splatink/lbmk
1
0
Fork 0
mirror of https://codeberg.org/libreboot/lbmk.git synced 2026-03-28 15:09:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
fd1bbdc96cb218bc3d550202aba363e47b4dcbce
lbmk/include/vendor.sh
Leah Rowe e8336bcc3c vendor.sh: Proper semantics on prefix file names 
They may not actually always be binary blobs, at least not
software. I started referring to these as "vendor files" some
time ago, for this reason.

With this terminology, it applies properly to any sort of file
from the vendor. For example, it may be that in the future, we
start inserting the MFS section of an an Intel ME image, into
the Intel ME.

We already do that with deguard for example (set MFS config),
on MEv11 based setup. That is a vendor *file*, and though it
may still actually be a binary blob, it's not software, but
configuration.

The term "blob" normally means compiled software, in most people's
minds, but the term blob is technically accurate for any blob,
not just software; however, we have to keep people's perception
in mind.

Whereas, "vendor file" is also understood by most people to
include code supplied by the vendor.

We haven't done any releases yet with this ROM image file name
prefix, so it's perfectly OK to handle it now, without handling
the old one for backwards compatibility.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-05 08:56:23 +00:00

757 lines
26 KiB
Bash
Raw Blame History

# SPDX-License-Identifier: GPL-3.0-only
# Copyright (c) 2022 Caleb La Grange <thonkpeasant@protonmail.com>
# Copyright (c) 2022 Ferass El Hafidi <vitali64pmemail@protonmail.com>
# Copyright (c) 2023-2025 Leah Rowe <leah@libreboot.org>
e6400_unpack="$PWD/src/bios_extract/dell_inspiron_1100_unpacker.py"
me7updateparser="$PWD/util/me7_update_parser/me7_update_parser.py"
pfs_extract="$PWD/src/biosutilities/Dell_PFS_Extract.py"
uefiextract="$PWD/elf/uefitool/uefiextract"
vendir="vendorfiles"
appdir="$vendir/app"
cbcfgsdir="config/coreboot"
hashfiles="vendorhashes blobhashes" # blobhashes for backwards compatibility
dontflash="!!! AN ERROR OCCURED! Please DO NOT flash if injection failed. !!!"
vfix="DO_NOT_FLASH_YET._FIRST,_INJECT_FILES_VIA_INSTRUCTIONS_ON_LIBREBOOT.ORG_"
vguide="https://libreboot.org/docs/install/ivy_has_common.html"
tmpromdel="$PWD/tmp/DO_NOT_FLASH"
cv="CONFIG_HAVE_ME_BIN CONFIG_ME_BIN_PATH CONFIG_INCLUDE_SMSC_SCH5545_EC_FW \
CONFIG_SMSC_SCH5545_EC_FW_FILE CONFIG_KBC1126_FIRMWARE CONFIG_KBC1126_FW1 \
CONFIG_KBC1126_FW2 CONFIG_KBC1126_FW1_OFFSET CONFIG_KBC1126_FW2_OFFSET \
CONFIG_VGA_BIOS_FILE CONFIG_VGA_BIOS_ID CONFIG_BOARD_DELL_E6400 \
CONFIG_HAVE_MRC CONFIG_MRC_FILE CONFIG_HAVE_REFCODE_BLOB \
CONFIG_REFCODE_BLOB_FILE CONFIG_GBE_BIN_PATH CONFIG_IFD_BIN_PATH \
CONFIG_LENOVO_TBFW_BIN CONFIG_FSP_FD_PATH CONFIG_FSP_M_FILE \
