From patchwork Sat Jul 18 20:51:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brian Norris X-Patchwork-Id: 1331611 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=BeASmQfh; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=ZcS5R7KN; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4B8Kwx5cZsz9sRR for ; Sun, 19 Jul 2020 06:54:25 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=3lvqP3aKXU7ySrYlh1E+X8vZU/xsx591FNXtnzuFeCY=; b=BeASmQfhioS9t78VN70xzfHpqW Rrj9TsprR3f3mjqk4PVyErfH+Yg1GCEeza1h9/nFF+5lrj09Fuvr14z9qw5Yish4BVyIlDZfcHVh3 SGopLaXjfHYTVTzlBjY5I5XB6bEqK+lttfnh2QaHSwiLuYNFV+NUdWk7axU71zydEHk1gFtRwslPM Xhj24bHDmMEh3Wu5GCSo+2bN0H1xSywdJdJpYbY29+4w7jwtf/k22gzJEYmYeACdnuYxn2xew6wOE fPMgzNU82fnM5JcpiAosSs0M+CIsI9Q5yzdBHco6kCb8aJWfbGbZzOO5lYKFRiVnHWFh0OnEZ+taZ W+82zAfg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jwtpL-0002ty-8q; Sat, 18 Jul 2020 20:52:59 +0000 Received: from mail-pl1-x642.google.com ([2607:f8b0:4864:20::642]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jwtpI-0002t1-6S for openwrt-devel@lists.openwrt.org; Sat, 18 Jul 2020 20:52:57 +0000 Received: by mail-pl1-x642.google.com with SMTP id x9so6901078plr.2 for ; Sat, 18 Jul 2020 13:52:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Bi16E0QsZDxZSh92gT2xHXBhcLGs0CcPvKEWj319bIU=; b=ZcS5R7KNwZQ28TvXVfCVfDH0sOlqZAc6ipIKkh1F2cGYue/J/nmC4hA1DRIBFRRKpq /pHr3/mfUtYJWnshvEdmbkKZiskUrNtHkAYlQl0sT6Kz+aBB8dpEA+tU1GvniaQzRBa0 CELtAqhQXStcFgt7LNzoxaaT/gFctM7ne1GPZJO4AWActQUqLI11r2B8J0+Zdbnn+Ml0 qqHk9jW9NRZXUuO+9YWCi0fsXaiUNYDUIWQsx1FoE7zY47GhqjNbV3q5J7aoITiL1lu5 FUOj3Jw/KzyMlm7UsTxgzz6NqdxT61dddIfZDWJlA7SLy5gQpec0melOv7+E1q0i13Uh 3lbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Bi16E0QsZDxZSh92gT2xHXBhcLGs0CcPvKEWj319bIU=; b=UQtS3mlpfDnX6LiqewLn1X9rit6FWldnqWU0p5U1dWh4W34D3CWV4IkpYlxOanNjED ZUvTkWpH3zaXiBLirZ2NJmv2N1DXk77zxPUN0Kr9pPC/H4DO6Varb+9SmwlkxS/tV50A MMazD+/sS2chimI38//BpS/FlxIWCqosdDKTgb+sN7/IZ1UdtWrRMTgksQorT0MQLAAs UXErqPgLH2mES6a0EJmAQQG9HN/02RlqNYl1EK8w1mrEaFdXOFykKOdTNjpjYhjTw/fJ R7K6S5aCSe1ailfrrKZeUw7aLuFxmk1SB+oXdv5vVxhW+GiaebUj0gP//wPcmZL3WAO1 rLew== X-Gm-Message-State: AOAM532NW+dlCGQqevInEYugT/Fp2QAOPHfoJJUdokbsUhtWucYCgN9Q W4OtUYQTqanvHc8Gy0zoLUGPujX7mBk= X-Google-Smtp-Source: ABdhPJzrwvsUbV3ga76FeHNSq6+RmjBLJSpCWcCfhXk3Ps7lPGYVQHebAMnqbxNkHskb0kN7OI52uA== X-Received: by 2002:a17:902:a389:: with SMTP id x9mr12295041pla.63.1595105572708; Sat, 18 Jul 2020 13:52:52 -0700 (PDT) Received: from localhost ([2601:647:5800:8d47:9eef:d5ff:fefc:64ae]) by smtp.gmail.com with ESMTPSA id j11sm11130144pfn.38.2020.07.18.13.52.51 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 18 Jul 2020 13:52:52 -0700 (PDT) From: Brian Norris To: openwrt-devel@lists.openwrt.org Subject: [RFC PATCH 0/5] Add support for Chromium OS and Google WiFi Date: Sat, 18 Jul 2020 20:51:43 +0000 Message-Id: <20200718205148.1743807-1-computersforpeace@gmail.com> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200718_165256_357168_AC4E6974 X-CRM114-Status: GOOD ( 18.94 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:642 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [computersforpeace[at]gmail.com] -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brian Norris Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Hi, This series adds support for both Chromium OS (or particularly, its kernel-payload signing and disk layout) and for a device using it (the first generation Google WiFi). Google WiFi (code-named "Gale") is an IPQ4019-based AP. Its hardware is decently supported by the existing ipq40xx target -- see patch 5 for more notes. Notably missing: reboot does not work properly -- I have some separate TrustZone/SCM-related patches I'd like to clean up to enable this later. The "RFC" is mostly for the first part of the series: supporting the verified boot payload utilities and disk layout needed for building images that can be booted by Gale's bootloader (or by other Chromium OS systems). Chromium OS (the open-source OS on which Google builds its Chrome OS) -- "CrOS" for short -- typically boots via Coreboot, plus Depthcharge as a second stage. Such bootloaders utilize a verified boot toolkit [1] to verify each subsequent stage. Of note: 1. The kernel should be placed in a GPT partition with a custom "Chrome OS kernel" GUID type and a few custom flags (to manage the A/B OS updates employed by Chromium OS). CrOS vboot provides the `cgpt` utility for creating and managing such partitions. 