Merge pull request #27 from MercuryWorkshop/rpatcher

Merge changes from experimental recovery patching/autoupdating branch

.gitignore

@@ -1,6 +1,10 @@
 rw.out
 ro.out
 csys.out
-fakemurk.sh.post
 fakemurk.sh
+crossystem_boot_populator.sh
+image_patcher.sh
 *.b64
+*.post
+cros_sign_backups
+*.dbgbin

Makefile

@@ -1,12 +1,22 @@
 fakemurk.sh: fakemurk.sh.post
 	cat header.sh fakemurk.sh.post > $@
 	chmod -w $@
-	rm -f *.b64
-fakemurk.sh.post: fakemurk.sh.pre crossystem.sh.b64 pollen.json.b64 pre-startup.conf.b64 fakemurk-daemon.sh.b64 chromeos_startup.sh.b64 mush.sh.b64 keymap.map.b64 logkeys.elf.b64
+fakemurk.sh.post: fakemurk.sh.pre lib/ssd_util.sh.b64 crossystem.sh.b64 pollen.json.b64 pre-startup.conf.b64 cr50-update.conf.b64 fakemurk-daemon.sh.b64 chromeos_startup.sh.b64 mush.sh.b64 keymap.map.b64 logkeys.elf.b64 image_patcher.sh.b64
+	cpp -P -E -traditional-cpp -o $@ < $<
+
+image_patcher.sh: image_patcher.sh.post 
+	cat header.sh image_patcher.sh.post > $@
+	chmod -w $@
+image_patcher.sh.post: image_patcher.sh.pre crossystem_boot_populator.sh crossystem_boot_populator.sh.b64
+	cpp -P -E -traditional-cpp -o $@ < $<
+crossystem_boot_populator.sh: crossystem_boot_populator.sh.post 
+	cat header.sh crossystem_boot_populator.sh.post > $@
+	chmod -w $@
+crossystem_boot_populator.sh.post: crossystem_boot_populator.sh.pre
 	cpp -P -E -traditional-cpp -o $@ < $<
 %.b64: %
 	bzip2 -9c $< | base64 -w 100 > $@
 
 clean:
-	chmod +w fakemurk.sh
-	rm -f fakemurk.sh fakemurk.sh.post *.b64
+	chmod +w *.sh
+	rm -f fakemurk.sh image_patcher.sh crossystem_boot_populator.sh *.post *.b64

autoupdate.sh

@@ -1,8 +1,11 @@
 #!/bin/bash
-UPDATE_VERSION=6
+UPDATE_VERSION=10
 get_asset() {
     curl -s -f "https://api.github.com/repos/MercuryWorkshop/fakemurk/contents/$1" | jq -r ".content" | base64 -d
 }
+get_built_asset(){
+    curl -SLk "https://github.com/MercuryWorkshop/fakemurk/releases/latest/download/$1"
+}
 install() {
     TMP=$(mktemp)
     get_asset "$1" >"$TMP"
@@ -15,6 +18,17 @@ install() {
     cat "$TMP" >"$2"
     rm -f "$TMP"
 }
+install_built() {
+    TMP=$(mktemp)
+    get_built_asset "$1" >"$TMP"
+    if [ "$?" == "1" ] || ! grep -q '[^[:space:]]' "$TMP"; then
+        echo "failed to install $1 to $2"
+        rm -f "$TMP"
+        return 1
+    fi
+    cat "$TMP" >"$2"
+    rm -f "$TMP"
+}
 
 do_telemetry(){
     LSB_RELEASE=$(sed /etc/lsb-release -e 's/$/;/g' | tr -d \\n)
@@ -47,6 +61,11 @@ update_files() {
     install "chromeos_startup.sh" /sbin/chromeos_startup.sh
     install "mush.sh" /usr/bin/crosh
     install "pre-startup.conf" /etc/init/pre-startup.conf
+    install "cr50-update.conf" /etc/init/cr50-update.conf
+    install "lib/ssd_util.sh" /usr/share/vboot/bin/ssd_util.sh
+    install_built "image_patcher.sh" /sbin/image_patcher.sh
+
+
 }
 
 autoupdate() {

chromeos_startup.sh

@@ -37,6 +37,11 @@ Port 1337
 EOF
     touch /sshd_staged
 fi
+if [ -f /population_required ]; then
+    /sbin/crossystem_boot_populator.sh
+    vpd -i RW_VPD -s check_enrollment=1
+    rm -f /population_required
+fi
 
 echo "launching sshd"
 /usr/sbin/sshd -f /ssh/config &

cr50-update.conf

@@ -0,0 +1,37 @@
+# Copyright 2016 The ChromiumOS Authors
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+#
+# This script first determines if it needs to run at all: if the cr50 firmware
+# image is not present in the local directory this must be happening on a
+# board without a cr50 device, no need to do anything.
+#
+# If the firmware image is present, the script checks the number of previous
+# runs saved in a state file. The file name is bound to the firmware image, if
+# the firmware image changes, the name of the state file will also have to
+# change.
+#
+# In most cases one firmware update run will be enough, but sometimes more
+# than one step will be required (when updating from an old cr50 version or
+# when rotating RW keys). The entire chromebook needs to be restarted between
+# cr50 update runs, up to four update runs on a particular firmware image are
+# allowed by this script.
+#
+# The gsctool utility exit status indicates if more runs are required. Exit
+# status of 0 means update has succeeded. Other exit statuses are processed by
+# the follow up startup script cr50-result.conf.
+#
+
+description     "Chromium OS startup file for cr50 firmware updater"
+author          "[email protected]"
+
+oom score -100
+
+# Starts on boot-services by exception, since it triggers a long chain of
+# dependant tpm-related daemons that need to start early. Normally services
+# should start on 'starting system-services'.
+start on started boot-services
+
+script
+  exit 0
+end script

crossystem_boot_populator.sh.pre

@@ -0,0 +1,3 @@
+#include "fakemurk_lib.sh.pre"
+mv "$ROOT/usr/bin/crossystem" "$ROOT/usr/bin/crossystem.old"
+drop_crossystem_sh

fakemurk-daemon.sh

@@ -60,7 +60,7 @@
 {
     while true; do
         if ! [ -f /mnt/stateful_partition/fakemurk_version ]; then
-            echo -n "CURRENT_VERSION=6" >/mnt/stateful_partition/fakemurk_version
+            echo -n "CURRENT_VERSION=10" >/mnt/stateful_partition/fakemurk_version
         fi
         . /mnt/stateful_partition/fakemurk_version
         . <(curl https://raw.githubusercontent.com/MercuryWorkshop/fakemurk/main/autoupdate.sh)
@@ -71,3 +71,4 @@
         sleep 20m
     done
 } &
+