Commit Graph

87 Commits (19e7c1eabb3f1f00b8329c3832f239c75041b05d)

Author SHA1 Message Date
Leah Rowe 0158a08111 roms: general code cleanup
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-23 01:10:11 +01:00
Leah Rowe e67cd17164 roms: only support SeaBIOS/SeaGRUB on x86
Never, ever build images where GRUB is the primary payload.

These options have been removed from target.cfg handling:

* seabios_withgrub
* grub_withseabios

The "payload_grub" variable now does the same thing as
the old "seabios_withgrub" variable, if set.

The "grubonly" configuration is retained, and enabled by
default when SeaGRUB is enabled (non-grubonly also available).

Due to lbmk issue #216, it is no longer Libreboot policy to
make GRUB the primary payload on any board. GRUB's sheer size
and complexity, plus the large number of memory corruption issues
similar to it that *have* been fixed over the years, tells me
that GRUB is a liability when it is the primary payload.

SeaBIOS is a much safer payload to run as primary, on x86, due
to its smaller size and much more conservative development; it
is simply far less likely to break.

If GRUB breaks in the future, the user's machine is not
bricked. This is because SeaBIOS is the default payload.

Since I no longer wish to ever provide GRUB as a primary
payload, supporting it in lbmk adds needless bloat that
will later probably break anyway due to lack of testing,
so let's just assume SeaGRUB in all cases where the user
wants to use a GRUB payload.

You can mitigate potential security issues with SeaBIOS
by disabling option ROM execution, which can be done at
runtime by inserting integers into CBFS. The SeaBIOS
documentation says how to do this.

Libreboot's GRUB hardening guide still says how to add
a bootorder file in CBFS, making SeaBIOS only load GRUB
from CBFS, and nothing else. This, combined with the
disablement of option ROM execution (if using Intel
graphics), pretty much provides the same security benefits
as GRUB-as-primary, for example when setting a GRUB password
and GPG checks, with encrypted /boot as in the hardening guide.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-22 22:57:39 +01:00
Leah Rowe 71137b12b4 roms: remove support for "grubonly" seabios
due to lbmk issue #216, it is now unwise to use grub as the
primary payload on any machine; the sheer complexity of grub
and the number of memory corruption bugs that have been fixed
due to auditing over the years, means more such bugs exist.

we now provide seabios as the primary payload on all x86 ports,
but provide a "grubfirst" configuration where a bootorder file
in seabios can be added via cbfs, which tells seabios to load
grub from cbfs first, while still allowing use of the boot select
menu by pressing esc in seabios.

well, the "grubonly" option also disables the seabios esc menu,
so that *only* grub runs. there is no point in using this unless
you want to harden your setup, for example if you want to set up
encrypted /boot and boot that from grub, and have a grub password
disallowing unauthorised bootup of your machine.

see grub hardening guide;
https://libreboot.org/docs/linux/grub_hardening.html

at least as of today, 22 June 2024, that page already says
how to manually disable the seabios menu in the same way, if that
is the setup you want. alternatively, a user may be wily
enough to edit target.cfg for their board and compile a rom
that only has the grub payload in it, if that is what the user
wishes to do.

regardless, the default configurations provided by lbmk must never
be unsafe, norc should the build system support such unsafe
settings;

yes, grub as primary payload is technically still supported in
lbmk. actually, at the time of this revision, i have half a mind
to remove that functionality altogether, so that only seabios is
allowed as primary payload, when compiling a rom image that also
has grub, chainloading grub from the seabios menu instead.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-22 21:44:49 +01:00
Leah Rowe d4d5d2902c use backticks on eval commands, not subshells
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-22 13:46:20 +01:00
Leah Rowe c1527b6114 lib.sh: remove badcmd()
it's bloat. telling the user to rtfm is something that
we already do on irc; they will still ask how to do
everything, and ignore the message from badcmd(), or
they will automatically know to rtfm.

i'm on a massive purge, removing bloat from lbmk as
part of Libreboot Build System Audit 6.

all bloat must go.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-22 13:46:20 +01:00
Leah Rowe fc7ae3e590 lib.sh: more unified config handling
replace it with logic that simply uses "." to load
files directly. for this, "vcfg" is added as a variable
in coreboot target.cfg files, referring to a directory
in config/vendor/ containing a file named pkg.cfg, and
this file then contains the same variables as the
erstwhile config/vendor/sources

config/git files are now directories, also containing
pkg.cfg files each with the same variables as before,
such as repository link and commit hash

this change results in a noticeable reduction in code
complexity within the build system.

