with neutered ME, fan control fails. while there are
ways to mitigate it, many users will not, and will
likely see their system overheat, which is very
dangerous.
this bug (failed fan control on neutered ME) only
affects arrandale machines such as lenovo x201.
the newer machines are not affected by this.
other arrandale machines will probably not be added
to libreboot because of this, or they will be subject
to further testing.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is of Broadwell platform, one generation above Haswell.
Of note: this uses HP Sure Start. Although the flash is 16MB,
our CBFS section (and IFD configuration) assumes 12MB flash,
so the final 4MB will be left unflashed on installation,
after blanking the private flash. The coreboot documents have
more information about this.
Some minor design changes in lbmk were made, to accomodate
this port:
Support for extracting refcode binaries added (pulled from
Google recovery images). The refcode file is an ELF that
initialises the MRC and the PCH. It is also responsible for
enabling or disabling the Intel GbE device, where Google
does not enable it, but lbmk modifies it per the instructions
on the coreboot documentation, so as to enable Intel GbE.
Google's recovery image stores the refcode as a stage file,
but coreboot changed the format (for CBFS files) after 4.13
so coreboot 4.13's cbfstool is used to extract refcode. This
realisation made me also change the script logic to use a
cbfstool and ifdtool version matching the coreboot tree, for
all parts of lbmk, whereas lbmk previously used only the
default tree for cbfstool/ifdtool, on insertion and deletion
of vendor files - it was 81dc20e744 that broke extraction of
refcode on google's recovery images, where google used an older
version of cbfstool to insert the files in their coreboot ROMs.
A further backported patch has been added, copying coreboot
revision f22f408956 which is a build fix from Nico Huber.
Iru Cai submitted an ACPI bugfix after the revision lbmk
currently uses, for coreboot/default, and this fix is
needed for rebooting to work on Linux 6.1 or higher. This
patch has been backported to lbmk, while it still uses the
same October 2023 revision of coreboot.
Broadwell MRC is inserted at the same offset as Haswell,
so I didn't need to tweak that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Actually, it's 2 commits after 2.12, because there was a
patch added afterwards, fixing a build issue on Gentoo.
These changes are present in GRUB 2.12, relative to the
revision that we previously used on lbmk:
* b835601c7 build: Include grub-core/extra_deps.lst in dist
* 8961305b4 Bump version to 2.13
* 5ca9db22e Release 2.12
* 477a0dbd5 efi: Add support for reproducible builds
* dcc1af5d6 efi: Generate stack protector canary at build time if urandom is available
* e424e945c efi: Initialize canary to non-zero value
* 7c8ae7dcb gfxmenu/gui_image: Fix double free of bitmap
* 63fc253fc commands/acpi: Fix calculation of ACPI tables addresses when processing RSDT and XSDT
* f20123072 libnvpair: Support prefixed nvlist symbol names as found on NetBSD
* a13df3d15 bootstrap: Don't check gettext version
* 6d2aa7ee0 kern/mm: Use %x and cast for displaying sizeof()
* b3d49a697 configure: Add RPATH for freetype on NetBSD
* 52dbf66ea configure: Add *BSD font paths
* 2d6a89980 autogen: Accept python3.10 as a python alternative
* 3d4cb5a43 build: Rename HAVE_LIBZFS to USE_LIBZFS
* e4dbe5cfa gnulib: Tolerate always_inline attribute being ignored
* 31e47cfe2 util/editenv: Don't use %m formatter
* f5905f656 osdep/bsd/hostdisk: Fix NetBSD compilation
* cb1824a87 osdep/generic/blocklist: Fix compilation
* 2f3faf02c disk/diskfilter: Remove unused variable
* 3815acc57 build: Tolerate unused-but-set in generated lexer/bison files
* c129e44e7 loader/i386/bsdXX: Fix loading after unaligned module
* 89fbe0cac grub-core/Makefile.am: Make path to extra_deps.lst relative to $(top_srcdir)/grub-core
* 353beb80c util/grub-install: Move platdir path canonicalization after files were copied to grubdir
* f18a899ab util/grub-mkstandalone: Ensure deterministic tar file creation by sorting contents
* ed74bc376 util/grub-mkstandalone: Ensure stable timestamps for generated images
* 069cc46c9 net/http: Fix gcc-13 errors relating to type signedness
* e7a831963 templates: Reinstate unused version comparison functions with warning
* 3f9eace2d util/grub-install: Delay copying files to {grubdir,platdir} after install_device was validated
* e60015f57 efi: Set shim_lock_enabled even if validation is disabled
* e35683317 docs: Improve bli module documentation
* 57059ccb6 bli: Add explicit dependency on the part_gpt module
* 154dcb1ae build: Allow explicit module dependencies
* 17c68472d kern/ieee1275/init/ppc64: Display upper_mem_limit when debugging
* 5f8e091b6 kern/ieee1275/init/ppc64: Fix a comment
* dc569b077 kern/ieee1275/ieee1275: Display successful memory claims when debugging
* 0ac3d938a loader/powerpc/ieee1275: Use new allocation function for kernel and initrd
* 2a9a8518e kern/ieee1275/cmain/ppc64: Introduce flags to identify KVM and PowerVM
* 679691a13 kern/ieee1275/init/ppc64: Rename regions_claim() to grub_regions_claim()
* d49e86db2 kern/ieee1275/init/ppc64: Add support for alignment requirements
* fe5d5e857 kern/ieee1275/init/ppc64: Return allocated address using context
* ea2c93484 kern/ieee1275/init/ppc64: Decide by request whether to initialize region
* 0bb59fa9a kern/ieee1275/init/ppc64: Introduce a request for regions_claim()
* aa7c13226 fs/xfs: Add large extent counters incompat feature support
Most notable in the above log, that are beneficial to Libreboot
users, are:
aa7c13226 which improves XFS support (large extents), which is default
now on many setups.
