fingerprint

package
v0.0.0-...-9474aff Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 28, 2022 License: BSD-3-Clause Imports: 29 Imported by: 0

Documentation

Overview

Package fingerprint is a collection of utilities to work with the firmware on the fingerprint microcontroller (FPMCU), e.g. toggle write protect and flash firmware.

Index

Constants

View Source 
const (
	// Futility is the futility executable name.
	Futility = "futility"
	// BloonchipperDevKey is the path to the dev key.
	BloonchipperDevKey = "fingerprint_dev_keys/bloonchipper/dev_key.pem"
	// DartmonkeyDevKey is the path to the dev key.
	DartmonkeyDevKey = "fingerprint_dev_keys/dartmonkey/dev_key.pem"
	// NamiFPDevKey is the path to the dev key.
	NamiFPDevKey = "fingerprint_dev_keys/nami_fp/dev_key.pem"
	// NocturneFPDevKey is the path to the dev key.
	NocturneFPDevKey = "fingerprint_dev_keys/nocturne_fp/dev_key.pem"
)
View Source 
const (

	// WaitForBiodToStartTimeout is the time to wait for biod to start.
	WaitForBiodToStartTimeout = 30 * time.Second
)

Variables

This section is empty.

Functions

func AddEntropy 

func AddEntropy(ctx context.Context, d *dut.DUT, reset bool) error

AddEntropy adds entropy to the fingerprint MCU.

func BioWash 

func BioWash(ctx context.Context, d *rpcdut.RPCDUT, reset bool) error

BioWash calls bio_wash to reset the entropy key material on the FPMCU.

func CheckFirmwareIsFunctional 

func CheckFirmwareIsFunctional(ctx context.Context, d *dut.DUT) ([]byte, error)

CheckFirmwareIsFunctional checks that the AP can talk to the FPMCU and get the version.

func CheckRawFPFrameFails 

func CheckRawFPFrameFails(ctx context.Context, d *rpcdut.RPCDUT) error

CheckRawFPFrameFails validates that a raw frame cannot be read from the FPMCU and returns an error if a raw frame can be read.

func CheckRollbackSetToInitialValue 

func CheckRollbackSetToInitialValue(ctx context.Context, d *rpcdut.RPCDUT) error

CheckRollbackSetToInitialValue checks the anti-rollback block is set to initial values.

func CheckRollbackState 

func CheckRollbackState(ctx context.Context, d *rpcdut.RPCDUT, expected RollbackState) error

CheckRollbackState checks that the anti-rollback block is set to expected values.

func CheckRunningFirmwareCopy 

func CheckRunningFirmwareCopy(ctx context.Context, d *dut.DUT, image FWImageType) error

CheckRunningFirmwareCopy validates that image is the running FPMCU firmware copy and returns an error if that is not the case.

func CheckRunningFirmwareVersionMatches 

func CheckRunningFirmwareVersionMatches(ctx context.Context, d *rpcdut.RPCDUT, expectedROVersion, expectedRWVersion string) error

CheckRunningFirmwareVersionMatches compares the running RO and RW firmware versions to expectedROVersion and expectedRWVersion and returns an error if they do not match.

func CheckSystemIsLocked 

func CheckSystemIsLocked(ctx context.Context, d *dut.DUT) error

CheckSystemIsLocked validates that the FPMCU is locked and returns an error if it is not.

func CheckValidFlashState 

func CheckValidFlashState(ctx context.Context, d *rpcdut.RPCDUT, fpBoard FPBoardName, buildFWFile string) error

CheckValidFlashState validates the rollback state and the running firmware versions (RW and RO). It returns an error if any of the values are incorrect.

func CheckWriteProtectStateCorrect 

func CheckWriteProtectStateCorrect(ctx context.Context, d *dut.DUT, fpBoard FPBoardName, curImage FWImageType, softwareWriteProtectEnabled, hardwareWriteProtectEnabled bool) error

CheckWriteProtectStateCorrect correct returns an error if the FPMCU's current write protection state does not match the expected state.

