previously, "normal" initmode relied on the vgarom-based
seabios config, which enables option roms, but then lbmk
would insert pci-optionrom-exec 0 for vgarom, and 2 for normal
in libreboot, coreboot roms with "vgarom" in the filename do
pci option rom execution from coreboot, and "normal" roms
do execution from seabios(where seabios is the only payload
provided on normal setups)
this is because payloads like grub can also be used, on vgarom
setups, where coreboot must handle oprom execution
i downloaded this file from git manually at some point,
when rebasing changes (i think it was the ec ones)
the logic in the file is correct but i forgot to mark
it executable
without this commit, lbmk fails utterly, on all the newer
intel boards
This is useful for e.g. HP EliteBook 2560p.
In coreboot config, enable e.g. (for lbmk blobutil):
CONFIG_KBC1126_FW1="../../ec/hp2560p/ec.bin.fw1"
CONFIG_KBC1126_FW2="../../ec/hp2560p/ec.bin.fw2"
In resources/blobs/sources you would have these entries:
EC_url
EC_url_bkup
EC_hash
In cases where the vendor update file contains a full
ROM image encompassing IFD+GbE+ME+BIOS, blobutil was
saving the *entire* ROM containing those, as me.bin.
For example, if it's an 8MB ROM, blobutil would create
a me.bin file that is actually the whole ROM containing:
* Vendor IFD region
* Vendor GbE(if it has one)
* Vendor ME region
* Vendor BIOS region
This fix tries with -M and -O first. In this combination,
me_cleaner shall extract me.bin (neutered) and save it.
If that fails, then the normal method with just -O is
tried, which by this logic would always be a lone ME
image if it succeeds.
I tested downloading ME images on existing boards with
this, and it didn't break them, and this fixes the bug.
This is done for HP 8200 SFF which Riku_V is adding to
lbmk. I'm on IRC with Riku_V as I write this commit
message! Super hot hotfix patch.
don't download it. keep it in lbmk.
libreboot moved to codeberg for git hosting,
and i didn't want to keep lugging around an
extra git repo just for one tiny project.
Bruteforce it. Some executables are just using inno
archival but some are simple LZMA. This patch handles
both of them, and also the event where you have LZMA
compressed files (even LZMA compressed files within
LZMA compressed archives) within any inno/lzma compressed
executable.
It recursively scans inside a vendor update, to find
a me.bin files for neutering with me_cleaner.
This is in preparation for two new ports in Libreboot:
* HP EliteBook 8560w
* Apple MacBook Air 4,2 (2011)
This script can literally be used with multiple vendors now.
It is no longer specific just to Lenovo. I originally did
this and other recent commits to the file, as one big
commit, but I decided to split it all up into small commits.
Top-down order is easier to read, for greater understanding.
What's moved is initialisation. The glue that calls Build_deps
and Download_needed still need to be at the bottom.
When using e.g. -p grub in build/boot/roms, it will
error out. This patch fixes that.
E.g.
./build boot roms t440pmrc_12mb -p grub
Seldom used feature and it was overlooked. Most people
won't use the option that triggered the error.
libre mrc on haswell is quite buggy for now, but works in
a limited fashion
this patch re-adds the old configs, but as _mrc for example
t440p_12mb_mrc instead of t440p_12mb
and t440p_12mb (without _mrc) still uses the libre mrc code
courtesy of Angel Pons from the coreboot project
this uses the following patch set from gerrit, as yet
unmerged (in coreboot master) on this date:
https://review.coreboot.org/c/coreboot/+/64198/5
logic for downloading mrc blobs has been deleted from
lbmk, as this is now completely obsolete (for haswell
boards)
if other platforms are added later that need mrc.bin,
then logic will be re-added again for that
this fixes the build error:
Error: name not set
Usage: ./download gitmodule [name]
when running:
./download all
running "all" runs all scripts under downloads,
one of which was the gitmodule script itself, therefore
being run without argument
some checks check for specific utils, which are
then used to indicate the existence of other utils,
which means that building them singularly, as is
currently done, may result in errors later if another
tool doesn't exist compiled yet
this is an obscure bug, fixed by this patch. more of a
workaround really. a dirty hack. when checking for any
of the coreboot utilities required, build all coreboot
utilities that are possibly required
the utilities are small enough that this does not add
much extra time to build, and in most cases, all of them
will be needed anyway
By making lbmk fully POSIX-compliant, it will be easier to port lbmk to
other systems implementing POSIX such as Alpine Linux and FreeBSD.
