850 lines
50 KiB
Markdown
850 lines
50 KiB
Markdown
|
% Canoeboot Build System Audit 1
|
||
|
% Leah Rowe
|
||
|
% 9 June 2024
|
||
|
|
||
|
**A new release is now available, with these changes. Learn more by reading
|
||
|
about the [Canoeboot 20240612 release](canoeboot20240612.md).**
|
||
|
|
||
|
NOTE: This audit pertains to Canoeboot as of 9 June 2024 but the article is
|
||
|
published on 12 June 2024; nonetheless, the article date is set to June 9th.
|
||
|
For changes up to June 12th, please read the Canoeboot 20240612 announcement.
|
||
|
|
||
|
Introduction
|
||
|
============
|
||
|
|
||
|
Canoeboot is a free/libre boot firmware project. It replaces your
|
||
|
proprietary BIOS/UEFI firmware, on supported x86 and ARM computers. It does
|
||
|
this by providing an automated build system to download, patch and compile
|
||
|
the various upstream sources (e.g. coreboot, GRUB, SeaBIOS). Coreboot is used
|
||
|
for hardware initialisation, configuring everything from your CPU, memory
|
||
|
controller all way to peripherals, readying the hardware so that it can run
|
||
|
software, e.g. GNU+Linux operating systems. You can essentially think of *cbmk*,
|
||
|
which is Canoeboot's build system, as a *source-based package manager*. It is
|
||
|
what the Canoeboot releases are built with. The *cbmk* build system essentially
|
||
|
implements a *coreboot distro*, the same way you might think of a GNU+Linux
|
||
|
distribution.
|
||
|
|
||
|
Extensive auditing has been performed on cbmk, since the Canoeboot 20240504
|
||
|
release. These audits fix bugs, reduce code bloat and generally improve the
|
||
|
efficiency of cbmk, adding and removing features in a careful, conservative
|
||
|
way, with a focus on *clean code*. Remember the magic words: code equals bugs.
|
||
|
|
||
|
This article covers changes from Canoeboot 20240504, up to
|
||
|
revision `4f6fbfde81f5176e5892d1c00627f8f680fd3780` from 9 June 2024.
|
||
|
|
||
|
Some notes about this audit
|
||
|
---------------------------
|
||
|
|
||
|
This is the *first* official Canoeboot audit. The initial Canoeboot releases,
|
||
|
from October/November 2023, incorporated changes from Libreboot Build System
|
||
|
Audit 3, and Canoeboot 20240504/20240510 included changed from Libreboot Build
|
||
|
System Audit 4, plus changes adapted from releases up to Libreboot 20240504 and
|
||
|
a bit beyond; however, Canoeboot used to be synced with Libreboot per each
|
||
|
Libreboot release - nowadays, it is synced *per commit* on both the build system
|
||
|
and the documentation, plus other repositories.
|
||
|
|
||
|
Therefore, whenever a Libreboot audit is announced, a corresponding Canoeboot
|
||
|
audit will also be announced. To keep it clean, we will simply refer to this
|
||
|
one as the *first* official Canoeboot Build System Audit, or *audit 1*.
|
||
|
|
||
|
ALSO: Canoeboot 20240510 was released *during* the audit; this changelog is in
|
||
|
reference to Canoeboot 20240504, *not* 20240510.
|
||
|
|
||
|
Modest code size reduction
|
||
|
--------------------------
|
||
|
|
||
|
There are 1054 lines of shell script in the build system, versus 1208 in the
|
||
|
Canoeboot 20240504 release. Canoeboot's build system is written purely in
|
||
|
POSIX sh; not BASH, not KSH, not ZSH, jush sh!
|
||
|
|
||
|
This is a difference of 154 lines, or a 13% reduction. Despite the reduction,
|
||
|
numerous features have been added and a large number of bugs were fixed.
|
||
|
|
||
|
Summarised list of changes
|
||
|
==========================
|
||
|
|
||
|
Changes are in order per category, from newest to oldest:
|
||
|
|
||
|
Feature changes
|
||
|
---------------
|
||
|
|
||
|
* **Download crossgcc tarballs as dependencies, when cloning coreboot.** We
|
||
|
previously relied on the coreboot build system, which automatically fetches
|
||
|
these when running `make crossgcc`, which we run automatically. However,
|
||
|
the coreboot logic has to be patched for reliability because the GNU HTTP 302
|
||
|
redirect often fails so we use a static mirror, and the logic has no
|
||
|
redundancy. With this new change, we use the same tarballs but we specify
|
||
|
two URLs, a main and a backup. This also means that the tarballs will once
|
||
|
again be included in Canoeboot release archives, enabling offline builds.
|
||
|
* **Support downloading files as submodules, in Git repositories.** This
|
||
|
complements the pre-existing feature where sub-repositories (Git) can be
|
||
|
cloned into a subdirectory of a given main repo. We use this for crossgcc,
|
||
|
as referenced above.
|
||
|
* New files under `config/dependencies/` for Fedora 40 and Ubuntu 24.04. Now
|
||
|
you can run `./build dependencies fedora40`
|
||
|
and `./build dependencies ubuntu2404` on each respective distro, to get
|
||
|
the right build dependencies for building Canoeboot from cbmk.
|
||
|
* **NEVER** run `git submodule update`, *ever*. Instead, rely *solely* on
|
||
|
config/submodule/ to define which dependencies should be downloaded, to each
|
||
|
given subdirectory within a main project. This is using a feature described
|
||
|
later on (in this audit report), whereby projects can have redundant
|
||
|
submodule repositories defined; initially, this feature was an *override*
|
||
|
where otherwise the submodule update command would be executed if
|
||
|
the `.gitmodules` file existed for a given project; this override is now
|
||
|
the *only* way to do it, and is thus the default behaviour. This may be
|
||
|
considered a preventative bug fix, in case certain projects auto-download
|
||
|
submodules that might cause us trouble in the future. It's better that we
|
||
|
maintain tight control of submodules.
|
||
|
* **Summarising the next few changes mentioned below: out-of-source builds
|
||
|
are now fully supported, for both single- and multi-tree projects.** (it was
|
||
|
previously only supported on multi-tree projects)
|
||
|
* Moved builds of coreboot utilities (e.g. cbfstool) to `elf/utilname`,
|
||
|
e.g. `elf/cbfstool/default/cbfstool` would be the new cbfstool binary location
|
||
|
for the one build from coreboot in the `default` tree.
|
||
|
* script/trees: Now single-tree builds are skipped if a build exists
|
||
|
under `elf/projectname/`, based on the presence of a `build.list` file; this
|
||
|
is consistent with the same behaviour pre-existing for multi-tree projects.
|
||
|
* When building memtest86plus, the binary is now placed out-of-source,
|
||
|
into `elf/memtest86plus`.
|
||
|
* When building flashprog, the binary is now placed out-of-source,
|
||
|
into `elf/flashprog/`.
|
||
|
* Use new function `singletree` to decide whether to use submodules, rather
|
||
|
than hardcoding a check for *coreboot* - NOTE: use of submodules was later
|
||
|
disabled during this audit, replaced with custom handling in cbmk.
|
||
|
* For error exits caused by *improper commands* (as opposed to fault conditions
|
||
|
while processing valid commands), don't directly call `err`; instead, call a
|
||
|
newly written function `badcmd` which says that much, and links to the
|
||
|
website (if `docs/` is present as in releases, it also points there).