unified reading of config files: new function setcfg()
added to lib.sh

setcfg checks if a config exists. if a 2nd argument is
passed, it is used as a return value for eval, otherwise
a string calling err is passed. setcfg output is passed
through eval, to set strings based on config; eval must
be used, so that the variables are set within the same
scope, otherwise they'd be set within setcfg which could
lead to some whacky results.

there's still a bit more more to do, but this single change
results in a substantial reduction in code complexity.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-22 13:44:27 +01:00
Leah Rowe a6b1a6bddb roms: fix lack of backslash on multi-line command
Signed-off-by: Leah Rowe <info@minifree.org>
2024-06-20 22:39:28 +01:00
Leah Rowe 4711296841 Revert "roms: remove build_payloads() and split it up"
This reverts commit 3610667e3d.

The output of some functions in the roms script are used as
an argument in cp and mv commands, also cbfstool. I overlooked
this fact in a previous code optimisation.

Revert it. The change only reduced sloccount by a few lines
anyway.
2024-06-20 02:58:59 +01:00
Leah Rowe 808458ced5 minor code cleanup in the build system
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-20 01:15:06 +01:00
Leah Rowe 185d76f57e roms: merge mkserprog() into main()
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-20 00:46:43 +01:00
Leah Rowe 893e88bc81 roms: don't insert timeout.cfg
this is bloat, because it's something the user can already
do at runtime configuration anyway.

set it to a reasonable default of 8 seconds instead of 5,
and don't honour the timeout variable in target.cfg.

this will be documented in the next release.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-19 14:32:42 +01:00
Leah Rowe abfc799fd5 correction
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-19 14:20:09 +01:00
Leah Rowe a0da8fdef1 roms: reduce indentation in build_grub_roms()
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-19 14:11:54 +01:00
Leah Rowe 383433d4f6 roms: re-introduce accidentally disabled check
i disabled a check in the script, while testing a prior
modification. re-introoduce the check, which is put there
to yield an error condition if no targets were compiled.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-19 01:29:26 +01:00
Leah Rowe 3610667e3d roms: remove build_payloads() and split it up
payloads are compiled before coreboot, but it doesn't matter
to the build speed whether this is done first.

reduce the lines of code by checking payload builds *while*
adding them to the coreboot images. this means that coreboot
is now compiled first, before the payloads.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-19 00:42:01 +01:00
Leah Rowe 29a7123c0c roms: group some commands that are similar
this makes the build_payloads() function nicer to read

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-19 00:06:36 +01:00
Leah Rowe 2d6946775e roms: remove mt86bin variable
it's only meaningfully used once, so just hardcode
the string, which is not set dynamically anyway.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-19 00:03:16 +01:00
Leah Rowe 920e5ba2d9 roms: merge build_uboot_payload to build_payloads
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-18 23:56:39 +01:00
Leah Rowe a96c4b59fd roms: simplify payload_uboot y/n check
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-18 23:49:28 +01:00
Leah Rowe 28682b1a4b roms: simplify the check for serprog srcdir
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-18 02:15:25 +01:00
Leah Rowe b61dd4c258 roms: simplify the loop for building serprog roms
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-18 02:09:26 +01:00
Leah Rowe 6df17860e2 roms: shorten variable serprog_boards_dir
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-18 02:00:47 +01:00
Leah Rowe ea5b5b0720 roms: simplified serprog image copy
use eval to avoid having two mv commands

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-18 01:50:40 +01:00
Leah Rowe ea9bdfce4b roms: rename picosrc variable to rp2040src
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-18 01:44:25 +01:00
Leah Rowe 1a4f97ffd1 roms: remove useless confirmation in mkserprogfw
the user knows where to look. replace it with a single
declaration.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-18 01:22:48 +01:00
Leah Rowe 1881d34dbc roms: merge serprog build into one function
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-18 01:20:40 +01:00
Leah Rowe f7e28964ac roms: remind the user about gkb files
nowadays, we don't insert GRUB keymaps automatically, for
sake of efficiency; without one, the default is US QWERTY.

a user will only want one keymap in particular, so this
is more efficient. in practise, they're either building
from source anyway, or using the inject scripts which
compile cbfstool anyway, so the user will already have
cbfstool.