Signed-off-by: Ferass 'Vitali64' EL HAFIDI <vitali64pmemail@protonmail.com>
Add U-Boot to the source release script's modules list so that it is
included in source release tarballs. Don't include the unused upstream
source and .git directories.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Copy the resources/scripts/build/clean/crossgcc script and adapt it to
run "make distclean" on U-Boot build trees. Some build artifacts persist
after the run, so also run "git clean -fdx" if we can.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
U-Boot build dependencies are listed on their online documentation [1],
but the listed Debian packages also include test-only dependencies.
While installing dependencies, install the packages necessary to build
U-Boot, except for the test-only ones I could identify.
[1] https://u-boot.readthedocs.io/en/latest/build/gcc.html
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
U-Boot runtime configuration is done with a device-tree file, which is
built alongside the executable in the upstream build system, and must be
available to U-Boot at runtime.
This device-tree is normally not linked into the default "u-boot" ELF
file. So far we have been handling it by re-creating a "u-boot.elf" from
the raw binary parts by setting REMAKE_ELF, and using that as the
coreboot payload. Unfortunately, that fails to build for x86 boards,
more specificly the "coreboot" boards upstream.
It's also possible (but discouraged) to set OF_EMBED to embed the
device-tree file into the U-Boot itself, in which case we could use the
"u-boot" file as the payload on the "coreboot" boards. Add support for
using the "u-boot" file as the payload if "u-boot.elf" doesn't exist.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The roms_helper script skips building crossgcc-i386 if its target
directory exists. Skip it for other architectures as well.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Add the coreboot-built cross-architecture toolchains to the PATH so that
modules and payloads can use them. When building for a foreign-arch
board, also export CROSS_COMPILE pointing to the appropriate prefix.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
This re-applies commit a69855f7e4 ("Build 32-bit crossgcc for AArch64
as well") which was inexplicably reverted along with unrelated changes.
Mention in a comment that building crossgcc-arm is necessary for
AArch64.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
When overriding which payloads will be built with the -p command line
argument, the roms_helper script builds the Memtest86+ payload before
checking if it should be disabled. Move the build command after the
command line override.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
When overriding which payloads will be built with the -p command line
argument, the roms_helper script doesn't disable the U-Boot payload.
Disable it in this case.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The U-Boot download script does its work from the repository root
instead going into the newly created dirs, unlike the coreboot
counterpart. It should run the board-specific extra.sh files with the
downloaded paths as their working directory. Do so by a subshell.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The no-argument form of the U-Boot download script prepare trees for all
boards when run with no arguments, like the corresponding script for
coreboot. The usage text for this case was removed without any changes
to the corresponding code, assume it was by mistake and add it back.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Removing the git dirs was part of deblobbing, which Libreboot no longer
cares about. The variable that triggers it is no more. Remove the dead
code.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
this is a hangover from pre-osboot-merge libreboot. the idea
was to distribute fsdg uboot archives
lbmk has uboot support, and releases will simply
include uboot in the main src archive like with everything else
the --nuke option in ifdtool will be used instead, to nuke
the ME regions in specific rom sets (and cbfstool will be
used to delete mrc.bin files from rom sets)
the new method being implemented is heavier on disk io, but
simplifies lbmk, and disk io could still be optimised in
the following ways:
* when copying roms from boards with ME in them, use
ifdtool --nuke to get filename.rom.new, and *move* (not copy)
filename.rom.new to the new destination (for use with tar)
* possibly modify ifdtool to make efficient use of mmap for
disk i/o; it currently loads entire roms into an allocated
buffer in memory
the intended use-case scenario was one in which vga rom initialisation
would be used, on desktop configurations, but without coreboot itself
handling vga rom initialisation, instead leaving that task to seabios
it was assumed that grub, when running on the bare metal with
build option "--with-platform=coreboot" would be able to display
like this, but it is not so when tested
in such setups (add-on gpu with grub payload), it is necessary to
extract the video bios and insert it into the coreboot rom, having
coreboot handle such execution. this is beyond the scope of lbmk,
in context of automated building, because we cannot reliably predict
things such as PCI IDs
do away with this build option entirely, for it does not serve the
intended purpose. it will be necessary to run PC GRUB instead (build
option --with-platform=i386-pc). PC GRUB can still read from CBFS,
and you could provide it as a floppy image file inside CBFS for
SeaBIOS to execute. in this setup, GRUB would function as originally
intended by the seabios_withgrub option; such a configuration is
referred to as "SeaGRUB" by the libreboot project, and experimentation
was done with it in the past, to no avail
it's better to keep things simple, in the libreboot project. simpler
for users, that is
buggy, buggy, buggy, buggy, buggy, buggy, buggy
full of bugs, these boards never worked properly. i got ripped
off with these.
