fingerprint

package
v0.0.0-...-9474aff Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 28, 2022 License: BSD-3-Clause Imports: 29 Imported by: 0

Documentation

Overview

Package fingerprint is a collection of utilities to work with the firmware on the fingerprint microcontroller (FPMCU), e.g. toggle write protect and flash firmware.

Index

Constants

View Source
const (
	// Futility is the futility executable name.
	Futility = "futility"
	// BloonchipperDevKey is the path to the dev key.
	BloonchipperDevKey = "fingerprint_dev_keys/bloonchipper/dev_key.pem"
	// DartmonkeyDevKey is the path to the dev key.
	DartmonkeyDevKey = "fingerprint_dev_keys/dartmonkey/dev_key.pem"
	// NamiFPDevKey is the path to the dev key.
	NamiFPDevKey = "fingerprint_dev_keys/nami_fp/dev_key.pem"
	// NocturneFPDevKey is the path to the dev key.
	NocturneFPDevKey = "fingerprint_dev_keys/nocturne_fp/dev_key.pem"
)
View Source
const (

	// WaitForBiodToStartTimeout is the time to wait for biod to start.
	WaitForBiodToStartTimeout = 30 * time.Second
)

Variables

This section is empty.

Functions

func AddEntropy

func AddEntropy(ctx context.Context, d *dut.DUT, reset bool) error

AddEntropy adds entropy to the fingerprint MCU.

func BioWash

func BioWash(ctx context.Context, d *rpcdut.RPCDUT, reset bool) error

BioWash calls bio_wash to reset the entropy key material on the FPMCU.

func CheckFirmwareIsFunctional

func CheckFirmwareIsFunctional(ctx context.Context, d *dut.DUT) ([]byte, error)

CheckFirmwareIsFunctional checks that the AP can talk to the FPMCU and get the version.

func CheckRawFPFrameFails

func CheckRawFPFrameFails(ctx context.Context, d *rpcdut.RPCDUT) error

CheckRawFPFrameFails validates that a raw frame cannot be read from the FPMCU and returns an error if a raw frame can be read.

func CheckRollbackSetToInitialValue

func CheckRollbackSetToInitialValue(ctx context.Context, d *rpcdut.RPCDUT) error

CheckRollbackSetToInitialValue checks the anti-rollback block is set to initial values.

func CheckRollbackState

func CheckRollbackState(ctx context.Context, d *rpcdut.RPCDUT, expected RollbackState) error

CheckRollbackState checks that the anti-rollback block is set to expected values.

func CheckRunningFirmwareCopy

func CheckRunningFirmwareCopy(ctx context.Context, d *dut.DUT, image FWImageType) error

CheckRunningFirmwareCopy validates that image is the running FPMCU firmware copy and returns an error if that is not the case.

func CheckRunningFirmwareVersionMatches

func CheckRunningFirmwareVersionMatches(ctx context.Context, d *rpcdut.RPCDUT, expectedROVersion, expectedRWVersion string) error

CheckRunningFirmwareVersionMatches compares the running RO and RW firmware versions to expectedROVersion and expectedRWVersion and returns an error if they do not match.

func CheckSystemIsLocked

func CheckSystemIsLocked(ctx context.Context, d *dut.DUT) error

CheckSystemIsLocked validates that the FPMCU is locked and returns an error if it is not.

func CheckValidFlashState

func CheckValidFlashState(ctx context.Context, d *rpcdut.RPCDUT, fpBoard FPBoardName, buildFWFile string) error

CheckValidFlashState validates the rollback state and the running firmware versions (RW and RO). It returns an error if any of the values are incorrect.

func CheckWriteProtectStateCorrect

func CheckWriteProtectStateCorrect(ctx context.Context, d *dut.DUT, fpBoard FPBoardName, curImage FWImageType, softwareWriteProtectEnabled, hardwareWriteProtectEnabled bool) error

CheckWriteProtectStateCorrect correct returns an error if the FPMCU's current write protection state does not match the expected state.

