Of note: upstream has made several improvements to memory
management, and several fixes to file systems.
User-friendly change to LUKS: if the passphrase input failed,
the user is prompted again for the correct passphrase, instead
of GRUB just failing. Similar to cryptsetup luksOpen behaviour
under Linux.
This pulls in the following changes from upstream (gnu.org):
* b53ec06a1 util/grub-mkrescue: Check existence of option arguments
* ab9fe8030 loader/efi/fdt: Add fdtdump command to access device tree
* 0cfec355d osdep/devmapper/getroot: Unmark 2 strings for translation
* f171122f0 loader/emu/linux: Fix determination of program name
* 828717833 disk/cryptodisk: Fix translatable message
* 9a2134a70 tests: Add test for ZFS zstd
* f96df6fe9 fs/zfs/zfs: Add support for zstd compression
* 55d35d628 kern/efi/mm: Detect calls to grub_efi_drop_alloc() with wrong page counts
* 61f1d0a61 kern/efi/mm: Change grub_efi_allocate_pages_real() to call semantically correct free function
* dc0a3a27d kern/efi/mm: Change grub_efi_mm_add_regions() to keep track of map allocation size
* b990df0be tests/util/grub-fs-tester: Fix EROFS label tests in grub-fs-tester
* d41c64811 tests: Switch to requiring exfatprogs from exfat-utils
* c1ee4da6a tests/util/grub-shell-luks-tester: Fix detached header test getting wrong header path
* c22e052fe tests/util/grub-shell: Add flexibility in QEMU firmware handling
* d2fc9dfcd tests/util/grub-shell: Use pflash instead of -bios to load UEFI firmware
* 88a7e64c2 tests/util/grub-shell: Print gdbinfo if on EFI platform
* b8d29f114 configure: Add Debian/Ubuntu DejaVu font path
* 13b315c0a term/ns8250-spcr: Add one more 16550 debug type
* 8abec8e15 loader/i386/multiboot_mbi: Fix handling of errors in broken aout-kludge
* d35ff2251 net/drivers/ieee1275/ofnet: Remove 200 ms timeout in get_card_packet() to reduce input latency
* 86df79275 commands/efi/tpm: Re-enable measurements on confidential computing platforms
* 0b4d01794 util/grub-mkpasswd-pbkdf2: Simplify the main function implementation
* fa36f6376 kern/ieee1275/init: Add IEEE 1275 Radix support for KVM on Power
* c464f1ec3 fs/zfs/zfs: Mark vdev_zaps_v2 and head_errlog as supported
* 2ffc14ba9 types: Add missing casts in compile-time byteswaps
* c6ac49120 font: Add Fedora-specific font paths
* 5e8989e4e fs/bfs: Fix improper grub_free() on non-existing files
* c806e4dc8 io/gzio: Properly init a table
* 243682baa io/gzio: Abort early when get_byte() reads nothing
* bb65d81fe cli_lock: Add build option to block command line interface
* 56e58828c fs/erofs: Add tests for EROFS in grub-fs-tester
* 9d603061a fs/erofs: Add support for the EROFS
* 1ba39de62 safemath: Add ALIGN_UP_OVF() which checks for an overflow
* d291449ba docs: Fix spelling mistakes
* 6cc2e4481 util/grub.d/00_header.in: Quote background image pathname in output
* f456add5f disk/lvm: GRUB fails to detect LVM volumes due to an incorrect computation of mda_end
* 386b59ddb disk/cryptodisk: Allow user to retry failed passphrase
* 99b4c0c38 disk/mdraid1x_linux: Prevent infinite recursion
* b272ed230 efi: Fix stack protector issues
* 6744840b1 build: Track explicit module dependencies in Makefile.core.def
Signed-off-by: Leah Rowe <leah@libreboot.org>
same as the recent update in lbmk, but adapted for cbmk,
e.g. the patches to disable microcode blobs by default.
i copied it from the lbmk update but updated nuke.list
and excluded certain patches not needed in canoeboot, such
as the new dell latitude patches and haswell nri
The coreboot/dell tree was also merged to /default, just
like in lbmk. This puts Canoeboot completely in sync,
but with deblobbing as is customary for Canoeboot.
Signed-off-by: Leah Rowe <info@minifree.org>
I re-read the modified code, and it has defines in place
for building on Windows; I was defining ACCESSPERMS
universally, but it should only be defined for non-Windows
systems, which the context in this code means Linux/BSD.
