[RFC PATCH 0/5] Add support for Chromium OS and Google WiFi

Brian Norris computersforpeace at gmail.com
Sat Jul 18 16:51:43 EDT 2020 

Hi,

This series adds support for both Chromium OS (or particularly, its
kernel-payload signing and disk layout) and for a device using it (the
first generation Google WiFi).

Google WiFi (code-named "Gale") is an IPQ4019-based AP. Its hardware is
decently supported by the existing ipq40xx target -- see patch 5 for
more notes. Notably missing: reboot does not work properly -- I have
some separate TrustZone/SCM-related patches I'd like to clean up to
enable this later.

The "RFC" is mostly for the first part of the series: supporting the
verified boot payload utilities and disk layout needed for building
images that can be booted by Gale's bootloader (or by other Chromium OS
systems).

Chromium OS (the open-source OS on which Google builds its Chrome OS) --
"CrOS" for short -- typically boots via Coreboot, plus Depthcharge as a
second stage. Such bootloaders utilize a verified boot toolkit [1] to
verify each subsequent stage. Of note:

 1. The kernel should be placed in a GPT partition with a custom "Chrome
    OS kernel" GUID type and a few custom flags (to manage the A/B
    OS updates employed by Chromium OS). CrOS vboot provides the `cgpt`
    utility for creating and managing such partitions.
 2. That partition should hold a vboot payload, signed and packaged per
    the format documented and implemented at [1]. Using the vboot
    utilities, this involves the `vbutil_kernel --pack ...` command.

My main questions are:

 (a) How should we establish this custom partition layout (i.e., #1)? In
     this series, I extend OpenWRT's ptgen to help customize partition
     types, instead of packaging vboot's `cgpt`.
 (b) How should we package and sign kernels (#2)? In this series, I
     adapt and reimplement the `vbutil_kernel` command as a custom
     `cros-vbutil` utility, rather than packaging Google's utility.
 (c) How should this integrate into the ipq40xx target? In this series,
     I add kernel and rootfs partition-size parameters, but it's not
     clear to me if this fits well into the existing ipq40xx target, or
     if it should be done differently.

For some alternatives (especially on (b)), I did package
futility/vbutil_kernel here:
https://github.com/openwrt/packages/pull/12829
I could adapt this into tools/ instead, so OpenWRT doesn't have to carry
my re-implementation. This would carry some extra build complexity,
as the vboot tools are >10,000 lines of code, compared to my
reimplementation of a few hundred lines. The library dependencies are
similar (mostly just crypto/ssl, and potentially libuuid (for GPT)), as
the vboot project tries to keep the code semi-portable / reusable.

Packaging the vboot utilities might give us some future flexibility, if
the formats grow and change for future systems. So far, I think the
format has been pretty stable. Also, there are potentially some quirks I
missed in my port related the ${ARCH} -- I ported the ARM support, but
there may be some small tweaks I missed that are applicable only to x86
systems.

For (c): adding this to the common ipq40xx target means that there will
be a new CONFIG_TARGET_KERNEL_PARTSIZE and
CONFIG_TARGET_ROOTFS_PARTSIZE, which are only applicable to a single
device but are present for all:
  FEATURES:=boot-part rootfs-part
Is this reason for a new subtarget?

Anyway, this is a working device port as-is, so feel free to take a look
even if you don't have opinions on any of my "RFC" questions!

Regards,
Brian

[1] https://chromium.googlesource.com/chromiumos/platform/vboot_reference

Brian Norris (5):
  firmware-utils/ptgen: add Chromium OS kernel partition support
  firmware-utils/cros-vbutil: add Chrome OS vboot kernel-signing utility
  image-commands: support Chromium OS image-type creation
  ipq40xx: add open-drain support to pinctrl-msm
  ipq40xx: add target for Google WiFi (Gale)

 include/image-commands.mk                     |  17 +
 scripts/gen_image_vboot.sh                    |  29 +
 target/linux/ipq40xx/Makefile                 |   2 +-
 .../ipq40xx/base-files/etc/board.d/02_network |   1 +
 .../base-files/lib/upgrade/platform.sh        |  13 +
 .../arm/boot/dts/qcom-ipq4019-gale-v2.dts     | 402 ++++++++++++
 target/linux/ipq40xx/image/Makefile           |  14 +
 .../090-pinctrl-msm-open-drain.patch          |  90 +++
 .../901-arm-boot-add-dts-files.patch          |   3 +-
 tools/firmware-utils/Makefile                 |   1 +
 tools/firmware-utils/src/cros-vbutil.c        | 609 ++++++++++++++++++
 tools/firmware-utils/src/ptgen.c              |  39 +-
 12 files changed, 1215 insertions(+), 5 deletions(-)
 create mode 100755 scripts/gen_image_vboot.sh
 create mode 100644 target/linux/ipq40xx/files/arch/arm/boot/dts/qcom-ipq4019-gale-v2.dts
 create mode 100644 target/linux/ipq40xx/patches-5.4/090-pinctrl-msm-open-drain.patch
 create mode 100644 tools/firmware-utils/src/cros-vbutil.c

-- 
2.27.0

More information about the openwrt-devel mailing list