now i'm ripping off the band aid
use dasharo if you want d16 stuff. i'm done with it.
python2 is eol and the only thing that needed it was build scripts
inside tianocore, back in osbmk days when tianocore was supported
in the (osboot) build system. nothing else requires it, so chuck it
In recent coreboot versions, running distclean started to erase the
cbfstool binary we built earlier in the util/cbfstool dir via the
cbutils build script call. The coreboot build puts it in a different
directory, and the roms build script can't find it when trying to add
payloads to the roms. This doesn't make the script fail (because set -e
is stupid like that), and the build appears to succeed if you don't look
close enough to see the "cbfsutil not found" error.
Build the coreboot utils we want at the places we want them after
calling distclean, so that we can actually use cbfsutil and avoid
silently-broken roms with newer coreboot versions.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
This enables embedding U-Boot into the coreboot roms as the payload. For
now, the ELF file generated by enabling CONFIG_REMAKE_ELF is used, which
includes the U-Boot binary and the board-specific device-tree file. It
might be better to use the FIT payload support for U-Boot, but that was
reportedly broken and is not tested yet.
Coreboot boards can specify payload_uboot="y" in their board.cfg to
enable building a rom with U-Boot as the payload, which is built from
the U-Boot board with the same name. Boards can further specify a
uboot_config option, to choose which board-specific config file U-Boot
should be built with.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The 32-bit ARM cross compiler toolchain is used to build parts of
arm-trusted-firmware needed by AArch64 boards, compile the toolchain for
those boards as well.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The code that compiles coreboot crossgcc changes the working directory
to the coreboot directory, and the following code cannot find the lbmk
scripts that it needs to run. Compile ARMv7 and AArch64 cross compilers
in a subshell like in the x86 case so the rest of the script can work.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
These are almost verbatim copies of coreboot versions, but using
'u-boot' instead of 'coreboot' and 'ub*' instead of 'cb*'.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
This enables building U-Boot for boards which have config files in
resources/u-boot, and copying built files that could be usable to make
coreboot payloads. Right now, there is no such board in this repo.
The most important file here is "u-boot.elf", which is a combination of
the U-Boot binary and the appropriate device-tree file for the board.
Building this needs CONFIG_REMAKE_ELF=y on the U-Boot part, and using
this with CONFIG_PAYLOAD_ELF=y on the coreboot build works fine.
Note that this isn't enough to make U-Boot-only releases, since
low-level prerequisites like arm-trusted-firmware aren't passed in to
the U-Boot build system. Coreboot builds its own copy of TF-A and sets
it up on the board, so using these U-Boot builds as payloads should
still work.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Downloading coreboot and U-Boot takes quite the disk space and bandwith.
We don't need to download entire repos, only the revisions that we are
interested in.
Use the --depth=1 option to only download the files we need. Since the
initial clones may not have our target revision, always try to fetch it.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Keeping the git repositories is useful while development, e.g. to avoid
git cloning repositories over and over again while debugging download
scripts. Setting the NODELETE environment variable keeps the blobs and
the git repositories. Allow a slightly finer-tuned version of this where
we can keep only the git-related files by setting the variable to "git".
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Add a 'v2022.07' pseudo-board for the U-Boot download script with the
default blobs list, and mark the version as supported in u-boot-libre
release script.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The coreboot download removes .git folders as they still contain the
removed blobs, remove those in the U-Boot version as well.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Although it's unlikely, boards might want to run extra commands after
the board-specific U-Boot directories are prepared. Copy the existing
mechanism for that from the coreboot download script to the U-Boot one.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Boards may need different sets of patches to be applied to their U-Boot
builds, copy the existing mechanism from the coreboot download script to
the U-Boot download script.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The coreboot download script tries to update submodules, since coreboot
does use git submodules to retrieve and compile the projects it depends
on. Although U-Boot doesn't use submodules, try to update them anyway to
match the coreboot download script.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The coreboot download script uses GitHub as a fallback if the upstream
coreboot is unavailable, use a similar fallback for U-Boot as well.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Boards may want to specify a board-specific U-Boot revision. At the very
least, pseudo-boards for u-boot-libre releases will need to specify their
U-Boot versions somehow.
