Pull the `ca-certificates` package but also disable certificate
verification for Git commands, including those that run during
tests. At some point, the `ca-certificates` won't get updates
anymore and, ideally, existing docker images will keep working.
Change-Id: Iaac1defd2dc640a9cf9c317d3b13ded5743390df
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/66988
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
This adds `libudev` which is linked by `libusb`. Generally, this
wouldn't be required with shared libraries, however we ask pkg-
config for the full dependency graph to support static libraries
alike.
Change-Id: I50f5333a7a9eae174eff8ae9cf451de3080f9fa8
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/66987
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
Pull the `ca-certificates` package but also disable certificate
verification for Git commands, including those that run during
tests. At some point, the `ca-certificates` won't get updates
anymore and, ideally, existing docker images will keep working.
Change-Id: I38c2404c50c97f3ae38fad602f587ce25719a6f3
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/66984
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
This adds `libudev` which is linked by `libusb`. Generally, this
wouldn't be required with shared libraries, however we ask pkg-
config for the full dependency graph to support static libraries
alike.
Change-Id: I50ba939c51215089b2e48b92779a1e6b49939b32
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/66983
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
Pull the `ca-certificates` package but also disable certificate
verification for Git commands, including those that run during
tests. At some point, the `ca-certificates` won't get updates
anymore and, ideally, existing docker images will keep working.
Change-Id: I6bc2a85c67b84e89656fe5d7191d354c2f97ff05
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/66982
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
flashrom_tester 'flashrom' crate was implemented using the flashrom
commandline. Add a second implementation using the libflashrom interface
via the libflashrom and libflashrom-sys rust bindings.
BUG=b:230545739
BRANCH=None
TEST=cargo test
TEST=on grunt (AMD)
TEST=/usr/bin/flashrom_tester --libflashrom host
TEST=/usr/bin/flashrom_tester --flashrom_binary /usr/sbin/flashrom host
Change-Id: Ic4db6c829d7e8dc707a10c10e1ca0d9b8abccdec
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/65282
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Provide the meson option `-Dich_descriptors_tool=auto/enable/disabled`
to determin if the ich_descriptors_tool should be build or not. On
`auto` or `enabled` it will be, on `disabled` it will not be build.
This is usefull for environments where the ich_descriptors_tool is not
needed.
Change-Id: Ief65a914019f72536d563eda36bd7f2f5330bea8
Signed-off-by: Thomas Heijligen <thomas.heijligen@secunet.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/66704
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
crossystem uses flashrom to gather data on some platforms. To avoid
firmware lock deadlock, call crossystem before initialising libflashrom.
When querying hardware write protect status, provide an argument to
crossystem so that only that field is queried. This also avoids the
deadlock, and improves performance.
BUG=b:239496316
BRANCH=None
TEST=on trogdor(arm), grunt(amd), hatch(intel):
TEST=flashrom_tester --libflashrom /usr/sbin/flashrom host Coreboot_ELOG_sanity
TEST=flashrom_tester /usr/sbin/flashrom host Coreboot_ELOG_sanity
Change-Id: I7d94cfc6ccbfbec91f12151eb0004724ccfc4e00
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/65962
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Write a newline after the hardware write protect prompt. Automated tests
read stdout and wait for this message, and split on newline, so write a
newline.
Also modify the function to not be recursive. Try to handle a closed
input correctly - panicing in that case. Behaviour is now to wait for
a newline instead of for 1 character.
BUG=b:240512896
BRANCH=None
TEST=tast run localhost:2222 firmware.FlashromTester
TEST=flashrom_tester < /dev/null
TEST=flashrom_tester; type some things, hold enter, then close stdin
Change-Id: I07ec242ca0d41787030d5d27fc88d78ed884d746
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/flashrom/+/3809595
Reviewed-by: Nikolai Artemiev <nartemiev@google.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/66587
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Instead of printing stderr in each function separately, print all stderr
in the dispatch function.
