the x_ function doesn't handle arguments with spaces
well, and this cd command is going to an asterisk, so
it's unknown what the resultant string will be.
Signed-off-by: Leah Rowe <leah@libreboot.org>
at present, lbmk can remove microcode updates on images for
a given target, if the target specifies
microcode_required="n" in target.cfg
lbmk then provides images with microcode, and images without,
in a given release. although the user can also remove them
manually, this just makes it a bit more convenient, for those
users who do wish to run without the updates. this functionality
is provided only on those platforms where no-microcode is tested.
well, this behaviour implements a compromise on libreboot policy,
which is to always include microcode updates by default. see:
Binary Blob Reduction Policy
the *canoeboot* project now exists, developed in parallel with
libreboot, and it ships without microcode updates, on the same
targets where lbmk also handled this.
running without microcode updates is foolish, and should not
be encouraged. clean up lbmk by not providing this kludge.
the libreboot documentation will be updated, telling such users
to try canoeboot instead, or to remove the update from a given
libreboot rom - this is still possible, and mitigations such as
PECI disablement on GM45 are still in place (and will be kept),
so that this continues to work well.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the purpose of script/update/release is not to test the
build system, but to build release archives.
testing of lbmk is done during the course of development.
remove this bloat from the release script. we run the nuke
mode anyway, to scrub blobs from releases, which will more
or less test the logic in that script (the only difference
is that it runs e.g. ifdtool --nuke instead of -i).
Signed-off-by: Leah Rowe <leah@libreboot.org>
why are we distributing gcc at all?
the coreboot build system downloads it at build time,
and the GNU rsync mirrors aren't going anywhere.
simplify script/update/release by not handling gcc.
this means: release archives will no longer contain gcc.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this affects 8460p and 8470p only, as the others' updates
aren't common across different boards
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
don't handle "romtype" at all, in board target.cfg files
add /dev/null as pike2008 rom on amd boards. this serves
the same purpose, adding them as empty vga roms, to add
an empty rom in cbfs. pike2008 cards cause seabios to hang,
when their oproms are executed, so we insert a fake rom
on i945 thinkpads, use the coreboot config option:
CONFIG_INTEL_ADD_TOP_SWAP_BOOTBLOCK
when set, this enables the same bootblock copy, for use
with bucts. these two cases, namely pike2008 roms and
i945 bootblock copies, no longer need to be handled in code
Signed-off-by: Leah Rowe <leah@libreboot.org>
the shellball (for extracting the coreboot rom, to get
at mrc.bin) contains lines that are not posix-friendly.
specifically, the "local" command is used, and this is
not defined for posix sh.
the shellball is essentially just a bunch of shell
functions that compress/decompress the zip file,
containing the firmware update. you can modify the
files and re-run the shellball to recompress, though
lbmk just uses the decompress function.
as pointed out by Nicholas Chin, it is possible to just
run "unzip" directly on the update, to get at bios.bin.
we don't really need all the extra checks performed by
the shellball, so let's just bypass it altogether.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the x220 edp patch invalidated lots of configs, so
i did: ./update trees -u coreboot
this is the resulting patch
Signed-off-by: Leah Rowe <leah@libreboot.org>
only call crossgcc for coreboot and u-boot, but use
hostcc for everything else. simplify the checking of
which architecture to compile for. "arch" in target.cfg
files has been modified, to allow further simplification.
without this patch, the logic currently only *barely* avoids
using crossgcc on things like utils, and only works in practise
because, in practise, lbmk only works on x86_64 anyway.
the new logic, as per this patch, is simpler and more robust.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The component 1 and 2 densities were still set to 8 MiB and 4 MiB
respectively, which is incorrect for 16 MiB only configurations.
Change the component 1 density to 16 MiB so that the address space
gets properly mapped to SPI 1. In addition, change the number of
components field (byte 0x15) to 0x00 to indicate 1 flash chip.
Signed-off-by: Nicholas Chin <nic.c3.14@gmail.com>
Inside the BIOS update, there's 68SCE and 68SCF variants.
Based on Qubes HCL and browsing linux-hardware.org, these are
Probook 6360b and Elitebook 8460p respectively.
I checked the KBC1126 EC Firmwares within the update file, both
use the exact same firmware images. Following-up will be a very
similar but untested port for 6360b.
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
remove unnecessary "continue" command. it's written
at the end of a for loop, where it'll continue anyway
Signed-off-by: Leah Rowe <leah@libreboot.org>
this part of the code *must* return. the for loop
afterwards must not be permitted to execute.
it's unlikely that this would ever occur, unless
perhaps the user is using a very buggy sh.
Signed-off-by: Leah Rowe <leah@libreboot.org>
there are special menuentries just for loading
configs, without handling luks, lvm and whatnot.
it's intended for users of cd/dvd drives. well,
now we support both extlinux and grub, with this patch.
Signed-off-by: Leah Rowe <leah@libreboot.org>
isolinux/syslinux/extlinux config files should all work,
using the syslinux parser function in grub
the current behaviour is to only search for grub.cfg,
so extlinux users can't use the default libreboot setup.
with this change, their systems should hopefully work.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the so-called EFI System Partition (ESP) is used
on many UEFI-based setups. some users may be
migrating to libreboot, so let's support it.
on BIOS setups, it would be e.g.
/boot/syslinux/syslinux.conf
on UEFI setups, it would be e.g.
/boot/EFI/syslinux/syslinux.conf
additionally, support scanning for extlinux.conf
Signed-off-by: Leah Rowe <leah@libreboot.org>
lvm/* is slow to resolve in grub, on some machines,
because grub enumeration is very slow in general.
however, many people will install distros with any
number of lvm configurations, so we should try to
support them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This reverts commit 20389655e4.
If the user actually has encryption, but has /boot unencrypted,
this will considerably slow down the boot, so the patch has
been reverted.
The patch was originally meant to favour encrypted /boot
setups, but the old behaviour also still works there.
when the user sets up an encrypted machine, grub.cfg
defaults to non-encrypted setups if found, first
this patch reverses the order, deferring to
non-encrypted installations only when encrypted ones
are unavailable
Signed-off-by: Leah Rowe <leah@libreboot.org>
These systems have a report that the unlock utility does not work.
Until there are multiple reports of failed unlocks and a technical
determination of why it doesn't work, they will not be listed as
explicitly unsupported.
As this utility requires access to /dev/mem, the default protections of
Linux and OpenBSD must be relaxed to allow this. Make a note of this in
the instructions.
The old Open Security Training site had a course called Advanced x86:
BIOS and SMM Internals, which had a set of slides outlining the method
to supress SMIs by changing the GBL_SMI_EN bit. Add a reference to it as
this is where I originally learned of this method.
Leah Rowe
Leah Rowe