chromiumos/platform/dm-verity.git
15 months agoFix clang syntax checking error. 77/47577/5 factory-4128.B factory-4290.B factory-4455.B factory-pit-4280.B factory-pit-4390.B factory-pit-4471.B factory-spring-4131.B factory-spring-4262.B firmware-falco_peppy-4389.B firmware-leon-4389.26.B firmware-pit-4482.B firmware-wolf-4389.24.B master release-R28-4100.B release-R29-4319.B release-R30-4537.B stabilize-4008.0.B stabilize-4035.0.B stabilize-4068.0.B stabilize-4100.38.B stabilize-4255.B stabilize-4287.B stabilize-4443.B stabilize-4512.B stabilize-spring-4100.53.B toolchainB
Yunlian Jiang [Mon, 8 Apr 2013 19:36:58 +0000 (12:36 -0700)]
Fix clang syntax checking error.

Added output info for LOG_IF, moved the position of the declaration
of an arry. Changed the input format of sprintf.

BUG=chromium:221218
TEST=CFLAGS="-clang -print-cmdline" CXXFLAGS="-clang -print-cmdline"
     emerge-x86-alex verity passes.

Change-Id: Ie969776a05dbf4627e6e235a3dc2d98ff7de27d4
Reviewed-on: https://gerrit.chromium.org/gerrit/47577
Reviewed-by: Will Drewry <wad@chromium.org>
Commit-Queue: Yunlian Jiang <yunlian@chromium.org>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
15 months agoverity: Calculate gmock/gtest library dependencies programatically 46/46446/4 release-R27-3912.B stabilize-3912.79.B toolchainA
Gaurav Shah [Mon, 25 Mar 2013 22:36:25 +0000 (15:36 -0700)]
verity: Calculate gmock/gtest library dependencies programatically

(gmock/gtest doesn't generate pkg-config metadata, calculating lib
 dependencies this way makes it easier to upgrade gmock/gtest packages.)

BUG=chromium:211445
TEST=build tests for package using gtest 1.6

Change-Id: I746d9d422a18ee2f3feeeeade9e85f267739eb35
Reviewed-on: https://gerrit.chromium.org/gerrit/46446
Reviewed-by: Will Drewry <wad@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Gaurav Shah <gauravsh@chromium.org>

17 months agoverity: Updating common.mk to ToT to enable profiling 81/42781/3 factory-spring-3842.B firmware-spring-3824.4.B firmware-spring-3824.55.B firmware-spring-3824.84.B firmware-spring-3824.B firmware-spring-3833.B release-R26-3701.B stabilize-3701.30.0 stabilize-3701.30.0b stabilize-3701.46.B stabilize-3701.81.B stabilize-3881.0.B stabilize-bluetooth-smart toolchain-3701.42.B
Ryan Harrison [Wed, 6 Feb 2013 21:35:25 +0000 (16:35 -0500)]
verity: Updating common.mk to ToT to enable profiling

This update replaces the current common.mk used in this project with the newest
version. This will allow all of the common.mk based projects to be on the same
version for debugging and enables profiling support.

BUG=chromium-os:37854
TEST=Exectuted the following commands to confirm the build works:
     MODE=profiling cros_workon_make --board=link
     MODE=profiling cros_workon_make --board=link --test
     cros_workon_make --board=link
     cros_workon_make --board=link --test
     Repeated these with emerge-link, USE=profiling, and
     FEATURES=test as need.
     For the emerge command with profiling and testing enable, confirmed the
     appropriate coverage files were created in /usr/share/profiling/...

Change-Id: I5b1dd04e8eec9b1320ee8d9945a87a9f45c61c20
Reviewed-on: https://gerrit.chromium.org/gerrit/42781
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Tested-by: Ryan Harrison <rharrison@chromium.org>
2 years agoAdd virtual destruction file to make gcc 4.7 can compile it factory-2305.B factory-2338.B factory-2368.B factory-2394.B factory-2460.B factory-2475.B factory-2569.B factory-2717.B factory-2723.14.B factory-2846.B factory-2848.B factory-2914.B factory-2985.B factory-2993.B factory-3004.B factory-3536.B firmware-butterfly-2788.B firmware-link-2348.B firmware-link-2695.2.B firmware-link-2695.B firmware-parrot-2685.B firmware-snow-2695.90.B firmware-snow-2695.B firmware-stout-2817.B release-R21-2465.B release-R22-2723.B release-R23-2913.B release-R25-3428.B stabilize stabilize-3428.110.0 stabilize-3428.149 stabilize-3428.149.B stabilize-3428.193 stabilize-3658.0.0 stabilize-daisy stabilize-link stabilize-link-2913.278 stabilize2 toolchain-3428.65.B
Yunlian Jiang [Wed, 2 May 2012 20:57:45 +0000 (13:57 -0700)]
Add virtual destruction file to make gcc 4.7 can compile it

BUG=None
TEST=compile passed

Change-Id: I4b4fb763aa820e7096a78087ddd6e87e900a347c
Reviewed-on: https://gerrit.chromium.org/gerrit/21667
Reviewed-by: Will Drewry <wad@chromium.org>
Commit-Ready: Yunlian Jiang <yunlian@chromium.org>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
2 years ago[verity] add OWNERS factory-2268.16.B release-R20-2268.B
Elly Jones [Fri, 6 Apr 2012 16:00:48 +0000 (12:00 -0400)]
[verity] add OWNERS

BUG=chromium-os:22007
TEST=None

Change-Id: I9cf07368bbe5800cdf1ecd4e6d75f22468549298
Signed-off-by: Elly Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/19747
Reviewed-by: Mandeep Singh Baines <msb@chromium.org>
2 years agoCreate a static library of libdm-bht release-R19-2046.B
Sonny Rao [Tue, 13 Mar 2012 20:14:13 +0000 (20:14 +0000)]
Create a static library of libdm-bht

This pulls in the C sources into a library as well as the kernel
implementations of the hashes, so that the installer can statically
link them in.  We have to do a few non-obvious things in order to get
libdm-bht.a instead of libdm-bht.pic.a due to the double invocation of
that rule -- added TODO(wad) to fix that.

BUG=chromium-os:25377
TEST=manual: build verity, ensure libdm-bht.a is created (won't be
installed)

Change-Id: I4037c68d3fc2c1dfdcfed4a603b49b57dd06562b
Reviewed-on: https://gerrit.chromium.org/gerrit/15838
Tested-by: Sonny Rao <sonnyrao@chromium.org>
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
Commit-Ready: Sonny Rao <sonnyrao@chromium.org>

2 years agoverity: break libbase dependency factory-1987.B
Will Drewry [Wed, 22 Feb 2012 23:23:05 +0000 (17:23 -0600)]
verity: break libbase dependency

This removes the need for libbase for logging or special
types like scoped_ptr.

Now only gtest and gmock are required in order to run the unittests.

TEST=FEATURES=test emerge-(x86-alex|amd64-generic) verity
BUG=chromium-os:26649

Change-Id: I75643c5bdfe33b57afd0e3cfca7c49b7df6c5408
Reviewed-on: https://gerrit.chromium.org/gerrit/16411
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
Commit-Ready: Will Drewry <wad@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
2 years agodrop openssl in favor of kernel hashes
Mike Frysinger [Thu, 26 Jan 2012 01:39:46 +0000 (20:39 -0500)]
drop openssl in favor of kernel hashes

This avoids the large openssl dep in favor of dropping in the code from
the kernel itself.

The headers have been tweaked a bit in order to be able to copy in the
hash files completely unmodified.  Hopefully, all that is needed to
update this code to newer versions is:
kdir=../../third_party/kernel/files
cp $kdir/crypto/md5.c kernel/md5_generic.c
cp $kdir/crypto/sha{1,256,512}_generic.c kernel/
cp $kdir/lib/{md5,sha1}.c kernel/

Speedwise, the kernel code seems to be about <0.5 seconds slower for all
hashes which boils down to system noise.

