* Build with clang 11 to avoid armv7 contamination.
* Disable testsuite.
[dgit import unpatched vboot-utils 0~R99-14469.B-1+rpi1]
--- /dev/null
--- /dev/null
++debian/manpages/cgpt.1
--- /dev/null
--- /dev/null
++vboot-utils (0~R99-14469.B-1+rpi1) bookworm-staging; urgency=medium
++
++ * Build with clang 11 to avoid armv7 contamination.
++ * Disable testsuite.
++
++ -- Peter Michael Green <plugwash@raspbian.org> Tue, 21 Jun 2022 09:42:25 +0000
++
++vboot-utils (0~R99-14469.B-1) unstable; urgency=medium
++
++ * New upstream version 0~R99-14469.B
++ * Refresh patches
++ * Update debian/copyright
++ * Add missing build-dep libflashrom-dev
++ * Upgrade to use llvm-toolchain-13 (Closes: #1000916)
++ * Bump Standards-Version to 4.6.0
++ * Use debhelper-compat 13
++
++ -- Sophie Brun <sophie@offensive-security.com> Mon, 14 Feb 2022 14:32:56 +0100
++
++vboot-utils (0~R88-13597.B-1) unstable; urgency=medium
++
++ [ Sophie Brun ]
++ * Add a patch to fix reproducible build (Closes: #974863)
++ * Upgrade to clang-11 (Closes: #974776)
++ * Bump Standards-Version to 4.5.1 (no changes)
++ * Use version=4 in debian/watch
++ * New upstream version 0~R88-13597.B
++ * Refresh patches
++
++ [ Raphael Hertzog ]
++ * Use libfuzzer-11-dev instead of libfuzzer-10-dev
++
++ -- Sophie Brun <sophie@offensive-security.com> Tue, 01 Dec 2020 10:59:21 +0100
++
++vboot-utils (0~R87-13505.B-1) unstable; urgency=medium
++
++ * New upstream version 0~R87-13505.B
++ * Refresh patches
++ * Add a patch to not embed user and time in version (Closes: #971400)
++ * Switch to clang 10 (Closes: #971402)
++ * Remove override_dh_fixperms no longer needed
++ * Update installation for new upstream release
++
++ -- Sophie Brun <sophie@offensive-security.com> Tue, 27 Oct 2020 21:01:46 +0100
++
++vboot-utils (0~R81-12871.B-1) unstable; urgency=medium
++
++ * Update debian/watch
++ * New upstream version 0~R81-12871.B
++ * Refresh patches
++ * Build with clang and libfuzzer
++ * d/rules: remove futility_s mention (no longer exists)
++ * Add a patch to remove -Werror flag
++ * Use debhelper-compat 12
++ * Remove useless python in build-dep (Closes: #938769)
++ * Add missing build-dep bc required for tests
++ * Update debian/copyright
++ * Add missing flags pie
++ * Bump Standards-Version to 4.5.0
++
++ -- Sophie Brun <sophie@offensive-security.com> Wed, 12 Feb 2020 15:14:54 +0100
++
++vboot-utils (0~R63-10032.B-3) unstable; urgency=medium
++
++ * Move git repository to salsa.debian.org.
++ * Make build logs verbose to include the full command line.
++ * Protect dh_override_auto_test with check of nocheck in DEB_BUILD_OPTIONS.
++ * Bump Standards-Version to 4.1.3.
++ * Update my name in Uploaders.
++
++ -- Raphaël Hertzog <hertzog@debian.org> Tue, 06 Feb 2018 16:29:11 +0100
++
++vboot-utils (0~R63-10032.B-2) unstable; urgency=medium
++
++ * Add a patch to fix futility bdb on 32 bits architectures (Closes: #881997)
++
++ -- Sophie Brun <sophie@freexian.com> Mon, 20 Nov 2017 14:19:32 +0100
++
++vboot-utils (0~R63-10032.B-1) unstable; urgency=medium
++
++ * Fix debian/watch
++ * New upstream version 0~R63-10032.B
++ * Build against openssl 1.1 (Closes: #835801)
++ * Remove useless patch 0001-use-zu-as-appropriate-for-size_t (fixed
++ upstream)
++ * Update debian/copyright
++ * Remove useless patch 0009-drop-failing-test.patch
++ * Add a patch to fix failing tests-show-contents
++ * Bump Standards-version to 4.1.1: update Priority to optional, use https
++ * Fix perms for usr/share/vboot/bin/common_minimal.sh
++
++ -- Sophie Brun <sophie@freexian.com> Thu, 16 Nov 2017 09:21:28 +0100
++
++vboot-utils (0~R52-8350.B-2) unstable; urgency=medium
++
++ * Add missing build-depends: libssl1.0-dev. Keep using libssl 1.0 as
++ upstream didn't update code for libssl 1.1 and changes are involved
++ (Closes: #835801)
++ * Drop useless build-depends: libtspi-dev
++
++ -- Sophie Brun <sophie@freexian.com> Fri, 02 Sep 2016 15:09:03 +0200
++
++vboot-utils (0~R52-8350.B-1) unstable; urgency=medium
++
++ [ Sophie Brun ]
++ * Import new upstream release (Closes: #828592)
++ * Taking over with Antonio's permission (Closes: #798556)
++ * Update patches: 0001-use-zu-as-appropriate-for-size_t.patch,
++ 0002-reduce-uname-down.patch, 0003-do-not-do-static-linking.patch,
++ 0004-skip-test-workbuf.patch, 0005-remove-Werror.patch,
++ 0006-add-CPPFLAGS-LDFLAGS.patch
++ * Update the installation: futility program is now in vboot-kernel-utils
++ * Update the manual pages (Closes: #735296)
++ * Add patches to fix installation: 0007-fix-install-vboot_reference.patch,
++ 0010-change-install-directory-scripts.patch
++ * Add a patch to try to fix build on arm64
++ * Add a patch to drop a failing test
++ * Add debian/watch
++
++ [ Raphaël Hertzog ]
++ * Don't override dh_builddeb to force xz compression, it's the default
++ nowadays.
