2023-06-13 11:09:01 +00:00
|
|
|
#!/usr/bin/env sh
|
2023-09-25 01:19:30 +00:00
|
|
|
# SPDX-License-Identifier: GPL-3.0-only
|
2022-11-14 00:51:12 +00:00
|
|
|
# SPDX-FileCopyrightText: 2022 Caleb La Grange <thonkpeasant@protonmail.com>
|
2023-06-13 11:09:01 +00:00
|
|
|
# SPDX-FileCopyrightText: 2022 Ferass El Hafidi <vitali64pmemail@protonmail.com>
|
2023-09-25 01:27:26 +00:00
|
|
|
# SPDX-FileCopyrightText: 2023 Leah Rowe <leah@libreboot.org>
|
2022-11-14 00:51:12 +00:00
|
|
|
|
2023-08-23 17:56:31 +00:00
|
|
|
. "include/err.sh"
|
2023-09-30 00:31:40 +00:00
|
|
|
. "include/option.sh"
|
2023-10-15 10:22:43 +00:00
|
|
|
. "include/mrc.sh"
|
2023-09-29 15:37:18 +00:00
|
|
|
|
|
|
|
export PATH="${PATH}:/sbin"
|
2023-05-14 19:06:03 +00:00
|
|
|
|
2023-10-15 10:22:43 +00:00
|
|
|
_ua="Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0"
|
|
|
|
_7ztest="a"
|
|
|
|
|
|
|
|
e6400_unpack="${PWD}/src/bios_extract/dell_inspiron_1100_unpacker.py"
|
|
|
|
kbc1126_ec_dump="${PWD}/${cbdir}/util/kbc1126/kbc1126_ec_dump"
|
|
|
|
me7updateparser="${PWD}/util/me7_update_parser/me7_update_parser.py"
|
|
|
|
mecleaner="${PWD}/${cbdir}/util/me_cleaner/me_cleaner.py"
|
|
|
|
pfs_extract="${PWD}/src/biosutilities/Dell_PFS_Extract.py"
|
|
|
|
uefiextract="${PWD}/src/uefitool/uefiextract"
|
|
|
|
|
|
|
|
eval "$(setvars "" _b _dl EC_url EC_url_bkup EC_hash DL_hash DL_url DL_url_bkup \
|
|
|
|
E6400_VGA_DL_hash E6400_VGA_DL_url E6400_VGA_DL_url_bkup E6400_VGA_offset \
|
2023-10-29 01:22:21 +00:00
|
|
|
E6400_VGA_romname SCH5545EC_DL_url SCH5545EC_DL_url_bkup SCH5545EC_DL_hash \
|
|
|
|
is_rom)"
|
2023-10-15 10:22:43 +00:00
|
|
|
|
2023-05-14 19:06:03 +00:00
|
|
|
main()
|
|
|
|
{
|
2023-09-28 02:21:42 +00:00
|
|
|
[ $# -gt 0 ] || err "No argument given"
|
2023-05-14 19:06:03 +00:00
|
|
|
board="${1}"
|
|
|
|
boarddir="${cbcfgsdir}/${board}"
|
2023-09-30 00:31:40 +00:00
|
|
|
_b="${board%%_*mb}" # shorthand (avoid duplicating config per rom size)
|
2023-05-14 19:06:03 +00:00
|
|
|
|
2023-09-04 15:16:53 +00:00
|
|
|
check_defconfig "${boarddir}" || exit 0
|
2023-09-27 14:01:49 +00:00
|
|
|
detect_firmware && exit 0
|
2023-10-06 23:57:55 +00:00
|
|
|
scan_config "${_b}" "config/vendor" "err"
|
2023-05-14 19:06:03 +00:00
|
|
|
|
|
|
|
build_dependencies
|
2023-10-06 23:57:55 +00:00
|
|
|
download_vendorfiles
|
2023-05-14 19:06:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
detect_firmware()
|
|
|
|
{
|
|
|
|
set -- "${boarddir}/config/"*
|
2023-08-31 16:16:54 +00:00
|
|
|
. "${1}" 2>/dev/null
|
2023-05-14 19:06:03 +00:00
|
|
|
|
2023-09-27 14:01:49 +00:00
|
|
|
for c in CONFIG_HAVE_MRC CONFIG_HAVE_ME_BIN CONFIG_KBC1126_FIRMWARE \
|
|
|
|
CONFIG_VGA_BIOS_FILE CONFIG_INCLUDE_SMSC_SCH5545_EC_FW; do