ed74bc376 which introduces more stable timestamp generation when using
grub-mkstandalone. this is what lbmk uses to generate grub.elf, whereas
grub previously only implemented this fix on mkimage which we don't use
f18a899ab which ensures deterministic (reproducible) tar file creation
by sorting contents (file names / directories). this is done by sorting
the entries
f5905f656 which improves grub build system reliability on netbsd and
openbsd systems - useful for us because an ambition of lbmk is to port
the build system to run on bsd systems, and we will still want grub -
several other of the changes here are beneficial for BSD aswell, all
or most of them by Vladimir Serbinenko
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is now used in grub, for the FS_PAYLOAD_MODULES
option in the make command
lbmk should generalise as much logic as possible. in
some parts of it, logic is hurrently hardcoded, specific
to a given project that lbmk uses, but lbmk is essentially
a source-based package manager, like what you might find
on a small linux distro, so we need to try to
be as generic as possible.
lbmk is the "build system of build systems", so it has to
work generically with as many of them as possible
Signed-off-by: Leah Rowe <leah@libreboot.org>
it is no longer hardcoded just to be handled for uefiextract.
it is now defined as cmakedir in target.cfg, for a single or
multi tree project. if multi tree, it is applied to the specific
tree, and has to be defined per tree
the way it works is: as per cmakelist, a project will define
which directory is to be built, and it will then generate
a makefile in the main source tree (the build tree in cmake
language, where the main CMakeLists.txt file exists)
when the makefile has been generated, the project is then treated
like any other project. the way cmake works, if a makefile has
already been generated by it, in a given directory, running it
again will fail and not affect anything; if it fails but the
makefile doesn't exist, then something is wrong, but if the
makefile does exist, then it's all fine and nothing happens
at present, this is only used for uefiextract, which is part
of src/uefitool
Signed-off-by: Leah Rowe <leah@libreboot.org>
at present, the bootstrap and configure script is only
directly executed for grub, because grub is the only
project that uses them in lbmk
however, when i start adding linuxboot support, i will
have to start building a lot of projects, some of which
make use autoconf and bootstrap scripts
e.g.
./bootstrap --foo
./configure --bar
the "bootstrap" script is often used on GNU programs,
because they like to over-engineer absolutely everything
Signed-off-by: Leah Rowe <leah@libreboot.org>
arch no longer needs to be set, on multi-tree projects,
and it has been renamed to xarch
the new behaviour is: if xarch is set, treat it as a
list of crossgcc targets and go through the list. set
the first one as the target, for what lbmk builds, but
build all of the defined crossgccc targets
crossgcc_ada is now xlang, and defines which languages
to build, rather than whether to build gcc-gnat
Signed-off-by: Leah Rowe <leah@libreboot.org>
i had to run make-oldconfig on all of them, because
of the port that riku added the other day. lbmk doesn't
use defconfigs, it uses full configs, so we have to
make sure they're kept in sync
this patch is the result of running the following command
in a fresh clone of lbmk:
./update trees -u coreboot
i should probably switch to defconfigs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
riku committed a new patch, that fixes build errors
when PICO_DEFAULT_LED_PIN is not defined, on a given
board. in such cases, riku's new patch just disables
handling of the status LED, but LEDs continue to work
on boards where it is defined.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the new revision sets drive level to 12mA instead
of the default 4mA. 16-20mA is the maximum tolerated
level for data lines, on most flash ICs, so 12mA is
relatively safe.
riku did this a while ago, tested on pico pi.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the e6400_4mb target has libgfxinit and (if seabios) vgarom
initialisation, but has issues on the nvidia model, even when
using nomodeset. with this target, e6400nvidia_4mb, only
the vgarom initialisation is used, libgfxinit is disabled.
on nvidia models, this one should work a little bit better.
specifically: nouveau crashes on this machine, with libreboot
installed, but you can use nomodeset. however, when libgfxinit
is also enabled, nomodeset no longer works properly.
so this target disables all video initialisation in coreboot.
only seabios will initialise anything video-related, by
executing the vga option rom.