|
||
|
* Added a `projectsite` file pointing to canoeboot.org, complementing the
|
||
|
existing `projectname` file which contains the word `canoeboot`. This is
|
||
|
used in the `version` command.
|
||
|
* **GRUB is now a multi-tree project.** Each given coreboot target can
|
||
|
specify which GRUB tree it wants to use, each containing its own revision
|
||
|
and patches, with its own GRUB configuration file. This can be used later on
|
||
|
to provide specific optimisations on each given mainboard, but it is used
|
||
|
at present to exclude xHCI patches on boards that don't need it; please also
|
||
|
read the bugfix section (of this audit report) pertaining to this same topic,
|
||
|
for more context. Before this change was implemented, all mainboards used
|
||
|
the exact same GRUB revision, with the same patches and the same config.
|
||
|
* grub.cfg: scan `grub2/` last, on each given device/partition; this speeds
|
||
|
up the boot time in most tests, because most setups use `grub/`,
|
||
|
but `grub2/` is still used on legacy setups so we have to support it and, for
|
||
|
reasons mentioned in the bullet point below, GRUB is very inefficient at
|
||
|
generating the list of devices/partitions when using the `*` wildcard, so
|
||
|
we can't scan `grub*/`.
|
||
|
* grub.cfg: it now scans a reduced set of devices/partitions by default, while
|
||
|
still ensuring (in practise, on real systems) that all such devices and
|
||
|
partitions will be scanned. We hardcode this, because the `*` wildcard in
|
||
|
GRUB is *very slow* on some machines, due to the way the GRUB kernel
|
||
|
constantly re-initialises the list of devices and partitions during operation.
|
||
|
Scanning an *excessive* number of hardcoded device/partition numbers slows
|
||
|
down the boot too, so this has been optimised. It has been tested and it
|
||
|
shouldn't cause any issues on machines/setups that people actually use.
|
||
|
* **grub.cfg: scan distro-provided grub.cfg from ESP;** we previously only
|
||
|
scanned the ESP for isolinux/syslinux configurations (which GRUB can parse).
|
||
|
* grub.cfg: Don't search for `*_grub.cfg` as this slows down the bootup
|
||
|
sequence, and nobody really uses this anymore; Canoeboot's GRUB is much more
|
||
|
robust these days, pretty much booting anything automatically, but you used
|
||
|
to have to (regularly) use a `canoeboot_grub.cfg` file to override the default
|
||
|
one provided by your distro. This legacy cruft has been removed, entirely!
|
||
|
* script/roms: Allow to override `grub_scan_disk` via `-s`, for
|
||
|
example: `./build roms -s nvme t1650_12mb`
|
||
|
* **grub.cfg: Use `grub_scan_disk` to set boot order (rather, boot order by
|
||
|
device type).** It is possible now to configure each mainboard with this
|
||
|
variable, so that certain types of devices are scanned in a precise order;
|
||
|
for example, scan NVMe SSDs first.
|
||
|
* **include/git.sh: Allow manual override of `git submodule` handling**, instead
|
||
|
directly downloading Git repositories using `git clone`, into the subdirectory
|
||
|
of a given main Git repository (as per `src/projectname` scheme). With this
|
||
|
feature, it is possible now to specify a *backup* submodule repository, for
|
||
|
redundancy, all while still allowing to reset the revision (and *patch* the
|
||
|
given submodule). This has been used to provide greater redundancy when
|
||
|
downloading coreboot submodules. It also allows to *limit* the number of
|
||
|
submodules, so now we only download the ones we need, thus saving bandwidth
|
||
|
especially during very large and long build sessions. - *NOTE: this was
|
||
|
later changed so as to be the ONLY method for downloading submodules, skipping
|
||
|
the actual git-submodule-update command entirely, on all projects.*
|
||
|
* **Native NVMe driver added to the GRUB payload**, allowing users to boot from
|
||
|
NVMe SSDs where present on a given mainboard. The patch is courtesy of
|
||
|
Mate Kukri, who ported SeaBIOS's own NVMe driver, converting all of the
|
||
|
code to run properly within GRUB's own kernel. NVMe SSDs are now fully
|
||
|
bootable on all machines that can have them, offering vastly superior
|
||
|
read and write performance when compared to SATA SSDs.
|
||
|
* include/git.sh: Allow patching git submodules (NOTE: support for submodules
|
||
|
was removed entirely, later in the audit, in favour of custom logic in cbmk
|
||
|
for the downloading of such dependencies).
|
||
|
* Added Portuguese keyboard support in the GRUB payload (patch courtesy of
|
||
|
the contributor by alias `samuraikid`).
|
||
|
* Removed all help commands, because it's just a duplication of documentation
|
||
|
that is already included in releases anyway, and people using the Git
|
||
|
repository require internet access anyway, so they can just use the website.
|
||
|
* Main build script: removed the functionality for generating source tarballs
|
||
|
where the only source code included is U-Boot; we do not need this, because
|
||
|
the larger source tarball containing all of Canoeboot also contains U-Boot.
|
||
|
* include/option.sh: Don't bother checking for GNU Tar, because we were only
|
||
|
using it for reproducible tarball generation which didn't work yet anyway;
|
||
|
there are still ways of doing it with BSD tar and so on.
|
||
|
* Print a two-line break before confirming the location of the generated
|
||
|
release archive, when running release builds. This makes it more obvious
|
||
|
to the operator.
|
||
|
* Removed all status checks from script/roms (formerly script/build/roms),
|
||
|
because it's better to document this instead, and rely on testing regardless.
|
||
|
|
||
|
Bug fixes
|
||
|
---------
|
||
|
|
||
|
Some of these changes fix actual issues that were found in testing, while
|
||
|
others were fixed *before* being triggered/reported and are thus *preventative
|
||
|
bug fixes*. The logic in cbmk has been very intensively audited as is customary!
|
||
|
|
||
|
The changes are, from newest to earliest:
|
||
|
|
||
|
* script/trees: Exit with error status if a given project is not defined. It
|
||
|
was previously decided that this script could be used to directly run Makefiles
|
||
|
from any given directory, but this is no longer done as it was error-prone;
|
||
|
this change prevents such usage, thereby preventing unstable conditions within
|
||
|
the build system.
|
||
|
* **Create a lock file when running cbmk.** Only do it from the main parent
|
||
|
instance, but not child instances of it; delete it at the end, after exiting
|
||
|
from the parent process. If starting a separate parent process, that one
|
||
|
will now immediately exit (with error status) if the lock file exists. This
|
||
|
prevents the fault condition where the user accidentally runs the same cbmk
|
||
|
instance twice, from the same work directory; it is only designed to be
|
||
|
executed once, per work directory. This is similar to the locking feature
|
||
|
you find in package managers such as apt-get. Also do this in release/
|
||
|
directories, while building (but don't include a lock file inside the tarball).
|
||
|
* include/git.sh: When doing a global check for files in every project all at
|
||
|
once, as defined by each respective (if existent) `nuke.list` file, hide
|
||
|
the output. Only show the output when running it on a specific project, not
|
||
|
the one in the for loop. This prevents user confusion / false bug reports.
|
||
|
* include/git.sh: Download coreboot as defined by `xtree` *before* downloading
|
||
|
the main project that defined it, to prevent a situation where the main project
|
||
|
is downloaded successfully but not the dependency (defined by `xtree`); this
|
||
|
is to maintain the integrity of the build system under fault conditions.
|
||
|
* include/lib.sh: When a download fails (running the `download` function),
|
||
|
don't then say that the file is "missing". Instead, actually say that the
|
||
|
download failed, so that the operator has a better understanding.