++ * Drop vboot_host.pc as we don't install the associated static library.
++ * Use https URL in Vcs-Browser.
++ * Drop build dependency on dpkg-dev as versioned dependency is satisfied in
++ oldstable (wheezy) and all newer releases.
++
++ -- Sophie Brun <sophie@freexian.com> Mon, 23 May 2016 10:55:20 +0200
++
++vboot-utils (0~20121212-3) unstable; urgency=low
++
++ * Added patch to make use that CPPFLAGS and LDFLAGS are used.
++
++ -- Marcin Juszkiewicz <marcin@juszkiewicz.com.pl> Tue, 04 Jun 2013 22:26:58 +0200
++
++vboot-utils (0~20121212-2) unstable; urgency=low
++
++ * bumped debhelper to v9 to get hardening support
++ * fixed lintian warnings
++ * updated manpages
++ * fixed copyright Files: entries
++ * updated Standards-Version to 3.9.4 (no changes)
++ * enlarged vboot-kernel-utils description a bit
++ * fixed Vcs links
++ * Merged few changes from Shawn Landden repo:
++ * Tests are now run after build.
++ * Added manpages for cgpt, crossystem vbutil_kernel.
++ * Added openssl, python, realpath to build dependencies - tests
++ requirements.
++
++ -- Marcin Juszkiewicz <marcin@juszkiewicz.com.pl> Tue, 12 Mar 2013 22:07:17 +0800
++
++vboot-utils (0~20121212-1) unstable; urgency=low
++
++ [ Antonio Terceiro ]
++ * Initial release.
++ * Added patches to:
++ - build utilities as shared binaries
++ - Fix build on armhf by removing -Werror from build flags
++
++ [ Marcin Juszkiewicz ]
++ * Added patch to build cgpt as shared binary.
++
++ -- Antonio Terceiro <terceiro@debian.org> Sun, 16 Dec 2012 11:03:40 -0300
--- /dev/null
--- /dev/null
++Source: vboot-utils
++Section: admin
++Priority: optional
++Maintainer: Sophie Brun <sophie@offensive-security.com>
++Uploaders: Raphaël Hertzog <raphael@offensive-security.com>
++Build-Depends: debhelper-compat (= 13),
++ clang-11,
++ libflashrom-dev,
++ libfuzzer-11-dev,
++ liblzma-dev,
++ libssl-dev,
++ libyaml-dev,
++ pkg-config,
++ uuid-dev,
++# tests/subprocess_tests.c
++ bc,
++# tests/external_rsa_signer.sh
++ openssl
++Standards-Version: 4.6.0
++Vcs-Git: https://salsa.debian.org/debian/vboot-utils.git
++Vcs-Browser: https://salsa.debian.org/debian/vboot-utils
++Homepage: https://chromium.googlesource.com/chromiumos/platform/vboot_reference
++
++Package: vboot-utils
++Architecture: amd64 arm64 armel armhf i386
++Multi-Arch: foreign
++Depends: vboot-kernel-utils, ${misc:Depends}, ${shlibs:Depends}
++Recommends: cgpt
++Pre-Depends: ${misc:Pre-Depends}
++Description: Chrome OS verified u-boot utilities
++ This package contains a set of tools to deal with Chromebook internals,
++ and the verified version of u-boot. Namely:
++ bmpblk_font bmpblk_utility chromeos-tpm-recovery crossystem dev_debug_vboot
++ dev_make_keypair dumpRSAPublicKey eficompress efidecompress enable_dev_usb_boot
++ load_kernel_test pad_digest_utility signature_digest_utility tpm-nvsize
++ tpm_init_temp_fix tpmc vbutil_what_key verify_data.
++ .
++ The programs previously included in this package: dump_fmap dump_kernel_config
++ futility gbb_utility vbutil_firmware vbutil_key vbutil_keyblock, are now
++ grouped in the futility program in the package vboot-kernel-utils.
++ .
++ Most users don't need this package, and should look for the cgpt and
++ vboot-kernel-utils packages instead.
++
++Package: cgpt
++Provides: crossystem
++Architecture: amd64 arm64 armel armhf i386
++Multi-Arch: foreign
++Depends: ${misc:Depends}, ${shlibs:Depends}
++Pre-Depends: ${misc:Pre-Depends}
++Description: GPT manipulation tool with support for Chromium OS extensions
++ Cgpt is a tool to manipulate GUID Partition Table from command line. It also
++ supports Chromium OS extensions enabling you to change priority for kernel
++ partitions.
++
++Package: vboot-kernel-utils
++Architecture: amd64 arm64 armel armhf i386
++Depends: ${misc:Depends}, ${shlibs:Depends}
++Pre-Depends: ${misc:Pre-Depends}
++Description: Chrome OS verified boot utils required to sign kernels
++ This package provides the futility program (including the vbutil_kernel
++ program required to sign custom kernels in order to get them booted by Chrome
++ OS devices (i.e. Chromebooks)).
--- /dev/null
--- /dev/null
++Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
++Upstream-Name: vboot-reference
++Source: https://chromium.googlesource.com/chromiumos/platform/vboot_reference/
++
++Files: *
++Copyright: (c) 2010-2021 The Chromium OS Authors. All rights reserved.
++License: BSD-3-clause
++
++Files: firmware/lib/cgptlib/crc32.c
++Copyright: (C) 1986 Gary S. Brown.
++License: other
++ You may use this program, or code or tables extracted from it, as desired
++ without restriction.
