same revision, but re-do the patches again.
i wasn't quite as thorough with some of it yesterday.
for example, i included the ifdtool nuke patch yesterday,
which is not actually required in cbmk
Signed-off-by: Leah Rowe <info@minifree.org>
Since the E6400 was made into a variant for the E4300 dir,
the VBT file is now located in the e6400 variant directory,
instead of the main directory for the port, the latter of
which now accounts for both mainboards.
Signed-off-by: Leah Rowe <info@minifree.org>
This is based on the same change recently made in
lbmk. A lot of unnecessary patches, and I want to
clean them all up.
Also, cbmk's /default didn't actually build, whereas
lbmk did, which is the primary motive for this rebase.
With this change, it should build again.
Signed-off-by: Leah Rowe <info@minifree.org>
Thanks go to Nicholas Chin and Lorenzo Aloe for working on
and testing this code. Based on the 780 MT port.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I reset it temporarily back to 1.16.3 when testing the
SeaBIOS hanging bug on 3050 micro, but the revision had
no effect; the bug was caused by a bad coreboot config
Signed-off-by: Leah Rowe <leah@libreboot.org>
- Update the MEC5035 S3 patches to the versions that were sent upstream
to prevent conflicts with subsequent patches for that EC.
- Update the patch that enables the S3 SMI handler in mainboard code so
that all Latitudes use the handler.
- Add a new patch that tells the EC to route power button events to the
host so that the OS can decide what to do. Without it, the EC powers
off the system without letting the OS cleanly shut down.
Signed-off-by: Nicholas Chin <nic.c3.14@gmail.com>
Due to quirks in how caching works in lbmk, this may be
error-prone. I'll properly address it in the next audit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Riku used this for debugging, when adding the MXM support
to the HP EliteBook 8560w port. It will be useful for other
work that I have planned, so I'm archiving this too!
Riku has a lot of useful code, that I meant to import ages ago.
Once I'm done importing these in lbmk, I'll add backup repos.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Based on hell's code, but parses inteltool logs.
This will be useful for ports that I have planned, so
I'd like this to be included with Libreboot releases.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Used to dump MXM config for a given mainboard. We used this
for the HP EliteBook 8560w.
I meant to import this via config/git/ ages ago.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This brings in the following important fix:
commit d128a0ae87086b37c0e5d7a8d934bcdee173402f
Author: Nicholas Chin <nic.c3.14@gmail.com>
Date: Fri Sep 27 22:57:22 2024 -0600
flashchips: Remove unsupported erase blocks for Winbond W25X{16,32,64}
This family of chips does not support the 0x52 (32 KiB block erase) and
0x60 (chip erase) opcodes according to their datasheet.
The full list of changes this brings in is as follows:
* d128a0a flashchips: Remove unsupported erase blocks for Winbond W25X{16,32,64}
* c6a924a Don't mention writing when erasing only (-E)
* dac4239 ch347_spi: Add 'spimode' parameter
* 56d236b chipset_enable: Add some newer AMD code names
* 3b9f152 chipset_enable: Probe AMD SPIBAR first and bail on ff
* 522160f meson: Add ft4222_spi
Nicholas Chin's patch fixes a bug on GM45 ThinkPads, where WX25
ICs (Winbond) could be read, but writes would fail in certain
cases because flashchips.c provided incorrect block erase commands.
This is unrelated to the --workaround-mx patch, for Macronix ICs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I was build-testing gru_bob on an arm64 host, and got a
build error when compiling U-Boot.
Python.h missing - installing python3-devel fixes it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I also checked the copyright declarations in the
directory src/mips/openbios where the PCSX-Redux BIOS
is, gleaning all the copyright years: 2019-2024 at this
time.
The years will be updated as and when PCSX-Redux is
updated in lbmk. Their BIOS is under MIT so I made lbmk
generate an appropriate COPYING file alongside the binary,
containing:
Copyright (c) 2019-2024 PCSX-Redux authors
Along with the actual text of the MIT license. With all
of this, the PCSX-Redux BIOS can now be included in
Libreboot releases.