|
|
|
|
eval "[ -z \"\${${c}}\" ] || return 1"
|
|
|
|
done
|
2023-10-06 23:57:55 +00:00
|
|
|
printf "Vendor files not needed for: %s\n" "${board}" 1>&2
|
2023-05-14 19:06:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
build_dependencies()
|
|
|
|
{
|
2023-09-30 00:31:40 +00:00
|
|
|
[ -d ${cbdir} ] || \
|
2023-10-19 23:17:30 +00:00
|
|
|
x_ ./update trees -f coreboot ${cbdir##*/}
|
2023-10-12 21:21:02 +00:00
|
|
|
for d in uefitool biosutilities bios_extract; do
|
2023-10-06 23:47:42 +00:00
|
|
|
[ -d "src/${d}" ] && continue
|
2023-10-19 23:17:30 +00:00
|
|
|
x_ ./update trees -f "${d}"
|
2023-08-21 18:41:49 +00:00
|
|
|
done
|
2023-10-06 23:45:34 +00:00
|
|
|
[ -f "${uefiextract}" ] || \
|
2023-10-19 23:17:30 +00:00
|
|
|
x_ ./update trees -b uefitool
|
2023-10-06 23:46:38 +00:00
|
|
|
[ -f "${kbc1126_ec_dump}" ] || \
|
2023-10-01 05:33:43 +00:00
|
|
|
x_ make -C "${cbdir}/util/kbc1126"
|
2023-10-19 22:36:56 +00:00
|
|
|
[ -f "${cbfstool}" ] && [ -f "${ifdtool}" ] && return 0
|
2023-10-19 23:17:30 +00:00
|
|
|
x_ ./update trees -b coreboot utils default
|
2023-04-01 10:13:04 +00:00
|
|
|
}
|
|
|
|
|
2023-10-06 23:57:55 +00:00
|
|
|
download_vendorfiles()
|
2023-05-14 19:06:03 +00:00
|
|
|
{
|
2023-09-27 14:01:49 +00:00
|
|
|
[ -z "${CONFIG_HAVE_ME_BIN}" ] || \
|
2023-09-29 02:20:02 +00:00
|
|
|
fetch "intel_me" "${DL_url}" "${DL_url_bkup}" "${DL_hash}" \
|
2023-09-29 19:42:41 +00:00
|
|
|
"${CONFIG_ME_BIN_PATH}"
|
2023-09-27 14:01:49 +00:00
|
|
|
[ -z "${CONFIG_INCLUDE_SMSC_SCH5545_EC_FW}" ] || \
|
2023-09-28 00:21:58 +00:00
|
|
|
fetch "sch5545ec" "${SCH5545EC_DL_url}" \
|
2023-09-29 02:20:02 +00:00
|
|
|
"${SCH5545EC_DL_url_bkup}" "${SCH5545EC_DL_hash}" \
|
2023-09-29 18:41:34 +00:00
|
|
|
"${CONFIG_SMSC_SCH5545_EC_FW_FILE}"
|
2023-09-27 14:01:49 +00:00
|
|
|
[ -z "${CONFIG_KBC1126_FIRMWARE}" ] || \
|
2023-09-29 02:20:02 +00:00
|
|
|
fetch "kbc1126ec" "${EC_url}" "${EC_url_bkup}" "${EC_hash}" \
|
2023-09-29 19:42:41 +00:00
|
|
|
"${CONFIG_KBC1126_FW1}"
|
2023-09-27 14:01:49 +00:00
|
|
|
[ -z "${CONFIG_VGA_BIOS_FILE}" ] || \
|
2023-09-28 00:21:58 +00:00
|
|
|
fetch "e6400vga" "${E6400_VGA_DL_url}" \
|
2023-09-29 02:20:02 +00:00
|
|
|
"${E6400_VGA_DL_url_bkup}" "${E6400_VGA_DL_hash}" \
|
2023-09-29 18:41:34 +00:00
|
|
|
"${CONFIG_VGA_BIOS_FILE}"
|
2023-09-30 19:04:02 +00:00
|
|
|
[ -z "${CONFIG_HAVE_MRC}" ] && return 0
|
2023-10-19 22:36:56 +00:00
|
|
|
fetch "mrc" "$MRC_url" "$MRC_url_bkup" "$MRC_hash" "$CONFIG_MRC_FILE"
|
2022-11-14 00:51:12 +00:00
|
|
|
}
|
|
|
|
|
2023-10-15 09:00:23 +00:00
|
|
|
fetch()
|
|
|
|
{
|
|
|
|
dl_type="${1}"
|
|
|
|
dl="${2}"
|
|
|
|
dl_bkup="${3}"
|
|
|
|
dlsum="${4}"
|
|
|
|
[ "${5# }" = "${5}" ] || err "fetch: space not allowed in _dest: '${5}'"
