From patchwork Sat Jul 18 20:51:44 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Brian Norris <computersforpeace@gmail.com>
X-Patchwork-Id: 1331614
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org
 (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org;
 envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=merlin.20170209 header.b=orjIfKeT;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20161025 header.b=F/b8xQ1A;
	dkim-atps=neutral
Received: from merlin.infradead.org (merlin.infradead.org
 [IPv6:2001:8b0:10b:1231::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4B8KxQ4c60z9sR4
	for <incoming@patchwork.ozlabs.org>; Sun, 19 Jul 2020 06:54:50 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding:
	Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive:
	List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date:
	Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	 bh=UBmlE/8lnTwT2UiYYBXBeo9pS5hl3/6aghS+lapS6Ug=; b=orjIfKeTVHtuAblE8Xc3Ql6P5
	SvUOreMxRVcphtIg+Hhy7ebX2zPSO0ySQA6r3TGDBQgWucf737VMlGpeJvhxWBHwWQ4Lg2nbt4xTp
	7N/WDrX2KPk2qjqF0xjlonZ/oyO8jQDGfNGZlrGPX2M9gFayCul5ASRq5dgTrvLlzvE8PpqmV1kde
	P7KsArFfSuahz0DfudJGynTQGOxyXHvX01tDZ8xfnTuZtdNfZIGKSpi9NTjaDGbfZjr5Zn1Kae71w
	FonyDCp76Nl78ahg99S5+fRNJsRZD1she+O5GB22EP1EaAwnBuNdzzEFXm1zmiJDClOOpWnD+nxx9
	XqtD/G1dw==;
Received: from localhost ([::1] helo=merlin.infradead.org)
	by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux))
	id 1jwtpM-0002uO-W1; Sat, 18 Jul 2020 20:53:01 +0000
Received: from mail-pf1-x443.google.com ([2607:f8b0:4864:20::443])
 by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux))
 id 1jwtpI-0002t2-Px
 for openwrt-devel@lists.openwrt.org; Sat, 18 Jul 2020 20:52:57 +0000
Received: by mail-pf1-x443.google.com with SMTP id s26so7077150pfm.4
 for <openwrt-devel@lists.openwrt.org>; Sat, 18 Jul 2020 13:52:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=8tIwoeb1oDZsUtStlDhKczuaw83SeS1i+RbB3syvQq0=;
 b=F/b8xQ1AK5IUSX+JhfvMhHt9fCIgXzyISz1ufq3TMB3CZDHtjLuNUPGmuiFYFz4vKv
 pU8t4DODA52X/3w6TI2crkOg5FWz3jjBSdvdAUy57zs0y9Y9eNQ+8BbI944H4VUmqUg0
 iaoLAbJD9Y59QrY2dRGKIb+lQYWqiZ2KyPJ9D6X3Gcv1eXm6up7Z4eDltX8zKfQFcLWx
 Fs27VkcLb8hPb4jk1Bptcf04yRXMS8F+pz98EX47qLzzAk4TYF5ik0TxgoAOyh0qDny0
 T3OzdZfOHEsGY+8iaM1gGAyms/VbgSJqPti+PUs2V/QAFL49DIoa7jO4fAhEFPAg9KeL
 mRMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=8tIwoeb1oDZsUtStlDhKczuaw83SeS1i+RbB3syvQq0=;
 b=h8SugryX5cGvd/6Pgko9qJSAH9D+T2wCTW95LXWrEqtcf1eurG7LdX6hgqSYnyXmth
 z3/tNYOHWsrb5pERkcUmQ0Qy6BRTvPqPm5TqW3/M2DEHR1OAmZtp8W6nuxC31UDcTp+G
 cBf3Orwovjn+CW7UFJkm061lpdlTBoyakjuGIWTwV0lIU8Gdt2oA/aJJOimafwePI4fA
 x3Y+2ZqLZOkGg87LovKShN2AaFCjwFbMVD8aiblyLfXatDzXQPaKi9dQlUtX8LrO1mRT
 wc7LZyg9fehH+Ft2nQQ4cbtTugYpHcsn1C505hZGeaaC0dNwby87X1zUSZhN7ei3tXGs
 dbYQ==
X-Gm-Message-State: AOAM533P9je70/CtfawPWm9n2tihX5lBZjRAis9Y1gvBrFjKMZwDS2MR
 V1Cgq5pEWdnpV1BlbNDEeeyzq2LteiM=
X-Google-Smtp-Source: 
 ABdhPJzBuRzZy1Bqi+ZkqIUjV4Ax/F9jOieW+E6KLzsXo73I63mavVaja1w9V/4my7h1XZb2c3ri2g==
X-Received: by 2002:a62:788d:: with SMTP id
 t135mr12371636pfc.315.1595105574106;
 Sat, 18 Jul 2020 13:52:54 -0700 (PDT)
Received: from localhost ([2601:647:5800:8d47:9eef:d5ff:fefc:64ae])
 by smtp.gmail.com with ESMTPSA id t187sm11082018pgb.76.2020.07.18.13.52.53
 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
 Sat, 18 Jul 2020 13:52:53 -0700 (PDT)
From: Brian Norris <computersforpeace@gmail.com>
To: openwrt-devel@lists.openwrt.org
Subject: [RFC PATCH 1/5] firmware-utils/ptgen: add Chromium OS kernel
 partition support
Date: Sat, 18 Jul 2020 20:51:44 +0000
Message-Id: <20200718205148.1743807-2-computersforpeace@gmail.com>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <20200718205148.1743807-1-computersforpeace@gmail.com>
References: <20200718205148.1743807-1-computersforpeace@gmail.com>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20200718_165256_933824_7924E364 
X-CRM114-Status: GOOD (  17.46  )
X-Spam-Score: -0.2 (/)
X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary:
 Content analysis details:   (-0.2 points)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [2607:f8b0:4864:20:0:0:0:443 listed in]
 [list.dnswl.org]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider [computersforpeace[at]gmail.com]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Cc: Brian Norris <computersforpeace@gmail.com>
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