CONFIG_FSP_S_FILE CONFIG_FSP_S_CBFS CONFIG_FSP_M_CBFS CONFIG_FSP_USE_REPO \
CONFIG_FSP_FULL_FD"
eval "`setvars "" has_hashes EC_hash DL_hash DL_url_bkup MRC_refcode_gbe vcfg \
E6400_VGA_DL_hash E6400_VGA_DL_url E6400_VGA_DL_url_bkup E6400_VGA_offset \
E6400_VGA_romname SCH5545EC_DL_url_bkup SCH5545EC_DL_hash _dest tree \
mecleaner kbc1126_ec_dump MRC_refcode_cbtree new_mac _dl SCH5545EC_DL_url \
archive EC_url boarddir rom cbdir DL_url nukemode cbfstoolref FSPFD_hash \
_7ztest ME11bootguard ME11delta ME11version ME11sku ME11pch tmpromdir \
IFD_platform ifdprefix cdir sdir _me _metmp mfs TBFW_url_bkup TBFW_url \
TBFW_hash TBFW_size hashfile xromsize xchanged EC_url_bkup need_files \
vfile $cv`"
vendor_download()
{
[ $# -gt 0 ] || $err "No argument given"; export PATH="$PATH:/sbin"
board="$1"; readcfg && readkconfig && bootstrap && getfiles; :
}
readkconfig()
{
check_defconfig "$boarddir" 1>"$TMPDIR/vendorcfg.list" && return 1
rm -f "$TMPDIR/tmpcbcfg" || $err "!rm $TMPDIR/tmpcbcfg - $dontflash"
while read -r cbcfgfile; do
for cbc in $cv; do
rm -f "$TMPDIR/tmpcbcfg2" || \
$err "!rm $TMPDIR/tmpcbcfg2 - $dontflash"
grep "$cbc" "$cbcfgfile" 1>"$TMPDIR/tmpcbcfg2" \
2>/dev/null || :
[ -f "$TMPDIR/tmpcbcfg2" ] || continue
cat "$TMPDIR/tmpcbcfg2" >> "$TMPDIR/tmpcbcfg" || \
$err "!cat $TMPDIR/tmpcbcfg2 - $dontflash"
done
done < "$TMPDIR/vendorcfg.list"
eval "`setcfg "$TMPDIR/tmpcbcfg"`"
for c in CONFIG_HAVE_MRC CONFIG_HAVE_ME_BIN CONFIG_KBC1126_FIRMWARE \
CONFIG_VGA_BIOS_FILE CONFIG_INCLUDE_SMSC_SCH5545_EC_FW \
CONFIG_LENOVO_TBFW_BIN CONFIG_FSP_M_FILE CONFIG_FSP_S_FILE; do
eval "[ \"\${$c}\" = \"/dev/null\" ] && continue"
eval "[ -z \"\${$c}\" ] && continue"
eval "`setcfg "$vfile"`"; return 0
done
printf "Vendor files not needed for: %s\n" "$board" 1>&2; return 1
}
bootstrap()
{
x_ ./mk -f coreboot ${cbdir##*/}
mk -b uefitool biosutilities bios_extract
[ -d "${kbc1126_ec_dump%/*}" ] && x_ make -C "$cbdir/util/kbc1126"
[ -n "$MRC_refcode_cbtree" ] && \
cbfstoolref="elf/cbfstool/$MRC_refcode_cbtree/cbfstool" && \
x_ ./mk -d coreboot "$MRC_refcode_cbtree"; return 0
}
getfiles()
{
[ -z "$CONFIG_HAVE_ME_BIN" ] || fetch intel_me "$DL_url" \
"$DL_url_bkup" "$DL_hash" "$CONFIG_ME_BIN_PATH"
[ -z "$CONFIG_INCLUDE_SMSC_SCH5545_EC_FW" ] || fetch sch5545ec \
"$SCH5545EC_DL_url" "$SCH5545EC_DL_url_bkup" "$SCH5545EC_DL_hash" \
"$CONFIG_SMSC_SCH5545_EC_FW_FILE"
[ -z "$CONFIG_KBC1126_FIRMWARE" ] || fetch kbc1126ec "$EC_url" \
"$EC_url_bkup" "$EC_hash" "$CONFIG_KBC1126_FW1"
[ -z "$CONFIG_VGA_BIOS_FILE" ] || fetch e6400vga "$E6400_VGA_DL_url" \
"$E6400_VGA_DL_url_bkup" "$E6400_VGA_DL_hash" "$CONFIG_VGA_BIOS_FILE"
[ -z "$CONFIG_HAVE_MRC" ] || fetch "mrc" "$MRC_url" "$MRC_url_bkup" \
"$MRC_hash" "$CONFIG_MRC_FILE"
[ -z "$CONFIG_LENOVO_TBFW_BIN" ] || fetch "tbfw" "$TBFW_url" \
"$TBFW_url_bkup" "$TBFW_hash" "$CONFIG_LENOVO_TBFW_BIN"
