From 0c41751bdfe3a40509346be7b6154ea8bffadb97 Mon Sep 17 00:00:00 2001 From: Sophie Brun Date: Mon, 18 Jul 2022 10:08:11 +0100 Subject: [PATCH] Import vboot-utils_0~R99-14469.B-2.debian.tar.xz [dgit import tarball vboot-utils 0~R99-14469.B-2 vboot-utils_0~R99-14469.B-2.debian.tar.xz] --- cgpt.manpages | 1 + changelog | 163 +++++++++++++ control | 63 +++++ copyright | 71 ++++++ docs | 1 + manpages/cgpt.1 | 86 +++++++ manpages/crossystem.1 | 209 ++++++++++++++++ manpages/futility.1 | 156 ++++++++++++ manpages/vbutil_kernel.1 | 226 ++++++++++++++++++ patches/0002-reduce-uname-down.patch | 29 +++ patches/0006-add-CPPFLAGS-LDFLAGS.patch | 36 +++ patches/0008-fix-building-on-arm64.patch | 26 ++ patches/0012-fix-spelling-errors.patch | 24 ++ patches/add-missing-flags-pie.patch | 22 ++ ...o-not-embed-user-and-time-in-version.patch | 32 +++ patches/dont-build-with-werror.patch | 22 ++ patches/series | 8 + patches/treat-i386-as-x86.patch | 27 +++ rules | 32 +++ source/format | 1 + vboot-kernel-utils.install | 3 + vboot-kernel-utils.manpages | 2 + vboot-utils.manpages | 1 + watch | 4 + 24 files changed, 1245 insertions(+) create mode 100644 cgpt.manpages create mode 100644 changelog create mode 100644 control create mode 100644 copyright create mode 100644 docs create mode 100644 manpages/cgpt.1 create mode 100644 manpages/crossystem.1 create mode 100644 manpages/futility.1 create mode 100644 manpages/vbutil_kernel.1 create mode 100644 patches/0002-reduce-uname-down.patch create mode 100644 patches/0006-add-CPPFLAGS-LDFLAGS.patch create mode 100644 patches/0008-fix-building-on-arm64.patch create mode 100644 patches/0012-fix-spelling-errors.patch create mode 100644 patches/add-missing-flags-pie.patch create mode 100644 patches/do-not-embed-user-and-time-in-version.patch create mode 100644 patches/dont-build-with-werror.patch create mode 100644 patches/series create mode 100644 patches/treat-i386-as-x86.patch create mode 100755 rules create mode 100644 source/format create mode 100644 vboot-kernel-utils.install create mode 100644 vboot-kernel-utils.manpages create mode 100644 vboot-utils.manpages create mode 100644 watch diff --git a/cgpt.manpages b/cgpt.manpages new file mode 100644 index 0000000..6ebfe71 --- /dev/null +++ b/cgpt.manpages @@ -0,0 +1 @@ +debian/manpages/cgpt.1 diff --git a/changelog b/changelog new file mode 100644 index 0000000..0a4cfd1 --- /dev/null +++ b/changelog @@ -0,0 +1,163 @@ +vboot-utils (0~R99-14469.B-2) unstable; urgency=medium + + * Fix switch to llvm-toolchain-13: use libfuzzer-13-dev (Closes: #1000916) + + -- Sophie Brun Mon, 18 Jul 2022 11:08:11 +0200 + +vboot-utils (0~R99-14469.B-1) unstable; urgency=medium + + * New upstream version 0~R99-14469.B + * Refresh patches + * Update debian/copyright + * Add missing build-dep libflashrom-dev + * Upgrade to use llvm-toolchain-13 (Closes: #1000916) + * Bump Standards-Version to 4.6.0 + * Use debhelper-compat 13 + + -- Sophie Brun Mon, 14 Feb 2022 14:32:56 +0100 + +vboot-utils (0~R88-13597.B-1) unstable; urgency=medium + + [ Sophie Brun ] + * Add a patch to fix reproducible build (Closes: #974863) + * Upgrade to clang-11 (Closes: #974776) + * Bump Standards-Version to 4.5.1 (no changes) + * Use version=4 in debian/watch + * New upstream version 0~R88-13597.B + * Refresh patches + + [ Raphael Hertzog ] + * Use libfuzzer-11-dev instead of libfuzzer-10-dev + + -- Sophie Brun Tue, 01 Dec 2020 10:59:21 +0100 + +vboot-utils (0~R87-13505.B-1) unstable; urgency=medium + + * New upstream version 0~R87-13505.B + * Refresh patches + * Add a patch to not embed user and time in version (Closes: #971400) + * Switch to clang 10 (Closes: #971402) + * Remove override_dh_fixperms no longer needed + * Update installation for new upstream release + + -- Sophie Brun Tue, 27 Oct 2020 21:01:46 +0100 + +vboot-utils (0~R81-12871.B-1) unstable; urgency=medium + + * Update debian/watch + * New upstream version 0~R81-12871.B + * Refresh patches + * Build with clang and libfuzzer + * d/rules: remove futility_s mention (no longer exists) + * Add a patch to remove -Werror flag + * Use debhelper-compat 12 + * Remove useless python in build-dep (Closes: #938769) + * Add missing build-dep bc required for tests + * Update debian/copyright + * Add missing flags pie + * Bump Standards-Version to 4.5.0 + + -- Sophie Brun Wed, 12 Feb 2020 15:14:54 +0100 + +vboot-utils (0~R63-10032.B-3) unstable; urgency=medium + + * Move git repository to salsa.debian.org. + * Make build logs verbose to include the full command line. + * Protect dh_override_auto_test with check of nocheck in DEB_BUILD_OPTIONS. + * Bump Standards-Version to 4.1.3. + * Update my name in Uploaders. + + -- Raphaël Hertzog Tue, 06 Feb 2018 16:29:11 +0100 + +vboot-utils (0~R63-10032.B-2) unstable; urgency=medium + + * Add a patch to fix futility bdb on 32 bits architectures (Closes: #881997) + + -- Sophie Brun Mon, 20 Nov 2017 14:19:32 +0100 + +vboot-utils (0~R63-10032.B-1) unstable; urgency=medium + + * Fix debian/watch + * New upstream version 0~R63-10032.B + * Build against openssl 1.1 (Closes: #835801) + * Remove useless patch 0001-use-zu-as-appropriate-for-size_t (fixed + upstream) + * Update debian/copyright + * Remove useless patch 0009-drop-failing-test.patch + * Add a patch to fix failing tests-show-contents + * Bump Standards-version to 4.1.1: update Priority to optional, use https + * Fix perms for usr/share/vboot/bin/common_minimal.sh + + -- Sophie Brun Thu, 16 Nov 2017 09:21:28 +0100 + +vboot-utils (0~R52-8350.B-2) unstable; urgency=medium + + * Add missing build-depends: libssl1.0-dev. Keep using libssl 1.0 as + upstream didn't update code for libssl 1.1 and changes are involved + (Closes: #835801) + * Drop useless build-depends: libtspi-dev + + -- Sophie Brun Fri, 02 Sep 2016 15:09:03 +0200 + +vboot-utils (0~R52-8350.B-1) unstable; urgency=medium + + [ Sophie Brun ] + * Import new upstream release (Closes: #828592) + * Taking over with Antonio's permission (Closes: #798556) + * Update patches: 0001-use-zu-as-appropriate-for-size_t.patch, + 0002-reduce-uname-down.patch, 0003-do-not-do-static-linking.patch, + 0004-skip-test-workbuf.patch, 0005-remove-Werror.patch, + 0006-add-CPPFLAGS-LDFLAGS.patch + * Update the installation: futility program is now in vboot-kernel-utils + * Update the manual pages (Closes: #735296) + * Add patches to fix installation: 0007-fix-install-vboot_reference.patch, + 0010-change-install-directory-scripts.patch + * Add a patch to try to fix build on arm64 + * Add a patch to drop a failing test + * Add debian/watch + + [ Raphaël Hertzog ] + * Don't override dh_builddeb to force xz compression, it's the default + nowadays. + * Drop vboot_host.pc as we don't install the associated static library. + * Use https URL in Vcs-Browser. + * Drop build dependency on dpkg-dev as versioned dependency is satisfied in + oldstable (wheezy) and all newer releases. + + -- Sophie Brun Mon, 23 May 2016 10:55:20 +0200 + +vboot-utils (0~20121212-3) unstable; urgency=low + + * Added patch to make use that CPPFLAGS and LDFLAGS are used. + + -- Marcin Juszkiewicz Tue, 04 Jun 2013 22:26:58 +0200 + +vboot-utils (0~20121212-2) unstable; urgency=low + + * bumped debhelper to v9 to get hardening support + * fixed lintian warnings + * updated manpages + * fixed copyright Files: entries + * updated Standards-Version to 3.9.4 (no changes) + * enlarged vboot-kernel-utils description a bit + * fixed Vcs links + * Merged few changes from Shawn Landden repo: + * Tests are now run after build. + * Added manpages for cgpt, crossystem vbutil_kernel. + * Added openssl, python, realpath to build dependencies - tests + requirements. + + -- Marcin Juszkiewicz Tue, 12 Mar 2013 22:07:17 +0800 + +vboot-utils (0~20121212-1) unstable; urgency=low + + [ Antonio Terceiro ] + * Initial release. + * Added patches to: + - build utilities as shared binaries + - Fix build on armhf by removing -Werror from build flags + + [ Marcin Juszkiewicz ] + * Added patch to build cgpt as shared binary. + + -- Antonio Terceiro Sun, 16 Dec 2012 11:03:40 -0300 diff --git a/control b/control new file mode 100644 index 0000000..6758cd3 --- /dev/null +++ b/control @@ -0,0 +1,63 @@ +Source: vboot-utils +Section: admin +Priority: optional +Maintainer: Sophie Brun +Uploaders: Raphaël Hertzog +Build-Depends: debhelper-compat (= 13), + clang-13, + libflashrom-dev, + libfuzzer-13-dev, + liblzma-dev, + libssl-dev, + libyaml-dev, + pkg-config, + uuid-dev, +# tests/subprocess_tests.c + bc, +# tests/external_rsa_signer.sh + openssl +Standards-Version: 4.6.0 +Vcs-Git: https://salsa.debian.org/debian/vboot-utils.git +Vcs-Browser: https://salsa.debian.org/debian/vboot-utils +Homepage: https://chromium.googlesource.com/chromiumos/platform/vboot_reference + +Package: vboot-utils +Architecture: amd64 arm64 armel armhf i386 +Multi-Arch: foreign +Depends: vboot-kernel-utils, ${misc:Depends}, ${shlibs:Depends} +Recommends: cgpt +Pre-Depends: ${misc:Pre-Depends} +Description: Chrome OS verified u-boot utilities + This package contains a set of tools to deal with Chromebook internals, + and the verified version of u-boot. Namely: + bmpblk_font bmpblk_utility chromeos-tpm-recovery crossystem dev_debug_vboot + dev_make_keypair dumpRSAPublicKey eficompress efidecompress enable_dev_usb_boot + load_kernel_test pad_digest_utility signature_digest_utility tpm-nvsize + tpm_init_temp_fix tpmc vbutil_what_key verify_data. + . + The programs previously included in this package: dump_fmap dump_kernel_config + futility gbb_utility vbutil_firmware vbutil_key vbutil_keyblock, are now + grouped in the futility program in the package vboot-kernel-utils. + . + Most users don't need this package, and should look for the cgpt and + vboot-kernel-utils packages instead. + +Package: cgpt +Provides: crossystem +Architecture: amd64 arm64 armel armhf i386 +Multi-Arch: foreign +Depends: ${misc:Depends}, ${shlibs:Depends} +Pre-Depends: ${misc:Pre-Depends} +Description: GPT manipulation tool with support for Chromium OS extensions + Cgpt is a tool to manipulate GUID Partition Table from command line. It also + supports Chromium OS extensions enabling you to change priority for kernel + partitions. + +Package: vboot-kernel-utils +Architecture: amd64 arm64 armel armhf i386 +Depends: ${misc:Depends}, ${shlibs:Depends} +Pre-Depends: ${misc:Pre-Depends} +Description: Chrome OS verified boot utils required to sign kernels + This package provides the futility program (including the vbutil_kernel + program required to sign custom kernels in order to get them booted by Chrome + OS devices (i.e. Chromebooks)). diff --git a/copyright b/copyright new file mode 100644 index 0000000..2ad95a4 --- /dev/null +++ b/copyright @@ -0,0 +1,71 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: vboot-reference +Source: https://chromium.googlesource.com/chromiumos/platform/vboot_reference/ + +Files: * +Copyright: (c) 2010-2021 The Chromium OS Authors. All rights reserved. +License: BSD-3-clause + +Files: firmware/lib/cgptlib/crc32.c +Copyright: (C) 1986 Gary S. Brown. +License: other + You may use this program, or code or tables extracted from it, as desired + without restriction. + +Files: firmware/2lib/2sha256.c firmware/2lib/2sha512.c +Copyright: (C) 2005, 2007 Olivier Gay +License: BSD-3-clause + +Files: scripts/image_signing/lib/shflags/shflags +Copyright: Copyright 2008 Kate Ward. All Rights Reserved. +License: LGPL-2.1 + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License version 2.1 as published by the Free Software Foundation. + . + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, see + . + On Debian systems, the complete text of the GNU Lesser General + Public License version 2.1 can be found in + "/usr/share/common-licenses/LGPL-2.1". + +Files: debian/* +Copyright: 2012 Antonio Terceiro + 2012 Marcin Juszkiewicz + 2020-2022 Sophie Brun +License: BSD-3-clause + +License: BSD-3-clause + All rights reserved. + . + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + . + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following disclaimer + in the documentation and/or other materials provided with the + distribution. + 3. Neither the name of Google Inc. nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/docs b/docs new file mode 100644 index 0000000..e845566 --- /dev/null +++ b/docs @@ -0,0 +1 @@ +README diff --git a/manpages/cgpt.1 b/manpages/cgpt.1 new file mode 100644 index 0000000..78d1195 --- /dev/null +++ b/manpages/cgpt.1 @@ -0,0 +1,86 @@ +\" TROFF Macro Summary: http://www.fileformat.info/info/man-pages/macro.htm + +.TH CGPT "1" "January 2014" "cgpt " "System Administration Commands" + +.SH NAME +cgpt \- Utility to manipulate GPT partitions with Chromium OS extensions + +.SH SYNOPSIS +.B cgpt +\fICOMMAND\fR +[\fIOPTIONS\fR] +\fIDRIVE\fR + +.SH DESCRIPTION +Cgpt is a tool to manipulate a GUID Partition Table from the command line. Although several other utilities exist for the same basic purpose \- some with more features and a captive user interface \- cgpt is unique in that it also supports Chromium OS extensions. These extensions are not generally useful; they are specific to the u-boot firmware found on some Chromebooks. They may be used to change priority for kernel partitions and give other hints to u-boot Chromebook firmware. Use this utility only to manipulate a partition table for compatible Chromebooks. + +.SH COMMANDS +Each action performed by this program \- with the notable exception of the \fI\-h\fR \fIOPTION\fR \- is initiated by a command which tells cgpt the type of operation to perform. All available commands are described below. + +.IP \fBcreate\fR +Create or reset GPT headers and tables. + +.IP \fBadd\fR +Add, edit, or remove a partition entry. + +.IP \fBshow\fR +Show the partition table and entries. + +.IP \fBrepair\fR +Repair damaged GPT headers and tables. + +.IP \fBboot\fR +Edit the PMBR sector for legacy BIOSes. + +If no \fIBOOT OPTIONS\fR are specified, this command will just print the PMBR boot GUID. + +.IP \fBfind\fR +Find a partition by its GUID. + +If no \fIDRIVE\fR is specified, this command will scan all physical drives for a match. + +.IP \fBprioritize\fR +Reorder the priority of all ChromeOS kernel partitions. + +If no options are specified, this command will set the lowest active kernel to priority 1 while maintaining the original order. + +.IP \fBlegacy\fR +Switch between GPT and Legacy GPT. + +.SH GENERAL\ OPTIONS +The options described in this section apply to every \fICOMMAND\fR supported by this program. + +.IP \fB-h\fR +For more detailed usage, use \fBcgpt\fR \fICOMMAND\fR \fI-h\fR + +.SH EXAMPLES +The following examples demonstrate valid syntax only. It is up to you to interpret them based on the documentation in this manual. + +\fBcgpt\fR \fIshow\fR /dev/mmcblk0 +.br +\fBcgpt\fR \fIcreate\fR /dev/mmcblk0 +.br +\fBcgpt\fR \fIadd\fR \fI-i\fR 2 \fI-S\fR 1 \fI-T\fR 15 \fI-P\fR 15 /dev/mmcblk0 +.br +\fBcgpt\fR \fIadd\fR \fI-i\fR 1 \fI-t\fR data \fI-l\fR "STATE" /dev/mmcblk0 +.br +\fBcgpt\fR \fIadd\fR \fI-i\fR 2 \fI-t\fR kernel \fI-l\fR "KERN-A" /dev/mmcblk0 +.br +\fBcgpt\fR \fIadd\fR \fI-i\fR 3 \fI-t\fR rootfs \fI-l\fR "ROOT-A" /dev/mmcblk0 + +.SH AUTHOR +This manual page was written by Karl Lenz for the Debian project (but may be used by others). + +.SH COPYRIGHT +Cgpt is copyright 2010-2013, The Chromium OS Authors +.br +This manual page is copyright 2014, Karl Lenz + +Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. + +Cgpt is provided "as is" with no warranty. The exact terms under which you may use and (re)distribute this program are detailed in the BSD 3-Clause License, which is distributed with this program in the LICENSE file. On Debian systems, the complete text of the BSD 3-Clause License can be found in /usr/share/common-licenses/BSD. + +.SH SEE\ ALSO +.BR parted (8), +.BR gdisk (8), +.BR gptsync (8) diff --git a/manpages/crossystem.1 b/manpages/crossystem.1 new file mode 100644 index 0000000..6f6c7dc --- /dev/null +++ b/manpages/crossystem.1 @@ -0,0 +1,209 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. +.TH CROSSYSTEM "1" "July 2016" "crossystem " "User Commands" +.SH NAME +crossystem \- Chrome OS firmware/system interface utility +.SH DESCRIPTION +.SS "Usage:" +.IP +crossystem [\-\-all] +.IP +Prints all parameters with descriptions and current values. +If \fB\-\-all\fR is specified, prints even normally hidden fields. +.IP +crossystem [param1 [param2 [...]]] +.IP +Prints the current value(s) of the parameter(s). +.IP +crossystem [param1=value1] [param2=value2 [...]]] +.IP +Sets the parameter(s) to the specified value(s). +.IP +crossystem [param1?value1] [param2?value2 [...]]] +.IP +Checks if the parameter(s) all contain the specified value(s). +.PP +Stops at the first error. +Valid parameters: +.TP +arch +Platform architecture +.TP +backup_nvram_request +Backup the nvram somewhere at the next boot. Cleared on success. +.TP +battery_cutoff_request +Cut off battery and shutdown on next boot. +.TP +block_devmode +Block all use of developer mode +.TP +clear_tpm_owner_request +Clear TPM owner on next boot +.TP +clear_tpm_owner_done +Clear TPM owner done +.TP +cros_debug +OS should allow debug features +.TP +dbg_reset +Debug reset mode request (writable) +.TP +debug_build +OS image built for debug features +.TP +dev_boot_usb +Enable developer mode boot from USB/SD (writable) +.TP +dev_boot_legacy +Enable developer mode boot Legacy OSes (writable) +.TP +dev_boot_signed_only +Enable developer mode boot only from official kernels (writable) +.TP +dev_default_boot +default boot from legacy or usb (writable) +.TP +devsw_boot +Developer switch position at boot +.TP +devsw_cur +Developer switch current position +.TP +disable_dev_request +Disable virtual dev\-mode on next boot +.TP +ecfw_act +Active EC firmware +.TP +fmap_base +Main firmware flashmap physical address +.TP +fwb_tries +Try firmware B count (writable) +.TP +fw_vboot2 +1 if firmware was selected by vboot2 or 0 otherwise +.TP +fwid +Active firmware ID +.TP +fwupdate_tries +Times to try OS firmware update (writable, inside kern_nv) +.TP +fw_tried +Firmware tried this boot (vboot2) +.TP +fw_try_count +Number of times to try fw_try_next (writable) +.TP +fw_try_next +Firmware to try next (vboot2,writable) +.TP +fw_result +Firmware result this boot (vboot2,writable) +.TP +fw_prev_tried +Firmware tried on previous boot (vboot2) +.TP +fw_prev_result +Firmware result of previous boot (vboot2) +.TP +hwid +Hardware ID +.TP +kern_nv +Non\-volatile field for kernel use +.TP +kernkey_vfy +Type of verification done on kernel key block +.TP +loc_idx +Localization index for firmware screens (writable) +.TP +mainfw_act +Active main firmware +.TP +mainfw_type +Active main firmware type +.TP +nvram_cleared +Have NV settings been lost? Write 0 to clear +.TP +oprom_needed +Should we load the VGA Option ROM at boot? +.TP +recovery_reason +Recovery mode reason for current boot +.TP +recovery_request +Recovery mode request (writable) +.TP +recovery_subcode +Recovery reason subcode (writable) +.TP +recoverysw_boot +Recovery switch position at boot +.TP +recoverysw_cur +Recovery switch current position +.TP +recoverysw_ec_boot +Recovery switch position at EC boot +.TP +ro_fwid +Read\-only firmware ID +.TP +sw_wpsw_boot +Firmware write protect software setting enabled at boot (Baytrail only) +.TP +tpm_attack +TPM was interrupted since this flag was cleared +.TP +tpm_fwver +Firmware version stored in TPM +.TP +tpm_kernver +Kernel version stored in TPM +.TP +tpm_rebooted +TPM requesting repeated reboot (vboot2) +.TP +try_ro_sync +try read only software sync +.TP +tried_fwb +Tried firmware B before A this boot +.TP +vdat_flags +Flags from