Chrom{ium,e} OS (shortened as "CrOS") bootloaders use a custom GPT
partition type to locate their kernel(s), with custom attributes for
noting properties around which partition(s) should be active and how
many times they've been tried as part of their A/B in-place upgrade
system.

OpenWRT doesn't use A/B updates for upgrades (instead, just shutting
things down far enough to reprogram the necessary partitions), so all we
need to do is tell the bootloader which one is the kernel partition, and
how to use it (i.e., set the "successful" and "priority" attributes).

ptgen already supports some basic GPT partition creation, so just
add support for a '-T <GPT partition type>' argument. Currently, this
only supports '-T cros_kernel', but it could be extended if there are
other GPT partition types needed.

For GPT attribute and GUID definitions, see the CrOS verified boot
sources:

https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/refs/heads/master/firmware/lib/cgptlib/include/cgptlib_internal.h
https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/refs/heads/master/firmware/include/gpt.h

The GUID is also recognized in fdisk, and likely other utilities, but
creation/manipulation is typically done via the 'cgpt' utility, provided
as part of the vboot_reference project.

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
---
 tools/firmware-utils/src/ptgen.c | 39 +++++++++++++++++++++++++++++---
 1 file changed, 36 insertions(+), 3 deletions(-)

diff --git a/tools/firmware-utils/src/ptgen.c b/tools/firmware-utils/src/ptgen.c
index 223ee295611f..bc1da6d64061 100644
--- a/tools/firmware-utils/src/ptgen.c
+++ b/tools/firmware-utils/src/ptgen.c
@@ -80,6 +80,10 @@ typedef struct {
 	GUID_INIT( 0x21686148, 0x6449, 0x6E6F, \
 			0x74, 0x4E, 0x65, 0x65, 0x64, 0x45, 0x46, 0x49)
 