++
++Files: firmware/2lib/2sha256.c firmware/2lib/2sha512.c
++Copyright: (C) 2005, 2007 Olivier Gay <olivier.gay@a3.epfl.ch>
++License: BSD-3-clause
++
++Files: scripts/image_signing/lib/shflags/shflags
++Copyright: Copyright 2008 Kate Ward. All Rights Reserved.
++License: LGPL-2.1
++ This library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License version 2.1 as published by the Free Software Foundation.
++ .
++ This library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++ .
++ You should have received a copy of the GNU Lesser General Public
++ License along with this library; if not, see <http://www.gnu.org/licenses/>
++ .
++ On Debian systems, the complete text of the GNU Lesser General
++ Public License version 2.1 can be found in
++ "/usr/share/common-licenses/LGPL-2.1".
++
++Files: debian/*
++Copyright: 2012 Antonio Terceiro <terceiro@debian.org>
++ 2012 Marcin Juszkiewicz <marcin@juszkiewicz.com.pl>
++ 2020-2022 Sophie Brun <sophie@offensive-security.com>
++License: BSD-3-clause
++
++License: BSD-3-clause
++ All rights reserved.
++ .
++ Redistribution and use in source and binary forms, with or without
++ modification, are permitted provided that the following conditions are
++ met:
++ .
++ 1. Redistributions of source code must retain the above copyright
++ notice, this list of conditions and the following disclaimer.
++ 2. Redistributions in binary form must reproduce the above
++ copyright notice, this list of conditions and the following disclaimer
++ in the documentation and/or other materials provided with the
++ distribution.
++ 3. Neither the name of Google Inc. nor the names of its
++ contributors may be used to endorse or promote products derived from
++ this software without specific prior written permission.
++ .
++ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
++ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
++ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
++ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
++ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
++ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
++ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- /dev/null
--- /dev/null
++README
--- /dev/null
--- /dev/null
++\" TROFF Macro Summary: http://www.fileformat.info/info/man-pages/macro.htm
++
++.TH CGPT "1" "January 2014" "cgpt " "System Administration Commands"
++
++.SH NAME
++cgpt \- Utility to manipulate GPT partitions with Chromium OS extensions
++
++.SH SYNOPSIS
++.B cgpt
++\fICOMMAND\fR
++[\fIOPTIONS\fR]
++\fIDRIVE\fR
++
++.SH DESCRIPTION
++Cgpt is a tool to manipulate a GUID Partition Table from the command line. Although several other utilities exist for the same basic purpose \- some with more features and a captive user interface \- cgpt is unique in that it also supports Chromium OS extensions. These extensions are not generally useful; they are specific to the u-boot firmware found on some Chromebooks. They may be used to change priority for kernel partitions and give other hints to u-boot Chromebook firmware. Use this utility only to manipulate a partition table for compatible Chromebooks.
++
++.SH COMMANDS
++Each action performed by this program \- with the notable exception of the \fI\-h\fR \fIOPTION\fR \- is initiated by a command which tells cgpt the type of operation to perform. All available commands are described below.
++
++.IP \fBcreate\fR
++Create or reset GPT headers and tables.
++
++.IP \fBadd\fR
++Add, edit, or remove a partition entry.
++
++.IP \fBshow\fR
++Show the partition table and entries.
++
++.IP \fBrepair\fR
++Repair damaged GPT headers and tables.
++
++.IP \fBboot\fR
++Edit the PMBR sector for legacy BIOSes.
++
++If no \fIBOOT OPTIONS\fR are specified, this command will just print the PMBR boot GUID.
++
++.IP \fBfind\fR
++Find a partition by its GUID.
++
++If no \fIDRIVE\fR is specified, this command will scan all physical drives for a match.
++
++.IP \fBprioritize\fR
++Reorder the priority of all ChromeOS kernel partitions.
++
++If no options are specified, this command will set the lowest active kernel to priority 1 while maintaining the original order.
++
++.IP \fBlegacy\fR
++Switch between GPT and Legacy GPT.
++
++.SH GENERAL\ OPTIONS
++The options described in this section apply to every \fICOMMAND\fR supported by this program.
++
++.IP \fB-h\fR
++For more detailed usage, use \fBcgpt\fR \fICOMMAND\fR \fI-h\fR
++
++.SH EXAMPLES
++The following examples demonstrate valid syntax only. It is up to you to interpret them based on the documentation in this manual.
++
++\fBcgpt\fR \fIshow\fR /dev/mmcblk0
++.br
++\fBcgpt\fR \fIcreate\fR /dev/mmcblk0
++.br
++\fBcgpt\fR \fIadd\fR \fI-i\fR 2 \fI-S\fR 1 \fI-T\fR 15 \fI-P\fR 15 /dev/mmcblk0
++.br
++\fBcgpt\fR \fIadd\fR \fI-i\fR 1 \fI-t\fR data \fI-l\fR "STATE" /dev/mmcblk0
++.br
++\fBcgpt\fR \fIadd\fR \fI-i\fR 2 \fI-t\fR kernel \fI-l\fR "KERN-A" /dev/mmcblk0
++.br
++\fBcgpt\fR \fIadd\fR \fI-i\fR 3 \fI-t\fR rootfs \fI-l\fR "ROOT-A" /dev/mmcblk0
++
++.SH AUTHOR
++This manual page was written by Karl Lenz <xorangekiller@gmail.com> for the Debian project (but may be used by others).
++
++.SH COPYRIGHT
++Cgpt is copyright 2010-2013, The Chromium OS Authors
++.br
++This manual page is copyright 2014, Karl Lenz
++
++Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.
++
++Cgpt is provided "as is" with no warranty. The exact terms under which you may use and (re)distribute this program are detailed in the BSD 3-Clause License, which is distributed with this program in the LICENSE file. On Debian systems, the complete text of the BSD 3-Clause License can be found in /usr/share/common-licenses/BSD.