No actual tarball is created. The release script in lbmk
simply copies the bin/ directory to ../roms
I'm leaving the PCSX-Redux BIOS release uncompressed,
because, and this will sound patronising because that is
my precise intention: Windows users don't know how to do
anything. If I provide a tarball to Windows users, they
won't know what to do. Libreboot releases always go on rsync
mirrors, which also have HTTP servers with indexing enabled,
for browsing release files.
I mention Windows users, because most people who use the PCSX
Redux BIOS will probably use it on a PlayStation emulator, and
most emulator users are on Windows. I can't really be bothered
to provide it as a .zip archive, and it's only 512kb, so just
provide it uncompressed in Libreboot releases!
Releases were already possible under this scheme, so this
patch really just adds the COPYING file. It's simply a courtesy
to the PCSX-Redux developers, providing proper credit to them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Not needed in our use-case, and probably doesn't have any
source code. Accidentally missed during prior audits.
Signed-off-by: Leah Rowe <info@minifree.org>
people were raising a stink about futility test data
in GNU Boot recently, which is proprietary data that
they forgot to delete.
i was already deleting this data since october 2023,
when canoeboot pretty much first started, and they
recently started following suit in their project.
however, i was deleting specific files, found as a
result of intense auditing done in october 2023. to
be more cautious, this patch now simply deletes the
entire directory, so that no test data remains. this
ensures that any future additions upstream will not
be included inadvertently in releases.
not to gloat, but this was never an issue in canoeboot.
again to be clear, this is a preventative fix; titled
"irony prevention", because such a bug in a future
release would indeed be highly ironic.
irony is not allowed.
Signed-off-by: Leah Rowe <info@minifree.org>
Add patches to convert the E6400 port into a GM45 Latitude variant and
add the E4300 as another variant, and create a config for the E4300.
Tested on my E6400 and E4300.
Signed-off-by: Nicholas Chin <nic.c3.14@gmail.com>
I also added a "cleanargs" argument, similar to the makeargs
argument, to work around a build error.
This builds the PCSX-Redux PS1 BIOS. They reverse engineered
the Sony PS1 BIOS and wrote a free one under MIT license.
Run this:
./mk -b pcsx-redux
The file will appear: bin/playstation/openbios.bin
Yes. PlayStation support. It's even RYF-friendly:
* Replace BIOS chip with PCSX-Redux's open BIOS
* Install PsNee modchip (libre modchip firmware)
* Install PicoStation (libre optical disc drive emulator)
* Libre SDKs are available e.g. PSn00bSDK
I added this to Libreboot, because I'm working on a fork of
DuckStation. DuckStation recently went proprietary, so I'm making
a fork (soon to be launched) that is based on the libre version,
and I was told of PCSX-Redux's Open BIOS, so I decided to add it
to the *boot projects.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Signed-off-by: Leah Rowe <info@minifree.org>
We don't need the entire emulator, but we will be using
a specific part: src/mips/openbios
third_party/uC-sdk submodule is included, because it
contains the necessary header files when building open bios.
I will be adding Sony Playstation support to Canoeboot,
alongside a new emulator project to be announced soon.
Yes, RYF playstation is possible. A real playstation can
run this BIOS. Then disable the copy protection from the
CD controller by installing a modchip (PsNee runs free
modchip firmware), and picostation is also libre if you want
something to boot software from SD card instead of CD-R.
Very hackable 90s games console. Libre SDKs also exist that
are quite powerful, so you can actually use this machine while
avoiding all proprietary software of any kind.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the coreboot413 tree is only needed for the cbfstool
revision that it has, and only on lbmk. i accidentally
added it, in the recent cbmk revision updates.