BUG=None
BRANCH=None
TEST=/usr/bin/flashrom_tester --debug host Lock_top_quad
Change-Id: Id76f83c8c089537aa44aa13533c75900eb6ed175
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/65279
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
built-0.3 depends on git2-0.9, which is our only user of url-1, which is
our only user of idna-0.1, which depends on rustc-serialize, which
suffers from RUSTSEC-2022-0004. That's a mouthful :)
BUG=b:239449434
TEST=CQ
BRANCH=none
Change-Id: I0d39b417fd2291838e85f91a2af1c8a4fe28a6c2
Signed-off-by: George Burgess IV <gbiv@google.com>
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/66140
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
write_file_with_layout test was checking that writing to a region was
failing, and assuming that was because write protect is working as
expected. Other failures are possible, so check that a write to a non
write protected region can succeed.
BUG=b:235916336
BRANCH=None
TEST=/usr/bin/flashrom_tester --debug host Lock_top_quad
Change-Id: I2b220f323e259f5c7bfae06f6cf996b22e264555
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/65278
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Peter Marheine <pmarheine@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Use a type implementing Error instead of a string for errors. Error
implements Display so can be easily converted to a String. This will
allow libflashrom to be more easily integrated.
BUG=b:230545739
BRANCH=None
TEST=cargo test
Change-Id: Id166053c7edfd07576e7823692cfa0ea4d438948
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/65277
Reviewed-by: Peter Marheine <pmarheine@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Make elog_sanity_test read the elog region itself, instead of calling
out to elogtool. This avoids the need to subprocess and resolves
a deadlock when elogtool attempts to obtain a flash reading lock.
TEST=/usr/bin/flashrom_tester host Coreboot_ELOG_sanity
TEST=flashrom --image RW_ELOG -p host -r /tmp/file.tmp2 # comparison
TEST=hexdump the file and check magic signature == 0x474f4c45
Change-Id: I8ac63e15e063f9c0928e3e185154bb083b367ba9
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/65119
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Peter Marheine <pmarheine@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
To allow FlashromCmd to be reimplemented with libflashrom move all
concrete cmd functions into the FlashromCmd type that implements the
Flashrom trait. This allows users to be generalised upon the Flashrom
trait as the contract rather than the concrete FlashromCmd type.
Change-Id: Ie2b4e7e91d69043fd50d1c57f6585fc9946fab10
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/64849
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Peter Marheine <pmarheine@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
An issue was discovered in the sys-info crate before 0.8.0 for Rust.
sys_info::disk_info calls can trigger a double free. To prevent any
potential problems, update this crate to version 0.9 (as of writing,
sys-info version 0.9.1 is the latest).
Refer to CVE-2020-36434 for more details about the sys-info crate bug.
TEST=Run `cargo build` in `util/flashrom_tester`, it still works fine.
Change-Id: I3b6b21e830ff3107860f7bcbfe2d58b29efe0c12
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/63975
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
Reviewed-by: Peter Marheine <pmarheine@chromium.org>
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This patch is fixing -Wsign-compare warnings, specifically:
warning: comparison of integer expressions of different signedness:
‘int’ and ‘uint32_t’ {aka ‘unsigned int’} [-Wsign-compare]
Both instances in this patch produce the same warning.
The patch is needed to sync compiler warning options between meson
and makefile.
TEST=running the following gives no warnings:
meson setup --wipe (to clean build directory)
ninja test
Change-Id: I1f9325e9cf89f57f18d63cc3906a0958b47286d7
Signed-off-by: Anastasia Klimchuk <aklm@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/63488
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Thomas Heijligen <src@posteo.de>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
Additionally, utilize CSSO (CPU Soft Strap Offset) to uniquely detect
the chipset when the CSSL (CPU Soft Strap Length) field default value
(0x03) on Jasper Lake is the same as Elkhart Lake.
BUG=b:221175960
TEST=dedede with `flashrom -p internal --flash-size`.
