1# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5"""A module to support automatic firmware update.
6
7See FirmwareUpdater object below.
8"""
9
10import os
11import re
12
13from autotest_lib.client.common_lib.cros import chip_utils
14from autotest_lib.client.cros.faft.utils import (common,
15                                                 flashrom_handler,
16                                                 saft_flashrom_util,
17                                                 shell_wrapper)
18
19
20class FirmwareUpdaterError(Exception):
21    """Error in the FirmwareUpdater module."""
22
23
24class FirmwareUpdater(object):
25    """An object to support firmware update.
26
27    This object will create a temporary directory in /var/tmp/faft/autest with
28    two subdirectory keys/ and work/. You can modify the keys in keys/
29    directory. If you want to provide a given shellball to do firmware update,
30    put shellball under /var/tmp/faft/autest with name chromeos-firmwareupdate.
31    """
32
33    DAEMON = 'update-engine'
34    CBFSTOOL = 'cbfstool'
35    HEXDUMP = 'hexdump -v -e \'1/1 "0x%02x\\n"\''
36
37    def __init__(self, os_if):
38        self.os_if = os_if
39        self._temp_path = '/var/tmp/faft/autest'
40        self._cbfs_work_path = os.path.join(self._temp_path, 'cbfs')
41        self._keys_path = os.path.join(self._temp_path, 'keys')
42        self._work_path = os.path.join(self._temp_path, 'work')
43        self._bios_path = 'bios.bin'
44        self._ec_path = 'ec.bin'
45        pubkey_path = os.path.join(self._keys_path, 'root_key.vbpubk')
46        self._bios_handler = common.LazyInitHandlerProxy(
47                flashrom_handler.FlashromHandler,
48                saft_flashrom_util,
49                os_if,
50                pubkey_path,
51                self._keys_path,
52                'bios')
53        self._ec_handler = common.LazyInitHandlerProxy(
54                flashrom_handler.FlashromHandler,
55                saft_flashrom_util,
56                os_if,
57                pubkey_path,
58                self._keys_path,
59                'ec')
60
61        # _detect_image_paths always needs to run during initialization
62        # or after extract_shellball is called.
63        #
64        # If we are setting up the temp dir from scratch, we'll transitively
65        # call _detect_image_paths since extract_shellball is called.
66        # Otherwise, we need to scan the existing temp directory.
67        if not self.os_if.is_dir(self._temp_path):
68            self._setup_temp_dir()
69        else:
70            self._detect_image_paths()
71
72    def _setup_temp_dir(self):
73        """Setup temporary directory.
74
75        Devkeys are copied to _key_path. Then, shellball (default:
76        /usr/sbin/chromeos-firmwareupdate) is extracted to _work_path.
77        """
78        self.cleanup_temp_dir()
79
80        self.os_if.create_dir(self._temp_path)
81        self.os_if.create_dir(self._cbfs_work_path)
82        self.os_if.create_dir(self._work_path)
83        self.os_if.copy_dir('/usr/share/vboot/devkeys', self._keys_path)
84
85        original_shellball = '/usr/sbin/chromeos-firmwareupdate'
86        working_shellball = os.path.join(self._temp_path,
87                                         'chromeos-firmwareupdate')
88        self.os_if.copy_file(original_shellball, working_shellball)
89        self.extract_shellball()
90
91    def cleanup_temp_dir(self):
92        """Cleanup temporary directory."""
93        if self.os_if.is_dir(self._temp_path):
94            self.os_if.remove_dir(self._temp_path)
95
96    def stop_daemon(self):
97        """Stop update-engine daemon."""
98        self.os_if.log('Stopping %s...' % self.DAEMON)
99        cmd = 'status %s | grep stop || stop %s' % (self.DAEMON, self.DAEMON)
100        self.os_if.run_shell_command(cmd)
101
102    def start_daemon(self):
103        """Start update-engine daemon."""
104        self.os_if.log('Starting %s...' % self.DAEMON)
105        cmd = 'status %s | grep start || start %s' % (self.DAEMON, self.DAEMON)
106        self.os_if.run_shell_command(cmd)
107
108    def retrieve_fwid(self):
109        """Retrieve shellball's fwid tuple.
