Skip to content
This repository was archived by the owner on Aug 24, 2022. It is now read-only.

[Don't merge] kernelflinger: Enable logs on user build #120

Open
GangSecurity wants to merge 120 commits into
base: master
Choose a base branch
from
Open

[Don't merge] kernelflinger: Enable logs on user build #120

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
120 commits
Select commit Hold shift + click to select a range
f5b72a3
Correct the rot data passed to keymaster
ceiba1985 Nov 3, 2021
6d30e04
Add boot_patchlevel
Nov 8, 2021
ffdd0ea
Support boot/vendorboot image v4 and bootconfig feature
ceiba1985 Nov 23, 2021
e7e382a
Remove the TPM usage declaration from kernelflinger's Makefile
ceiba1985 Nov 30, 2021
7ae81c4
Enhance to support flash two files together
tingai1 Nov 26, 2021
bbf5e05
Pass attestation_ids to trusty via KM_SET_ATTESTATION_IDS
Dec 16, 2021
fec1376
trusty: trigger vmcall to activate VT-d in eVMM
YadongQi Dec 3, 2021
64a6a5b
support virtual ab ota
ceiba1985 Dec 6, 2021
735d523
Erase userdata partition only once during each boot
GangSecurity May 26, 2022
94db4af
Don't erase userdata partition at the first installation
GangSecurity Jun 7, 2022
9703e1e
Solve issue in command line classification
GangSecurity Jul 2, 2022
19b0039
Added Github Workflows
Jul 20, 2022
20e5881
Fix clang 14 error build error
SaliniVenate Mar 16, 2022
2d5f5d3
Remove C99 flag
SaliniVenate Jun 28, 2022
c3fb4d3
WA - Add definition for pthread_rwlock_t
SaliniVenate May 18, 2022
899b436
Support userdata partition fast erase
GangSecurity Aug 5, 2022
05b542b
Check the value of EpNum before accessing the EpHandles
ceiba1985 Aug 25, 2022
bb42432
Add interaction UI to installer application
GangSecurity Sep 6, 2022
4a43e03
Fix static scan issues
xianju6x Mar 10, 2023
dd03c9f
Fix static scan issues
xianju6x Mar 24, 2023
bf4e66f
Added Github Workflows
Jun 2, 2023
37730e8
Added Github Workflows
Jun 2, 2023
7de1dfc
fastboot: Erase stored rollback slots when status changes.
Jun 15, 2023
a5b4480
Revert "fastboot: Erase stored rollback slots when status changes."
JeevakaPrabu Jul 11, 2023
f709445
fastboot: Erase stored rollback slots when status changes.
Jul 19, 2023
a619a04
Removed Verity Support.
ankithbti52509 May 18, 2023
cac40f7
Resolved Build Error in kernelflinger.
ankithbti52509 May 18, 2023
0e7bc37
Updated CI workflow
iViggyPrabhu Aug 5, 2024
8f60023
Revert "Updated CI workflow"
GangSecurity Aug 18, 2024
d32d53e
Revert "Fix static scan issues"
GangSecurity May 11, 2024
efbbd15
Kernelflinger: Disalbe UI display function
GangSecurity Oct 13, 2021
8c995cf
Added Github Workflows
Apr 25, 2023
c3160b5
Added Github Workflows
Jun 2, 2023
b4b08c7
Added Github Workflows
Jun 2, 2023
cd694e1
Solve no enough memory for string copy issue
GangSecurity Jun 15, 2023
f7dc12b
fastboot: Erase stored rollback slots when status changes.
Jun 15, 2023
30ec1ec
Add SBL support for kernelflinger
GangSecurity May 29, 2023
520240d
Revert "fastboot: Erase stored rollback slots when status changes."
qizhangz Jun 27, 2023
f0021cb
Add prebuilt kernelflinger and installer efi application for SBL
GangSecurity Jul 4, 2023
0774ef6
Enable TPM driver for SBL
GangSecurity Jun 24, 2023
1d769ba