VbSharedData +.TP +vdat_lfdebug +LoadFirmware() debug data (not in print\-all) +.TP +vdat_lkdebug +LoadKernel() debug data (not in print\-all) +.TP +vdat_timers +Timer values from VbSharedData +.TP +wipeout_request +Firmware requested factory reset (wipeout) +.TP +wpsw_boot +Firmware write protect hardware switch position at boot +.TP +wpsw_cur +Firmware write protect hardware switch current position +.SH "SEE ALSO" +The full documentation for +.B crossystem +is maintained as a Texinfo manual. If the +.B info +and +.B crossystem +programs are properly installed at your site, the command +.IP +.B info crossystem +.PP +should give you access to the complete manual. diff --git a/manpages/futility.1 b/manpages/futility.1 new file mode 100644 index 0000000..587c93e --- /dev/null +++ b/manpages/futility.1 @@ -0,0 +1,156 @@ +.TH FUTILITY "1" "May 2016" "futility " "User Commands" +.SH NAME +futility \- Unified firmware utility +.SH SYNOPSIS +.B futility +[\fI\,options\/\fR] \fI\,COMMAND \/\fR[\fI\,args\/\fR...] +.SH DESCRIPTION +futility is the unified firmware utility, which will eventually replace +most of the distinct verified boot tools formerly produced by the +vboot_reference package. +.PP +When symlinked under the name of one of those previous tools, it should +fully implement the original behavior. It can also be invoked directly +as futility, followed by the original name as the first argument. +.PP +Global options: +.TP +\fB\-\-vb1\fR +Use only vboot v1.0 binary formats +.TP +\fB\-\-vb21\fR +Use only vboot v2.1 binary formats +.TP +\fB\-\-debug\fR +Be noisy about what's going on +.PP +The following commands are built\-in: +.TP +create +Create a keypair from an RSA .pem file +.TP +dump_fmap +Display FMAP contents from a firmware image +.TP +dump_kernel_config +Prints the kernel command line +.TP +gbb_utility +Manipulate the Google Binary Block (GBB) +.TP +help +Show a bit of help (you're looking at it) +.TP +load_fmap +Replace the contents of specified FMAP areas +.TP +pcr +Simulate a TPM PCR extension operation +.TP +show +Display the content of various binary components +.TP +sign +Sign / resign various binary components +.TP +vbutil_firmware +Verified boot firmware utility +.TP +vbutil_kernel +Creates, signs, and verifies the kernel partition +.TP +vbutil_key +Wraps RSA keys with vboot headers +.TP +vbutil_keyblock +Creates, signs, and verifies a keyblock +.TP +verify +Verify the signatures of various binary components +.TP +version +Show the futility source revision and build date +.PP +Use "futility help COMMAND" for more information. +.PP +Usage: futility [options] COMMAND [args...] +.PP +This is the unified firmware utility, which will eventually replace +most of the distinct verified boot tools formerly produced by the +vboot_reference package. +.PP +When symlinked under the name of one of those previous tools, it should +fully implement the original behavior. It can also be invoked directly +as futility, followed by the original name as the first argument. +.PP +Global options: +.TP +\fB\-\-vb1\fR +Use only vboot v1.0 binary formats +.TP +\fB\-\-vb21\fR +Use only vboot v2.1 binary formats +.TP +\fB\-\-debug\fR +Be noisy about what's going on +.PP +The following commands are built\-in: +.TP +create +Create a keypair from an RSA .pem file +.TP +dump_fmap +Display FMAP contents from a firmware image +.TP +dump_kernel_config +Prints the kernel command line +.TP +gbb_utility +Manipulate the Google Binary Block (GBB) +.TP +help +Show a bit of help (you're looking at it) +.TP +load_fmap +Replace the contents of specified FMAP areas +.TP +pcr +Simulate a TPM PCR extension operation +.TP +show +Display the content of various binary components +.TP +sign +Sign / resign various binary components +.TP +vbutil_firmware +Verified boot firmware utility +.TP +vbutil_kernel +Creates, signs, and verifies the kernel partition +.TP +vbutil_key +Wraps RSA keys with vboot headers +.TP +vbutil_keyblock +Creates, signs, and verifies a keyblock +.TP +verify +Verify the signatures of various binary components +.TP +version +Show the futility source revision and build date +.PP +Use "futility help COMMAND" for more information. +.SH "SEE ALSO" +The full documentation for +.B futility +is maintained as a Texinfo manual. If the +.B info +and +.B futility +programs are properly installed at your site, the command +.IP +.B info futility +.PP +should give you access to the complete manual. diff --git a/manpages/vbutil_kernel.1 b/manpages/vbutil_kernel.1 new file mode 100644 index 0000000..5463240 --- /dev/null +++ b/manpages/vbutil_kernel.1 @@ -0,0 +1,226 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. +.TH VBUTIL_KERNEL "1" "May 2016" "vbutil_kernel " "User Commands" +.SH NAME +vbutil_kernel \- Utility to sign custom kernels to boot with Chrome OS devices +.SH SYNOPSIS +.B futility +\fI\,/usr/bin/vbutil_kernel --pack \/\fR[\fI\,PARAMETERS\/\fR] +.SH DESCRIPTION +.IP +Required parameters: +.TP +\fB\-\-keyblock\fR +Key block in .keyblock format +.TP +\fB\-\-signprivate\fR +Private key to sign kernel data, +in .vbprivk format +.TP +\fB\-\-version\fR +Kernel version +.TP +\fB\-\-vmlinuz\fR +Linux kernel bzImage file +.TP +\fB\-\-bootloader\fR +Bootloader stub +.TP +\fB\-\-config\fR +Command line file +.TP +\fB\-\-arch\fR +Cpu architecture (default x86) +.IP +Optional: +.TP +\fB\-\-kloadaddr\fR
