Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

make kernelflinger compatible for civ and ivi #151

Closed
wants to merge 67 commits into from
Closed

make kernelflinger compatible for civ and ivi #151

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
67 commits
Select commit Hold shift + click to select a range
3a3844b
Revert "Updated CI workflow"
GangSecurity Aug 18, 2024
670f183
Revert "Fix static scan issues"
GangSecurity May 11, 2024
dd1130c
Kernelflinger: Disalbe UI display function
GangSecurity Oct 13, 2021
c826c98
Added Github Workflows
Apr 25, 2023
ac66f71
Added Github Workflows
Jun 2, 2023
5d773ff
Added Github Workflows
Jun 2, 2023
0de4eaa
Solve no enough memory for string copy issue
GangSecurity Jun 15, 2023
1aac096
fastboot: Erase stored rollback slots when status changes.
Jun 15, 2023
ba5030d
Add SBL support for kernelflinger
GangSecurity May 29, 2023
9f4e4ff
Revert "fastboot: Erase stored rollback slots when status changes."
qizhangz Jun 27, 2023
6ac28f1
Add prebuilt kernelflinger and installer efi application for SBL
GangSecurity Jul 4, 2023
3e52769
Enable TPM driver for SBL
GangSecurity Jun 24, 2023
71e7037
Force kernelflinger to enter into fastboot mode
GangSecurity Jul 18, 2023
ae40591
fastboot: Erase stored rollback slots when status changes.
Jul 19, 2023
64fc50c
Perform a normal flash for bootloader or bootloader_a/b partition
GangSecurity Aug 14, 2023
0b53440
Suppress logs output for user build
GangSecurity Aug 15, 2023
0bd36bb
Support TPM for prebuilt kernelflinger.efi and installer.efi
GangSecurity Aug 28, 2023
273d94c
Solve uefi based kernelflinger boots slow issue
GangSecurity Sep 6, 2023
805195c
Use get_bootdev_diskbus instead of get_diskbus
GangSecurity Sep 11, 2023
086a1eb
Add IVSHMEM support
jingdlu Oct 7, 2023
a9afb5b
Update the installer and kernelflinger EFI binary
ceiba1985 Oct 11, 2023
b0815da
Support share_data fast erase and modify slot_label behavior
ceiba1985 Oct 25, 2023
8b0fac4
Fix installer compiling error in ivshmem
jingdlu Oct 26, 2023
1da6811
Pass bootreason from SBL to kernel command line
jiaxuan-guo Oct 26, 2023
5bcc584
Support booting from device not on PCI bridge
jiaqingz-intel Oct 31, 2023
f9aa767
Let installer support 'format:f2fs'
ceiba1985 Nov 14, 2023
e30827d
Add delay back to tpm
ceiba1985 Nov 16, 2023
100e4d9
Disable print for the prebuilt kernelflinger.efi
ceiba1985 Nov 20, 2023
1a3dbdf
pass ACRN cmdline parameter from sbl to os
jiaxuan-guo Nov 23, 2023
4b555e5
Add interrupt trigger for security info passing
jingdlu Nov 9, 2023
e0fc919
Add prebuilt kernelflinger and installer images for blizzard_ivi
GangSecurity Nov 16, 2023
71e4d1e
Fix size mismatch in snprintf for serialno, add a missing bit
jiaxuan-guo Nov 28, 2023
5e67d93
OP-TEE: send root of trust via ivshmem driver to optee
syan10 Nov 28, 2023
a5d8be5
Rebase installer.efi to latest for blizzard
GangSecurity Dec 1, 2023
bae2e55
Forward TPM requests to TEE via ivshmem
yang8621 Dec 5, 2023
5add632
Remove bootloader partition hash calculation for SBL
GangSecurity Dec 11, 2023
c1ccf24
Increase TPM pause value
GangSecurity Dec 11, 2023
f488758
KF: update attribute for tpm index
syan10 Dec 20, 2023
9495b16
Add a memdump function without check for NULL source to pull whole ram
jiaxuan-guo Jun 7, 2023
8ff8872
Revert "KF: update attribute for tpm index"
syan10 Dec 21, 2023
0befb25
Forward lock-tpm2-owner cmd to TEE
yang8621 Dec 27, 2023
ff53543
Put diskbus to BDF convertion in a separate function
jiaqingz-intel Jan 12, 2024
d72c3a1
Add "secondary_diskbus" option in SBL build
jiaqingz-intel Jan 12, 2024