Signed-off-by: Leah Rowe <leah@libreboot.org>
at present, lbmk can remove microcode updates on images for
a given target, if the target specifies
microcode_required="n" in target.cfg
lbmk then provides images with microcode, and images without,
in a given release. although the user can also remove them
manually, this just makes it a bit more convenient, for those
users who do wish to run without the updates. this functionality
is provided only on those platforms where no-microcode is tested.
well, this behaviour implements a compromise on libreboot policy,
which is to always include microcode updates by default. see:
Binary Blob Reduction Policy
the *canoeboot* project now exists, developed in parallel with
libreboot, and it ships without microcode updates, on the same
targets where lbmk also handled this.
running without microcode updates is foolish, and should not
be encouraged. clean up lbmk by not providing this kludge.
the libreboot documentation will be updated, telling such users
to try canoeboot instead, or to remove the update from a given
libreboot rom - this is still possible, and mitigations such as
PECI disablement on GM45 are still in place (and will be kept),
so that this continues to work well.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this affects 8460p and 8470p only, as the others' updates
aren't common across different boards
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
don't handle "romtype" at all, in board target.cfg files
add /dev/null as pike2008 rom on amd boards. this serves
the same purpose, adding them as empty vga roms, to add
an empty rom in cbfs. pike2008 cards cause seabios to hang,
when their oproms are executed, so we insert a fake rom
on i945 thinkpads, use the coreboot config option:
CONFIG_INTEL_ADD_TOP_SWAP_BOOTBLOCK
when set, this enables the same bootblock copy, for use
with bucts. these two cases, namely pike2008 roms and
i945 bootblock copies, no longer need to be handled in code
Signed-off-by: Leah Rowe <leah@libreboot.org>
the x220 edp patch invalidated lots of configs, so
i did: ./update trees -u coreboot
this is the resulting patch
Signed-off-by: Leah Rowe <leah@libreboot.org>
only call crossgcc for coreboot and u-boot, but use
hostcc for everything else. simplify the checking of
which architecture to compile for. "arch" in target.cfg
files has been modified, to allow further simplification.
without this patch, the logic currently only *barely* avoids
using crossgcc on things like utils, and only works in practise
because, in practise, lbmk only works on x86_64 anyway.
the new logic, as per this patch, is simpler and more robust.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The component 1 and 2 densities were still set to 8 MiB and 4 MiB
respectively, which is incorrect for 16 MiB only configurations.
Change the component 1 density to 16 MiB so that the address space
gets properly mapped to SPI 1. In addition, change the number of
components field (byte 0x15) to 0x00 to indicate 1 flash chip.
Signed-off-by: Nicholas Chin <nic.c3.14@gmail.com>
Inside the BIOS update, there's 68SCE and 68SCF variants.
Based on Qubes HCL and browsing linux-hardware.org, these are
Probook 6360b and Elitebook 8460p respectively.
I checked the KBC1126 EC Firmwares within the update file, both
use the exact same firmware images. Following-up will be a very
similar but untested port for 6360b.
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
there are special menuentries just for loading
configs, without handling luks, lvm and whatnot.
it's intended for users of cd/dvd drives. well,
now we support both extlinux and grub, with this patch.
Signed-off-by: Leah Rowe <leah@libreboot.org>
isolinux/syslinux/extlinux config files should all work,
using the syslinux parser function in grub
the current behaviour is to only search for grub.cfg,
so extlinux users can't use the default libreboot setup.
with this change, their systems should hopefully work.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the so-called EFI System Partition (ESP) is used
on many UEFI-based setups. some users may be
migrating to libreboot, so let's support it.
on BIOS setups, it would be e.g.
/boot/syslinux/syslinux.conf
on UEFI setups, it would be e.g.
/boot/EFI/syslinux/syslinux.conf
additionally, support scanning for extlinux.conf
Signed-off-by: Leah Rowe <leah@libreboot.org>
lvm/* is slow to resolve in grub, on some machines,
because grub enumeration is very slow in general.
however, many people will install distros with any
number of lvm configurations, so we should try to
support them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This reverts commit 20389655e4.
If the user actually has encryption, but has /boot unencrypted,
this will considerably slow down the boot, so the patch has
been reverted.
The patch was originally meant to favour encrypted /boot
setups, but the old behaviour also still works there.