func DevKeyForFPBoard

func DevKeyForFPBoard(fpBoard FPBoardName) string

DevKeyForFPBoard gets the dev key for the given fpBoard.

func EctoolCommand

func EctoolCommand(ctx context.Context, d *dut.DUT, args ...string) *ssh.Cmd

EctoolCommand constructs an "ectool" command for the FPMCU.

func FirmwarePath

func FirmwarePath(ctx context.Context, d *rpcdut.RPCDUT, fpBoard FPBoardName) (string, error)

FirmwarePath returns the path to the fingerprint firmware file on device.

func FlashFirmware

func FlashFirmware(ctx context.Context, d *rpcdut.RPCDUT, needsRebootAfterFlashing bool) error

FlashFirmware flashes the original fingerprint firmware in rootfs.

func FlashRWFirmware

func FlashRWFirmware(ctx context.Context, d *rpcdut.RPCDUT, firmwareFile string) error

FlashRWFirmware flashes the specified firmwareFile as the RW image on the FPMCU. It does not modify the RO image.

func GetBuildROFirmwareVersion

func GetBuildROFirmwareVersion(ctx context.Context, d *rpcdut.RPCDUT, buildFWFile string) (string, error)

GetBuildROFirmwareVersion returns the RO version of a given build firmware file on DUT.

func GetBuildRWFirmwareVersion

func GetBuildRWFirmwareVersion(ctx context.Context, d *rpcdut.RPCDUT, buildFWFile string) (string, error)

GetBuildRWFirmwareVersion returns the RW version of a given build firmware file on DUT.

func InitializeEntropy

func InitializeEntropy(ctx context.Context, d *rpcdut.RPCDUT) error

InitializeEntropy initializes the anti-rollback block in RO firmware.

func InitializeHWAndSWWriteProtect

func InitializeHWAndSWWriteProtect(ctx context.Context, d *rpcdut.RPCDUT, pxy *servo.Proxy, fpBoard FPBoardName, enableHWWP, enableSWWP bool) error

InitializeHWAndSWWriteProtect ensures hardware and software write protect are initialized as requested.

func InitializeKnownState

func InitializeKnownState(ctx context.Context, d *rpcdut.RPCDUT, outdir string, pxy *servo.Proxy, fpBoard FPBoardName, buildFWFile string, needsRebootAfterFlashing bool) error

InitializeKnownState checks that the AP can talk to FPMCU. If not, it flashes the FPMCU.

func NeedsRebootAfterFlashing

func NeedsRebootAfterFlashing(ctx context.Context, d *rpcdut.RPCDUT) (bool, error)

NeedsRebootAfterFlashing returns true if device needs to be rebooted after flashing. Zork cannot rebind cros-ec-uart after flashing, so an AP reboot is needed to talk to FPMCU. See b/170213489.

func ReadFromRollbackFlash

func ReadFromRollbackFlash(ctx context.Context, d *dut.DUT, fpBoard FPBoardName, outputFile string) error

ReadFromRollbackFlash attempts to read bytes from the rollback section of the FPMCU's flash. The directory containing outputFile must already exist on the DUT.

func RebootFpmcu

func RebootFpmcu(ctx context.Context, d *dut.DUT, bootTo FWImageType) error

RebootFpmcu reboots the fingerprint MCU. It does not reboot the AP.

func ReimageFPMCU

func ReimageFPMCU(ctx context.Context, d *rpcdut.RPCDUT, pxy *servo.Proxy, needsRebootAfterFlashing bool) error

ReimageFPMCU flashes the FPMCU completely and initializes entropy.

func RunningROVersion

func RunningROVersion(ctx context.Context, d *rpcdut.RPCDUT) (string, error)

RunningROVersion returns the RO version running on FPMCU.

func RunningRWVersion

func RunningRWVersion(ctx context.Context, d *rpcdut.RPCDUT) (string, error)

RunningRWVersion returns the RW version running on FPMCU.

func SetHardwareWriteProtect

func SetHardwareWriteProtect(ctx context.Context, pxy *servo.Proxy, enable bool) error