BUG=chromium-os:25968
TEST=ran verity manually before/after and verified hashes (md5/sha1/sha256) matched
TEST=`make tests` passed
TEST=`emerge verity` worked
TEST=`FEATURES=test emerge-amd64-corei7 verity` worked
TEST=`FEATURES=test emerge-x86-alex verity` worked
TEST=build_image booted on amd64-corei7
TEST=build_image booted on x86-alex

Change-Id: I9a69488a0b14a24ee1620e4e7f6c9ef4c1ac6fd5
Reviewed-on: https://gerrit.chromium.org/gerrit/14842
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
2 years agoFix makefile dependencies to allow verity-static pass tests
Sonny Rao [Wed, 15 Feb 2012 02:18:16 +0000 (02:18 +0000)]
Fix makefile dependencies to allow verity-static pass tests

verity-static previously wasn't building while WITH_CHROME=1
was set due to duplicate functions found during linking.
Previously the toolchain was having difficulty finding
the static libraries, but that problem seems to be fixed
and the dependencies in the makefile rule are no longer
needed to build.

BUG=chromium-os:25377
TEST=`emerge-x86-generic verity`
TEST=`cros_run_unit_tests -p verity`

Change-Id: I93d542c5da96f3f30a1ce479f9cfc993e4e888ca
Reviewed-on: https://gerrit.chromium.org/gerrit/15911
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
Tested-by: Sonny Rao <sonnyrao@chromium.org>
Commit-Ready: Sonny Rao <sonnyrao@chromium.org>

2 years agoverity: upgrade to new common.mk format
Will Drewry [Tue, 14 Feb 2012 23:35:14 +0000 (17:35 -0600)]
verity: upgrade to new common.mk format

Migrates the Makefile format and module.mk to use the
newest common.mk. This also fixes link ordering (thanks vapier@)

Signed-off-by: Will Drewry <wad@chromium.org>
TEST=emerge-x86-alex verity, FEATURES=test emerge-x86-alex verity
BUG=None

Change-Id: I09e80e7730208e5c614bc93fe6348ab652703988
Reviewed-on: https://gerrit.chromium.org/gerrit/15853
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
Commit-Ready: Will Drewry <wad@chromium.org>

2 years agoBUG_ON: include file/func/line info in error
Mike Frysinger [Wed, 8 Feb 2012 21:11:47 +0000 (16:11 -0500)]
BUG_ON: include file/func/line info in error

Makes tracking the source of a BUG_ON easier imo.

BUG=None
TEST=manually trigger a BUG_ON and see the new output

Change-Id: I7ea3e2ce84c4f2b672bcd73d8c37a63d3bf9af8e
Reviewed-on: https://gerrit.chromium.org/gerrit/15578
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
2 years agodo not force -L/usr/lib search
Mike Frysinger [Wed, 8 Feb 2012 20:48:45 +0000 (15:48 -0500)]
do not force -L/usr/lib search

The toolchain is perfectly capable of locating system libraries it needs,
so don't hardcode -L/usr/lib as this causes problems when cross-compiling.

BUG=None
TEST=`emerge-x86-alex verity` still works

Change-Id: I49874190585f4cd2e690b32683b1a5ab116a5d73
Reviewed-on: https://gerrit.chromium.org/gerrit/15526
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
2 years agoverity-static: bring back static compilation for verity release-R18-1660.B
Will Drewry [Mon, 23 Jan 2012 20:47:47 +0000 (14:47 -0600)]
verity-static: bring back static compilation for verity

This common.mk is old, but the basics of this are good. This shows how to get
all your static libraries dynamically and link them.  The trick is picking PIC
over PIE since toolchains rarely ship with PIE components.  If we havepie
archives, we should use them :)

TEST=builds and runs
BUG=none

Change-Id: I070d4eff8fb3bdc604ea67ee3f67dac50d03740e
Reviewed-on: https://gerrit.chromium.org/gerrit/14631
Reviewed-by: Don Garrett <dgarrett@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
Commit-Ready: Will Drewry <wad@chromium.org>

2 years agoCorrect QEMU_ARCH to use x86_64 rather than amd64. factory-1412.B release-R17-1412.B
Matt Tennant [Thu, 17 Nov 2011 01:48:07 +0000 (17:48 -0800)]
Correct QEMU_ARCH to use x86_64 rather than amd64.

The default ARCH is not the qemu suffix needed on amd64.  This
maps amd64 to x86_64 for qemu executables.

BUG=chromium-os:22309
TEST=`sudo FEATURES="test" emerge-amd64-generic verity` passes now

Change-Id: I5bd98aa18ec6516e44ae2336e045d05af3bef6c6
Reviewed-on: https://gerrit.chromium.org/gerrit/11824
Tested-by: Matt Tennant <mtennant@chromium.org>
Reviewed-by: Anush Elangovan <anush@chromium.org>
Reviewed-by: Ben Chan <benchan@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Commit-Ready: Matt Tennant <mtennant@chromium.org>

2 years agoRevert "Update QEMU_CMD syntax before qemu upgrade."
Matt Tennant [Tue, 15 Nov 2011 01:19:43 +0000 (17:19 -0800)]
Revert "Update QEMU_CMD syntax before qemu upgrade."

This reverts commit 6e5f58078dfe87411a460ef0e4d36df7c1555aa7

This looked good, but in the end doesn't really work.  The chroot command within qemu runs emulated, but the command it calls does not.  Instead of taking this path we are making qemu-kvm compile statically and using the old call syntax again.

Change-Id: Ib558dcdc29725d64bf522b84b6d91b1e8815945b
Reviewed-on: https://gerrit.chromium.org/gerrit/11676
Tested-by: Matt Tennant <mtennant@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Commit-Ready: Matt Tennant <mtennant@chromium.org>

2 years agoUpdate QEMU_CMD syntax before qemu upgrade. firmware-kiev-2.112.B firmware-uboot_v2-1299.B
Matt Tennant [Thu, 3 Nov 2011 18:15:52 +0000 (11:15 -0700)]
Update QEMU_CMD syntax before qemu upgrade.

The coming upgrade to qemu-kvm 0.15 appears to require a change in the
invocation of qemu in combination with chroot.  This new syntax is
compatible with the current qemu-kvm version as well.

BUG=chromium-os:22309
TEST=As follows:
sudo FEATURES="test" emerge-x86-generic -1 verity
sudo FEATURES="test" emerge-arm-generic -1 verity
trybot run of x86-generic-pre-flight-queue

Change-Id: If2c82ea71ca40e5a700ea709f524a87f1a5134a6
Reviewed-on: https://gerrit.chromium.org/gerrit/11131
Reviewed-by: Matt Tennant <mtennant@chromium.org>
Tested-by: Matt Tennant <mtennant@chromium.org>
Commit-Ready: Matt Tennant <mtennant@chromium.org>

2 years agoverity: move userspace api to a new header file factory-1235.B factory-1284.B release-R16-1193.B
Mandeep Singh Baines [Thu, 1 Sep 2011 20:37:57 +0000 (13:37 -0700)]
verity: move userspace api to a new header file

We can now pull out the userspace API prototypes from the kernel header file.

BUG=chromium-os:19952
TEST=Ran unit tests from dm-verity.git.
     Ran platform_DMVerityCorruption and platform_DMVerityBitCorruption.
TESTED_ON=Alex

Change-Id: I2158f3519249c67bf652fdd1d9dfba4389928020
Reviewed-on: http://gerrit.chromium.org/gerrit/7104
Reviewed-by: Mandeep Singh Baines <msb@chromium.org>
Tested-by: Mandeep Singh Baines <msb@chromium.org>
2 years agoverity: remove write_cb
Mandeep Singh Baines [Wed, 31 Aug 2011 03:29:50 +0000 (20:29 -0700)]
verity: remove write_cb

Now that there are no users we can remove the write_cb infrastructure.

BUG=chromium-os:19952
TEST=Ran unit tests from dm-verity.git.
     Ran platform_DMVerityCorruption and platform_DMVerityBitCorruption.
TESTED_ON=Alex

Change-Id: I1614ff03385769dfac477f80c4a31e3787910322
Reviewed-on: http://gerrit.chromium.org/gerrit/7103
Reviewed-by: Mandeep Singh Baines <msb@chromium.org>
Tested-by: Mandeep Singh Baines <msb@chromium.org>
2 years agoverity: remove write callback from user-space
Mandeep Singh Baines [Wed, 31 Aug 2011 03:22:09 +0000 (20:22 -0700)]
verity: remove write callback from user-space

Remove the write callback abstraction as it is no longer needed.