++
++.SH SEE\ ALSO
++.BR parted (8),
++.BR gdisk (8),
++.BR gptsync (8)
--- /dev/null
--- /dev/null
++.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4.
++.TH CROSSYSTEM "1" "July 2016" "crossystem " "User Commands"
++.SH NAME
++crossystem \- Chrome OS firmware/system interface utility
++.SH DESCRIPTION
++.SS "Usage:"
++.IP
++crossystem [\-\-all]
++.IP
++Prints all parameters with descriptions and current values.
++If \fB\-\-all\fR is specified, prints even normally hidden fields.
++.IP
++crossystem [param1 [param2 [...]]]
++.IP
++Prints the current value(s) of the parameter(s).
++.IP
++crossystem [param1=value1] [param2=value2 [...]]]
++.IP
++Sets the parameter(s) to the specified value(s).
++.IP
++crossystem [param1?value1] [param2?value2 [...]]]
++.IP
++Checks if the parameter(s) all contain the specified value(s).
++.PP
++Stops at the first error.
++Valid parameters:
++.TP
++arch
++Platform architecture
++.TP
++backup_nvram_request
++Backup the nvram somewhere at the next boot. Cleared on success.
++.TP
++battery_cutoff_request
++Cut off battery and shutdown on next boot.
++.TP
++block_devmode
++Block all use of developer mode
++.TP
++clear_tpm_owner_request
++Clear TPM owner on next boot
++.TP
++clear_tpm_owner_done
++Clear TPM owner done
++.TP
++cros_debug
++OS should allow debug features
++.TP
++dbg_reset
++Debug reset mode request (writable)
++.TP
++debug_build
++OS image built for debug features
++.TP
++dev_boot_usb
++Enable developer mode boot from USB/SD (writable)
++.TP
++dev_boot_legacy
++Enable developer mode boot Legacy OSes (writable)
++.TP
++dev_boot_signed_only
++Enable developer mode boot only from official kernels (writable)
++.TP
++dev_default_boot
++default boot from legacy or usb (writable)
++.TP
++devsw_boot
++Developer switch position at boot
++.TP
++devsw_cur
++Developer switch current position
++.TP
++disable_dev_request
++Disable virtual dev\-mode on next boot
++.TP
++ecfw_act
++Active EC firmware
++.TP
++fmap_base
++Main firmware flashmap physical address
++.TP
++fwb_tries
++Try firmware B count (writable)
++.TP
++fw_vboot2
++1 if firmware was selected by vboot2 or 0 otherwise
++.TP
++fwid
++Active firmware ID
++.TP
++fwupdate_tries
++Times to try OS firmware update (writable, inside kern_nv)
++.TP
++fw_tried
++Firmware tried this boot (vboot2)
++.TP
++fw_try_count
++Number of times to try fw_try_next (writable)
++.TP
++fw_try_next
++Firmware to try next (vboot2,writable)
++.TP
++fw_result
++Firmware result this boot (vboot2,writable)
++.TP
++fw_prev_tried
++Firmware tried on previous boot (vboot2)
++.TP
++fw_prev_result
++Firmware result of previous boot (vboot2)
++.TP
++hwid
++Hardware ID
++.TP
++kern_nv
++Non\-volatile field for kernel use
++.TP
++kernkey_vfy
++Type of verification done on kernel key block
++.TP
++loc_idx
++Localization index for firmware screens (writable)
++.TP
++mainfw_act
++Active main firmware
++.TP
++mainfw_type
++Active main firmware type
++.TP
++nvram_cleared
++Have NV settings been lost? Write 0 to clear
++.TP
++oprom_needed
++Should we load the VGA Option ROM at boot?
++.TP
++recovery_reason
++Recovery mode reason for current boot
++.TP
++recovery_request
++Recovery mode request (writable)
++.TP
++recovery_subcode
++Recovery reason subcode (writable)
++.TP
++recoverysw_boot
++Recovery switch position at boot
++.TP
++recoverysw_cur
++Recovery switch current position
++.TP
++recoverysw_ec_boot
++Recovery switch position at EC boot
++.TP
++ro_fwid
++Read\-only firmware ID
++.TP
++sw_wpsw_boot
++Firmware write protect software setting enabled at boot (Baytrail only)
++.TP
++tpm_attack
++TPM was interrupted since this flag was cleared
++.TP
++tpm_fwver
++Firmware version stored in TPM
++.TP
++tpm_kernver
++Kernel version stored in TPM
++.TP
++tpm_rebooted
++TPM requesting repeated reboot (vboot2)
++.TP
++try_ro_sync
++try read only software sync
++.TP
++tried_fwb
++Tried firmware B before A this boot
++.TP
++vdat_flags
++Flags from VbSharedData
++.TP
++vdat_lfdebug
++LoadFirmware() debug data (not in print\-all)
++.TP
++vdat_lkdebug
++LoadKernel() debug data (not in print\-all)
++.TP
++vdat_timers
++Timer values from VbSharedData
++.TP
++wipeout_request
++Firmware requested factory reset (wipeout)
++.TP
++wpsw_boot
++Firmware write protect hardware switch position at boot
++.TP
++wpsw_cur
++Firmware write protect hardware switch current position
++.SH "SEE ALSO"
++The full documentation for
++.B crossystem
++is maintained as a Texinfo manual. If the
++.B info
++and
++.B crossystem
++programs are properly installed at your site, the command
++.IP
++.B info crossystem
++.PP
++should give you access to the complete manual.
--- /dev/null
--- /dev/null
++.TH FUTILITY "1" "May 2016" "futility " "User Commands"
++.SH NAME
++futility \- Unified firmware utility
++.SH SYNOPSIS
++.B futility
++[\fI\,options\/\fR] \fI\,COMMAND \/\fR[\fI\,args\/\fR...]
++.SH DESCRIPTION
++futility is the unified firmware utility, which will eventually replace
++most of the distinct verified boot tools formerly produced by the
++vboot_reference package.
