flashrom cli supports include regions for all of read write and verify,
as well as omitting the read/write/verify file if an include region with
file is specified. Use an enum to allow only one operation at a time.
Unify the read and write region implementations.
BUG=b:235916336
BRANCH=None
TEST=None
Change-Id: I1cb46bb1b26949fd9c19949c43708a8b652e00da
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/71973
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Peter Marheine <pmarheine@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Rename wp_toggle_test to wp_region_list_test. Make it test one thing,
wp_list. lock_test does the test of set_hw/set_sw functionality so that
was redundant here.
BUG=b:235916336
BRANCH=None
TEST=None
Change-Id: I314aa8d9708c39cc162a8d5e95ca3e019c2fb5b8
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/71971
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Peter Marheine <pmarheine@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Add a bash script for the flashrom CLI that auto-completes the command
sequence. The script is generated from a template by substituting a
list of enabled programmers. It requires an extra `bash-completion`
package to work, but, fortunately, it's installed on most systems.
Build system changes:
meson:
provide option `bash_completion` to determine if the script should
be installed (depends on option `classic_cli`).
makefile:
make a list of enabled programmers (by using CONFIG_* variables)
to do substitution manually
Change-Id: Ie68bc91c3cea4de2ffdbeffd07e48edd8d5590e1
Signed-off-by: Alexander Goncharov <chat@joursoir.net>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/68247
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
None of these targets have been maintained or used for several years:
dediprog:
- Wasn't accepted by the argument filter in main.rs.
ec:
- Is incompatible with most tests because the EC only supports one
protection range.
servo:
- Has been broken for >3 years because it uses the programmer string
"ft2231_spi:type=servo-v2", where "ft2231" should be "ft2232".
BUG=b:239357853
BRANCH=none
TEST=flashrom_tester on dedede
Change-Id: Iee94f6bb5ff8c5451acb8bcaabf28119006d0ef5
Signed-off-by: Nikolai Artemiev <nartemiev@google.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/69921
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
For compliance and to check if the commit message matches the
development guidelines, add a linter checking for the sign-off-by line
in the commit message. Also, hook it up to the test_build.sh script
which is used for CI builds.
These scripts were copied from the coreboot repository and were adjusted
so that they work for flashrom.
Change-Id: I03f1827803f8492d60a0a44174d5822c2265bfcb
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/70079
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
partial_lock test was bypassing the WriteProtectState cache of the
software write protect by directly calling env.cmd.wp_range. It was also
unnesesarily disabling software WP. Fix those issues and more clearly
document what the test is doing and expecting.
BUG=b:244663741
BRANCH=None
TEST=flashrom_tester --libflashrom host
Change-Id: Ic3f89ff5d22e74e4e6c94e755b936e58cb27182d
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/69418
Reviewed-by: Peter Marheine <pmarheine@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
wp_toggle and wp_range had some confusing behaviour where enabling wp
would set a range, but disabling wp would not unset the range
(explicitly). This was a way to workaround the MTD kernel driver
semantics. Now make things very explicit, enabling software write
protect will set the range to the whole chip. Disabling write protect
will set the range to 0,0. This makes all drivers behave the same as
MTD, and documents the exact behaviour explicitly.
BUG=b:244663741
BRANCH=None
TEST=flashrom_tester --libflashrom host # MTD and non-MTD
TEST=flashrom_tester --flashrom_binary # MTD and non-MTD
Change-Id: Ia01d612d988e6580a7c5f0fd448ccc319ce9b181
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/69417
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Remove the WriteProtectState 'stack' implementation and the push
function. This functionality allowed states to be stacked and then
automatically unrolled via RAII lifetimes. This was useful. However this
unrolling could make errors in a flashrom_tester run much harder to
understand, as the actual failure would be followed by multiple write
protect calls that could subsequently fail, potentially causing panicing
inside the panic handler and the process to be hard aborted and the
restore golden image function would not be run.
The new approach is to prefer code simplicity. Ideally this makes errors
easier to diagnose from logs. To that end the lifetime has been
simplified. The stack has been removed. The mutex has been removed.