#
# in the future, we might have libre fsp-s and then fsp-m.
# therefore, handle them separately, in case one of them is libre; if
# one of them was, the path wouldn't be set.
#
[ -z "$CONFIG_FSP_M_FILE" ] || fetch "fspm" "$CONFIG_FSP_FD_PATH" \
"$CONFIG_FSP_FD_PATH" "$FSPFD_hash" "$CONFIG_FSP_M_FILE" copy
[ -z "$CONFIG_FSP_S_FILE" ] || fetch "fsps" "$CONFIG_FSP_FD_PATH" \
"$CONFIG_FSP_FD_PATH" "$FSPFD_hash" "$CONFIG_FSP_S_FILE" copy; :
}
fetch()
{
dl_type="$1"; dl="$2"; dl_bkup="$3"; dlsum="$4"; _dest="${5##*../}"
[ "$5" = "/dev/null" ] && return 0; _dl="$XBMK_CACHE/file/$dlsum"
if [ "$dl_type" = "fspm" ] || [ "$dl_type" = "fsps" ]; then
# HACK: if grabbing fsp from coreboot, fix the path for lbmk
for _cdl in dl dl_bkup; do
eval "$_cdl=\"\${$_cdl##*../}\"; _cdp=\"\$$_cdl\""
[ -f "$_cdp" ] || _cdp="$cbdir/$_cdp"
[ -f "$_cdp" ] && eval "$_cdl=\"$_cdp\""
done
fi
dlop="curl" && [ $# -gt 5 ] && dlop="$6"
download "$dl" "$dl_bkup" "$_dl" "$dlsum" "$dlop"
rm -Rf "${_dl}_extracted" || $err "!rm ${_ul}_extracted. $dontflash"
e "$_dest" f && return 0
mkdir -p "${_dest%/*}" || \
$err "mkdirs: !mkdir -p ${_dest%/*} - $dontflash"
remkdir "$appdir"; extract_archive "$_dl" "$appdir" "$dl_type" || \
[ "$dl_type" = "e6400vga" ] || \
$err "mkd $_dest $dl_type: !extract. $dontflash"
eval "extract_$dl_type"; set -u -e
e "$_dest" f missing && $err "!extract_$dl_type. $dontflash"; :
}
extract_intel_me()
{
e "$mecleaner" f not && $err "$cbdir: me_cleaner missing. $dontflash"
cdir="$PWD/$appdir"
_me="$PWD/$_dest"
_metmp="$PWD/tmp/me.bin"
mfs="" && [ "$ME11bootguard" = "y" ] && mfs="--whitelist MFS" && \
chkvars ME11delta ME11version ME11sku ME11pch
[ "$ME11bootguard" = "y" ] && x_ ./mk -f deguard
x_ mkdir -p tmp
extract_intel_me_bruteforce
if [ "$ME11bootguard" = "y" ]; then
apply_me11_deguard_mod
else
mv "$_metmp" "$_me" || $err "!mv $_metmp $_me - $dontflash"
fi
}
extract_intel_me_bruteforce()
{
[ $# -gt 0 ] && cdir="$1"
e "$_metmp" f && return 0
[ -z "$sdir" ] && sdir="$(mktemp -d)"
mkdir -p "$sdir" || \
$err "extract_intel_me: !mkdir -p \"$sdir\" - $dontflash"
set +u +e
(
[ "${cdir#/a}" != "$cdir" ] && cdir="${cdir#/}"
cd "$cdir" || $err "extract_intel_me: !cd \"$cdir\" - $dontflash"
for i in *; do
[ -f "$_metmp" ] && break
[ -L "$i" ] && continue
if [ -f "$i" ]; then
_r="-r" && [ -n "$mfs" ] && _r=""
"$mecleaner" $mfs $_r -t -O "$sdir/vendorfile" \
-M "$_metmp" "$i" && break
"$mecleaner" $mfs $_r -t -O "$_metmp" "$i" && break
"$me7updateparser" -O "$_metmp" "$i" && break
_7ztest="${_7ztest}a"
extract_archive "$i" "$_7ztest" || continue
extract_intel_me_bruteforce "$cdir/$_7ztest"
elif [ -d "$i" ]; then
extract_intel_me_bruteforce "$cdir/$i"
else
continue
fi
cdir="$1"; [ "${cdir#/a}" != "$cdir" ] && cdir="${cdir#/}"
cd "$cdir" || :
done
)
rm -Rf "$sdir" || $err "extract_intel_me: !rm -Rf $sdir - $dontflash"
}
apply_me11_deguard_mod()
{
(
x_ cd src/deguard/
./finalimage.py --delta "data/delta/$ME11delta" \
--version "$ME11version" \
--pch "$ME11pch" --sku "$ME11sku" --fake-fpfs data/fpfs/zero \
--input "$_metmp" --output "$_me" || \
$err "Error running deguard for $_me - $dontflash"
) || $err "Error running deguard for $_me - $dontflash"
}
extract_archive()
{
if [ $# -gt 2 ]; then
if [ "$3" = "fspm" ] || [ "$3" = "fsps" ]; then
decat_fspfd "$1" "$2"
return 0
fi
fi
innoextract "$1" -d "$2" || python "$pfs_extract" "$1" -e || 7z x \
"$1" -o"$2" || unar "$1" -o "$2" || unzip "$1" -d "$2" || return 1
[ ! -d "${_dl}_extracted" ] || cp -R "${_dl}_extracted" "$2" || \
$err "!mv '${_dl}_extracted' '$2' - $dontflash"; :
}
decat_fspfd()
{
_fspfd="$1"
_fspdir="$2"
_fspsplit="$cbdir/3rdparty/fsp/Tools/SplitFspBin.py"
