[dgit import tarball vboot-utils 0~R99-14469.B-2 vboot-utils_0~R99-14469.B-2.debian.tar.xz]
--- /dev/null
+debian/manpages/cgpt.1
--- /dev/null
+vboot-utils (0~R99-14469.B-2) unstable; urgency=medium
+
+ * Fix switch to llvm-toolchain-13: use libfuzzer-13-dev (Closes: #1000916)
+
+ -- Sophie Brun <sophie@offensive-security.com> Mon, 18 Jul 2022 11:08:11 +0200
+
+vboot-utils (0~R99-14469.B-1) unstable; urgency=medium
+
+ * New upstream version 0~R99-14469.B
+ * Refresh patches
+ * Update debian/copyright
+ * Add missing build-dep libflashrom-dev
+ * Upgrade to use llvm-toolchain-13 (Closes: #1000916)
+ * Bump Standards-Version to 4.6.0
+ * Use debhelper-compat 13
+
+ -- Sophie Brun <sophie@offensive-security.com> Mon, 14 Feb 2022 14:32:56 +0100
+
+vboot-utils (0~R88-13597.B-1) unstable; urgency=medium
+
+ [ Sophie Brun ]
+ * Add a patch to fix reproducible build (Closes: #974863)
+ * Upgrade to clang-11 (Closes: #974776)
+ * Bump Standards-Version to 4.5.1 (no changes)
+ * Use version=4 in debian/watch
+ * New upstream version 0~R88-13597.B
+ * Refresh patches
+
+ [ Raphael Hertzog ]
+ * Use libfuzzer-11-dev instead of libfuzzer-10-dev
+
+ -- Sophie Brun <sophie@offensive-security.com> Tue, 01 Dec 2020 10:59:21 +0100
+
+vboot-utils (0~R87-13505.B-1) unstable; urgency=medium
+
+ * New upstream version 0~R87-13505.B
+ * Refresh patches
+ * Add a patch to not embed user and time in version (Closes: #971400)
+ * Switch to clang 10 (Closes: #971402)
+ * Remove override_dh_fixperms no longer needed
+ * Update installation for new upstream release
+
+ -- Sophie Brun <sophie@offensive-security.com> Tue, 27 Oct 2020 21:01:46 +0100
+
+vboot-utils (0~R81-12871.B-1) unstable; urgency=medium
+
+ * Update debian/watch
+ * New upstream version 0~R81-12871.B
+ * Refresh patches
+ * Build with clang and libfuzzer
+ * d/rules: remove futility_s mention (no longer exists)
+ * Add a patch to remove -Werror flag
+ * Use debhelper-compat 12
+ * Remove useless python in build-dep (Closes: #938769)
+ * Add missing build-dep bc required for tests
+ * Update debian/copyright
+ * Add missing flags pie
+ * Bump Standards-Version to 4.5.0
+
+ -- Sophie Brun <sophie@offensive-security.com> Wed, 12 Feb 2020 15:14:54 +0100
+
+vboot-utils (0~R63-10032.B-3) unstable; urgency=medium
+
+ * Move git repository to salsa.debian.org.
+ * Make build logs verbose to include the full command line.
+ * Protect dh_override_auto_test with check of nocheck in DEB_BUILD_OPTIONS.
+ * Bump Standards-Version to 4.1.3.
+ * Update my name in Uploaders.
+
+ -- Raphaël Hertzog <hertzog@debian.org> Tue, 06 Feb 2018 16:29:11 +0100
+
+vboot-utils (0~R63-10032.B-2) unstable; urgency=medium
+
+ * Add a patch to fix futility bdb on 32 bits architectures (Closes: #881997)
+
+ -- Sophie Brun <sophie@freexian.com> Mon, 20 Nov 2017 14:19:32 +0100
+
+vboot-utils (0~R63-10032.B-1) unstable; urgency=medium
+
+ * Fix debian/watch
+ * New upstream version 0~R63-10032.B
+ * Build against openssl 1.1 (Closes: #835801)
+ * Remove useless patch 0001-use-zu-as-appropriate-for-size_t (fixed
+ upstream)
+ * Update debian/copyright
+ * Remove useless patch 0009-drop-failing-test.patch
+ * Add a patch to fix failing tests-show-contents
+ * Bump Standards-version to 4.1.1: update Priority to optional, use https
+ * Fix perms for usr/share/vboot/bin/common_minimal.sh
+
+ -- Sophie Brun <sophie@freexian.com> Thu, 16 Nov 2017 09:21:28 +0100
+
+vboot-utils (0~R52-8350.B-2) unstable; urgency=medium
+
+ * Add missing build-depends: libssl1.0-dev. Keep using libssl 1.0 as
+ upstream didn't update code for libssl 1.1 and changes are involved
+ (Closes: #835801)
+ * Drop useless build-depends: libtspi-dev
+
+ -- Sophie Brun <sophie@freexian.com> Fri, 02 Sep 2016 15:09:03 +0200
+
+vboot-utils (0~R52-8350.B-1) unstable; urgency=medium
+
+ [ Sophie Brun ]
+ * Import new upstream release (Closes: #828592)
+ * Taking over with Antonio's permission (Closes: #798556)
+ * Update patches: 0001-use-zu-as-appropriate-for-size_t.patch,
+ 0002-reduce-uname-down.patch, 0003-do-not-do-static-linking.patch,
+ 0004-skip-test-workbuf.patch, 0005-remove-Werror.patch,
+ 0006-add-CPPFLAGS-LDFLAGS.patch
+ * Update the installation: futility program is now in vboot-kernel-utils
+ * Update the manual pages (Closes: #735296)
+ * Add patches to fix installation: 0007-fix-install-vboot_reference.patch,
+ 0010-change-install-directory-scripts.patch
+ * Add a patch to try to fix build on arm64
+ * Add a patch to drop a failing test
+ * Add debian/watch
+
+ [ Raphaël Hertzog ]
+ * Don't override dh_builddeb to force xz compression, it's the default
+ nowadays.