Force kernelflinger to enter into fastboot mode
GangSecurity Jul 18, 2023
536c949
fastboot: Erase stored rollback slots when status changes.
Jul 19, 2023
ce8fa9f
Perform a normal flash for bootloader or bootloader_a/b partition
GangSecurity Aug 14, 2023
9484a1e
Suppress logs output for user build
GangSecurity Aug 15, 2023
862dbce
Support TPM for prebuilt kernelflinger.efi and installer.efi
GangSecurity Aug 28, 2023
396842e
Solve uefi based kernelflinger boots slow issue
GangSecurity Sep 6, 2023
cb5363a
Use get_bootdev_diskbus instead of get_diskbus
GangSecurity Sep 11, 2023
b608ded
Add IVSHMEM support
jingdlu Oct 7, 2023
0ce958d
Update the installer and kernelflinger EFI binary
ceiba1985 Oct 11, 2023
272308d
Support share_data fast erase and modify slot_label behavior
ceiba1985 Oct 25, 2023
0d05174
Fix installer compiling error in ivshmem
jingdlu Oct 26, 2023
8f7fe7c
Pass bootreason from SBL to kernel command line
jiaxuan-guo Oct 26, 2023
8bf6ee2
Support booting from device not on PCI bridge
jiaqingz-dev Oct 31, 2023
6f670d6
Let installer support 'format:f2fs'
ceiba1985 Nov 14, 2023
1a5e75b
Add delay back to tpm
ceiba1985 Nov 16, 2023
bf24860
Disable print for the prebuilt kernelflinger.efi
ceiba1985 Nov 20, 2023
c2c4bff
pass ACRN cmdline parameter from sbl to os
jiaxuan-guo Nov 23, 2023
007d123
Add interrupt trigger for security info passing
jingdlu Nov 9, 2023
789cf83
Add prebuilt kernelflinger and installer images for blizzard_ivi
GangSecurity Nov 16, 2023
44a5b00
Fix size mismatch in snprintf for serialno, add a missing bit
jiaxuan-guo Nov 28, 2023
7ebf59b
OP-TEE: send root of trust via ivshmem driver to optee
syan10 Nov 28, 2023
a15ee7a
Rebase installer.efi to latest for blizzard
GangSecurity Dec 1, 2023
177db67
Forward TPM requests to TEE via ivshmem
yang8621 Dec 5, 2023
34ed385
Remove bootloader partition hash calculation for SBL
GangSecurity Dec 11, 2023
90e7436
Increase TPM pause value
GangSecurity Dec 11, 2023
17d9ebe
KF: update attribute for tpm index
syan10 Dec 20, 2023
6d5d1f9
Add a memdump function without check for NULL source to pull whole ram
jiaxuan-guo Jun 7, 2023
1638b54
Revert "KF: update attribute for tpm index"
syan10 Dec 21, 2023
47be49d
Forward lock-tpm2-owner cmd to TEE
yang8621 Dec 27, 2023
6b40654
Put diskbus to BDF convertion in a separate function
jiaqingz-dev Jan 12, 2024
f2c6c85
Add "secondary_diskbus" option in SBL build
jiaqingz-dev Jan 12, 2024
23e0158
Dynamically support "secondary_diskbus"
jiaqingz-dev Feb 18, 2024
bccf44f
Remove battery and charger mode check
GangSecurity Apr 10, 2024
0df8225
Define interface between firmware and kernelflinger
GangSecurity Apr 12, 2024
7afc610
Fix static scan issues for kernelflinger
xianju6x Mar 20, 2024
09abcde
Pass firmware parameters to OS
GangSecurity Apr 15, 2024
b59451d
Set device as unlocked state by default on userdebug
GangSecurity Dec 5, 2023
6659ded
Support share_data partition fast erase
ceiba1985 Oct 25, 2023
51f7fe4
Add flash support for bootloader a/b slots
ceiba1985 Oct 17, 2023
daeb873
put SBL parameters to the head of commandline
Francesca0901 Apr 30, 2024
2e9435e
Removed Verity Support.
GangSecurity May 13, 2024
637ab45
fix Build Error in kernelflinger.
ankithbti52509 May 16, 2024