BUG=chromium-os:19952
TEST=Ran unit tests from dm-verity.git.
     Ran platform_DMVerityCorruption and platform_DMVerityBitCorruption.
TESTED_ON=Alex

Change-Id: I111c1a5d6a21b1da594a24c94c36af71fca2f816
Reviewed-on: http://gerrit.chromium.org/gerrit/7102
Reviewed-by: Mandeep Singh Baines <msb@chromium.org>
Tested-by: Mandeep Singh Baines <msb@chromium.org>
2 years agoverity: pull out the userspace bits from dm-bht.c
Mandeep Singh Baines [Tue, 30 Aug 2011 19:57:37 +0000 (12:57 -0700)]
verity: pull out the userspace bits from dm-bht.c

BUG=chromium-os:19952
TEST=Ran unit tests from dm-verity.git.
     Ran platform_DMVerityCorruption and platform_DMVerityBitCorruption.
TESTED_ON=Alex

Change-Id: Ifbee5c91e5cb7123b24aa2a656ed0a495d33b6dd
Reviewed-on: http://gerrit.chromium.org/gerrit/6924
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Tested-by: Mandeep Singh Baines <msb@chromium.org>
2 years agoverity: warn on null-valued keys factory-1020.B release-1011.B
Elly Jones [Wed, 7 Sep 2011 18:49:39 +0000 (14:49 -0400)]
verity: warn on null-valued keys

BUG=chromium-os:20089
TESTED_ON=Kaen
TEST=Adhoc
'verity mode' should emit "missing value: mode" before the standard usage
message now. So should 'verity mode='.

Change-Id: Ica495d07a84fc1924bea37385cc2439032e5ad66
Signed-off-by: Elly Jones <ellyjones@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/7346
Reviewed-by: David James <davidjames@chromium.org>
2 years agoverity: don't explode on null arguments
Elly Jones [Tue, 6 Sep 2011 22:12:49 +0000 (18:12 -0400)]
verity: don't explode on null arguments

We explicitly support these to make verity easier to program with.

BUG=None
TEST=Adhoc
verity '' no longer segfaults

Change-Id: I98f4fec431791fad9d9b5f25b78975cc67bd5c59
Signed-off-by: Elly Jones <ellyjones@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/7294
Reviewed-by: Sean Paul <seanpaul@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
2 years agoverity: output salt if we had one test-982.B
Elly Jones [Thu, 1 Sep 2011 21:37:54 +0000 (17:37 -0400)]
verity: output salt if we had one

BUG=chromium-os:12138
TEST=Adhoc
verity mode=create alg=sha256 payload=foo hashtree=bar [salt=0]
Check that with no salt, no salt is emitted, and with a salt, the right salt is
re-emitted (and the root hexdigest differs).

Change-Id: Ibb9de2956b937efed7aa98ee40342034458b1b38
Signed-off-by: Elly Jones <ellyjones@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/7100
Reviewed-by: Mandeep Singh Baines <msb@chromium.org>
2 years agoverity: add support for salting. factory-980.B
Elly Jones [Fri, 26 Aug 2011 01:18:16 +0000 (18:18 -0700)]
verity: add support for salting.

Salting is exposed as an optional salt=<hex> argument. The salt is appended to
hashed blocks if present, padded to 32 bytes with zero bytes.

This code is not yet used by any tools, so it should have no effect.

BUG=chromium-os:12138
TEST=Adhoc, script:12138, unittest, autotest
Build an image (I did this for Kaen) and boot it.
Run the script attached to bug 12138; if it prints 'ok', everything's good.
Check that unit test 'CreateThenVerifyOkSalt' passes.
Run platform_DMVerityBitCorruption and platform_DMVerityCorruption.

Change-Id: I3eeb17d041bcd567c0908b017e9d57a896c11cc4
Signed-off-by: Elly Jones <ellyjones@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/6708
Reviewed-by: Will Drewry <wad@chromium.org>
2 years agoverity: embed hash_desc instead of allocating it
Mandeep Singh Baines [Wed, 10 Aug 2011 18:21:16 +0000 (11:21 -0700)]
verity: embed hash_desc instead of allocating it

This simplifies the code and saves a level of indirection.

I also discovered a leak in one of the dm_bht_create error paths
which is also fixed by this change.

BUG=chromium-os:9752
TEST=Ran unit tests from dm-verity.git.
     Ran platform_DMVerityCorruption and platform_DMVerityBitCorruption.
TESTED_ON=Alex

Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
kernel.git Reviewed-on: http://gerrit.chromium.org/gerrit/5673

Code has already been reviewed and committed to kernel.git.

Change-Id: I52903c7c8a045d79c2bffa71f97811f0198826b9
Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/6779
Reviewed-by: Will Drewry <wad@chromium.org>
2 years agoverity: define NR_CPUS
Mandeep Singh Baines [Wed, 10 Aug 2011 18:21:16 +0000 (11:21 -0700)]
verity: define NR_CPUS

Needed by dm-bht.h in a future (next) CL.

BUG=chromium-os:9752
TEST=Ran unit tests from dm-verity.git.

Change-Id: Ic57de2ec28d303ad2356dc504278abbcda29b984
Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/6784
Reviewed-by: Will Drewry <wad@chromium.org>
2 years agoverity: use alloc_page instead of mempool_alloc
Mandeep Singh Baines [Fri, 22 Jul 2011 15:48:48 +0000 (08:48 -0700)]
verity: use alloc_page instead of mempool_alloc

I ran a quick test and verified that mempool_alloc we are never
hitting the remove_element path of mempool_alloc so the 8MB of
mempool memory is never actually used.

Since dm-verity is read-only, its not part of memory reclaim. So a
memory pool is not neccesary. Since we alloc with GFP_KERNEL, an
allocation failure is highly unlikely. If an allocation does fail,
we already have code to handle the failure.

By removing the memory pool, we save 8 MB of RAM and save 1 ms on boot:

[    0.974280] before mempool_create_page_pool
[    0.975345] after mempool_create_page_pool

BUG=chromium-os:9752
TEST=Ran dm-verity.git unit tests. Ran platform_DMVerityCorruption on H/W.

Also ran platform_BootPerfServer:

Before:

  seconds_power_on_to_login                                       8.81
  seconds_power_on_to_login{1}                                    8.76
  seconds_power_on_to_login{2}                                    9.24
  seconds_power_on_to_login{3}                                    8.83
  seconds_power_on_to_login{4}                                    8.76
  seconds_power_on_to_login{5}                                    8.84
  seconds_power_on_to_login{6}                                    8.86
  seconds_power_on_to_login{7}                                    8.86
  seconds_power_on_to_login{8}                                    8.86
  seconds_power_on_to_login{9}                                    8.97

  Mean:  8.87
  Stdev: 0.14

After:

  seconds_power_on_to_login                                       8.92
  seconds_power_on_to_login{1}                                    9.06
  seconds_power_on_to_login{2}                                    8.96
  seconds_power_on_to_login{3}                                    8.71
  seconds_power_on_to_login{4}                                    8.99
  seconds_power_on_to_login{5}                                    8.89
  seconds_power_on_to_login{6}                                    8.77
  seconds_power_on_to_login{7}                                    8.96
  seconds_power_on_to_login{8}                                    8.95
  seconds_power_on_to_login{9}                                    8.95

  Mean: 8.91
  Stdev 0.10

The difference between the two runs is within stdev.

Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
kernel.git Reviewed-on: http://gerrit.chromium.org/gerrit/4584

Code has already been reviewed and committed to kernel.git.

Change-Id: Ibb29cb00443a305c26ebf8db2ea7bac2553a5ae7
Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/6778

2 years agoverity: implement alloc_page and __free_page
Mandeep Singh Baines [Thu, 21 Jul 2011 22:33:40 +0000 (15:33 -0700)]
verity: implement alloc_page and __free_page

These are needed by a future (next CL) change to dm-bht.c.

BUG=chromium-os:9752
TEST=Ran dm-verity.git unit tests.

Change-Id: I4d7ad73dc62d6d72959d1b1429e3c64714b08d09
Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/6783
Reviewed-by: Will Drewry <wad@chromium.org>
2 years agoverity: convert depth to an int
Mandeep Singh Baines [Thu, 21 Jul 2011 22:33:40 +0000 (15:33 -0700)]
verity: convert depth to an int

This allows us to remove a couple of casts.