|
||
|
* include/lib.sh: Hide stderr on the `download` function, for the initial
|
||
|
check when verifying an existing file; although no problem existed on
|
||
|
technical terms, the output was confusing because it made the user think
|
||
|
there was a problem. The logic then downloads and re-verifies, and the
|
||
|
output indicating *that* verification has not been hidden; if the file
|
||
|
already exists, this is simply indicated by `e()`. This is considered a bug
|
||
|
fix, because it fixes the bug where users made erroneous bug reports, by
|
||
|
re-engineering the situation so that they do not make such erroneous reports.
|
||
|
TL;DR hide a totally benign (non-)error message.
|
||
|
* include/git.sh: Provide better user feedback about what is being downloaded
|
||
|
and where - although nothing was broken before, this lack of feedback was a
|
||
|
bug because it made debugging harder. Provide more clarity for the user.
|
||
|
* include/git.sh: Download dependencies *before*, not *after*, downloading the
|
||
|
project sources that depend on it. For example, pico-serprog depends on
|
||
|
pico-sdk. If you were to download pico-sdk *after* pico-serprog, the latter
|
||
|
may be downloaded and placed in src/, but then the former (sdk) could fail
|
||
|
due to bad internet, and now the overall downloaded code is corrupt, and there
|
||
|
was nothing checking for this after the fact; checking for it would be bloat.
|
||
|
By downloading the dependency *before*, then if *that* download fails, so
|
||
|
does the main one, and integrity is maintained within the build system.
|
||
|
* Preventative bugfix: don't check empty paths in `copy_elf` (of script/trees),
|
||
|
even though this potential bug was not yet triggered. Play it safe.
|
||
|
* script/trees: Don't check pre-existing builds in elf/ if `build.list` is
|
||
|
missing, otherwise it's too soon and builds are prevented in the first place;
|
||
|
this was caused initially when supporting out-of-source builds for single-tree
|
||
|
projects, as was already done on multi-tree. Now this is fixed.
|
||
|
* Documentation: only define the Untitled Static Site Generator
|
||
|
in `config/git` - the dependencies (markdown files and images) are now
|
||
|
defined in config/submodules/ instead. This prevents the bug where you could
|
||
|
download one of the dependencies first which would make the main project,
|
||
|
Untitled, un-downloadable, since the dependency projects go in subdirectories
|
||
|
of the main project that depends on them.
|
||
|
* Handle serprog dependencies in config/submodule instead of relying on
|
||
|
the git submodule update command, and only provide necessary modules. This
|
||
|
prevents the bug where downloading a dependency first later prevented the
|
||
|
main project from being downloaded, if the dependency was in a subdirectory
|
||
|
of what depends on it.
|
||
|
* Build coreboot utilities on a number of threads as defined by `XBMK_THREADS`;
|
||
|
although they already compiled, they would always do so on a single thread,
|
||
|
which is considered a bug. Now they can be compiled on multiple threads.
|
||
|
* include/lib.sh: Don't use `./update trees -f` to build coreboot *utilities*,
|
||
|
because it's quite error prone and not what that script is designed to do;
|
||
|
it is only designed to operate based on strictly defined single- and
|
||
|
multi-tree projects. Instead, call `make` directly.
|
||
|
* Don't use the presence of a `build.list` file to detect a multi-tree project
|
||
|
when running `./update trees`; instead, check the presence of `target.cfg`
|
||
|
down one level from `config/project/`, so: `config/project/*/target.cfg`
|
||
|
instead of `config/project/target.cfg`. This way, if someone working on cbmk
|
||
|
accidentally adds that `build.list` file in the wrong place, cbmk won't
|
||
|
become unusable. This also means that single-tree projects can now provide
|
||
|
a `build.list` file! (and some of them now do - look at the features section
|
||
|
on this page)
|
||
|
* Move check for *root user* to include/lib.sh, *before* the version/versiondate
|
||
|
files are written; these files need to be writeable by the standard user,
|
||
|
otherwise cbmk will exit. If you run cbmk as root, except when running the
|
||
|
dependencies command, it exits with error status; ironically, that very same
|
||
|
check then prevented running as root-root, causing cbmk to become unusable
|
||
|
until those files were either deleted or had ownership changed. This fix
|
||
|
prevents the bug from occuring ever again, but people who were previously
|
||
|
affected still have to fix these files (if they were written as root).
|
||
|
* Move dependency handling to include/lib.sh, *before* the version/versiondate
|
||
|
files are written, and *exit* before they are written; this prevents writing
|
||
|
the version/versiondate files as root, which previously occured when running
|
||
|
a command such as `./build dependencies debian` (installs build dependencies
|
||
|
from apt-get on a Debian machine). This bug ironically prevented cbmk from
|
||
|
running at all, under such conditions, because the dependencies script
|
||
|
required root, but cbmk exits with error status if running anything else as
|
||
|
root, and if version/versiondate are owned by root, that prevents cbmk from
|
||
|
running because writing to these files is the first thing it does, so an exit
|
||
|
with error status would otherwise occur.
|
||
|
* config/git/: Bump to a newer revision of Untitled (static site generator),
|
||
|
which thereby also imports the same fix as described in the next bullet
|
||
|
point below, because Untitled had (and now no longer has) the exact same bug.
|
||
|
* include/lib.sh: check environmental variables properly, for example
|
||
|
check that `${XBMK_RELEASE+x}` isn't unset; it was previously grepping
|
||
|
the output of `set`, which led to a bug report by a user who had the
|
||
|
variable `TMUX_TMPDIR` set, whereas `TMPDIR` was unset and cbmk was checking
|
||
|
the latter; in this example, the bug caused cbmk to act as though `TMPDIR`
|
||
|
was set, when it in fact wasn't, and code that used it then crashed because
|
||
|
cbmk does `set -u -e` (and it does this precisely to catch such bugs like the
|
||
|
one you're reading about now so that they can be fixed, like this one was!)
|
||
|
* **Re-configured GRUB so that none of the currently supported machines contain
|
||
|
xHCI support**. This is a mitigation against the bug reported in [lbmk
|
||
|
issue 216](https://codeberg.org/libreboot/lbmk/issues/216). This is done, by
|
||
|
using the new *multi-tree* GRUB handling, which is mentioned above in
|
||
|
in the section (of this audit report) pertaining to *feature changes*, whereby
|
||
|
each mainboard can have its own GRUB revisions and patches, with its own
|
||
|
GRUB configuration file (that could be uniquely optimised for it).
|
||
|
We do not need xHCI patches on any Canoeboot machines, but the patches are
|
||
|
free software regardless, and it's important to keep Canoeboot in sync with
|
||
|
Libreboot. It may be that you want to enable it on a custom configuration,
|
||
|
for example if you use a USB3 card on a KGPE-D16, but it is not currently
|
||
|
enabled by default on any Canoeboot machines.
|
||
|
* **Fix vboot build issue when running cbmk in i686 (32-bit) host machines**.
|
||
|
The patch, courtesy of *Luke T. Schumaker*, adapts vboot's vmlinuz extract
|
||
|
function so that it uses pointer logic directly, instead of defining
|
||
|
integers (of type `ssize_t`) which, the way it was written, caused GCC to
|
||
|
believe that there would be a buffer overflow in code; the new code is more
|
||
|
robust and should prevent such an issue. This is both an *acute* bug fix,
|
||
|
fixing a bug that was actually triggered, and a preventative bug fix as the
|
||
|
original code wasn't correct either, even on AMD64 hosts (where it happened
|
||
|
to compile anyway).