func DevKeyForFPBoard 

func DevKeyForFPBoard(fpBoard FPBoardName) string

DevKeyForFPBoard gets the dev key for the given fpBoard.

func EctoolCommand 

func EctoolCommand(ctx context.Context, d *dut.DUT, args ...string) *ssh.Cmd

EctoolCommand constructs an "ectool" command for the FPMCU.

func FirmwarePath 

func FirmwarePath(ctx context.Context, d *rpcdut.RPCDUT, fpBoard FPBoardName) (string, error)

FirmwarePath returns the path to the fingerprint firmware file on device.

func FlashFirmware 

func FlashFirmware(ctx context.Context, d *rpcdut.RPCDUT, needsRebootAfterFlashing bool) error

FlashFirmware flashes the original fingerprint firmware in rootfs.

func FlashRWFirmware 

func FlashRWFirmware(ctx context.Context, d *rpcdut.RPCDUT, firmwareFile string) error

FlashRWFirmware flashes the specified firmwareFile as the RW image on the FPMCU. It does not modify the RO image.

func GetBuildROFirmwareVersion 

func GetBuildROFirmwareVersion(ctx context.Context, d *rpcdut.RPCDUT, buildFWFile string) (string, error)

GetBuildROFirmwareVersion returns the RO version of a given build firmware file on DUT.

func GetBuildRWFirmwareVersion 

func GetBuildRWFirmwareVersion(ctx context.Context, d *rpcdut.RPCDUT, buildFWFile string) (string, error)

GetBuildRWFirmwareVersion returns the RW version of a given build firmware file on DUT.

func InitializeEntropy 

func InitializeEntropy(ctx context.Context, d *rpcdut.RPCDUT) error

InitializeEntropy initializes the anti-rollback block in RO firmware.

func InitializeHWAndSWWriteProtect 

func InitializeHWAndSWWriteProtect(ctx context.Context, d *rpcdut.RPCDUT, pxy *servo.Proxy, fpBoard FPBoardName, enableHWWP, enableSWWP bool) error

InitializeHWAndSWWriteProtect ensures hardware and software write protect are initialized as requested.

func InitializeKnownState 

func InitializeKnownState(ctx context.Context, d *rpcdut.RPCDUT, outdir string, pxy *servo.Proxy, fpBoard FPBoardName, buildFWFile string, needsRebootAfterFlashing bool) error

InitializeKnownState checks that the AP can talk to FPMCU. If not, it flashes the FPMCU.

func NeedsRebootAfterFlashing 

func NeedsRebootAfterFlashing(ctx context.Context, d *rpcdut.RPCDUT) (bool, error)

NeedsRebootAfterFlashing returns true if device needs to be rebooted after flashing. Zork cannot rebind cros-ec-uart after flashing, so an AP reboot is needed to talk to FPMCU. See b/170213489.

func ReadFromRollbackFlash 

func ReadFromRollbackFlash(ctx context.Context, d *dut.DUT, fpBoard FPBoardName, outputFile string) error

ReadFromRollbackFlash attempts to read bytes from the rollback section of the FPMCU's flash. The directory containing outputFile must already exist on the DUT.

func RebootFpmcu 

func RebootFpmcu(ctx context.Context, d *dut.DUT, bootTo FWImageType) error

RebootFpmcu reboots the fingerprint MCU. It does not reboot the AP.

func ReimageFPMCU 

func ReimageFPMCU(ctx context.Context, d *rpcdut.RPCDUT, pxy *servo.Proxy, needsRebootAfterFlashing bool) error

ReimageFPMCU flashes the FPMCU completely and initializes entropy.

func RunningROVersion 

func RunningROVersion(ctx context.Context, d *rpcdut.RPCDUT) (string, error)

RunningROVersion returns the RO version running on FPMCU.

func RunningRWVersion 

func RunningRWVersion(ctx context.Context, d *rpcdut.RPCDUT) (string, error)

RunningRWVersion returns the RW version running on FPMCU.

func SetHardwareWriteProtect 

func SetHardwareWriteProtect(ctx context.Context, pxy *servo.Proxy, enable bool) error

