The primary purpose of my intense auditing has
been to improve lbmk's coding style and fix bugs
but there is a secondary purpose: know precisely
who owns what, because I want to re-license as
much as possible of lbmk under *MIT*, instead of
the current GNU licensing. MIT is vastly superior,
because it grants *actual* freedom to the user,
permits *sublicensing* and it is vastly more
compatible with other GPL combinations; for
example, MIT license is compatible with GPL2-only
whereas lbmk's current mix of GPLv3-or-later and
GPLv3-only is legally incompatible with GPLv2-only.
Re-licensing under MIT will most likely result in
more contributions to Libreboot's build system in
the future, especially as it will attract a lot
more commercial interest. Contrary to the popular
arguments, copyleft is a liability to the free
software movement and results in less code being
written; in practise, permissively licensed code
gets more public contributions, including from
commercial entities, even if companies can
theoretically make something proprietary out of
it (in practise, anyone inclined can just use the
upstream and proprietary forks almost always die).
Copyleft propaganda is fundamentally flawed. See:
<https://unixsheikh.com/articles/the-problems-with-the-gpl.html>
Anyway, I've been doing a combination of:
* Seeking permission from other copyright holders,
for re-licensing
* Deleting, or moving, other contributions; for
example, splitting certain contributions into
separate files so that originally modified files
become unencumbered. This latter solution is a
result of *code cleanup* arising from the audit.
For Ferass's contributions, I opted to seek
*permission*, and permission was denied. In full compliance
with this legal imperative, I'm acting accordingly; this
commit removes all of Ferass's changes that converted lbmk
to posix shell scripts, thus removing his copyright on the
affected files, bypassing his authority entirely. Therefore,
lbmk is largely now bash-dependent. In practise, nobody is
going to use anything other than a GNU system to build
Libreboot, because many projects that Libreboot makes use
of rely heavily on GNU; for example, coreboot's build
system makes heavy use of GNU-specific extensions in *GNU
Make*, and likely contains many bashisms. Of course,
Libreboot also compiles GNU GRUB.
I would much rather have MIT-licensed Bash scripts
than GPL-licensed posix SCL scripts.
This reverts the changes from Ferass El Hafidi,
for the following commits, with some exceptions:
* 7f5dfebf7d
* f787044642
Exception:
download/mrc not reverted, because that was
already a fork of an existing script under
coreboot's build system, and their script was
GPLv2. i cannot/will not re-license this file
(ergo,
7f5dfebf7d
change remains intact, on this file)
resources/scripts/build/boot/roms_helper, these changes
have been kept:
* 7e6691e9 - Add ARMv7 and AArch64 support
* dec2d720 - add myself in the build/roms_helper script
(added 2021 copyright for the change below)
* b7405656 - Workaround for grub's slow boot
^ these changes will be re-factored, splitting them
out of the file into a new file. This will be done in
a future lbmk revision. (in some cases, it makes sense
to keep a change but split it, allowing the main file to
be re-licensed without the change in it)
This is part of a much larger series of
licensing audits. It's likely that lbmk will
be posix-compliant (in its shell scripts)
again some day, because I'm planning to rewrite
most of these scripts (the ones modified in this
patch), and many of them (e.g. individual download
scripts) are subject to future deletion in a planned
overhaul of the download logic for third party
projects.
In addition: these changes are being kept (no attempt
to re-license them will be made):
* cff081c6 - Fix grub's slow boot (1 year, 5 months ago) <Vitali64>
* 4c851889 - Add macbook*1 16mb configs (1 year, 6 months ago) <Vitali64>
Ferass's work that remains will be split into dedicated
files containing them, where feasible.
In the case of grub.cfg (for GNU GRUB), I don't care
because it's a script for an engine (GRUB shell) that's
under GPL anyway, so who really cares about MIT license.
Signed-off-by: Leah Rowe <leah@libreboot.org>
only alper and ferass have ownership of this file,
but ferass only submitted to it in 2022, not 2021
fix this
i've removed myself from the file, for now
i never touched this file before, so it's
not right that my name be here
put alper's name at the top, because alper
was the person who created this file first
Signed-off-by: Leah Rowe <leah@libreboot.org>
it will already fail if the coreboot download did.