|
||
|
* **GRUB: Never run it as a primary payload on any target but QEMU**. This is
|
||
|
a preventative bug fix, after lbmk bug report issue 216:
|
||
|
<https://codeberg.org/libreboot/lbmk/issues/216> - although it was caused by
|
||
|
the xHCI patches, and only happened on Sandybridge hardware, and although
|
||
|
this was later removed on those boards, GRUB is very complex and likely has
|
||
|
a lot of memory corruption issues. SeaBIOS is more reliable, so: Canoeboot
|
||
|
only provides *SeaBIOS* as primary payload, but allows you to execute GRUB
|
||
|
from the SeaBIOS menu (the very same GRUB). Additionally: cbmk already
|
||
|
supported a configuration whereby SeaBIOS reads a `bootorder` file in CBFS,
|
||
|
making it try to run the GRUB payload first, while still allowing you to
|
||
|
interrupt by pressing ESC to bring up an alternative boot select menu. This
|
||
|
is now the *default*, on all x86 mainboards. This is a mitigation against
|
||
|
future instability in GRUB because, if such issues happen again, it will not
|
||
|
cause a brick since you can just use SeaBIOS instead, and skip booting to
|
||
|
the GRUB payload (on the affected machines, BIOS GRUB still worked, which
|
||
|
your distro provides and SeaBIOS executes it). *NOTE: GRUB was later made
|
||
|
into a multi-tree project, with certain mainboards using a version that
|
||
|
has the xHCI patches, if required, because the machines that actually need
|
||
|
xHCI support were not affected by the bug referenced in issue 216.*
|
||
|
* Main build script: Check SUID before checking Git name/email, otherwise the
|
||
|
version/versiondate files could be written as root and thus prevent building
|
||
|
of cbmk, which (for most commands) is intentionally engineered to exit (with
|
||
|
error status) if you run it as root.
|
||
|
* script/trees: Reset variable `makeargs` per target, so as to prevent
|
||
|
pollution of this variable when switching from one build target to the next.
|
||
|
* script/trees: Added `UPDATED_SUBMODULES=1` to the make command when running
|
||
|
any coreboot `make` command, to prevent coreboot from automatically fetching
|
||
|
certain Git submodules; this is a preventative fix, fixed before it became
|
||
|
a bug, which it likely would have become at some point as this is exactly
|
||
|
what the coreboot build system does!
|
||
|
* Main build script: hide the output of `git init` when cbmk re-initialises the
|
||
|
Git history, to prevent its output from being wrongly inserted into the
|
||
|
output of commands such as `./build roms list` - such pollution would cause
|
||
|
build errors, so it's important that the Git initialisation function either
|
||
|
doesn't output anything, or that it should cause an *exit* if output is to be
|
||
|
required.
|
||
|
* Added the `CHANGELOG` file to `.gitignore`. This means `./update release`
|
||
|
will now work, on release archives, because cbmk re-initialises Git history
|
||
|
when doing so, but the CHANGELOG file (when present) causes cbmk to skip
|
||
|
all source downloads (which the release builder relies on).
|
||
|
* **Fix garbled output on 1440x900 monitors when using the Dell Latitude E6400.**
|
||
|
The E6400 uses a reference clock (`DPLL_REF_SSCLK`) set to 100MHz, whereas
|
||
|
libgfxinit assumed 96MHz. This timing descrepancy did not cause an issue on
|
||
|
lower resolution displays, so we never caught it in earlier testing. Patch
|
||
|
courtesy of Nicholas Chin, who debugged this issue alongside the user who
|
||
|
reported it. It was fixed by making such timing configurable, within the
|
||
|
coreboot build system, setting it to 100MHz on Dell Latitude E6400.
|
||
|
* script/roms: Skip a target when its config directory is missing, so that
|
||
|
running a coreboot target with no configs in it will not yield an error;
|
||
|
instead, it will now cause a non-error return.
|
||
|
* include/option.sh: If `.git` is missing, in a bare copy of cbmk (not a
|
||
|
release archive), recreate the version/versiondate files manually so as to
|
||
|
prevent a build error. Use of `cbmk.git` or the release archives is
|
||
|
recommended, but some users directly download snapshots of `cbmk.git` from
|
||
|
sites such as Codeberg, and there's no way for us to turn off this feature;
|
||
|
even if we did, it may be present on other Git hosting sites, where users
|
||
|
might host their own copy of cbmk.
|
||
|
* include/option.sh: Don't return non-zero status from the function
|
||
|
named `mkrom_tarball`, because certain other functions rely on its return
|
||
|
value to always be *zero*; instead, call `err` which will then yield
|
||
|
an *exit* (with non-zero status). This means that the function will now
|
||
|
always *return* zero, when it returns.
|
||
|
* include/git.sh: Remove `.git` directories *per-project*, as and when each
|
||
|
project is being downloaded, instead of having it done all in bulk by the
|
||
|
main build script. This kicks in when `XBMK_RELEASE` is set (release builds),
|
||
|
to correct the over-use of disk space during such very large builds processes.
|
||
|
This makes the build system less likely to OOM when running it inside tmpfs.
|
||
|
* Main build script: initialise Git history *before* running any command,
|
||
|
because this is required for reliable use of the coreboot build system, which
|
||
|
the *inject* command makes heavy use of. This reduces the number of errors,
|
||
|
when running these commands from a release archive, where cbmk re-initialises
|
||
|
a new Git history when you run it for the first time.
|
||
|
* Main build script: define `xp` as a global variable, to prevent it from
|
||
|
being lost between functions.
|
||
|
* script/roms: Create full release tarball name, when generating releases.
|
||
|
* Main build script: exit (with error status) if not running directly from
|
||
|
the root of the cbmk work directory.
|
||
|
|
||
|
General code cleanup
|
||
|
--------------------
|
||
|
|
||
|
In addition to *general* very sweeping code cleanup, condensing code lines
|
||
|
where possible and so on:
|
||
|
|
||
|
* include/lib.sh: Simplified the `download` function (used for crossgcc tarballs).
|
||
|
* include/lib.sh: Simplified the `singletree` function.
|
||
|
* include/git.sh: Simplified the `link_crossgcc` function.
|
||
|
* include/git.sh: Simplified the `nuke` function, because it was over-engineered
|
||
|
to the extreme. Now it's more reasonable.
|
||
|
* include/lib.sh: Move download logic here from lbmk as of audit 5, for the
|
||
|
feature where *files* can be downloaded as submodules, within Git repositories.
|
||
|
Please read the notes about this in the *features* section.
|
||
|
* include/lib.sh: Shortened a string in the `e` function, so that the line
|
||
|
does not exceed a length of 80 characters.
|
||
|
* include/git.sh: Unified the handling of git clone/reset/am commands into a
|
||
|
single function, rather than duplicating the same logic across multiple
|
||
|
functions.
|
||
|
* script/trees: simplify the `copy_elf` function; don't create the elf directory,
|
||
|
create one defined by `dest_dir` instead (which is the elf directory with
|
||
|
the subdirectory for that project concatenated). Only create it within
|
||
|
the `copy_elf` function, which is only called if actually compiling the
|
||
|
code. This avoids creating empty directories under elf/, for example under
|
||
|
fault conditions.
|
||
|
* include/git.sh: Additional code cleanup, removing certain code that was in
|
||
|
place because the code used to handle both `git submodule update` and the
|
||
|
custom *override* logic for submodules; now only the override is used, at all
|
||
|
times, so the code was cleaned up and optimised only for this.
