The deguard utility is executed within a subshell, and
the subshell does not handle error status. This patch
fixes that, so that the main shell also exits non-zero.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is using Mate Kukri's port, which was added in
previous lbmk revisions. I've added an IFD that sets
the HAP bit, and unlocks regions as standard.
vcfg is set to 3050micro, which defines downloading
of the MEv11 image and it will run deguard automatically.
I made a small adjustment to vendor.sh, because the hotpatch
logic for deguard uses -C in git, and when doing that, the
specified directory path is relative to that Git repository;
the .patch path has been adjusted accordingly.
Also add 3rdparty/fsp to coreboot/default modules.
This board requires the ifdtool option: -p sklkbl
The -p option tells flashrom what quirks are present in a
given IFD. We don't normally need this on other Libreboot
targets that we currently support. The -p option was needed
for creating this modified IFD, and it is therefore needed in
the inject script. Therefore, an "IFD_platform" option is
specified in a given board's target.cfg file. If this is set,
another variable is set that makes -p be used.
In this case, 3050's target.cfg says:
IFD_platform="sklkbl"
This option enables quirks for skylake/kabylake descriptors,
as required when using ifdtool.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Copy the downloaded deguard source code into appdir,
and patch it to run as part of lbmk, instead of
standalone. The archived one in src/ is not directly
used; instead, the hotpatched version is used.
This is because the standalone version already has
download logic for the .zip file, but we already
cache that file in cache/ and use that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the output isn't really super critical, because it pertains
to files that would just result in a coreboot build error
if they didn't extract, which would still allow me to know
if a given extract function failed.
however, the extract function shows a lot of error output
because it literally bruteforces various extract methods,
when dealing with vendor files.
mitigate this by just printing the errors to /dev/null. this
will prevent users from erroneously thinking that lbmk is
operating under error condition, when it isn't. we do sometimes
get questions about it on irc.
fewer questions on irc is better.
Signed-off-by: Leah Rowe <leah@libreboot.org>
same as the last change. we must avoid use of make variables,
in sh specifically, when handling these configuration files.
Signed-off-by: Leah Rowe <info@minifree.org>
instead, only grep for the entries required, such
as Intel ME paths.
some variables in coreboot configs use $(), which
is used in *make*, on the coreboot build system, and
there refers to variables.
here, we are sourcing them from sh, which treats this
as a mini subshell to run a command; for example
CONFIG_FOO would be executed, which is bad.
The current logic still theoretically has this problem,
with this patch, but the entries we scan from the configs
do not currently have variable names in the strings.
So: filter out just what we need, into a temporary config,
when scanning for vendor files in coreboot configs, and
use the temporary config.
This fixes a build error when compiling for e5520_6mb.
Signed-off-by: Leah Rowe <info@minifree.org>
single-tree projects cannot be handled in bulk, e.g.
./mk -f project1 project2 project3
that is still the case, from the shell, but internally
it is now possible:
mk -f project1 project2 project3
mk() is a function that simply handles the given flag,
and all projects specified.
it does not handle cases without argument, for example
you cannot do:
mk -f
arguments must be provided. it can be used internally,
to simplify cases where multiple single-tree projects
must be handled, but *also* allows multi-tree projects
to be specified, without being able to actually handle
trees within that multi-tree project; so for example,
you can only specify coreboot, and then it would run
on every coreboot tree.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the me_extract function prefixes it with PWD in
some cases, but we can't predict where appdir
will point to.
the "app" directory is not intended to be a cache
anyway, so it doesn't make sense to put it in
the cache directory.
it's essentially scratch memory.
Signed-off-by: Leah Rowe <leah@libreboot.org>
XBMK_CACHE is now used, instead of hardcoding cache/
this is exported initialised to cache/, if unset.
this means you can set your own directory, and it means
./update release will use the same directory.
this means bandwidth wastage is further avoided.
Signed-off-by: Leah Rowe <leah@libreboot.org>
lbmk must still define payloads, but specific configs
may use coreboot's build system instead.
you might use this to add your own config with, say,
tianocore payload, using coreboot.git to build it,
rather than using lbmk's choice of payloads.
Signed-off-by: Leah Rowe <leah@libreboot.org>
lib.sh download() is used by subfile handling in git.sh,
e.g. crossgcc tarballs, and also the vendor scripts.
vendor files are cached, but not subfiles for repos.
cache both, under cache/file/, saved with the name equal
to the checksum, so: cache/file/CHECKSUM
also move vendorfiles/app/ to cache/app/ in this change.