+ * Drop vboot_host.pc as we don't install the associated static library.
+ * Use https URL in Vcs-Browser.
+ * Drop build dependency on dpkg-dev as versioned dependency is satisfied in
+ oldstable (wheezy) and all newer releases.
+
+ -- Sophie Brun <sophie@freexian.com> Mon, 23 May 2016 10:55:20 +0200
+
+vboot-utils (0~20121212-3) unstable; urgency=low
+
+ * Added patch to make use that CPPFLAGS and LDFLAGS are used.
+
+ -- Marcin Juszkiewicz <marcin@juszkiewicz.com.pl> Tue, 04 Jun 2013 22:26:58 +0200
+
+vboot-utils (0~20121212-2) unstable; urgency=low
+
+ * bumped debhelper to v9 to get hardening support
+ * fixed lintian warnings
+ * updated manpages
+ * fixed copyright Files: entries
+ * updated Standards-Version to 3.9.4 (no changes)
+ * enlarged vboot-kernel-utils description a bit
+ * fixed Vcs links
+ * Merged few changes from Shawn Landden repo:
+ * Tests are now run after build.
+ * Added manpages for cgpt, crossystem vbutil_kernel.
+ * Added openssl, python, realpath to build dependencies - tests
+ requirements.
+
+ -- Marcin Juszkiewicz <marcin@juszkiewicz.com.pl> Tue, 12 Mar 2013 22:07:17 +0800
+
+vboot-utils (0~20121212-1) unstable; urgency=low
+
+ [ Antonio Terceiro ]
+ * Initial release.
+ * Added patches to:
+ - build utilities as shared binaries
+ - Fix build on armhf by removing -Werror from build flags
+
+ [ Marcin Juszkiewicz ]
+ * Added patch to build cgpt as shared binary.
+
+ -- Antonio Terceiro <terceiro@debian.org> Sun, 16 Dec 2012 11:03:40 -0300
--- /dev/null
+Source: vboot-utils
+Section: admin
+Priority: optional
+Maintainer: Sophie Brun <sophie@offensive-security.com>
+Uploaders: Raphaël Hertzog <raphael@offensive-security.com>
+Build-Depends: debhelper-compat (= 13),
+ clang-13,
+ libflashrom-dev,
+ libfuzzer-13-dev,
+ liblzma-dev,
+ libssl-dev,
+ libyaml-dev,
+ pkg-config,
+ uuid-dev,
+# tests/subprocess_tests.c
+ bc,
+# tests/external_rsa_signer.sh
+ openssl
+Standards-Version: 4.6.0
+Vcs-Git: https://salsa.debian.org/debian/vboot-utils.git
+Vcs-Browser: https://salsa.debian.org/debian/vboot-utils
+Homepage: https://chromium.googlesource.com/chromiumos/platform/vboot_reference
+
+Package: vboot-utils
+Architecture: amd64 arm64 armel armhf i386
+Multi-Arch: foreign
+Depends: vboot-kernel-utils, ${misc:Depends}, ${shlibs:Depends}
+Recommends: cgpt
+Pre-Depends: ${misc:Pre-Depends}
+Description: Chrome OS verified u-boot utilities
+ This package contains a set of tools to deal with Chromebook internals,
+ and the verified version of u-boot. Namely:
+ bmpblk_font bmpblk_utility chromeos-tpm-recovery crossystem dev_debug_vboot
+ dev_make_keypair dumpRSAPublicKey eficompress efidecompress enable_dev_usb_boot
+ load_kernel_test pad_digest_utility signature_digest_utility tpm-nvsize
+ tpm_init_temp_fix tpmc vbutil_what_key verify_data.
+ .
+ The programs previously included in this package: dump_fmap dump_kernel_config
+ futility gbb_utility vbutil_firmware vbutil_key vbutil_keyblock, are now
+ grouped in the futility program in the package vboot-kernel-utils.
+ .
+ Most users don't need this package, and should look for the cgpt and
+ vboot-kernel-utils packages instead.
+
+Package: cgpt
+Provides: crossystem
+Architecture: amd64 arm64 armel armhf i386
+Multi-Arch: foreign
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Pre-Depends: ${misc:Pre-Depends}
+Description: GPT manipulation tool with support for Chromium OS extensions
+ Cgpt is a tool to manipulate GUID Partition Table from command line. It also
+ supports Chromium OS extensions enabling you to change priority for kernel
+ partitions.
+
+Package: vboot-kernel-utils
+Architecture: amd64 arm64 armel armhf i386
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Pre-Depends: ${misc:Pre-Depends}
+Description: Chrome OS verified boot utils required to sign kernels
+ This package provides the futility program (including the vbutil_kernel
+ program required to sign custom kernels in order to get them booted by Chrome
+ OS devices (i.e. Chromebooks)).
--- /dev/null
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: vboot-reference
+Source: https://chromium.googlesource.com/chromiumos/platform/vboot_reference/
+
+Files: *
+Copyright: (c) 2010-2021 The Chromium OS Authors. All rights reserved.