|
||
|
* include/git.sh: Reduced code indentation in function `fetch_submodule`.
|
||
|
* include/git.sh: Renamed a few variables for increased code clarity.
|
||
|
* script/trees: Unified handling of coreboot `makeargs`.
|
||
|
* Moved function `handle_coreboot_utils` to script/trees (and renamed it
|
||
|
to `check_coreboot_utils`), as it's only ever used from there.
|
||
|
* Moved cfgsdir/datadir variables to include/lib.sh, because it's also used
|
||
|
from script/roms and script/trees; unify them under a common location.
|
||
|
* Handle `build.list` from config/data/, not config/ - this avoids needing to
|
||
|
check for `build.list` in the `items` function on include/lib.sh, and it is
|
||
|
now avoided.
|
||
|
* include/lib.sh: More user-friendly output from the `e` function, telling the
|
||
|
user whether or not a file/directory exists. This is regularly used, for
|
||
|
example when trying to download a project and the source code was already
|
||
|
prepared.
|
||
|
* U-Boot on QEMU: removed the (currently) unused x86 target.
|
||
|
* grub.cfg: Split function `try_user_config` into multiple smaller functions.
|
||
|
* grub.cfg: Don't scan ESP on btrfs subvols as the ESP is always on a FAT32
|
||
|
partition. This saves time during the bootup sequence.
|
||
|
* Renamed include/option.sh to include/lib.sh
|
||
|
* Main build script: simplified the logic for Git repository initialisation
|
||
|
by *returning non-zero status*, instead of calling err, and handling this
|
||
|
return status in the calling function.
|
||
|
* Main build script: condensed the logic for Git name/email checking into a
|
||
|
simply for loop running `eval`, rather than having lots of separate but very
|
||
|
similar Git commands.
|
||
|
* script/trees: Removed a few unused variables.
|
||
|
* include/git.sh: Moved logic for copying a Git repository to a new function.
|
||
|
* include/git.sh: Moved function `link_crossgcc` to a different location
|
||
|
within the file, for proper top-down order of logic (required as per the
|
||
|
cbmk coding style).
|
||
|
* include/git.sh: Split logic for crossgcc symlinking into its own function.
|
||
|
* include/git.sh: Skip submodule checks if `.gitmodules` missing (NOTE: later
|
||
|
replaced with custom submodule handling in cbmk).
|
||
|
* include/git.sh: Merged `patch_submodules` in `prep_submodules` (NOTE: ditto
|
||
|
to the same note below).
|
||
|
* include/git.sh: Split up submodule handling into a new function (NOTE: support
|
||
|
for submodules was later replaced with custom logic in cbmk).
|
||
|
* include/git.sh: Shortened a few variable names.
|
||
|
* include/git.sh: Removed redundant check for the existence of the patches
|
||
|
directory, when patching a given project. This is unnecessary, where it was
|
||
|
removed, because the patching function itself also checks this. Reduction
|
||
|
in code size by *one line*.
|
||
|
* include/git.sh: Removed function `fetch_from_upstream` and merged its logic
|
||
|
into calling function `fetch_project_trees`, the only calling function, since
|
||
|
the logic in `fetch_from_upstream` was very small and splitting made no sense.
|
||
|
* include/option.sh: Renamed `mktar_release` to `mkrom_tarball`.
|
||
|
* script/roms: Renamed function `moverom` to `copyrom`, because it runs `cp`,
|
||
|
not `mv`, therefore is is *copying* a file, not moving it.
|
||
|
* script/roms: Simplified the logic for listing available serprog build targets.
|
||
|
* script/roms: General simplification of configuration handling for payloads.
|
||
|
* Main build script: removed the `excmd` function and merged its logic into
|
||
|
the `main` function, and then `main` was cleaned up significantly.
|
||
|
* Main build script: don't make `script_path` a global variable; this allowed
|
||
|
a reduction in code size by precisely *one line of code*.
|
||
|
* Main build script: merged the functionality of function `check_git` into
|
||
|
the `main` function, then deleted function `check_git` (which was in
|
||
|
the file include/option.sh).
|
||
|
* Main build script: general simplification of the logic handling source code
|
||
|
downloads in function `fetch_trees`.
|
||
|
* Main build script: Use `UTC+0000` when initialising git repository commit
|
||
|
dates (for initial commits).
|
||
|
* Removed the `check_project` function, and placed its logic directly
|
||
|
inside `include/option.sh` so that it automatically runs in every script
|
||
|
that sources it.
|
||
|
* Main build script: General cleanup on the code handling file deletions
|
||
|
under function `fetch_trees`.
|
||
|
* Main build script: delete function `mkversion` and, in its calling function,
|
||
|
simply print the string contained in variable `relname`.
|
||
|
* Main build script: general cleanup on the logic that handles tarballs.
|
||
|
* Main build script: Remove `mkrom_images`, and move its logic into the only
|
||
|
calling function within that same file.
|
||
|
* include/option.sh: Removed the function `insert_version_files` and merged
|
||
|
its logic into its only calling function.
|
||
|
* Unified all logic for handling SHA512 checksums, placing it inside
|
||
|
include/option.sh for use elsewhere.
|
||
|
* Move image tarball generation to script/roms (formerly script/build/roms).
|
||
|
* Removed redundant function `extract_ref` from include/mrc.sh
|
||
|
* Removed an errant comment from include/git.sh
|
||
|
* Switched to a one-level directory structure for main scripts, rather than
|
||
|
two-level; for example, script/build/roms is now script/roms
|
||
|
* Merged script/update/release into the main build script
|
||
|
* Merged script/build/serprog into script/build/roms
|
||
|
* script/build/roms: remove unnecessary command (errant return)
|
||
|
* Merged include/err.sh with include/option.sh, into include/option.sh
|
||
|
* script/build/roms: fixed improper use of variable outside a function
|
||
|
* build/build/roms: more reliable exit status in `skip_board()`
|
||
|
* script/build/roms: split up `main()` into multiple smaller functions
|
||
|
|
||
|
Revision updates
|
||
|
================
|
||
|
|
||
|
Some revisions were updated as part of standard routine, but happened to be
|
||
|
done during this audit. Those updates are as follows:
|
||
|
|
||
|
SeaBIOS
|
||
|
-------
|
||
|
|
||
|
Bump SeaBIOS to revision `e5f2e4c69643bc3cd385306a9e5d29e11578148c`, which has
|
||
|
these changes relative to the old one:
|
||
|
|
||
|
```
|
||
|
* e5f2e4c6 pciinit: don't misalign large BARs
|
||
|
* 731c88d5 stdvgaio: Only read/write one color palette entry at a time
|
||
|
* c5a361c0 stdvga: Add stdvga_set_vertical_size() helper function
|
||
|
* 22c91412 stdvga: Rename stdvga_get_vde() to stdvga_get_vertical_size()
|
||
|
* 549463db stdvga: Rename stdvga_set_scan_lines() to stdvga_set_character_height()
|
||
|
* c67914ac stdvga: Rename stdvga_set_text_block_specifier() to stdvga_set_font_location()
|
||
|
* aa94925d stdvga: Rework stdvga palette index paging interface functions
|
||
|
* 8de51a5a stdvga: Rename stdvga_toggle_intensity() to stdvga_set_palette_blinking()
|
||
|
* 96c7781f stdvga: Add comments to interface functions in stdvga.c
|
||
|
* 2996819f stdvga: Rename CGA palette functions
|
||
|
* 91368088 stdvgamodes: Improve naming of dac palette tables
|
||
|
* 70f43981 stdvgamodes: No need to store pelmask in vga_modes[]
|
||
|
* 1588fd14 vgasrc: Rename vgahw_get_linesize() to vgahw_minimum_linelength()
|
||
|
* d73e18bb vgasrc: Use curmode_g instead of vmode_g when mode is the current video mode
|
||
|
* 192e23b7 vbe: implement function 09h (get/set palette data)
|
||
|
* 3722c21d vgasrc: round up save/restore size
|
||
|
* 5d87ff25 vbe: Add VBE 2.0+ OemData field to struct vbe_info
|
||
|
* 163fd9f0 fix smbios blob length overflow
|
||
|
* 82faf1d5 Add LBA 64bit support for reads beyond 2TB.