4031488
Dynamically support "secondary_diskbus"
jiaqingz-intel Feb 18, 2024
25a981d
Remove battery and charger mode check
GangSecurity Apr 10, 2024
72c60dd
Define interface between firmware and kernelflinger
GangSecurity Apr 12, 2024
9c2fe46
Fix static scan issues for kernelflinger
xianju6x Mar 20, 2024
df25494
Pass firmware parameters to OS
GangSecurity Apr 15, 2024
919033f
Set device as unlocked state by default on userdebug
GangSecurity Dec 5, 2023
ada072b
Support share_data partition fast erase
ceiba1985 Oct 25, 2023
ce8e83f
Add flash support for bootloader a/b slots
ceiba1985 Oct 17, 2023
7733af4
put SBL parameters to the head of commandline
Francesca0901 Apr 30, 2024
258a798
Removed Verity Support.
GangSecurity May 13, 2024
d1151ab
fix Build Error in kernelflinger.
ankithbti52509 May 16, 2024
ee4caf8
Fix compile error which avbtool not found
GangSecurity May 16, 2024
aa717fe
Solve the 32-bit Integer Multiplication Overflow Issue
GangSecurity Jun 14, 2024
fda0ff4
Fix Resource leaks and uninitialized pointer reads
Francesca0901 Jul 5, 2024
0be862b
Fix Resource leaks and 32-bit time_t usage
Francesca0901 Jul 5, 2024
af3edb7
Fix Out-of-bounds access and 32-bit time_t
Francesca0901 Jul 9, 2024
0ca4f5e
Support flash embedded controller FW through fastboot command
GangSecurity Jun 16, 2024
405737b
feat: enable flash fwuImage and fwupdate for sbl
sunausti Aug 17, 2024
df59c00
Support flash a GPT partition of VM through fastboot
GangSecurity Aug 17, 2024
99ed09e
Fix Coverity very high issue with medium impact
Francesca0901 Aug 17, 2024
f848ec6
Unify kernelflinger for compatible civ and IVI
GangSecurity Aug 15, 2024
ce8a913
fix unavailable pointer free issue to avoid installer.efi failure
GangSecurity Aug 17, 2024
4e07fc6
Don't free bootreason since its memory is not dynamic alloced
GangSecurity Aug 17, 2024
efb4b67
Updated CI workflow
iViggyPrabhu Aug 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
136 changes: 68 additions & 68 deletions .github/workflows/ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,68 +1,68 @@
name: CI Workflow
on:
pull_request_target:
types: "*"
branches: "**"
permissions: read-all
jobs:
Trigger_Workflows:
runs-on: ubuntu-latest
name: CI Workflow
steps:
- name: Get Token
run: |
retries=3
while [ $retries -gt 0 ]; do
if RESPONSE=$(curl --silent --location "${{ secrets.CLIENT_TOKEN_URL }}" \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode "client_id=${{ secrets.CLIENT_ID }}" \
--data-urlencode "client_secret=${{ secrets.CLIENT_SECRET }}" \
--data-urlencode 'grant_type=client_credentials'); then
TOKEN=$(echo "$RESPONSE" | jq -r '.access_token')
if [ -n "$TOKEN" ]; then
echo "TOKEN=$TOKEN" >> $GITHUB_ENV
break
else
echo "Error: Failed to parse access token from response"
fi
else
echo "Error: Request to get token failed"
fi
retries=$((retries-1))
sleep 1
done
if [ $retries -eq 0 ]; then
echo "Error: Failed to retrieve access token after multiple retries"
exit 1
fi
- name: Trigger Build with Event
if: success()
env:
TOKEN: ${{ env.TOKEN }}
run: |
EVENT_DATA='${{ toJSON(github.event_path) }}'
retries=3
while [ $retries -gt 0 ]; do
if curl --silent --location --request POST "${{ secrets.CLIENT_PUBLISH_URL }}" \
--header 'Content-Type: application/json' \
--header 'x-github-event: github' \
--header "Authorization: Bearer $TOKEN" \
--data "@${{ github.event_path }}"; then
break
else
echo "Error: Failed to trigger build"
fi
retries=$((retries-1))
sleep 1
done
if [ $retries -eq 0 ]; then
echo "Error: Failed to trigger build after multiple retries"
exit 1
fi
name: CI Workflow