when the user sets up an encrypted machine, grub.cfg
defaults to non-encrypted setups if found, first
this patch reverses the order, deferring to
non-encrypted installations only when encrypted ones
are unavailable
Signed-off-by: Leah Rowe <leah@libreboot.org>
install libfreetype-dev, instead of libfreetype6-dev
this still works in debian stable (currently 12.2) but
fixes debian sid, as of 15 November 2023. my test machine
with debian sid could not install libfreetype6-dev, but
could install libfreetype-dev
Signed-off-by: Leah Rowe <leah@libreboot.org>
apparently some people use fat file systems for /boot
on linux systems
this is apparently a thing
it's ridiculous, but also a thing
a user reported they could not boot their t400 because
of those, because they have such a distro installed
on their machine
apparently it was a gentoo user
i don't really care. re-add 1980s dos file system support.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Now the revision is:
64e3cee72ab8f5876abfebb263b5e6cf7c4a9a4e
The old revision was:
e58b870ff926415e23fc386af41ff81b2f588763
With this new revision update, the following patches have
been imported from the upstream GRUB project:
* 64e3cee72 gpt: Add compile time asserts for guid and gpt_partentry sizes
* 7de6fe963 types: Split aligned and packed guids
* 5fc985bfd gpt_partition: Mark grub_gpt_partentry as having natural alignment
* 7ad30299d efi: Deduplicate configuration table search function
* c6cf807fc lsefi: Add missing static qualifier
* a964e359b types: Fix typo
* 3f79e3b15 util/grub-mount: Check file path sanity
* 85e40b36e configure: Make the DJVU_FONT_SOURCE configurable with --with-dejavufont=FILE
* 2d6631d2a configure: Make the Unifont FONT_SOURCE configurable with --with-unifont=FILE
* 07318ee7e fs/xfs: Fix XFS directory extent parsing
* ad7fb8e2e fs/xfs: Incorrect short form directory data boundary check
* 4e10213de Revert "zfsinfo: Correct a check for error allocating memory"
* 4266fd2bb disk/i386/pc/biosdisk: Read up to 63 sectors in LBA mode
* cab04dcda kern/i386/pc/init: Flush cache only on VIA C3 and earlier
* 3c7e84257 fs/btrfs: Zero file data not backed by extents
* 4bcf6f747 kern/ieee1275/init: Restrict high memory in presence of fadump on ppc64
* cf58eca2a tests/util/grub-shell: Enable RNG device to better test stack smashing
* c3bdf263f kern/efi/init: Disable stack smashing protection on grub_efi_init()
* 95963d97f disk/cryptodisk: Add support for LUKS2 in (proc)/luks_script
* 016f14257 disk/cryptodisk: Optimize luks_script_get()
* f7a663c00 term/serial: Ensure proper NULL termination after grub_strncpy()
* a19e47ca4 commands/efi/lsefisystab: Print the UEFI specification revision in human readable form
Signed-off-by: Leah Rowe <leah@libreboot.org>
Fix a few issues with the E6430 configs to make it consistent with
configs for other boards and function as intended.
- Add VBT to CBFS: Although the VBT was enabled at the board level
Kconfig in a previous commit (CONFIG_INTEL_GMA_HAVE_VBT), the config
to actually add the VBT to CBFS was still unset.
- Enable the static option table: The old config would always use the
fallback values hard coded in the coreboot tree, rather than the
settings in the cmos.default file
- Enable DRAM clear on boot: This was not set previously, even though
most other boards set this for security.
Signed-off-by: Nicholas Chin <nic.c3.14@gmail.com>
now the docs are complete, in releases. they
contain the libreboot site, libreboot images,
the untitled static site generator and untitled
static site generator documentation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this replaces the previous behaviour, which erred
on a specific value of grub_errno, which was a
problem if other types of errors used that value.
due to the way i patch out the prefix error messages,
this new patch ensures that only those errors are
silenced. all other messages will be printed.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it still printed "error: ." on screen, instead
of the prefix message.
now it's silent. it just says:
Welcome to GRUB!
Signed-off-by: Leah Rowe <leah@libreboot.org>
it can annoy some users, so just silence it. we don't need
a lot of modules so we only have a few, but some distro
grub configs can load modules frivilously.
Signed-off-by: Leah Rowe <leah@libreboot.org>
TSEG Stage Cache enabled again, because disabling it
did not affect S3 in any way.
Many configs have changed, and debug level is set to 7.
In testing with V-T60 on IRC, it wasn't just removal of
the DDR2 patch that I did, but I re-did the configs too,
in exactly the same way I've done them here, when testing
on an X200 to fix boot issues.
Libreboot does not use defconfigs, instead it uses full
configs, and these have to be updated. I normally just
run make-oldconfig on every config, for revision updates.
However, every now and then, we need to re-do them.
Play it safe and re-do every config. I've double- and
triple-checked that the configs are correct.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the ddr2 fix broke *ddr3* on gm45 thinkpads in
testing, depending on memory modules. this was
established by removing patches, re-doing
configs etc, on a user's X200 (testing gentoo
and freebsd). the X200 kept randomly rebooting
or having random glitches.
the configs themselves (gm45 thinkpads) will
also be re-done, because i found minor issues
unrelated, but this patch moves dell e6400 to
its own tree. the ddr2 fix is no longer present
in coreboot/default, only coreboot/dell.
i noticed minor differences in gm45 thinkpad
configs, when re-doing the configs, versus
what are currently in lbmk master; for instance,
vbt was not enabled anymore, on thinkpad x200.
modifications to these will be done separately.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The original E6430 patch included the Intel VBT file, but did not
actually enable it in Kconfig. Update the patch to enable it and
update the E6430 configs.
with this, you can just do:
cd src/docs
./build
the html files would then be available for
publishing, if you wish, or you could set up
a local httpd to view them.
if you have pandoc installed, this will build the
markdown files into html
untitled static site generator is what generates
the html files, from the markdown files, on the
website. it will now also be included in releases.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it didn't work in the past, but it does work nowadays;
specifically, it only worked with libgfxinit in the past,
but not on VGA ROMs.
now it does work on VGA ROMs, tested on e6400 and t1650 so
it was enabled there.
in this setup, a special image is provided where SeaBIOS is
the main payload, but it only loads GRUB; nothing else, every.
this is called SeaGRUB. this setup is useful in cases where
the user only has a GPU that lacks libgfxinit support.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's preferable that the vram setting be as high as
feasible, for users. we overlooked this on some
newer platforms that were added, over several
releases. these levels won't offend most users,
and people who want less can always turn it down
Signed-off-by: Leah Rowe <leah@libreboot.org>
Faulty keyboards make GRUB unusable. Normally it happens
when a user plugs in a faulty USB keyboard, but if it's
the laptop keyboard, then GRUB becomes unusable and the
user cannot boot anything.