BUG=chromium-os:9752
TEST=Ran dm-verity.git unit tests. Ran platform_DMVerityCorruption on H/W.

Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
kernel.git Reviewed-on: http://gerrit.chromium.org/gerrit/4519
Reviewed-by: Will Drewry <wad@chromium.org>
Code has already been reviewed and committed to kernel.git.

Change-Id: Id84e7874034359b3545adbb8d1982db5c7042a1c
Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/6777

2 years agoverity: statically allocate root_digest
Mandeep Singh Baines [Thu, 21 Jul 2011 02:26:43 +0000 (19:26 -0700)]
verity: statically allocate root_digest

BUG=chromium-os:9752
TEST=Ran dm-verity.git unit tests. Ran platform_DMVerityCorruption on H/W.

Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
kernel.git Reviewed-on: http://gerrit.chromium.org/gerrit/4466

Code has already been reviewed and committed to kernel.git.

Change-Id: I042941f480f1faf8063dbd4424b5d3b7c1978a9a
Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/6776

2 years agoverity: use block instead of block_index everywhere
Mandeep Singh Baines [Sat, 23 Apr 2011 22:19:43 +0000 (15:19 -0700)]
verity: use block instead of block_index everywhere

This makes our use block consistent. block is also easier to type than
block_index.

BUG=chromium-os:9752
TEST=Ran dm-verity.git unit tests. Ran platform_DMVerityCorruption on H/W.

Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
kernel.git Reviewed-on: http://gerrit.chromium.org/gerrit/4453

Code has already been reviewed and committed to kernel.git.

Change-Id: Ia24f93cf9d7b318dbbe71732116088f012fafee6
Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/6775

2 years agoverity: short-circuit dm_bht_populate
Mandeep Singh Baines [Sat, 23 Apr 2011 22:13:34 +0000 (15:13 -0700)]
verity: short-circuit dm_bht_populate

If a node is verified, so are all its parents. This is because we
verify top down. So we can break as soon as we see a verfied node.
Its parents are already verified and populated.

BUG=chromium-os:9752
TEST=Ran dm-verity.git unit tests. Ran platform_DMVerityCorruption on H/W.

Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
kernel.git Reviewed-on: http://gerrit.chromium.org/gerrit/4452

Code has already been reviewed and committed to kernel.git.

Change-Id: I9b6a1f104b62d4159c96ccdb466181f2c018c817
Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/6774

2 years agoverity: use key-value arguments.
Elly Jones [Tue, 16 Aug 2011 18:39:58 +0000 (14:39 -0400)]
verity: use key-value arguments.

This opens the way for salting and other such improvements to dm-verity.

BUG=chromium-os:15772
TEST=Adhoc
Make sure you have rebuilt verity both for host and target!
Build a regular image for Arm (I used Kaen). Ensure it boots.
Build a recovery image for Arm. Ensure it boots and completes recovery; when you
remove the stick, ensure the resulting system is useable.
Build a regular image for x86 (I used Alex). Ensure it boots.
Build a recovery image for x86. Ensure it boots and completes recovery.
Build a vm image for x86. Ensure it boots.

Change-Id: I184d55ff7ccaf1612a1eda7ea1605a4302be6595
Signed-off-by: Elly Jones <ellyjones@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/6085
Reviewed-by: Will Drewry <wad@chromium.org>
2 years agoRevert "verity: emit key-value arguments for dm table" 0.15.877.B firmware-881-u-boot-v1 firmware-u-boot-v1
Elly Jones [Mon, 1 Aug 2011 21:50:09 +0000 (14:50 -0700)]
Revert "verity: emit key-value arguments for dm table"

This reverts commit fc1b8fe170f0876f0050ad63c4b139bc4d204662

Change-Id: Ia86d9a301bce9d7233f2a27ebd2a5f6b1e503275
Reviewed-on: http://gerrit.chromium.org/gerrit/5099
Reviewed-by: Will Drewry <wad@chromium.org>
Tested-by: Elly Jones <ellyjones@chromium.org>
2 years agoverity: emit key-value arguments for dm table
Elly Jones [Tue, 21 Jun 2011 15:29:50 +0000 (11:29 -0400)]
verity: emit key-value arguments for dm table

TEST=Adhoc
BUG=chromium-os:15772

This CL depends circularly upon the CLs listed below. Test instructions are part
of the listed CLs.

Depends-on: http://gerrit.chromium.org/gerrit/3037
Depends-on: http://gerrit.chromium.org/gerrit/5069
Change-Id: I9b8d1aa943773ab9c766562cbd13fcabd23c1944
Signed-off-by: Elly Jones <ellyjones@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/2926
Reviewed-by: Will Drewry <wad@chromium.org>
3 years agoverity: root hash should not rely on uninitialized memory 0.14.811.B
Mandeep Singh Baines [Tue, 19 Jul 2011 22:18:09 +0000 (15:18 -0700)]
verity: root hash should not rely on uninitialized memory

Fixes a valgrind warning. This bug is harmless should so
not be considered critical.

BUG=chromium-os:9752
TEST=Ran dm-verity.git unit tests with USE=valgrind.

Change-Id: I689bbf493e7fe073980c3a0ee6df8c2a6dbd4620
Reviewed-on: http://gerrit.chromium.org/gerrit/4338
Reviewed-by: Paul Taysom <taysom@google.com>
Reviewed-by: Will Drewry <wad@chromium.org>
Tested-by: Mandeep Singh Baines <msb@chromium.org>
3 years agoverity: pull up maybe_read_entry
Mandeep Singh Baines [Tue, 3 May 2011 00:43:27 +0000 (17:43 -0700)]
verity: pull up maybe_read_entry

Since the latest refactoring it is now possible to pull up maybe_read_entry.

I also removed the PENDING flag and instead just call is_populated.

BUG=chromium-os:13872
TEST=Ran dm-verity.git unit tests. Ran platform_DMVerityCorruption on H/W.

kernel.git Review URL: http://codereview.chromium.org/6883252

Already LGTMed and committed to kernel.git

In addition to the kernel.git change, I needed to modify the tests.

Change-Id: Ida05ede9823893378ca2c25cfb75fac7c418d478
Reviewed-on: http://gerrit.chromium.org/gerrit/4337
Reviewed-by: Paul Taysom <taysom@google.com>
Reviewed-by: Will Drewry <wad@chromium.org>
Tested-by: Mandeep Singh Baines <msb@chromium.org>
3 years agoverity: fix gcc4.6 errors
Mandeep Singh Baines [Wed, 20 Jul 2011 16:30:42 +0000 (09:30 -0700)]
verity: fix gcc4.6 errors

Fixes the following errors:

verity-0.0.1-r33: verity_main.cc: In function 'int main(int, char**)':
verity-0.0.1-r33: verity_main.cc:54:15: error: variable 'root_hexdigest'
set but not used [-Werror=unused-but-set-variable]
verity-0.0.1-r33: cc1plus: all warnings being treated as errors
verity-0.0.1-r33:
verity-0.0.1-r33: make: ***
[/build/x86-generic/tmp/portage/chromeos-base/verity-0.0.1-r33/work/verity-0.0.1/build/verity_main.pie.o]
Error 1
verity-0.0.1-r33: make: *** Waiting for unfinished jobs....
verity-0.0.1-r33: verity_main.cc: In function 'int main(int, char**)':
verity-0.0.1-r33: verity_main.cc:54:15: error: variable 'root_hexdigest'
set but not used [-Werror=unused-but-set-variable]
verity-0.0.1-r33: cc1plus: all warnings being treated as errors
verity-0.0.1-r33:
verity-0.0.1-r33: make: ***
[/build/x86-generic/tmp/portage/chromeos-base/verity-0.0.1-r33/work/verity-0.0.1/build/verity_main.pic.o]
Error 1
verity-0.0.1-r33: emake failed
verity-0.0.1-r33:  * ERROR: chromeos-base/verity-0.0.1-r33 failed (compile
phase):
verity-0.0.1-r33:  *   failed to make verity
verity-0.0.1-r33:  *
verity-0.0.1-r33:  * Call stack:
verity-0.0.1-r33:  *     ebuild.sh, line  56:  Called src_compile
verity-0.0.1-r33:  *   environment, line 3053:  Called die
verity-0.0.1-r33:  * The specific snippet of code:
verity-0.0.1-r33:  *       emake OUT=${S}/build WITH_CHROME=$(use test &&
echo 1 || echo 0) SPLITDEBUG=$(use splitdebug && echo 1) verity ||
die "failed to make verity"