2a593b2
Fix compile error which avbtool not found
GangSecurity May 16, 2024
1037896
Solve the 32-bit Integer Multiplication Overflow Issue
GangSecurity Jun 14, 2024
4e169c3
Fix Resource leaks and uninitialized pointer reads
Francesca0901 Jul 5, 2024
f1f8ae6
Fix Resource leaks and 32-bit time_t usage
Francesca0901 Jul 5, 2024
023d5d0
Fix Out-of-bounds access and 32-bit time_t
Francesca0901 Jul 9, 2024
2598d86
Support flash embedded controller FW through fastboot command
GangSecurity Jun 16, 2024
80ceaa7
feat: enable flash fwuImage and fwupdate for sbl
sunausti Aug 17, 2024
a1bfabf
Support flash a GPT partition of VM through fastboot
GangSecurity Aug 17, 2024
41c6d35
Fix Coverity very high issue with medium impact
Francesca0901 Aug 17, 2024
4cccab9
Unify kernelflinger for compatible civ and IVI
GangSecurity Aug 15, 2024
c5ae166
fix unavailable pointer free issue to avoid installer.efi failure
GangSecurity Aug 17, 2024
625bd16
Don't free bootreason since its memory is not dynamic alloced
GangSecurity Aug 17, 2024
1073762
Updated CI workflow
iViggyPrabhu Aug 5, 2024
0f7383f
Make device as unlocked state by default on userdebug build for civ
GangSecurity Aug 22, 2024
60aafc1
Add third-party program for kernelflinger
GangSecurity Aug 26, 2024
7d4c542
Remove the kernel's console parameter if as same kind of SOS command
Francesca0901 Aug 27, 2024
0e7dcb9
Boot device to normal mode if no USB connection
GangSecurity Aug 26, 2024
efa1d7f
Add QNX vdev-shm pci device related info and functions
ceiba1985 Aug 23, 2024
46140c4
Add QNX hypervisor check
ceiba1985 Aug 23, 2024
0592ded
QNX: enable vdev-shm support
ceiba1985 Aug 23, 2024
d875c13
coverity fix for Boot in kernelflinger
AlamIntel Sep 4, 2024
00f370f
coverity fix for Boot in kernelflinger
AlamIntel Sep 6, 2024
3ccc8ea
print rollback index info for verification purpose
GangSecurity Sep 11, 2024
46c040b
Get efiwrapper start point time and pass to android
GangSecurity Sep 10, 2024
7d515e1
coverity issue fix for Boot in kernelflinger
AlamIntel Sep 12, 2024
d53ddd9
Med-coverity issue fix for Boot in kernelflinger
AlamIntel Sep 25, 2024
9ea077a
fix coverity issue for Boot in kernelflinger
xyzhao2018 Sep 24, 2024
7f871eb
Sovle failure while earsing a GPT partition of VM through fastboot
GangSecurity Oct 10, 2024
c4c5e81
Kernelflinger: fastboot crashdump ram to dedicated partition
bhe4 Sep 5, 2024
ab62899
kernelflinger: add the sbl_cd build target
bhe4 Aug 5, 2024
2f9dba5
Fix get boot time overflow issue
GangSecurity Oct 10, 2024
95ba370
fix coverity issue for Boot in kernelflinger
xyzhao2018 Oct 12, 2024
93c2563
Support one kernelflinger image for multi VMs
GangSecurity Oct 11, 2024
953f01f
solve CIV installation slow issue
GangSecurity Oct 15, 2024
7142a51
Get root of trust from tee TPM
GangSecurity Oct 21, 2024
fc32d32
fix coverity issue for Boot in kernelflinger - 2
xyzhao2018 Oct 21, 2024
a2d5981
Remove set device as unlocked state in userdebug build
GangSecurity Oct 22, 2024
b8ec7c1
Support fastboot reboot bootloader command
GangSecurity Oct 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 68 additions & 0 deletions .github/workflows/ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
name: CI Workflow