$python "$_fspsplit" split -f "$_fspfd" -o "$_fspdir" -n "Fsp.fd" || \
$err "decat_fspfd '$1' '$2': Can't de-concatenate; $dontflash"; :
}
extract_kbc1126ec()
{
e "$kbc1126_ec_dump" f missing && \
$err "$cbdir: kbc1126 util missing - $dontflash"
(
x_ cd "$appdir/"; mv Rompaq/68*.BIN ec.bin || :
if [ ! -f "ec.bin" ]; then
unar -D ROM.CAB Rom.bin || unar -D Rom.CAB Rom.bin || \
unar -D 68*.CAB Rom.bin || \
$err "can't extract Rom.bin - $dontflash"
x_ mv Rom.bin ec.bin
fi
[ -f ec.bin ] || \
$err "extract_kbc1126_ec $board: can't extract - $dontflash"
"$kbc1126_ec_dump" ec.bin || \
$err "!1126ec $board extract ecfw - $dontflash"
) || $err "can't extract kbc1126 ec firmware - $dontflash"
e "$appdir/ec.bin.fw1" f not && \
$err "$board: kbc1126ec fetch failed - $dontflash"
e "$appdir/ec.bin.fw2" f not && \
$err "$board: kbc1126ec fetch failed - $dontflash"
cp "$appdir/"ec.bin.fw* "${_dest%/*}/" || \
$err "!cp 1126ec $_dest - $dontflash"; :
}
extract_e6400vga()
{
set +u +e
chkvars E6400_VGA_offset E6400_VGA_romname
tail -c +$E6400_VGA_offset "$_dl" | gunzip > "$appdir/bios.bin" || :
(
x_ cd "$appdir"
[ -f "bios.bin" ] || \
$err "extract_e6400vga: can't extract bios.bin - $dontflash"
"$e6400_unpack" bios.bin || printf "TODO: fix dell extract util\n"
) || $err "can't extract e6400 vga rom - $dontflosh"
cp "$appdir/$E6400_VGA_romname" "$_dest" || \
$err "extract_e6400vga $board: can't cp $_dest - $dontflash"; :
}
extract_sch5545ec()
{
# full system ROM (UEFI), to extract with UEFIExtract:
_bios="${_dl}_extracted/Firmware/1 $dlsum -- 1 System BIOS vA.28.bin"
# this is the SCH5545 firmware, inside of the extracted UEFI ROM:
_sch5545ec_fw="$_bios.dump/4 7A9354D9-0468-444A-81CE-0BF617D890DF"
_sch5545ec_fw="$_sch5545ec_fw/54 D386BEB8-4B54-4E69-94F5-06091F67E0D3"
_sch5545ec_fw="$_sch5545ec_fw/0 Raw section/body.bin" # <-- this!
"$uefiextract" "$_bios" || $err "sch5545 !extract - $dontflash"
cp "$_sch5545ec_fw" "$_dest" || \
$err "$_dest: !sch5545 copy - $dontflash"; :
}
# Lenovo ThunderBolt firmware updates:
# https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t480-type-20l5-20l6/20l5/solutions/ht508988
extract_tbfw()
{
chkvars TBFW_size # size in bytes, matching TBFW's flash IC
x_ mkdir -p tmp
x_ rm -f tmp/tb.bin
find "$appdir" -type f -name "TBT.bin" > "tmp/tb.txt" || \
$err "extract_tbfw $_dest: Can't extract TBT.bin - $dontflash"
while read -r f; do
[ -f "$f" ] || continue
[ -L "$f" ] && continue
cp "$f" "tmp/tb.bin" || \
$err "extract_tbfw $_dest: Can't copy TBT.bin - $dontflash"
break
done < "tmp/tb.txt"
dd if=/dev/null of=tmp/tb.bin bs=1 seek=$TBFW_size || \
$err "extract_tbfw $_dest: Can't pad TBT.bin - $dontflash"
cp "tmp/tb.bin" "$_dest" || \
$err "extract_tbfw $_dest: copy error - $dontflash "; :
}
extract_fspm()
{
copy_fsp M; :
}
extract_fsps()
{
copy_fsp S; :
}
# this copies the fsp s/m; re-base is handled by ./mk inject
copy_fsp()
{
cp "$appdir/Fsp_$1.fd" "$_dest" || \
$err "copy_fsp: Can't copy $1 to $_dest - $dontflash"; :
}
fail_inject()
{
[ -L "$tmpromdel" ] || [ ! -d "$tmpromdel" ] || \
rm -Rf "$tmpromdel" || :
printf "\n\n%s\n\n" "$dontflash" 1>&2
printf "WARNING: File '%s' was NOT modified.\n\n" "$archive" 1>&2
printf "Please MAKE SURE vendor files are inserted before flashing\n\n"
fail "$1"
}
vendor_inject()
{
need_files="n" # will be set to "y" if vendorfiles needed
_olderr="$err"
err="fail_inject"
remkdir "$tmpromdel"
set +u +e; [ $# -lt 1 ] && $err "No options specified. - $dontflash"
eval "`setvars "" nukemode new_mac xchanged`"
# randomise the MAC address by default
# TODO: support setting CBFS MAC address for GA-G41M-ES2L
new_mac="??:??:??:??:??:??"