BUG=chromium-os:17883
TEST=compiled

Change-Id: Ibd2153d6b7b82814fb7bc959a01a20f910e5f83e
Reviewed-on: http://gerrit.chromium.org/gerrit/4405
Reviewed-by: Yasuhiro Matsuda <mazda@chromium.org>
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Tested-by: Mandeep Singh Baines <msb@chromium.org>
3 years agoRevert "verity: pull up maybe_read_entry" 780.B
Chris Masone [Tue, 19 Jul 2011 00:45:47 +0000 (17:45 -0700)]
Revert "verity: pull up maybe_read_entry"

This reverts commit 1b11b6793110da756e4c153b860f1870c7687072

The commit seems to cause unit test failures in a VM

Change-Id: I4739a7bdca2b2228cc7c5f8eecf407e56fc7e62a
Reviewed-on: http://gerrit.chromium.org/gerrit/4282
Tested-by: Chris Masone <cmasone@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
3 years agoverity: pull up maybe_read_entry
Mandeep Singh Baines [Tue, 3 May 2011 00:43:27 +0000 (17:43 -0700)]
verity: pull up maybe_read_entry

Since the latest refactoring it is now possible to pull up maybe_read_entry.

I also removed the PENDING flag and instead just call is_populated.

BUG=chromium-os:13872
TEST=Ran dm-verity.git unit tests. Ran platform_DMVerityCorruption on H/W.

kernel.git Review URL: http://codereview.chromium.org/6883252

TBRing since already LGTMed and committed to kernel.git

Change-Id: Ie9a60325b8a1f4d40325cd0211477551c9aed488
Reviewed-on: http://gerrit.chromium.org/gerrit/4278
Reviewed-by: Mandeep Singh Baines <msb@chromium.org>
Tested-by: Mandeep Singh Baines <msb@chromium.org>
3 years agoverity: don't check for BSD license in PRESUBMIT.
Elly Jones [Thu, 23 Jun 2011 15:40:40 +0000 (11:40 -0400)]
verity: don't check for BSD license in PRESUBMIT.

Verity is gplv2.

BUG=chromium-os:16780
TEST=Adhoc
'repo upload' on a file without the BSD license header.

Change-Id: I4f2794dd67a769289b6de0202404cdea34046167
Signed-off-by: Elly Jones <ellyjones@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/3089
Reviewed-by: Will Drewry <wad@chromium.org>
3 years agoverity: use key-value args for commandline tool
Elly Jones [Fri, 27 May 2011 20:04:23 +0000 (16:04 -0400)]
verity: use key-value args for commandline tool

We could use getopt here, but we'd like the arg format to stay the same between
the kernel module and the userspace tool, and getopt in kernel seems gauche.

BUG=chromium-os:15772
TEST=Adhoc
Built image, booted it. All good.

Change-Id: Id15f69e195bad641d5b8f9c1c0f4536f340355ba
Signed-off-by: Elly Jones <ellyjones@google.com>
Reviewed-on: http://gerrit.chromium.org/gerrit/1739
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Elly Jones <ellyjones@chromium.org>
3 years ago[verity] Roll forward to new libchrome 0.13.558.B 0.13.587.B
Chris Masone [Mon, 16 May 2011 15:26:46 +0000 (08:26 -0700)]
[verity] Roll forward to new libchrome

Chrome still has base/scoped_ptr.h, but it's just a pointer to base/memory/scoped_ptr.h
Update the includes here to be more future-compatible.

BUG=chromium-os:14304
TEST=emerge with tests

Change-Id: I08cec15f8512a84dad204a90ab0bdeaf5c297e59
Reviewed-on: http://gerrit.chromium.org/gerrit/929
Reviewed-by: Will Drewry <wad@chromium.org>
Tested-by: Chris Masone <cmasone@chromium.org>
3 years agoverity: remove compare_hash layer 73/173/1 0.13.509.B
Mandeep Singh Baines [Thu, 28 Apr 2011 18:48:19 +0000 (11:48 -0700)]
verity: remove compare_hash layer

We've refactored the code such that we are now only calling compare_hash
into two places in the same function. So we really don't need this layer
any more.

I plan to send a CL soonish that will remove the second call so we'll
be down to just the one call.

BUG=chromium-os:13872
TEST=Ran dm-verity.git unit tests. Ran platform_DMVerityCorruption on H/W.

Change-Id: Ieb20dfdcf425a3c423ebabf63f86d549c259c0f8

kernel-next.git Review URL: http://codereview.chromium.org/6902084

TBRing. Already LGTMed and committed to kernel-next.git.

TBR=wad@chromium.org,taysom@chromium.org

3 years agoverity: remove special-case logic for the root node
Mandeep Singh Baines [Tue, 26 Apr 2011 17:39:57 +0000 (10:39 -0700)]
verity: remove special-case logic for the root node

Now that the root-node is the same width as the interior nodes
of the hash tree, we no longer need to make it a special case.

BUG=chromium-os:9752
TEST=Ran dm-verity.git unit tests. Ran platform_DMVerityCorruption on H/W.

kernel-next.git Review URL: http://codereview.chromium.org/6896044

TBRing. Alreadying LGTMed and committed to kernel-next.git.

Change-Id: I0edde02cb4b62b1121791badaf480ab46c2b44be

R=wad@chromium.org,taysom@chromium.org

Review URL: http://codereview.chromium.org/6880209

3 years agoverity: change maybe_read_entries to maybe_read_entry
Mandeep Singh Baines [Fri, 22 Apr 2011 02:57:39 +0000 (19:57 -0700)]
verity: change maybe_read_entries to maybe_read_entry

Since root is guaranteed to be a single block we no longer need to
read multiple entries in maybe_read_entries.

BUG=9752
TEST=Ran dm-verity.git unit tests. Ran platform_DMVerityCorruption on H/W.

kernel-next.git Review URL: http://codereview.chromium.org/6821076

TBRing. Already LGTMed and committed to kernel-next.git

Change-Id: I23e19d13e7f3b079a5fe739be7fdd9f2df760335

R=wad@chromium.org,taysom@chromium.org

Review URL: http://codereview.chromium.org/6880133

3 years agoverity: don't call page_address on unmapped highmem pages 0.12.433.B 0.12.433.B109 0.12.433.B62 0.13.434.B
Mandeep Singh Baines [Thu, 14 Apr 2011 20:43:05 +0000 (13:43 -0700)]
verity: don't call page_address on unmapped highmem pages

This fixes a bug that is preventing ARM systems from booting with verity.

We were calling page_address on what could potentially have been an
unmapped highmem page. Fix is to pass the struct page to the crypto code
and let crypto handle the kmap/kunmap.

BUG=chromium-os:14089,chrome-os-partner:3287
TEST=Ran dm-verity.git unit tests. Ran platform_DMVerityCorruption on H/W.
Verified that ARM now boots.

kernel-next.git Review URL: http://codereview.chromium.org/6835032

TBRing. Code has already been reviewed and committed to kernel-next.git
There are some trivial changes here to the unittest to match the new
list of parameters.

Change-Id: Id9e025552aee323e95d50aa9798a964510710fdd

Review URL: http://codereview.chromium.org/6851023

3 years agoverity: remove the depth parameter from bht_create
Mandeep Singh Baines [Mon, 11 Apr 2011 20:12:30 +0000 (13:12 -0700)]
verity: remove the depth parameter from bht_create

We want to only support regular tries with a single root hash block.

BUG=chromium-os9752
TEST=Ran dm-verity.git unit tests. Ran platform_DMVerityCorruption on H/W.

Change-Id: I49a8b74b8343c4cb5aa871a81b45f06025fe1011

R=wad@chromium.org,taysom@chromium.org,ups@chromium.org

Review URL: http://codereview.chromium.org/6811030

3 years agoverity: don't error on depth=0 0.12.392.B
Mandeep Singh Baines [Thu, 7 Apr 2011 17:13:44 +0000 (10:13 -0700)]
verity: don't error on depth=0

Support for depth=0 (i.e. compute depth) was added as part of:

commit 8019a6a4fdc022430376e270cdcc2b19113527c8
Author: Mandeep Singh Baines <msb@chromium.org>
Date:   Fri Apr 1 15:07:39 2011 -0700

    verity: create a regular trie when depth=0

BUG=9752
TEST=Ran dm-verity.git unit tests. Ran platform_DMVerityCorruption on H/W.