Signed-off-by: Leah Rowe <info@minifree.org>
The workaround-mx patch was rebased on one section in spi.c,
because that part in upstream added QPI support; in the newly
rebase mx patch, the workaround_mx behaviour is only
honoured if QPI (Quad SPI) is not in use.
Quad SPI is not used in practise, on the machines where this
workaround is intended (GM45 ThinkPads with Macronix chips).
This imports the following upstream changes:
* 639d563 README: Update flashprog.org URLs
* cbbd601 README: Update dependency list and Linux package names
* 79451f1 README: Rename "Packaging" -> "Source Packaging"
* 5b4695c README: Dial laptop warning down a little
* 7224085 udev rules: Add some more IDs
* 448457a ch347_spi: Add CH347F ID and loop over the entries
* e39549b ch347_spi: Search for compatible USB interface
* dfd0647 ich_descriptors: Refactor component density handling
* b2ad9fd ich_descriptors: Make use of SPI_ENGINE_PCH100 marker
* 140e22f chipset_enable: Make use of SPI_ENGINE_PCH100 marker
* 869f0e7 ichspi: Use `swseq_data' on ICH7 paths too
* eeee91b ichspi: Replace all switch/case on `ich_generation'
* ecba1d8 ichspi: Drop redundant bail-out cases in ich_set_bbar()
* e8babf4 ichspi: Use a single check to enable hwseq for PCH100+
* fda324b ichspi: Introduce SPI_ENGINE_PCH100 marker
* a1f6476 ichspi: Split ICH7 init out
* 3f75d44 ich_descriptors: Remove `Dual Output Fast Read' for newer gens
* 2862011 spi25: Try to set volatile quad-enable (QE) automatically
* 4ac536b spi25_statusreg: Allow to write (non-)volatile bits specifically
* b1d2bae dediprog: Fix and enable 4BA modes for SF600Plus-G2
* d0afeef dediprog: Disable 4BA modes for SF100 w/ protocol v2
* 1b1deda Implement QPI support
* a1b7f35 dediprog: Implement multi-i/o reads
* 008a44f dediprog: Split read/write command preparation by protocol
* 4760b6e spi25: Implement multi-i/o reads
* 0c9af0a spi25: Check quad-enable (QE) bit
* 930d421 spi25: Introduce generic spi_prepare_io()/spi_finish_io()
* 8d0f465 spi25: Extract 4BA preparations into new `spi25_prepare.c`
* 044c9dc Add FT4222H support
* fc7c13c linux_gpio2_spi: Implement multi i/o
* 5fc3154 bitbang_spi: Implement multi-i/o
* d16a911 bitbang_spi: Move API into its own header file
* 226bb87 flashchips: Add missing QE-bit definitions
* 4fa39c5 flashchips: Fill multi-i/o gaps in MX25U family
* 5f50999 flashchips: Fill multi-i/o gaps in MX25R family
* 46552c8 flashchips: Fill multi-i/o gaps in MX25L family
* 96786d0 flashchips: Fill quad-i/o gaps in XM25Q family
* a26a3c6 flashchips: Fill dual-i/o gaps in W25X family
* 2133f59 flashchips: Fill quad-i/o gaps in W25Q family
* 68573af flashchips: Split GD25Q127C and GD25Q128C
* 4da971f flashchips: Fill quad-i/o gaps in GD25*Q families
* f7e2d97 spi: Allow to define a quad-enable (QE) configuration bit
* 1412d9f spi: Rework FEATURE_QPI
* d518563 spi: Prepare for multi i/o and dummy bytes
* bd72a47 spi25_statusreg: support reading/writing configuration register
* 3d728e7 spi25_statusreg.c: support reading security register
* a358b14 flashchips: Split W25Q64.W -> W25Q64DW | W25Q64FW/W25Q64JW...Q
* 3127db1 manibuilder: Drop legacy flashrom tag collections
* 619d9c0 manibuilder: Use `test_build.sh'
* 6560bba manibuilder/almalinux: Install `diffutils' for new `test_build.sh'
* c7b549e test_build.sh: Compare output for -L of Make and Meson builds
* 72b30a0 test_build.sh: Don't try to run cross-compiled programs
* 3d2f212 test_build.sh: Allow to override Make and Meson commands
