splatink/lbmk
1
0
Fork 0
mirror of https://codeberg.org/libreboot/lbmk.git synced 2026-03-26 13:59:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
b5628131ba74e9da739f89ceb97ff2fa69010adb
lbmk/script/update/blobs/mrc
Leah Rowe cc1642096e Use SPDX license headers on all scripts 
This results in much cleaner copyright and license declarations.
SPDX headers are legally recognised and make auditing easier.

Also, remove descriptions of each script, from each script.
Libreboot documentation at docs/maintain/ describes them.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-09-25 02:19:48 +01:00

175 lines
5.4 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env sh
# SPDX-License-Identifier: GPL-2.0-only
# Forked from util/chromeos/crosfirmware.sh in coreboot cfc26ce278. Changes to
# it in this version are exclusively by Leah Rowe, copyright as of 2021 and
# 2023, on top of original coreboot copyright auditable in coreboot.git.
[ "x${DEBUG+set}" = 'xset' ] && set -v
set -u -e
. "include/err.sh"
export PATH="${PATH}:/sbin"
# use updated manifest from wayback machine, when updating mrc.bin,
# and update the other variables below accordingly. current manifest used:
# https://web.archive.org/web/20210211071412/https://dl.google.com/dl/edgedl/chromeos/recovery/recovery.conf
# the wayback machine is used so that we get the same manifest. google
# does not seem to version the manifest, but archives are available
# variables taken from that manifest:
_board="peppy"
_file="chromeos_12239.92.0_peppy_recovery_stable-channel_mp-v3.bin"
_url="https://dl.google.com/dl/edgedl/chromeos/recovery/chromeos_12239.92.0_peppy_recovery_stable-channel_mp-v3.bin.zip"
_url2="https://web.archive.org/web/20200516070928/https://dl.google.com/dl/edgedl/chromeos/recovery/chromeos_12239.92.0_peppy_recovery_stable-channel_mp-v3.bin.zip"
_sha512sum="340a1cd41136a3ba0de9d306db0e65f51640a2efe63aee9934f326b276adc1af0a2df80c0731c5a749161ec32546909eedfa8ba95801faeb5dcfe1aa4e0840c7"
_mrc_complete_hash="e5b6d510a5fdb6a7ba0027588dbceef363a2bf30255e9222020abbe71468822f49962d423d872cc05b37098682281c016445f6aa20f88351a134facfe5f70d5b"
_mrc_complete="mrc/haswell/mrc.bin"
# NOTE: the checksums, defined above, are actually sha-2 (sha512sum)
# but google only defines sha1 and md5. we verify with sha1sum, but then
# we use sha512sum in lbmk
cbdir="coreboot/default"
cbfstool="cbutils/default/cbfstool"
sname=""
main()
{
sname=${0}
printf "Downloading Intel MRC blobs\n"
check_existing || return 0
build_dependencies
fetch_mrc || err "could not fetch mrc.bin"
}
check_existing()
{
[ -f "${_mrc_complete}" ] || \
return 0
printf "found existing mrc.bin\n" 1>&2
[ "$(sha512sum "${_mrc_complete}" | awk '{print $1}')" \
= "${_mrc_complete_hash}" ] && \
return 1
printf "hashes did not match, starting over\n" 1>&2
}
build_dependencies()
{
[ -d "${cbdir}/" ] || ./update project trees coreboot default || \
err "build_dependencies: cannot fetch coreboot/default"
./build coreboot utils default || \
err "build_dependencies: cannot build cbutils/default"
}
fetch_mrc()
{
mkdir -p mrc/haswell/ || err "fetch_mrc: !mkdir mrc/haswell"
(
cd mrc/haswell/ || err "fetch_mrc: !cd mrc/haswell"
download_image "${_url}" "${_file}" "${_sha512sum}"
[ -f ${_file} ] || \
download_image "${_url2}" "${_file}" "${_sha512sum}"
[ -f $_file ] || \
err "fetch_mrc: ${_file} not downloaded / verification failed."
extract_partition ROOT-A "${_file}" root-a.ext2
extract_shellball root-a.ext2 chromeos-firmwareupdate-${_board}
extract_coreboot chromeos-firmwareupdate-${_board}
../../"${cbfstool}" coreboot-*.bin extract -f mrc.bin -n mrc.bin \
-r RO_SECTION || err "fetch_mrc: could not fetch mrc.bin"
rm -f "chromeos-firmwareupdate-${_board}" coreboot-*.bin \
"${_file}" "root-a.ext2" || err "fetch_mrc: cannot remove files"
printf "\n\nmrc.bin saved to ${_mrc_complete}\n\n"
)
}
download_image()
{
url=${1}
_file=${2}
_sha512sum=${3}
printf "Downloading recovery image\n"
curl --retry 3 "$url" > "$_file.zip" || err "download_image: curl failed"
printf "Verifying recovery image checksum\n"
if [ "$(sha512sum "${_file}.zip" | awk '{print $1}')" = "${_sha512sum}" ]
then
unzip -q "${_file}.zip" || err "download_image: cannot unzip"
rm -f "${_file}.zip" || err "download_image: can't rm zip {1}"
return 0
fi
rm -f "${_file}.zip" || err "download_image: bad hash, and can't rm zip"
err "download_image: Bad checksum. Recovery image deleted"
}
extract_partition()
{
NAME=${1}
FILE=${2}
ROOTFS=${3}
_bs=1024
printf "Extracting ROOT-A partition\n"
ROOTP=$( printf "unit\nB\nprint\nquit\n" | \
parted "${FILE}" 2>/dev/null | grep "${NAME}" )
START=$(( $( echo ${ROOTP} | cut -f2 -d\ | tr -d "B" ) ))
SIZE=$(( $( echo ${ROOTP} | cut -f4 -d\ | tr -d "B" ) ))
dd if="${FILE}" of="${ROOTFS}" bs=${_bs} skip=$(( ${START} / ${_bs} )) \
count=$(( ${SIZE} / ${_bs} )) || \
err "extract_partition: can't extract root file system"
}
extract_shellball()
{
ROOTFS=${1}
SHELLBALL=${2}
printf "Extracting chromeos-firmwareupdate\n"
printf "cd /usr/sbin\ndump chromeos-firmwareupdate ${SHELLBALL}\nquit" \
| debugfs "${ROOTFS}" || err "extract_shellball: debugfs"
}
extract_coreboot()
{
_shellball=${1}
_unpacked=$( mktemp -d )
printf "Extracting coreboot image\n"
[ -f "${_shellball}" ] || \
err "extract_coreboot: shellball missing in google peppy image"
sh "${_shellball}" --unpack "${_unpacked}" || \
err "extract_coreboot: shellball exits with non-zero status"
# TODO: audit the f* out of that shellball, for each mrc version.
# it has to be updated for each mrc update. we should ideally
# implement the functionality ourselves.
[ -f "${_unpacked}/VERSION" ] || \
err "extract_coreboot: VERSION file missing on google coreboot rom"
_version=$( cat "${_unpacked}/VERSION" | grep BIOS\ version: | \
cut -f2 -d: | tr -d \ )
cp "${_unpacked}/bios.bin" "coreboot-${_version}.bin" || \
err "extract_coreboot: cannot copy google peppy rom"
rm -Rf "${_unpacked}" || \
err "extract_coreboot: cannot remove extracted google peppy archive"
}
main $@
Reference in New Issue View Git Blame Copy Permalink