|
||
|
* 3f082f38 Add AHCI Power ON + ICC_ACTIVE into port setup code
|
||
|
* 3ae88886 esp-scsi: terminate DMA transfer when ESP data transfer completes
|
||
|
* a6ed6b70 limit address space used for pci devices.
|
||
|
```
|
||
|
|
||
|
Flashprog
|
||
|
---------
|
||
|
|
||
|
Updated to revision 5b4fdd1 from 2 May 2024, rebasing the MX workaround patch.
|
||
|
|
||
|
This imports upstream changes, relative to the previous revision:
|
||
|
|
||
|
```
|
||
|
* 5b4fdd1 z60_flashprog.rules: Add udev rule for CH347
|
||
|
* 72c9e40 meson: Check for CPU families with known raw mem access
|
||
|
* 3458220 platform/meson: Port pciutils/pci.h workaround to Meson
|
||
|
* f279762 platform/meson: Check for libi386 on NetBSD
|
||
|
* 14da5f7 README: Convert to Markdown
|
||
|
* 8ddea57 README: Document branching and release policy
|
||
|
* 2522456 util/list_yet_unsupported_chips.sh: Fix path
|
||
|
* cbf9c11 spi: Don't cross 16MiB boundaries with long writes
|
||
|
* 823a704 dediprog: Skip warning on first attempt to read device string
|
||
|
* e8463c8 dediprog: Revise prefix check for given programmer id
|
||
|
* 38af1a1 dediprog: Revise id matching
|
||
|
* 4661e7c amd_spi100: Use flashprog_read_chunked() for progress reporting
|
||
|
* cdcfda2 read_memmapped: Use flashprog_read_chunked() for progress reporting
|
||
|
* 7679b5c spi25: Replace spi_read_chunked() with more abstract version
|
||
|
* ca1c7fd spi25: Normalize parameters of spi_nbyte_read()
|
||
|
* e36e3dc dediprog: Use default_spi_write_256
|
||
|
* 522a86d linux_spi: Use default_spi_read()/_write_256()
|
||
|
* 806509b cli_classic: Turn progress reporting into a progress bar
|
||
|
* 842d678 libflashrom: Return progress state to the library user
|
||
|
* aa714dd flashprog.c: Let select_erase_functions() return byte count
|
||
|
* 2eed4cf serprog: Add SPI Mode and CS Mode commands
|
||
|
* 821a085 dediprog: Implement id reading for SF600 and later
|
||
|
* 274e655 dediprog: Read device string early
|
||
|
* 0057822 dediprog: Add protocol detection for SF700 & SF600Plus-G2
|
||
|
* fb176d2 dediprog: Use more general 4BA write mode for newer protocols
|
||
|
* 0ab5c3d dediprog: Split device type and version parsing
|
||
|
* bdef5c2 dediprog: Use unsigned conversions to parse device string
|
||
|
* 5262e29 dediprog: Try to request 32B device string (instead of 16B)
|
||
|
* e76e21f dediprog: Get rid of some unnecessary hex constants
|
||
|
* 5a09d1e udelay: Lower the sleep vs delay threshold
|
||
|
* 03ad4a4 linux_mtd: Provide no-op delay implementation
|
||
|
* 211c6ec serprog: Refine flushing before synchronization
|
||
|
* 383b7fe serprog: Test synchronicity before trying to synchronize
|
||
|
* d7318ea serprog: Move synchronicity test into separate function
|
||
|
* 9a11cbf Let the flash context directly point to the used master
|
||
|
* aabb3e0 writeprotect: Hook wp functions into the chip driver
|
||
|
* 89569d6 memory_mapped: Reduce `decode_sizes` to a single `max_rom_decode`
|
||
|
* 929d2e1 internal: Pass programmer context down into chipset enables
|
||
|
* 7c717c3 internal: Pass programmer context down into board enables
|
||
|
* e3a2688 Pass programmer context to programmer->init()
|
||
|
* 2b66ad9 Start implementing struct flashprog_programmer
|
||
|
* 4517e92 memory_bus: Drop stale `size == 0` workaround and FIXME
|
||
|
* b197402 memory_bus: Split register mapping into own function
|
||
|
* 0e76d99 memory_bus: Move (un)map_flash_region into par master
|
||
|
* 9eec407 Perform default mapping only for respective chips
|
||
|
* 56b53dd wbsio_spi: Request memory mapping locally
|
||
|
* 5596190 it87spi: Request memory mapping locally
|
||
|
* 46449b4 spi25: Drop stale `bus == SPI` guards
|
||
|
* ab6b18f spi25: Move 4BA preparations into spi_prepare_4ba() hook
|
||
|
* 901fb95 Add prepare/finish_access() hooks for chip drivers
|
||
|
* a96aaa3 dediprog: Support long writes of 16MiB and more
|
||
|
* 1338936 Consider 4BA support when filtering erase functions
|
||
|
* 8d36db6 flashprog.8: Fix up serprog example
|
||
|
* d2ac303 flashprog.8: document new serprog cs parameter
|
||
|
* d1b9153 chipset_enable.c: Add Genoa to mendocino entry
|
||
|
```
|
||
|
|
||
|
As a reminder:
|
||
|
|
||
|
Canoeboot now uses Flashprog instead of Flashrom; Flashprog is a fork of
|
||
|
Flashrom, lead by Nico Huber after a dispute with the new leadership of
|
||
|
Flashrom, and it was felt that Flashprog is a better choice for Canoeboot.
|
||
|
|
||
|
Git log
|
||
|
=======
|
||
|
|
||
|
This entire set of changelogs is based on the precise Git history in cbmk,
|
||
|
relative to Canoeboot 20240504 which is from where the audit began.