archive="$1";
[ $# -gt 1 ] && case "$2" in
nuke)
new_mac=""
nukemode="nuke" ;;
setmac)
[ $# -gt 2 ] && new_mac="$3" && \
[ -z "$new_mac" ] && $err \
"You set an empty MAC address string" ;;
*) $err "Unrecognised inject mode: '$2'"
esac
# allow the user to skip setting MAC addresses.
# if new_mac is empty, this script skips running nvmutil
[ "$new_mac" = "keep" ] && new_mac=""
# we don't allow the *user* to clear new_mac, in the setmac
# command, in case the build system is being integrated with
# another, where setmac is relied upon and is being set
# explicitly. this is a preventative error handle, as a courtes
# to that hypothetical user e.g. Linux distro package maintainer
# integrating this build system into their distro. if they used
# a variable for that, and they forgot to initialise it, they'll know.
check_release "$archive" || \
$err "You must run this script on a release archive. - $dontflash"
[ "$new_mac" = "restore" ] && \
printf "Restoring default GbE for '$archive', board '$board'\n"
readcfg && need_files="y"
if [ "$need_files" = "y" ] || [ -n "$new_mac" ]; then
[ "$nukemode" = "nuke" ] || x_ ./mk download "$board"
patch_release_roms
fi
[ "$need_files" != "y" ] && printf \
"\nTarball '%s' (board '%s) doesn't need vendorfiles.\n" \
"$archive" "$board" 1>&2
xtype="patched" && [ "$nukemode" = "nuke" ] && xtype="nuked"
[ "$xchanged" != "y" ] && \
printf "\nRelease archive '%s' was *NOT* modified.\n" \
"$archive" && [ "$has_hashes" = "y" ] && \
printf "WARNING: '%s' contains '%s'. DO NOT FLASH!\n" \
"$archive" "$hashfile" 1>&2 && \
printf "(vendorfiles may be needed and aren't there)\n" \
1>&2
[ "$xchanged" = "y" ] && \
printf "\nRelease archive '%s' successfully %s.\n" \
"$archive" "$xtype" && [ "$nukemode" != "nuke" ] && \
printf "You may now extract '%s' and flash images from it.\n" \
"$archive"
[ "$xchanged" = "y" ] && [ "$nukemode" = "nuke" ] && \
printf "WARNING! Vendorfiles *removed*. DO NOT FLASH.\n" 1>&2 \
&& printf "DO NOT flash images from '%s'\n" \
"$archive" 1>&2
[ "$need_files" = "n" ] && printf \
"Board '%s' doesn't use vendorfiles, so none were inserted.\n" \
"$board"
#
# catch-all error handler, for libreboot release opsec:
#
# if vendor files defined, and a hash file was missing, that means
# a nuke must succeed, if specified. if no hashfile was present,
# that means vendorfiles had been injected, so a nuke must succeed.
# this check is here in case of future bugs in lbmk's handling
# of vendorfile deletions on release archives, which absolutely
# must always be 100% reliable, so paranoia is paramount:
#
if [ "$xchanged" != "y" ] && [ "$need_files" = "y" ] && \
[ "$nukemode" = "nuke" ] && [ "$has_hashes" != "y" ]; then
printf "FAILED NUKE: tarball '$archive', board '$board'\n" 1>&2
$err "Unhandled vendorfile deletion: DO NOT RELEASE TO RSYNC"
fi # of course, we assume that those variables are also set right
err="$_olderr"
return 0
}
check_release()
{
[ -L "$archive" ] && \
$err "'$archive' is a symlink, not a file - $dontflash"
[ -f "$archive" ] || return 1
archivename="`basename "$archive"`"
[ -z "$archivename" ] && \
$err "Cannot determine archive file name - $dontflash"
case "$archivename" in
*_src.tar.xz)
$err "'$archive' is a src archive, silly!" ;;
grub_*|seagrub_*|custom_*|seauboot_*|seabios_withgrub_*)
return 1 ;;
*.tar.xz) _stripped_prefix="${archivename#*_}"
board="${_stripped_prefix%.tar.xz}" ;;