++.PP
++When symlinked under the name of one of those previous tools, it should
++fully implement the original behavior. It can also be invoked directly
++as futility, followed by the original name as the first argument.
++.PP
++Global options:
++.TP
++\fB\-\-vb1\fR
++Use only vboot v1.0 binary formats
++.TP
++\fB\-\-vb21\fR
++Use only vboot v2.1 binary formats
++.TP
++\fB\-\-debug\fR
++Be noisy about what's going on
++.PP
++The following commands are built\-in:
++.TP
++create
++Create a keypair from an RSA .pem file
++.TP
++dump_fmap
++Display FMAP contents from a firmware image
++.TP
++dump_kernel_config
++Prints the kernel command line
++.TP
++gbb_utility
++Manipulate the Google Binary Block (GBB)
++.TP
++help
++Show a bit of help (you're looking at it)
++.TP
++load_fmap
++Replace the contents of specified FMAP areas
++.TP
++pcr
++Simulate a TPM PCR extension operation
++.TP
++show
++Display the content of various binary components
++.TP
++sign
++Sign / resign various binary components
++.TP
++vbutil_firmware
++Verified boot firmware utility
++.TP
++vbutil_kernel
++Creates, signs, and verifies the kernel partition
++.TP
++vbutil_key
++Wraps RSA keys with vboot headers
++.TP
++vbutil_keyblock
++Creates, signs, and verifies a keyblock
++.TP
++verify
++Verify the signatures of various binary components
++.TP
++version
++Show the futility source revision and build date
++.PP
++Use "futility help COMMAND" for more information.
++.PP
++Usage: futility [options] COMMAND [args...]
++.PP
++This is the unified firmware utility, which will eventually replace
++most of the distinct verified boot tools formerly produced by the
++vboot_reference package.
++.PP
++When symlinked under the name of one of those previous tools, it should
++fully implement the original behavior. It can also be invoked directly
++as futility, followed by the original name as the first argument.
++.PP
++Global options:
++.TP
++\fB\-\-vb1\fR
++Use only vboot v1.0 binary formats
++.TP
++\fB\-\-vb21\fR
++Use only vboot v2.1 binary formats
++.TP
++\fB\-\-debug\fR
++Be noisy about what's going on
++.PP
++The following commands are built\-in:
++.TP
++create
++Create a keypair from an RSA .pem file
++.TP
++dump_fmap
++Display FMAP contents from a firmware image
++.TP
++dump_kernel_config
++Prints the kernel command line
++.TP
++gbb_utility
++Manipulate the Google Binary Block (GBB)
++.TP
++help
++Show a bit of help (you're looking at it)
++.TP
++load_fmap
++Replace the contents of specified FMAP areas
++.TP
++pcr
++Simulate a TPM PCR extension operation
++.TP
++show
++Display the content of various binary components
++.TP
++sign
++Sign / resign various binary components
++.TP
++vbutil_firmware
++Verified boot firmware utility
++.TP
++vbutil_kernel
++Creates, signs, and verifies the kernel partition
++.TP
++vbutil_key
++Wraps RSA keys with vboot headers
++.TP
++vbutil_keyblock
++Creates, signs, and verifies a keyblock
++.TP
++verify
++Verify the signatures of various binary components
++.TP
++version
++Show the futility source revision and build date
++.PP
++Use "futility help COMMAND" for more information.
++.SH "SEE ALSO"
++The full documentation for
++.B futility
++is maintained as a Texinfo manual. If the
++.B info
++and
++.B futility
++programs are properly installed at your site, the command
++.IP
++.B info futility
++.PP
++should give you access to the complete manual.
--- /dev/null
--- /dev/null
++.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4.
++.TH VBUTIL_KERNEL "1" "May 2016" "vbutil_kernel " "User Commands"
++.SH NAME
++vbutil_kernel \- Utility to sign custom kernels to boot with Chrome OS devices
++.SH SYNOPSIS
++.B futility
++\fI\,/usr/bin/vbutil_kernel --pack <file> \/\fR[\fI\,PARAMETERS\/\fR]
++.SH DESCRIPTION
++.IP
++Required parameters:
++.TP
++\fB\-\-keyblock\fR <file>
++Key block in .keyblock format
++.TP
++\fB\-\-signprivate\fR <file>
++Private key to sign kernel data,
++in .vbprivk format
++.TP
++\fB\-\-version\fR <number>
++Kernel version
++.TP
++\fB\-\-vmlinuz\fR <file>
++Linux kernel bzImage file
++.TP
++\fB\-\-bootloader\fR <file>
++Bootloader stub
++.TP
++\fB\-\-config\fR <file>
++Command line file
++.TP
++\fB\-\-arch\fR <arch>
++Cpu architecture (default x86)
++.IP
++Optional:
++.TP
++\fB\-\-kloadaddr\fR <address>
++Assign kernel body load address
++.TP
++\fB\-\-pad\fR <number>
++Verification padding size in bytes
++.TP
++\fB\-\-vblockonly\fR
++Emit just the verification blob
++.TP
++\fB\-\-flags\fR NUM
++Flags to be passed in the header