+Assign kernel body load address +.TP +\fB\-\-pad\fR +Verification padding size in bytes +.TP +\fB\-\-vblockonly\fR +Emit just the verification blob +.TP +\fB\-\-flags\fR NUM +Flags to be passed in the header +.PP +OR +.PP +Usage: futility \fI\,/usr/bin/vbutil_kernel\/\fP \fB\-\-repack\fR +[PARAMETERS] +.IP +Required parameters: +.TP +\fB\-\-signprivate\fR +Private key to sign kernel data, +in .vbprivk format +.TP +\fB\-\-oldblob\fR +Previously packed kernel blob +(including verification blob) +.IP +Optional: +.TP +\fB\-\-keyblock\fR +Key block in .keyblock format +.TP +\fB\-\-config\fR +New command line file +.TP +\fB\-\-version\fR +Kernel version +.TP +\fB\-\-kloadaddr\fR
+Assign kernel body load address +.TP +\fB\-\-pad\fR +Verification blob size in bytes +.TP +\fB\-\-vblockonly\fR +Emit just the verification blob +.PP +OR +.PP +Usage: futility \fI\,/usr/bin/vbutil_kernel\/\fP \fB\-\-verify\fR +[PARAMETERS] +.IP +Optional: +.TP +\fB\-\-signpubkey\fR +Public key to verify kernel keyblock, +in .vbpubk format +.TP +\fB\-\-verbose\fR +Print a more detailed report +.TP +\fB\-\-keyblock\fR +Outputs the verified key block, +in .keyblock format +.TP +\fB\-\-pad\fR +Verification padding size in bytes +.TP +\fB\-\-minversion\fR +Minimum combined kernel key version +.PP +OR +.PP +Usage: futility \fI\,/usr/bin/vbutil_kernel\/\fP \fB\-\-get\-vmlinuz\fR + [PARAMETERS] +.IP +Required parameters: +.TP +\fB\-\-vmlinuz\-out\fR +vmlinuz image output file +.PP +Usage: futility \fI\,/usr/bin/vbutil_kernel\/\fP \fB\-\-pack\fR +[PARAMETERS] +.IP +Required parameters: +.TP +\fB\-\-keyblock\fR +Key block in .keyblock format +.TP +\fB\-\-signprivate\fR +Private key to sign kernel data, +in .vbprivk format +.TP +\fB\-\-version\fR +Kernel version +.TP +\fB\-\-vmlinuz\fR +Linux kernel bzImage file +.TP +\fB\-\-bootloader\fR +Bootloader stub +.TP +\fB\-\-config\fR +Command line file +.TP +\fB\-\-arch\fR +Cpu architecture (default x86) +.IP +Optional: +.TP +\fB\-\-kloadaddr\fR
+Assign kernel body load address +.TP +\fB\-\-pad\fR +Verification padding size in bytes +.TP +\fB\-\-vblockonly\fR +Emit just the verification blob +.TP +\fB\-\-flags\fR NUM +Flags to be passed in the header +.PP +OR +.PP +Usage: futility \fI\,/usr/bin/vbutil_kernel\/\fP \fB\-\-repack\fR +[PARAMETERS] +.IP +Required parameters: +.TP +\fB\-\-signprivate\fR +Private key to sign kernel data, +in .vbprivk format +.TP +\fB\-\-oldblob\fR +Previously packed kernel blob +(including verification blob) +.IP +Optional: +.TP +\fB\-\-keyblock\fR +Key block in .keyblock format +.TP +\fB\-\-config\fR +New command line file +.TP +\fB\-\-version\fR +Kernel version +.TP +\fB\-\-kloadaddr\fR
+Assign kernel body load address +.TP +\fB\-\-pad\fR +Verification blob size in bytes +.TP +\fB\-\-vblockonly\fR +Emit just the verification blob +.PP +OR +.PP +Usage: futility \fI\,/usr/bin/vbutil_kernel\/\fP \fB\-\-verify\fR +[PARAMETERS] +.IP +Optional: +.TP +\fB\-\-signpubkey\fR +Public key to verify kernel keyblock, +in .vbpubk format +.TP +\fB\-\-verbose\fR +Print a more detailed report +.TP +\fB\-\-keyblock\fR +Outputs the verified key block, +in .keyblock format +.TP +\fB\-\-pad\fR +Verification padding size in bytes +.TP +\fB\-\-minversion\fR +Minimum combined kernel key version +.PP +OR +.PP +Usage: futility \fI\,/usr/bin/vbutil_kernel\/\fP \fB\-\-get\-vmlinuz\fR + [PARAMETERS] +.IP +Required parameters: +.TP +\fB\-\-vmlinuz\-out\fR +vmlinuz image output file + diff --git a/patches/0002-reduce-uname-down.patch b/patches/0002-reduce-uname-down.patch new file mode 100644 index 0000000..f630da2 --- /dev/null +++ b/patches/0002-reduce-uname-down.patch @@ -0,0 +1,29 @@ +From: Shawn Landden +Date: Mon, 10 Feb 2020 16:21:52 +0100 +Subject: Reduce `uname -m` down to what the build system + +Last-Update: 2013-01-28 + +expects +Last-Update: 2013-01-28 +--- + Makefile | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/Makefile b/Makefile +index 4f0dee4..218437f 100644 +--- a/Makefile ++++ b/Makefile +@@ -86,6 +86,12 @@ endif + + # Architecture detection + _machname := $(shell uname -m) ++ifneq (,$(findstring arm,${_machname})) ++ override _machname := arm ++endif ++ifneq (,$(findstring i686,${_machname})) ++ override _machname := x86 ++endif + HOST_ARCH ?