So, your laptop keyboard is a ticking timebomb if you use
GRUB; with this patch, that's no longer the case.
Signed-off-by: Leah Rowe <leah@libreboot.org>
My previous fix to revert didn't fix S3 on GM45, one
of the platforms reported fixed by 78263; I'm merging
that instead, at patch set 10.
It is referenced by 78815/1 which was split from it,
so merge that too (restores overrides of higher values,
on certain platforms that we don't use yet).
https://review.coreboot.org/c/coreboot/+/78623/10https://review.coreboot.org/c/coreboot/+/78815/1
Accordingly, update configs to match the new default.
Signed-off-by: Leah Rowe <leah@libreboot.org>
also, enable seabios_withgrub on e6400, but not grubfirst;
right now, we also support dgpu which would brick on
grubfirst. on my tested nvidia model, loading grub from
seabios worked, so i'm going to re-add seabios_grubfirst
functionality like in older libreboot revisions, enabled
selectively on a given target.
e6430 currently only has igpu support anyway, but i've done
the same thing there, in anticipation of future dgpu support.
e6400 and e6430 ec report scancode set 2 with translation
by default, but only actually output scancode set 1
grub is trying to use scancode set 2 without scancode
translation, so the key inputs get messed up
fix it by forcing scancode set 2 with translation, but
only on coreboot; other build targets on GRUB will
retain the same behaviour as before
courtesy goes to Nicholas Chin who inspired me, and
helped me to fix this. tested on Nicholas's E6400
and E6430, and my E6400; Riku also tested it on
non-Dell, as did I (some thinkpads), and all seems OK.
The new behaviour in coreboot GRUB is essentially no
different to that of SeaBIOS, which does the same.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the patch included in this revision is pulled from:
https://review.coreboot.org/c/coreboot/+/54024/2
contrary to hell's assertion of "not for merge", this does
in fact work nicely on a dell e6400; nicholas chin tested
on e6400 and found that those RCOMP values are the same
nicholas was testing some errant modules that seemed to
fail raminit in coreboot. in some cases, dell e6400 would
regularly fail coldboot even though reboot was ok; this was
therefore the cause of suspicioun for it being raminit-related
with this patch from hell (Angel Pons, but knows as hell
on IRC) it should fix boot issue on Dell Latitude E6400
Signed-off-by: Leah Rowe <leah@libreboot.org>
note: me6_update_parser needs to be written, similar
to me7_update_parser, to generate the partition
tables within intel me6 on lenovo bios updates.
the current logic in lbmk goes like this:
mkdir -p vendorfiles/cache/
and save your factory dump as:
vendorfiles/cache/x201_factory.rom
the build system has been modified, in such a way
as to support extracting me.bin (which is the full
one) and then neutering from this.
this is done automatically, if the file is present,
but you must first insert that file there, which means
you'll need a dump of the original boot flash on your
thinkpad x201
Signed-off-by: Leah Rowe <leah@libreboot.org>
the patch:
https://review.coreboot.org/c/coreboot/+/78270
this has been reverted, because it caused s3 resume
issues on most intel laptops in libreboot.
i was going to merge this instead:
https://review.coreboot.org/c/coreboot/+/78623
however, it's under review, and this doesn't change
to the old behaviour; it keeps the new universal
config, but changes the default
we know the old logic works, so keep that for now.
in fact, the offending patch was only merged to
main in coreboot, one day before i recently
updated coreboot revs in coreboot/default - i used
a 12 october revision, the patch above is 11 october
i then ran "./update trees -u coreboot" which updated
the heap sizes back to the old defaults. this should
fix s3 suspend/resume where it was broken, in the
libreboot 20231021 release - a point release with this
and a few other fixes is planned soon.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the logic for naming coreboot roms is based on whether
cpu_microcode_blob.bin would exist in cbfs, and whether
deletion was therefore successful.
lbmk was naming nomicrocode on fam15h roms on this basis,
but the microcode was being inserted as microcode_amd.bin
and microcode_amd_fam15h.bin
in the recent 20231021 release, the roms were exclusively
labeled _nomicrocode in the rom names, but they do in fact
contain microcode.
i'm fixing it by telling lbmk *not* to delete microcode.
if microcode_required is not set, or it's set to y, then
only roms *with* microcode updates are provided; even if
the rom doesn't actually contain it, lbmk will only label
it _nomicrocode if that setting is set to n.
i'm not bothering to add further complexity to the rom
handling logic, because canoeboot now exists anyway (at
website https://canoeboot.org/) which is my new version
re-implementing the older, inferior version of libreboot
so i'm going to:
1) document this as errata in the release
2) cross reference in the freedom status page
3) if someone still isn't happy, i'll say use canoeboot
job done.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Add a U-Boot build for the qemu_x86_12mb board. The config is a copy of
the upstream "coreboot" defconfig, but with OF_EMBED=y.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Add my upstream U-Boot series enabling video console support by default
for QEMU ARM virtual machines. Similarly, enable the related config
options for our builds using savedefconfig and olddefconfig.