++.PP
++OR
++.PP
++Usage: futility \fI\,/usr/bin/vbutil_kernel\/\fP \fB\-\-repack\fR <file>
++[PARAMETERS]
++.IP
++Required parameters:
++.TP
++\fB\-\-signprivate\fR <file>
++Private key to sign kernel data,
++in .vbprivk format
++.TP
++\fB\-\-oldblob\fR <file>
++Previously packed kernel blob
++(including verification blob)
++.IP
++Optional:
++.TP
++\fB\-\-keyblock\fR <file>
++Key block in .keyblock format
++.TP
++\fB\-\-config\fR <file>
++New command line file
++.TP
++\fB\-\-version\fR <number>
++Kernel version
++.TP
++\fB\-\-kloadaddr\fR <address>
++Assign kernel body load address
++.TP
++\fB\-\-pad\fR <number>
++Verification blob size in bytes
++.TP
++\fB\-\-vblockonly\fR
++Emit just the verification blob
++.PP
++OR
++.PP
++Usage: futility \fI\,/usr/bin/vbutil_kernel\/\fP \fB\-\-verify\fR <file>
++[PARAMETERS]
++.IP
++Optional:
++.TP
++\fB\-\-signpubkey\fR <file>
++Public key to verify kernel keyblock,
++in .vbpubk format
++.TP
++\fB\-\-verbose\fR
++Print a more detailed report
++.TP
++\fB\-\-keyblock\fR <file>
++Outputs the verified key block,
++in .keyblock format
++.TP
++\fB\-\-pad\fR <number>
++Verification padding size in bytes
++.TP
++\fB\-\-minversion\fR <number>
++Minimum combined kernel key version
++.PP
++OR
++.PP
++Usage: futility \fI\,/usr/bin/vbutil_kernel\/\fP \fB\-\-get\-vmlinuz\fR
++<file> [PARAMETERS]
++.IP
++Required parameters:
++.TP
++\fB\-\-vmlinuz\-out\fR <file>
++vmlinuz image output file
++.PP
++Usage: futility \fI\,/usr/bin/vbutil_kernel\/\fP \fB\-\-pack\fR <file>
++[PARAMETERS]
++.IP
++Required parameters:
++.TP
++\fB\-\-keyblock\fR <file>
++Key block in .keyblock format
++.TP
++\fB\-\-signprivate\fR <file>
++Private key to sign kernel data,
++in .vbprivk format
++.TP
++\fB\-\-version\fR <number>
++Kernel version
++.TP
++\fB\-\-vmlinuz\fR <file>
++Linux kernel bzImage file
++.TP
++\fB\-\-bootloader\fR <file>
++Bootloader stub
++.TP
++\fB\-\-config\fR <file>
++Command line file
++.TP
++\fB\-\-arch\fR <arch>
++Cpu architecture (default x86)
++.IP
++Optional:
++.TP
++\fB\-\-kloadaddr\fR <address>
++Assign kernel body load address
++.TP
++\fB\-\-pad\fR <number>
++Verification padding size in bytes
++.TP
++\fB\-\-vblockonly\fR
++Emit just the verification blob
++.TP
++\fB\-\-flags\fR NUM
++Flags to be passed in the header
++.PP
++OR
++.PP
++Usage: futility \fI\,/usr/bin/vbutil_kernel\/\fP \fB\-\-repack\fR <file>
++[PARAMETERS]
++.IP
++Required parameters:
++.TP
++\fB\-\-signprivate\fR <file>
++Private key to sign kernel data,
++in .vbprivk format
++.TP
++\fB\-\-oldblob\fR <file>
++Previously packed kernel blob
++(including verification blob)
++.IP
++Optional:
++.TP
++\fB\-\-keyblock\fR <file>
++Key block in .keyblock format
++.TP
++\fB\-\-config\fR <file>
++New command line file
++.TP
++\fB\-\-version\fR <number>
++Kernel version
++.TP
++\fB\-\-kloadaddr\fR <address>
++Assign kernel body load address
++.TP
++\fB\-\-pad\fR <number>
++Verification blob size in bytes
++.TP
++\fB\-\-vblockonly\fR
++Emit just the verification blob
++.PP
++OR
++.PP
++Usage: futility \fI\,/usr/bin/vbutil_kernel\/\fP \fB\-\-verify\fR <file>
++[PARAMETERS]
++.IP
++Optional:
++.TP
++\fB\-\-signpubkey\fR <file>
++Public key to verify kernel keyblock,
++in .vbpubk format
++.TP
++\fB\-\-verbose\fR
++Print a more detailed report
++.TP
++\fB\-\-keyblock\fR <file>
++Outputs the verified key block,
++in .keyblock format
++.TP
++\fB\-\-pad\fR <number>
++Verification padding size in bytes
++.TP
++\fB\-\-minversion\fR <number>
++Minimum combined kernel key version
++.PP
++OR
++.PP
++Usage: futility \fI\,/usr/bin/vbutil_kernel\/\fP \fB\-\-get\-vmlinuz\fR
++<file> [PARAMETERS]
++.IP
++Required parameters:
++.TP
++\fB\-\-vmlinuz\-out\fR <file>
++vmlinuz image output file
++
--- /dev/null
--- /dev/null
++From: Shawn Landden <shawnlandden@gmail.com>
++Date: Mon, 10 Feb 2020 16:21:52 +0100
++Subject: Reduce `uname -m` down to what the build system
++
++Last-Update: 2013-01-28
++
++expects
++Last-Update: 2013-01-28
++---
++ Makefile | 6 ++++++
++ 1 file changed, 6 insertions(+)
++
++diff --git a/Makefile b/Makefile
++index 4f0dee4..218437f 100644
++--- a/Makefile
+++++ b/Makefile
++@@ -86,6 +86,12 @@ endif
++
++ # Architecture detection
++ _machname := $(shell uname -m)
+++ifneq (,$(findstring arm,${_machname}))
+++ override _machname := arm
+++endif
+++ifneq (,$(findstring i686,${_machname}))
+++ override _machname := x86
+++endif
++ HOST_ARCH ?= ${_machname}
++
++ # ARCH and/or FIRMWARE_ARCH are defined by the Chromium OS ebuild.