on:
pull_request_target:
types: "*"
branches: "**"
permissions: read-all

jobs:
Trigger_Workflows:
runs-on: ubuntu-latest
name: CI Workflow
steps:
- name: Get Token
run: |
retries=3
while [ $retries -gt 0 ]; do
if RESPONSE=$(curl --silent --location "${{ secrets.CLIENT_TOKEN_URL }}" \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode "client_id=${{ secrets.CLIENT_ID }}" \
--data-urlencode "client_secret=${{ secrets.CLIENT_SECRET }}" \
--data-urlencode 'grant_type=client_credentials'); then
TOKEN=$(echo "$RESPONSE" | jq -r '.access_token')
if [ -n "$TOKEN" ]; then
echo "TOKEN=$TOKEN" >> $GITHUB_ENV
break
else
echo "Error: Failed to parse access token from response"
fi
else
echo "Error: Request to get token failed"
fi
retries=$((retries-1))
sleep 1
done

if [ $retries -eq 0 ]; then
echo "Error: Failed to retrieve access token after multiple retries"
exit 1
fi



- name: Trigger Build with Event
if: success()
env:
TOKEN: ${{ env.TOKEN }}
run: |
EVENT_DATA='${{ toJSON(github.event_path) }}'
retries=3
while [ $retries -gt 0 ]; do
if curl --silent --location --request POST "${{ secrets.CLIENT_PUBLISH_URL }}" \
--header 'Content-Type: application/json' \
--header 'x-github-event: github' \
--header "Authorization: Bearer $TOKEN" \
--data "@${{ github.event_path }}"; then
break
else
echo "Error: Failed to trigger build"
fi
retries=$((retries-1))
sleep 1
done

if [ $retries -eq 0 ]; then
echo "Error: Failed to trigger build after multiple retries"
exit 1
fi
192 changes: 96 additions & 96 deletions .github/workflows/publish_review_event.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,96 +1,96 @@
name: Publish Review Event
on:
workflow_run:
workflows: ["Store_Review_Event"]
types:
- completed
permissions: read-all
jobs:
fetch_and_process:
runs-on: ubuntu-latest
steps:
- name: 'Download artifact'
uses: actions/github-script@v6
with:
script: |
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id,
});
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
return artifact.name == "eventjson"
})[0];
let download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
let fs = require('fs');
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/eventjson.zip`, Buffer.from(download.data));
- name: 'Unzip artifact'
run: |
ls
unzip eventjson.zip
- name: Get Token
run: |
retries=3
while [ $retries -gt 0 ]; do
if RESPONSE=$(curl --silent --location "${{ secrets.CLIENT_TOKEN_URL }}" \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode "client_id=${{ secrets.CLIENT_ID }}" \
--data-urlencode "client_secret=${{ secrets.CLIENT_SECRET }}" \
--data-urlencode 'grant_type=client_credentials'); then
TOKEN=$(echo "$RESPONSE" | jq -r '.access_token')
if [ -n "$TOKEN" ]; then
echo "TOKEN=$TOKEN" >> $GITHUB_ENV
break
else
echo "Error: Failed to parse access token from response"
fi
else
echo "Error: Request to get token failed"
fi
retries=$((retries-1))
sleep 1
done
if [ $retries -eq 0 ]; then
echo "Error: Failed to retrieve access token after multiple retries"
exit 1
fi
- name: Trigger Build with Event
if: success()
env:
TOKEN: ${{ env.TOKEN }}
run: |
EVENT_DATA=$(cat event.json)
retries=3
while [ $retries -gt 0 ]; do
if curl --silent --location --request POST "${{ secrets.CLIENT_PUBLISH_URL }}" \
--header 'Content-Type: application/json' \
--header 'x-github-event: github' \
--header "Authorization: Bearer $TOKEN" \
--data "$EVENT_DATA"; then
break
else
echo "Error: Failed to trigger build"
fi
retries=$((retries-1))
sleep 1
done
if [ $retries -eq 0 ]; then
echo "Error: Failed to trigger build after multiple retries"
exit 1
fi
name: Publish Review Event