Change-Id: Ie5ecaf8c8bb0e06e80edb9bad3170dc14d0983c2

R=wad@chromium.org,taysom@chromium.org,ups@chromium.org

Review URL: http://codereview.chromium.org/6810004

3 years agoAdd gauravsh to verity WATCHLIST
Gaurav Shah [Thu, 7 Apr 2011 01:35:43 +0000 (18:35 -0700)]
Add gauravsh to verity WATCHLIST

Change-Id: Id68a0269fd63c67dbb12ec4f66723e4a5b841d69

BUG=none
TEST=this CL is a test.

Review URL: http://codereview.chromium.org/6816001

3 years agoverity: create a regular trie when depth=0 0.12.362.B 0.12.369.B
Mandeep Singh Baines [Fri, 1 Apr 2011 22:07:39 +0000 (15:07 -0700)]
verity: create a regular trie when depth=0

We want to eventually remove support for the depth constructor parameter
only create trees where level[0]->count = 1.

BUG=9752
TEST=Ran dm-verity.git unit tests. Ran platform_DMVerityCorruption on H/W.

Change-Id: Ie05ebc93a9c52055b4573ccd8811acbbb114adf3

R=wad@chromium.org,taysom@chromium.org,ups@chromium.org

Review URL: http://codereview.chromium.org/6670096

3 years agoverity: remove entry_readahead
Mandeep Singh Baines [Wed, 30 Mar 2011 20:47:24 +0000 (13:47 -0700)]
verity: remove entry_readahead

We don't use entry_readahead and readahead is really best done by
other layers.

BUG=9752
TEST=Ran platform_DMVerityCorruption on H/W.

kernel.git Review URL: http://codereview.chromium.org/6757012

TBRing. Already LGTMed and committed to kernel.git.

Change-Id: Id58c0d36fb5576715cbf1e4143a17671b9a6b65b

R=wad@chromium.org

Review URL: http://codereview.chromium.org/6675058

3 years agoverity: only requeue if necessary
Mandeep Singh Baines [Wed, 30 Mar 2011 20:36:50 +0000 (13:36 -0700)]
verity: only requeue if necessary

For the most part, I/Os will be ordered so it is more than likely that
PENDING I/Os will become ready. Instead of requeuing an I/O for which
there were pending I/Os, check the state of all dependent I/Os and
only requeue if necessary.

I also removed the _queue functions. They were two liners that could
easily be open-coded to reduce abstraction. Just makes it easier for
me to see what's really going on.

This change saves about 2 seconds off of a depth=3 boot:

Before:

  seconds_power_on_to_login                                       10.03
  seconds_power_on_to_login{1}                                    9.96
  seconds_power_on_to_login{2}                                    10.4
  seconds_power_on_to_login{3}                                    9.96
  seconds_power_on_to_login{4}                                    10.04
  seconds_power_on_to_login{5}                                    10.04
  seconds_power_on_to_login{6}                                    9.95
  seconds_power_on_to_login{7}                                    10.18
  seconds_power_on_to_login{8}                                    10.13
  seconds_power_on_to_login{9}                                    10.07

0 1740800 verity 0 0 0 438 4017

After:

  seconds_power_on_to_login                                       7.74
  seconds_power_on_to_login{1}                                    7.89
  seconds_power_on_to_login{2}                                    7.84
  seconds_power_on_to_login{3}                                    7.74
  seconds_power_on_to_login{4}                                    7.8
  seconds_power_on_to_login{5}                                    7.85
  seconds_power_on_to_login{6}                                    7.92
  seconds_power_on_to_login{7}                                    7.77
  seconds_power_on_to_login{8}                                    7.81
  seconds_power_on_to_login{9}                                    7.88

0 1740800 verity 0 0 0 0 4014

Notice: No more requeus in the after case.

BUG=chromium-os:9752
TEST=Ran platform_DMVerityCorruption on H/W. Ran platform_BootPerf on H/W.

kernel.git Review URL: http://codereview.chromium.org/6739006

TBRing. Already LGTMed and commited to kernel.git.

Change-Id: I95da7af3f90619a0c6bea6da0ac578dc1cb61aa0

R=wad@chromium.org

Review URL: http://codereview.chromium.org/6675057

3 years agoverity: fix valgrind warnings in OddLeafCount
Mandeep Singh Baines [Fri, 25 Mar 2011 22:15:21 +0000 (15:15 -0700)]
verity: fix valgrind warnings in OddLeafCount

We don't clear the end bits (non-hash) of the last block. This results
in uninitialized bits being factored into the root hash. This causes
test flakiness.

Fix by memset all leaf blocks after allocation.

BUG=none
TEST=Ran OddLeafCount with valgrind.

Change-Id: I626f1ab386a67d0da8dcaff40d25245bfc747994

R=taysom@chromium.org,wad@chromium.org

Review URL: http://codereview.chromium.org/6726045

3 years agoverity: handle trees with an odd node count correctly
Mandeep Singh Baines [Fri, 25 Mar 2011 20:16:12 +0000 (13:16 -0700)]
verity: handle trees with an odd node count correctly

This fixes a bug we were seeing when setting root_depth=3.

BUG=none
TEST=Ran unittests.

Change-Id: I7241ccd97102638e9f003a694280ca0b53f317b9

R=wad@chromium.org

Review URL: http://codereview.chromium.org/6742001

3 years agoverity: remove BUG_ON alignment check
Mandeep Singh Baines [Wed, 23 Mar 2011 03:28:56 +0000 (20:28 -0700)]
verity: remove BUG_ON alignment check

The buffer passed to the compute_hash needs to be aligned when dm-bht.c
is used in the kernel. dm-bht.c is also used by the dm-verity user-space
code where you don't need aligned buffers.

Remove the BUG_ON for now. Eventually, re-enable once we've modified
the user-space code to use aligned buffers (or once we stop use
common code).

BUG=none
TEST=Ran unittests.

Change-Id: I854c785bcff6994612c373a783fff6bdc93c2afa

R=ojn@chromium.org,wad@chromium.org

Review URL: http://codereview.chromium.org/6726018

3 years agoverity: use atomic_set instead of atomic_cmpxchg in read_completed
Mandeep Singh Baines [Wed, 23 Mar 2011 01:23:00 +0000 (18:23 -0700)]
verity: use atomic_set instead of atomic_cmpxchg in read_completed

When moving from the PENDING to READY state it is sufficient to use
an atomic_set since we know the previous state MUST have been
PENDING. In addition, there is a BUG_ON which verifies this.

BUG=9752
TEST=Ran tests in verity.git. Ran platform_DMVerityCorruption on H/W.

Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
kernel.git Review URL: http://codereview.chromium.org/6677048

TBRing. Already LGTMed and committed to kernel.git

Change-Id: I1a199fc8f27f315bd98baa98f5fca0bb0fb4a556

R=wad@chromium.org,taysom@chromium.org,ups@chromium.org

Review URL: http://codereview.chromium.org/6721019

3 years agoverity: use atomic_set instead of atomic_cmpxchg in verify_path
Mandeep Singh Baines [Wed, 23 Mar 2011 01:20:52 +0000 (18:20 -0700)]
verity: use atomic_set instead of atomic_cmpxchg in verify_path

When moving from the READY to VERIFIED state it is sufficient to use
an atomic_set since we know the previous state MUST have been
either READY or VERIFIED.

BUG=9752
TEST=Ran tests in verity.git. Ran platform_DMVerityCorruption on H/W.

Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
kernel.git Review URL: http://codereview.chromium.org/6694010

TBRing. Already LGTMed and committed to kernel.git.

Change-Id: Ie2d57adf8752b2e4e9de9a53645156083382d03f

TBR=wad@chromium.org,taysom@chromium.org,ups@chromium.org

Review URL: http://codereview.chromium.org/6726016

3 years agoverity: collapse check_block into verify_path
Mandeep Singh Baines [Wed, 23 Mar 2011 01:19:00 +0000 (18:19 -0700)]
verity: collapse check_block into verify_path

There was a lot of common code between the two functions.