Signed-off-by: Leah Rowe <leah@libreboot.org>
musl libc is very conservative in what it implements,
preferring a very "pure" libc implementation. this means
that it lacks many of the niceties found in others like
the GNU C Library; the latter implements many BSD libc
extensions, for example.
ACCESSPERMS is a #define in BSD libc that does:
S_IRWXU | S_IRWXG | S_IRWXO
Essentially, it provides a bitwise OR providing chmod 0777,
which can be used as shorthand in calls to functions such
as mkdir() available in all libc implementations.
In the case of uefitool, this define is indeed used on mkdir.
Conditionally re-define ACCESSPERMS, if undefined, so that musl
libc can be used when building uefitool.
Signed-off-by: Leah Rowe <leah@libreboot.org>
single-tree projects cannot be handled in bulk, e.g.
./mk -f project1 project2 project3
that is still the case, from the shell, but internally
it is now possible:
mk -f project1 project2 project3
mk() is a function that simply handles the given flag,
and all projects specified.
it does not handle cases without argument, for example
you cannot do:
mk -f
arguments must be provided. it can be used internally,
to simplify cases where multiple single-tree projects
must be handled, but *also* allows multi-tree projects
to be specified, without being able to actually handle
trees within that multi-tree project; so for example,
you can only specify coreboot, and then it would run
on every coreboot tree.
Signed-off-by: Leah Rowe <leah@libreboot.org>
same as the last change. make the main function a wrapper
that dry-runs the real function.
if the "dry" variable is blank, it executes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is another alternative to the previous fix. this one
is therefore now a pre-emptive fix, in case other code is
written in the future that makes use of badhash.
the badhash variable in a y/n variable, so initialise to n.
Signed-off-by: Leah Rowe <leah@libreboot.org>
when badhash=y, the utils should be deleted, but
the check is deleting if badhash isn't n. if the
hash check isn't being performed, then this will
always be the case and the utils are always deleted.
make it positively delete the file only if badhash=y,
not when it isn't n. while this may not sound very
different, it will prevent the utils being deleted and
re-build endlessly in other cases, like when building
release archives and running the inject --nuke mode
on every image that gets built.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we want multiple seagrub images made, with different
keymaps, but we only want one non-seagrub image.
however, we also want grub in the non-seagrub image.
it just means that seabios is primarily what the user
wants, and they might occasionally use grub, whereas
the seagrub images are for people who primarily want
grub but may occasionally access the seabios menu.
right now, the seabios images really only contain seabios,
but there's no harm in adding grub to them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't rely on build/coreboot.rom staying in place,
because sometimes it can get purged under certain
conditions, due to idiosyncrasies in the coreboot
build system, even when we don't explicitly clean it
Signed-off-by: Leah Rowe <leah@libreboot.org>
this time, only handle multiple keymaps on seagrub
images. for images where seabios is first but does
not immediately load grub, whether grub is still
available in flash, just do one image (US Qwerty)
this still results in fewer images per target than
Libreboot 20240612, but should prevent most users
from being annoyed. i got a few people asking
repeatedly, and i hadn't documented yet how to add
keymap.gkb or how to remove bootorder, to get a
different keymap or disable seagrub respectively.
i anticipate that i'll get such questions a lot, even
if i do document it, so i'm reversing that decision.
it doesn't result in much extra code. the new design
in lbmk makes this sort of thing much simpler.
Signed-off-by: Leah Rowe <leah@libreboot.org>
XBMK_CACHE is now used, instead of hardcoding cache/
this is exported initialised to cache/, if unset.
this means you can set your own directory, and it means
./update release will use the same directory.
this means bandwidth wastage is further avoided.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the || : condition should be used, whereas i just
wrote : by mistake. this was done in a previous change.
fix it now.
Signed-off-by: Leah Rowe <leah@libreboot.org>
a previous change made it more redundant, falling back
on old behaviour (direct downloading, not cached), but
the way it's done means that the function never returns
an error condition in practise.
this patch fixes it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i overlooked this before. remove it. the directory
happened to be empty when i tested archives, but it's
still not a good thing that we have it. remove it!