The resulting ROM can be booted with a command line like:
qemu-system-aarch64 \
-machine virt,secure=on,virtualization=on \
-cpu cortex-a72 -m 1G \
-serial stdio -device VGA \
-device qemu-xhci \
-device usb-kbd -device usb-mouse \
-bios bin/qemu_arm64_12mb/*.rom
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
gru_bob fails to build without python-setuptools. this isn't a huge issue,
because most users probably have it already as many other python programs
depend on it too. that's probably why no one noticed until now,
when i tried to do this on a fresh artix install uncontaminated by python.
i also sorted and deduplicated the packages with 'sort -u'.
github's httpd b0rked the fuck out and i didn't want to wait
for them to fix it (ssl cert error) before i continued a build.
i now host the relevant acpica tarball on libreboot rsync,
mirrored to princeton.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's not used by anywhere else in lbmk, but the release build
script will automatically download each project named as per
file names in config/git/
this is a stupidly simply way to prove documentation in
libreboot releases, and i've used current revisions corresponding
to the Libreboot 20231021 release, for this 20231021 release
of lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's been a while since we did encrypted /boot
and the current name sucks.
it's unlikely that anyone still uses it, but
people will soon
change the default assumed lvm name to grubcrypt
and stick to that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
notabug is unreliable, even as a backup.
why, just today, it was offline! all day.
i originally moved libreboot away from notabug,
to codeberg instead, but kept the notabug account
online, and i still push to it when it's online.
however, notabug seems to be in a terminal state
of neglect by its admins, so lbmk should not use it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
flashrom-stable isn't really going anywhere
i'll decide at some future point what to do
with flashrom. for now, just give latest rev
Signed-off-by: Leah Rowe <leah@libreboot.org>
the grub backup was the same gnu server
i decided to host grub on codeberg, as backup
(gnu links as primary is ok)
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's ok for now to use it as a backup.
where only github was specified, i mirrored each
given repository to codeberg as main repo for lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's not actually needed in lbmk
flashrom can be downloaded separately by the user,
if they want to flash their chip
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't put multiple downloads in the same files, except
when they are dependencies that go inside the directory
of another download.
by doing this, the following functionality will become
possible: clean every project or build every project,
or maybe fetch every project, based entirely on the
names of these files.
this will be used later to simplify the release script.
Signed-off-by: Leah Rowe <leah@libreboot.org>
as opposed to the current 3-level structure.
recent build system simplifications have enabled
this change, thus:
./build fw coreboot -> ./build roms
./build fw grub -> ./build grub
./build fw serprog -> ./build serprog
./update project release -> ./update release
./update project trees -> ./update trees
./update vendor download -> ./vendor download
./update vendor inject -> ./vendor inject
alper criticised that the commands were too long,
so i made them shorter!
Signed-off-by: Leah Rowe <leah@libreboot.org>
i previously added this just for kicks, but it's not
actually needed; gnat isn't used on fam15h boards so
lbmk doesn't even use it (it's disabled).
in fact, i tested lbmk with crossgcc_ada handling
taken out, but with said patch; i still got build
errors with gnat anyway, on that old coreboot
revision (but gnat isn't needed there anymore).
Signed-off-by: Leah Rowe <leah@libreboot.org>
We don't really need a custom coreboot tree for Chromebooks. I had added
one, because at a cursory glance to the available config/coreboot/board
subdirectories I had the impression that I should. But upstreams have
one tree for every board and I think we should move towards that too.
Move the one important BL31 makefile patch into the default coreboot
patches, update the gru boards' configs by running savedefconfig in the
cros tree and then running olddefconfig in the default tree.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
By default U-Boot stores EFI variables in a ubootefi.var file in
whatever EFI System Partition it finds, which would be a FAT filesystem.
I'm occasionally finding out while testing that my ESPs somehow end up
with a corrupted filesystem, and I'm suspecting it's this.
For now, disable storing EFI environment variables on disk so that
U-Boot doesn't try to manipulate the filesystem.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Enable U-Boot commands to manipulate EFI environment storage, to
self-test EFI implementation, and to run a basic EFI test application.
These are so that we can test and debug EFI functionality easier.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
U-Boot upstream is switching to a new code framework for discovering and
booting OSes ("Standard Boot", or "bootstd"). Enable more features for
it, including commands we can use for introspection and debugging.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Normally U-Boot immediately resets the board on a panic. I had run into
"Synchronous Abort"s from shim and rEFInd, and having a traceback in
those cases can be useful. Hang instead of resetting, so the panic
reason stays on the screen.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
We should be able to power the board off from U-Boot command line.
Enable the "poweroff" command for gru boards so we can.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
U-Boot can keep a "copy" framebuffer to read from, for devices where
reading from hardware framebuffer is expensive. This needs the video
driver to support it. The Rockchip video driver doesn't need or support
it, so this option does nothing on gru boards. Disable it.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
U-Boot upstream used to have 16KB for EFI variables, and this was
causing problems with shim. Commit f0236acbc6 ("u-boot: Increase EFI
variable buffer size") fixed this by raising it to 32KB in our builds.