+License: BSD-3-clause
+
+Files: firmware/lib/cgptlib/crc32.c
+Copyright: (C) 1986 Gary S. Brown.
+License: other
+ You may use this program, or code or tables extracted from it, as desired
+ without restriction.
+
+Files: firmware/2lib/2sha256.c firmware/2lib/2sha512.c
+Copyright: (C) 2005, 2007 Olivier Gay <olivier.gay@a3.epfl.ch>
+License: BSD-3-clause
+
+Files: scripts/image_signing/lib/shflags/shflags
+Copyright: Copyright 2008 Kate Ward. All Rights Reserved.
+License: LGPL-2.1
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License version 2.1 as published by the Free Software Foundation.
+ .
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+ .
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, see <http://www.gnu.org/licenses/>
+ .
+ On Debian systems, the complete text of the GNU Lesser General
+ Public License version 2.1 can be found in
+ "/usr/share/common-licenses/LGPL-2.1".
+
+Files: debian/*
+Copyright: 2012 Antonio Terceiro <terceiro@debian.org>
+ 2012 Marcin Juszkiewicz <marcin@juszkiewicz.com.pl>
+ 2020-2022 Sophie Brun <sophie@offensive-security.com>
+License: BSD-3-clause
+
+License: BSD-3-clause
+ All rights reserved.
+ .
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are
+ met:
+ .
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following disclaimer
+ in the documentation and/or other materials provided with the
+ distribution.
+ 3. Neither the name of Google Inc. nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- /dev/null
+\" TROFF Macro Summary: http://www.fileformat.info/info/man-pages/macro.htm
+
+.TH CGPT "1" "January 2014" "cgpt " "System Administration Commands"
+
+.SH NAME
+cgpt \- Utility to manipulate GPT partitions with Chromium OS extensions
+
+.SH SYNOPSIS
+.B cgpt
+\fICOMMAND\fR
+[\fIOPTIONS\fR]
+\fIDRIVE\fR
+
+.SH DESCRIPTION
+Cgpt is a tool to manipulate a GUID Partition Table from the command line. Although several other utilities exist for the same basic purpose \- some with more features and a captive user interface \- cgpt is unique in that it also supports Chromium OS extensions. These extensions are not generally useful; they are specific to the u-boot firmware found on some Chromebooks. They may be used to change priority for kernel partitions and give other hints to u-boot Chromebook firmware. Use this utility only to manipulate a partition table for compatible Chromebooks.
+
+.SH COMMANDS
+Each action performed by this program \- with the notable exception of the \fI\-h\fR \fIOPTION\fR \- is initiated by a command which tells cgpt the type of operation to perform. All available commands are described below.
+
+.IP \fBcreate\fR
+Create or reset GPT headers and tables.
+
+.IP \fBadd\fR
+Add, edit, or remove a partition entry.
+
+.IP \fBshow\fR
+Show the partition table and entries.
+
+.IP \fBrepair\fR
+Repair damaged GPT headers and tables.
+
+.IP \fBboot\fR
+Edit the PMBR sector for legacy BIOSes.
+
+If no \fIBOOT OPTIONS\fR are specified, this command will just print the PMBR boot GUID.
+
+.IP \fBfind\fR
+Find a partition by its GUID.
+
+If no \fIDRIVE\fR is specified, this command will scan all physical drives for a match.
+
+.IP \fBprioritize\fR
+Reorder the priority of all ChromeOS kernel partitions.
+
+If no options are specified, this command will set the lowest active kernel to priority 1 while maintaining the original order.
+
+.IP \fBlegacy\fR
+Switch between GPT and Legacy GPT.
+
+.SH GENERAL\ OPTIONS
+The options described in this section apply to every \fICOMMAND\fR supported by this program.
+
+.IP \fB-h\fR
+For more detailed usage, use \fBcgpt\fR \fICOMMAND\fR \fI-h\fR
+
+.SH EXAMPLES
+The following examples demonstrate valid syntax only. It is up to you to interpret them based on the documentation in this manual.
+
+\fBcgpt\fR \fIshow\fR /dev/mmcblk0
+.br
+\fBcgpt\fR \fIcreate\fR /dev/mmcblk0
+.br
+\fBcgpt\fR \fIadd\fR \fI-i\fR 2 \fI-S\fR 1 \fI-T\fR 15 \fI-P\fR 15 /dev/mmcblk0
+.br
+\fBcgpt\fR \fIadd\fR \fI-i\fR 1 \fI-t\fR data \fI-l\fR "STATE" /dev/mmcblk0
+.br
+\fBcgpt\fR \fIadd\fR \fI-i\fR 2 \fI-t\fR kernel \fI-l\fR "KERN-A" /dev/mmcblk0
+.br
+\fBcgpt\fR \fIadd\fR \fI-i\fR 3 \fI-t\fR rootfs \fI-l\fR "ROOT-A" /dev/mmcblk0
+
+.SH AUTHOR
+This manual page was written by Karl Lenz <xorangekiller@gmail.com> for the Debian project (but may be used by others).
+
+.SH COPYRIGHT
+Cgpt is copyright 2010-2013, The Chromium OS Authors
+.br
+This manual page is copyright 2014, Karl Lenz
+
+Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.
+
+Cgpt is provided "as is" with no warranty. The exact terms under which you may use and (re)distribute this program are detailed in the BSD 3-Clause License, which is distributed with this program in the LICENSE file. On Debian systems, the complete text of the BSD 3-Clause License can be found in /usr/share/common-licenses/BSD.