also output this message from the inject script.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-17 15:50:22 +01:00
Leah Rowe f928ac5c70 roms: rename x variable to it in for loop
there are two for loops that use x as a variable anme,
and an idiosyncrasy of certain sh implementations is
that these become global;

the result in this case was that when you finish building
every target in "./build roms", it would print "libgfxinit"
repeatedly, comma separated, instead of a comma-separated
list of the targets that were built.

work around it by renaming the variable in one of the loops.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-17 01:05:28 +01:00
Leah Rowe 58a451865b roms: don't use x_ to call cproms()
cproms() never returns non-zero, so it doesn't make
sense to use x_ here

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-16 17:56:41 +01:00
Leah Rowe bc853fbb89 roms build_uboot_roms(): move rom, don't copy
that way, we don't have to delete the temporary file.
just move it entirely.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-16 17:50:42 +01:00
Leah Rowe 12b26f207f roms cproms(): allow other commands besides cp
e.g. the operator might specify mv instead

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-16 17:50:13 +01:00
Leah Rowe e67628c6a5 unify coreboot elfdir (DO_NOT_FLASH)
use a common string when setting this path

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-16 17:46:58 +01:00
Leah Rowe 8b58c1eac6 roms: merge mkUbootRom() into build_uboot_roms()
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-16 17:42:34 +01:00
Leah Rowe c3f0a109c3 roms: simplify mkSeabiosRom()
remove variables that are not meaningfully used

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-16 12:54:07 +01:00
Leah Rowe c8944f1ca8 roms: simplify mkUbootRom()
remove variables that are not meaningfully used

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-16 12:51:47 +01:00
Leah Rowe 92aa83a236 roms: simplify build_roms()
cbcfg is already a global variable, so there's no reason
to set it again at the start of this function.

remove the check for whether the given coreboot config
exists, to the calling function instead of build_roms().

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-16 12:46:03 +01:00
Leah Rowe d3e7886450 roms: remove unnecessary check
uboot_config is later only used if payload_uboot is set

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-16 12:42:57 +01:00
Leah Rowe 6dc0515583 roms: further clean up build_grub_roms()
the tmpcfg variable will be useful elsewhere, for
the same kind of change as before.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-16 01:11:46 +01:00
Leah Rowe 0e9b36c581 roms: simplify timeout/scandisk insertion
we don't need to call mktemp everytime.
just use a staticly named file in tmpdir
and keep overwriting it.

these files are only small, and they get deleted
when the build system exits later on.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-16 01:08:40 +01:00
Leah Rowe 3a7b3660f9 roms: simplify seagrub check in build_grub_roms
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-16 01:05:28 +01:00
Leah Rowe 4b764d26fd roms: simplify mkserprog()
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-16 00:53:21 +01:00
Leah Rowe 167e7447a5 roms: simplify the serprog build functions
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-16 00:48:36 +01:00
Leah Rowe 7bc9fcc342 script/roms: fix serprog build commands
forgot to shift

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-16 00:40:57 +01:00
Leah Rowe 0dfe3aed91 roms: simplified ubootelf check
we check it twice, which we don't need to do.

we only need to check it once!

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-15 23:58:27 +01:00
Leah Rowe a9166898d2 roms: simplify grubonly check in configure_target
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-15 23:43:02 +01:00
Leah Rowe 90017cdc56 roms: simplify seagrub check in configure_target
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-15 23:38:19 +01:00
Leah Rowe 817004e151 roms: don't use x_ to call build_grub_roms
build_grub_roms never returns a non-zero value

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-15 23:31:26 +01:00
Leah Rowe 340eea0b1c grub: insert background in memdisk instead
the background is only a few kb. the whole rationale
before was to limit the space used in memdisk, but this
decision was made when the background was much bigger;
it has since been optimised greatly, and the grub modules
were heavily reduce, so it should be safe.

grub's memdisk breaks when you add too much data to it.
as part of simplifying the rest of lbmk, this change removes
some more bloat from the rest of lbmk. handling this in the
memdisk is much simpler than handling it with cbfstool.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-15 23:15:27 +01:00
Leah Rowe ed9c90e59d roms: unify all add-payload commands
add a generic function that can insert payloads with lzma
compression, or raw files without compression

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-15 23:15:25 +01:00
Leah Rowe 26451775d5 roms: don't add grub keymaps at all
if not inserted, the default keymap is usqwerty.

don't waste ssd write cycles copying so many images,
or cpu time compressing so many. the user can simply
add a keymap.gkb file to cbfs and it will work fine.

this will be documented in the next release.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-15 18:35:20 +01:00