= ${_machname} + + # ARCH and/or FIRMWARE_ARCH are defined by the Chromium OS ebuild. diff --git a/patches/0006-add-CPPFLAGS-LDFLAGS.patch b/patches/0006-add-CPPFLAGS-LDFLAGS.patch new file mode 100644 index 0000000..50ba886 --- /dev/null +++ b/patches/0006-add-CPPFLAGS-LDFLAGS.patch @@ -0,0 +1,36 @@ +From: Marcin Juszkiewicz +Date: Mon, 10 Feb 2020 16:21:52 +0100 +Subject: Add missing CPPFLAGS and LDFLAGS + +Origin: Debian +Last-Update: 2020-10-27 +--- + Makefile | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/Makefile b/Makefile +index 218437f..acb379d 100644 +--- a/Makefile ++++ b/Makefile +@@ -142,6 +142,7 @@ COMMON_FLAGS := -pipe ${WERROR} -Wall -Wstrict-prototypes -Wtype-limits \ + + # FIRMWARE_ARCH is defined if compiling for a firmware target + # (coreboot or depthcharge). ++CFLAGS += $(CPPFLAGS) + ifeq (${FIRMWARE_ARCH},arm) + CC ?= armv7a-cros-linux-gnueabihf-gcc + CFLAGS ?= -march=armv5 -fno-common -ffixed-r8 -mfloat-abi=hard -marm +@@ -1137,11 +1138,11 @@ ${BUILD}/%: ${BUILD}/%.o ${OBJS} ${LIBS} + + ${BUILD}/%.o: %.c + @${PRINTF} " CC $(subst ${BUILD}/,,$@)\n" +- ${Q}${CC} ${CFLAGS} ${INCLUDES} -c -o $@ $< ++ ${Q}${CC} ${CFLAGS} ${LDFLAGS} ${INCLUDES} -c -o $@ $< + + ${BUILD}/%.o: ${BUILD}/%.c + @${PRINTF} " CC $(subst ${BUILD}/,,$@)\n" +- ${Q}${CC} ${CFLAGS} ${INCLUDES} -c -o $@ $< ++ ${Q}${CC} ${CFLAGS} ${LDFLAGS} ${INCLUDES} -c -o $@ $< + + # ---------------------------------------------------------------------------- + # Here are the special tweaks to the generic rules. diff --git a/patches/0008-fix-building-on-arm64.patch b/patches/0008-fix-building-on-arm64.patch new file mode 100644 index 0000000..6f28b2f --- /dev/null +++ b/patches/0008-fix-building-on-arm64.patch @@ -0,0 +1,26 @@ +From: Sophie Brun +Date: Mon, 10 Feb 2020 16:21:52 +0100 +Subject: Try to fix building on arm64 + +Origin: https://bugs.kali.org/view.php?id=3172 +Last-Update: 2016-05-20 + +Last-Update: 2016-05-20 +--- + Makefile | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/Makefile b/Makefile +index acb379d..6f13643 100644 +--- a/Makefile ++++ b/Makefile +@@ -89,6 +89,9 @@ _machname := $(shell uname -m) + ifneq (,$(findstring arm,${_machname})) + override _machname := arm + endif ++ifneq (,$(findstring aarch64,${_machname})) ++ override _machname := arm ++endif + ifneq (,$(findstring i686,${_machname})) + override _machname := x86 + endif diff --git a/patches/0012-fix-spelling-errors.patch b/patches/0012-fix-spelling-errors.patch new file mode 100644 index 0000000..2b3ca8b --- /dev/null +++ b/patches/0012-fix-spelling-errors.patch @@ -0,0 +1,24 @@ +From: Sophie Brun +Date: Mon, 10 Feb 2020 16:21:52 +0100 +Subject: Fix a spelling error + +Last-Update: 2017-11-14 + +Last-Update: 2017-11-14 +--- + futility/cmd_vbutil_kernel.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/futility/cmd_vbutil_kernel.c b/futility/cmd_vbutil_kernel.c +index 7268bee..f4964f1 100644 +--- a/futility/cmd_vbutil_kernel.c ++++ b/futility/cmd_vbutil_kernel.c +@@ -110,7 +110,7 @@ static const char usage[] = + " --signprivate Private key to sign kernel data,\n" + " in .vbprivk format\n" + " --oldblob Previously packed kernel blob\n" +- " (including verfication blob)\n" ++ " (including verification blob)\n" + "\n" + " Optional:\n" + " --keyblock Keyblock in .keyblock format\n" diff --git a/patches/add-missing-flags-pie.patch b/patches/add-missing-flags-pie.patch new file mode 100644 index 0000000..690779b --- /dev/null +++ b/patches/add-missing-flags-pie.patch @@ -0,0 +1,22 @@ +From: Sophie Brun +Date: Tue, 11 Feb 2020 17:02:17 +0100 +Subject: Add missing flags pie + +Last-Update: 2022-02-11 +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index 85e36a8..c75c10f 100644 +--- a/Makefile ++++ b/Makefile +@@ -181,7 +181,7 @@ COMMON_FLAGS += $(call test_ccflag,-Wno-address-of-packed-member) + COMMON_FLAGS += $(call test_ccflag,-Wno-unknown-warning) + + # Needs -Wl because LD is actually set to CC by default. +-LDFLAGS += -Wl,--gc-sections ++LDFLAGS += -Wl,--gc-sections -pie + + ifneq ($(filter-out 0,${DEBUG})$(filter-out 0,${TEST_PRINT}),) + CFLAGS += -DVBOOT_DEBUG diff --git a/patches/do-not-embed-user-and-time-in-version.patch b/patches/do-not-embed-user-and-time-in-version.patch new file mode 100644 index 0000000..ec7f278 --- /dev/null +++ b/patches/do-not-embed-user-and-time-in-version.patch @@ -0,0 +1,32 @@ +From: Sophie Brun +Date: Tue, 27 Oct 2020 11:41:16 +0100 +Subject: Avoid embedding user and time in version from getversion.sh + +Last-Update: 2020-10-27 + +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971400 +Author: Vagrant Cascadian + +The getversion.sh script embeds the build time and user who built the +binary, which breaks reproducible builds: + + https://reproducible-builds.org/ + +Without this patch, "/usr/bin/futility" embeds differing information +in the binary: + + unknown 2020-09-17 07:53:52 pbuilder1 vs. unknown 2021-10-21 16:19:17 pbuilder2 +--- + scripts/getversion.