SetHardwareWriteProtect sets the FPMCU's hardware write protection to the state specified by enable.

func SetSoftwareWriteProtect

func SetSoftwareWriteProtect(ctx context.Context, d *dut.DUT, enable bool) error

SetSoftwareWriteProtect sets the FPMCU's software write protection to the state specified by enable.

func ValidateBuildFwFile

func ValidateBuildFwFile(ctx context.Context, d *rpcdut.RPCDUT, fpBoard FPBoardName, buildFwFile string) error

ValidateBuildFwFile checks that all attributes in the given firmware file match their expected values.

func WaitForRunningFirmwareImage

func WaitForRunningFirmwareImage(ctx context.Context, d *dut.DUT, image FWImageType) error

WaitForRunningFirmwareImage waits for the requested image to boot.

Types

type FMAPSection

type FMAPSection string

FMAPSection describes a firmware map section.

const (
	// ROFirmwareID is the read-only firmware ID.
	ROFirmwareID FMAPSection = "RO_FRID"
	// RWFirmwareID is the read-write firmware ID.
	RWFirmwareID FMAPSection = "RW_FWID"
	// RWRollbackVersion is the read-write rollback version.
	RWRollbackVersion FMAPSection = "RW_RBVER"
	// RWFirmware is the read-write section.
	RWFirmware FMAPSection = "EC_RW"
	// SignatureRW is the signature section.
	SignatureRW FMAPSection = "SIG_RW"
)

type FPBoardName

type FPBoardName string

FPBoardName is the board name of the FPMCU.

const (
	FPBoardNameBloonchipper FPBoardName = "bloonchipper"
	FPBoardNameDartmonkey   FPBoardName = "dartmonkey"
	FPBoardNameNocturne     FPBoardName = "nocturne_fp"
	FPBoardNameNami         FPBoardName = "nami_fp"
)

Possible names for FPMCUs.

func Board

func Board(ctx context.Context, d *rpcdut.RPCDUT) (FPBoardName, error)

Board returns the name of the fingerprint EC on the DUT

type FWImageType

type FWImageType string

FWImageType is the type of firmware (RO or RW).

const (
	ImageTypeRO FWImageType = "RO"
	ImageTypeRW FWImageType = "RW"
)

These are the possible values of FWImageType.

func RunningFirmwareCopy

func RunningFirmwareCopy(ctx context.Context, d *dut.DUT) (FWImageType, error)

RunningFirmwareCopy returns the firmware copy on FPMCU (RO or RW).

type FirmwareTest

type FirmwareTest struct {
	// contains filtered or unexported fields
}

FirmwareTest provides a common framework for fingerprint firmware tests.

func NewFirmwareTest

func NewFirmwareTest(ctx context.Context, d *rpcdut.RPCDUT, servoSpec, outDir string, enableHWWP, enableSWWP bool) (firmwareTest *FirmwareTest, initError error)

NewFirmwareTest creates and initializes a new fingerprint firmware test. enableHWWP indicates whether the test should enable hardware write protect. enableSWWP indicates whether the test should enable software write protect.

func (*FirmwareTest) BuildFwFile

func (t *FirmwareTest) BuildFwFile() string

BuildFwFile gets the firmware file.

func (*FirmwareTest) CleanupTime

func (t *FirmwareTest) CleanupTime() time.Duration

CleanupTime gets the amount of time needed for cleanup.

func (*FirmwareTest) Close

func (t *FirmwareTest) Close(ctx context.Context) error

Close cleans up the fingerprint test and restore the FPMCU firmware to the original image and state.

func (*FirmwareTest) DUT

func (t *FirmwareTest) DUT() *rpcdut.RPCDUT

DUT gets the RPCDUT.

func (*FirmwareTest) DUTTempDir

func (t *FirmwareTest) DUTTempDir() string

DUTTempDir gets the temporary directory created on the DUT.

func (*FirmwareTest) DutfsClient

func (t *FirmwareTest) DutfsClient() *dutfs.Client

DutfsClient gets the dutfs client.