* 4eb9748 test_build.sh: Run tests for both Make and Meson builds
* 8279457 manibuilder: Add Alpine Linux 3.18 & 3.19 images
* 15e9b10 manibuilder/alpine: Install libjaylink-dev when available
* b8b3593 manibuilder: Add images for Fedora 38..40
* 7b05f09 manibuilder: Add images for Ubuntu 24.04 "Noble Numbat"
* 5e8b339 manibuilder/anita: Add NetBSD 10.0 i386 & amd64 images
* 61da8c7 manibuilder/anita: Export library path for libusb
* 39152af manibuilder: Set sourcearcade.org as default source
* 20073e7 Properly clear erase-block selection when bigger block is chosen
* 3824c8d ichspi: Allow all opcodes when the "opmenu" isn't locked
* 0d4354e flashchips: Add W25Q32JV-.M
Signed-off-by: Leah Rowe <leah@libreboot.org>
This brings in a single change:
commit ec0bc256ae0ea08a32d3e854e329cfbc141f07ad
Author: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon Jun 24 10:44:09 2024 +0200
limit address space used for pci devices, part two
This increases compatibility with i686 hosts, when allocating
memory for pci devices.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Of note: upstream has made several improvements to memory
management, and several fixes to file systems.
User-friendly change to LUKS: if the passphrase input failed,
the user is prompted again for the correct passphrase, instead
of GRUB just failing. Similar to cryptsetup luksOpen behaviour
under Linux.
This pulls in the following changes from upstream (gnu.org):
* b53ec06a1 util/grub-mkrescue: Check existence of option arguments
* ab9fe8030 loader/efi/fdt: Add fdtdump command to access device tree
* 0cfec355d osdep/devmapper/getroot: Unmark 2 strings for translation
* f171122f0 loader/emu/linux: Fix determination of program name
* 828717833 disk/cryptodisk: Fix translatable message
* 9a2134a70 tests: Add test for ZFS zstd
* f96df6fe9 fs/zfs/zfs: Add support for zstd compression
* 55d35d628 kern/efi/mm: Detect calls to grub_efi_drop_alloc() with wrong page counts
* 61f1d0a61 kern/efi/mm: Change grub_efi_allocate_pages_real() to call semantically correct free function
* dc0a3a27d kern/efi/mm: Change grub_efi_mm_add_regions() to keep track of map allocation size
* b990df0be tests/util/grub-fs-tester: Fix EROFS label tests in grub-fs-tester
* d41c64811 tests: Switch to requiring exfatprogs from exfat-utils
* c1ee4da6a tests/util/grub-shell-luks-tester: Fix detached header test getting wrong header path
* c22e052fe tests/util/grub-shell: Add flexibility in QEMU firmware handling
* d2fc9dfcd tests/util/grub-shell: Use pflash instead of -bios to load UEFI firmware
* 88a7e64c2 tests/util/grub-shell: Print gdbinfo if on EFI platform
* b8d29f114 configure: Add Debian/Ubuntu DejaVu font path
* 13b315c0a term/ns8250-spcr: Add one more 16550 debug type
* 8abec8e15 loader/i386/multiboot_mbi: Fix handling of errors in broken aout-kludge
* d35ff2251 net/drivers/ieee1275/ofnet: Remove 200 ms timeout in get_card_packet() to reduce input latency
* 86df79275 commands/efi/tpm: Re-enable measurements on confidential computing platforms
* 0b4d01794 util/grub-mkpasswd-pbkdf2: Simplify the main function implementation
* fa36f6376 kern/ieee1275/init: Add IEEE 1275 Radix support for KVM on Power
* c464f1ec3 fs/zfs/zfs: Mark vdev_zaps_v2 and head_errlog as supported
* 2ffc14ba9 types: Add missing casts in compile-time byteswaps
* c6ac49120 font: Add Fedora-specific font paths
* 5e8989e4e fs/bfs: Fix improper grub_free() on non-existing files
* c806e4dc8 io/gzio: Properly init a table
* 243682baa io/gzio: Abort early when get_byte() reads nothing