SetHardwareWriteProtect sets the FPMCU's hardware write protection to the state specified by enable.

func SetSoftwareWriteProtect 

func SetSoftwareWriteProtect(ctx context.Context, d *dut.DUT, enable bool) error

SetSoftwareWriteProtect sets the FPMCU's software write protection to the state specified by enable.

func ValidateBuildFwFile 

func ValidateBuildFwFile(ctx context.Context, d *rpcdut.RPCDUT, fpBoard FPBoardName, buildFwFile string) error

ValidateBuildFwFile checks that all attributes in the given firmware file match their expected values.

func WaitForRunningFirmwareImage 

func WaitForRunningFirmwareImage(ctx context.Context, d *dut.DUT, image FWImageType) error

WaitForRunningFirmwareImage waits for the requested image to boot.

Types

type FMAPSection 

type FMAPSection string

FMAPSection describes a firmware map section. 

const (
	// ROFirmwareID is the read-only firmware ID.
	ROFirmwareID FMAPSection = "RO_FRID"
	// RWFirmwareID is the read-write firmware ID.
	RWFirmwareID FMAPSection = "RW_FWID"
	// RWRollbackVersion is the read-write rollback version.
	RWRollbackVersion FMAPSection = "RW_RBVER"
	// RWFirmware is the read-write section.
	RWFirmware FMAPSection = "EC_RW"
	// SignatureRW is the signature section.
	SignatureRW FMAPSection = "SIG_RW"
)

type FPBoardName 

type FPBoardName string

FPBoardName is the board name of the FPMCU. 

const (
	FPBoardNameBloonchipper FPBoardName = "bloonchipper"
	FPBoardNameDartmonkey   FPBoardName = "dartmonkey"
	FPBoardNameNocturne     FPBoardName = "nocturne_fp"
	FPBoardNameNami         FPBoardName = "nami_fp"
)

Possible names for FPMCUs.

func Board 

func Board(ctx context.Context, d *rpcdut.RPCDUT) (FPBoardName, error)

Board returns the name of the fingerprint EC on the DUT

type FWImageType 

type FWImageType string

FWImageType is the type of firmware (RO or RW). 

const (
	ImageTypeRO FWImageType = "RO"
	ImageTypeRW FWImageType = "RW"
)

These are the possible values of FWImageType.

func RunningFirmwareCopy 

func RunningFirmwareCopy(ctx context.Context, d *dut.DUT) (FWImageType, error)

RunningFirmwareCopy returns the firmware copy on FPMCU (RO or RW).

type FirmwareTest 

type FirmwareTest struct {
	// contains filtered or unexported fields
}

FirmwareTest provides a common framework for fingerprint firmware tests.

func NewFirmwareTest 

func NewFirmwareTest(ctx context.Context, d *rpcdut.RPCDUT, servoSpec, outDir string, enableHWWP, enableSWWP bool) (firmwareTest *FirmwareTest, initError error)

NewFirmwareTest creates and initializes a new fingerprint firmware test. enableHWWP indicates whether the test should enable hardware write protect. enableSWWP indicates whether the test should enable software write protect.

func (*FirmwareTest) BuildFwFile 

func (t *FirmwareTest) BuildFwFile() string

BuildFwFile gets the firmware file.

func (*FirmwareTest) CleanupTime 

func (t *FirmwareTest) CleanupTime() time.Duration

CleanupTime gets the amount of time needed for cleanup.

func (*FirmwareTest) Close 

func (t *FirmwareTest) Close(ctx context.Context) error

Close cleans up the fingerprint test and restore the FPMCU firmware to the original image and state.

func (*FirmwareTest) DUT 

func (t *FirmwareTest) DUT() *rpcdut.RPCDUT

DUT gets the RPCDUT.

func (*FirmwareTest) DUTTempDir 

func (t *FirmwareTest) DUTTempDir() string

DUTTempDir gets the temporary directory created on the DUT.

func (*FirmwareTest) DutfsClient 

func (t *FirmwareTest) DutfsClient() *dutfs.Client

DutfsClient gets the dutfs client.

