From patchwork Sun Jan 17 03:07:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brian Norris X-Patchwork-Id: 1427678 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=XXMIv2vk; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=Rd2rgITX; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DJKfN0h7tz9sWT for ; Sun, 17 Jan 2021 14:10:04 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=eia+u3fEVh72du4MYtpQBBSUVTwms5giUf38uYV+3jw=; b=XXMIv2vkF3YJdysvoF+VlQ2Lk4 rEBznlMVjYhN+5GZv263WBE3vghHstfe8r8GjeVkH+7rtWGgXTgFWvNDdwpKWOy4NEvYiJqJx6aSs PoO3gRN5tQ7rVvJCNNXOvFaMrtakCHbWKK6o2ZTfurb6KgBQ4zMhar2tM3lCMkiMO8joNSCsn6VRG gu0AAp313iUdRnYLon0aRcmWWrFGWMZ3x+YCK2g5jY6E7Dz6N9D0ZlnajUGybgEkWBc7hWuCAG2sK K2N12KCryUyISzGVgvYUDTOkS/vhlOf16X5q7u5+jOZ4aUzo8qD/C387P1fcwTUuuWimbuzWb6qYH ogoFUlnw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1l0yPY-00046e-GJ; Sun, 17 Jan 2021 03:07:28 +0000 Received: from mail-pj1-x1033.google.com ([2607:f8b0:4864:20::1033]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1l0yPS-00045y-OU for openwrt-devel@lists.openwrt.org; Sun, 17 Jan 2021 03:07:24 +0000 Received: by mail-pj1-x1033.google.com with SMTP id my11so7021690pjb.1 for ; Sat, 16 Jan 2021 19:07:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=zxws/gsIKDBlcIgVR1UDBBnFkGCPEASoW13sNiOy/O8=; b=Rd2rgITXjM6Tvpb5jw89l71GsAK8d8ssXDw+i7Hmad0qb1QNh1vM2fOFdw8gJZyrzH zUwC1TJ4PgZdPkCJfAhHO1JjyUSVhQu324eLWJImMJIVAt+osEjJ7kjNW3FFJgmG7tA1 aVJqVQ9E21WaOdPHD+iOVHNRF+yeUhFJZrz1fsKck9ARXBW2EBjz8zorUSPGb57YG6rE W76ZRgNR0l0UXOdr4qakshB+cfZPAzfD46/41Hu2FDsqIulRrLVcluj36tzpaFBb0knG 99D4X6TA2VWVWL+v2oduXKdmka7ux9K1uYE6uNWWOjwuklK8R1iMbklqZDzGuMEoOwJh mIOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=zxws/gsIKDBlcIgVR1UDBBnFkGCPEASoW13sNiOy/O8=; b=XIxO8UK0KjEghxiB5O5S458IMw+eF+BdAgnv/0qbJV/YiVQoaBgwT6HflRcJNyRb8W 3hZq4AsYs0HFkMkT5y90EXqpALI4VoLHHt0/i1W6eVpPxrTb0v2M5uwLw5IKWYHDqMvg RfSO71N/fjzq8kUunJBmfBiulsDtBuFamQwT7j1JnlDAcjOkna9y5DQJpyl0sZCxy5rV Z5EuYeRlseLH9IpjYUlJc6Zh1p1JEgI6EZSiREfevgTIzC9etRgGizXJbc8Sq4tm4Azm Rq7sCtRaj0tTow59xyBm52ULiQWjK55veMYsc2JWpz/+yNOYQrxso2uNllf62saWnTNg yIHQ== X-Gm-Message-State: AOAM530Amkw2qWqBQRkHvCq3hV8yKh5NnZGAAAa2kkdubaC02+z0WH9Y JBKQuKKAaDFRs7RDS/oW5VYHNfgPVhM= X-Google-Smtp-Source: ABdhPJx2Mj4RKifPdxAZRZc8HA0p31PLMxdN+IQB1xaMxPXum4m0RJEO59lOqSUtxj6IkadbhSOnHQ== X-Received: by 2002:a17:902:b116:b029:dc:c93:1d6b with SMTP id q22-20020a170902b116b02900dc0c931d6bmr19706720plr.22.1610852838489; Sat, 16 Jan 2021 19:07:18 -0800 (PST) Received: from localhost ([2601:647:5800:2ac5:9eef:d5ff:fefc:64ae]) by smtp.gmail.com with ESMTPSA id b2sm12175717pff.79.2021.01.16.19.07.17 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 16 Jan 2021 19:07:17 -0800 (PST) From: Brian Norris To: openwrt-devel@lists.openwrt.org Subject: [PATCH v2 0/4] Add support for Chromium OS and Google WiFi Date: Sat, 16 Jan 2021 19:07:02 -0800 Message-Id: <20210117030707.1251501-1-computersforpeace@gmail.com> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210116_220722_846571_0C7C1911 X-CRM114-Status: GOOD ( 20.91 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [computersforpeace[at]gmail.com] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1033 listed in] [list.dnswl.org] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brian Norris Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Hi, This series adds support for both Chromium OS (or particularly, its kernel-payload signing and disk layout) and for a device using it (the first generation Google WiFi). Google WiFi (code-named "Gale") is an IPQ4019-based AP. Its hardware is decently supported by the existing ipq40xx target -- see patch 4 for more notes. Notably missing: reboot does not work properly -- I have some separate TrustZone/SCM-related patches I'd like to clean up to enable this later. I