2. That partition should hold a vboot payload, signed and packaged per the format documented and implemented at [1]. Using the vboot utilities, this involves the `vbutil_kernel --pack ...` command. My main questions are: (a) How should we establish this custom partition layout (i.e., #1)? In this series, I extend OpenWRT's ptgen to help customize partition types, instead of packaging vboot's `cgpt`. (b) How should we package and sign kernels (#2)? In this series, I adapt and reimplement the `vbutil_kernel` command as a custom `cros-vbutil` utility, rather than packaging Google's utility. (c) How should this integrate into the ipq40xx target? In this series, I add kernel and rootfs partition-size parameters, but it's not clear to me if this fits well into the existing ipq40xx target, or if it should be done differently. For some alternatives (especially on (b)), I did package futility/vbutil_kernel here: https://github.com/openwrt/packages/pull/12829 I could adapt this into tools/ instead, so OpenWRT doesn't have to carry my re-implementation. This would carry some extra build complexity, as the vboot tools are >10,000 lines of code, compared to my reimplementation of a few hundred lines. The library dependencies are similar (mostly just crypto/ssl, and potentially libuuid (for GPT)), as the vboot project tries to keep the code semi-portable / reusable. Packaging the vboot utilities might give us some future flexibility, if the formats grow and change for future systems. So far, I think the format has been pretty stable. Also, there are potentially some quirks I missed in my port related the ${ARCH} -- I ported the ARM support, but there may be some small tweaks I missed that are applicable only to x86 systems. For (c): adding this to the common ipq40xx target means that there will be a new CONFIG_TARGET_KERNEL_PARTSIZE and CONFIG_TARGET_ROOTFS_PARTSIZE, which are only applicable to a single device but are present for all: FEATURES:=boot-part rootfs-part Is this reason for a new subtarget? Anyway, this is a working device port as-is, so feel free to take a look even if you don't have opinions on any of my "RFC" questions! Regards, Brian [1] https://chromium.googlesource.com/chromiumos/platform/vboot_reference Brian Norris (5): firmware-utils/ptgen: add Chromium OS kernel partition support firmware-utils/cros-vbutil: add Chrome OS vboot kernel-signing utility image-commands: support Chromium OS image-type creation ipq40xx: add open-drain support to pinctrl-msm ipq40xx: add target for Google WiFi (Gale) include/image-commands.mk | 17 + scripts/gen_image_vboot.sh | 29 + target/linux/ipq40xx/Makefile | 2 +- .../ipq40xx/base-files/etc/board.d/02_network | 1 + .../base-files/lib/upgrade/platform.sh | 13 + .../arm/boot/dts/qcom-ipq4019-gale-v2.dts | 402 ++++++++++++ target/linux/ipq40xx/image/Makefile | 14 + .../090-pinctrl-msm-open-drain.patch | 90 +++ .../901-arm-boot-add-dts-files.patch | 3 +- tools/firmware-utils/Makefile | 1 + tools/firmware-utils/src/cros-vbutil.c | 609 ++++++++++++++++++ tools/firmware-utils/src/ptgen.c | 39 +- 12 files changed, 1215 insertions(+), 5 deletions(-) create mode 100755 scripts/gen_image_vboot.sh create mode 100644 target/linux/ipq40xx/files/arch/arm/boot/dts/qcom-ipq4019-gale-v2.dts create mode 100644 target/linux/ipq40xx/patches-5.4/090-pinctrl-msm-open-drain.patch create mode 100644 tools/firmware-utils/src/cros-vbutil.c