func (*FirmwareTest) FPBoard

func (t *FirmwareTest) FPBoard() FPBoardName

FPBoard gets the fingerprint board name.

func (*FirmwareTest) NeedsRebootAfterFlashing

func (t *FirmwareTest) NeedsRebootAfterFlashing() bool

NeedsRebootAfterFlashing describes whether DUT needs to be rebooted after flashing.

func (*FirmwareTest) RPCClient

func (t *FirmwareTest) RPCClient() *rpc.Client

RPCClient gets the RPC client.

func (*FirmwareTest) Servo

func (t *FirmwareTest) Servo() *servo.Proxy

Servo gets the servo proxy.

func (*FirmwareTest) UpstartService

func (t *FirmwareTest) UpstartService() platform.UpstartServiceClient

UpstartService gets the upstart service client.

type FlashProtect

type FlashProtect struct {
	Active    FlashProtectFlags
	Valid     FlashProtectFlags
	Writeable FlashProtectFlags
}

FlashProtect hold the state of flash protect from an EC.

func GetFlashProtect

func GetFlashProtect(ctx context.Context, d *dut.DUT) (FlashProtect, error)

GetFlashProtect is used to obtain actual flash protection state as reported by the FPMCU using the 'ectool --name=cros_fp flashprotect' command.

func (*FlashProtect) IsHardwareWriteProtected

func (f *FlashProtect) IsHardwareWriteProtected() bool

IsHardwareWriteProtected is used to obtain actual hardware write protection state as reported by the FPMCU.

func (*FlashProtect) IsSoftwareReadOutProtected

func (f *FlashProtect) IsSoftwareReadOutProtected() bool

IsSoftwareReadOutProtected is used to obtain the RDP status.

Software write protection is a bit ambiguous. We enable RDP on both bloonchipper and dartmonkey, which corresponds to the irremovable ro_at_boot flag. This flag, among other things, indicates that ro_now will be enabled at boot. The ro_at_boot flag does not indicate whether the RO is protected from on-chip flash modifications (because it isn't).

func (*FlashProtect) IsSoftwareWriteProtected

func (f *FlashProtect) IsSoftwareWriteProtected() bool

IsSoftwareWriteProtected is used to obtain the software write protect status of RO.

When ro_now is enabled, the RO flash cannot be written to. This is the canonical software write protect, but the behavior of this mechanism differs between dartmonkey and bloonchipper.

For Dartmonkey, once this flag is set on boot, it cannot be removed without flashing via the bootloader (flash_fp_mcu). For bloonchipper, this flag can be removed, but the ro_at_boot cannot be removed.

See IsSoftwareReadOutProtected for a bit more detail.

func (*FlashProtect) UnmarshalerEctool

func (f *FlashProtect) UnmarshalerEctool(data []byte) error

UnmarshalerEctool unmarshals part of the ectool output into a FlashProtect.

type FlashProtectFlags

type FlashProtectFlags uint64

FlashProtectFlags represents a set of EC flash protect flags.

const (
	FlashProtectRoAtBoot          FlashProtectFlags = 0x1   // RO flash code protected when the EC boots.
	FlashProtectRoNow             FlashProtectFlags = 0x2   // RO flash code protected now.  If this bit is set, at-boot status cannot be changed.
	FlashProtectAllNow            FlashProtectFlags = 0x4   // Entire flash code protected now, until reboot.
	FlashProtectGpioAsserted      FlashProtectFlags = 0x8   // Flash write protect GPIO is asserted now.
	FlashProtectErrorStuck        FlashProtectFlags = 0x10  // Error - at least one bank of flash is stuck locked, and cannot be unlocked.
	FlashProtectErrorInconsistent FlashProtectFlags = 0x20  // Error - flash protection is in inconsistent state.
	FlashProtectAllAtBoot         FlashProtectFlags = 0x40  // Entire flash code protected when the EC boots.
	FlashProtectRwAtBoot          FlashProtectFlags = 0x80  // RW flash code protected when the EC boots.
	FlashProtectRwNow             FlashProtectFlags = 0x100 // RW flash code protected now.
	FlashProtectRollbackAtBoot    FlashProtectFlags = 0x200 // Rollback information flash region protected when the EC boots.
	FlashProtectRollbackNow       FlashProtectFlags = 0x400 // Rollback information flash region protected now.
	FlashProtectUnknownError      FlashProtectFlags = 0x800 // Error - unknown error.
)