This means tests may not be running in the same environment they were
previously. However if they continue to specify their requirements with
set_sw and set_hw there will be no difference and the errors will be
clear.
BUG=b:259494812
BRANCH=None
TEST=flashrom_tester --libflashrom host
Change-Id: I1c4251f69b42a327383b8a99fa933f411feb9568
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/69401
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Document clearly what the test is doing and expects. Do not use the
push() function as it confuses the logs in the case of error.
BUG=b:258357944
BRANCH=None
TEST=flashrom_tester --libflashrom host Lock
Change-Id: Ibad559a8ff9696fd91f45bca9d9ceb6e90c41393
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/69400
Reviewed-by: Peter Marheine <pmarheine@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Add the atty crate as a dependency. Print log and report in color only
when isatty is true.
BUG=b:246250254
BRANCH=None
TEST=ssh dut flashrom_tester # no color
TEST=ssh -t dut flashrom_tester # color
Change-Id: Ia3cc527fb98e53eda6773622340cf10764df2cba
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/69270
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
layout_file is part of the test environment, move it from a global to
a member of the TestEnv struct. This allows layout to be part of the
tempdir in a subsequent patch.
BUG=b:243460685
BRANCH=None
TEST=/usr/bin/flashrom_tester --flashrom_binary /usr/sbin/flashrom host
TEST=/usr/bin/flashrom_tester --libflashrom host
Change-Id: Ia7e8efeb4fbac0a46627f079956d671aed43f1c7
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/69063
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Disable images that can't be built anymore by default. We keep them
listed, so existing images can still be used. Also add commands to
show and run all supposed-to-be working tags.
Change-Id: I0f0ffb6c5e28348656aac2ce265f8b1dc0e93362
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/66996
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
Alpine Linux 3.7 and 3.8 fell behind with their pre-installed cer-
tificates. Plus, there seems to be no way to override certificate
checks when downloading packages. Hence, disable https completely.
Change-Id: I49dc3a2a2d44f948182e7571f6289b74e6fa6eb4
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/67186
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
Basing the image on debian:stable turned out to be a bad idea once
stable switched to Bullseye. Instead of falling back to Buster, we
move forward to Bullseye and pin that version. Hopefully that works
for some years again.
With Bullseye it turned out to be easier to do things with Python 3,
so we use that now. To ease future changes, we use tinier RUN and ARG
steps which creates more intermediate images. Such intermediate images
can be reused if some later step is changed in the Dockerfile.
Change-Id: Ic064ddad807329a9bd81085775190615ad89273f
Signed-off-by: Nico Huber <nico.h@gmx.de>
Ticket: https://ticket.coreboot.org/issues/383
Reviewed-on: https://review.coreboot.org/c/flashrom/+/65633
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
Disable certificate verification for Git commands, including those that
run during tests. At some point, the `ca-certificates` won't get updates
anymore and, ideally, existing docker images will keep working.
Change-Id: I8d7dedeb97777d2f1e6e7e69aefb8cc7ca604940
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/66999
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
Pull the `ca-certificates` package but also disable certificate
verification for Git commands, including those that run during
tests. At some point, the `ca-certificates` won't get updates
anymore and, ideally, existing docker images will keep working.
Change-Id: Iaac1defd2dc640a9cf9c317d3b13ded5743390df
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/66988
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
This adds `libudev` which is linked by `libusb`. Generally, this
wouldn't be required with shared libraries, however we ask pkg-
config for the full dependency graph to support static libraries
alike.
Change-Id: I50f5333a7a9eae174eff8ae9cf451de3080f9fa8
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/66987
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
Pull the `ca-certificates` package but also disable certificate
verification for Git commands, including those that run during
tests. At some point, the `ca-certificates` won't get updates
anymore and, ideally, existing docker images will keep working.
Change-Id: I38c2404c50c97f3ae38fad602f587ce25719a6f3
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/66984
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
This adds `libudev` which is linked by `libusb`. Generally, this
wouldn't be required with shared libraries, however we ask pkg-
config for the full dependency graph to support static libraries
alike.