Signed-off-by: Leah Rowe <leah@libreboot.org>
if coreboot itself is being handled, crossgcc has the
correct makeargs, setting the number of build threads.
however, other projects can specify "xtree" pointing to
a given coreboot tree, and build crossgcc for it.
one workaround may be to use trees -d coreboot TREE,
but then extra code would have to be written to make
it avoid other things like building cbfstool, which is
not required for just building crossgcc.
the cleanest way to do it is to simply hardcode it. the
value is set exactly the same as regular coreboot makeargs.
this fixes a bug, where some builds of crossgcc are made
on a single thread, rather than using XBMK_THREADS. this
patch forces it to always use CPUS=$XBMK_THREADS
Signed-off-by: Leah Rowe <leah@libreboot.org>
lbmk must still define payloads, but specific configs
may use coreboot's build system instead.
you might use this to add your own config with, say,
tianocore payload, using coreboot.git to build it,
rather than using lbmk's choice of payloads.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we no longer need to remove cache/ per project, because
it's removed in bulk at the end, in the main build script,
when generating release archives.
Signed-off-by: Leah Rowe <leah@libreboot.org>
lib.sh download() is used by subfile handling in git.sh,
e.g. crossgcc tarballs.
they are not currently cached, but are downloaded directly
in place.
cache them, under cache/file/, saved with the name equal
to the checksum, so: cache/file/CHECKSUM
if the given cached file exists, use it as-is for simple
copy, instead of curl. this avoids re-downloading a lot of
crossgcc tarballs, where different coreboot trees may use
some archives that are the same throughout.
Signed-off-by: Leah Rowe <leah@libreboot.org>
if doing a retry, the directory may still exist, which
would make git clone yield an error response; the existing
directory will have been the one that failed to reset, so
let's delete it.
the one deleted is not the cache (repo/PROJECT/), thus
otherwise maintaining current behaviour.
Signed-off-by: Leah Rowe <leah@libreboot.org>
normally, a project is cached at repo/PROJECT/, and
cloned from there to the final destination.
errors lead to a calling of $err, but this will result
in a return if done from inside a subshell, of non-zero
value, so use this to re-try with a 6th argument when
calling tmpclone().
in most cases, this fallback will never kick in, but
it will kick in resetting or patching the cached clone
fails; specifically, we are interested in the reset part.
a given project name may change repositories in lbmk at
a given time. if this happens, and the old one is cached,
the overall result of this patch is that lbmk will fall
back to the old behaviour, where git urls are tried
directly, without caching.
Signed-off-by: Leah Rowe <leah@libreboot.org>
actual source code is not scanned, but config directories are
scanned. simply get the checksum of each file under config/
pertaining to a given project/tree, and also for the given
target. coreboot utilities are also handled.
if it changes, in any way, delete and re-build automatically.
such deletions should probably still be done manually, as part
of understanding the build system, but this change should make
the build system much easier to use during development.
Signed-off-by: Leah Rowe <leah@libreboot.org>
single-tree repos were not previously cached, but now
they are and they have to be handled.
this, as also alluded to in the previous commit, is done
when preparing release archives (XBMK_RELEASE=y)
Signed-off-by: Leah Rowe <leah@libreboot.org>
repo/p/ does not have its revision reset, so it
changes unpredictably, and it's not used in builds.
this used to be src/p/p/ - the context here is multi-tree
projects, in source archives.
Signed-off-by: Leah Rowe <leah@libreboot.org>
re-use repo/project/
this means that single- and multi-tree projects now
have a unified cached git repo location, as per the
new rules, thus saving on disk space usage.
Signed-off-by: Leah Rowe <leah@libreboot.org>
do it based on the URL, e.g. https://review.coreboot.org/coreboot
becomes repo/coreboot
the downside is if you have two projects with repo urls specifying
the same string at the end, but this isn't the case at the moment
and likely won't be the case, but it's a theoretical issue.
this saves on bandwidth when downloading identical submodule repos
between multiple trees within the same multi-tree project
for example, coreboot 3rdparty/vboot is no longer downloaded more
than once, instead cloned locally on subsequent downloads.
if repo/DIR exists, git-pull is attempted, but errors do not result
in a non-zero exit, by design.
Signed-off-by: Leah Rowe <leah@libreboot.org>
upstream has merged all of the changes that it contained,
so we don't need this anymore. we'll have the newer upstream
changes on the next general revision updates for coreboot,
within config/coreboot/
Signed-off-by: Leah Rowe <leah@libreboot.org>
configure_project is a bit big. move the dependencies
build logic to a new function.
it may be desirable in future to make the way that
function works the way all build commands are done.
for example:
./update trees -b coreboot x230_12mb
would become:
./update trees -b coreboot/x230_12mb
this would enable to mix and match multi/single tree
projects. for now, leave things as they are.