110
111        This method should be called after _setup_temp_dir.
112
113        Returns:
114            Shellball's fwid tuple (ro_fwid, rw_fwid).
115        """
116        self._bios_handler.new_image(
117                os.path.join(self._work_path, self._bios_path))
118        # Remove the tailing null characters
119        ro_fwid = self._bios_handler.get_section_fwid('ro').rstrip('\0')
120        rw_fwid = self._bios_handler.get_section_fwid('a').rstrip('\0')
121        return (ro_fwid, rw_fwid)
122
123    def retrieve_ecid(self):
124        """Retrieve shellball's ecid.
125
126        This method should be called after _setup_temp_dir.
127
128        Returns:
129            Shellball's ecid.
130        """
131        self._ec_handler.new_image(
132                os.path.join(self._work_path, self._ec_path))
133        fwid = self._ec_handler.get_section_fwid('rw')
134        # Remove the tailing null characters
135        return fwid.rstrip('\0')
136
137    def retrieve_ec_hash(self):
138        """Retrieve the hex string of the EC hash."""
139        return self._ec_handler.get_section_hash('rw')
140
141    def modify_ecid_and_flash_to_bios(self):
142        """Modify ecid, put it to AP firmware, and flash it to the system.
143
144        This method is used for testing EC software sync for EC EFS (Early
145        Firmware Selection). It creates a slightly different EC RW image
146        (a different EC fwid) in AP firmware, in order to trigger EC
147        software sync on the next boot (a different hash with the original
148        EC RW).
149
150        The steps of this method:
151         * Modify the EC fwid by appending a '~', like from
152           'fizz_v1.1.7374-147f1bd64' to 'fizz_v1.1.7374-147f1bd64~'.
153         * Resign the EC image.
154         * Store the modififed EC RW image to CBFS component 'ecrw' of the
155           AP firmware's FW_MAIN_A and FW_MAIN_B, and also the new hash.
156         * Resign the AP image.
157         * Flash the modified AP image back to the system.
158        """
159        self.cbfs_setup_work_dir()
160
161        fwid = self.retrieve_ecid()
162        if fwid.endswith('~'):
163            raise FirmwareUpdaterError('The EC fwid is already modified')
164
165        # Modify the EC FWID and resign
166        fwid = fwid[:-1] + '~'
167        self._ec_handler.set_section_fwid('rw', fwid)
168        self._ec_handler.resign_ec_rwsig()
169
170        # Replace ecrw to the new one
171        ecrw_bin_path = os.path.join(self._cbfs_work_path,
172                                     chip_utils.ecrw.cbfs_bin_name)
173        self._ec_handler.dump_section_body('rw', ecrw_bin_path)
174
175        # Replace ecrw.hash to the new one
176        ecrw_hash_path = os.path.join(self._cbfs_work_path,
177                                      chip_utils.ecrw.cbfs_hash_name)
178        with open(ecrw_hash_path, 'w') as f:
179            f.write(self.retrieve_ec_hash())
180
181        # Store the modified ecrw and its hash to cbfs
182        self.cbfs_replace_chip(chip_utils.ecrw.fw_name, extension='')
183
184        # Resign and flash the AP firmware back to the system
185        self.cbfs_sign_and_flash()
186
187    def resign_firmware(self, version=None, work_path=None):
188        """Resign firmware with version.
189
190        Args:
191            version: new firmware version number, default to no modification.
192            work_path: work path, default to the updater work path.
193        """
194        if work_path is None:
195            work_path = self._work_path
196        self.os_if.run_shell_command(
197                '/usr/share/vboot/bin/resign_firmwarefd.sh '
198                '%s %s %s %s %s %s %s %s' % (
199                    os.path.join(work_path, self._bios_path),
200                    os.path.join(self._temp_path, 'output.bin'),
201                    os.path.join(self._keys_path, 'firmware_data_key.vbprivk'),
202                    os.path.join(self._keys_path, 'firmware.keyblock'),
203                    os.path.join(self._keys_path,
204                                 'dev_firmware_data_key.vbprivk'),
205                    os.path.join(self._keys_path, 'dev_firmware.keyblock'),
206                    os.path.join(self._keys_path, 'kernel_subkey.vbpubk'),
207                    ('%d' % version) if version is not None else ''))
208        self.os_if.copy_file('%s' % os.path.join(self._temp_path, 'output.bin'),
209                             '%s' % os.path.join(
210                                 work_path, self._bios_path))
211
212    def _detect_image_paths(self):
213        """Scans shellball to find correct bios and ec image paths."""