if the coreboot download succeeds, the directory exists.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i'm pretty much finished now
there might be a few more changes later,
like stricter error handling, more verbose
error messages, etc
right now, it relies on -e to kill lbmk
on error, and uses the exit command
another planned change it to support
other upstreams besides coreboot.org,
such as the dasharo codebase
the latter is *why* i refactored this
download script, for asus kgped-d16
to my knowledge, this feature has never been used,
but lbmk permits resources/coreboot/boardname/extra.sh
to execute, as provided by the maintainer, with working
directory set to: coreboot/boardname
this could be used to extend lbmk in a number of ways
for example, it could be used to patch 3rdparty/
it could also be used to break coreboot in creative
and novel ways. hint hint.
the "board" variable in prepare_new_coreboot_tree()
is also declared in fetch_coreboot_trees
for the one in prepare_new_coreboot_tree, it's passed
as an argument to the function, so give it a new name
i learned that some shells have a global scope, when
using variables of the same name between functions
this should download all trees:
./download coreboot
without this patch, it doesn't
with this patch, it works
i overlooked this during earlier
refactoring. auditing revealed it.
top-down order, and *still* rfc 3676 compliant
i finished simplifying the logic, and
i split everything into smaller functions
there is still more more polishing to do
final touches will be done in new revisions
coreboot trees/patching is still handled
specifically by "./download coreboot"
command now available in lbmk:
./gitclone coreboot
this *only* creates the directory at:
coreboot/coreboot
this directory is never used in builds.
it is only used by download/coreboot to
create patched trees for each mainboard
consistent indentation, and 80-line character limit
(RFC 2646)
top-down order, a main() is introduced, split into
more functions
non-zero-status exit (with message) now, when a non-
defined target is provided, e.g. nonexistentboard_4mb
puffy!
the cbfstool command within subshell now also
exits with non-zero status, if it fails (most
likely because extraction failed, for some reason,
of the coreboot rom image for running through it)
the previous code merely exited from the subshell,
but the intended behaviour is for the entire script
to halt execution, and exit with non-zero status.
this patch fixes that bug.
top-down order for all logic, and shorter code lines,
conforming to rfc 2646 (no more than 80 characters)
the 80-character rule is violated for variables containing
long strings, such as wayback machine urls (can't be helped)
a few bugs were discovered, which will be fixed in follow-up
revisions, such as:
* exit status not handled inside subshell
* in general, exit status should be handled
more explicitly, rather than relying on -e
for our purposes, grub and gnulib are one in the same
if one fails, both have failed
exit with non-zero status if gnulib fails
the script sets -e so it will fail if grub fails to
download, which is tried before gnulib, and if that
happens, the grub directory is not created
the old code was specifing an absolute offset for
insertion of mrc.bin - cbfstool interprets anything
above 0x80000000 as top-aligned memory address in
x86, and anything below as an obsolute offset in
the flash, like with the old number
where a top-aligned address is provided to cbfstool,
the absolute position is calculated for the flash,
and cbfstool inserts it in the correct rom location
the benefit of this change is that the absolute
offset is now calculated automatically, which means
that the code will be correct even if the flash
size changes. for example, if 16MB flash is used
whereas 12MB is currently the default an support
haswell hardware
coreboot does not provide anything readably like
Kconfig, for extracting this value. it's baked
into the source code of coreboot, so you have to
find it. the correct location is hardcoded for
each platform, and always the same on each platform,
regardless of mainboard
top-down function order, with specific functions for
each type of blob. startup logic moved into main(),
also split into smaller functions
"write one program that does one thing well"
blobutil is like that, and has this added philosophy:
"write one function that does one thing well"
during the course of this re-factoring, several bugs
and issues were found, that are pre-existing. these
will be corrected in follow-up revisions
I added this in upstream to prevent people from accidentally flashing
roms without a payload resulting in a no boot situation, but in
libreboot lbmk handles the payload and thus this warning always comes
up. This has caused confusion and concern so just patch it out.
users reported it doesn't boot in recent releases, with the
february 2023 coreboot revision update
i have one in the lab, i'll just re-test it and fix whatever's
wrong for a future release
previously, "normal" initmode relied on the vgarom-based
seabios config, which enables option roms, but then lbmk
would insert pci-optionrom-exec 0 for vgarom, and 2 for normal
in libreboot, coreboot roms with "vgarom" in the filename do
pci option rom execution from coreboot, and "normal" roms
do execution from seabios(where seabios is the only payload
provided on normal setups)
this is because payloads like grub can also be used, on vgarom
setups, where coreboot must handle oprom execution
the deleted patch (in this commit) was written to fix an
issue theoretically; it hasn't been fully tested, and some
people have reported strange issues since this patch was
merged - there is no proof that this patch causes them, but
removing this patch is the correct thing to do regardless
i downloaded this file from git manually at some point,
when rebasing changes (i think it was the ec ones)
the logic in the file is correct but i forgot to mark
it executable
without this commit, lbmk fails utterly, on all the newer
intel boards
This reverts commit fe2b72035f.