+
+.SH SEE\ ALSO
+.BR parted (8),
+.BR gdisk (8),
+.BR gptsync (8)
--- /dev/null
+.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4.
+.TH CROSSYSTEM "1" "July 2016" "crossystem " "User Commands"
+.SH NAME
+crossystem \- Chrome OS firmware/system interface utility
+.SH DESCRIPTION
+.SS "Usage:"
+.IP
+crossystem [\-\-all]
+.IP
+Prints all parameters with descriptions and current values.
+If \fB\-\-all\fR is specified, prints even normally hidden fields.
+.IP
+crossystem [param1 [param2 [...]]]
+.IP
+Prints the current value(s) of the parameter(s).
+.IP
+crossystem [param1=value1] [param2=value2 [...]]]
+.IP
+Sets the parameter(s) to the specified value(s).
+.IP
+crossystem [param1?value1] [param2?value2 [...]]]
+.IP
+Checks if the parameter(s) all contain the specified value(s).
+.PP
+Stops at the first error.
+Valid parameters:
+.TP
+arch
+Platform architecture
+.TP
+backup_nvram_request
+Backup the nvram somewhere at the next boot. Cleared on success.
+.TP
+battery_cutoff_request
+Cut off battery and shutdown on next boot.
+.TP
+block_devmode
+Block all use of developer mode
+.TP
+clear_tpm_owner_request
+Clear TPM owner on next boot
+.TP
+clear_tpm_owner_done
+Clear TPM owner done
+.TP
+cros_debug
+OS should allow debug features
+.TP
+dbg_reset
+Debug reset mode request (writable)
+.TP
+debug_build
+OS image built for debug features
+.TP
+dev_boot_usb
+Enable developer mode boot from USB/SD (writable)
+.TP
+dev_boot_legacy
+Enable developer mode boot Legacy OSes (writable)
+.TP
+dev_boot_signed_only
+Enable developer mode boot only from official kernels (writable)
+.TP
+dev_default_boot
+default boot from legacy or usb (writable)
+.TP
+devsw_boot
+Developer switch position at boot
+.TP
+devsw_cur
+Developer switch current position
+.TP
+disable_dev_request
+Disable virtual dev\-mode on next boot
+.TP
+ecfw_act
+Active EC firmware
+.TP
+fmap_base
+Main firmware flashmap physical address
+.TP
+fwb_tries
+Try firmware B count (writable)
+.TP
+fw_vboot2
+1 if firmware was selected by vboot2 or 0 otherwise
+.TP
+fwid
+Active firmware ID
+.TP
+fwupdate_tries
+Times to try OS firmware update (writable, inside kern_nv)
+.TP
+fw_tried
+Firmware tried this boot (vboot2)
+.TP
+fw_try_count
+Number of times to try fw_try_next (writable)
+.TP
+fw_try_next
+Firmware to try next (vboot2,writable)
+.TP
+fw_result
+Firmware result this boot (vboot2,writable)
+.TP
+fw_prev_tried
+Firmware tried on previous boot (vboot2)
+.TP
+fw_prev_result
+Firmware result of previous boot (vboot2)
+.TP
+hwid
+Hardware ID
+.TP
+kern_nv
+Non\-volatile field for kernel use
+.TP
+kernkey_vfy
+Type of verification done on kernel key block
+.TP
+loc_idx
+Localization index for firmware screens (writable)
+.TP
+mainfw_act
+Active main firmware
+.TP
+mainfw_type
+Active main firmware type
+.TP
+nvram_cleared
+Have NV settings been lost? Write 0 to clear
+.TP
+oprom_needed
+Should we load the VGA Option ROM at boot?
+.TP
+recovery_reason
+Recovery mode reason for current boot
+.TP
+recovery_request
+Recovery mode request (writable)
+.TP
+recovery_subcode
+Recovery reason subcode (writable)
+.TP
+recoverysw_boot
+Recovery switch position at boot
+.TP
+recoverysw_cur
+Recovery switch current position
+.TP
+recoverysw_ec_boot
+Recovery switch position at EC boot
+.TP
+ro_fwid
+Read\-only firmware ID
+.TP
+sw_wpsw_boot
+Firmware write protect software setting enabled at boot (Baytrail only)
+.TP
+tpm_attack
+TPM was interrupted since this flag was cleared
+.TP
+tpm_fwver
+Firmware version stored in TPM
+.TP
+tpm_kernver
+Kernel version stored in TPM
+.TP
+tpm_rebooted
+TPM requesting repeated reboot (vboot2)
+.TP
+try_ro_sync
+try read only software sync
+.TP
+tried_fwb
+Tried firmware B before A this boot
+.TP
+vdat_flags
+Flags from VbSharedData
+.TP
+vdat_lfdebug
+LoadFirmware() debug data (not in print\-all)
+.TP
+vdat_lkdebug
+LoadKernel() debug data (not in print\-all)
+.TP
+vdat_timers
+Timer values from VbSharedData
+.TP
+wipeout_request
+Firmware requested factory reset (wipeout)
+.TP
+wpsw_boot
+Firmware write protect hardware switch position at boot
+.TP
+wpsw_cur
+Firmware write protect hardware switch current position
+.SH "SEE ALSO"
+The full documentation for
+.B crossystem
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B crossystem
+programs are properly installed at your site, the command
+.IP
+.B info crossystem
+.PP
+should give you access to the complete manual.
--- /dev/null
+.TH FUTILITY "1" "May 2016" "futility " "User Commands"
+.SH NAME
+futility \- Unified firmware utility
+.SH SYNOPSIS
+.B futility
+[\fI\,options\/\fR] \fI\,COMMAND \/\fR[\fI\,args\/\fR...]