Change-Id: I50ba939c51215089b2e48b92779a1e6b49939b32
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/66983
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
Pull the `ca-certificates` package but also disable certificate
verification for Git commands, including those that run during
tests. At some point, the `ca-certificates` won't get updates
anymore and, ideally, existing docker images will keep working.
Change-Id: I6bc2a85c67b84e89656fe5d7191d354c2f97ff05
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/66982
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Singer <felixsinger@posteo.net>
flashrom_tester 'flashrom' crate was implemented using the flashrom
commandline. Add a second implementation using the libflashrom interface
via the libflashrom and libflashrom-sys rust bindings.
BUG=b:230545739
BRANCH=None
TEST=cargo test
TEST=on grunt (AMD)
TEST=/usr/bin/flashrom_tester --libflashrom host
TEST=/usr/bin/flashrom_tester --flashrom_binary /usr/sbin/flashrom host
Change-Id: Ic4db6c829d7e8dc707a10c10e1ca0d9b8abccdec
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/65282
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Provide the meson option `-Dich_descriptors_tool=auto/enable/disabled`
to determin if the ich_descriptors_tool should be build or not. On
`auto` or `enabled` it will be, on `disabled` it will not be build.
This is usefull for environments where the ich_descriptors_tool is not
needed.
Change-Id: Ief65a914019f72536d563eda36bd7f2f5330bea8
Signed-off-by: Thomas Heijligen <thomas.heijligen@secunet.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/66704
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
crossystem uses flashrom to gather data on some platforms. To avoid
firmware lock deadlock, call crossystem before initialising libflashrom.
When querying hardware write protect status, provide an argument to
crossystem so that only that field is queried. This also avoids the
deadlock, and improves performance.
BUG=b:239496316
BRANCH=None
TEST=on trogdor(arm), grunt(amd), hatch(intel):
TEST=flashrom_tester --libflashrom /usr/sbin/flashrom host Coreboot_ELOG_sanity
TEST=flashrom_tester /usr/sbin/flashrom host Coreboot_ELOG_sanity
Change-Id: I7d94cfc6ccbfbec91f12151eb0004724ccfc4e00
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/65962
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Write a newline after the hardware write protect prompt. Automated tests
read stdout and wait for this message, and split on newline, so write a
newline.
Also modify the function to not be recursive. Try to handle a closed
input correctly - panicing in that case. Behaviour is now to wait for
a newline instead of for 1 character.
BUG=b:240512896
BRANCH=None
TEST=tast run localhost:2222 firmware.FlashromTester
TEST=flashrom_tester < /dev/null
TEST=flashrom_tester; type some things, hold enter, then close stdin
Change-Id: I07ec242ca0d41787030d5d27fc88d78ed884d746
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/flashrom/+/3809595
Reviewed-by: Nikolai Artemiev <nartemiev@google.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/66587
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Instead of printing stderr in each function separately, print all stderr
in the dispatch function.
BUG=None
BRANCH=None
TEST=/usr/bin/flashrom_tester --debug host Lock_top_quad
Change-Id: Id76f83c8c089537aa44aa13533c75900eb6ed175
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/65279
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
built-0.3 depends on git2-0.9, which is our only user of url-1, which is
our only user of idna-0.1, which depends on rustc-serialize, which
suffers from RUSTSEC-2022-0004. That's a mouthful :)
BUG=b:239449434
TEST=CQ
BRANCH=none
Change-Id: I0d39b417fd2291838e85f91a2af1c8a4fe28a6c2
Signed-off-by: George Burgess IV <gbiv@google.com>
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/66140
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
write_file_with_layout test was checking that writing to a region was
failing, and assuming that was because write protect is working as
expected. Other failures are possible, so check that a write to a non
write protected region can succeed.
BUG=b:235916336
BRANCH=None
TEST=/usr/bin/flashrom_tester --debug host Lock_top_quad
Change-Id: I2b220f323e259f5c7bfae06f6cf996b22e264555
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/65278
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Peter Marheine <pmarheine@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