|
|
|
|
[ "${5#/}" = "${5}" ] || err "fetch: absolute path not allowed: '${5}'"
|
|
|
|
_dest="${5##*../}"
|
|
|
|
_dl="${vendir}/cache/${dlsum}"
|
2023-10-29 01:22:21 +00:00
|
|
|
dl_fail=""
|
2023-10-15 09:00:23 +00:00
|
|
|
|
|
|
|
x_ mkdir -p "${_dl%/*}"
|
|
|
|
|
2023-10-29 01:22:21 +00:00
|
|
|
is_rom="n"
|
|
|
|
if [ "${dl}" = "rom" ] || [ "${dl_bkup}" = "rom" ]; then
|
|
|
|
dl_fail="n"
|
|
|
|
is_rom="y"
|
|
|
|
else
|
|
|
|
dl_fail="y"
|
|
|
|
vendor_checksum "${dlsum}" "${_dl}" && dl_fail="n"
|
|
|
|
fi
|
2023-10-15 09:00:23 +00:00
|
|
|
for url in "${dl}" "${dl_bkup}"; do
|
|
|
|
[ "${dl_fail}" = "n" ] && break
|
|
|
|
[ -z "${url}" ] && continue
|
|
|
|
x_ rm -f "${_dl}"
|
|
|
|
curl --location --retry 3 -A "${_ua}" "${url}" -o "${_dl}" || \
|
|
|
|
wget --tries 3 -U "${_ua}" "${url}" -O "${_dl}" || \
|
|
|
|
continue
|
|
|
|
vendor_checksum "${dlsum}" "${_dl}" && dl_fail="n"
|
|
|
|
done
|
|
|
|
[ "${dl_fail}" = "y" ] && \
|
|
|
|
err "fetch ${dlsum}: matched file unavailable"
|
|
|
|
|
|
|
|
x_ rm -Rf "${_dl}_extracted"
|
|
|
|
mkdirs "${_dest}" "extract_${dl_type}" || return 0
|
|
|
|
eval "extract_${dl_type}"
|
|
|
|
|
|
|
|
[ -f "${_dest}" ] && return 0
|
|
|
|
err "extract_${dl_type} (fetch): missing file: '${_dest}'"
|
|
|
|
}
|
|
|
|
|
|
|
|
vendor_checksum()
|
|
|
|
{
|
|
|
|
[ "$(sha512sum ${2} | awk '{print $1}')" != "${1}" ] || return 0
|
|
|
|
printf "Bad checksum for file: %s\n" "${2}" 1>&2
|
|
|
|
rm -f "${2}" || :
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
|
|
|
mkdirs()
|
|
|
|
{
|
2023-11-08 06:31:04 +00:00
|
|
|
if [ -f "${1}" ]; then
|
|
|
|
printf "mkdirs ${1} ${2}: already downloaded\n" 1>&2
|
|
|
|
return 1
|
|
|
|
fi
|
2023-10-20 03:10:50 +00:00
|
|
|
mkdir -p "${1%/*}" || err "mkdirs: !mkdir -p ${1%/*}"
|
2023-10-15 09:00:23 +00:00
|
|
|
x_ rm -Rf "${appdir}"
|
|
|
|
x_ mkdir -p "${appdir}/"
|
2023-10-29 01:22:21 +00:00
|
|
|
if [ "${is_rom}" = "y" ]; then
|
|
|
|
cp "${_dl}" "${appdir}" || \
|
|
|
|
err "mkdirs copyrom ${_dl}: can't copy to appdir"
|
|
|
|
else
|
|
|
|
extract_archive "${_dl}" "${appdir}" || \
|
|
|
|
[ "${2}" = "extract_e6400vga" ] || \
|
|
|
|
err "mkdirs ${1} ${2}: !extract"
|
|
|
|
fi
|
2023-10-15 09:00:23 +00:00
|
|
|
}
|
|
|
|
|
2023-09-28 00:21:58 +00:00
|
|
|
extract_intel_me()
|
2023-05-14 19:06:03 +00:00
|
|
|
{
|
2023-09-29 21:12:55 +00:00
|
|
|
_me="${PWD}/${_dest}" # must always be an absolute path
|
|
|
|
cdir="${PWD}/${appdir}" # must always be an absolute path
|
|
|
|
[ $# -gt 0 ] && _me="${1}"
|
|
|
|
[ $# -gt 0 ] && cdir="${2}"
|
|
|
|
[ -f "${_me}" ] && return 0
|
2023-04-01 12:47:01 +00:00
|
|
|
|
2023-04-14 00:36:54 +00:00
|
|
|
sdir="$(mktemp -d)"
|
2023-09-29 21:12:55 +00:00