Individual flash protect flags.

func (FlashProtectFlags) IsSet

func (f FlashProtectFlags) IsSet(flags FlashProtectFlags) bool

IsSet checks if the given flags are set.

func (*FlashProtectFlags) UnmarshalerEctool

func (f *FlashProtectFlags) UnmarshalerEctool(data []byte) error

UnmarshalerEctool unmarshals part of the ectool output into a ECFlashProtectFlags.

type RollbackState

type RollbackState struct {
	BlockID    int
	MinVersion int
	RWVersion  int
}

RollbackState is the state of the anti-rollback block.

func RollbackInfo

func RollbackInfo(ctx context.Context, d *dut.DUT) (RollbackState, error)

RollbackInfo returns the rollbackinfo of the fingerprint MCU.

func (*RollbackState) IsAntiRollbackSet

func (r *RollbackState) IsAntiRollbackSet() bool

IsAntiRollbackSet checks if version anti-rollback has been enabled.

We currently do not have a minimum version number, thus this function indicates if we are not in the normal rollback state.

func (*RollbackState) IsEntropySet

func (r *RollbackState) IsEntropySet() bool

IsEntropySet checks that entropy has already been set based on the block ID.

If the block ID is greater than 0, there is a very good chance that entropy has been added. This is the same way that biod/bio_wash checks if entropy has been set. That being said, this method can be fooled if some test simply increments the anti-rollback version from a fresh flashing.

func (*RollbackState) UnmarshalerEctool

func (r *RollbackState) UnmarshalerEctool(data []byte) error

UnmarshalerEctool unmarshals part of ectool's output into a RollbackState.

type TestImageData

type TestImageData struct {
	// Path is the absolute path to the firmware file on the DUT
	Path string
	// ROVersion is the RO version string
	ROVersion string
	// RWVersion is the RW version string
	RWVersion string
}

TestImageData represents a firmware test image

type TestImageType

type TestImageType int

TestImageType specifies the test image variant.

const (
	// TestImageTypeOriginal is the original firmware on the DUT.
	TestImageTypeOriginal TestImageType = iota
	// TestImageTypeDev is a dev-key signed version of the firmware.
	TestImageTypeDev
	// TestImageTypeCorruptFirstByte is a variant of the original firmware with the first byte changed.
	TestImageTypeCorruptFirstByte
	// TestImageTypeCorruptLastByte is a variant of the original firmware with the last byte changed.
	TestImageTypeCorruptLastByte
	// TestImageTypeDevRollbackZero is a dev-key signed version of the firmware with rollback set to zero.
	TestImageTypeDevRollbackZero
	// TestImageTypeDevRollbackOne is a dev-key signed version of the firmware with rollback set to one.
	TestImageTypeDevRollbackOne
	// TestImageTypeDevRollbackNine is a dev-key signed version of the firmware with rollback set to nine.
	TestImageTypeDevRollbackNine
)

type TestImages

type TestImages map[TestImageType]*TestImageData

TestImages maps a given test image type to data describing the image.

func GenerateTestFirmwareImages

func GenerateTestFirmwareImages(ctx context.Context, d *rpcdut.RPCDUT, futilityPath, keyFilePath string, fpBoard FPBoardName, buildFWFile, dutTempDir string) (ret TestImages, retErr error)

GenerateTestFirmwareImages generates a set of test firmware images from the firmware that is on the DUT.

Directories

Path Synopsis
Package rpcdut provides a dut.DUT override that adds an additional managed RPC client connection.
Package rpcdut provides a dut.DUT override that adds an additional managed RPC client connection.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL