libreboot will still include microcode updates
by default, but mitigations against broken speedstep
and reboot (when microcode updates are excluded) were
removed following the merge with osboot
this patch restores those mitigations; the patch
reverts coreboot to older smrr code (which works fine, it
isn't critical to use the new behaviour) and disables peci
(pointless feature)
i'll probably re-tool this later to apply the changes
conditionally to whether ucode is present
this is not a change in policy. policy says:
include cpu microcode updates by default
policy also says:
libreboot must be configurable
microcode removal via cbfstool remove -n, counts as
configuration, and in practise is not possible on
gm45 patches in current libreboot; this patch corrects
that problem, allowing the machines to work somewhat
well (same stability issues as before, like MCE errors
resulting in kernel panic on high CPU/memory usage,
but i digress)
happy... hacking
In cases where the vendor update file contains a full
ROM image encompassing IFD+GbE+ME+BIOS, blobutil was
saving the *entire* ROM containing those, as me.bin.
For example, if it's an 8MB ROM, blobutil would create
a me.bin file that is actually the whole ROM containing:
* Vendor IFD region
* Vendor GbE(if it has one)
* Vendor ME region
* Vendor BIOS region
This fix tries with -M and -O first. In this combination,
me_cleaner shall extract me.bin (neutered) and save it.
If that fails, then the normal method with just -O is
tried, which by this logic would always be a lone ME
image if it succeeds.
I tested downloading ME images on existing boards with
this, and it didn't break them, and this fixes the bug.
This is done for HP 8200 SFF which Riku_V is adding to
lbmk. I'm on IRC with Riku_V as I write this commit
message! Super hot hotfix patch.
bl1 bootloader blobs needed, and lbmk doesn't currently
auto-download these for insertion, so their presence in
the build system is problematic because people might build
these and think they work - they don't, due to the lack of
those bl1 blobs
notes about this are included in lbwww, on the compatibility
list. these can be re-added and tested later, when lbmk handles
those bl1 bootloader blobs
u-boot is known broken on these, last revision
known working is 2021.01
can bisect and find the fix. i'm putting this on
the issue tracker (new one on codeberg)
don't download it. keep it in lbmk.
libreboot moved to codeberg for git hosting,
and i didn't want to keep lugging around an
extra git repo just for one tiny project.
Bruteforce it. Some executables are just using inno
archival but some are simple LZMA. This patch handles
both of them, and also the event where you have LZMA
compressed files (even LZMA compressed files within
LZMA compressed archives) within any inno/lzma compressed
executable.
It recursively scans inside a vendor update, to find
a me.bin files for neutering with me_cleaner.
This is in preparation for two new ports in Libreboot:
* HP EliteBook 8560w
* Apple MacBook Air 4,2 (2011)
This script can literally be used with multiple vendors now.
It is no longer specific just to Lenovo. I originally did
this and other recent commits to the file, as one big
commit, but I decided to split it all up into small commits.
Top-down order is easier to read, for greater understanding.
What's moved is initialisation. The glue that calls Build_deps
and Download_needed still need to be at the bottom.
When using e.g. -p grub in build/boot/roms, it will
error out. This patch fixes that.
E.g.
./build boot roms t440pmrc_12mb -p grub
Seldom used feature and it was overlooked. Most people
won't use the option that triggered the error.
these boards are almost impossible to find, and have always been
buggy, it doesn't look like there will be any viable testing or
development on it
it's currently broken in master, on coreboot. if someone wants to
fix and re-add to lbmk, they can do that
use older libreboot releases to flash this board, if you wish
(i *am* adding te the issue tracker, a note about this commit,
with a view to re-adding it one day)
MRC caches in a certain way, that Heads was able to work
around in their build system, for this board.
I've adapted the relevant config differences, from their project
as of heads revision 96440b928acb06de5b925ea12014c9c280b23165
The downside is that CBFS now has to be 8MB in size. The upside
is that the machine also boots much faster
See:
f0792117efhttps://github.com/osresearch/heads/pull/1282#issuecomment-1400634600
I have not adapted their IFD changes, versus Libreboot, because theirs
simply has a different version string, and uses different read/write
permission bits for regions as defined in the IFD.
This affects:
t440p_12mb_mrc
w541_12mb_mrc
S3 suspend/resume still broken on these targets which use the libre
MRC init (replacement code by Angel Pons, recently merged in lbmk):
t440p_12mb
w541_12mb
With clever use of FMAP, the rest of the BIOS region might still be
used. However, for our purposes, 8MB CBFS will do just fine.
Heads's changes configure MRC so that caching is handled properly,
for when the machine returns from sleep. Setting CBFS to be any
higher will result in slower boot times, and broken S3 resume, due
to MRC cache misalignment (this is based on my understanding, reading
through the Heads project looking at their research on this).
At some point in the future, Angel's libre MRC code will probably
be finished, and merged, with more fine tuning possible to allow
bigger CBFS sizes.
libre mrc on haswell is quite buggy for now, but works in
a limited fashion
this patch re-adds the old configs, but as _mrc for example
t440p_12mb_mrc instead of t440p_12mb
and t440p_12mb (without _mrc) still uses the libre mrc code
i found that with libre mrc, usb was broken in grub
however, it worked nicely in seabios
for our purposes, doing seabios-only roms in text mode
is best for now
i'm going to re-add mrc.bin, but for t440p_12mb_mrc
and w541_12mb_mrc, as new config names. the regular
t440p_12mb and w541_12mb will continue to use libre
mrc, but the _mrc ones will use mrc.bin and retain the
grub payload in board.cfg
courtesy of Angel Pons from the coreboot project
this uses the following patch set from gerrit, as yet
unmerged (in coreboot master) on this date:
https://review.coreboot.org/c/coreboot/+/64198/5
logic for downloading mrc blobs has been deleted from
lbmk, as this is now completely obsolete (for haswell
boards)
if other platforms are added later that need mrc.bin,
then logic will be re-added again for that
this fixes the build error:
Error: name not set
Usage: ./download gitmodule [name]
when running:
./download all
running "all" runs all scripts under downloads,
one of which was the gitmodule script itself, therefore
being run without argument
some checks check for specific utils, which are
then used to indicate the existence of other utils,
which means that building them singularly, as is
currently done, may result in errors later if another
tool doesn't exist compiled yet
this is an obscure bug, fixed by this patch. more of a
workaround really. a dirty hack. when checking for any
of the coreboot utilities required, build all coreboot
utilities that are possibly required
the utilities are small enough that this does not add
much extra time to build, and in most cases, all of them
will be needed anyway
Leah Rowe