on 3050micro, we disable seabios as a primary payload,
making grub a pribary payload instead.
the way it worked, the roms were still named seagrub
and the seabios rom would be compiled, but with the wrong
path, so seabios wouldn't be executed; seabios would hang
anyway, on this board.
instead, engineer it in such a way as to disable seabios_
images on this board. also, rename seagrub_ to grub_.
i normally only permit seagrub, and not grub, but i make an
exception for 3050micro because we know grub works, but seabios
currently hangs on this board (which means no bsd).
Signed-off-by: Leah Rowe <leah@libreboot.org>
SeaBIOS is known to hang on this board. It is being investigated.
Add two variable options for target.cfg files:
* seabiosname
* grubname
This string defines where it would be located in CBFS.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is using Mate Kukri's port, which was added in
previous lbmk revisions. I've added an IFD that sets
the HAP bit, and unlocks regions as standard.
vcfg is set to 3050micro, which defines downloading
of the MEv11 image and it will run deguard automatically.
I made a small adjustment to vendor.sh, because the hotpatch
logic for deguard uses -C in git, and when doing that, the
specified directory path is relative to that Git repository;
the .patch path has been adjusted accordingly.
Also add 3rdparty/fsp to coreboot/default modules.
This board requires the ifdtool option: -p sklkbl
The -p option tells flashrom what quirks are present in a
given IFD. We don't normally need this on other Libreboot
targets that we currently support. The -p option was needed
for creating this modified IFD, and it is therefore needed in
the inject script. Therefore, an "IFD_platform" option is
specified in a given board's target.cfg file. If this is set,
another variable is set that makes -p be used.
In this case, 3050's target.cfg says:
IFD_platform="sklkbl"
This option enables quirks for skylake/kabylake descriptors,
as required when using ifdtool.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Pretty much just copied the T1650 directory in config/,
then changed the board to 9010 SFF in menuconfig.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Add patches to convert the E6400 port into a GM45 Latitude variant and
add the E4300 as another variant, and create a config for the E4300.
Tested on my E6400 and E4300.
Signed-off-by: Nicholas Chin <nic.c3.14@gmail.com>
I also added a "cleanargs" argument, similar to the makeargs
argument, to work around a build error.
This builds the PCSX-Redux PS1 BIOS. They reverse engineered
the Sony PS1 BIOS and wrote a free one under MIT license.
Run this:
./mk -b pcsx-redux
The file will appear: bin/playstation/openbios.bin
Signed-off-by: Leah Rowe <leah@libreboot.org>
We don't need the entire emulator, but we will be using
a specific part: src/mips/openbios
third_party/uC-sdk submodule is included, because it
contains the necessary header files when building open bios.
I will be adding Sony Playstation support to Libreboot,
alongside a new emulator project to be announced soon.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Dell OptiPlex 3050 Micro
I ran ./mk -u coreboot, to update existing configs
after merging. Actualy IFD and coreboot configs will
be done in the next revision. I've already added logic
for handling deguard, in preparation for this.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Copy the downloaded deguard source code into appdir,
and patch it to run as part of lbmk, instead of
standalone. The archived one in src/ is not directly
used; instead, the hotpatched version is used.
This is because the standalone version already has
download logic for the .zip file, but we already
cache that file in cache/ and use that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This program disables the Intel Boot Guard on Dell
OptiPlex 3050 Micro, via Intel ME modification.
Using this hack, you can run unsigned code on the ME.
Mate disabled BootGuard this way.
This will be used to add Dell OptiPlex 3050 Micro
support in Libreboot.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Commit 3ee4cc9dde (fix typo in dell
latitude coreboot coreboot config) fixed a typo from ${VARIANT_DIR) to
$(CONFIG_VARIANT_DIR). While this does work, since CONFIG_VARIANT_DIR is
a valid variable, it is not technically correct, as the default VBT path
set by coreboot's Kconfig files uses $(VARIANT_DIR), which is the same
as CONFIG_VARIANT_DIR, but with quotes stripped out.
Signed-off-by: Nicholas Chin <nic.c3.14@gmail.com>
see relevant patch added in the diff
set the clock on x4x boards to 96MHz like on GM45
fixes the following build error on x4x boards:
hw-gfx-gma-plls.adb:465:46: error: "INTEL_GMA_DPLL_REF_FREQ" not declared in "Config"
make: *** [Makefile:423: build/ramstage/libgfxinit/common/g45/hw-gfx-gma-plls.o] Error 1
Signed-off-by: Leah Rowe <leah@libreboot.org>
some of my DDR2 checks were unnecessary, as nicholas pointed
out on irc, because they were in places that only ran if
DDR2 memory was used anyway.
in another, valid place, I was checking the wrong variable for
knowing what memory type is used.
this patch fixes build errors in lbmk:
src/northbridge/intel/gm45/raminit.c: In function 'dram_program_timings':
src/northbridge/intel/gm45/raminit.c:1120:29: error: 'sysinfo' undeclared (first use in this function); did you mean 'sysinfo_t'?
1120 | if (sysinfo->spd_type == DDR2)
| ^~~~~~~
| sysinfo_t
src/northbridge/intel/gm45/raminit.c:1120:29: note: each undeclared identifier is reported only once for each function it appears in
src/northbridge/intel/gm45/raminit.c: In function 'ddr2_odt_setup':
src/northbridge/intel/gm45/raminit.c:1291:21: error: 'sysinfo' undeclared (first use in this function); did you mean 'sysinfo_t'?
1291 | if (sysinfo->spd_type == DDR2) {
| ^~~~~~~
| sysinfo_t
make: *** [Makefile:423: build/romstage/northbridge/intel/gm45/raminit.o] Error 1
Signed-off-by: Leah Rowe <leah@libreboot.org>
these configs were otherwise correct, but i typo'd a variable
in them when manually rebasing the old configs, after switching
to nicholas's new ports implemented as variants, where the old
ones in lbmk were individual board ports for those same boards.
