finalize

Source code: finalize.py

The finalize test is the last step before DUT switching to release image.

Description

The test invokes gooftool finalize with specified arguments to switch the machine to shipping state, in following steps:

1. Run preflight tasks, including:

1. Download HWID file from server if available.

2. Log test states.

3. Log image versions.

2. Call gooftool finalize, which executes following sub commands in order:

1. Verify firmware, keys, disk image, hardware components… etc. (equivalent to gooftool verify)

2. Clear manufacturing flags in firmware (equivalent to gooftool clear_gbb_flags)

3. Enable software write protect (equivalent to gooftool write_protect)

4. Start wiping process (equivalent to gooftool wipe_in_place), which will do the following tasks:

1. Wipe stateful partiton

2. Enable release partition

3. Notify factory server

4. Battery cutoff

You can use gooftool_waive_list and gooftool_skip_list to waive or skip some gooftool steps.

Test Procedure

When started, the pytest runs a few preflight tasks, to check configuration or prepare logs.

After that, gooftool finalize will be called, and it will check device’s state, from hardware to software configuration.

If everything looks good (or waived, skipped by test arguments), gooftool will enable shipping mode by clearing firmware manufacturing flags, enabling write protection, enabling release image, wiping out manufacturing disk data, cutting off battery.

During battery cutoff, operator might be prompted to plug / unplug charger if battery charge percentage is too low or too high.

Dependency

Almost everything essential to Chrome OS, especially:

• crossystem (developer switch status, hardware WP status)

• battery driver (read battery percentage from sysfs)

• flashrom (to turn on software WP)

• TPM (read from sysfs)

• frecon (to show wipe progress and instructions)

• network connection (to notify factory server)

• clobber-state (/sbin/clobber-state, which wipes stateful partition)

Examples

A minimum example should be:

{
  "pytest_name": "finalize"
}

Where,

• write_protection will be True for PVT phase, otherwise False.

• enable_factory_server is True, will try to connect to factory server and update HWID data, flush event logs.

• All gooftool verification rules are not skipped or waived.

For early builds (PROTO, EVT), you can skip things that are not ready:

{
  "pytest_name": "finalize",
  "args": {
    "gooftool_skip_list": ["clear_gbb_flags"],
    "write_protection": false,
    "gooftool_waive_list": ["verify_tpm", "verify_hwid"]
  }
}

Test Arguments

Name	Type	Description
write_protection	bool, None	(optional; default: None) Check and enable write protection.
has_ectool	bool	(optional; default: True) Has ectool utility or not.
secure_wipe	bool	(optional; default: True) Wipe the stateful partition securely (False for a fast wipe).
upload_method	str, None	(optional; default: None) Upload method for “gooftool finalize”
upload_max_retry_times	int	(optional; default: 0) Number of tries to upload. 0 to retry infinitely.
upload_retry_interval	int, None	(optional; default: None) Retry interval in seconds between retries.
upload_allow_fail	bool	(optional; default: False) Continue finalize if report upload fails, instead of raising error.
enable_factory_server	bool	(optional; default: True) Perform factory server operations: update HWID data and flush event logs.
hwid_need_vpd	bool	(optional; default: False) Whether the HWID validation process needs the vpd data.
factory_process	str	(optional; default: <FactoryProcessEnum.FULL: 'FULL'>) Set “FULL” if running a full factory process. Set “TWOSTAGES” for local OEM project or MLB for RMA.Set “RMA” if in a RMA center
rma_mode	bool	(optional; default: False) Deprecated, please set factory_process to “RMA” instead.
is_cros_core	bool	(optional; default: False) For ChromeOS Core device, skip setting firmware bitmap locale.
has_ec_pubkey	bool, None	(optional; default: None) Perform VerifyECKey.
enforced_release_channels	list, None	(optional; default: None) A list of string indicating the enforced release image channels. Each item should be one of “dev”, “beta” or “stable”.
ec_pubkey_path	str, None	(optional; default: None) Path to public key in vb2 format. Verify EC key with pubkey file.Verify by pubkey file should have higher priority.
ec_pubkey_hash	str, None	(optional; default: None) A string for public key hash. Verify EC key with the given hash.
use_local_gooftool	bool	(optional; default: True) If DUT is local, use factory.par or local gooftool? If DUT is not local, factory.par is always used.
station_ip	str, None	(optional; default: None) IP address of this station.
gooftool_waive_list	list	(optional; default: []) A list of waived checks for “gooftool finalize”, see “gooftool finalize –help” for available items.
gooftool_skip_list	list	(optional; default: []) A list of skipped checks for “gooftool finalize”, see “gooftool finalize –help” for available items.
enable_zero_touch	bool	(optional; default: False) Set SN bits to enable zero-touch.
cbi_eeprom_wp_status	[‘Absent’, ‘Locked’, ‘Unlocked’]	(optional; default: <CbiEepromWpStatus.Locked: 'Locked'>) If set to “Locked”, checks that CBI EEPROM write protection is enabled. If set to “Unlocked”, checks that CBI EEPROM write protection is disabled. If set to “Absent”, checks that CBI EEPROM is absent.
is_reference_board	bool	(optional; default: False) Is reference board or not. If yes, skip the check for rlz code
project	str, None	(optional; default: None) Project name of the HWID.
mode	str	(optional; default: <FinalizeMode.ASSEMBLED: 'ASSEMBLED'>) Set “SHIMLESS_MLB” if the MLB is produced for shimless RMA. SET “MLB” if the MLB is produced for RMA or LOEM project. SET “ASSEMBLED” if the DUT is full assembled and ready to enter shipping mode.
skip_feature_tiering_steps	bool	(optional; default: False) Set as True to skip feature flag provisions for legacy projects.
block_dev_mode	bool	(optional; default: False) Set as True to block dev mode via firmware management parameters.