* bb65d81fe cli_lock: Add build option to block command line interface
* 56e58828c fs/erofs: Add tests for EROFS in grub-fs-tester
* 9d603061a fs/erofs: Add support for the EROFS
* 1ba39de62 safemath: Add ALIGN_UP_OVF() which checks for an overflow
* d291449ba docs: Fix spelling mistakes
* 6cc2e4481 util/grub.d/00_header.in: Quote background image pathname in output
* f456add5f disk/lvm: GRUB fails to detect LVM volumes due to an incorrect computation of mda_end
* 386b59ddb disk/cryptodisk: Allow user to retry failed passphrase
* 99b4c0c38 disk/mdraid1x_linux: Prevent infinite recursion
* b272ed230 efi: Fix stack protector issues
* 6744840b1 build: Track explicit module dependencies in Makefile.core.def
Signed-off-by: Leah Rowe <leah@libreboot.org>
same as the recent update in lbmk, but adapted for cbmk,
e.g. the patches to disable microcode blobs by default.
i copied it from the lbmk update but updated nuke.list
and excluded certain patches not needed in canoeboot, such
as the new dell latitude patches and haswell nri
The coreboot/dell tree was also merged to /default, just
like in lbmk. This puts Canoeboot completely in sync,
but with deblobbing as is customary for Canoeboot.
Signed-off-by: Leah Rowe <info@minifree.org>
I re-read the modified code, and it has defines in place
for building on Windows; I was defining ACCESSPERMS
universally, but it should only be defined for non-Windows
systems, which the context in this code means Linux/BSD.
Signed-off-by: Leah Rowe <leah@libreboot.org>
musl libc is very conservative in what it implements,
preferring a very "pure" libc implementation. this means
that it lacks many of the niceties found in others like
the GNU C Library; the latter implements many BSD libc
extensions, for example.
ACCESSPERMS is a #define in BSD libc that does:
S_IRWXU | S_IRWXG | S_IRWXO
Essentially, it provides a bitwise OR providing chmod 0777,
which can be used as shorthand in calls to functions such
as mkdir() available in all libc implementations.
In the case of uefitool, this define is indeed used on mkdir.
Conditionally re-define ACCESSPERMS, if undefined, so that musl
libc can be used when building uefitool.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this time, only handle multiple keymaps on seagrub
images. for images where seabios is first but does
not immediately load grub, whether grub is still
available in flash, just do one image (US Qwerty)
this still results in fewer images per target than
Libreboot 20240612, but should prevent most users
from being annoyed. i got a few people asking
repeatedly, and i hadn't documented yet how to add
keymap.gkb or how to remove bootorder, to get a
different keymap or disable seagrub respectively.
i anticipate that i'll get such questions a lot, even
if i do document it, so i'm reversing that decision.
it doesn't result in much extra code. the new design
in lbmk makes this sort of thing much simpler.
Signed-off-by: Leah Rowe <leah@libreboot.org>
U-Boot has migrated to using upstream device-tree files for gru boards,
but the clock driver doesn't yet support setting rates for a certain
clock that upstream uses for the eDP display. It happens to work without
it, so for now remove the clock setting until the driver is fixed.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Commit 46e01c0e1dad ("u-boot: Avoid building U-Boot-only binman images")
added a patch that prevents an error while building U-Boot, due to some
U-Boot images needing a copy of BL31 that we are not passing in.