*) $err "'$archive': could not detect board type - $dontflash"
esac; :
}
readcfg()
{
if [ "$board" = "serprog_rp2040" ] || \
[ "$board" = "serprog_stm32" ] || \
[ "$board" = "serprog_pico" ]; then
return 1
fi
boarddir="$cbcfgsdir/$board"
eval "`setcfg "$boarddir/target.cfg"`"
chkvars tree
x_ ./mk -d coreboot "$tree" # even if vendorfiles not used, see: setmac
[ -z "$vcfg" ] && return 1
vfile="config/vendor/$vcfg/pkg.cfg"
[ -L "$vfile" ] && $err "'$archive', '$board': $vfile is a symlink"
[ -f "$vfile" ] || $err "'$archive', '$board': $vfile doesn't exist"
cbdir="src/coreboot/$tree"
cbfstool="elf/cbfstool/$tree/cbfstool"
rmodtool="elf/cbfstool/$tree/rmodtool"
mecleaner="$PWD/$cbdir/util/me_cleaner/me_cleaner.py"
kbc1126_ec_dump="$PWD/$cbdir/util/kbc1126/kbc1126_ec_dump"
cbfstool="elf/cbfstool/$tree/cbfstool"
ifdtool="elf/ifdtool/$tree/ifdtool"
[ -n "$IFD_platform" ] && ifdprefix="-p $IFD_platform"; :
}
patch_release_roms()
{
has_hashes="n"
tmpromdir="tmp/DO_NOT_FLASH/bin/$board"
remkdir "${tmpromdir%"/bin/$board"}"
tar -xf "$archive" -C "${tmpromdir%"/bin/$board"}" || \
$err "Can't extract '$archive'"
for _hashes in $hashfiles; do
[ -L "$tmpromdir/$_hashes" ] && \
$err "'$archive' -> the hashfile is a symlink. $dontflash"
[ -f "$tmpromdir/$_hashes" ] && has_hashes="y" && \
hashfile="$_hashes" && break; :
done
x_ mkdir -p "tmp"; [ -L "tmp/rom.list" ] && \
$err "'$archive' -> tmp/rom.list is a symlink - $dontflash"
x_ rm -f "tmp/rom.list" "tmp/zero.1b"
x_ dd if=/dev/zero of=tmp/zero.1b bs=1 count=1
find "$tmpromdir" -maxdepth 1 -type f -name "*.rom" > "tmp/rom.list" \
|| $err "'$archive' -> Can't make tmp/rom.list - $dontflash"
if readkconfig; then
while read -r _xrom ; do
process_release_rom "$_xrom" || break
done < "tmp/rom.list"
rm -f "$tmpromdir/README.md" || :
[ "$nukemode" != "nuke" ] || \
printf "Make sure you inserted vendor files: %s\n" \
"$vguide" > "$tmpromdir/README.md" || :
else
printf "Skipping vendorfiles on '%s'\n" "$archive" 1>&2
fi
(
cd "$tmpromdir" || $err "patch '$archive': can't cd $tmpromdir"
# NOTE: For compatibility with older rom releases, defer to sha1
if [ "$has_hashes" = "y" ] && [ "$nukemode" != "nuke" ]; then
sha512sum --status -c "$hashfile" || \
sha1sum --status -c "$hashfile" || \
$err "'$archive' -> Can't verify vendor hashes. $dontflash"
rm -f "$hashfile" || \
$err "$archive: Can't rm hashfile. $dontflash"
fi
) || $err "'$archive' -> Can't verify vendor hashes. $dontflash"
if [ -n "$new_mac" ]; then
if ! modify_mac_addresses; then
printf "\nNo GbE region defined for '%s'\n" "$board" \
1>&2
printf "Therefore, changing the MAC is impossible.\n" \
1>&2
printf "This board probably lacks Intel ethernet.\n" \
1>&2
printf "(or it's pre-IFD Intel with Intel GbE NIC)\n" \
1>&2
fi
fi
[ "$xchanged" = "y" ] || rm -Rf "$tmpromdel" || :
[ "$xchanged" = "y" ] || return 0
(
cd "${tmpromdir%"/bin/$board"}" || \
$err "Can't cd '${tmpromdir%"/bin/$board"}'; $dontflash"
# ../../ is the root of lbmk
mkrom_tarball "bin/$board"
) || $err "Cannot re-generate '$archive' - $dontflash"
mv "${tmpromdir%"/bin/$board"}/bin/${relname}_${board}.tar.xz" \
"$archive" || \
$err "'$archive' -> Cannot overwrite - $dontflash"; :
}
process_release_rom()
{
_xrom="$1"; _xromname="${1##*/}"
[ -L "$_xrom" ] && \
$err "$archive -> '${_xrom#"tmp/DO_NOT_FLASH/"}' is a symlink"
[ -f "$_xrom" ] || return 0
