it's been a while since we did encrypted /boot
and the current name sucks.
it's unlikely that anyone still uses it, but
people will soon
change the default assumed lvm name to grubcrypt
and stick to that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
notabug is unreliable, even as a backup.
why, just today, it was offline! all day.
i originally moved libreboot away from notabug,
to codeberg instead, but kept the notabug account
online, and i still push to it when it's online.
however, notabug seems to be in a terminal state
of neglect by its admins, so lbmk should not use it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
flashrom-stable isn't really going anywhere
i'll decide at some future point what to do
with flashrom. for now, just give latest rev
Signed-off-by: Leah Rowe <leah@libreboot.org>
the grub backup was the same gnu server
i decided to host grub on codeberg, as backup
(gnu links as primary is ok)
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's ok for now to use it as a backup.
where only github was specified, i mirrored each
given repository to codeberg as main repo for lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's not actually needed in lbmk
flashrom can be downloaded separately by the user,
if they want to flash their chip
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't put multiple downloads in the same files, except
when they are dependencies that go inside the directory
of another download.
by doing this, the following functionality will become
possible: clean every project or build every project,
or maybe fetch every project, based entirely on the
names of these files.
this will be used later to simplify the release script.
Signed-off-by: Leah Rowe <leah@libreboot.org>
as opposed to the current 3-level structure.
recent build system simplifications have enabled
this change, thus:
./build fw coreboot -> ./build roms
./build fw grub -> ./build grub
./build fw serprog -> ./build serprog
./update project release -> ./update release
./update project trees -> ./update trees
./update vendor download -> ./vendor download
./update vendor inject -> ./vendor inject
alper criticised that the commands were too long,
so i made them shorter!
Signed-off-by: Leah Rowe <leah@libreboot.org>
i previously added this just for kicks, but it's not
actually needed; gnat isn't used on fam15h boards so
lbmk doesn't even use it (it's disabled).
in fact, i tested lbmk with crossgcc_ada handling
taken out, but with said patch; i still got build
errors with gnat anyway, on that old coreboot
revision (but gnat isn't needed there anymore).
Signed-off-by: Leah Rowe <leah@libreboot.org>
We don't really need a custom coreboot tree for Chromebooks. I had added
one, because at a cursory glance to the available config/coreboot/board
subdirectories I had the impression that I should. But upstreams have
one tree for every board and I think we should move towards that too.
Move the one important BL31 makefile patch into the default coreboot
patches, update the gru boards' configs by running savedefconfig in the
cros tree and then running olddefconfig in the default tree.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
By default U-Boot stores EFI variables in a ubootefi.var file in
whatever EFI System Partition it finds, which would be a FAT filesystem.
I'm occasionally finding out while testing that my ESPs somehow end up
with a corrupted filesystem, and I'm suspecting it's this.
For now, disable storing EFI environment variables on disk so that
U-Boot doesn't try to manipulate the filesystem.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Enable U-Boot commands to manipulate EFI environment storage, to
self-test EFI implementation, and to run a basic EFI test application.
These are so that we can test and debug EFI functionality easier.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
U-Boot upstream is switching to a new code framework for discovering and
booting OSes ("Standard Boot", or "bootstd"). Enable more features for
it, including commands we can use for introspection and debugging.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Normally U-Boot immediately resets the board on a panic. I had run into
"Synchronous Abort"s from shim and rEFInd, and having a traceback in
those cases can be useful. Hang instead of resetting, so the panic
reason stays on the screen.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
We should be able to power the board off from U-Boot command line.
Enable the "poweroff" command for gru boards so we can.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
U-Boot can keep a "copy" framebuffer to read from, for devices where
reading from hardware framebuffer is expensive. This needs the video
driver to support it. The Rockchip video driver doesn't need or support
it, so this option does nothing on gru boards. Disable it.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
U-Boot upstream used to have 16KB for EFI variables, and this was
causing problems with shim. Commit f0236acbc6 ("u-boot: Increase EFI
variable buffer size") fixed this by raising it to 32KB in our builds.
It has now been raised to 64K upstream, so raise it here as well.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
For Rockchip boards U-Boot tries to build SPI and MMC images that
require an externally built BL31 file to be provided, and the build
fails otherwise. This is not really as configurable as it should be.
In Libreboot, we only care about the build outputs for U-Boot proper.
There is a BL31 built during our coreboot builds, but using that in
U-Boot builds is a chicken-and-egg problem. Building BL31 outside the
coreboot build and passing it to both projects is possible, but needs
work.
For now, stop trying to build these U-Boot-only images as a workaround,
by removing the binman image descriptions from the device-tree sources.