Removing build instructions for these images isn't really necessary,
when we can instead tell the build tool that it shouldn't exit with an
error. It checks a BINMAN_ALLOW_MISSING environment variable for this,
but just unconditionally replace the check with the argument.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Set default U-Boot revision to v2024.07 and rebase patches on top of
that. One patch that fixes drawing box characters (UTF-8 to CP437) had
an alternative merged, another hack we have to fix regulator issues is
no longer neccessary as the issue is fixed, and my QEMU patches were
merged upstream, so drop these patches. One patch we have to disable
binman images can be replaced by a simpler alternative so drop it too.
Upstream kconfig status is still unstable, so updating configs with
`make oldconfig` would miss important upstream changes, since they rely
on carrying defaults via upstream defconfigs. Update the configs as
such, like before:
- Turn old configs into defconfigs (./update trees -s u-boot)
- Save the diff from old upstream defconfig (diffconfig $theirs $ours)
- Update U-Boot revision, rebase patches, and clean old trees
- Prepare new U-Boot tree (./update trees -f u-boot)
- Review the diffconfigs to see if any options were renamed upstream
- Copy over the new upstream defconfigs and apply earlier diff
- Turn new defconfigs into configs (./update trees -l u-boot)
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
move the coreboot-specific includes into mkhelper.cfg
for that project.
on some projects, we need variables from mkhelper.cfg
to be global, so I was including serprog and coreboot
mkhelper.cfg files in this script.
instead, set a new variable "mkhelpercfg" pointing to
the config file. if it doesn't exist, create and then
point to a temporary (empty) mkhelper.cfg file.
the rom.sh include has been moved to coreboot mkhelper.cfg
The only remaining project-specific logic, in this trees
script, is now the coreboot crossgcc handling, but this
needs to be there as it's also used to build U-Boot.
The way this now works, certain includes are done twice.
For example, include/rom.sh will be included once globally,
outside of main(), and then again in configure_project().
This means that certain functions will be defined twice.
I'm uncertain if shell has anything equivalent to an ifdef
guard as in C, but we actually want this here anyway, and
it shouldn't cause any problems. It's a bit of a hack, but
otherwise results in much cleaner code.
Signed-off-by: Leah Rowe <leah@libreboot.org>
-d does the same as -b, except for actually building
anything! in effect, it does the same as -f (fetch)
except that the resulting variable assignments will
not be recursive (as with -f).
if -d is passed, configuration is still loaded, defconfig
files are still cycled through, and more importantly:
helper functions are still processed.
the grub, serprog and coreboot helper functions have
been modified to return early (zero status) if -d is
passed.
example usage:
./update trees -d coreboot x230_12mb
this would download the files, NOT build coreboot, and
NOT build the payloads.
there is one additional benefit to doing it this way:
the utils command has been removed, e.g.
./update trees -b coreboot utils default
the equivalent is now:
./update trees -d coreboot default
the overall effect of this change is that the trees script
no longer contains any project-specific logic, except for
the crossgcc build logic.
it does include some config/data mkhelper files at the top,
for serprog and coreboot, so that those variables defined in
those files can be global, but another solution to mitigate
that will also be implemented in a future commit.
the purpose of this and other revisions (in the final push
to complete lbmk audit 6 / cbmk audit 2) is to generalise as
much logic as possible, removing various ugly hacks.
Signed-off-by: Leah Rowe <leah@libreboot.org>
stub it from the trees script. the way it works now,
there is less code in the build system.
./build roms
this is no longer a thing
./build roms serprog
this is also no longer a thing. instead, do:
./update trees -b coreboot targetnamehere
./update trees -b pico-serprog
./update trees -b stm32-vserprog
the old commands still works, which causes the new
commands to run
coreboot roms now appear in elf/, not bin/, as before,
but those images now contain payloads.
NOTE: to contradict the above: ./build roms is no
longer a thing, in that it's now deprecated, but
backward compatibility is present for now. it will
be removed in a future release.