--- /dev/null
--- /dev/null
++From: Marcin Juszkiewicz <marcin@juszkiewicz.com.pl>
++Date: Mon, 10 Feb 2020 16:21:52 +0100
++Subject: Add missing CPPFLAGS and LDFLAGS
++
++Origin: Debian
++Last-Update: 2020-10-27
++---
++ Makefile | 5 +++--
++ 1 file changed, 3 insertions(+), 2 deletions(-)
++
++diff --git a/Makefile b/Makefile
++index 218437f..acb379d 100644
++--- a/Makefile
+++++ b/Makefile
++@@ -142,6 +142,7 @@ COMMON_FLAGS := -pipe ${WERROR} -Wall -Wstrict-prototypes -Wtype-limits \
++
++ # FIRMWARE_ARCH is defined if compiling for a firmware target
++ # (coreboot or depthcharge).
+++CFLAGS += $(CPPFLAGS)
++ ifeq (${FIRMWARE_ARCH},arm)
++ CC ?= armv7a-cros-linux-gnueabihf-gcc
++ CFLAGS ?= -march=armv5 -fno-common -ffixed-r8 -mfloat-abi=hard -marm
++@@ -1137,11 +1138,11 @@ ${BUILD}/%: ${BUILD}/%.o ${OBJS} ${LIBS}
++
++ ${BUILD}/%.o: %.c
++ @${PRINTF} " CC $(subst ${BUILD}/,,$@)\n"
++- ${Q}${CC} ${CFLAGS} ${INCLUDES} -c -o $@ $<
+++ ${Q}${CC} ${CFLAGS} ${LDFLAGS} ${INCLUDES} -c -o $@ $<
++
++ ${BUILD}/%.o: ${BUILD}/%.c
++ @${PRINTF} " CC $(subst ${BUILD}/,,$@)\n"
++- ${Q}${CC} ${CFLAGS} ${INCLUDES} -c -o $@ $<
+++ ${Q}${CC} ${CFLAGS} ${LDFLAGS} ${INCLUDES} -c -o $@ $<
++
++ # ----------------------------------------------------------------------------
++ # Here are the special tweaks to the generic rules.
--- /dev/null
--- /dev/null
++From: Sophie Brun <sophie@freexian.com>
++Date: Mon, 10 Feb 2020 16:21:52 +0100
++Subject: Try to fix building on arm64
++
++Origin: https://bugs.kali.org/view.php?id=3172
++Last-Update: 2016-05-20
++
++Last-Update: 2016-05-20
++---
++ Makefile | 3 +++
++ 1 file changed, 3 insertions(+)
++
++diff --git a/Makefile b/Makefile
++index acb379d..6f13643 100644
++--- a/Makefile
+++++ b/Makefile
++@@ -89,6 +89,9 @@ _machname := $(shell uname -m)
++ ifneq (,$(findstring arm,${_machname}))
++ override _machname := arm
++ endif
+++ifneq (,$(findstring aarch64,${_machname}))
+++ override _machname := arm
+++endif
++ ifneq (,$(findstring i686,${_machname}))
++ override _machname := x86
++ endif
--- /dev/null
--- /dev/null
++From: Sophie Brun <sophie@freexian.com>
++Date: Mon, 10 Feb 2020 16:21:52 +0100
++Subject: Fix a spelling error
++
++Last-Update: 2017-11-14
++
++Last-Update: 2017-11-14
++---
++ futility/cmd_vbutil_kernel.c | 2 +-
++ 1 file changed, 1 insertion(+), 1 deletion(-)
++
++diff --git a/futility/cmd_vbutil_kernel.c b/futility/cmd_vbutil_kernel.c
++index 7268bee..f4964f1 100644
++--- a/futility/cmd_vbutil_kernel.c
+++++ b/futility/cmd_vbutil_kernel.c
++@@ -110,7 +110,7 @@ static const char usage[] =
++ " --signprivate <file> Private key to sign kernel data,\n"
++ " in .vbprivk format\n"
++ " --oldblob <file> Previously packed kernel blob\n"
++- " (including verfication blob)\n"
+++ " (including verification blob)\n"
++ "\n"
++ " Optional:\n"
++ " --keyblock <file> Keyblock in .keyblock format\n"
--- /dev/null
--- /dev/null
++From: Sophie Brun <sophie@offensive-security.com>
++Date: Tue, 11 Feb 2020 17:02:17 +0100
++Subject: Add missing flags pie
++
++Last-Update: 2022-02-11
++---
++ Makefile | 2 +-
++ 1 file changed, 1 insertion(+), 1 deletion(-)
++
++diff --git a/Makefile b/Makefile
++index 85e36a8..c75c10f 100644
++--- a/Makefile
+++++ b/Makefile
++@@ -181,7 +181,7 @@ COMMON_FLAGS += $(call test_ccflag,-Wno-address-of-packed-member)
++ COMMON_FLAGS += $(call test_ccflag,-Wno-unknown-warning)
++
++ # Needs -Wl because LD is actually set to CC by default.