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/scripts/getversion.sh b/scripts/getversion.sh +index a563007..a5ab63b 100755 +--- a/scripts/getversion.sh ++++ b/scripts/getversion.sh +@@ -30,4 +30,4 @@ fi + + date=$(date '+%F %T') + +-echo "const char futility_version[] = \"${ver} ${date} ${USER}\";"; ++echo "const char futility_version[] = \"${ver}\";"; diff --git a/patches/dont-build-with-werror.patch b/patches/dont-build-with-werror.patch new file mode 100644 index 0000000..e55e7ba --- /dev/null +++ b/patches/dont-build-with-werror.patch @@ -0,0 +1,22 @@ +From: Sophie Brun +Date: Tue, 11 Feb 2020 15:24:49 +0100 +Subject: Don't build with Werror in Debian + +Last-Update: 2020-02-11 +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index 6f13643..85e36a8 100644 +--- a/Makefile ++++ b/Makefile +@@ -137,7 +137,7 @@ endif + DEBUG_FLAGS := $(if $(filter-out 0,${DEBUG}),-g -Og,-g -Os) + WERROR := -Werror + FIRMWARE_FLAGS := -nostdinc -ffreestanding -fno-builtin -fno-stack-protector +-COMMON_FLAGS := -pipe ${WERROR} -Wall -Wstrict-prototypes -Wtype-limits \ ++COMMON_FLAGS := -pipe -Wall -Wstrict-prototypes -Wtype-limits \ + -Wundef -Wmissing-prototypes -Wno-trigraphs -Wredundant-decls -Wshadow \ + -Wwrite-strings -Wstrict-aliasing -Wdate-time \ + -ffunction-sections -fdata-sections \ diff --git a/patches/series b/patches/series new file mode 100644 index 0000000..4726d42 --- /dev/null +++ b/patches/series @@ -0,0 +1,8 @@ +0002-reduce-uname-down.patch +0006-add-CPPFLAGS-LDFLAGS.patch +0008-fix-building-on-arm64.patch +0012-fix-spelling-errors.patch +dont-build-with-werror.patch +add-missing-flags-pie.patch +do-not-embed-user-and-time-in-version.patch +treat-i386-as-x86.patch diff --git a/patches/treat-i386-as-x86.patch b/patches/treat-i386-as-x86.patch new file mode 100644 index 0000000..c60831e --- /dev/null +++ b/patches/treat-i386-as-x86.patch @@ -0,0 +1,27 @@ +From: Vagrant Cascadian +Date: Tue, 1 Dec 2020 09:55:46 +0100 +Subject: treat-i386-as-x86 + +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974863 + +When building for i386 and running an amd64 kernel, the Makefile uses +"uname -m" to determine the architecture, but this introduces variations +depending on the kernel used to perform the build. +--- + Makefile | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/Makefile b/Makefile +index c75c10f..8930eb0 100644 +--- a/Makefile ++++ b/Makefile +@@ -95,6 +95,9 @@ endif + ifneq (,$(findstring i686,${_machname})) + override _machname := x86 + endif ++ifneq (,$(findstring i386,${_machname})) ++ override _machname := x86 ++endif + HOST_ARCH ?= ${_machname} + + # ARCH and/or FIRMWARE_ARCH are defined by the Chromium OS ebuild. diff --git a/rules b/rules new file mode 100755 index 0000000..c955145 --- /dev/null +++ b/rules @@ -0,0 +1,32 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all +export CC = clang-13 +export _machname = $(DEB_HOST_ARCH) + +override_dh_auto_build: + dh_auto_build -- V=1 + +override_dh_auto_install: + $(MAKE) V=1 DESTDIR=$$(pwd)/debian/vboot-utils install + mkdir -p $$(pwd)/debian/cgpt/usr/bin + mv -t $$(pwd)/debian/cgpt/usr/bin \ + $$(pwd)/debian/vboot-utils/usr/bin/cgpt + mkdir -p $$(pwd)/debian/vboot-kernel-utils/usr/bin + mv -t $$(pwd)/debian/vboot-kernel-utils/usr/bin \ + $$(pwd)/debian/vboot-utils/usr/bin/vbutil_kernel + mv -t $$(pwd)/debian/vboot-kernel-utils/usr/bin \ + $$(pwd)/debian/vboot-utils/usr/bin/futility + # vboot_host.pc is useless without the static library (which + # we could install with "make install-dev" but we currently don't) + rm -f debian/vboot-utils/usr/lib/pkgconfig/vboot_host.pc + rmdir --ignore-fail-on-non-empty -p debian/vboot-utils/usr/lib/pkgconfig + rm -f debian/vboot-utils/usr/lib/libvboot_host.a + +override_dh_auto_test: +ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) + make runtests V=1 +endif + +%: + dh $@ diff --git a/source/format b/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/vboot-kernel-utils.install b/vboot-kernel-utils.install new file mode 100644 index 0000000..2b8b30f --- /dev/null +++ b/vboot-kernel-utils.install @@ -0,0 +1,3 @@ +tests/devkeys /usr/share/vboot/ +tests/devkeys-acc /usr/share/vboot/ +tests/devkeys-pkc /usr/share/vboot/ diff --git a/vboot-kernel-utils.manpages b/vboot-kernel-utils.manpages new file mode 100644 index 0000000..d22ecaa --- /dev/null +++ b/vboot-kernel-utils.manpages @@ -0,0 +1,2 @@ +debian/manpages/futility.1 +debian/manpages/vbutil_kernel.1 diff --git a/vboot-utils.manpages b/vboot-utils.manpages new file mode 100644 index 0000000..c42b628 --- /dev/null +++ b/vboot-utils.manpages @@ -0,0 +1 @@ +debian/manpages/crossystem.1 diff --git a/watch b/watch new file mode 100644 index 0000000..1977b1e --- /dev/null +++ b/watch @@ -0,0 +1,4 @@ +version=4 +opts="downloadurlmangle=s|/\+/refs/heads/release-(.*)|/\+archive/refs/heads/release-$1\.tar\.gz|g,uversionmangle=s|^|0~|,filenamemangle=s|.*/release-(.*)$|vboot-utils-$1.tar.gz|" \ +https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+refs \ + https://chromium.googlesource.com/chromiumos/platform/vboot_reference/\+/refs/heads/release-(.*) -- 2.30.2