214        def _extract_path_from_match(match_result, model):
215          """Extract a path from a matched line of setvars.sh.
216
217          Args:
218            match_result: Match object: group 1 contains the quoted filename.
219            model: Name of model to use to resolve ${MODEL_DIR} in the filename.
220
221          Returns:
222            pathname to firmware file (e.g. 'models/grunt/bios.bin').
223          """
224          pathname = match_result.group(1).replace('"', '')
225          pathname = pathname.replace('${MODEL_DIR}', 'models/' + model)
226          return pathname
227
228        model_result = self.os_if.run_shell_command_get_output(
229            'mosys platform model')
230        if model_result:
231            model = model_result[0]
232            search_path = os.path.join(
233                self._work_path, 'models', model, 'setvars.sh')
234            grep_result = self.os_if.run_shell_command_get_output(
235                'grep IMAGE_MAIN= %s' % search_path)
236            if grep_result:
237                match = re.match('IMAGE_MAIN=(.*)', grep_result[0])
238                if match:
239                  self._bios_path = _extract_path_from_match(match, model)
240            grep_result = self.os_if.run_shell_command_get_output(
241                'grep IMAGE_EC= %s' % search_path)
242            if grep_result:
243                match = re.match('IMAGE_EC=(.*)', grep_result[0])
244                if match:
245                  self._ec_path = _extract_path_from_match(match, model)
246
247    def _update_target_fwid(self):
248        """Update target fwid/ecid in the setvars.sh."""
249        model_result = self.os_if.run_shell_command_get_output(
250            'mosys platform model')
251        if model_result:
252            model = model_result[0]
253            setvars_path = os.path.join(
254                self._work_path, 'models', model, 'setvars.sh')
255            if self.os_if.path_exists(setvars_path):
256                ro_fwid, rw_fwid = self.retrieve_fwid()
257                args = ['-i']
258                args.append(
259                    '"s/TARGET_FWID=\\".*\\"/TARGET_FWID=\\"%s\\"/g"'
260                    % rw_fwid)
261                args.append(setvars_path)
262                cmd = 'sed %s' % ' '.join(args)
263                self.os_if.run_shell_command(cmd)
264
265                args = ['-i']
266                args.append(
267                    '"s/TARGET_RO_FWID=\\".*\\"/TARGET_RO_FWID=\\"%s\\"/g"'
268                    % ro_fwid)
269                args.append(setvars_path)
270                cmd = 'sed %s' % ' '.join(args)
271                self.os_if.run_shell_command(cmd)
272
273                # Only update ECID if an EC image is found
274                if self.get_ec_relative_path():
275                    ecid = self.retrieve_ecid()
276                    args = ['-i']
277                    args.append(
278                        '"s/TARGET_ECID=\\".*\\"/TARGET_ECID=\\"%s\\"/g"'
279                        % ecid)
280                    args.append(setvars_path)
281                    cmd = 'sed %s' % ' '.join(args)
282                    self.os_if.run_shell_command(cmd)
283
284    def extract_shellball(self, append=None):
285        """Extract the working shellball.
286
287        Args:
288            append: decide which shellball to use with format
289                chromeos-firmwareupdate-[append]. Use 'chromeos-firmwareupdate'
290                if append is None.
291        """
292        working_shellball = os.path.join(self._temp_path,
293                                         'chromeos-firmwareupdate')
294        if append:
295            working_shellball = working_shellball + '-%s' % append
296
297        self.os_if.run_shell_command('sh %s --sb_extract %s' % (
298                working_shellball, self._work_path))
299
300        self._detect_image_paths()
301
302    def repack_shellball(self, append=None):
303        """Repack shellball with new fwid.
304
305        New fwid follows the rule: [orignal_fwid]-[append].
306
307        Args:
308            append: save the new shellball with a suffix, for example,
309                chromeos-firmwareupdate-[append]. Use 'chromeos-firmwareupdate'
310                if append is None.