Additionally, disable in our configs the BINMAN_FDT functionality that
allows using these at runtime as it requires them to be present.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
U-Boot upstream has added a reference counting for regulator enable
actions which somehow makes gru-kevin unbootable. Add a workaround
that makes it work again.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Set default U-Boot revision to v2023.01 and rebase patches on top of
that. Another series about 16x32 fonts was merged upstream, so drop some
now-unnecessary patches we had for that. For the video damage tracking
series, switch to the version I'm trying to upstream.
Upstream kconfig status is a bit unstable, so updating configs with
`make oldconfig` would miss important upstream changes, since they rely
on carrying defaults via upstream defconfigs. Update the configs as
such:
- Turn old configs into defconfigs (./update project trees -s u-boot)
- Save the diff from old upstream defconfig (diffconfig $theirs $ours)
- Update U-Boot revision, rebase patches, and clean old trees
- Prepare new U-Boot tree (./update project trees -f u-boot)
- Review the diffconfigs to see if any options were renamed upstream
- Copy over the new upstream defconfigs and apply earlier diff
- Turn new defconfigs into configs (./update project trees -l u-boot)
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The U-Boot build for qemu_arm64_12mb board refers to a code revision
whereas it uses the common "default" tree, remove the bad reference.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The "u-boot.bin" file generated by U-Boot builds is a raw binary. When
adding payloads to a CBFS, we need to use ELF files with add-payload
or manually pass the entry point and load address of the payload binary
with add-flat-binary.
We primarily use the "u-boot.elf" which gets build with the REMAKE_ELF
option, as it also has the necessary device-tree binary that U-Boot
usually needs to work. When the option is not set (e.g. for QEMU), we
need to use the "u-boot" file which is an ELF.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Riku's mSATA patch for HP8300USDT was merged upstream, so the
patch has been dropped from lbmk because it is contained within
this new coreboot revision.
Signed-off-by: Leah Rowe <leah@libreboot.org>
coreboot closely matches upstream, whose current release
is version 1.2 from 2018, and coreboot has not changed it
in any meaningful way.
the upstream did add patches since, but they are documentation
patches only.
this means: we do not need to use the upstream version
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is for the latest ubuntu release.
the ubuntu2004 config (for ubuntu 20.04) still exists,
and will remain in place.
Signed-off-by: Leah Rowe <leah@libreboot.org>
a user installed these dependencies in popos, but autopoint
was missing during the grub build.
add autopoint to the debian dependencies config.
Signed-off-by: Leah Rowe <leah@libreboot.org>
some users reported build errors. technically, there's
nothing wrong with lbmk but it relies on hostcc, and
hostcc is hit or miss when it comes to cross compiling
32-bit, depending on the build system of whatever project.
lbmk needs to handle cross compilation. for now, i'm just
disabling memtest86plus on non-64-bit hosts.
Signed-off-by: Leah Rowe <leah@libreboot.org>
most of the changes since last revision aren't very
useful to us; most of them pertain to fs/ntfs, but
there is one that is interesting:
48f569c78a496d3e11a4605b0999bc34fa5bc977
kern/acpi: Skip NULL entries in RSDT and XSDT
Signed-off-by: Leah Rowe <leah@libreboot.org>
in the future, we may start downloading files that aren't
blobs, such as mxm port configs (on mainboards that use
MXM graphics)
this directory will contain all of those files
generally change the language used, across lbmk, to make
use of "vendorfile" instead of "blob"
Signed-off-by: Leah Rowe <leah@libreboot.org>
We don't have a directory names "srces", just "src".
Ditto ecs, mrcs <-- it's just ec and mrc
When referring to a file, e.g. blob/t1650/me.bin, that
makes much more sense, because it's a single blob, not
multiple blobs.
Don't pluralise what isn't plural
Signed-off-by: Leah Rowe <leah@libreboot.org>
build/release/src was partly re-written to accomodate this
memtest86plus was patched to have a central Makefile, and
lbmk modified to use that, rather than mess with build32
and build64. the central Makefile just builds both targets
or cleans both targets
Signed-off-by: Leah Rowe <leah@libreboot.org>
The pager causes trouble in some cases, where the user has
to press enter at boot time depending on the configuration.
Interactive use is one thing, but we should leave this
disabled for smoother experience. If the user *wishes* to
use the shell, they can always just enable the pager
themselves by doing:
set pager=1
Signed-off-by: Leah Rowe <leah@libreboot.org>
mrc.bin is now handled by include/mrc.sh, adapted
from now-deleted script/update/blobs/mrc
much of the logic has been re-written or adapted for
inside script/update/blobs/download
mrc links/hashes now defined in config/blobs/sources
the new code is simpler (and smaller). in addition,
lbmk can now easily handle mrc.bin files for other
platforms such as broadwell. watch this space.
the full .zip download is now cached, like with other
vendor downloads. this means it won't be re-downloaded
if it was already downloaded before.
Signed-off-by: Leah Rowe <leah@libreboot.org>
With this change, it's still possible to have a single
file at config/git/revisions, but this has been scrapped.