./build roms list also still works! it will do:
./update trees -b coreboot list
also:
./update trees -b grub list
this is now possible too
if a target "list" is provided, for multi-tree sources,
the targets are shown.
there is another difference: seagrub roms are now seagrub_,
instead of seabios_withgrub.
seabios-only roms are no longer provided, where grub is also
enabled; only seagrub is used. the user can easily remove
the bootorder file, if they want seabios to not try grub first.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't put it in the install modules.
this works around a hanging issue on haswell thinkpads.
when any usb device is inserted, GRUB will sometimes
hang if started from the SeaBIOS payload, *while* the
USB device is plugged in.
plugging in the USB device after GRUB starts worked.
it will have to be investigated more at a later date,
but this simply configuration change works.
the xhci module is already loaded explicitly, in grub.cfg
Signed-off-by: Leah Rowe <leah@libreboot.org>
stick the makeargs in mkhelper
i previously did cbmakeargs because the old revisions
had to define makeargs per-target otherwise. mkhelper
was done specifically to solve that problem.
Signed-off-by: Leah Rowe <leah@libreboot.org>
instead, make it a helper function, defined in target.cfg
this means that we can also do the same with other projects
in the future, and it is expected that we will have to.
these helper functions are used in cases where we want
additional actions to be performed.
actually, the helper could be anything. for example, you
could write:
mkhelper="./build foo bar"
and it would do that (at the point of execution, PWD
is the root directory of the build system)
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't hardcode the check based on whether the current
project is grub. instead, define "btype" in target.cfg
if unset, we assume kconfig and permit kconfig commands
e.g. make menuconfig, make silentoldconfig, etc
this is to avoid the deadliest of sins:
project-specific hacks
Signed-off-by: Leah Rowe <leah@libreboot.org>
bios_extract, biosutilities and uefitool are used
by lbmk, but not by cbmk.
remove these. they were accidentally added during
cherry-picking of lbmk patches.
no harm done, because they are freue software packages
so they don't violate canoeboot's policy, but they are
nonetheless superfluous in the canoeboot project.
Signed-off-by: Leah Rowe <info@minifree.org>
Never, ever build images where GRUB is the primary payload.
These options have been removed from target.cfg handling:
* seabios_withgrub
* grub_withseabios
The "payload_grub" variable now does the same thing as
the old "seabios_withgrub" variable, if set.
The "grubonly" configuration is retained, and enabled by
default when SeaGRUB is enabled (non-grubonly also available).
Due to lbmk issue #216, it is no longer Libreboot policy to
make GRUB the primary payload on any board. GRUB's sheer size
and complexity, plus the large number of memory corruption issues
similar to it that *have* been fixed over the years, tells me
that GRUB is a liability when it is the primary payload.
SeaBIOS is a much safer payload to run as primary, on x86, due
to its smaller size and much more conservative development; it
is simply far less likely to break.
If GRUB breaks in the future, the user's machine is not
bricked. This is because SeaBIOS is the default payload.
Since I no longer wish to ever provide GRUB as a primary
payload, supporting it in lbmk adds needless bloat that
will later probably break anyway due to lack of testing,
so let's just assume SeaGRUB in all cases where the user
wants to use a GRUB payload.
You can mitigate potential security issues with SeaBIOS
by disabling option ROM execution, which can be done at
runtime by inserting integers into CBFS. The SeaBIOS
documentation says how to do this.
Libreboot's GRUB hardening guide still says how to add
a bootorder file in CBFS, making SeaBIOS only load GRUB
from CBFS, and nothing else. This, combined with the
disablement of option ROM execution (if using Intel
graphics), pretty much provides the same security benefits
as GRUB-as-primary, for example when setting a GRUB password
and GPG checks, with encrypted /boot as in the hardening guide.
Signed-off-by: Leah Rowe <leah@libreboot.org>