Signed-off-by: Leah Rowe <leah@libreboot.org>
-d does the same as -b, except for actually building
anything! in effect, it does the same as -f (fetch)
except that the resulting variable assignments will
not be recursive (as with -f).
if -d is passed, configuration is still loaded, defconfig
files are still cycled through, and more importantly:
helper functions are still processed.
the grub, serprog and coreboot helper functions have
been modified to return early (zero status) if -d is
passed.
this behaviour will be used to integrate vendor.sh
logic in with the trees script, for cases where the
user wants to only handle vendor files. e.g.:
./update trees -b coreboot x230_12mb
this would download the files as usual, build coreboot,
with those files, and then build the payloads. but:
./update trees -d coreboot x230_12mb
this would download the files, NOT build coreboot, and
NOT build the payloads.
this change increases the sloccount a bit, but i'm relying
on the fact that the vendor.sh script already re-implements
config handling wastefully; the plan is to only use trees.
for now, simply stub the same ./vendor download command.
there is one additional benefit to doing it this way:
this method is *per-kconfig* rather than per-target.
this way, one kconfig might specify a given vendor file
that is not specified in the other. although the stub
still simply handles this per target, it's done in premake,
which means that the given .config file has been copied.
this means that when i properly re-integrate the logic
into script/trees, i'll be able to go for it per-kconfig.
the utils command has been removed, e.g.
./update trees -b coreboot utils default
the equivalent is now:
./update trees -d coreboot default
this would technically download vendor files, but here
we are specifying a target for which no kconfigs exist;
a check is also in place, to avoid running the vendor file
download logic if tree==target
the overall effect of this change is that the trees script
no longer contains any project-specific logic, except for
the crossgcc build logic.
it does include some config/data mkhelper files at the top,
for serprog and coreboot, so that those variables defined in
those files can be global, but another solution to mitigate
that will also be implemented in a future commit.
the purpose of this and other revisions (in the final push
to complete lbmk audit 6 / cbmk audit 2) is to generalise as
much logic as possible, removing various ugly hacks.
Signed-off-by: Leah Rowe <leah@libreboot.org>
stub it from the trees script. the way it works now,
there is less code in the build system.
./build roms
this is no longer a thing
./build roms serprog
this is also no longer a thing. instead, do:
./update trees -b coreboot targetnamehere
./update trees -b pico-serprog
./update trees -b stm32-vserprog
the old commands still works, which causes the new
commands to run
coreboot roms now appear in elf/, not bin/, as before,
but those images now contain payloads.
NOTE: to contradict the above: ./build roms is no
longer a thing, in that it's now deprecated, but
backward compatibility is present for now. it will
be removed in a future release.
./build roms list also still works! it will do:
./update trees -b coreboot list
also:
./update trees -b grub list
this is now possible too
if a target "list" is provided, for multi-tree sources,
the targets are shown.
there is another difference: seagrub roms are now seagrub_,
instead of seabios_withgrub.
seabios-only roms are no longer provided, where grub is also
enabled; only seagrub is used. the user can easily remove
the bootorder file, if they want seabios to not try grub first.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the next command is a copy, which would give us the error
if the file doesn't exist, and an appropriate message
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is over-engineering, because we do not allow just
about any path to be provided; it's not provided as an
argument in a command, for example.
this is dictated by a configuration file, which we control.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we don't need to check whether the binary exists, because
make already does that for us.
we still need to check that the directory exists, because
older versions of coreboot did not include kbc1126, and we
do still use older coreboot revisions on some boards.
Signed-off-by: Leah Rowe <leah@libreboot.org>
if injection is attempted, verification comes next,
and verification fails.
this happens for kcma/kgpe amd boards, where pike2008
fake roms are inserted by inserting the correct pci
ids using /dev/null as a source. an empty pike2008 rom
prevents seabios from loading the real pci rom, and this
is done because the real one hangs SeaBIOS.
a similar fix was made for ./vendor download, but
overlooked for ./vendor inject. this patch fixes that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
again: the trees script already checks binaries,
and already checks sources. if they exist, the
relevant action is skipped entirely.
we don't need to check it in vendor.sh, because the
trees script already performs the same check.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Leah Rowe