|
||
|
|
||
|
The latest changes are listed first, going all the way down to earlier changes:
|
||
|
|
||
|
```
|
||
|
* 4f6fbfde81 minor code cleanup in the build system
|
||
|
* 070aee6728 re-add ability to use cbfs grub.cfg as default
|
||
|
* b4acd0f73c trees: exit with error if project undefined
|
||
|
* fd9664c567 build: also make a lock file during release build
|
||
|
* 686bad6d4e lib.sh: more useful lock message
|
||
|
* f1caf89a28 create a lock file during builds
|
||
|
* b6dc23bc67 git.sh: hide e() output on for loop
|
||
|
* e51eae0d25 lib.sh: fix regression
|
||
|
* 8b1a54d19e git.sh: download xtree *before*, not after
|
||
|
* 14bba2d789 git.sh: fix deletion path in nuke()
|
||
|
* ab4c4d406f lib.sh: less confusing error in download()
|
||
|
* 2eaaa63f58 lib.sh: hide stderr on download()
|
||
|
* 9e2584fbd9 lib.sh: simplify download()
|
||
|
* 79fb79d239 lib.sh: fix redundancy in download()
|
||
|
* e8b1d45631 lib.sh: simplify singletree()
|
||
|
* 90a8ef90b0 git.sh: further simplify nuke()
|
||
|
* c6b692208b git.sh: simplify link_crossgcc()
|
||
|
* c043e5810d git.sh: simplify nuke()
|
||
|
* 323a17d0c8 Add dependency scripts for Fedora 40 and Ubuntu 24.04
|
||
|
* 62b2310a28 add crossgcc tarballs to config/submodules/
|
||
|
* 8a34a0d338 git.sh: support downloading *files* as submodules
|
||
|
* 0730513709 git.sh: remove unnecessary line break
|
||
|
* ad05266f8d import file download function from lbmk c202dc61
|
||
|
* b8e9eab0ba lib.sh: shorten a string in e()
|
||
|
* a29cf274bc git.sh: fix submodule path
|
||
|
* 7ac2264f53 git.sh: simplify prep_submodules()
|
||
|
* 7c8173ebd4 git.sh: unified handling of git clone/reset/am
|
||
|
* 573199c07d trees: simplified copy_elf() handling
|
||
|
* d0d9b1204f git.sh: simplify submodule handling
|
||
|
* df5d7c18bf git.sh: provide feedback for repository downloads
|
||
|
* 591c7d28e0 git.sh: download "depend" projects *before*
|
||
|
* 548d1e20c1 git.sh: reduced indentation in fetch_submodule
|
||
|
* 12a04e8de2 git.sh: reduced indentation in prep_submodules
|
||
|
* 9825e97a83 git.sh: *never* run git submodule update
|
||
|
* 860deb3e7e lib.sh: rename variable for clarity
|
||
|
* 8d5edd4f06 trees: don't check empty path in copy_elf()
|
||
|
* c1176bbd28 trees: fix build issue caused by bad elf check
|
||
|
* c88fb8c129 trees: fix listfile check in copy_elf()
|
||
|
* 9168d33741 trees: don't say check elf/ if build.list missing
|
||
|
* db09530905 trees: don't do elfcheck if build.list missing
|
||
|
* 99418a7e82 define mdfiles/images in config/submodules/docs/
|
||
|
* 83d84797d8 libopencm3 to config/submodules/ on stm32-vserprog
|
||
|
* c3cabcddf9 add tinyusb to config/submodule/ for pico-sdk
|
||
|
* e4eb82e089 trees: unified coreboot makeargs
|
||
|
* f7170092c8 trees: use multiple threads to build cbutils
|
||
|
* 1d7a6f04c9 move handle_coreboot_utils to script/trees
|
||
|
* ff16d27991 put coreboot utils in elf/, not cbutils/
|
||
|
* 3748f710c9 fix build issue building coreboot utils
|
||
|
* a30bfd334f trees: skip single-tree build if a build exists
|
||
|
* b682b4ddca use correct memtest86plus path in script/roms
|
||
|
* 4749a5a29f put memtest86plus builds in elf/memtest86plus/
|
||
|
* 0e9d9b33b2 put flashprog builds in elf/flashprog/
|
||
|
* 7fe0106fa0 trees: also print "DONE! check elf/dir" on single
|
||
|
* 74759d876a trees: handle build-test on multi-tree projects
|
||
|
* 98e9cf6864 git.sh: use singletree() to decide submodules
|
||
|
* b3b887567a remove cbcfgsdir variable (unused)
|
||
|
* cb446e7d24 move cfgsdir/datadir variables to lib.sh
|
||
|
* 7d99786a1a handle build.list from config/data/, not config/
|
||
|
* a61794dfca don't use build.list to detect multi-tree projects
|
||
|
* 878056f37b move id check to lib.sh too
|
||
|
* 3900642471 move root check to lib.sh (bugfix)
|
||
|
* 740b1803fa bugfix: move dependencies handling to lib.sh
|
||
|
* 4e25e335ed bump untitled revision again
|
||
|
* 44ef38b335 bump untitled revision in git config
|
||
|
* 7b9431e336 lib.sh bugfix: check environmental variables right
|
||
|
* 2478252f67 lib.sh: more friendly output from e()
|
||
|
* d21fd016ac badcmd: don't print "no context given"
|
||
|
* 663de3bab4 badcmd: link directly to the maintenance manual
|
||
|
* 1d866d17d8 better help text on invalid commands
|
||
|
* 1204bc3c96 build: print the project website address on help
|
||
|
* ca0e9354f6 add projectsite file: point to canoeboot.org
|
||
|
* eb4ac3c334 make GRUB multi-tree and re-add xhci patches
|
||
|
* 347a104ae6 u-boot on qemu: remove currently unused x86 target
|
||
|
* 23e66c113d grub.cfg: scan /boot/grub.cfg last
|
||
|
* 6151316b91 grub.cfg: scan grub2/ last
|
||
|
* 36b3be95cf grub.cfg: search a reduced list of devs/partitions
|
||
|
* 71a17efc06 grub.cfg: scan grub.cfg from ESP
|
||
|
* 8bc7e3a539 grub.cfg: split up try_user_config
|
||
|
* cb4bacc9d9 grub.cfg: don't search for *_grub.cfg
|
||
|
* ea7e6e1659 grub.cfg: remove unnecessary path for isolinux
|
||
|
* 1beca3b781 grub.cfg: don't scan EFI on btrfs subvols
|
||
|
* 0662519cca Fix building vboot on i686
|
||
|
* 224dce632b git.sh: do not remove .submodules
|
||
|
* a36504aa31 delete u-boot test/lib/strlcat.c using nuke()
|
||
|
* cdce8ba70b make nuke function more generic
|
||
|
* 2c1f6f5e7a do not allow dashes in coreboot target names
|
||
|
* 7dc5d35929 roms: allow user override of grub_scan_disk
|
||
|
* bcb65846d3 grub.cfg: actually support setting boot order
|
||
|
* 2887b77ae4 trees: use CPUS=x on regular coreboot make
|
||
|
* a056583762 update gitignore
|
||
|
* 1ac4f7409e roms: fix bad eval when comparing options
|
||
|
* 724dbfe0ce grub.cfg: add spdx header
|
||
|
* 66f5faac73 re-configure grub_scan_disk on various targets
|
||
|
* bb92776943 remove grub_scan_disk in all target.cfg files
|
||
|
* 935447b035 grub.cfg: use grub_scan_disk to set boot order
|
||
|
* 75b6fbf302 GRUB: remove XHCI patches for now (will re-add)
|
||
|
* 07340d9711 minor correction
|
||
|
* 9f489b43d5 roms: make grubfirst if seabios_withgrub=y
|
||
|
* fca9b19e18 coreboot: only run GRUB as a secondary payload
|
||
|
* b75490f8fc flashprog: bump to 5b4fdd1 from 2 May 2024
|
||
|
* d147c5d915 rename include/option.sh to include/lib.sh
|
||
|
* f534b0e973 merge nuke() back into git.sh
|
||
|
* a02b152f44 rename nukeblobs to a more generic name
|
||
|
* cb1918c5d7 roms: remove errant reference