[ -z "${_xromname#"$vfix"}" ] && \
$err "'$_xromname'->'"${_xromname#"$vfix"}"' empty. $dontflash"
# Remove the prefix and 1-byte pad
if [ "$nukemode" != "nuke" ] && \
[ "${_xromname#"$vfix"}" != "$_xromname" ]; then
_xromnew="${_xrom%/*}/${_xromname#"$vfix"}"
# Remove the 1-byte padding
stat -c '%s' "$_xrom" > "tmp/rom.size" || \
$err "$_xrom: Can't get rom size. $dontflash"
read -r xromsize < "tmp/rom.size" || \
$err "$_xrom: Can't read rom size. $dontflash"
expr "X$xromsize" : "X-\{0,1\}[0123456789][0123456789]*$" \
1>/dev/null 2>/dev/null || $err "$_xrom size non-integer"
[ $xromsize -lt 2 ] && $err \
"$_xrom: Will not create empty file. $dontflash"
# TODO: check whether the size would be a multiple of 64KB
# the smallest rom images we do are 512kb
xromsize="`expr $xromsize - 1`"
[ $xromsize -lt 524288 ] && \
$err "$_xrom size too small; likely not a rom. $dontflash"
dd if="$_xrom" of="$_xromnew" bs=$xromsize count=1 || \
$err "$_xrom: Can't resize. $dontflash"
rm -f "$_xrom" || $err "Can't rm $_xrom - $dontflash"
_xrom="$_xromnew"
fi
[ "$nukemode" = "nuke" ] && \
mksha512sum "$_xrom" "vendorhashes"
patch_rom "$_xrom" || return 1 # if break return, can still change MAC
[ "$nukemode" != "nuke" ] && return 0
# Rename the file, prefixing a warning saying not to flash
# the target image, which now has vendor files removed. Also
# pad it so that flashprog returns an error if the user tries
# to flash it, due to mismatching ROM size vs chip size
cat "$_xrom" tmp/zero.1b > "${_xrom%/*}/$vfix${_xrom##*/}" || \
$err "'$archive' -> can't pad/rename '$_xrom'. $dontflash"
rm -f "$_xrom" || $err "'$archive' -> can't rm '$_xrom'. $dontflash"
}
patch_rom()
{
rom="$1"
# regarding ifs below:
# if a hash file exists, we only want to allow inject.
# if a hash file is missing, we only want to allow nuke.
# this logical rule prevents double-nuke and double-inject
# if injecting without a hash file i.e. inject what was injected
# (or inject where no vendor files are needed, covered previously)
if [ "$has_hashes" != "y" ] && [ "$nukemode" != "nuke" ]; then
printf "inject: '%s' has no hash file. Skipping.\n" \
"$archive" 1>&2
return 1
fi
# nuking *with* a hash file, i.e. nuking what was nuked before
if [ "$has_hashes" = "y" ] && [ "$nukemode" = "nuke" ]; then
printf "inject nuke: '%s' has a hash file. Skipping nuke.\n" \
"$archive" 1>&2
return 1
fi
[ -n "$CONFIG_HAVE_REFCODE_BLOB" ] && inject "fallback/refcode" \
"$CONFIG_REFCODE_BLOB_FILE" "stage"
[ "$CONFIG_HAVE_MRC" = "y" ] && inject "mrc.bin" "$CONFIG_MRC_FILE" \
"mrc" "0xfffa0000"
[ "$CONFIG_HAVE_ME_BIN" = "y" ] && inject IFD "$CONFIG_ME_BIN_PATH" me
[ "$CONFIG_KBC1126_FIRMWARE" = "y" ] && inject ecfw1.bin \
"$CONFIG_KBC1126_FW1" raw "$CONFIG_KBC1126_FW1_OFFSET" && inject \
ecfw2.bin "$CONFIG_KBC1126_FW2" raw "$CONFIG_KBC1126_FW2_OFFSET"
[ -n "$CONFIG_VGA_BIOS_FILE" ] && [ -n "$CONFIG_VGA_BIOS_ID" ] && \
inject "pci$CONFIG_VGA_BIOS_ID.rom" "$CONFIG_VGA_BIOS_FILE" optionrom
[ "$CONFIG_INCLUDE_SMSC_SCH5545_EC_FW" = "y" ] && \
[ -n "$CONFIG_SMSC_SCH5545_EC_FW_FILE" ] && \
inject sch5545_ecfw.bin "$CONFIG_SMSC_SCH5545_EC_FW_FILE" raw