func (*FirmwareTest) FPBoard 

func (t *FirmwareTest) FPBoard() FPBoardName

FPBoard gets the fingerprint board name.

func (*FirmwareTest) NeedsRebootAfterFlashing 

func (t *FirmwareTest) NeedsRebootAfterFlashing() bool

NeedsRebootAfterFlashing describes whether DUT needs to be rebooted after flashing.

func (*FirmwareTest) RPCClient 

func (t *FirmwareTest) RPCClient() *rpc.Client

RPCClient gets the RPC client.

func (*FirmwareTest) Servo 

func (t *FirmwareTest) Servo() *servo.Proxy

Servo gets the servo proxy.

func (*FirmwareTest) UpstartService 

func (t *FirmwareTest) UpstartService() platform.UpstartServiceClient

UpstartService gets the upstart service client.

type FlashProtect 

type FlashProtect struct {
	Active    FlashProtectFlags
	Valid     FlashProtectFlags
	Writeable FlashProtectFlags
}

FlashProtect hold the state of flash protect from an EC.

func GetFlashProtect 

func GetFlashProtect(ctx context.Context, d *dut.DUT) (FlashProtect, error)

GetFlashProtect is used to obtain actual flash protection state as reported by the FPMCU using the 'ectool --name=cros_fp flashprotect' command.

func (*FlashProtect) IsHardwareWriteProtected 

func (f *FlashProtect) IsHardwareWriteProtected() bool

IsHardwareWriteProtected is used to obtain actual hardware write protection state as reported by the FPMCU.

func (*FlashProtect) IsSoftwareReadOutProtected 

func (f *FlashProtect) IsSoftwareReadOutProtected() bool

IsSoftwareReadOutProtected is used to obtain the RDP status.

Software write protection is a bit ambiguous. We enable RDP on both bloonchipper and dartmonkey, which corresponds to the irremovable ro_at_boot flag. This flag, among other things, indicates that ro_now will be enabled at boot. The ro_at_boot flag does not indicate whether the RO is protected from on-chip flash modifications (because it isn't).

func (*FlashProtect) IsSoftwareWriteProtected 

func (f *FlashProtect) IsSoftwareWriteProtected() bool

IsSoftwareWriteProtected is used to obtain the software write protect status of RO.

When ro_now is enabled, the RO flash cannot be written to. This is the canonical software write protect, but the behavior of this mechanism differs between dartmonkey and bloonchipper.

For Dartmonkey, once this flag is set on boot, it cannot be removed without flashing via the bootloader (flash_fp_mcu). For bloonchipper, this flag can be removed, but the ro_at_boot cannot be removed.

See IsSoftwareReadOutProtected for a bit more detail.

func (*FlashProtect) UnmarshalerEctool 

func (f *FlashProtect) UnmarshalerEctool(data []byte) error

UnmarshalerEctool unmarshals part of the ectool output into a FlashProtect.

type FlashProtectFlags 

type FlashProtectFlags uint64

FlashProtectFlags represents a set of EC flash protect flags. 

const (
	FlashProtectRoAtBoot          FlashProtectFlags = 0x1   // RO flash code protected when the EC boots.
	FlashProtectRoNow             FlashProtectFlags = 0x2   // RO flash code protected now.  If this bit is set, at-boot status cannot be changed.
	FlashProtectAllNow            FlashProtectFlags = 0x4   // Entire flash code protected now, until reboot.
	FlashProtectGpioAsserted      FlashProtectFlags = 0x8   // Flash write protect GPIO is asserted now.
	FlashProtectErrorStuck        FlashProtectFlags = 0x10  // Error - at least one bank of flash is stuck locked, and cannot be unlocked.
	FlashProtectErrorInconsistent FlashProtectFlags = 0x20  // Error - flash protection is in inconsistent state.
	FlashProtectAllAtBoot         FlashProtectFlags = 0x40  // Entire flash code protected when the EC boots.
	FlashProtectRwAtBoot          FlashProtectFlags = 0x80  // RW flash code protected when the EC boots.
	FlashProtectRwNow             FlashProtectFlags = 0x100 // RW flash code protected now.
	FlashProtectRollbackAtBoot    FlashProtectFlags = 0x200 // Rollback information flash region protected when the EC boots.
	FlashProtectRollbackNow       FlashProtectFlags = 0x400 // Rollback information flash region protected now.
	FlashProtectUnknownError      FlashProtectFlags = 0x800 // Error - unknown error.
)