Signed-off-by: Leah Rowe <info@minifree.org>
The workaround-mx patch was rebased on one section in spi.c,
because that part in upstream added QPI support; in the newly
rebase mx patch, the workaround_mx behaviour is only
honoured if QPI (Quad SPI) is not in use.
Quad SPI is not used in practise, on the machines where this
workaround is intended (GM45 ThinkPads with Macronix chips).
This imports the following upstream changes:
* 639d563 README: Update flashprog.org URLs
* cbbd601 README: Update dependency list and Linux package names
* 79451f1 README: Rename "Packaging" -> "Source Packaging"
* 5b4695c README: Dial laptop warning down a little
* 7224085 udev rules: Add some more IDs
* 448457a ch347_spi: Add CH347F ID and loop over the entries
* e39549b ch347_spi: Search for compatible USB interface
* dfd0647 ich_descriptors: Refactor component density handling
* b2ad9fd ich_descriptors: Make use of SPI_ENGINE_PCH100 marker
* 140e22f chipset_enable: Make use of SPI_ENGINE_PCH100 marker
* 869f0e7 ichspi: Use `swseq_data' on ICH7 paths too
* eeee91b ichspi: Replace all switch/case on `ich_generation'
* ecba1d8 ichspi: Drop redundant bail-out cases in ich_set_bbar()
* e8babf4 ichspi: Use a single check to enable hwseq for PCH100+
* fda324b ichspi: Introduce SPI_ENGINE_PCH100 marker
* a1f6476 ichspi: Split ICH7 init out
* 3f75d44 ich_descriptors: Remove `Dual Output Fast Read' for newer gens
* 2862011 spi25: Try to set volatile quad-enable (QE) automatically
* 4ac536b spi25_statusreg: Allow to write (non-)volatile bits specifically
* b1d2bae dediprog: Fix and enable 4BA modes for SF600Plus-G2
* d0afeef dediprog: Disable 4BA modes for SF100 w/ protocol v2
* 1b1deda Implement QPI support
* a1b7f35 dediprog: Implement multi-i/o reads
* 008a44f dediprog: Split read/write command preparation by protocol
* 4760b6e spi25: Implement multi-i/o reads
* 0c9af0a spi25: Check quad-enable (QE) bit
* 930d421 spi25: Introduce generic spi_prepare_io()/spi_finish_io()
* 8d0f465 spi25: Extract 4BA preparations into new `spi25_prepare.c`
* 044c9dc Add FT4222H support
* fc7c13c linux_gpio2_spi: Implement multi i/o
* 5fc3154 bitbang_spi: Implement multi-i/o
* d16a911 bitbang_spi: Move API into its own header file
* 226bb87 flashchips: Add missing QE-bit definitions
* 4fa39c5 flashchips: Fill multi-i/o gaps in MX25U family
* 5f50999 flashchips: Fill multi-i/o gaps in MX25R family
* 46552c8 flashchips: Fill multi-i/o gaps in MX25L family
* 96786d0 flashchips: Fill quad-i/o gaps in XM25Q family
* a26a3c6 flashchips: Fill dual-i/o gaps in W25X family
* 2133f59 flashchips: Fill quad-i/o gaps in W25Q family
* 68573af flashchips: Split GD25Q127C and GD25Q128C
* 4da971f flashchips: Fill quad-i/o gaps in GD25*Q families
* f7e2d97 spi: Allow to define a quad-enable (QE) configuration bit
* 1412d9f spi: Rework FEATURE_QPI
* d518563 spi: Prepare for multi i/o and dummy bytes
* bd72a47 spi25_statusreg: support reading/writing configuration register
* 3d728e7 spi25_statusreg.c: support reading security register
* a358b14 flashchips: Split W25Q64.W -> W25Q64DW | W25Q64FW/W25Q64JW...Q
* 3127db1 manibuilder: Drop legacy flashrom tag collections
* 619d9c0 manibuilder: Use `test_build.sh'
* 6560bba manibuilder/almalinux: Install `diffutils' for new `test_build.sh'
* c7b549e test_build.sh: Compare output for -L of Make and Meson builds
* 72b30a0 test_build.sh: Don't try to run cross-compiled programs
* 3d2f212 test_build.sh: Allow to override Make and Meson commands
* 4eb9748 test_build.sh: Run tests for both Make and Meson builds
* 8279457 manibuilder: Add Alpine Linux 3.18 & 3.19 images
* 15e9b10 manibuilder/alpine: Install libjaylink-dev when available
* b8b3593 manibuilder: Add images for Fedora 38..40
* 7b05f09 manibuilder: Add images for Ubuntu 24.04 "Noble Numbat"
* 5e8b339 manibuilder/anita: Add NetBSD 10.0 i386 & amd64 images
* 61da8c7 manibuilder/anita: Export library path for libusb
* 39152af manibuilder: Set sourcearcade.org as default source
* 20073e7 Properly clear erase-block selection when bigger block is chosen
* 3824c8d ichspi: Allow all opcodes when the "opmenu" isn't locked
* 0d4354e flashchips: Add W25Q32JV-.M
Signed-off-by: Leah Rowe <leah@libreboot.org>
This brings in a single change:
commit ec0bc256ae0ea08a32d3e854e329cfbc141f07ad
Author: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon Jun 24 10:44:09 2024 +0200
limit address space used for pci devices, part two
This increases compatibility with i686 hosts, when allocating
memory for pci devices.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Of note: upstream has made several improvements to memory
management, and several fixes to file systems.
User-friendly change to LUKS: if the passphrase input failed,
the user is prompted again for the correct passphrase, instead
of GRUB just failing. Similar to cryptsetup luksOpen behaviour
under Linux.
This pulls in the following changes from upstream (gnu.org):
* b53ec06a1 util/grub-mkrescue: Check existence of option arguments
* ab9fe8030 loader/efi/fdt: Add fdtdump command to access device tree
* 0cfec355d osdep/devmapper/getroot: Unmark 2 strings for translation
* f171122f0 loader/emu/linux: Fix determination of program name
* 828717833 disk/cryptodisk: Fix translatable message
* 9a2134a70 tests: Add test for ZFS zstd
* f96df6fe9 fs/zfs/zfs: Add support for zstd compression
* 55d35d628 kern/efi/mm: Detect calls to grub_efi_drop_alloc() with wrong page counts
* 61f1d0a61 kern/efi/mm: Change grub_efi_allocate_pages_real() to call semantically correct free function
* dc0a3a27d kern/efi/mm: Change grub_efi_mm_add_regions() to keep track of map allocation size
* b990df0be tests/util/grub-fs-tester: Fix EROFS label tests in grub-fs-tester
* d41c64811 tests: Switch to requiring exfatprogs from exfat-utils
* c1ee4da6a tests/util/grub-shell-luks-tester: Fix detached header test getting wrong header path
* c22e052fe tests/util/grub-shell: Add flexibility in QEMU firmware handling
* d2fc9dfcd tests/util/grub-shell: Use pflash instead of -bios to load UEFI firmware
* 88a7e64c2 tests/util/grub-shell: Print gdbinfo if on EFI platform
* b8d29f114 configure: Add Debian/Ubuntu DejaVu font path
* 13b315c0a term/ns8250-spcr: Add one more 16550 debug type
* 8abec8e15 loader/i386/multiboot_mbi: Fix handling of errors in broken aout-kludge
* d35ff2251 net/drivers/ieee1275/ofnet: Remove 200 ms timeout in get_card_packet() to reduce input latency
* 86df79275 commands/efi/tpm: Re-enable measurements on confidential computing platforms
* 0b4d01794 util/grub-mkpasswd-pbkdf2: Simplify the main function implementation
* fa36f6376 kern/ieee1275/init: Add IEEE 1275 Radix support for KVM on Power
* c464f1ec3 fs/zfs/zfs: Mark vdev_zaps_v2 and head_errlog as supported
* 2ffc14ba9 types: Add missing casts in compile-time byteswaps
* c6ac49120 font: Add Fedora-specific font paths
* 5e8989e4e fs/bfs: Fix improper grub_free() on non-existing files
* c806e4dc8 io/gzio: Properly init a table
* 243682baa io/gzio: Abort early when get_byte() reads nothing
* bb65d81fe cli_lock: Add build option to block command line interface
* 56e58828c fs/erofs: Add tests for EROFS in grub-fs-tester
* 9d603061a fs/erofs: Add support for the EROFS
* 1ba39de62 safemath: Add ALIGN_UP_OVF() which checks for an overflow
* d291449ba docs: Fix spelling mistakes
* 6cc2e4481 util/grub.d/00_header.in: Quote background image pathname in output
* f456add5f disk/lvm: GRUB fails to detect LVM volumes due to an incorrect computation of mda_end
* 386b59ddb disk/cryptodisk: Allow user to retry failed passphrase
* 99b4c0c38 disk/mdraid1x_linux: Prevent infinite recursion
* b272ed230 efi: Fix stack protector issues
* 6744840b1 build: Track explicit module dependencies in Makefile.core.def
Signed-off-by: Leah Rowe <leah@libreboot.org>
it is identical to fam15h_rdimm, with _udimm now removed;
the latter had a patch that added certain behaviour only
intended for rdimm, but the patch in question breaks various
configurations.
raminit has always been unreliable on these boards. i'd rather
simplify it all, in lbmk. i'll probably update this to the dasharo
tree later on, specificalyl for kgpe-d16
Signed-off-by: Leah Rowe <leah@libreboot.org>
The libgfxinit patch and other patches e.g. DDR2 fix, are
now provided in coreboot/default. The Latitude E6400 is now
using the newer coreboot revision from late July 2024.
Some other configs had to change because of this, relating to
the new way that Nicholas handles timing on LVDS displays
with the E6400 port; a default 96MHz clock is still used for
pixel reference clock, overridden with a value of 100MHz on
other GM45 machines, where 96MHz was previously hardcoded.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Several patches are now merged upstream and no longer needed
in lbmk, such as the HP EliteBook 8560w patch, and related
patches. Some patches were changed, for example the Dell Latitude
ivb/snb laptops are now variants in coreboot, instead of being
individual ports; now they re-use the same base code.
This this, the corresponding files under config/submodules
have changed, for things like 3rdparty submodules e.g. libgfxinit,
and tarballs e.g. crossgcc.
This is long overdue, and will enable more boards to be added.
This newer revision will be used in the next release, and some
follow-up patches will merge these trees into default:
* coreboot/haswell
* coreboot/dell
Signed-off-by: Leah Rowe <leah@libreboot.org>
see bug report:
https://codeberg.org/libreboot/lbmk/issues/228
The layout specified incorrect boundaries for the pd region.
With this change, it should flash and boot reliably.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I re-read the modified code, and it has defines in place
for building on Windows; I was defining ACCESSPERMS
universally, but it should only be defined for non-Windows
systems, which the context in this code means Linux/BSD.
Signed-off-by: Leah Rowe <leah@libreboot.org>
musl libc is very conservative in what it implements,
preferring a very "pure" libc implementation. this means
that it lacks many of the niceties found in others like
the GNU C Library; the latter implements many BSD libc
extensions, for example.
ACCESSPERMS is a #define in BSD libc that does:
S_IRWXU | S_IRWXG | S_IRWXO
Essentially, it provides a bitwise OR providing chmod 0777,
which can be used as shorthand in calls to functions such
as mkdir() available in all libc implementations.
In the case of uefitool, this define is indeed used on mkdir.
Conditionally re-define ACCESSPERMS, if undefined, so that musl
libc can be used when building uefitool.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this time, only handle multiple keymaps on seagrub
images. for images where seabios is first but does
not immediately load grub, whether grub is still
available in flash, just do one image (US Qwerty)
this still results in fewer images per target than
Libreboot 20240612, but should prevent most users
from being annoyed. i got a few people asking
repeatedly, and i hadn't documented yet how to add
keymap.gkb or how to remove bootorder, to get a
different keymap or disable seagrub respectively.
i anticipate that i'll get such questions a lot, even
if i do document it, so i'm reversing that decision.
it doesn't result in much extra code. the new design
in lbmk makes this sort of thing much simpler.