++-LDFLAGS += -Wl,--gc-sections
+++LDFLAGS += -Wl,--gc-sections -pie
++
++ ifneq ($(filter-out 0,${DEBUG})$(filter-out 0,${TEST_PRINT}),)
++ CFLAGS += -DVBOOT_DEBUG
--- /dev/null
--- /dev/null
++From: Sophie Brun <sophie@offensive-security.com>
++Date: Tue, 27 Oct 2020 11:41:16 +0100
++Subject: Avoid embedding user and time in version from getversion.sh
++
++Last-Update: 2020-10-27
++
++Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971400
++Author: Vagrant Cascadian <vagrant@reproducible-builds.org>
++
++The getversion.sh script embeds the build time and user who built the
++binary, which breaks reproducible builds:
++
++ https://reproducible-builds.org/
++
++Without this patch, "/usr/bin/futility" embeds differing information
++in the binary:
++
++ unknown 2020-09-17 07:53:52 pbuilder1 vs. unknown 2021-10-21 16:19:17 pbuilder2
++---
++ scripts/getversion.sh | 2 +-
++ 1 file changed, 1 insertion(+), 1 deletion(-)
++
++diff --git a/scripts/getversion.sh b/scripts/getversion.sh
++index a563007..a5ab63b 100755
++--- a/scripts/getversion.sh
+++++ b/scripts/getversion.sh
++@@ -30,4 +30,4 @@ fi
++
++ date=$(date '+%F %T')
++
++-echo "const char futility_version[] = \"${ver} ${date} ${USER}\";";
+++echo "const char futility_version[] = \"${ver}\";";
--- /dev/null
--- /dev/null
++From: Sophie Brun <sophie@offensive-security.com>
++Date: Tue, 11 Feb 2020 15:24:49 +0100
++Subject: Don't build with Werror in Debian
++
++Last-Update: 2020-02-11
++---
++ Makefile | 2 +-
++ 1 file changed, 1 insertion(+), 1 deletion(-)
++
++diff --git a/Makefile b/Makefile
++index 6f13643..85e36a8 100644
++--- a/Makefile
+++++ b/Makefile
++@@ -137,7 +137,7 @@ endif
++ DEBUG_FLAGS := $(if $(filter-out 0,${DEBUG}),-g -Og,-g -Os)
++ WERROR := -Werror
++ FIRMWARE_FLAGS := -nostdinc -ffreestanding -fno-builtin -fno-stack-protector
++-COMMON_FLAGS := -pipe ${WERROR} -Wall -Wstrict-prototypes -Wtype-limits \
+++COMMON_FLAGS := -pipe -Wall -Wstrict-prototypes -Wtype-limits \
++ -Wundef -Wmissing-prototypes -Wno-trigraphs -Wredundant-decls -Wshadow \
++ -Wwrite-strings -Wstrict-aliasing -Wdate-time \
++ -ffunction-sections -fdata-sections \
--- /dev/null
--- /dev/null
++0002-reduce-uname-down.patch
++0006-add-CPPFLAGS-LDFLAGS.patch
++0008-fix-building-on-arm64.patch
++0012-fix-spelling-errors.patch
++dont-build-with-werror.patch
++add-missing-flags-pie.patch
++do-not-embed-user-and-time-in-version.patch
++treat-i386-as-x86.patch
--- /dev/null
--- /dev/null
++From: Vagrant Cascadian <vagrant@reproducible-builds.org>
++Date: Tue, 1 Dec 2020 09:55:46 +0100
++Subject: treat-i386-as-x86
++
++Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974863
++
++When building for i386 and running an amd64 kernel, the Makefile uses
++"uname -m" to determine the architecture, but this introduces variations
++depending on the kernel used to perform the build.
++---
++ Makefile | 3 +++
++ 1 file changed, 3 insertions(+)
++
++diff --git a/Makefile b/Makefile
++index c75c10f..8930eb0 100644
++--- a/Makefile
+++++ b/Makefile
++@@ -95,6 +95,9 @@ endif
++ ifneq (,$(findstring i686,${_machname}))
++ override _machname := x86
++ endif
+++ifneq (,$(findstring i386,${_machname}))
+++ override _machname := x86
+++endif
++ HOST_ARCH ?= ${_machname}
++
++ # ARCH and/or FIRMWARE_ARCH are defined by the Chromium OS ebuild.
--- /dev/null
--- /dev/null
++#!/usr/bin/make -f
++
++export DEB_BUILD_MAINT_OPTIONS = hardening=+all
++export CC = clang-11
++export _machname = $(DEB_HOST_ARCH)
++
++override_dh_auto_build:
++ dh_auto_build -- V=1
++
++override_dh_auto_install:
++ $(MAKE) V=1 DESTDIR=$$(pwd)/debian/vboot-utils install
++ mkdir -p $$(pwd)/debian/cgpt/usr/bin
++ mv -t $$(pwd)/debian/cgpt/usr/bin \
++ $$(pwd)/debian/vboot-utils/usr/bin/cgpt
++ mkdir -p $$(pwd)/debian/vboot-kernel-utils/usr/bin
++ mv -t $$(pwd)/debian/vboot-kernel-utils/usr/bin \
++ $$(pwd)/debian/vboot-utils/usr/bin/vbutil_kernel
++ mv -t $$(pwd)/debian/vboot-kernel-utils/usr/bin \
++ $$(pwd)/debian/vboot-utils/usr/bin/futility
++ # vboot_host.pc is useless without the static library (which
++ # we could install with "make install-dev" but we currently don't)
++ rm -f debian/vboot-utils/usr/lib/pkgconfig/vboot_host.pc
++ rmdir --ignore-fail-on-non-empty -p debian/vboot-utils/usr/lib/pkgconfig
++ rm -f debian/vboot-utils/usr/lib/libvboot_host.a
++
++override_dh_auto_test:
++ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
++ #make runtests V=1
++endif
++
++%:
++ dh $@
--- /dev/null
--- /dev/null
++3.0 (quilt)
--- /dev/null
--- /dev/null
++tests/devkeys /usr/share/vboot/
++tests/devkeys-acc /usr/share/vboot/
++tests/devkeys-pkc /usr/share/vboot/
--- /dev/null
--- /dev/null
++debian/manpages/futility.1
++debian/manpages/vbutil_kernel.1
--- /dev/null
--- /dev/null
++debian/manpages/crossystem.1
--- /dev/null
--- /dev/null
++version=4
++opts="downloadurlmangle=s|/\+/refs/heads/release-(.*)|/\+archive/refs/heads/release-$1\.tar\.gz|g,uversionmangle=s|^|0~|,filenamemangle=s|.*/release-(.*)$|vboot-utils-$1.tar.gz|" \
++https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+refs \
++ https://chromium.googlesource.com/chromiumos/platform/vboot_reference/\+/refs/heads/release-(.*)
projects / vboot-utils.git / commitdiff