|
|
|
mkdir -p "${sdir}" || err "extract_intel_me: !mkdir -p \"${sdir}\""
|
2023-04-01 16:59:09 +00:00
|
|
|
(
|
2023-10-29 01:22:21 +00:00
|
|
|
[ "${cdir#/a}" != "${cdir}" ] && cdir="${cdir#/}"
|
2023-09-29 21:12:55 +00:00
|
|
|
cd "${cdir}" || err "extract_intel_me: !cd \"${cdir}\""
|
2023-04-01 16:59:09 +00:00
|
|
|
for i in *; do
|
2023-09-29 21:12:55 +00:00
|
|
|
[ -f "${_me}" ] && break
|
2023-09-28 02:21:42 +00:00
|
|
|
[ -L "${i}" ] && continue
|
|
|
|
if [ -f "${i}" ]; then
|
2023-05-14 19:06:03 +00:00
|
|
|
"${mecleaner}" -r -t -O "${sdir}/vendorfile" \
|
2023-09-29 21:12:55 +00:00
|
|
|
-M "${_me}" "${i}" && break
|
|
|
|
"${mecleaner}" -r -t -O "${_me}" "${i}" && break
|
|
|
|
"${me7updateparser}" -O "${_me}" "${i}" && break
|
2023-04-01 16:59:09 +00:00
|
|
|
_7ztest="${_7ztest}a"
|
2023-09-27 19:41:21 +00:00
|
|
|
extract_archive "${i}" "${_7ztest}" || continue
|
2023-09-29 21:12:55 +00:00
|
|
|
extract_intel_me "${_me}" "${cdir}/${_7ztest}"
|
2023-04-01 16:59:09 +00:00
|
|
|
elif [ -d "$i" ]; then
|
2023-09-29 21:12:55 +00:00
|
|
|
extract_intel_me "${_me}" "${cdir}/${i}"
|
2023-04-01 16:59:09 +00:00
|
|
|
else
|
2023-07-29 06:28:36 +00:00
|
|
|
continue
|
2023-04-01 16:59:09 +00:00
|
|
|
fi
|
2023-07-29 06:28:36 +00:00
|
|
|
cdir="${1}"
|
2023-10-29 01:22:21 +00:00
|
|
|
[ "${cdir#/a}" != "${cdir}" ] && cdir="${cdir#/}"
|
2023-09-28 02:21:42 +00:00
|
|
|
cd "${cdir}"
|
2023-04-01 16:59:09 +00:00
|
|
|
done
|
|
|
|
)
|
2023-09-29 21:12:55 +00:00
|
|
|
rm -Rf "${sdir}" || err "extract_intel_me: !rm -Rf ${sdir}"
|
2022-11-14 00:51:12 +00:00
|
|
|
}
|
|
|
|
|
2023-10-15 09:00:23 +00:00
|
|
|
extract_archive()
|
|
|
|
{
|
|
|
|
innoextract "${1}" -d "${2}" || python "${pfs_extract}" "${1}" -e || \
|
|
|
|
7z x "${1}" -o"${2}" || unar "${1}" -o "${2}" || \
|
|
|
|
unzip "${1}" -d "${2}" || return 1
|
|
|
|
}
|
|
|
|
|
2023-09-28 00:21:58 +00:00
|
|
|
extract_kbc1126ec()
|
2023-05-14 19:06:03 +00:00
|
|
|
{
|
2023-04-02 00:33:33 +00:00
|
|
|
(
|
2023-10-01 05:33:43 +00:00
|
|
|
x_ cd "${appdir}/"
|
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
|
|
|
mv Rompaq/68*.BIN ec.bin || :
|
2023-04-22 01:04:37 +00:00
|
|
|
if [ ! -f ec.bin ]; then
|
2023-09-28 02:21:42 +00:00
|
|
|
unar -D ROM.CAB Rom.bin || unar -D Rom.CAB Rom.bin || \
|
2023-10-20 03:10:50 +00:00
|
|
|
unar -D 68*.CAB Rom.bin || err "can't extract Rom.bin"
|
2023-10-01 05:33:43 +00:00
|
|
|
x_ mv Rom.bin ec.bin
|
2023-04-22 01:04:37 +00:00
|
|
|
fi
|
2023-09-28 02:21:42 +00:00
|
|
|
[ -f ec.bin ] || err "extract_kbc1126_ec ${board}: can't extract"
|
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
|
|
|
"${kbc1126_ec_dump}" ec.bin || \
|
2023-09-28 02:21:42 +00:00
|
|
|