+#define GUID_PARTITION_CHROME_OS_KERNEL \
+	GUID_INIT( 0xFE3A2A5D, 0x4F32, 0x41A7, \
+			0xB7, 0x25, 0xAC, 0xCC, 0x32, 0x85, 0xA3, 0x09)
+
 #define GPT_HEADER_SIZE         92
 #define GPT_ENTRY_SIZE          128
 #define GPT_ENTRY_MAX           128
@@ -109,6 +113,9 @@ struct partinfo {
 	unsigned long start;
 	unsigned long size;
 	int type;
+	bool has_gtype;
+	guid_t gtype;  /* GPT partition type */
+	uint64_t gattr;  /* GPT partition attributes */
 };
 
 /* GPT Partition table header */
@@ -248,6 +255,19 @@ static inline int guid_parse(char *buf, guid_t *guid)
 	return 0;
 }
 
+/* Map GPT partition types to partition GUIDs. */
+static inline bool parse_gpt_parttype(const char *type, struct partinfo *part)
+{
+	if (!strcmp(type, "cros_kernel")) {
+		part->has_gtype = true;
+		part->gtype = GUID_PARTITION_CHROME_OS_KERNEL;
+		part->gattr = (1ULL << 48) |  /* priority=1 */
+			      (1ULL << 56);  /* success=1 */
+		return true;
+	}
+	return false;
+}
+
 /* init an utf-16 string from utf-8 string */
 static inline void init_utf16(char *str, uint16_t *buf, unsigned bufsize)
 {
@@ -396,12 +416,15 @@ static int gen_gptable(uint32_t signature, guid_t guid, unsigned nr)
 		gpte[i].end = cpu_to_le64(sect -1);
 		gpte[i].guid = guid;
 		gpte[i].guid.b[sizeof(guid_t) -1] += i + 1;
-		if (parts[i].type == 0xEF || (i + 1) == (unsigned)active) {
+		if (parts[i].has_gtype) {
+			gpte[i].type = parts[i].gtype;
+		} else if (parts[i].type == 0xEF || (i + 1) == (unsigned)active) {
 			gpte[i].type = GUID_PARTITION_SYSTEM;
 			init_utf16("EFI System Partition", (uint16_t *)gpte[i].name, GPT_ENTRY_NAME_SIZE / sizeof(uint16_t));
 		} else {
 			gpte[i].type = GUID_PARTITION_BASIC_DATA;
 		}
+		gpte[i].attr = parts[i].gattr;
 
 		if (verbose)
 			fprintf(stderr, "Partition %d: start=%" PRIu64 ", end=%" PRIu64 ", size=%"  PRIu64 "\n",
@@ -498,7 +521,9 @@ fail:
 
 static void usage(char *prog)
 {
-	fprintf(stderr, "Usage: %s [-v] [-n] [-g] -h <heads> -s <sectors> -o <outputfile> [-a 0..4] [-l <align kB>] [-G <guid>] [[-t <type>] -p <size>[@<start>]...] \n", prog);
+	fprintf(stderr, "Usage: %s [-v] [-n] [-g] -h <heads> -s <sectors> -o <outputfile>\n"
+			"          [-a 0..4] [-l <align kB>] [-G <guid>]\n"
+			"          [[-t <type> | -T <GPT part type>] -p <size>[@<start>]...] \n", prog);
 	exit(EXIT_FAILURE);
 }
 
@@ -512,7 +537,7 @@ int main (int argc, char **argv)
 	guid_t guid = GUID_INIT( signature, 0x2211, 0x4433, \
 			0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0x00);
 
-	while ((ch = getopt(argc, argv, "h:s:p:a:t:o:vngl:S:G:")) != -1) {
+	while ((ch = getopt(argc, argv, "h:s:p:a:t:T:o:vngl:S:G:")) != -1) {
 		switch (ch) {
 		case 'o':
 			filename = optarg;
@@ -560,6 +585,14 @@ int main (int argc, char **argv)
 		case 'S':
 			signature = strtoul(optarg, NULL, 0);
 			break;
+		case 'T':
+			if (!parse_gpt_parttype(optarg, &parts[part])) {
+				fprintf(stderr,
+					"Invalid GPT partition type \"%s\"\n",
+					optarg);
+				exit(EXIT_FAILURE);
+			}
+			break;
 		case 'G':
 			if (guid_parse(optarg, &guid)) {
 				fputs("Invalid guid string\n", stderr);