|
||
|
* 4cff3c7d33 roms: rename bstr variable
|
||
|
* dc487df12f git.sh: remove errant whitespace
|
||
|
* cbb2f4f8a9 general code cleanup in the build system
|
||
|
* 583135e548 build: simplify git_init()
|
||
|
* aaff90f5a5 build: do root check before git check
|
||
|
* 687fdacc78 build: simplify git checks
|
||
|
* 84ee6a1ed8 option.sh: fix bad check for version/versiondate
|
||
|
* 3554593fd8 trees: reset makeargs per target/project
|
||
|
* b09261a901 trees: also use UPDATED_SUBMODULES=1 on crossgcc
|
||
|
* 698548ac59 trees: add UPDATED_SUBMODULES to coreboot make
|
||
|
* c8c516703f trees: write -C on the make command first not last
|
||
|
* aa15eef32f config: add backup coreboot submodule repositories
|
||
|
* 9e88ef2449 coreboot/default: remove chromeec from module.list
|
||
|
* 27f21c32d3 git.sh: break if a submodule clone succeeds
|
||
|
* 38fca598fb coreboot: only download the necessary submodules
|
||
|
* b5aa8b2d35 git.sh: allow finer control of git submodules
|
||
|
* 9339c6f3fd build: hide git-init output
|
||
|
* 31e089aff3 option.sh: generate version file if .git not found
|
||
|
* 7ec023907b update/trees: remove unused variable
|
||
|
* 2b0e71412e git.sh: move repo copying to a new function
|
||
|
* d71c4d326e git.sh: move link_crossgcc to end of file
|
||
|
* 0d7c249c9b move deblob function to new file "deblob.sh"
|
||
|
* 1300f09e67 git.sh: move xgcc linking to a new function
|
||
|
* 24934e6569 git.sh: don't include --checkout in submodules
|
||
|
* 5e0129eb0f git.sh: skip submodules if .gitmodules missing
|
||
|
* 7f82622caf git.sh: merge patch_submodules in prep_submodules
|
||
|
* 9c0a7f14fc git.sh: split submodule handling to new function
|
||
|
* b593127795 git.sh: remove errant line break
|
||
|
* 19f694bf2a git.sh: remove another meaningless check
|
||
|
* 71a9fcced8 git.sh: shorter variable names
|
||
|
* 6693588857 git.sh: remove meaningless check
|
||
|
* 5c459ad4ac git.sh: remove variable not meaningfully used
|
||
|
* 7be7bb8edb add CHANGELOG to .gitignore
|
||
|
* 3b2ebda890 Fix E6400 display reference clock patches
|
||
|
* 995f052bb0 fix building coreboot images on i686 hosts
|
||
|
* 31d2c818eb Also try unlocking encrypted volume on NVMe
|
||
|
* 58f6741fb4 git.sh: fix invalid command in git_prep()
|
||
|
* f58b01c300 Add NVMe support to GRUB2 payload
|
||
|
* b892036edf Fix E6400 display issue with 1440 x 900 panel
|
||
|
* f81c7ed8e9 Add pt qwerty keymap to lbmk
|
||
|
* 849466c0ac git.sh: allow patching submodules
|
||
|
* 8d4d063ace git.sh: don't delete .git if src/project/project
|
||
|
* 0ecb062df0 build/roms: skip target if config/ dir missing
|
||
|
* 4783c5b90e more minor cleanup in the build system
|
||
|
* 10ecf41ee0 git.sh: remove fetch_from_upstream()
|
||
|
* ddcb793bd2 option.sh: don't return 1 in mkrom_tarball
|
||
|
* ae8637b620 option.sh: mktar_release to mkrom_tarball
|
||
|
* 309c3b1f33 build/roms: rename moverom to copyrom
|
||
|
* a39c95cfac minor code cleanup in the build system
|
||
|
* f102e21ab6 build/roms: simplify serprog list command
|
||
|
* 7a565c9f43 build/roms: simplified config payload checks
|
||
|
* a243dc2308 option.sh: err if config directory is missing
|
||
|
* c28166ff9e option.sh: print the config filename being checked
|
||
|
* 9fd504e24a git.sh: Remove .git if XBMK_RELEASE=y
|
||
|
* e4956478db build: remove initcmd() and simplify main()
|
||
|
* f2b3bb142d build: initialise git first (before commands)
|
||
|
* 571932d33e build: remove excmd() and simplify main()
|
||
|
* 525f5525d3 build: don't make script_path a global variable
|
||
|
* fbac2d8fe6 Implemented failsafe options at boot and inside menus for enabling/disabling serial, spkmodem and gfxterm
|
||
|
* 3e5db248dd cbmk: allow easier sync with lbmk
|
||
|
* e71189420f remove help commands (user should read docs)
|
||
|
* 23854de888 option.sh: delete check_git()
|
||
|
* 2c5f52ce29 build: define "xp" in the global variables
|
||
|
* 48c5c57cff build: simplify for loop in fetch_trees()
|
||
|
* c2baebc79a build: simplified downloads in fetch_trees()
|
||
|
* 18d0e53480 ./build release: don't do u-boot-only archives
|
||
|
* d8a923f766 build: use utc+0 when initialising git repo dates
|
||
|
* 0794127986 remove check_project() (always set variables)
|
||
|
* c8bc797f31 build: simplify deletions in fetch_trees()
|
||
|
* 363ec7512c build: delete mkversion() (just print relname)
|
||
|
* ae44676727 build/roms: clean up tarball handling
|
||
|
* 3469836f18 rm src/u-boot/*/test/lib/strlcat.c in u-boot
|
||
|
* c57dfefe91 build: remove mkrom_images
|
||
|
* 6ab8c2c446 build: use same tarball name on uboot-only release
|
||
|
* 21436c6a8f build/roms: create full release tarball name
|
||
|
* 90c528032b option.sh: don't bother checking for GNU tar
|
||
|
* 422d36a07c option.sh: remove insert_version_files()
|
||
|
* ca1806f20e cleanup: remove mkvdir
|
||
|
* a0ea7f7a92 unified sha512sum creation for tarballs
|
||
|
* 09fcc343a3 move rom tarball creation to script/roms
|
||
|
* 5c888669c6 disable x301 for next release (for now)
|
||
|
* 91c90d763f print two line breaks before confirming release
|
||
|
* d423421995 remove all status checks. only handle release.
|
||
|
* 4826364afb git.sh: remove errant comment
|
||
|
* 541430016f move script/*/* to script/
|
||
|
* 9084ab15ab build: print usage for special commands
|
||
|
* f12c2f284f merge script/update/release into build
|
||
|
* 41f4ee3c2d Canoeboot 20240510 release
|
||
|
* 0580373ff9 bump seabios to e5f2e4c69643bc3cd385306a9e5d29e11578148c
|
||
|
* 17b5cb2749 further modify the README (stragglers)
|
||
|
* 628e91a3b9 build: further prevent non-cbmk-work-directory
|
||
|
* e761a494c8 build: exit if not running from cbmk directory
|
||
|
* eb8a02e808 build/roms: print serprog help
|
||
|
* a398011180 merge script/build/serprog with script/build/roms
|
||
|
* cd5c2573ac build/roms: remove unnecessary command
|
||
|
* da748de455 merge include/err.sh with include/option.sh
|
||
|
* 3acac46536 err.sh: correct copyright info
|
||
|
* 6bdbb70dbc build/roms: don't rely on x in handle_target
|
||
|
* 1c84d0fc9d build/roms: don't use exit status from skip_board
|
||
|
* 0ada63b629 build/roms: split up main()
|
||
|
* 5cecd9e394 build/roms: allow searching status by mismatch
|
||
|
* 97d502ccc8 tone the README way, way down
|
||
|
```
|
||
|
|
||
|
This is 206 changes, since Canoeboot 20240504.
|