err "extract_kbc1126_ec ${board}: can't extract ecfw1/2.bin"
|
2023-04-02 00:33:33 +00:00
|
|
|
)
|
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
|
|
|
ec_ex="y"
|
2023-04-02 00:33:33 +00:00
|
|
|
for i in 1 2; do
|
2023-09-27 19:41:21 +00:00
|
|
|
[ -f "${appdir}/ec.bin.fw${i}" ] || ec_ex="n"
|
2023-04-02 00:33:33 +00:00
|
|
|
done
|
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
|
|
|
[ "${ec_ex}" = "y" ] || \
|
2023-09-28 02:21:42 +00:00
|
|
|
err "extract_kbc1126_ec ${board}: didn't extract ecfw1/2.bin"
|
2023-10-20 03:10:50 +00:00
|
|
|
cp "${appdir}/"ec.bin.fw* "${_dest%/*}/" || \
|
|
|
|
err "extract_kbc1126_ec ${board}: can't copy ec binaries"
|
2023-05-06 20:21:42 +00:00
|
|
|
}
|
|
|
|
|
2023-05-14 19:06:03 +00:00
|
|
|
extract_e6400vga()
|
|
|
|
{
|
2023-09-27 15:10:48 +00:00
|
|
|
[ "${E6400_VGA_offset}" = "" ] && \
|
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
|
|
|
err "extract_e6400vga: E6400 VGA offset not defined"
|
2023-09-27 15:10:48 +00:00
|
|
|
[ "${E6400_VGA_romname}" = "" ] && \
|
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
|
|
|
err "extract_e6400vga: E6400 VGA ROM name not defined"
|
2023-09-29 22:03:45 +00:00
|
|
|
tail -c +${E6400_VGA_offset} "${_dl}" | \
|
2023-09-27 19:41:21 +00:00
|
|
|
gunzip >"${appdir}/bios.bin" || :
|
2023-05-06 20:21:42 +00:00
|
|
|
(
|
2023-10-01 05:33:43 +00:00
|
|
|
x_ cd "${appdir}"
|
2023-09-27 19:41:21 +00:00
|
|
|
[ -f "bios.bin" ] || err "extract_e6400vga: can't extract bios.bin"
|
2023-05-06 20:21:42 +00:00
|
|
|
"${e6400_unpack}" bios.bin || printf "TODO: fix dell extract util\n"
|
2023-09-27 15:10:48 +00:00
|
|
|
[ -f "${E6400_VGA_romname}" ] || \
|
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
|
|
|
err "extract_e6400vga: can't extract vga rom from bios.bin"
|
2023-05-06 20:21:42 +00:00
|
|
|
)
|
2023-10-20 03:10:50 +00:00
|
|
|
cp "${appdir}/${E6400_VGA_romname}" "${_dest}" || \
|
|
|
|
err "extract_e6400vga ${board}: can't copy vga rom to ${_dest}"
|
2023-05-06 20:21:42 +00:00
|
|
|
}
|
|
|
|
|
NEW BOARD: Dell Precision T1650
Very nice ivybridge board that supports ECC RAM.
NOTE: I couldn't get onboard graphics working yet, but
this was confirmed working with a graphics card (in my
case nvidia quadra k420) booted in text mode on the SeaBIOS
payload. The GRUB payload also works, when loaded from SeaBIOS.
Therefore, this is a SeaBIOS-only board (as far as first payload
is concerned), but you can pick GRUB from the menu.
You could make it "GRUB-only" in practise by setting SeaBIOS
boot order to only load GRUB, and disable the SeaBIOS menu.
We refer to this as "SeaGRUB".
I've made lbmk use biosutilities and uefiextract, to
get at the SMSC SCH5545 Environmental Control (EC) firmware.