It has now been raised to 64K upstream, so raise it here as well.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
For Rockchip boards U-Boot tries to build SPI and MMC images that
require an externally built BL31 file to be provided, and the build
fails otherwise. This is not really as configurable as it should be.
In Libreboot, we only care about the build outputs for U-Boot proper.
There is a BL31 built during our coreboot builds, but using that in
U-Boot builds is a chicken-and-egg problem. Building BL31 outside the
coreboot build and passing it to both projects is possible, but needs
work.
For now, stop trying to build these U-Boot-only images as a workaround,
by removing the binman image descriptions from the device-tree sources.
Additionally, disable in our configs the BINMAN_FDT functionality that
allows using these at runtime as it requires them to be present.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
U-Boot upstream has added a reference counting for regulator enable
actions which somehow makes gru-kevin unbootable. Add a workaround
that makes it work again.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Set default U-Boot revision to v2023.01 and rebase patches on top of
that. Another series about 16x32 fonts was merged upstream, so drop some
now-unnecessary patches we had for that. For the video damage tracking
series, switch to the version I'm trying to upstream.
Upstream kconfig status is a bit unstable, so updating configs with
`make oldconfig` would miss important upstream changes, since they rely
on carrying defaults via upstream defconfigs. Update the configs as
such:
- Turn old configs into defconfigs (./update project trees -s u-boot)
- Save the diff from old upstream defconfig (diffconfig $theirs $ours)
- Update U-Boot revision, rebase patches, and clean old trees
- Prepare new U-Boot tree (./update project trees -f u-boot)
- Review the diffconfigs to see if any options were renamed upstream
- Copy over the new upstream defconfigs and apply earlier diff
- Turn new defconfigs into configs (./update project trees -l u-boot)
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The U-Boot build for qemu_arm64_12mb board refers to a code revision
whereas it uses the common "default" tree, remove the bad reference.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The "u-boot.bin" file generated by U-Boot builds is a raw binary. When
adding payloads to a CBFS, we need to use ELF files with add-payload
or manually pass the entry point and load address of the payload binary
with add-flat-binary.
We primarily use the "u-boot.elf" which gets build with the REMAKE_ELF
option, as it also has the necessary device-tree binary that U-Boot
usually needs to work. When the option is not set (e.g. for QEMU), we
need to use the "u-boot" file which is an ELF.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Riku's mSATA patch for HP8300USDT was merged upstream, so the
patch has been dropped from lbmk because it is contained within
this new coreboot revision.
Signed-off-by: Leah Rowe <leah@libreboot.org>
coreboot closely matches upstream, whose current release
is version 1.2 from 2018, and coreboot has not changed it
in any meaningful way.
the upstream did add patches since, but they are documentation
patches only.
this means: we do not need to use the upstream version
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is for the latest ubuntu release.
the ubuntu2004 config (for ubuntu 20.04) still exists,
and will remain in place.
Signed-off-by: Leah Rowe <leah@libreboot.org>
a user installed these dependencies in popos, but autopoint
was missing during the grub build.
add autopoint to the debian dependencies config.
Signed-off-by: Leah Rowe <leah@libreboot.org>
some users reported build errors. technically, there's
nothing wrong with lbmk but it relies on hostcc, and
hostcc is hit or miss when it comes to cross compiling
32-bit, depending on the build system of whatever project.
lbmk needs to handle cross compilation. for now, i'm just
disabling memtest86plus on non-64-bit hosts.
Signed-off-by: Leah Rowe <leah@libreboot.org>
most of the changes since last revision aren't very
useful to us; most of them pertain to fs/ntfs, but
there is one that is interesting:
48f569c78a496d3e11a4605b0999bc34fa5bc977
kern/acpi: Skip NULL entries in RSDT and XSDT
Signed-off-by: Leah Rowe <leah@libreboot.org>
in the future, we may start downloading files that aren't
blobs, such as mxm port configs (on mainboards that use
MXM graphics)
this directory will contain all of those files
generally change the language used, across lbmk, to make
use of "vendorfile" instead of "blob"
Signed-off-by: Leah Rowe <leah@libreboot.org>
We don't have a directory names "srces", just "src".
Ditto ecs, mrcs <-- it's just ec and mrc
When referring to a file, e.g. blob/t1650/me.bin, that
makes much more sense, because it's a single blob, not
multiple blobs.
Don't pluralise what isn't plural
Signed-off-by: Leah Rowe <leah@libreboot.org>
build/release/src was partly re-written to accomodate this
memtest86plus was patched to have a central Makefile, and
lbmk modified to use that, rather than mess with build32
and build64. the central Makefile just builds both targets
or cleans both targets
Signed-off-by: Leah Rowe <leah@libreboot.org>
The pager causes trouble in some cases, where the user has
to press enter at boot time depending on the configuration.
Interactive use is one thing, but we should leave this
disabled for smoother experience. If the user *wishes* to
use the shell, they can always just enable the pager
themselves by doing:
set pager=1
Signed-off-by: Leah Rowe <leah@libreboot.org>
mrc.bin is now handled by include/mrc.sh, adapted
from now-deleted script/update/blobs/mrc
much of the logic has been re-written or adapted for
inside script/update/blobs/download
mrc links/hashes now defined in config/blobs/sources
the new code is simpler (and smaller). in addition,
lbmk can now easily handle mrc.bin files for other
platforms such as broadwell. watch this space.
the full .zip download is now cached, like with other
vendor downloads. this means it won't be re-downloaded
if it was already downloaded before.
