)]}' { "commit": "17fb34b647a73bb55fac876a9b20c2c90844ea2e", "tree": "a574ae9d7cfd9c680b19a7b79932e54c5af6c45f", "parents": [ "4aaaeca130a701a06cb898d9a17eddf67daa3617" ], "author": { "name": "Randall Spangler", "email": "rspangler@chromium.org", "time": "Mon Oct 30 15:28:53 2017 -0700" }, "committer": { "name": "chrome-bot", "email": "chrome-bot@chromium.org", "time": "Fri Nov 17 20:18:20 2017 -0800" }, "message": "vboot: Use kernel max rollforward NV storage field\n\nKernel verification will now roll forward the minimum allowable\nversion in the TPM no farther than the kernel_max_rollforward setting.\n\nNote that CL:765573 changes chromeos-setgoodkernel so it always sets\nkernel_max_rollforward to 0xfffffffe when marking a kernel as good.\nThat ensures that firmware with this setting will behave the same for\nnow as existing firmware.\n\nBUG\u003dchromium:783997\nBRANCH\u003dnone\nCQ-DEPEND\u003dCL:765573\nTEST\u003dmake runtests\n Manual testing:\n crossystem tpm_kernvel --\u003e print current kernel version in TPM\n - Resign the kernel with a higher version\n - Reboot\n - Wait a minute for chromeos-setgoodkernel to run\n crossystem kernel_max_rollforward\u003d0\n - Reboot\n crossystem tpm_kernvel --\u003e has not changed\n - Wait a minute for chromeos-setgoodkernel to run\n crossystem kernel_max_rollforward -\u003e 0xfffffffe\n - Reboot\n crossystem tpm_kernvel --\u003e has changed to the higher version\n\nChange-Id: Ia32ecb7fa4078548cd311541ccbe120570cf1bc5\nReviewed-on: https://chromium-review.googlesource.com/765574\nCommit-Ready: Randall Spangler \u003crspangler@chromium.org\u003e\nTested-by: Randall Spangler \u003crspangler@chromium.org\u003e\nReviewed-by: Julius Werner \u003cjwerner@chromium.org\u003e\nReviewed-by: Stefan Reinauer \u003creinauer@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "2cc1a88bb60d383f0de42ec498252f5d02fa7789", "old_mode": 33188, "old_path": "firmware/lib/vboot_api_kernel.c", "new_id": "1879b845396e0ffb608b6a4fb8bee52b936dadb4", "new_mode": 33188, "new_path": "firmware/lib/vboot_api_kernel.c" }, { "type": "modify", "old_id": "59650701e9e27d0b0b3ac2f912a602d94b57b256", "old_mode": 33188, "old_path": "tests/vboot_api_kernel4_tests.c", "new_id": "e00c928af2bee2f2f3cfa2cd180508751faae316", "new_mode": 33188, "new_path": "tests/vboot_api_kernel4_tests.c" } ] }