+.SH DESCRIPTION
+futility is the unified firmware utility, which will eventually replace
+most of the distinct verified boot tools formerly produced by the
+vboot_reference package.
+.PP
+When symlinked under the name of one of those previous tools, it should
+fully implement the original behavior. It can also be invoked directly
+as futility, followed by the original name as the first argument.
+.PP
+Global options:
+.TP
+\fB\-\-vb1\fR
+Use only vboot v1.0 binary formats
+.TP
+\fB\-\-vb21\fR
+Use only vboot v2.1 binary formats
+.TP
+\fB\-\-debug\fR
+Be noisy about what's going on
+.PP
+The following commands are built\-in:
+.TP
+create
+Create a keypair from an RSA .pem file
+.TP
+dump_fmap
+Display FMAP contents from a firmware image
+.TP
+dump_kernel_config
+Prints the kernel command line
+.TP
+gbb_utility
+Manipulate the Google Binary Block (GBB)
+.TP
+help
+Show a bit of help (you're looking at it)
+.TP
+load_fmap
+Replace the contents of specified FMAP areas
+.TP
+pcr
+Simulate a TPM PCR extension operation
+.TP
+show
+Display the content of various binary components
+.TP
+sign
+Sign / resign various binary components
+.TP
+vbutil_firmware
+Verified boot firmware utility
+.TP
+vbutil_kernel
+Creates, signs, and verifies the kernel partition
+.TP
+vbutil_key
+Wraps RSA keys with vboot headers
+.TP
+vbutil_keyblock
+Creates, signs, and verifies a keyblock
+.TP
+verify
+Verify the signatures of various binary components
+.TP
+version
+Show the futility source revision and build date
+.PP
+Use "futility help COMMAND" for more information.
+.PP
+Usage: futility [options] COMMAND [args...]
+.PP
+This is the unified firmware utility, which will eventually replace
+most of the distinct verified boot tools formerly produced by the
+vboot_reference package.
+.PP
+When symlinked under the name of one of those previous tools, it should
+fully implement the original behavior. It can also be invoked directly
+as futility, followed by the original name as the first argument.
+.PP
+Global options:
+.TP
+\fB\-\-vb1\fR
+Use only vboot v1.0 binary formats
+.TP
+\fB\-\-vb21\fR
+Use only vboot v2.1 binary formats
+.TP
+\fB\-\-debug\fR
+Be noisy about what's going on
+.PP
+The following commands are built\-in:
+.TP
+create
+Create a keypair from an RSA .pem file
+.TP
+dump_fmap
+Display FMAP contents from a firmware image
+.TP
+dump_kernel_config
+Prints the kernel command line
+.TP
+gbb_utility
+Manipulate the Google Binary Block (GBB)
+.TP
+help
+Show a bit of help (you're looking at it)
+.TP
+load_fmap
+Replace the contents of specified FMAP areas
+.TP
+pcr
+Simulate a TPM PCR extension operation
+.TP
+show
+Display the content of various binary components
+.TP
+sign
+Sign / resign various binary components
+.TP
+vbutil_firmware
+Verified boot firmware utility
+.TP
+vbutil_kernel
+Creates, signs, and verifies the kernel partition
+.TP
+vbutil_key
+Wraps RSA keys with vboot headers
+.TP
+vbutil_keyblock
+Creates, signs, and verifies a keyblock
+.TP
+verify
+Verify the signatures of various binary components
+.TP
+version
+Show the futility source revision and build date
+.PP
+Use "futility help COMMAND" for more information.
+.SH "SEE ALSO"
+The full documentation for
+.B futility
+is maintained as a Texinfo manual. If the
+.B info
+and
+.B futility
+programs are properly installed at your site, the command
+.IP
+.B info futility
+.PP
+should give you access to the complete manual.
--- /dev/null
+.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4.