Individual flash protect flags.

func (FlashProtectFlags) IsSet 

func (f FlashProtectFlags) IsSet(flags FlashProtectFlags) bool

IsSet checks if the given flags are set.

func (*FlashProtectFlags) UnmarshalerEctool 

func (f *FlashProtectFlags) UnmarshalerEctool(data []byte) error

UnmarshalerEctool unmarshals part of the ectool output into a ECFlashProtectFlags.

type RollbackState 

type RollbackState struct {
	BlockID    int
	MinVersion int
	RWVersion  int
}

RollbackState is the state of the anti-rollback block.

func RollbackInfo 

func RollbackInfo(ctx context.Context, d *dut.DUT) (RollbackState, error)

RollbackInfo returns the rollbackinfo of the fingerprint MCU.

func (*RollbackState) IsAntiRollbackSet 

func (r *RollbackState) IsAntiRollbackSet() bool

IsAntiRollbackSet checks if version anti-rollback has been enabled.

We currently do not have a minimum version number, thus this function indicates if we are not in the normal rollback state.

func (*RollbackState) IsEntropySet 

func (r *RollbackState) IsEntropySet() bool

IsEntropySet checks that entropy has already been set based on the block ID.

If the block ID is greater than 0, there is a very good chance that entropy has been added. This is the same way that biod/bio_wash checks if entropy has been set. That being said, this method can be fooled if some test simply increments the anti-rollback version from a fresh flashing.

func (*RollbackState) UnmarshalerEctool 

func (r *RollbackState) UnmarshalerEctool(data []byte) error

UnmarshalerEctool unmarshals part of ectool's output into a RollbackState.

type TestImageData 

type TestImageData struct {
	// Path is the absolute path to the firmware file on the DUT
	Path string
	// ROVersion is the RO version string
	ROVersion string
	// RWVersion is the RW version string
	RWVersion string
}

TestImageData represents a firmware test image

type TestImageType 

type TestImageType int

TestImageType specifies the test image variant. 

const (
	// TestImageTypeOriginal is the original firmware on the DUT.
	TestImageTypeOriginal TestImageType = iota
	// TestImageTypeDev is a dev-key signed version of the firmware.
	TestImageTypeDev
	// TestImageTypeCorruptFirstByte is a variant of the original firmware with the first byte changed.
	TestImageTypeCorruptFirstByte
	// TestImageTypeCorruptLastByte is a variant of the original firmware with the last byte changed.
	TestImageTypeCorruptLastByte
	// TestImageTypeDevRollbackZero is a dev-key signed version of the firmware with rollback set to zero.
	TestImageTypeDevRollbackZero
	// TestImageTypeDevRollbackOne is a dev-key signed version of the firmware with rollback set to one.
	TestImageTypeDevRollbackOne
	// TestImageTypeDevRollbackNine is a dev-key signed version of the firmware with rollback set to nine.
	TestImageTypeDevRollbackNine
)

type TestImages 

type TestImages map[TestImageType]*TestImageData

TestImages maps a given test image type to data describing the image.

func GenerateTestFirmwareImages 

func GenerateTestFirmwareImages(ctx context.Context, d *rpcdut.RPCDUT, futilityPath, keyFilePath string, fpBoard FPBoardName, buildFWFile, dutTempDir string) (ret TestImages, retErr error)

GenerateTestFirmwareImages generates a set of test firmware images from the firmware that is on the DUT.

Source Files

View all Source files

Directories

Path Synopsis
Package rpcdut provides a dut.DUT override that adds an additional managed RPC client connection.
 Package rpcdut provides a dut.DUT override that adds an additional managed RPC client connection.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.