Signed-off-by: Leah Rowe <leah@libreboot.org>
U-Boot has migrated to using upstream device-tree files for gru boards,
but the clock driver doesn't yet support setting rates for a certain
clock that upstream uses for the eDP display. It happens to work without
it, so for now remove the clock setting until the driver is fixed.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Commit 46e01c0e1d ("u-boot: Avoid building U-Boot-only binman images")
added a patch that prevents an error while building U-Boot, due to some
U-Boot images needing a copy of BL31 that we are not passing in.
Removing build instructions for these images isn't really necessary,
when we can instead tell the build tool that it shouldn't exit with an
error. It checks a BINMAN_ALLOW_MISSING environment variable for this,
but just unconditionally replace the check with the argument.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Set default U-Boot revision to v2024.07 and rebase patches on top of
that. One patch that fixes drawing box characters (UTF-8 to CP437) had
an alternative merged, another hack we have to fix regulator issues is
no longer neccessary as the issue is fixed, and my QEMU patches were
merged upstream, so drop these patches. One patch we have to disable
binman images can be replaced by a simpler alternative so drop it too.
Upstream kconfig status is still unstable, so updating configs with
`make oldconfig` would miss important upstream changes, since they rely
on carrying defaults via upstream defconfigs. Update the configs as
such, like before:
- Turn old configs into defconfigs (./update trees -s u-boot)
- Save the diff from old upstream defconfig (diffconfig $theirs $ours)
- Update U-Boot revision, rebase patches, and clean old trees
- Prepare new U-Boot tree (./update trees -f u-boot)
- Review the diffconfigs to see if any options were renamed upstream
- Copy over the new upstream defconfigs and apply earlier diff
- Turn new defconfigs into configs (./update trees -l u-boot)
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
move the coreboot-specific includes into mkhelper.cfg
for that project.
on some projects, we need variables from mkhelper.cfg
to be global, so I was including serprog and coreboot
mkhelper.cfg files in this script.
instead, set a new variable "mkhelpercfg" pointing to
the config file. if it doesn't exist, create and then
point to a temporary (empty) mkhelper.cfg file.
the rom.sh include has been moved to coreboot mkhelper.cfg
The only remaining project-specific logic, in this trees
script, is now the coreboot crossgcc handling, but this
needs to be there as it's also used to build U-Boot.
The way this now works, certain includes are done twice.
For example, include/rom.sh will be included once globally,
outside of main(), and then again in configure_project().
This means that certain functions will be defined twice.
I'm uncertain if shell has anything equivalent to an ifdef
guard as in C, but we actually want this here anyway, and
it shouldn't cause any problems. It's a bit of a hack, but
otherwise results in much cleaner code.
Signed-off-by: Leah Rowe <leah@libreboot.org>
-d does the same as -b, except for actually building
anything! in effect, it does the same as -f (fetch)
except that the resulting variable assignments will
not be recursive (as with -f).
if -d is passed, configuration is still loaded, defconfig
files are still cycled through, and more importantly:
helper functions are still processed.
the grub, serprog and coreboot helper functions have
been modified to return early (zero status) if -d is
passed.
this behaviour will be used to integrate vendor.sh
logic in with the trees script, for cases where the
user wants to only handle vendor files. e.g.:
./update trees -b coreboot x230_12mb
this would download the files as usual, build coreboot,
with those files, and then build the payloads. but:
./update trees -d coreboot x230_12mb
this would download the files, NOT build coreboot, and
NOT build the payloads.
this change increases the sloccount a bit, but i'm relying
on the fact that the vendor.sh script already re-implements
config handling wastefully; the plan is to only use trees.
for now, simply stub the same ./vendor download command.
there is one additional benefit to doing it this way:
this method is *per-kconfig* rather than per-target.
this way, one kconfig might specify a given vendor file
that is not specified in the other. although the stub
still simply handles this per target, it's done in premake,
which means that the given .config file has been copied.
this means that when i properly re-integrate the logic
into script/trees, i'll be able to go for it per-kconfig.
the utils command has been removed, e.g.
./update trees -b coreboot utils default
the equivalent is now:
./update trees -d coreboot default
this would technically download vendor files, but here
we are specifying a target for which no kconfigs exist;
a check is also in place, to avoid running the vendor file
download logic if tree==target
the overall effect of this change is that the trees script
no longer contains any project-specific logic, except for
the crossgcc build logic.
it does include some config/data mkhelper files at the top,
for serprog and coreboot, so that those variables defined in
those files can be global, but another solution to mitigate
that will also be implemented in a future commit.
the purpose of this and other revisions (in the final push
to complete lbmk audit 6 / cbmk audit 2) is to generalise as
much logic as possible, removing various ugly hacks.
Signed-off-by: Leah Rowe <leah@libreboot.org>
stub it from the trees script. the way it works now,
there is less code in the build system.
./build roms
this is no longer a thing
./build roms serprog
this is also no longer a thing. instead, do:
./update trees -b coreboot targetnamehere
./update trees -b pico-serprog
./update trees -b stm32-vserprog
the old commands still works, which causes the new
commands to run
coreboot roms now appear in elf/, not bin/, as before,
but those images now contain payloads.
NOTE: to contradict the above: ./build roms is no
longer a thing, in that it's now deprecated, but
backward compatibility is present for now. it will
be removed in a future release.
./build roms list also still works! it will do:
./update trees -b coreboot list
also:
./update trees -b grub list
this is now possible too
if a target "list" is provided, for multi-tree sources,
the targets are shown.
there is another difference: seagrub roms are now seagrub_,
instead of seabios_withgrub.
seabios-only roms are no longer provided, where grub is also
enabled; only seagrub is used. the user can easily remove
the bootorder file, if they want seabios to not try grub first.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't put it in the install modules.
this works around a hanging issue on haswell thinkpads.
when any usb device is inserted, GRUB will sometimes
hang if started from the SeaBIOS payload, *while* the
USB device is plugged in.
plugging in the USB device after GRUB starts worked.
it will have to be investigated more at a later date,
but this simply configuration change works.
the xhci module is already loaded explicitly, in grub.cfg
Signed-off-by: Leah Rowe <leah@libreboot.org>
stick the makeargs in mkhelper
i previously did cbmakeargs because the old revisions
had to define makeargs per-target otherwise. mkhelper
was done specifically to solve that problem.
Signed-off-by: Leah Rowe <leah@libreboot.org>
instead, make it a helper function, defined in target.cfg
this means that we can also do the same with other projects
in the future, and it is expected that we will have to.
these helper functions are used in cases where we want
additional actions to be performed.
actually, the helper could be anything. for example, you
could write:
mkhelper="./build foo bar"
and it would do that (at the point of execution, PWD
is the root directory of the build system)
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't hardcode the check based on whether the current
project is grub. instead, define "btype" in target.cfg
if unset, we assume kconfig and permit kconfig commands
e.g. make menuconfig, make silentoldconfig, etc
this is to avoid the deadliest of sins:
project-specific hacks
Signed-off-by: Leah Rowe <leah@libreboot.org>
Never, ever build images where GRUB is the primary payload.
These options have been removed from target.cfg handling:
* seabios_withgrub
* grub_withseabios
The "payload_grub" variable now does the same thing as
the old "seabios_withgrub" variable, if set.
The "grubonly" configuration is retained, and enabled by
default when SeaGRUB is enabled (non-grubonly also available).
Due to lbmk issue #216, it is no longer Libreboot policy to
make GRUB the primary payload on any board. GRUB's sheer size
and complexity, plus the large number of memory corruption issues
similar to it that *have* been fixed over the years, tells me
that GRUB is a liability when it is the primary payload.
SeaBIOS is a much safer payload to run as primary, on x86, due
to its smaller size and much more conservative development; it
is simply far less likely to break.
If GRUB breaks in the future, the user's machine is not
bricked. This is because SeaBIOS is the default payload.
Since I no longer wish to ever provide GRUB as a primary
payload, supporting it in lbmk adds needless bloat that
will later probably break anyway due to lack of testing,
so let's just assume SeaGRUB in all cases where the user
wants to use a GRUB payload.
You can mitigate potential security issues with SeaBIOS
by disabling option ROM execution, which can be done at
runtime by inserting integers into CBFS. The SeaBIOS
documentation says how to do this.
Libreboot's GRUB hardening guide still says how to add
a bootorder file in CBFS, making SeaBIOS only load GRUB
from CBFS, and nothing else. This, combined with the
disablement of option ROM execution (if using Intel
graphics), pretty much provides the same security benefits
as GRUB-as-primary, for example when setting a GRUB password
and GPG checks, with encrypted /boot as in the hardening guide.
Signed-off-by: Leah Rowe <leah@libreboot.org>
replace it with logic that simply uses "." to load
files directly. for this, "vcfg" is added as a variable
in coreboot target.cfg files, referring to a directory
in config/vendor/ containing a file named pkg.cfg, and
this file then contains the same variables as the
erstwhile config/vendor/sources
config/git files are now directories, also containing
pkg.cfg files each with the same variables as before,
such as repository link and commit hash
this change results in a noticeable reduction in code
complexity within the build system.
unified reading of config files: new function setcfg()
added to lib.sh
setcfg checks if a config exists. if a 2nd argument is
passed, it is used as a return value for eval, otherwise
a string calling err is passed. setcfg output is passed
through eval, to set strings based on config; eval must
be used, so that the variables are set within the same
scope, otherwise they'd be set within setcfg which could
lead to some whacky results.
there's still a bit more more to do, but this single change
results in a substantial reduction in code complexity.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is bloat, because it's something the user can already
do at runtime configuration anyway.
set it to a reasonable default of 8 seconds instead of 5,
and don't honour the timeout variable in target.cfg.
this will be documented in the next release.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the background is only a few kb. the whole rationale
before was to limit the space used in memdisk, but this
decision was made when the background was much bigger;
it has since been optimised greatly, and the grub modules
were heavily reduce, so it should be safe.
grub's memdisk breaks when you add too much data to it.
as part of simplifying the rest of lbmk, this change removes
some more bloat from the rest of lbmk. handling this in the
memdisk is much simpler than handling it with cbfstool.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't use the macports mirror, because it's not certain
whether those tarballs will always be there. use the
coreboot one as a backup instead, and nasm.us as main
Signed-off-by: Leah Rowe <leah@libreboot.org>
fixes DP++ and adds a DP that wasn't even there before,
on all currently supported variants of these machines
Signed-off-by: Leah Rowe <leah@libreboot.org>
remove nvme support from the "default" grub tree
now there are three trees:
* default: no xhci or nvme patches
* nvme: contains nvme support
* xhci: contains xhci and nvme support
this is in case a bug like lbmk issue #216 ever occurs
again, as referenced before during lbmk audit 5
there is no indication that the nvme patch causes any
issues, but after previous experience i want to be sure
Signed-off-by: Leah Rowe <leah@libreboot.org>
i removed this before, when making grub multi-tree,
because the design i used in an earlier version of
the patch actually added the grub.elf generation
to grub source itself, but then i decided to hack
around the grub build system from lbmk/cbmk instead
re-add this functionality, so that users can easily
insert their own custom grub.cfg into cbfs without
needing to re-build their image.
Signed-off-by: Leah Rowe <leah@libreboot.org>
support redundant downloads, and enable inclusion of these
tarballs inside release archives, for offline builds.
Signed-off-by: Leah Rowe <leah@libreboot.org>
when we download coreboot, we currently don't have a way to
download crossgcc tarballs, so we rely on coreboot to do it,
which means running the coreboot build system to do it; which
means we don't get them in release archives, unless we add
very hacky logic (which did exist and was removed).
the problem with coreboot's build system is that it does not
define backup links for each given tarball, instead relying
on gnu.org exclusively, which seems OK at first because the
gnu.org links actually return an HTTP 302 response leading
to a random mirror, HOWEVER:
the gnu.org 302 redirect often fails, and the download fails,
causing an error. a mitigation for this has been to patch the
coreboot build system to download directly from a single mirror
that is reliable (in our case mirrorservice.org).
while this mitigation mostly works, it's not redundant; the
kent mirror is occasionally down too, and again we still have
the problem of not being able to cleanly provide crossgcc
tarballs inside release archives.
do it in config/submodules, like so:
module.list shall say the relative path of a given file,
once downloaded, relative to the given source tree.
module.cfg shall be re-used, in the same way as for git
submodules, but:
subfile="url"
subfile_bkup="backup url"
do this, instead of:
subrepo="url"
subrepo_bkup="backup url"
example entries in module.list:
util/crossgcc/tarballs/binutils-2.41.tar.xz
util/crossgcc/tarballs/gcc-13.2.0.tar.xz
util/crossgcc/tarballs/gmp-6.3.0.tar.xz
util/crossgcc/tarballs/mpc-1.3.1.tar.gz
util/crossgcc/tarballs/mpfr-4.2.1.tar.xz
util/crossgcc/tarballs/nasm-2.16.01.tar.bz2
util/crossgcc/tarballs/R06_28_23.tar.gz
the "subrev" variable (in module.cfg) has been renamed
to "subhash", so that this makes sense, and that name is
common to both subfile/subrepo.
the download logic from the vendor scripts has been re-used
for this purpose, and it verifies files using sha512sum.
therefore:
when specifying subrepo(git submodule), subhash will still
be a sha1 checksum, but:
when specifying subfile(file, e.g. tarball), subhash will
be a sha512 checksum
the logic for both (subrepo and subfile) is unified, and
has this rule:
subrepo* and subfile* must never *both* be declared.
the actual configuration of coreboot crossgcc tarballs
will be done in a follow-up commit. this commit simply
modifies the code to accomodate this.
over time, this feature could be used for many other files
within source trees, and could perhaps be expanded to allow
extracting source tarballs in leiu of git repositories, but
the latter is not yet required and thus not implemented.
Signed-off-by: Leah Rowe <leah@libreboot.org>
again: the "depend" variable must never be used for subprojects
that point to a subdirectory of the main project, because there's
no clean way of handling this in case of error conditions.
make it a submodule under config/submodules/. this is for the
documentation, including static site generator documentation,
and image files (photos).
as of this revision, there are now only those "depend" projects
defined in config/git/, where the destination directory of the
subject is not a subdirectory of the main project, so:
in a subsequest revision, i will mitigate an existing bug whereby
failure of the dependency project leaves the main one still
intact, breaking builds; this revision enables that to be done.
from now on, subproject-to-subdirectory-of-main-project will
be avoided in config/git/; config/submodules/ will be used.
Signed-off-by: Leah Rowe <leah@libreboot.org>
same as the previous patch, we must no longer use "define"
variables in config/git/ when the path is a subdirectory of
a given project, because it means that the download can only
happen after the main one, and currently if that fails, the
download of the main repo would remain intact, breaking future
builds in ways that we can't control - to be clear, it could
be controlled, but with added code complexity in the build
system, so:
put it in config/submodules/
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't define it as a "depend" variable in config/git/,
because it means putting the files in a subdirectory of
an existing project was was already then downloaded, and
that means it can't be downloaded first; if the download
of it fails, the old download is left intact.
this bug isn't currently fixed in the build system, at all,
so this and other patches are being made to mitigate it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this brings the handling of serprog projects in sync
with canoeboot, which relies on the "depend" variable
to get the needed submodules, because cbmk does not
download submodules for these projects
lbmk does download submodules. i want it in sync with
cbmk for this, to make merging easier between both
projects, because i'm going to make a change on both
projects, whereby config/submodules/ is used exclusively
Signed-off-by: Leah Rowe <leah@libreboot.org>
certain code checks for build.list, to skip it, for
example in items()
we already use config/data/grub to store grub config data
that applied to all trees
create these directories too:
config/data/coreboot
config/data/u-boot
config/data/seabios
move the respective build.list files in here, and also
to config/data/grub
now multi-tree projects contain, per directory, just the
target.cfg file and the patches directory. this is much
cleaner, because some of the logic can be simplified more
Signed-off-by: Leah Rowe <leah@libreboot.org>
it imports the same environmental variable fix because
i had the same buggy TMPDIR check there. i fixed that
upstream in untitled.
import the new untitled revision.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Re-add xHCI only on haswell and broadwell machines, where
they are needed. Otherwise, keep the same GRUB code.
The xHCI patches were removed because they caused issues
on Sandybridge-based Dell Latitude laptops. See:
https://codeberg.org/libreboot/lbmk/issues/216
The issue was not reported elsewhere, including on the
Haswell/Broadwell hardware where they are needed, but the
build system could only build one version of GRUB.
The older machines do not need xHCI patches, because they
either do not have xHCI patches, or work (in GRUB) because
they're in EHCI mode when running the payload.
So, the problem is that we need the xHCI patches for GRUB
on Haswell/Broadwell hardware, but the patches break
Sandybridge hardware, and we only had the one build of GRUB.
To mitigate this problem, the build system now supports
building multiple revisions of GRUB, with different patches,
and each given coreboot target can say which GRUB tree to use
by setting this in target.cfg:
grubtree="xhci"
In the above example, the "xhci" tree would be used. Some
generic GRUB config has been moved to config/data/grub/
and config/grub/ now looks like config/coreboot/ - also,
the grub.cfg file (named "payload" in each tree) is copied
to the GRUB source tree as ".config", then added to GRUB's
memdisk in the same way, as grub.cfg.