#
# coreboot adds FSP-M first. so we shall add it first, then S:
# NOTE:
# We skip the fetch if CONFIG_FSP_USE_REPO or CONFIG_FSP_FULL_FD is set
# but only for inject/nuke. we still run fetch (see above) because on
# _fsp targets, coreboot still needs them, but coreboot Kconfig uses
# makefile syntax and puts $(obj) in the path, which makes no sense
# in sh. So we modify the path there, but lbmk only uses the file
# in vendorfiles/ if neither CONFIG_FSP_USE_REPO nor CONFIG_FSP_FULL_FD
# are set
#
[ -z "$CONFIG_FSP_USE_REPO" ] && [ -z "$CONFIG_FSP_FULL_FD" ] && \
[ -n "$CONFIG_FSP_M_FILE" ] && \
inject "$CONFIG_FSP_M_CBFS" "$CONFIG_FSP_M_FILE" fsp --xip
[ -z "$CONFIG_FSP_USE_REPO" ] && [ -z "$CONFIG_FSP_FULL_FD" ] && \
[ -n "$CONFIG_FSP_S_FILE" ] && \
inject "$CONFIG_FSP_S_CBFS" "$CONFIG_FSP_S_FILE" fsp
# TODO: modify gbe *after checksum verification only*
# TODO: insert default gbe if doing -n nuke
printf "ROM image successfully patched: %s\n" "$rom"
xchanged="y"
}
inject()
{
[ $# -lt 3 ] && $err "$*, $rom: usage: inject name path type (offset)"
[ "$2" = "/dev/null" ] && return 0
eval "`setvars "" cbfsname _dest _t _offset`"
cbfsname="$1"; _dest="${2##*../}"; _t="$3"
if [ "$_t" = "fsp" ]; then
[ $# -gt 3 ] && _offset="$4"
else
[ $# -gt 3 ] && _offset="-b $4" && [ -z "$4" ] && \
$err "inject $*, $rom: offset given but empty (undefined)"
fi
e "$_dest" f n && [ "$nukemode" != "nuke" ] && $err "!inject $dl_type"
if [ "$cbfsname" = "IFD" ]; then
[ "$nukemode" = "nuke" ] || "$ifdtool" $ifdprefix -i \
$_t:$_dest "$rom" -O "$rom" || \
$err "failed: inject '$_t' '$_dest' on '$rom'"
[ "$nukemode" != "nuke" ] || "$ifdtool" $ifdprefix --nuke $_t \
"$rom" -O "$rom" || $err "$rom: !nuke IFD/$_t"
xchanged="y"
return 0
elif [ "$nukemode" = "nuke" ]; then
"$cbfstool" "$rom" remove -n "$cbfsname" || \
$err "inject $rom: can't remove $cbfsname"
xchanged="y"
return 0
fi
if [ "$_t" = "stage" ]; then # the only stage we handle is refcode
x_ mkdir -p tmp; x_ rm -f "tmp/refcode"
"$rmodtool" -i "$_dest" -o "tmp/refcode" || "!reloc refcode"
"$cbfstool" "$rom" add-stage -f "tmp/refcode" -n "$cbfsname" \
-t stage || $err "$rom: !add ref"
else
"$cbfstool" "$rom" add -f "$_dest" -n "$cbfsname" \
-t $_t $_offset || $err "$rom !add $_t ($_dest)"
fi; xchanged="y"; :
}
modify_mac_addresses()
{
[ "$nukemode" = "nuke" ] && \
$err "Cannot modify MAC addresses while nuking vendor files"
# chkvars CONFIG_GBE_BIN_PATH
[ -n "$CONFIG_GBE_BIN_PATH" ] || return 1
e "${CONFIG_GBE_BIN_PATH##*../}" f n && $err "missing gbe file"
[ "$new_mac" != "restore" ] && \
x_ make -C util/nvmutil
x_ mkdir -p tmp
[ -L "tmp/gbe" ] && $err "tmp/gbe exists but is a symlink"
[ -d "tmp/gbe" ] && $err "tmp/gbe exists but is a directory"
if [ -e "tmp/gbe" ]; then
[ -f "tmp/gbe" ] || $err "tmp/gbe exists and is not a file"
fi
x_ cp "${CONFIG_GBE_BIN_PATH##*../}" "tmp/gbe"
[ "$new_mac" != "restore" ] && \
x_ "util/nvmutil/nvm" "tmp/gbe" setmac "$new_mac"
find "$tmpromdir" -maxdepth 1 -type f -name "*.rom" > "tmp/rom.list" \
|| $err "'$archive' -> Can't make tmp/rom.list - $dontflash"
while read -r _xrom; do
[ -L "$_xrom" ] && continue
[ -f "$_xrom" ] || continue
"$ifdtool" $ifdprefix -i GbE:"tmp/gbe" "$_xrom" -O \
"$_xrom" || $err "'$_xrom': Can't insert new GbE file"
xchanged="y"
done < "tmp/rom.list"
printf "\nThe following GbE NVM words were written in '%s':\n" \
"$archive"
x_ util/nvmutil/nvm tmp/gbe dump
[ "$new_mac" = "restore" ] && \
printf "\nNOTE: User specified setmac 'restore' argument.\n" && \
printf "Default GbE file '%s' written without running nvmutil.\n" \
"${CONFIG_GBE_BIN_PATH##*../}"; :
}
Reference in New Issue View Git Blame Copy Permalink