Commit Graph

11 Commits (57adbc6eb1f961ee9116904b667f30efb3f2de4f)

Author SHA1 Message Date
Leah Rowe 59dba6cfcd merge coreboot/u-boot download logic to one script
they are fundamentally the same, in an lbmk context.

they are downloaded in the same way, and compiled in
the same way!

(Kconfig infrastructure, board-specific code, the way
submodules are used in git, etc)

~200 sloc reduction in resources/scripts

the audit begins

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-16 22:40:34 +01:00
Leah Rowe 705149a3e0 coreboot/default: bump revision to 2 August 2023
coreboot revision:
d86260a134575b083f35103e1cd5c7c7ad883bce
from 2 August 2023

The patches were updated. HP 8300 USDT has now been merged upstream,
so that patch is no longer included in lbmk.

SD card fix for E6400 merged upstream, so now it's removed in lbmk.
The nvidia E6400 patch (devicetree.cb) has not yet merged upstream.

The ifdtool --nuke option has been rebased.
Patches as follow-ups to earlier patches removed; for example, patches
that set VRAM to 352MB on GM45 have been removed, and replaced with
patches that just set 256MB in the first place (this is more stable).

This was mostly a clean rebase, of all the patches. It went smooth.
I haven't updated cros/haswell yet; the 4.11_branch revision used
on fam15h will also remain, for now.

The coreboot configurations have been updated, for this new
revision of coreboot.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-06 01:02:49 +01:00
Leah Rowe f338697b96 build/boot/roms: Support removing microcode
From now on, the following rules are available for all
mainboards, in resources/coreboot/boardname/board.cfg:

* blobs_required="n" or "y"
* microcode_required="n" or "y"

The blobs setting, if set to "n", simply renames filename.rom to
filename_noblobs.rom.

The microcode setting, if set to "n", copies the ROM (with or
without _noblobs) to filename_nomicrocode.rom (if blobs="n",
it would be filename_noblobs_nomicrocode.rom).

Where "nomicrocode" is set, ROMs with microcode will still be
provided by lbmk and in relesase, but ROMs will also be provided
alongside it that lacks any microcode updates.

If the *original* ROM already lacks microcode updates, then the
original ROM will be *renamed* to include "nomicrocode" in the name.
This is done on images for ARM platforms, for instance, where
microcode is never used whatsoever.

Example filenames now generated:
seabios_e6400_4mb_libgfxinit_corebootfb_noblobs_nomicrocode.rom
seabios_e6400_4mb_libgfxinit_corebootfb_noblobs.rom
seabios_withgrub_hp8300usdt_16mb_libgfxinit_corebootfb_colemak_nomicrocode.rom
seabios_withgrub_hp8300usdt_16mb_libgfxinit_corebootfb_colemak.rom
uboot_payload_gru_kevin_libgfxinit_corebootfb_noblobs_nomicrocode.rom

A vocal minority of people were not happy with some of the changes
made in Libreboot last year, including on existing supported
hardware from before those changes were made. I did this before the
last release, out of respect:
https://libreboot.org/news/gm45microcode.html
(re-add mitigations for no-microcode setup on GM45)

This new change is done as an further, extended courtesy. Tested
and works fine. (testing using cbfstool-print)

Actual Libreboot policy about binary blobs is nuanced. See:
https://libreboot.org/news/policy.html (reduction policy) and:
https://libreboot.org/freedom-status.html (implementation)

Well, the status page talks about descriptor vs non-descriptor
on Intel platforms, and where me_cleaner is used (on platforms
that need Intel ME firmware), it regards the descriptored setups
to be blob-free if coreboot does not require binary blobs.

In this paradigm, microcode updates are not considered to be
binary blobs, because they aren't technically software, they're
more like config files that just turn certain features on or off
within the CPU.

However, for lbmk purposes, "noblobs" means that, after the ROM
is fully ready to flash on the chip, there will be no blobs in
it (except microcode). So for example, an X200 that does not
require ME firmware is considered blob-free under this paradigm,
even though Libreboot policy regards X230 as equally libre when
me_cleaner is used; in this setup, ROMs will not contain "blobfree"
in the filename, for X230 (as one example).

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-06-19 10:44:02 +01:00
Leah Rowe 0d0f6cf3b8 coreboot: update revision of cbtree "default" 2023-02-19 19:24:01 +00:00
Leah Rowe 7af9953463 pragmatic system distribution guideline compliance
osboot is now part of libreboot, and will soon shut down.
libreboot now conforms to osboot policy.
2022-11-14 00:51:12 +00:00
Leah Rowe babce03fbd coreboot/*: set grub_scan_disk to ahci on most boards
on ga-g41m-es2l, set it to ata
2021-12-29 07:18:21 +00:00
Leah Rowe dbe4a0c6a3 coreboot configs: don't enable wifi during early init 2021-12-11 15:24:42 +00:00
Leah Rowe f20160f3bb coreboot configs: disable serial output during coreboot initialization 2021-12-11 15:00:17 +00:00
Leah Rowe eed25bd220 update coreboot and nuke tianocore
tianocore is a liability for the libreboot project. it's a bloated mess, and
unreliable, broken on many boards, and basically impossible to audit.

i don't trust tianocore, so i'm removing it.
2021-11-22 10:03:50 +00:00
Leah Rowe 6d23b3fe55 Include memtest86+ on setups where this is practical 2021-11-01 04:04:56 +00:00
Leah Rowe 89517ed6b9 libreboot!
this is forked from the "libre" branch in osboot, which is itself a libre,
deblobbed fork of osboot, a blobbed up fork of libreboot

libreboot needed to be purged clean. this is the new libreboot development
repository. the old one has been abandoned
2021-05-18 13:56:12 +01:00