+.TH VBUTIL_KERNEL "1" "May 2016" "vbutil_kernel " "User Commands"
+.SH NAME
+vbutil_kernel \- Utility to sign custom kernels to boot with Chrome OS devices
+.SH SYNOPSIS
+.B futility
+\fI\,/usr/bin/vbutil_kernel --pack <file> \/\fR[\fI\,PARAMETERS\/\fR]
+.SH DESCRIPTION
+.IP
+Required parameters:
+.TP
+\fB\-\-keyblock\fR <file>
+Key block in .keyblock format
+.TP
+\fB\-\-signprivate\fR <file>
+Private key to sign kernel data,
+in .vbprivk format
+.TP
+\fB\-\-version\fR <number>
+Kernel version
+.TP
+\fB\-\-vmlinuz\fR <file>
+Linux kernel bzImage file
+.TP
+\fB\-\-bootloader\fR <file>
+Bootloader stub
+.TP
+\fB\-\-config\fR <file>
+Command line file
+.TP
+\fB\-\-arch\fR <arch>
+Cpu architecture (default x86)
+.IP
+Optional:
+.TP
+\fB\-\-kloadaddr\fR <address>
+Assign kernel body load address
+.TP
+\fB\-\-pad\fR <number>
+Verification padding size in bytes
+.TP
+\fB\-\-vblockonly\fR
+Emit just the verification blob
+.TP
+\fB\-\-flags\fR NUM
+Flags to be passed in the header
+.PP
+OR
+.PP
+Usage: futility \fI\,/usr/bin/vbutil_kernel\/\fP \fB\-\-repack\fR <file>
+[PARAMETERS]
+.IP
+Required parameters:
+.TP
+\fB\-\-signprivate\fR <file>
+Private key to sign kernel data,
+in .vbprivk format
+.TP
+\fB\-\-oldblob\fR <file>
+Previously packed kernel blob
+(including verification blob)
+.IP
+Optional:
+.TP
+\fB\-\-keyblock\fR <file>
+Key block in .keyblock format
+.TP
+\fB\-\-config\fR <file>
+New command line file
+.TP
+\fB\-\-version\fR <number>
+Kernel version
+.TP
+\fB\-\-kloadaddr\fR <address>
+Assign kernel body load address
+.TP
+\fB\-\-pad\fR <number>
+Verification blob size in bytes
+.TP
+\fB\-\-vblockonly\fR
+Emit just the verification blob
+.PP
+OR
+.PP
+Usage: futility \fI\,/usr/bin/vbutil_kernel\/\fP \fB\-\-verify\fR <file>
+[PARAMETERS]
+.IP
+Optional:
+.TP
+\fB\-\-signpubkey\fR <file>
+Public key to verify kernel keyblock,
+in .vbpubk format
+.TP
+\fB\-\-verbose\fR
+Print a more detailed report
+.TP
+\fB\-\-keyblock\fR <file>
+Outputs the verified key block,
+in .keyblock format
+.TP
+\fB\-\-pad\fR <number>
+Verification padding size in bytes
+.TP
+\fB\-\-minversion\fR <number>
+Minimum combined kernel key version
+.PP
+OR
+.PP
+Usage: futility \fI\,/usr/bin/vbutil_kernel\/\fP \fB\-\-get\-vmlinuz\fR
+<file> [PARAMETERS]
+.IP
+Required parameters:
+.TP
+\fB\-\-vmlinuz\-out\fR <file>
+vmlinuz image output file
+.PP
+Usage: futility \fI\,/usr/bin/vbutil_kernel\/\fP \fB\-\-pack\fR <file>
+[PARAMETERS]
+.IP
+Required parameters:
+.TP
+\fB\-\-keyblock\fR <file>
+Key block in .keyblock format
+.TP
+\fB\-\-signprivate\fR <file>
+Private key to sign kernel data,
+in .vbprivk format
+.TP
+\fB\-\-version\fR <number>
+Kernel version
+.TP
+\fB\-\-vmlinuz\fR <file>
+Linux kernel bzImage file
+.TP
+\fB\-\-bootloader\fR <file>
+Bootloader stub
+.TP
+\fB\-\-config\fR <file>
+Command line file
+.TP
+\fB\-\-arch\fR <arch>
+Cpu architecture (default x86)
+.IP
+Optional:
+.TP
+\fB\-\-kloadaddr\fR <address>
+Assign kernel body load address
+.TP
+\fB\-\-pad\fR <number>
+Verification padding size in bytes
+.TP
+\fB\-\-vblockonly\fR
+Emit just the verification blob
+.TP
+\fB\-\-flags\fR NUM
+Flags to be passed in the header
+.PP
+OR
+.PP
+Usage: futility \fI\,/usr/bin/vbutil_kernel\/\fP \fB\-\-repack\fR <file>
+[PARAMETERS]
+.IP
+Required parameters:
+.TP
+\fB\-\-signprivate\fR <file>
+Private key to sign kernel data,
+in .vbprivk format
+.TP
+\fB\-\-oldblob\fR <file>
+Previously packed kernel blob
+(including verification blob)
+.IP
+Optional:
+.TP
+\fB\-\-keyblock\fR <file>
+Key block in .keyblock format
+.TP
+\fB\-\-config\fR <file>
+New command line file
+.TP
+\fB\-\-version\fR <number>
+Kernel version
+.TP
+\fB\-\-kloadaddr\fR <address>
+Assign kernel body load address
+.TP
+\fB\-\-pad\fR <number>
+Verification blob size in bytes
+.TP
+\fB\-\-vblockonly\fR
+Emit just the verification blob
+.PP
+OR
+.PP
+Usage: futility \fI\,/usr/bin/vbutil_kernel\/\fP \fB\-\-verify\fR <file>
+[PARAMETERS]
+.IP
+Optional:
+.TP
+\fB\-\-signpubkey\fR <file>
+Public key to verify kernel keyblock,
+in .vbpubk format
+.TP
+\fB\-\-verbose\fR
+Print a more detailed report
+.TP
+\fB\-\-keyblock\fR <file>
+Outputs the verified key block,
+in .keyblock format
+.TP
+\fB\-\-pad\fR <number>
+Verification padding size in bytes
+.TP
+\fB\-\-minversion\fR <number>
+Minimum combined kernel key version
+.PP
+OR
+.PP
+Usage: futility \fI\,/usr/bin/vbutil_kernel\/\fP \fB\-\-get\-vmlinuz\fR
+<file> [PARAMETERS]
+.IP
+Required parameters:
+.TP
+\fB\-\-vmlinuz\-out\fR <file>
+vmlinuz image output file
+
--- /dev/null
+From: Shawn Landden <shawnlandden@gmail.com>
+Date: Mon, 10 Feb 2020 16:21:52 +0100
+Subject: Reduce `uname -m` down to what the build system
+
+Last-Update: 2013-01-28
+
+expects
+Last-Update: 2013-01-28
+---
+ Makefile | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/Makefile b/Makefile
+index 4f0dee4..218437f 100644
+--- a/Makefile
++++ b/Makefile
+@@ -86,6 +86,12 @@ endif
+
+ # Architecture detection
+ _machname := $(shell uname -m)
++ifneq (,$(findstring arm,${_machname}))
++ override _machname := arm
++endif
++ifneq (,$(findstring i686,${_machname}))
++ override _machname := x86
++endif
+ HOST_ARCH ?= ${_machname}
+
+ # ARCH and/or FIRMWARE_ARCH are defined by the Chromium OS ebuild.