on:
pull_request_target:
types: "*"
branches: "**"
permissions: read-all

jobs:
Trigger_Workflows:
runs-on: ubuntu-latest
name: CI Workflow
steps:
- name: Get Token
run: |
retries=3
while [ $retries -gt 0 ]; do
if RESPONSE=$(curl --silent --location "${{ secrets.CLIENT_TOKEN_URL }}" \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode "client_id=${{ secrets.CLIENT_ID }}" \
--data-urlencode "client_secret=${{ secrets.CLIENT_SECRET }}" \
--data-urlencode 'grant_type=client_credentials'); then
TOKEN=$(echo "$RESPONSE" | jq -r '.access_token')
if [ -n "$TOKEN" ]; then
echo "TOKEN=$TOKEN" >> $GITHUB_ENV
break
else
echo "Error: Failed to parse access token from response"
fi
else
echo "Error: Request to get token failed"
fi
retries=$((retries-1))
sleep 1
done

if [ $retries -eq 0 ]; then
echo "Error: Failed to retrieve access token after multiple retries"
exit 1
fi



- name: Trigger Build with Event
if: success()
env:
TOKEN: ${{ env.TOKEN }}
run: |
EVENT_DATA='${{ toJSON(github.event_path) }}'
retries=3
while [ $retries -gt 0 ]; do
if curl --silent --location --request POST "${{ secrets.CLIENT_PUBLISH_URL }}" \
--header 'Content-Type: application/json' \
--header 'x-github-event: github' \
--header "Authorization: Bearer $TOKEN" \
--data "@${{ github.event_path }}"; then
break
else
echo "Error: Failed to trigger build"
fi
retries=$((retries-1))
sleep 1
done

if [ $retries -eq 0 ]; then
echo "Error: Failed to trigger build after multiple retries"
exit 1
fi
96 changes: 96 additions & 0 deletions .github/workflows/publish_review_event.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
name: Publish Review Event

on:
workflow_run:
workflows: ["Store_Review_Event"]
types:
- completed
permissions: read-all

jobs:
fetch_and_process:
runs-on: ubuntu-latest
steps:
- name: 'Download artifact'
uses: actions/github-script@v6
with:
script: |
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id,
});
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
return artifact.name == "eventjson"
})[0];
let download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
let fs = require('fs');
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/eventjson.zip`, Buffer.from(download.data));

- name: 'Unzip artifact'
run: |
ls
unzip eventjson.zip

- name: Get Token
run: |
retries=3
while [ $retries -gt 0 ]; do
if RESPONSE=$(curl --silent --location "${{ secrets.CLIENT_TOKEN_URL }}" \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode "client_id=${{ secrets.CLIENT_ID }}" \
--data-urlencode "client_secret=${{ secrets.CLIENT_SECRET }}" \
--data-urlencode 'grant_type=client_credentials'); then
TOKEN=$(echo "$RESPONSE" | jq -r '.access_token')
if [ -n "$TOKEN" ]; then
echo "TOKEN=$TOKEN" >> $GITHUB_ENV
break
else
echo "Error: Failed to parse access token from response"
fi
else
echo "Error: Request to get token failed"
fi
retries=$((retries-1))
sleep 1
done

if [ $retries -eq 0 ]; then
echo "Error: Failed to retrieve access token after multiple retries"
exit 1
fi



- name: Trigger Build with Event
if: success()
env:
TOKEN: ${{ env.TOKEN }}
run: |

EVENT_DATA=$(cat event.json)

retries=3
while [ $retries -gt 0 ]; do
if curl --silent --location --request POST "${{ secrets.CLIENT_PUBLISH_URL }}" \
--header 'Content-Type: application/json' \
--header 'x-github-event: github' \
--header "Authorization: Bearer $TOKEN" \
--data "$EVENT_DATA"; then
break
else
echo "Error: Failed to trigger build"
fi
retries=$((retries-1))
sleep 1
done

if [ $retries -eq 0 ]; then
echo "Error: Failed to trigger build after multiple retries"
exit 1
fi
18 changes: 18 additions & 0 deletions .github/workflows/store_review_event.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: Store_Review_Event

on:
pull_request_review:
types: "**"
permissions: read-all

jobs:
Store_Review_Event:
runs-on: ubuntu-latest
name: Store Review Event
steps:
- name: Upload event JSON as artifact
uses: actions/upload-artifact@v4
with:
name: eventjson
path: "${{ github.event_path }}"
retention-days: 7
Loading