Several other design changes had to be made because of this:
* grub.cfg in memdisk no longer automatically jumps to one
in CBFS, but now shows a menuentry for it if available
* Certain commands in script/trees are disabled for GRUB,
such as *config make commands.
* gnulib is now defined in config/submodule/grub/, instead
of config/git/grub - and this mitigates an existing bug
where downloading gnulib first would make grub no longer
possible to download in lbmk.
The coreboot option CONFIG_FINALIZE_USB_ROUTE_XHCI has been
re-enabled on: Dell OptiPlex 9020 MT, Dell OptiPlex 9020 SFF,
Lenovo ThinkPad T440p and Lenovo ThinkPad W541 - now USB should
work again in GRUB.
The GRUB payload has been re-enabled on HP EliteBook 820 G2.
This change will enable per-board GRUB optimisation in the
future. For example, we hardcode what partitions and LVMs
GRUB scans because * is slow on ICH7-based machines, due
to GRUB's design. On other machines, * is reasonably fast,
for automatically enumerating the list of devices for boot.
Use of * (and other wildcards) could enable our GRUB payload
to automatically boot more distros, with minimal fuss. This
can be done at a later date, in subsequent revisions.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it doesn't build, at present, but isn't used by any
coreboot targets, so the build issue does not come up
during release builds, but i did find it laying around
during my audits.
x86 qemu is on todo for libreboot, on all x86 boards,
but the current config is broken, so: remove it.
it's very much a requirement that anything in lbmk should
work.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's very unlikely that someone would use this
directory name nowadays, and i had half a mind
to remove it altogether
Signed-off-by: Leah Rowe <leah@libreboot.org>
in practise, the machines we support don't have
the option of including so many disks; 8 seems like
the most reasonable default. additionally, it's
unreasonable to expect *20 partitions*
this hardcoding is done to avoid using *, which is
slow in grub on some machines (the grub kernel always
re-enumerates the devices during every operation,
without caching any of it)
yet, the hardcoding is also slow; balance it a bit
better by searching fewer permutations, but not so few
that it would likely break a lot of setups
Signed-off-by: Leah Rowe <leah@libreboot.org>
we already supported syslinux but not grub
support grub by scanning for the most common paths,
based on the most popular distros
we don't hardcode this with * because it slows down
the boot, and in practise many distros still use the
same grub.cfg location as in BIOS systems (the EFI
one is often just a link to the BIOS one)
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is a relic from the old days when we didn't
automated the grub.cfg logic as much. these days,
the grub.cfg logic is able to boot almost all distros
without any manual intervention or override.
removing these entries will speed up the boot in general
Signed-off-by: Leah Rowe <leah@libreboot.org>
the path "/boot/EFI" is unnecessary because the ESP
is always a FAT32 partition, so we don't need to
scan it as a subdirectory within a subdirectory.
the ESP is always mounted as its own partition,
FAT32, and EFI/ is always at the root of it
Signed-off-by: Leah Rowe <leah@libreboot.org>
the esp is always a fat32 partition so this makes no sensgrub.cfg: don't scan EFI on btrfs subvols
the esp is always a fat32 partition so this makes no sense
Signed-off-by: Leah Rowe <leah@libreboot.org>
these laptops do not officially have nvme slots on them,
but there is an ngff wifi slot which is PCI-E x1, and you
can use a special adapter on it to run nvme ssds.
total throughput is retarded by the x1 PCI-E configuration,
but it's still faster than a sata ssd (nvmes are x4 PCI-E).
support it in grub_scan_disk on the off chance that some
users may make use of this. it should work just fine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Command: ./vendor download kcma-d8-rdimm_16mb
Output was:
include/lib.sh: line 115: kcma-d8-rdimm=config/vendor: No such file or directory
That will have to be audited later on, but the recent
more stringent error checking in vendor.sh triggered
this previously untriggered error message. The error
was in fact already occuring before, silently.
Anyway, mitigate by renaming all coreboot targets so
that they do not contain hyphens in the name. This
should avoid triggering errors in that eval command,
on line 115 in lib.sh
Signed-off-by: Leah Rowe <leah@libreboot.org>
replace variables ahcidev/atadev/nvmedev with a single
one named bootdev
the for loop goes through grub_scan_disk, so now it is
effectively a bootorder configuration
Signed-off-by: Leah Rowe <leah@libreboot.org>
it has always been gpl 3 or later, but it helps to have
the license declaration within the file
there's a copying file anyway. put spdx in the config
Signed-off-by: Leah Rowe <leah@libreboot.org>
Previously, grub_scan_disk could set ata, ahci or "both",
which would make both be tried (ahci first). This worked
when we only dealt with ata and ahci devices, but now we
support nvme devices so the logic is inherently flawed.
Instead, use grub_scan_disk to store the boot order, e.g.:
grub_scan_disk="ahci nvme ata"
grub_scan_disk="nvme ata"
In the first example, it would make GRUB scan ahci first,
then nvme and then ata.
In the secontd example, it would make GRUB scan nvme first,
and then ata.
If "both" is set, or anything other than ahci/ata/nvme,
grub_scan_disk is now changed to "nvme ahci ata".
Actual grub_scan_disk entries in target.cfg files will now
be modified, to match each machine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Fixes this bug:
https://codeberg.org/libreboot/lbmk/issues/216
Well, fix is the wrong word. We want xHCI ideally.
Mate is working on it as I write this. I've also:
* Disabled CONFIG_FINALIZE_USB_ROUTE_XHCI on Haswell
boards (coreboot)
* Disabled the GRUB payload on HP 820 G2 for now
We will need to re-add the xHCI patches once fixed.
If Mate/we can't fix it, I'll contact Patrick
Rudolph who originally wrote the xHCI patches.
Signed-off-by: Leah Rowe <leah@libreboot.org>
See:
https://codeberg.org/libreboot/lbmk/issues/216
Almost all users will be OK running GRUB, but a
minority of users have experienced a fatal error
pertaining to grub_free() or grub_realloc() (as
my investigation of GRUB sources reveal when grepping
the error reported in the link above).