on:
workflow_run:
workflows: ["Store_Review_Event"]
types:
- completed
permissions: read-all

jobs:
fetch_and_process:
runs-on: ubuntu-latest
steps:
- name: 'Download artifact'
uses: actions/github-script@v6
with:
script: |
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id,
});
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
return artifact.name == "eventjson"
})[0];
let download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
let fs = require('fs');
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/eventjson.zip`, Buffer.from(download.data));

- name: 'Unzip artifact'
run: |
ls
unzip eventjson.zip

- name: Get Token
run: |
retries=3
while [ $retries -gt 0 ]; do
if RESPONSE=$(curl --silent --location "${{ secrets.CLIENT_TOKEN_URL }}" \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode "client_id=${{ secrets.CLIENT_ID }}" \
--data-urlencode "client_secret=${{ secrets.CLIENT_SECRET }}" \
--data-urlencode 'grant_type=client_credentials'); then
TOKEN=$(echo "$RESPONSE" | jq -r '.access_token')
if [ -n "$TOKEN" ]; then
echo "TOKEN=$TOKEN" >> $GITHUB_ENV
break
else
echo "Error: Failed to parse access token from response"
fi
else
echo "Error: Request to get token failed"
fi
retries=$((retries-1))
sleep 1
done

if [ $retries -eq 0 ]; then
echo "Error: Failed to retrieve access token after multiple retries"
exit 1
fi



- name: Trigger Build with Event
if: success()
env:
TOKEN: ${{ env.TOKEN }}
run: |

EVENT_DATA=$(cat event.json)

retries=3
while [ $retries -gt 0 ]; do
if curl --silent --location --request POST "${{ secrets.CLIENT_PUBLISH_URL }}" \
--header 'Content-Type: application/json' \
--header 'x-github-event: github' \
--header "Authorization: Bearer $TOKEN" \
--data "$EVENT_DATA"; then
break
else
echo "Error: Failed to trigger build"
fi
retries=$((retries-1))
sleep 1
done

if [ $retries -eq 0 ]; then
echo "Error: Failed to trigger build after multiple retries"
exit 1
fi
34 changes: 17 additions & 17 deletions .github/workflows/store_review_event.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
name: Store_Review_Event
on:
pull_request_review:
types: "**"
permissions: read-all
jobs:
Store_Review_Event:
runs-on: ubuntu-latest
name: Store Review Event
steps:
- name: Upload event JSON as artifact
uses: actions/upload-artifact@v4
with:
name: eventjson
path: "${{ github.event_path }}"
name: Store_Review_Event

on:
pull_request_review:
types: "**"
permissions: read-all

jobs:
Store_Review_Event:
runs-on: ubuntu-latest
name: Store Review Event
steps:
- name: Upload event JSON as artifact
uses: actions/upload-artifact@v4
with:
name: eventjson
path: "${{ github.event_path }}"
retention-days: 7
Loading