--- /dev/null
+From: Marcin Juszkiewicz <marcin@juszkiewicz.com.pl>
+Date: Mon, 10 Feb 2020 16:21:52 +0100
+Subject: Add missing CPPFLAGS and LDFLAGS
+
+Origin: Debian
+Last-Update: 2020-10-27
+---
+ Makefile | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 218437f..acb379d 100644
+--- a/Makefile
++++ b/Makefile
+@@ -142,6 +142,7 @@ COMMON_FLAGS := -pipe ${WERROR} -Wall -Wstrict-prototypes -Wtype-limits \
+
+ # FIRMWARE_ARCH is defined if compiling for a firmware target
+ # (coreboot or depthcharge).
++CFLAGS += $(CPPFLAGS)
+ ifeq (${FIRMWARE_ARCH},arm)
+ CC ?= armv7a-cros-linux-gnueabihf-gcc
+ CFLAGS ?= -march=armv5 -fno-common -ffixed-r8 -mfloat-abi=hard -marm
+@@ -1137,11 +1138,11 @@ ${BUILD}/%: ${BUILD}/%.o ${OBJS} ${LIBS}
+
+ ${BUILD}/%.o: %.c
+ @${PRINTF} " CC $(subst ${BUILD}/,,$@)\n"
+- ${Q}${CC} ${CFLAGS} ${INCLUDES} -c -o $@ $<
++ ${Q}${CC} ${CFLAGS} ${LDFLAGS} ${INCLUDES} -c -o $@ $<
+
+ ${BUILD}/%.o: ${BUILD}/%.c
+ @${PRINTF} " CC $(subst ${BUILD}/,,$@)\n"
+- ${Q}${CC} ${CFLAGS} ${INCLUDES} -c -o $@ $<
++ ${Q}${CC} ${CFLAGS} ${LDFLAGS} ${INCLUDES} -c -o $@ $<
+
+ # ----------------------------------------------------------------------------
+ # Here are the special tweaks to the generic rules.
--- /dev/null
+From: Sophie Brun <sophie@freexian.com>
+Date: Mon, 10 Feb 2020 16:21:52 +0100
+Subject: Try to fix building on arm64
+
+Origin: https://bugs.kali.org/view.php?id=3172
+Last-Update: 2016-05-20
+
+Last-Update: 2016-05-20
+---
+ Makefile | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/Makefile b/Makefile
+index acb379d..6f13643 100644
+--- a/Makefile
++++ b/Makefile
+@@ -89,6 +89,9 @@ _machname := $(shell uname -m)
+ ifneq (,$(findstring arm,${_machname}))
+ override _machname := arm
+ endif
++ifneq (,$(findstring aarch64,${_machname}))
++ override _machname := arm
++endif
+ ifneq (,$(findstring i686,${_machname}))
+ override _machname := x86
+ endif
--- /dev/null
+From: Sophie Brun <sophie@freexian.com>
+Date: Mon, 10 Feb 2020 16:21:52 +0100
+Subject: Fix a spelling error
+
+Last-Update: 2017-11-14
+
+Last-Update: 2017-11-14
+---
+ futility/cmd_vbutil_kernel.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/futility/cmd_vbutil_kernel.c b/futility/cmd_vbutil_kernel.c
+index 7268bee..f4964f1 100644
+--- a/futility/cmd_vbutil_kernel.c
++++ b/futility/cmd_vbutil_kernel.c
+@@ -110,7 +110,7 @@ static const char usage[] =
+ " --signprivate <file> Private key to sign kernel data,\n"
+ " in .vbprivk format\n"
+ " --oldblob <file> Previously packed kernel blob\n"
+- " (including verfication blob)\n"
++ " (including verification blob)\n"
+ "\n"
+ " Optional:\n"
+ " --keyblock <file> Keyblock in .keyblock format\n"
--- /dev/null
+From: Sophie Brun <sophie@offensive-security.com>
+Date: Tue, 11 Feb 2020 17:02:17 +0100
+Subject: Add missing flags pie
+
+Last-Update: 2022-02-11
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 85e36a8..c75c10f 100644
+--- a/Makefile
++++ b/Makefile
+@@ -181,7 +181,7 @@ COMMON_FLAGS += $(call test_ccflag,-Wno-address-of-packed-member)
+ COMMON_FLAGS += $(call test_ccflag,-Wno-unknown-warning)
+
+ # Needs -Wl because LD is actually set to CC by default.