Signed-off-by: Leah Rowe <leah@libreboot.org>
With this change, it's still possible to have a single
file at config/git/revisions, but this has been scrapped.
Instead, multiple files now exist under config/git/ with
the same modules declared, but the files are separated
logically. List of files under config/git:
* bios_extract
* biosutilities
* coreboot
* flashrom
* grub (gnulib also defined here)
* me_cleaner
* memtest86plus
* seabios
* serprog (multiple projects defined)
* u-boot
* uefitool
The rationale behind this change is simple: in the future,
we will stop relying on build systems within imported
projects for the import of git submodules. Instead, we
will handle them directly in lbmk.
Additionally, a Linux payload is planned for Libreboot, made
easier by the recent audit (script handle/make/config makes
it easy to integrate Linux, and handle cross-compilers for
userland utilities); a "linux" file under config/git/ could
also define rules for each project besides linux, such as
musl libc, busybox and other utilities.
Signed-off-by: Leah Rowe <leah@libreboot.org>
It's now 44 revisions above 2.12-rc1, not 17 above.
The additional patches (in GRUB master) contain several
important fixes, including cryptodisk and ZFS fixes plus
a few other interesting changes, namely:
14c95e57fddb6c826bee7755232de62efc8eb45b:
kern/misc: Make grub_vsnprintf() C99/POSIX conformant
296d3ec835ed6e3b90d740e497bb534f14fe4b79:
disk/cryptodisk: Fix missing change when updating to use grub_uuidcasecmp()
42a831d7462ec3a114156d56ef8a03e1d47f19e7:
ZFS: support inode type embed into its ID
96446ce14e2d1fe9f5b36ec4ac45a2efd92a40d1:
ZFS: Fix invalid memcmp
444089eec6042250ce3a7184cb09bd8a2ab16808:
ZFS: Don't iterate over null objsets
7ce5b4911005b2a0bfd716d92466b6711844068c:
ZFS: Check bonustype in addition to dnode type
There are more patches than this, but these are the
ones that strike me as interesting for Libreboot.
Signed-off-by: Leah Rowe <leah@libreboot.org>
sha-1 has known collision issues, which may not be readily
exploitable yet (in our context), but we should ideally use
a more secure method for checking file integrity.
therefore, use sha-2 (sha512sum) for checking files. this is
slower than sha-1, but checksum verification is only a minor
part of what lbmk does, so the overall effect on build times
is quite negligible.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Tested on a Nucleo-F042K6.
That has an onboard stlink:
`st-flash --format ihex write bin/serprog_stm32/serprog_nucleo-f042k6.hex`
The usb port used for flashing is separate, its is exposed on
the pin header instead. Check boards/nucleo-f042k6.h for usb pinout.
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
target.cfg can now specify e.g.
grub_timeout=20
this would then be inserted as timeout.cfg in cbfs,
containing the instruction:
set timeout=20
HP laptops need a bit of extra time, due to the delay
caused by the EC bug workaround deployed in GRUB
desktops in general need extra time. this too is set to
10s, like the HP laptops.
only insert timeout.cfg if actually needed (declared in
target.cfg), otherwise grub.cfg will default to 5s
Signed-off-by: Leah Rowe <leah@libreboot.org>
for example, the beep sound in debian's installer needs
this module.
the cute ding in the arch/artix menu also needs it
Signed-off-by: Leah Rowe <leah@libreboot.org>
now under coreboot mainboards, target.cfg can specify
a background. if not specified, the 1280x800 one is
assumed, and used by default. it can be overridden.
the path should be relative to:
config/grub/background/
Signed-off-by: Leah Rowe <leah@libreboot.org>
this causes a saving of about 131KB uncompressed, when
i tested. we don't need mach kernel support. nobody will
ever use it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this causes a 6.7% decrease in the payload size
these file systems are microsoft(fat, ntfs) or mostly
oldschool amiga and beos file systems
also remove minix modules, and some old linux file
systems that nobody will use in 2023
Signed-off-by: Leah Rowe <leah@libreboot.org>
it doesn't really make sense for them to be under
blobs/ - nominally, they are blobs, but they are
well-understood data files containing config data,
that is easily parsed by tools like ich9show or
ifdtool (and tools like bincfg or nvmutil)
blobs/ has been re-purposed: this directory no longer
exists in lbmk, but it is created (and on .gitignore)
when needed, by blobutil
thus, the blobs/ directory shall only contain vendor
files, and only those files that libreboot scrubs from
releases. therefore, build/release/src can (and has
been) simplified; it currently copies just the ifd and
gbe files from blobs/, selectively, and this logic is
quite error prone, requiring maintenance. now, the
build/release/src script simply copies config/ (which
only ever contains distributable files) and entirely
ignores the blobs/ directory
the blob download script already creates the required
directory, except for the sch5545 download; this is
now fixed
lbmk code size is slightly smaller, due to this patch
Signed-off-by: Leah Rowe <leah@libreboot.org>