We don't yet know what the bug is, only that the
error occurs, leading to an effective brick if the
user has GRUB as their primary payload.
So far, it has only been reported on some Intel
SandyBridge-based Dell Latitudes in Libreboot, but
we can't be too sure.
The user reported that memtest86+ passes just fine,
and SeaBIOS works; BIOS GRUB also works, which means
that the bug is likely only in an area of GRUB that
runs specifically on the coreboot payload, so it's
probably a driver in GRUB when running on the metal
rather than BIOS/UEFI.
The build system supports a configuration whereby
SeaBIOS is the primary payload, but GRUB is available
in the SeaBIOS boot select menu, and an additional
configuration is available where GRUB is what SeaBIOS
executes first (while still providing boot select);
both of these are now the *only* configurations
available, on all x86 targets except QEMU.
The QEMU target is fine because if the bug occurs there,
you can just close QEMU and try a different image.
Even after this bug is later identified and fixed,
the GRUB source code is vastly over-engineered and there
are likely many more such bugs. SeaBIOS is a reliable
payload; the code is small and robust. Remember always:
Code
equals
bugs
Therefore, this configuration change is likely going
to be permanent. This will apply in the next release.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I've rebased the workaround-mx patch as follows. See:
commit 9a11cbf21a5078bcdb8db7584c44a9ee17020db4
Author: Nico Huber <nico.h@gmx.de>
Date: Fri Jan 13 01:19:07 2023 +0100
Let the flash context directly point to the used master
This change, now upstream in flashprog, made me have to do this in
the patch. I changed this:
flash->mst->spi.command(flash, sizeof(cmd), sizeof(buf), cmd, buf);
to this:
flash->mst.spi->command(flash, sizeof(cmd), sizeof(buf), cmd, buf);
It should work fine. This update imports the following upstream
patches from flashprog:
* 5b4fdd1 z60_flashprog.rules: Add udev rule for CH347
* 72c9e40 meson: Check for CPU families with known raw mem access
* 3458220 platform/meson: Port pciutils/pci.h workaround to Meson
* f279762 platform/meson: Check for libi386 on NetBSD
* 14da5f7 README: Convert to Markdown
* 8ddea57 README: Document branching and release policy
* 2522456 util/list_yet_unsupported_chips.sh: Fix path
* cbf9c11 spi: Don't cross 16MiB boundaries with long writes
* 823a704 dediprog: Skip warning on first attempt to read device string
* e8463c8 dediprog: Revise prefix check for given programmer id
* 38af1a1 dediprog: Revise id matching
* 4661e7c amd_spi100: Use flashprog_read_chunked() for progress reporting
* cdcfda2 read_memmapped: Use flashprog_read_chunked() for progress reporting
* 7679b5c spi25: Replace spi_read_chunked() with more abstract version
* ca1c7fd spi25: Normalize parameters of spi_nbyte_read()
* e36e3dc dediprog: Use default_spi_write_256
* 522a86d linux_spi: Use default_spi_read()/_write_256()
* 806509b cli_classic: Turn progress reporting into a progress bar
* 842d678 libflashrom: Return progress state to the library user
* aa714dd flashprog.c: Let select_erase_functions() return byte count
* 2eed4cf serprog: Add SPI Mode and CS Mode commands
* 821a085 dediprog: Implement id reading for SF600 and later
* 274e655 dediprog: Read device string early
* 0057822 dediprog: Add protocol detection for SF700 & SF600Plus-G2
* fb176d2 dediprog: Use more general 4BA write mode for newer protocols
* 0ab5c3d dediprog: Split device type and version parsing
* bdef5c2 dediprog: Use unsigned conversions to parse device string
* 5262e29 dediprog: Try to request 32B device string (instead of 16B)
* e76e21f dediprog: Get rid of some unnecessary hex constants
* 5a09d1e udelay: Lower the sleep vs delay threshold
* 03ad4a4 linux_mtd: Provide no-op delay implementation
* 211c6ec serprog: Refine flushing before synchronization
* 383b7fe serprog: Test synchronicity before trying to synchronize
* d7318ea serprog: Move synchronicity test into separate function
* 9a11cbf Let the flash context directly point to the used master
* aabb3e0 writeprotect: Hook wp functions into the chip driver
* 89569d6 memory_mapped: Reduce `decode_sizes` to a single `max_rom_decode`
* 929d2e1 internal: Pass programmer context down into chipset enables
* 7c717c3 internal: Pass programmer context down into board enables
* e3a2688 Pass programmer context to programmer->init()
* 2b66ad9 Start implementing struct flashprog_programmer
* 4517e92 memory_bus: Drop stale `size == 0` workaround and FIXME
* b197402 memory_bus: Split register mapping into own function
* 0e76d99 memory_bus: Move (un)map_flash_region into par master
* 9eec407 Perform default mapping only for respective chips
* 56b53dd wbsio_spi: Request memory mapping locally
* 5596190 it87spi: Request memory mapping locally
* 46449b4 spi25: Drop stale `bus == SPI` guards
* ab6b18f spi25: Move 4BA preparations into spi_prepare_4ba() hook
* 901fb95 Add prepare/finish_access() hooks for chip drivers
* a96aaa3 dediprog: Support long writes of 16MiB and more
* 1338936 Consider 4BA support when filtering erase functions
* 8d36db6 flashprog.8: Fix up serprog example
* d2ac303 flashprog.8: document new serprog cs parameter
* d1b9153 chipset_enable.c: Add Genoa to mendocino entry
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is using the same functionality that was added a few
commits ago, to override the use of "git submodule update"
each coreboot submodule has two repositories defined, with
the second one kicking in if the mail one fails upon cloning.
Signed-off-by: Leah Rowe <leah@libreboot.org>
whitelist what modules are downloaded, by adding
module.list files in the corresponding directories
under config/submodule/, per each coreboot tree.
this is making use of functionality added in the
previous commit.
Signed-off-by: Leah Rowe <leah@libreboot.org>