311        """
312        self._update_target_fwid();
313
314        working_shellball = os.path.join(self._temp_path,
315                                         'chromeos-firmwareupdate')
316        if append:
317            self.os_if.copy_file(working_shellball,
318                                 working_shellball + '-%s' % append)
319            working_shellball = working_shellball + '-%s' % append
320
321        self.os_if.run_shell_command('sh %s --sb_repack %s' % (
322                working_shellball, self._work_path))
323
324        if append:
325            args = ['-i']
326            args.append(
327                    '"s/TARGET_FWID=\\"\\(.*\\)\\"/TARGET_FWID=\\"\\1.%s\\"/g"'
328                    % append)
329            args.append(working_shellball)
330            cmd = 'sed %s' % ' '.join(args)
331            self.os_if.run_shell_command(cmd)
332
333            args = ['-i']
334            args.append('"s/TARGET_UNSTABLE=\\".*\\"/TARGET_UNSTABLE=\\"\\"/g"')
335            args.append(working_shellball)
336            cmd = 'sed %s' % ' '.join(args)
337            self.os_if.run_shell_command(cmd)
338
339    def run_firmwareupdate(self, mode, updater_append=None, options=[]):
340        """Do firmwareupdate with updater in temp_dir.
341
342        Args:
343            updater_append: decide which shellball to use with format
344                chromeos-firmwareupdate-[append]. Use'chromeos-firmwareupdate'
345                if updater_append is None.
346            mode: ex.'autoupdate', 'recovery', 'bootok', 'factory_install'...
347            options: ex. ['--noupdate_ec', '--force'] or [] for
348                no option.
349        """
350        if updater_append:
351            updater = os.path.join(
352                self._temp_path, 'chromeos-firmwareupdate-%s' % updater_append)
353        else:
354            updater = os.path.join(self._temp_path, 'chromeos-firmwareupdate')
355        command = '/bin/sh %s --mode %s %s' % (updater, mode, ' '.join(options))
356
357        if mode == 'bootok':
358            # Since CL:459837, bootok is moved to chromeos-setgoodfirmware.
359            new_command = '/usr/sbin/chromeos-setgoodfirmware'
360            command = 'if [ -e %s ]; then %s; else %s; fi' % (
361                    new_command, new_command, command)
362
363        self.os_if.run_shell_command(command)
364
365    def cbfs_setup_work_dir(self):
366        """Sets up cbfs on DUT.
367
368        Finds bios.bin on the DUT and sets up a temp dir to operate on
369        bios.bin.  If a bios.bin was specified, it is copied to the DUT
370        and used instead of the native bios.bin.
371
372        Returns:
373            The cbfs work directory path.
374        """
375
376        self.os_if.remove_dir(self._cbfs_work_path)
377        self.os_if.copy_dir(self._work_path, self._cbfs_work_path)
378
379        return self._cbfs_work_path
380
381    def cbfs_extract_chip(self, fw_name, extension='.bin'):
382        """Extracts chip firmware blob from cbfs.
383
384        For a given chip type, looks for the corresponding firmware
385        blob and hash in the specified bios.  The firmware blob and
386        hash are extracted into self._cbfs_work_path.
387
388        The extracted blobs will be <fw_name><extension> and
389        <fw_name>.hash located in cbfs_work_path.
390
391        Args:
392            fw_name: Chip firmware name to be extracted.
393            extension: Extension of the name of the cbfs component.
394
395        Returns:
396            Boolean success status.
397        """
398
399        bios = os.path.join(self._cbfs_work_path, self._bios_path)
400        fw = fw_name
401        cbfs_extract = '%s %s extract -r FW_MAIN_A -n %s%%s -f %s%%s' % (
402            self.CBFSTOOL,
403            bios,
404            fw,
405            os.path.join(self._cbfs_work_path, fw))
406
407        cmd = cbfs_extract % (extension, extension)
408        if self.os_if.run_shell_command_get_status(cmd) != 0:
409            return False
410
411        cmd = cbfs_extract % ('.hash', '.hash')
412        if self.os_if.run_shell_command_get_status(cmd) != 0:
413            return False
414
415        return True
416
417    def cbfs_get_chip_hash(self, fw_name):
418        """Returns chip firmware hash blob.
419
420        For a given chip type, returns the chip firmware hash blob.
421        Before making this request, the chip blobs must have been
422        extracted from cbfs using cbfs_extract_chip().
