libreboot will still include microcode updates
by default, but mitigations against broken speedstep
and reboot (when microcode updates are excluded) were
removed following the merge with osboot
this patch restores those mitigations; the patch
reverts coreboot to older smrr code (which works fine, it
isn't critical to use the new behaviour) and disables peci
(pointless feature)
i'll probably re-tool this later to apply the changes
conditionally to whether ucode is present
this is not a change in policy. policy says:
include cpu microcode updates by default
policy also says:
libreboot must be configurable
microcode removal via cbfstool remove -n, counts as
configuration, and in practise is not possible on
gm45 patches in current libreboot; this patch corrects
that problem, allowing the machines to work somewhat
well (same stability issues as before, like MCE errors
resulting in kernel panic on high CPU/memory usage,
but i digress)
happy... hacking
small nitpick, but i try to use openbsd style
since i like that style. upon further reading
of their style guidelines today, it was revealed
to me that for includes, they:
* sort sys/ includes alphabetically, at the top
* after sys/ includes, have an empty line
* includes for networking-related headers below that
* empty space below networking headers if there
* after that, have the rest of the includes, sorted
alphabetically
at least, that is my understanding. i have to admit,
it does look cleaner
not really that critical but why not do it?
This is useful for e.g. HP EliteBook 2560p.
In coreboot config, enable e.g. (for lbmk blobutil):
CONFIG_KBC1126_FW1="../../ec/hp2560p/ec.bin.fw1"
CONFIG_KBC1126_FW2="../../ec/hp2560p/ec.bin.fw2"
In resources/blobs/sources you would have these entries:
EC_url
EC_url_bkup
EC_hash
In cases where the vendor update file contains a full
ROM image encompassing IFD+GbE+ME+BIOS, blobutil was
saving the *entire* ROM containing those, as me.bin.
For example, if it's an 8MB ROM, blobutil would create
a me.bin file that is actually the whole ROM containing:
* Vendor IFD region
* Vendor GbE(if it has one)
* Vendor ME region
* Vendor BIOS region
This fix tries with -M and -O first. In this combination,
me_cleaner shall extract me.bin (neutered) and save it.
If that fails, then the normal method with just -O is
tried, which by this logic would always be a lone ME
image if it succeeds.
I tested downloading ME images on existing boards with
this, and it didn't break them, and this fixes the bug.
This is done for HP 8200 SFF which Riku_V is adding to
lbmk. I'm on IRC with Riku_V as I write this commit
message! Super hot hotfix patch.
bl1 bootloader blobs needed, and lbmk doesn't currently
auto-download these for insertion, so their presence in
the build system is problematic because people might build
these and think they work - they don't, due to the lack of
those bl1 blobs
notes about this are included in lbwww, on the compatibility
list. these can be re-added and tested later, when lbmk handles
those bl1 bootloader blobs
u-boot is known broken on these, last revision
known working is 2021.01
can bisect and find the fix. i'm putting this on
the issue tracker (new one on codeberg)
don't download it. keep it in lbmk.
libreboot moved to codeberg for git hosting,
and i didn't want to keep lugging around an
extra git repo just for one tiny project.
word/setWord no longer mitigates endianness. instead,
all bytes are swapped after reading and before writing the
file, and only if the host is big endian
this improves performance on little endian hosts, which is
most machines, and the code is much simpler, so it's more
robust and less likely to break
mac address endianness made more clear in code, including
with a comment that explains it
(the nvm section contains little endian words, *except* the
mac address whose words are stored big endian)
Bruteforce it. Some executables are just using inno
archival but some are simple LZMA. This patch handles
both of them, and also the event where you have LZMA
compressed files (even LZMA compressed files within
LZMA compressed archives) within any inno/lzma compressed
executable.
It recursively scans inside a vendor update, to find
a me.bin files for neutering with me_cleaner.
This is in preparation for two new ports in Libreboot:
* HP EliteBook 8560w
* Apple MacBook Air 4,2 (2011)
This script can literally be used with multiple vendors now.
It is no longer specific just to Lenovo. I originally did
this and other recent commits to the file, as one big
commit, but I decided to split it all up into small commits.
Top-down order is easier to read, for greater understanding.
What's moved is initialisation. The glue that calls Build_deps
and Download_needed still need to be at the bottom.
When using e.g. -p grub in build/boot/roms, it will
error out. This patch fixes that.
E.g.
./build boot roms t440pmrc_12mb -p grub
Seldom used feature and it was overlooked. Most people
won't use the option that triggered the error.