Copy the existing mechanism from download/coreboot for specifying
build info with board.cfg files. Specify the commit hash for the
'v2021.07' pseudo-board, and 'master' as the default.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The U-Boot download script is designed to help with releasing
u-boot-libre and it can only prepare a generic U-Boot v2021.07 tree.
However, we will need to build board-specific versions of U-Boot to be
able to use it as a coreboot payload effectively.
As a first step toward that, make the download script prepare per-board
copies of U-Boot v2021.07. Then, add a 'v2021.07' pseudo-board for the
u-boot-libre release script to work on.
The u-boot-libre deblob script hash ends up chaning due to copying my
author attribution from the download script, update its hash.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The u-boot-libre tarball contents' mtimes are an unconventional value
due to timezone confusion. For reproducibility, timestamps like these
are usually set by a SOURCE_DATE_EPOCH which is respected by both
coreboot and U-Boot. Use it in the u-boot-libre release script as well,
and properly set the mtimes to the Unix epoch when it's not defined.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The u-boot-libre release script copies the blobs list into the release
as the deblob script, presumably due to a copy-paste error. Fix it to
correctly copy the generated deblob script.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The checksums in tests/u-boot-libre.sha512 do not match the tarballs
generated by this script when ran on a different timezone, e.g. UTC+3.
Explicitly specify a timezone for the tar command that makes the
tarballs match the checksums.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
I was running into a race condition when rebuilding seabios with a high cpu count,
resulting in failure with this error message:
cc1: fatal error: can't open 'out/src/asm-offsets.s' for writing: No such file or directory
Performing the silentoldconfig step before the full make step seems to resolve the failure.
When running ./download all, we have the following error:
resources/scripts/download/coreboot: Line 52: $1 is not set.
The ./download all command was broken by the following commit:
2bb805e2e0 (download: Add --help in the
individual download scripts).
Reported-by: madbehaviorus[m] on #libreboot on liberachat
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Without that fix we have the following warning during the download:
Cloning into 'u-boot/u-boot'...
warning: redirecting to https://source.denx.de/u-boot/u-boot.git/
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
This should enable various distributions and build system to reuse
the generated script to deblob u-boot releases themselves.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
This should enable various distributions and build system to reuse
that blob to deblob u-boot releases themselves.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
The tar options come from the tutorial to remove archives metadata at
reproducible-builds.org[1].
[1]https://reproducible-builds.org/docs/archives/
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
This doesn't change the existing usage of the scripts:
- For the Coreboot script, before this change, all arguments that were
passed were considered as board to download the Coreboot source code
for.
Here we added the '--help' and '--list-boards' arguments, so it
should not be an issue as it is extremely unlikely that a board
would be called '--help' or '--list-boards'.
- All the other scripts don't use any arguments so passing --help
should not conflict with the existing usage.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
If the script is named u-boot-stable-src-release and that users see an
u-boot-libre tarball they will not make the link between both unless
we rename the script.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Many people using FSDG compliant distributions or wanting to use one
are already familiar with linux-libre. This change renames the
resulting tarball to u-boot-libre to make it easier for people to
understand the goal of this tarball.
In addition we also rename the version from v2021.07 (which is the git
tag corresponding to the release) to 2021.07 as u-boot upstream
tarballs use that.
The revision wasn't bumped as we didn't have any releases of
u-boot-libre yet.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Once the tarball are released, it will enable distributions to use
these tarballs to produce deblobbed u-boot packages.
Note that the produced tarball is not reproducible yet. Because of
that it has to be trusted.
During a release, it's a good idea to sign the uncompressed tarball as
the various compression formats and associated tools make different
tradeoffs.
For instance with xz, xz -9e tends to compress really well with the
the most used xz[1] implementation, and most GNU/Linux users probably
already have it installed, but and the drawbacks is that the format is
very fragile[2].
The lzip format is more suited for long term archiving but its most
packaged implementation[3] is less likely to be already installed by
users than more well known formats like xz, bzip2 or gzip.
Being able to add more compression formats after the release is also
useful, for instance to accommodate different build systems or use
cases (like being able to build u-boot with less dependencies in
distributions like Guix, or building u-boot directly on devices which
don't have enough RAM for xz for instance).
[1]https://tukaani.org/xz/
[2]https://www.nongnu.org/lzip/xz_inadequate.html
[3]https://www.nongnu.org/lzip/
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
tianocore is a liability for the libreboot project. it's a bloated mess, and
unreliable, broken on many boards, and basically impossible to audit.
i don't trust tianocore, so i'm removing it.