Instead, multiple files now exist under config/git/ with
the same modules declared, but the files are separated
logically. List of files under config/git:
* bios_extract
* biosutilities
* coreboot
* flashrom
* grub (gnulib also defined here)
* me_cleaner
* memtest86plus
* seabios
* serprog (multiple projects defined)
* u-boot
* uefitool
The rationale behind this change is simple: in the future,
we will stop relying on build systems within imported
projects for the import of git submodules. Instead, we
will handle them directly in lbmk.
Additionally, a Linux payload is planned for Libreboot, made
easier by the recent audit (script handle/make/config makes
it easy to integrate Linux, and handle cross-compilers for
userland utilities); a "linux" file under config/git/ could
also define rules for each project besides linux, such as
musl libc, busybox and other utilities.
Signed-off-by: Leah Rowe <leah@libreboot.org>
It's now 44 revisions above 2.12-rc1, not 17 above.
The additional patches (in GRUB master) contain several
important fixes, including cryptodisk and ZFS fixes plus
a few other interesting changes, namely:
14c95e57fddb6c826bee7755232de62efc8eb45b:
kern/misc: Make grub_vsnprintf() C99/POSIX conformant
296d3ec835ed6e3b90d740e497bb534f14fe4b79:
disk/cryptodisk: Fix missing change when updating to use grub_uuidcasecmp()
42a831d7462ec3a114156d56ef8a03e1d47f19e7:
ZFS: support inode type embed into its ID
96446ce14e2d1fe9f5b36ec4ac45a2efd92a40d1:
ZFS: Fix invalid memcmp
444089eec6042250ce3a7184cb09bd8a2ab16808:
ZFS: Don't iterate over null objsets
7ce5b4911005b2a0bfd716d92466b6711844068c:
ZFS: Check bonustype in addition to dnode type
There are more patches than this, but these are the
ones that strike me as interesting for Libreboot.
Signed-off-by: Leah Rowe <leah@libreboot.org>
sha-1 has known collision issues, which may not be readily
exploitable yet (in our context), but we should ideally use
a more secure method for checking file integrity.
therefore, use sha-2 (sha512sum) for checking files. this is
slower than sha-1, but checksum verification is only a minor
part of what lbmk does, so the overall effect on build times
is quite negligible.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Tested on a Nucleo-F042K6.
That has an onboard stlink:
`st-flash --format ihex write bin/serprog_stm32/serprog_nucleo-f042k6.hex`
The usb port used for flashing is separate, its is exposed on
the pin header instead. Check boards/nucleo-f042k6.h for usb pinout.
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
target.cfg can now specify e.g.
grub_timeout=20
this would then be inserted as timeout.cfg in cbfs,
containing the instruction:
set timeout=20
HP laptops need a bit of extra time, due to the delay
caused by the EC bug workaround deployed in GRUB
desktops in general need extra time. this too is set to
10s, like the HP laptops.
only insert timeout.cfg if actually needed (declared in
target.cfg), otherwise grub.cfg will default to 5s
Signed-off-by: Leah Rowe <leah@libreboot.org>
for example, the beep sound in debian's installer needs
this module.
the cute ding in the arch/artix menu also needs it
Signed-off-by: Leah Rowe <leah@libreboot.org>
now under coreboot mainboards, target.cfg can specify
a background. if not specified, the 1280x800 one is
assumed, and used by default. it can be overridden.
the path should be relative to:
config/grub/background/
Signed-off-by: Leah Rowe <leah@libreboot.org>
this causes a saving of about 131KB uncompressed, when
i tested. we don't need mach kernel support. nobody will
ever use it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this causes a 6.7% decrease in the payload size
these file systems are microsoft(fat, ntfs) or mostly
oldschool amiga and beos file systems
also remove minix modules, and some old linux file
systems that nobody will use in 2023
Signed-off-by: Leah Rowe <leah@libreboot.org>
it doesn't really make sense for them to be under
blobs/ - nominally, they are blobs, but they are
well-understood data files containing config data,
that is easily parsed by tools like ich9show or
ifdtool (and tools like bincfg or nvmutil)
blobs/ has been re-purposed: this directory no longer
exists in lbmk, but it is created (and on .gitignore)
when needed, by blobutil
thus, the blobs/ directory shall only contain vendor
files, and only those files that libreboot scrubs from
releases. therefore, build/release/src can (and has
been) simplified; it currently copies just the ifd and
gbe files from blobs/, selectively, and this logic is
quite error prone, requiring maintenance. now, the
build/release/src script simply copies config/ (which
only ever contains distributable files) and entirely
ignores the blobs/ directory
the blob download script already creates the required
directory, except for the sch5545 download; this is
now fixed
lbmk code size is slightly smaller, due to this patch
Signed-off-by: Leah Rowe <leah@libreboot.org>