| commit | 256c8903e8dfaa622813cdc514320830fbe6f119 | [log] [tgz] |
|---|---|---|
| author | Nicholas Bishop <nicholasbishop@google.com> | Fri Jun 24 20:05:05 2022 |
| committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | Fri Jun 24 21:08:43 2022 |
| tree | 95af4c28dc5ab47c11f3c179029a01746df383ec | |
| parent | bbc26a106dc326d5b06d669d2ec8b3e761fab494 [diff] |
vboot: Add cty dependency to provide C type aliases cty is the standard crate for this purpose for targets that don't support std. Convert the code in printf.rs to use the cty types as well. BUG=None TEST=cargo xtask check Change-Id: I6ef50b250a6d24f9f16be687dde05b8a8321952d Reviewed-on: https://chromium-review.googlesource.com/c/crdyboot/+/3721282 Reviewed-by: Steve Kendall <skend@google.com> Commit-Queue: Steve Kendall <skend@google.com> Tested-by: Nicholas Bishop <nicholasbishop@google.com> Auto-Submit: Nicholas Bishop <nicholasbishop@google.com>
Pronounced CUR-dee-boot.
This is a UEFI bootloader for CloudReady. Crdyboot handles loading, verifying, and running the Linux kernel.
Goals:
The vboot subdirectory is a no_std library that handles loading and verifying the kernel. Internally it uses the LoadKernel function from third_party/vboot_reference. This crate can be built for the host target so that tests can run.
The crdyboot subdirectory contains the actual bootloader. It can only be built for the x86_64-unknown-uefi and i686-unknown-uefi targets.
The xtask subdirectory contains a single binary that is used by the various xtask commands shown below.
The enroller subdirectory contains a small UEFI application that enrolls a test key in the PK, KEK, and db variables. This only works if the machine is in secure boot custom mode.
Install nightly Rust:
cargo xtask install-toolchain
Headers needed for compiling vboot_reference:
sudo apt install libflashrom-dev
Other tools used for image signing and running in a VM:
sudo apt install efitools gdisk ovmf ovmf-ia32 qemu-system-x86 sbsigntool
After installing qemu, add your user to the kvm group. You will need to log out and back in for this to take effect:
sudo adduser ${USER} kvm
Before running any other commands in the repository, run this setup command:
cargo xtask setup <reven-image-path>
This will copy the reven image to a local directory and run various setup commands.
To check formatting, lint, test, and build both vboot and crdyboot:
cargo xtask check
To build crdyboot for both 64-bit and 32-bit UEFI targets:
cargo xtask build
To copy the latest crdyboot build to the image:
cargo xtask update-disk
Then run it in QEMU:
cargo xtask qemu [--ia32] [--secure-boot]
Some additional build options can be set in crdyboot.toml (in the root of the repo). This file will be created automatically if it doesn't already exist by copying xtask/default.toml. The defaults are appropriate for development. In a release build, verbose logging and the test key should be turned off.
To test secure boot with real hardware you will need to enroll custom keys. Write workspace/enroller.bin to a USB, and write workspace/disk.bin to a second USB, e.g. using writedisk.
Boot the DUT and enter the boot setup. Find the secure boot settings and change it to setup mode. (The details will vary from one vendor to another.)
Plug in the enroller USB and reboot. Use the boot menu to select the USB and wait for it to complete.
Unplug the enroller USB and plug in the cloudready USB, then reboot. Use the boot menu to select the USB.
An older pure-Rust version can be found in the pure-rust-20210729 branch. Since then we have switched to building the C vboot library and loading/verifying the kernel through that library.