This firmware is needed for fan control. This is automatically
downloaded and extracted, from Dell UEFI firmware updates.
As with other blobs such as Intel ME, this firmware is then
scrubbed by the release build scripts. The blobutil "inject"
script can be used to re-insert it.
Of note: there is no fixed offset, but no other blobs to
be inserted in CBFS either, so the offset when re-inserting
on release ROMs should still be the same, and thus the ROM
checksums should match, when running blobutil inject.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-11 13:50:17 +00:00
|
|
|
extract_sch5545ec()
|
|
|
|
{
|
|
|
|
# full system ROM (UEFI), to extract with UEFIExtract:
|
2023-09-29 22:03:45 +00:00
|
|
|
_bios="${_dl}_extracted/Firmware"
|
NEW BOARD: Dell Precision T1650
Very nice ivybridge board that supports ECC RAM.
NOTE: I couldn't get onboard graphics working yet, but
this was confirmed working with a graphics card (in my
case nvidia quadra k420) booted in text mode on the SeaBIOS
payload. The GRUB payload also works, when loaded from SeaBIOS.
Therefore, this is a SeaBIOS-only board (as far as first payload
is concerned), but you can pick GRUB from the menu.
You could make it "GRUB-only" in practise by setting SeaBIOS
boot order to only load GRUB, and disable the SeaBIOS menu.
We refer to this as "SeaGRUB".
I've made lbmk use biosutilities and uefiextract, to
get at the SMSC SCH5545 Environmental Control (EC) firmware.
This firmware is needed for fan control. This is automatically
downloaded and extracted, from Dell UEFI firmware updates.
As with other blobs such as Intel ME, this firmware is then
scrubbed by the release build scripts. The blobutil "inject"
script can be used to re-insert it.
Of note: there is no fixed offset, but no other blobs to
be inserted in CBFS either, so the offset when re-inserting
on release ROMs should still be the same, and thus the ROM
checksums should match, when running blobutil inject.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-11 13:50:17 +00:00
|
|
|
_bios="${_bios}/1 ${dlsum} -- 1 System BIOS vA.28.bin"
|
|
|
|
# this is the SCH5545 firmware, inside of the extracted UEFI ROM:
|
|
|
|
_sch5545ec_fw="${_bios}.dump/4 7A9354D9-0468-444A-81CE-0BF617D890DF"
|
|
|
|
_sch5545ec_fw="${_sch5545ec_fw}/54 D386BEB8-4B54-4E69-94F5-06091F67E0D3"
|
|
|
|
_sch5545ec_fw="${_sch5545ec_fw}/0 Raw section/body.bin" # <-- this!
|
|
|
|
|
|
|
|
# this makes the file defined by _sch5545ec_fw available to copy
|
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
|
|
|
"${uefiextract}" "${_bios}" || \
|
|
|
|
err "extract_sch5545ec: cannot extract from uefi image"
|
2023-09-29 18:41:34 +00:00
|
|
|
cp "${_sch5545ec_fw}" "${_dest}" || \
|
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
|
|
|
err "extract_sch5545ec: cannot copy sch5545ec firmware file"
|
NEW BOARD: Dell Precision T1650
Very nice ivybridge board that supports ECC RAM.
NOTE: I couldn't get onboard graphics working yet, but
this was confirmed working with a graphics card (in my
case nvidia quadra k420) booted in text mode on the SeaBIOS
payload. The GRUB payload also works, when loaded from SeaBIOS.
Therefore, this is a SeaBIOS-only board (as far as first payload
is concerned), but you can pick GRUB from the menu.
You could make it "GRUB-only" in practise by setting SeaBIOS
boot order to only load GRUB, and disable the SeaBIOS menu.
We refer to this as "SeaGRUB".
I've made lbmk use biosutilities and uefiextract, to
get at the SMSC SCH5545 Environmental Control (EC) firmware.
This firmware is needed for fan control. This is automatically
downloaded and extracted, from Dell UEFI firmware updates.
As with other blobs such as Intel ME, this firmware is then
scrubbed by the release build scripts. The blobutil "inject"
script can be used to re-insert it.
Of note: there is no fixed offset, but no other blobs to
be inserted in CBFS either, so the offset when re-inserting
on release ROMs should still be the same, and thus the ROM
checksums should match, when running blobutil inject.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-11 13:50:17 +00:00
|
|
|
}
|
|
|
|
|
2023-05-14 19:06:03 +00:00
|
|
|
main $@
|