sent v1 as an "RFC" here: http://patchwork.ozlabs.org/project/openwrt/patch/20200718205148.1743807-6-computersforpeace@gmail.com/ and since I got only mechanical feedback for the last patch, I'm now sending a non-RFC. I leave some notes about my implementation choices below, for reference. Changes since v1: * 1 patch was already merged * patch 4 is rebased, improved (see patch 4 for notes) Chromium OS (the open-source OS on which Google builds its Chrome OS) -- "CrOS" for short -- typically boots via Coreboot, plus Depthcharge as a second stage. Such bootloaders utilize a verified boot toolkit [1] to verify each subsequent stage. Of note: 1. The kernel should be placed in a GPT partition with a custom "Chrome OS kernel" GUID type and a few custom flags (to manage the A/B OS updates employed by Chromium OS). CrOS vboot provides the `cgpt` utility for creating and managing such partitions. 2. That partition should hold a vboot payload, signed and packaged per the format documented and implemented at [1]. Using the vboot utilities, this involves the `vbutil_kernel --pack ...` command. I chose: (a) To extend OpenWRT's ptgen to help customize partition types, instead of packaging vboot's `cgpt`. (b) To adapt and reimplement the `vbutil_kernel` command as a custom `cros-vbutil` utility, rather than packaging Google's utility. (c) To add kernel and rootfs partition-size parameters (for customizing my GPT), but it's not clear to me if this fits well into the existing ipq40xx target, or if it should be done differently. For some alternatives (especially on (b)), I did package futility/vbutil_kernel here: https://github.com/openwrt/packages/pull/12829 I could adapt this into tools/ instead, so OpenWRT doesn't have to carry my re-implementation. This would carry some extra build complexity, as the vboot tools are >10,000 lines of code, compared to my reimplementation of a few hundred lines. The library dependencies are similar (mostly just crypto/ssl, and potentially libuuid (for GPT)), as the vboot project tries to keep the code semi-portable / reusable. Packaging the vboot utilities might give us some future flexibility, if the formats grow and change for future systems. So far, I think the format has been pretty stable. Also, there are potentially some quirks I missed in my port related the ${ARCH} -- I ported the ARM support, but there may be some small tweaks I missed that are applicable only to x86 systems. For (c): adding this to the common ipq40xx target means that there will be a new CONFIG_TARGET_KERNEL_PARTSIZE and CONFIG_TARGET_ROOTFS_PARTSIZE, which are only applicable to a single device but are present for all: FEATURES:=boot-part rootfs-part Regards, Brian [1] https://chromium.googlesource.com/chromiumos/platform/vboot_reference Brian Norris (4): firmware-utils/ptgen: add Chromium OS kernel partition support firmware-utils/cros-vbutil: add Chrome OS vboot kernel-signing utility image-commands: support Chromium OS image-type creation ipq40xx: add target for Google WiFi (Gale) include/image-commands.mk | 18 + .../base-files/files/lib/upgrade/common.sh | 4 +- scripts/gen_image_vboot.sh | 36 ++ target/linux/ipq40xx/Makefile | 2 +- .../ipq40xx/base-files/etc/board.d/02_network | 1 + .../base-files/lib/upgrade/platform.sh | 16 + .../arch/arm/boot/dts/qcom-ipq4019-wifi.dts | 402 ++++++++++++ target/linux/ipq40xx/image/Makefile | 13 + .../901-arm-boot-add-dts-files.patch | 3 +- tools/firmware-utils/Makefile | 1 + tools/firmware-utils/src/cros-vbutil.c | 609 ++++++++++++++++++ tools/firmware-utils/src/ptgen.c | 39 +- 12 files changed, 1138 insertions(+), 6 deletions(-) create mode 100755 scripts/gen_image_vboot.sh create mode 100644 target/linux/ipq40xx/files/arch/arm/boot/dts/qcom-ipq4019-wifi.dts create mode 100644 tools/firmware-utils/src/cros-vbutil.c