```
$ flashrom -VVV -p internal --ifd -i fd -i bios -r /tmp/filename.rom
<snip>
Enabling hardware sequencing by default for 100+ series PCH.
OK.
No board enable found matching coreboot IDs vendor="Google", model="Magolor".
The following protocols are supported: Programmer-specific.
Probing for Programmer Opaque flash chip, 0 kB: Chip identified: GD25Q127C/GD25Q128C
Hardware sequencing reports 1 attached SPI flash chip with a density of 16384 kB.
There is only one partition containing the whole address space (0x000000 - 0xffffff).
There are 4096 erase blocks with 4096 B each.
Added layout entry 00000000 - 00ffffff named complete flash
Found GigaDevice flash chip "GD25Q127C/GD25Q128C" (16384 kB, Programmer-specific) mapped at physical address 0x0000000000000000.
Found GigaDevice flash chip "GD25Q127C/GD25Q128C" (16384 kB, Programmer-specific).
This chip may contain one-time programmable memory. flashrom cannot read
and may never be able to write it, hence it may not be able to completely
clone the contents of this chip (see man page for details).
Reading Status register
Block protection is disabled.
Reading ich descriptor... Reading 4096 bytes starting at 0x000000.
done.
Assuming chipset 'Jasper Lake'.
Added layout entry 00000000 - 00000fff named fd
Added layout entry 00381000 - 00ffffff named bios
Added layout entry 00001000 - 00380fff named me
restore_power_management: Re-enabling power management.
Using regions: "bios", "fd".
Reading Status register
Block protection is disabled.
Reading flash... 0x381000-0xffffff:R Reading 13103104 bytes starting at 0x381000.
000000-0x0fff:R Reading 4096 bytes starting at 0x000000.
done.
restore_power_management: Re-enabling power management.
SUCCESS
Restoring PCI config space for 00:1f:5 reg 0xdc
restore_power_management: Re-enabling power management.
```
Change-Id: Ib942d0b8942fe0a991b2af0b187414818485153d
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/62282
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Sam McNally <sammc@google.com>
This patch adds Meteor Lake support into flashrom.
Additionally, utilize CSSO (CPU Soft Strap Offset) to uniquely detect
the chipset when the CSSL (CPU Soft Strap Length) field default value
(0x03) on Meteor Lake is the same as Elkhart Lake.
BUG=b:224325352
TEST=Flashrom is able to detect MTL SPI DID and show chipset name as below:
> flashrom --flash-name
....
Found chipset "Intel Meteor Lake-P/M".
....
> flashrom - internal --ifd -i fd -i bios -r /tmp/bios.rom
....
Reading ich_descriptor... done.
Assuming chipset 'Meteor Lake'.
Using regions: "bios", "fd".
Reading flash... done.
SUCCESS
Signed-off-by: Subrata Banik <subratabanik@google.com>
Change-Id: I0a2ffe2ba8d96c90d89b77e0d8583d179ff02a75
Reviewed-on: https://review.coreboot.org/c/flashrom/+/62783
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Wonkyu Kim <wonkyu.kim@intel.com>
Reviewed-by: Sam McNally <sammc@google.com>
Does exactly what it says on the tin.
BUG=b:220799648
TEST=```localhost ~ # flashrom --flash-name
<snip>
Found Programmer flash chip "Opaque flash chip" (32768 kB, Programmer-specific) mapped at physical address 0x0000000000000000.
vendor="Programmer" name="Opaque flash chip"
flashrom -p internal --ifd -i fd -i bios -r /tmp/filename.rom
flashrom unknown on Linux 5.15.22 (x86_64)
flashrom is free software, get the source code at https://flashrom.org
Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
coreboot table found at 0x768a7000.
Found chipset "Intel Alder Lake-N".
Enabling flash write... Warning: Setting BIOS Control at 0xdc from 0x8b to 0x89 failed.
New value is 0x8b.
SPI Configuration is locked down.
OK.
Found Winbond flash chip "W25Q256JV_M" (32768 kB, Programmer-specific) mapped at physical address 0x0000000000000000.