+-LDFLAGS += -Wl,--gc-sections
++LDFLAGS += -Wl,--gc-sections -pie
+
+ ifneq ($(filter-out 0,${DEBUG})$(filter-out 0,${TEST_PRINT}),)
+ CFLAGS += -DVBOOT_DEBUG
--- /dev/null
+From: Sophie Brun <sophie@offensive-security.com>
+Date: Tue, 27 Oct 2020 11:41:16 +0100
+Subject: Avoid embedding user and time in version from getversion.sh
+
+Last-Update: 2020-10-27
+
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971400
+Author: Vagrant Cascadian <vagrant@reproducible-builds.org>
+
+The getversion.sh script embeds the build time and user who built the
+binary, which breaks reproducible builds:
+
+ https://reproducible-builds.org/
+
+Without this patch, "/usr/bin/futility" embeds differing information
+in the binary:
+
+ unknown 2020-09-17 07:53:52 pbuilder1 vs. unknown 2021-10-21 16:19:17 pbuilder2
+---
+ scripts/getversion.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/scripts/getversion.sh b/scripts/getversion.sh
+index a563007..a5ab63b 100755
+--- a/scripts/getversion.sh
++++ b/scripts/getversion.sh
+@@ -30,4 +30,4 @@ fi
+
+ date=$(date '+%F %T')
+
+-echo "const char futility_version[] = \"${ver} ${date} ${USER}\";";
++echo "const char futility_version[] = \"${ver}\";";
--- /dev/null
+From: Sophie Brun <sophie@offensive-security.com>
+Date: Tue, 11 Feb 2020 15:24:49 +0100
+Subject: Don't build with Werror in Debian
+
+Last-Update: 2020-02-11
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 6f13643..85e36a8 100644
+--- a/Makefile
++++ b/Makefile
+@@ -137,7 +137,7 @@ endif
+ DEBUG_FLAGS := $(if $(filter-out 0,${DEBUG}),-g -Og,-g -Os)
+ WERROR := -Werror
+ FIRMWARE_FLAGS := -nostdinc -ffreestanding -fno-builtin -fno-stack-protector
+-COMMON_FLAGS := -pipe ${WERROR} -Wall -Wstrict-prototypes -Wtype-limits \
++COMMON_FLAGS := -pipe -Wall -Wstrict-prototypes -Wtype-limits \
+ -Wundef -Wmissing-prototypes -Wno-trigraphs -Wredundant-decls -Wshadow \
+ -Wwrite-strings -Wstrict-aliasing -Wdate-time \
+ -ffunction-sections -fdata-sections \
--- /dev/null
+0002-reduce-uname-down.patch
+0006-add-CPPFLAGS-LDFLAGS.patch
+0008-fix-building-on-arm64.patch
+0012-fix-spelling-errors.patch
+dont-build-with-werror.patch
+add-missing-flags-pie.patch
+do-not-embed-user-and-time-in-version.patch
+treat-i386-as-x86.patch
--- /dev/null
+From: Vagrant Cascadian <vagrant@reproducible-builds.org>
+Date: Tue, 1 Dec 2020 09:55:46 +0100
+Subject: treat-i386-as-x86
+
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974863
+
+When building for i386 and running an amd64 kernel, the Makefile uses
+"uname -m" to determine the architecture, but this introduces variations
+depending on the kernel used to perform the build.
+---
+ Makefile | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/Makefile b/Makefile
+index c75c10f..8930eb0 100644
+--- a/Makefile
++++ b/Makefile
+@@ -95,6 +95,9 @@ endif
+ ifneq (,$(findstring i686,${_machname}))
+ override _machname := x86
+ endif
++ifneq (,$(findstring i386,${_machname}))
++ override _machname := x86
++endif
+ HOST_ARCH ?= ${_machname}
+
+ # ARCH and/or FIRMWARE_ARCH are defined by the Chromium OS ebuild.
--- /dev/null
+#!/usr/bin/make -f
+
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export CC = clang-13
+export _machname = $(DEB_HOST_ARCH)
+
+override_dh_auto_build:
+ dh_auto_build -- V=1
+
+override_dh_auto_install:
+ $(MAKE) V=1 DESTDIR=$$(pwd)/debian/vboot-utils install
+ mkdir -p $$(pwd)/debian/cgpt/usr/bin
+ mv -t $$(pwd)/debian/cgpt/usr/bin \
+ $$(pwd)/debian/vboot-utils/usr/bin/cgpt
+ mkdir -p $$(pwd)/debian/vboot-kernel-utils/usr/bin
+ mv -t $$(pwd)/debian/vboot-kernel-utils/usr/bin \
+ $$(pwd)/debian/vboot-utils/usr/bin/vbutil_kernel
+ mv -t $$(pwd)/debian/vboot-kernel-utils/usr/bin \
+ $$(pwd)/debian/vboot-utils/usr/bin/futility
+ # vboot_host.pc is useless without the static library (which
+ # we could install with "make install-dev" but we currently don't)
+ rm -f debian/vboot-utils/usr/lib/pkgconfig/vboot_host.pc
+ rmdir --ignore-fail-on-non-empty -p debian/vboot-utils/usr/lib/pkgconfig
+ rm -f debian/vboot-utils/usr/lib/libvboot_host.a
+
+override_dh_auto_test:
+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
+ make runtests V=1
+endif
+
+%:
+ dh $@
--- /dev/null
+3.0 (quilt)
--- /dev/null
+tests/devkeys /usr/share/vboot/
+tests/devkeys-acc /usr/share/vboot/
+tests/devkeys-pkc /usr/share/vboot/
--- /dev/null
+debian/manpages/futility.1
+debian/manpages/vbutil_kernel.1
--- /dev/null
+debian/manpages/crossystem.1
--- /dev/null
+version=4
+opts="downloadurlmangle=s|/\+/refs/heads/release-(.*)|/\+archive/refs/heads/release-$1\.tar\.gz|g,uversionmangle=s|^|0~|,filenamemangle=s|.*/release-(.*)$|vboot-utils-$1.tar.gz|" \
+https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+refs \
+ https://chromium.googlesource.com/chromiumos/platform/vboot_reference/\+/refs/heads/release-(.*)
projects / vboot-utils.git / commitdiff