423        The hash data is returned as hexadecimal string.
424
425        Args:
426            fw_name:
427                Chip firmware name whose hash blob to get.
428
429        Returns:
430            Boolean success status.
431
432        Raises:
433            shell_wrapper.ShellError: Underlying remote shell
434                operations failed.
435        """
436
437        hexdump_cmd = '%s %s.hash' % (
438            self.HEXDUMP,
439            os.path.join(self._cbfs_work_path, fw_name))
440        hashblob = self.os_if.run_shell_command_get_output(hexdump_cmd)
441        return hashblob
442
443    def cbfs_replace_chip(self, fw_name, extension='.bin'):
444        """Replaces chip firmware in CBFS (bios.bin).
445
446        For a given chip type, replaces its firmware blob and hash in
447        bios.bin.  All files referenced are expected to be in the
448        directory set up using cbfs_setup_work_dir().
449
450        Args:
451            fw_name: Chip firmware name to be replaced.
452            extension: Extension of the name of the cbfs component.
453
454        Returns:
455            Boolean success status.
456
457        Raises:
458            shell_wrapper.ShellError: Underlying remote shell
459                operations failed.
460        """
461
462        bios = os.path.join(self._cbfs_work_path, self._bios_path)
463        rm_hash_cmd = '%s %s remove -r FW_MAIN_A,FW_MAIN_B -n %s.hash' % (
464            self.CBFSTOOL, bios, fw_name)
465        rm_bin_cmd = '%s %s remove -r FW_MAIN_A,FW_MAIN_B -n %s%s' % (
466            self.CBFSTOOL, bios, fw_name, extension)
467        expand_cmd = '%s %s expand -r FW_MAIN_A,FW_MAIN_B' % (
468            self.CBFSTOOL, bios)
469        add_hash_cmd = ('%s %s add -r FW_MAIN_A,FW_MAIN_B -t raw -c none '
470                        '-f %s.hash -n %s.hash') % (
471                            self.CBFSTOOL,
472                            bios,
473                            os.path.join(self._cbfs_work_path, fw_name),
474                            fw_name)
475        add_bin_cmd = ('%s %s add -r FW_MAIN_A,FW_MAIN_B -t raw -c lzma '
476                       '-f %s%s -n %s%s') % (
477                           self.CBFSTOOL,
478                           bios,
479                           os.path.join(self._cbfs_work_path, fw_name),
480                           extension,
481                           fw_name,
482                           extension)
483        truncate_cmd = '%s %s truncate -r FW_MAIN_A,FW_MAIN_B' % (
484            self.CBFSTOOL, bios)
485
486        self.os_if.run_shell_command(rm_hash_cmd)
487        self.os_if.run_shell_command(rm_bin_cmd)
488        try:
489            self.os_if.run_shell_command(expand_cmd)
490        except shell_wrapper.ShellError:
491            self.os_if.log(('%s may be too old, '
492                            'continuing without "expand" support') %
493                           self.CBFSTOOL)
494
495        self.os_if.run_shell_command(add_hash_cmd)
496        self.os_if.run_shell_command(add_bin_cmd)
497        try:
498            self.os_if.run_shell_command(truncate_cmd)
499        except shell_wrapper.ShellError:
500            self.os_if.log(('%s may be too old, '
501                            'continuing without "truncate" support') %
502                           self.CBFSTOOL)
503
504        return True
505
506    def cbfs_sign_and_flash(self):
507        """Signs CBFS (bios.bin) and flashes it."""
508        self.resign_firmware(work_path=self._cbfs_work_path)
509        self._bios_handler.new_image(
510                os.path.join(self._cbfs_work_path, self._bios_path))
511        self._bios_handler.write_whole()
512        return True
513
514    def get_temp_path(self):
515        """Get temp directory path."""
516        return self._temp_path
517
518    def get_keys_path(self):
519        """Get keys directory path."""
520        return self._keys_path
521
522    def get_cbfs_work_path(self):
523        """Get cbfs work directory path."""
524        return self._cbfs_work_path
525
526    def get_work_path(self):
527        """Get work directory path."""
528        return self._work_path
529
530    def get_bios_relative_path(self):
531        """Gets the relative path of the bios image in the shellball."""
532        return self._bios_path
533
534    def get_ec_relative_path(self):
535        """Gets the relative path of the ec image in the shellball."""
536        return self._ec_path
537