Error accessing W25Q256JV_M, 0x2000000 bytes at 0x00000000fe000000
/dev/mem mmap failed: Resource temporarily unavailable
Could not map flash chip W25Q256JV_M at 0x00000000fe000000.
Reading ich descriptor... done.
Using regions: "bios", "fd".
Error accessing W25Q256JV_M, 0x2000000 bytes at 0x00000000fe000000
/dev/mem mmap failed: Resource temporarily unavailable
Could not map flash chip W25Q256JV_M at 0x00000000fe000000.
Reading flash... done.
SUCCESS
Also,
Reading ich descriptor... Reading 4096 bytes starting at 0x000000.
done.
Assuming chipset '600 series Alder Point'.
Added layout entry 00000000 - 00000fff named fd
Added layout entry 00500000 - 01ffffff named bios
Added layout entry 00001000 - 004fffff named me
```
Tested on Nivviks/ADL-N and Brya/ADL-P.
Change-Id: Ie66cf519df13f3391c41f5016b16a81ef3dfd4bf
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/62251
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Reviewed-by: Sam McNally <sammc@google.com>
Elkhart Lake has a chipset called Mule Creek Canyon which is quite
compatible with 300 series chipsets. There are a few differences though,
e.g. different encoding for the SPI clock values for read and write in
the FLCOMP register. In addition Elkhart Lake has a new PCI device ID
for the SPI controller which is added, too.
TEST=Read and flash complete flash on Siemens MC EHL1
Change-Id: I711e39a3ec9cd7098389231eaa1cb864d615a475
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/60711
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tiger Lake has very low ICCRIBA (TGL=0x11, CNL=0x34 and CML=0x34) and
detects as unknown chipset compatible with 300 series chipset. Add a
new enum CHIPSET_500_SERIES_TIGER_POINT and treat it identically to
CHIPSET_400_SERIES_COMET_POINT. There are some exceptions though,
ICCRIBA is no longer present n descriptor content so a new union has
been defined for new fields and used in descriptor guessing.
freq_read field is not present on Tiger Lake, moreover in CannonPoint
and Comet Point this field is used as eSPI/EC frequency, so a new
function to print read frequency has ben added. Finally Tiger lake
boot straps include eSPI, so a new bus has been added for the new
straps.
TEST=Flash BIOS region on Intel i5-1135G7
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I28f3b6fe9f8ce9e976a6808683f46b6f4ec72bdd
Reviewed-on: https://review.coreboot.org/c/flashrom/+/55578
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
ich_descriptors_tool/Makefile: have the same behavior as the main
flashrom Makefile
- only set gcc explicit on MinGW HOST_OS
- don't fallback to gcc if CC was not set
- set CFLAGS and EXEC_SUFFIX for TARGET_OS, not for HOST_OS
Change-Id: I353c3de250167994a4aea1edfef57d839e900d78
Signed-off-by: Thomas Heijligen <thomas.heijligen@secunet.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/58468
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
It turned out that the `--memory-size` given at install time is
not persistent. All later anita runs use an arch-dependent default
(32M for i386, so this might explain why it was never stable).
Assuming most machines have >1GiB RAM per processor core available,
we can also increase the runtime size further (better to waste some
RAM than to wait very long because it starts swapping things out).
We choose 512MiB for 64-bit targets and 256MiB for 32-bit ones.
However, we don't need that much for the initial installation step
and it also decides the size of the swap partition. So we use a
smaller size initially that's just enough to get us through the
installation quickly enough (192MiB & 128MiB).
Change-Id: I255c41aeb92cda29ed23a236017472982e839530
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/52484
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
There is no disk label `a` on non-x86 (at least not on Sparc64).
Instead, we use the whole disk which is `d` on x86 and `c` else-
where. `newfs` and `fsck` needs a little help in this scenario.
Change-Id: Ib298d9cbf5d49ff38a898f4ce3ad54bb6af98d86
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/52482
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