BUG=9752
TEST=Ran tests in verity.git. Ran platform_DMVerityCorruption on H/W.

Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
kernel.git Review URL: http://codereview.chromium.org/6686017

TBRing. Already LGTMed and committed to kernel.git

Change-Id: I1112fedfd7823e1aa54cd3100fbfa8eaf1e3d304

R=wad@chromium.org,taysom@chromium.org,ups@chromium.org

Review URL: http://codereview.chromium.org/6724017

3 years agoCHROMIUM: verity: use sg_set_buf instead of sg_set_page
Mandeep Singh Baines [Wed, 23 Mar 2011 01:15:00 +0000 (18:15 -0700)]
CHROMIUM: verity: use sg_set_buf instead of sg_set_page

This is in preparation for removing the assumption that the block
size = PAGE_SIZE.

BUG=9752
TEST=Ran tests in verity.git. Ran platform_DMVerityCorruption on H/W.

Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
kernel.git Review URL: http://codereview.chromium.org/6684008

TBRing. Already committed to kernel.git.

Change-Id: Ia80b9466d7710ab32e5026ce46d5a2078338aeff

R=wad@chromium.org,taysom@chromium.org,ups@chromium.org

Review URL: http://codereview.chromium.org/6721018

3 years agoverity: remove checks for error states
Mandeep Singh Baines [Wed, 23 Mar 2011 01:13:42 +0000 (18:13 -0700)]
verity: remove checks for error states

All entries along the path must be either READY or VERIFIED as per
the contract with the caller. There is a BUG_ON which checks this.

BUG=9752
TEST=Ran tests in verity.git. Ran platform_DMVerityCorruption on H/W.

Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
kernel.git Review URL: http://codereview.chromium.org/6681004

TBRing. Code already LGTMed and committed to kernel.git.

Change-Id: Ib1af50ffd22a0a9063e947716fb478d690333ecc

TBR=wad@chromium.org,taysom@chromium.org,ups@chromium.org

Review URL: http://codereview.chromium.org/6705016

3 years agoverity: short circuit once you hit a verified node
Mandeep Singh Baines [Wed, 23 Mar 2011 01:12:20 +0000 (18:12 -0700)]
verity: short circuit once you hit a verified node

Since we set the VERIFIED bits top-down we can short circuit once
we hit a VERIFIED node.

BUG=9752
TEST=Ran tests in verity.git. Ran platform_DMVerityCorruption on H/W.

Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
kernel.git Review URL: http://codereview.chromium.org/6670008

TBRing because code has already been LGTMed and committed to kernel.git.

Change-Id: Ib8fe833668a62bdc21946e2b274f970b0955cd8c

TBR=wad@chromium.org,taysom@chromium.org,ups@chromium.org

Review URL: http://codereview.chromium.org/6721017

3 years agoverity: remove verify_mode
Mandeep Singh Baines [Wed, 23 Mar 2011 01:05:59 +0000 (18:05 -0700)]
verity: remove verify_mode

We don't really use verify_mode any more. We used to use it when
dm_bht_compute called verify_path but that is no longer the case.

I'm sending this patch now because it makes the LOCALLY_VERIFIED state
patch I'm working on a little cleaner. So this is really work
leading up to that.

BUG=9752
TEST=Ran platform_DMVerityCorruption on H/W.

Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
kernel.git Review URL: http://codereview.chromium.org/6659037

TBRing because code has already been LGTMed and commited to kernel.git.

Change-Id: I09b2e9b7caeb7020c14fb7d2366e463afee9b515

TBR=wad@chromium.org,taysom@chromium.org,ups@chromium.org

Review URL: http://codereview.chromium.org/6705014

3 years agoverity: remove short-circuiting of verify_path
Mandeep Singh Baines [Tue, 22 Mar 2011 23:25:53 +0000 (16:25 -0700)]
verity: remove short-circuiting of verify_path

This removes the optimization which short-circuited verify_path. The net
result is the addition of a few cycles and the removal of a few so zero
or negligible cycles added.

The main benefit is the removal of the one of the larget comments in the
code. Ran BootPerfServer to verify no noticable overhead added.

Before:

  seconds_power_on_to_login                                       8.44

After:

  seconds_power_on_to_login                                       8.4

This result is within variance.

BUG=9752
TEST=Ran dm-verity.git unit tests. Ran platform_DMVerityCorruption on H/W.

Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
kernel.git Review URL: http://codereview.chromium.org/6659004

TBRing because this has already been LGTMed and committed to kernel.git.

Change-Id: Ib9384f3a5addc014f679cc1d46638bf782b12c9f

TBR=wad@chromium.org,taysom@chromium.org,ups@chromium.org

Review URL: http://codereview.chromium.org/6725015

3 years agoverity: don't pass hash_desc down the stack
Mandeep Singh Baines [Tue, 22 Mar 2011 23:19:05 +0000 (16:19 -0700)]
verity: don't pass hash_desc down the stack

Simplify the code by grabbing a hash_desc reference inside compute_hash().

BUG=9752
TEST=Ran platform_DMVerityCorruption on H/W.

Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
kernel.git Review URL: http://codereview.chromium.org/6660003

TBRing since code has already been review and LGTMed for kernel.git

Change-Id: Ia613b08fa4584cac2b26e948220a0a0a45058991

TBRR=wad@chromium.org,taysom@chromium.org,ups@chromium.org

Review URL: http://codereview.chromium.org/6705011

3 years agoverity: use properly aligned buffers.
Mandeep Singh Baines [Sat, 19 Mar 2011 17:20:05 +0000 (10:20 -0700)]
verity: use properly aligned buffers.

Need aligned buffers in order to not hit the BUG_ON added here:

http://git.chromium.org/gitweb/?p=kernel.git;a=commitdiff;h=5ee4dc23543cceea78da586e72bcce5a65b0ea3e

BUG=9752
TEST=Ran dm-verity.git unit tests.

Also, tested this with the latest version of dm-bht.c which includes
the BUG_ON.

Change-Id: Icad33fcdf828d6e8091d8c2f3fd0db0304e04e3b

R=wad@chromium.org,taysom@chromium.org,ups@chromium.org

Review URL: http://codereview.chromium.org/6710006

3 years agoverity: do all hashing in dm-bht.c
Mandeep Singh Baines [Wed, 16 Mar 2011 21:02:01 +0000 (14:02 -0700)]
verity: do all hashing in dm-bht.c

We were doing the hashing of the disk blocks in dm-verity.c and hashing
hash blocks in dm-bht.c. We can simplifiy the code by doing all the
hashing in dm-bht.c. We couldn't do this earlier because we had
to handle unaligned reads (no longer an issue).

I also removed the BUG_ON in dm_bht_get_node because I wanted to use it
in dm_bht_check_block with depth == bht->depth.

The kernel piece has already been reviewed and submitted. What is different
in this CL are the modifications to the tests.

BUG=9752
TEST=Ran dm-verity.git unit tests. Ran platform_DMVerityCorruption on H/W.
kernel.git Review URL: http://codereview.chromium.org/6626037

Change-Id: Ic817a53f383f7727742c77c2064cdb0afe595c43

R=wad@chromium.org,taysom@chromium.org,ups@chromium.org

Review URL: http://codereview.chromium.org/6695038

3 years agoCHROMIUM: verity: add BUG in check_block for consistency with verify_path 0.11.241.B 0.11.257.B 0.11.257.B90 11.1.241.B
Mandeep Singh Baines [Fri, 4 Mar 2011 21:30:20 +0000 (13:30 -0800)]
CHROMIUM: verity: add BUG in check_block for consistency with verify_path

We assume that the caller guarantees that all nodes along the path are
already populated. We already have a BUG_ON checking this in verify_path.
This change adds a similar BUG_ON in check_path and removes the code
which checks the entry state.

TBR=wad(code already LGTMed and submitted to kernel.git)
BUG=9752
TEST=Ran unit tests in dm-verity.git. Ran platform_DMVerityCorruption on H/W.

Change-Id: Id456d9e495978c93d0be28bd895e5ced28d9973b
Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
kernel.git Review URL: http://codereview.chromium.org/6246094

Review URL: http://codereview.chromium.org/6632013

3 years agoCHROMIUM: verity: remove stale code/comments from earlier bitmap design
Mandeep Singh Baines [Fri, 4 Mar 2011 21:22:56 +0000 (13:22 -0800)]
CHROMIUM: verity: remove stale code/comments from earlier bitmap design

TBR=wad(already LGTMed and submitted to kernel.git)
BUG=9752
TEST= Ran dm-verity.git unit tests. Ran platform_DMVerityCorruption on H/W.