Signed-off-by: Leah Rowe <leah@libreboot.org>
U-Boot has migrated to using upstream device-tree files for gru boards,
but the clock driver doesn't yet support setting rates for a certain
clock that upstream uses for the eDP display. It happens to work without
it, so for now remove the clock setting until the driver is fixed.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Commit 46e01c0e1dad ("u-boot: Avoid building U-Boot-only binman images")
added a patch that prevents an error while building U-Boot, due to some
U-Boot images needing a copy of BL31 that we are not passing in.
Removing build instructions for these images isn't really necessary,
when we can instead tell the build tool that it shouldn't exit with an
error. It checks a BINMAN_ALLOW_MISSING environment variable for this,
but just unconditionally replace the check with the argument.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Set default U-Boot revision to v2024.07 and rebase patches on top of
that. One patch that fixes drawing box characters (UTF-8 to CP437) had
an alternative merged, another hack we have to fix regulator issues is
no longer neccessary as the issue is fixed, and my QEMU patches were
merged upstream, so drop these patches. One patch we have to disable
binman images can be replaced by a simpler alternative so drop it too.
Upstream kconfig status is still unstable, so updating configs with
`make oldconfig` would miss important upstream changes, since they rely
on carrying defaults via upstream defconfigs. Update the configs as
such, like before:
- Turn old configs into defconfigs (./update trees -s u-boot)
- Save the diff from old upstream defconfig (diffconfig $theirs $ours)
- Update U-Boot revision, rebase patches, and clean old trees
- Prepare new U-Boot tree (./update trees -f u-boot)
- Review the diffconfigs to see if any options were renamed upstream
- Copy over the new upstream defconfigs and apply earlier diff
- Turn new defconfigs into configs (./update trees -l u-boot)
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
we used to set cmd only to these values:
build_project
build_targets
however, now we set them to:
build_project
build_targets $@
the latter cannot be measured reliably, but
we were checking whether cmd equalled:
build_targets
now we instead check that it does not equal:
build_project
Signed-off-by: Leah Rowe <leah@libreboot.org>
main() used to be the only function executed from
outside of main(), in this script, but now we source
a config file and then run the build afterward.
when a flag is provided without OPTARG, this means
that we are continuing such action erroneously. to
mitigate this, return 1 in that instance, and handle
it in the line that calls main(), making it exit with
zero status (success).
Signed-off-by: Leah Rowe <leah@libreboot.org>
instead of using lots of if/else conditions, do that once
and set a variable, dry, to :
if not doing a dry run, the variable is empty. prefix this
variable in places where you don't want a certain action to
be performed, on dry runs.
more specifically, : does *nothing* and always returns with
zero status (success).
this results in cleaner code, and a small sloccount reduction.
Signed-off-by: Leah Rowe <leah@libreboot.org>
move the coreboot-specific includes into mkhelper.cfg
for that project.
on some projects, we need variables from mkhelper.cfg
to be global, so I was including serprog and coreboot
mkhelper.cfg files in this script.
instead, set a new variable "mkhelpercfg" pointing to
the config file. if it doesn't exist, create and then
point to a temporary (empty) mkhelper.cfg file.
the rom.sh include has been moved to coreboot mkhelper.cfg
The only remaining project-specific logic, in this trees
script, is now the coreboot crossgcc handling, but this
needs to be there as it's also used to build U-Boot.
The way this now works, certain includes are done twice.
For example, include/rom.sh will be included once globally,
outside of main(), and then again in configure_project().
This means that certain functions will be defined twice.
I'm uncertain if shell has anything equivalent to an ifdef
guard as in C, but we actually want this here anyway, and
it shouldn't cause any problems. It's a bit of a hack, but
otherwise results in much cleaner code.
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, due to the idiosyncratic nature of the coreboot
build system, the coreboot.rom gets wiped out.
cbutils is still handled by premake. ensure that payloads are
only inserted just after running the coreboot make command.
fixes a build issues introduced on 9020sff, previously unhandled.
Signed-off-by: Leah Rowe <leah@libreboot.org>
pro-tip: don't do this at 3AM
do massive changes like this, no later than 1AM.
the intent anyway is for -d to cause no build dependencies
to be handled, but the current logic says to only handle
them if -d is set! fix it by removing the ! part
Signed-off-by: Leah Rowe <leah@libreboot.org>