The GRUB patch to fix the E6400 broke other systems and has been
reverted. As a result, GRUB needs to be disabled again on the E6400
until a better fix has been created.
This introduces a patch to grub which disables the coreboot
specific handling, allowing PS/2 keyboards to be handled the
same as i386-pc. However this alone breaks the keyboard in
Linux, requiring coreboot to perform PS/2 initialization.
I think GRUB may be restoring the original configuration of
the PS/2 controller once it exits, and if coreboot doesn't
initialize the controller then it's restored to the default
state which Linux doesn't seem to like. I think the emulated
keyboard interface provided by the EC on the E6400 behaves
in a non-standard way that is incompatible with the old
coreboot specific handling.
ps/2 internal keyboard faulty in grub target
i386-coreboot, according to nic3-14159
normal i386-pc grub (bios grub) is fine,
booted from seabios
it is being investigated
Tested the 4MiB ROMs but not the 8 or 16 MiB ones. This uses the same
board.cfg as the GM45 ThinkPads with an IFD+GBE from ich9gen.
Known issues:
- The internal keyboard does not work properly in GRUB. It seems like
the keyboard controller is outputing set 1 (XT) scancodes, but GRUB
is interpreting them as set 2 (AT) scancodes. This may also have
something to do with scancode translation. However, the keyboard works
fine in SeaBIOS and Linux. USB keyboards also work properly.
- The subsystem IDs in the GBE region are hardcoded for a Thinkpad in
ich9gen, though this doesn't seem to cause issues in Linux. The vendor
IFD and GBE region do have some differences from the generated
binaries, though they do not appear to be critical.
libreboot will still include microcode updates
by default, but mitigations against broken speedstep
and reboot (when microcode updates are excluded) were
removed following the merge with osboot
this patch restores those mitigations; the patch
reverts coreboot to older smrr code (which works fine, it
isn't critical to use the new behaviour) and disables peci
(pointless feature)
i'll probably re-tool this later to apply the changes
conditionally to whether ucode is present
this is not a change in policy. policy says:
include cpu microcode updates by default
policy also says:
libreboot must be configurable
microcode removal via cbfstool remove -n, counts as
configuration, and in practise is not possible on
gm45 patches in current libreboot; this patch corrects
that problem, allowing the machines to work somewhat
well (same stability issues as before, like MCE errors
resulting in kernel panic on high CPU/memory usage,
but i digress)
happy... hacking
This is useful for e.g. HP EliteBook 2560p.
In coreboot config, enable e.g. (for lbmk blobutil):
CONFIG_KBC1126_FW1="../../ec/hp2560p/ec.bin.fw1"
CONFIG_KBC1126_FW2="../../ec/hp2560p/ec.bin.fw2"
In resources/blobs/sources you would have these entries:
EC_url
EC_url_bkup
EC_hash
In cases where the vendor update file contains a full
ROM image encompassing IFD+GbE+ME+BIOS, blobutil was
saving the *entire* ROM containing those, as me.bin.
For example, if it's an 8MB ROM, blobutil would create
a me.bin file that is actually the whole ROM containing:
* Vendor IFD region
* Vendor GbE(if it has one)
* Vendor ME region
* Vendor BIOS region
This fix tries with -M and -O first. In this combination,
me_cleaner shall extract me.bin (neutered) and save it.
If that fails, then the normal method with just -O is
tried, which by this logic would always be a lone ME
image if it succeeds.
I tested downloading ME images on existing boards with
this, and it didn't break them, and this fixes the bug.
This is done for HP 8200 SFF which Riku_V is adding to
lbmk. I'm on IRC with Riku_V as I write this commit
message! Super hot hotfix patch.
bl1 bootloader blobs needed, and lbmk doesn't currently
auto-download these for insertion, so their presence in
the build system is problematic because people might build
these and think they work - they don't, due to the lack of
those bl1 blobs
notes about this are included in lbwww, on the compatibility
list. these can be re-added and tested later, when lbmk handles
those bl1 bootloader blobs
u-boot is known broken on these, last revision
known working is 2021.01
can bisect and find the fix. i'm putting this on
the issue tracker (new one on codeberg)
don't download it. keep it in lbmk.
libreboot moved to codeberg for git hosting,
and i didn't want to keep lugging around an
extra git repo just for one tiny project.
Leah Rowe