Change-Id: I6a7f4c21e6bb5a6afd9590fafc1f9b1f93a25700
Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
kernel.git Review URL: http://codereview.chromium.org/6250155

Review URL: http://codereview.chromium.org/6628022

3 years agoCHROMIUM: verity: remove dead code in dm_bht_verify_path
Mandeep Singh Baines [Fri, 4 Mar 2011 21:13:09 +0000 (13:13 -0800)]
CHROMIUM: verity: remove dead code in dm_bht_verify_path

The depth == 0 check is no longer necessary as depth can never
be zero at this point. We check depth > 0 at the top of the while
loop and only decrement depth at the bottom and before the continue.

TBR=wad (code already LGTMed and submitted to kernel.git)
BUG=9752
TEST= Ran dm-verity.git unit tests. Ran platform_DMVerityCorruption on H/W.

Signed-off-by: Mandeep Singh Baines <msb@chromium.org>
kernel.git Review URL: http://codereview.chromium.org/6286102

Change-Id: Ic28e1ddeefa1dbd9d0fe3f93b689bfcc4e240bc6

Review URL: http://codereview.chromium.org/6626023

3 years agoverity: extract the compare part out of compute_and_compare
Mandeep Singh Baines [Tue, 11 Jan 2011 22:08:51 +0000 (14:08 -0800)]
verity: extract the compare part out of compute_and_compare

BUG=9752
TEST=Unit tests pass. Booted and surfed a few sites.

Change-Id: I5d1f63b7afa2e6f316defd1997a9f1d3934144f6

Review URL: http://codereview.chromium.org/6072008

3 years agoverity: refactor dm_bht_compute
Mandeep Singh Baines [Thu, 23 Dec 2010 22:54:38 +0000 (14:54 -0800)]
verity: refactor dm_bht_compute

This is a re-factoring CL. The goal here is to not call verify_path from
dm_bht_compute. This will allow verify_block and verify_path to be
combined into one function removing lots of duplicate code in both.

I also want to change compute_and_compare into just compute and remove
the compare callback.

BUG=9752
TEST=Unittests pass.

Change-Id: I25a6731c04f38e149dc3894fdf18f094e5e0277c

Review URL: http://codereview.chromium.org/5535004

3 years agoCHROMIUM: verity: Cleanup dm_bht_verify_path.
Mandeep Singh Baines [Thu, 2 Dec 2010 17:45:09 +0000 (09:45 -0800)]
CHROMIUM: verity: Cleanup dm_bht_verify_path.

The whole function now fits inside my emacs window at one time!

BUG=n0ne
TEST=Unit tests pass. Booted.

Change-Id: I6f186c179021faac62e6e8fc5ea2eb560a22c18c

Review URL: http://codereview.chromium.org/5361004

3 years agoverity: add a unit test for testing an odd number of blocks
Mandeep Singh Baines [Tue, 30 Nov 2010 22:29:37 +0000 (14:29 -0800)]
verity: add a unit test for testing an odd number of blocks

BUG=9752
TEST=Unit tests pass.

Change-Id: I73f7a93819b50672920e04e8cf5872417bf890bd

Review URL: http://codereview.chromium.org/5274007

3 years agoverity: refactor populate inside unittests
Mandeep Singh Baines [Tue, 30 Nov 2010 18:04:13 +0000 (10:04 -0800)]
verity: refactor populate inside unittests

BUG=9752
TEST=Tests pass.

Change-Id: Ibb5acbb38e61567c60c9ad7640a65668f015c981

Review URL: http://codereview.chromium.org/5261011

3 years agoverity: bring back in sync with the kernel
Mandeep Singh Baines [Wed, 24 Nov 2010 00:37:06 +0000 (16:37 -0800)]
verity: bring back in sync with the kernel

BUG=n0ne
TEST=Ran unittests.
TBR=wad

Change-Id: I4380af503caea90175a184e050f29a760ef72e52

Review URL: http://codereview.chromium.org/5346003

3 years agoverity: refactor test code and add a test for multi-level hash
Mandeep Singh Baines [Thu, 18 Nov 2010 23:28:43 +0000 (15:28 -0800)]
verity: refactor test code and add a test for multi-level hash

We need a test to verify that multiple levels of hashes is working.

BUG=9033
TEST=Unittests pass.

Change-Id: I7d6337d1bed8380addd8f12069fabb0dd3319b40

Review URL: http://codereview.chromium.org/5052001

3 years agoverity: no longer need to set verify_mode
Mandeep Singh Baines [Tue, 16 Nov 2010 23:52:00 +0000 (15:52 -0800)]
verity: no longer need to set verify_mode

verify_mode is now automatically set in dm_bht_compute().

BUG=9033
TEST=Booted with this patch.

Change-Id: I02af6a6f31069bd8b81bab6912055024ac89686c

Review URL: http://codereview.chromium.org/5006002

3 years agoverity: support building hash trees deeper than one level
Will Drewry [Thu, 11 Nov 2010 22:07:19 +0000 (16:07 -0600)]
verity: support building hash trees deeper than one level

Two bugs were occurring here:
1. dm_bht_compute didn't enforce FULL_REVERIFY.
   This mean file_hasher.cc was fine, but unittests were not!
2. verify_path starts from the top of the tree (near root)
   and traverses down towards the leaves (blocks).  By doing so,
   hash computation trickled down instead of upward when creating
   a new hash set.

This change also pulls in the mempool_free() fix in the kernel.

TEST=tests pass, msb's pending unittest changes pass; built  akernel without it and with verity-9999 emerged to the chroot and the image booted.   When copying to the kernel tree, we will test deeper trees there.
BUG=chromium-os:9033

Change-Id: I193fb45a318a2c6fc420d793a2fdfcf008757219

Review URL: http://codereview.chromium.org/4629001

4 years agoverity: remove libchrome dependency from runtime tool
Will Drewry [Mon, 28 Jun 2010 19:58:47 +0000 (14:58 -0500)]
verity: remove libchrome dependency from runtime tool

Adds a hacked up version of libchrome's logging.* to
allow the runtime tool to be built with a sole dependency
of openssl.  Testing still requires libchrome.

It removes all log-to-file support and cross-platform support.

TEST=built both ways; ran tests WITH_CHROME=1; ran and built WITH_CHROME=0 for multiple platforms
BUG=chromium-os:327

Review URL: http://codereview.chromium.org/2806037

4 years agoBring into line with the dm-bht rewrites
Will Drewry [Wed, 9 Jun 2010 01:19:22 +0000 (20:19 -0500)]
Bring into line with the dm-bht rewrites

Includes updating the supporting kernel glue
and cleaning up the unit tests a little.

The dm-bht.c code will be reviewed in the kernel
cl.

TEST=manual
BUG=none

Review URL: http://codereview.chromium.org/2771002

4 years agoNew verity implementation using shared code with the coming dm-verity module
Will Drewry [Fri, 28 May 2010 21:41:17 +0000 (16:41 -0500)]
New verity implementation using shared code with the coming dm-verity module

More tests will come for both dm-bht and the related helpers (simple_file, etc), but I'd like to get a first cut checked in to iterate on.

The dm-bht.c/h code may change as a result of the kernel-side review so feedback is good here, but it will also fall under the kernel cl as well.

[FWIW, simple_file isn't pushed to common because all the code directly compiled with dm-bht.c is being gplv2 licensed.  If we want to dupe it over with a BSD license once the unit tests are written, that works.  I just didn't want to create any licensing mayhem off the bat, especially for a trivial class.]

TEST=unittests, manual testing on virtualbox and physical hardware with dm-verity and dm-boot code
BUG=327

Review URL: http://codereview.chromium.org/1687008

4 years agoinherit review settings
Mandeep Singh Baines [Mon, 24 May 2010 18:36:07 +0000 (11:36 -0700)]
inherit review settings

TBR=cmasone

Review URL: http://codereview.chromium.org/2121016

4 years agoinit repo
Will Drewry [Mon, 5 Apr 2010 22:06:51 +0000 (17:06 -0500)]
init repo