware
after 60 secs, which will update or mark booted RW firmware to active.CROS_FIRMWARE_MAIN_IMAGE
. If yes, go 2. Otherwise, do --mode=recovery
.--mode=recovery
: Invoked by recovery shim after installed.
Note in
recovery
mode, theHWID
and flags inGBB
are both preserved.
--mode=factory
: A special recovery mode for factory initial imaging that always runs as wp=0
and NOT preserving GBB flags.Note in
factory
mode, in addition to preserved sections, theHWID
inGBB
will also be preserved. OtherGBB
data (root key, recovery key, flags) will be changed. TheGBB
flags must be changed because in factory process we need to overwrite the flags so we can ensure developer mode or other factory friendly settings being turned on in the first boot.
--mode=legacy
: A special mode that only updates RW_LEGACY
.
--mode=output
: A special mode for updater with multiple sets of images.
--output_dir
).