the patch:
https://review.coreboot.org/c/coreboot/+/78270
this has been reverted, because it caused s3 resume
issues on most intel laptops in libreboot.
i was going to merge this instead:
https://review.coreboot.org/c/coreboot/+/78623
however, it's under review, and this doesn't change
to the old behaviour; it keeps the new universal
config, but changes the default
we know the old logic works, so keep that for now.
in fact, the offending patch was only merged to
main in coreboot, one day before i recently
updated coreboot revs in coreboot/default - i used
a 12 october revision, the patch above is 11 october
i then ran "./update trees -u coreboot" which updated
the heap sizes back to the old defaults. this should
fix s3 suspend/resume where it was broken, in the
libreboot 20231021 release - a point release with this
and a few other fixes is planned soon.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the logic for naming coreboot roms is based on whether
cpu_microcode_blob.bin would exist in cbfs, and whether
deletion was therefore successful.
lbmk was naming nomicrocode on fam15h roms on this basis,
but the microcode was being inserted as microcode_amd.bin
and microcode_amd_fam15h.bin
in the recent 20231021 release, the roms were exclusively
labeled _nomicrocode in the rom names, but they do in fact
contain microcode.
i'm fixing it by telling lbmk *not* to delete microcode.
if microcode_required is not set, or it's set to y, then
only roms *with* microcode updates are provided; even if
the rom doesn't actually contain it, lbmk will only label
it _nomicrocode if that setting is set to n.
i'm not bothering to add further complexity to the rom
handling logic, because canoeboot now exists anyway (at
website https://canoeboot.org/) which is my new version
re-implementing the older, inferior version of libreboot
so i'm going to:
1) document this as errata in the release
2) cross reference in the freedom status page
3) if someone still isn't happy, i'll say use canoeboot
job done.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Add a U-Boot build for the qemu_x86_12mb board. The config is a copy of
the upstream "coreboot" defconfig, but with OF_EMBED=y.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Add my upstream U-Boot series enabling video console support by default
for QEMU ARM virtual machines. Similarly, enable the related config
options for our builds using savedefconfig and olddefconfig.
The resulting ROM can be booted with a command line like:
qemu-system-aarch64 \
-machine virt,secure=on,virtualization=on \
-cpu cortex-a72 -m 1G \
-serial stdio -device VGA \
-device qemu-xhci \
-device usb-kbd -device usb-mouse \
-bios bin/qemu_arm64_12mb/*.rom
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
gru_bob fails to build without python-setuptools. this isn't a huge issue,
because most users probably have it already as many other python programs
depend on it too. that's probably why no one noticed until now,
when i tried to do this on a fresh artix install uncontaminated by python.
i also sorted and deduplicated the packages with 'sort -u'.
github's httpd b0rked the fuck out and i didn't want to wait
for them to fix it (ssl cert error) before i continued a build.
i now host the relevant acpica tarball on libreboot rsync,
mirrored to princeton.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's not used by anywhere else in lbmk, but the release build
script will automatically download each project named as per
file names in config/git/
this is a stupidly simply way to prove documentation in
libreboot releases, and i've used current revisions corresponding
to the Libreboot 20231021 release, for this 20231021 release
of lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's been a while since we did encrypted /boot
and the current name sucks.
it's unlikely that anyone still uses it, but
people will soon
change the default assumed lvm name to grubcrypt
and stick to that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
notabug is unreliable, even as a backup.
why, just today, it was offline! all day.
i originally moved libreboot away from notabug,
to codeberg instead, but kept the notabug account
online, and i still push to it when it's online.
however, notabug seems to be in a terminal state
of neglect by its admins, so lbmk should not use it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
flashrom-stable isn't really going anywhere
i'll decide at some future point what to do
with flashrom. for now, just give latest rev
Signed-off-by: Leah Rowe <leah@libreboot.org>
the grub backup was the same gnu server
i decided to host grub on codeberg, as backup
(gnu links as primary is ok)
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's ok for now to use it as a backup.
where only github was specified, i mirrored each
given repository to codeberg as main repo for lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's not actually needed in lbmk
flashrom can be downloaded separately by the user,
if they want to flash their chip
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't put multiple downloads in the same files, except
when they are dependencies that go inside the directory
of another download.
by doing this, the following functionality will become
possible: clean every project or build every project,
or maybe fetch every project, based entirely on the
names of these files.
this will be used later to simplify the release script.
Signed-off-by: Leah Rowe <leah@libreboot.org>
as opposed to the current 3-level structure.
recent build system simplifications have enabled
this change, thus:
./build fw coreboot -> ./build roms
./build fw grub -> ./build grub
./build fw serprog -> ./build serprog
./update project release -> ./update release
./update project trees -> ./update trees
./update vendor download -> ./vendor download
./update vendor inject -> ./vendor inject
alper criticised that the commands were too long,
so i made them shorter!
Signed-off-by: Leah Rowe <leah@libreboot.org>
i previously added this just for kicks, but it's not
actually needed; gnat isn't used on fam15h boards so
lbmk doesn't even use it (it's disabled).
in fact, i tested lbmk with crossgcc_ada handling
taken out, but with said patch; i still got build
errors with gnat anyway, on that old coreboot
revision (but gnat isn't needed there anymore).
Signed-off-by: Leah Rowe <leah@libreboot.org>
We don't really need a custom coreboot tree for Chromebooks. I had added
one, because at a cursory glance to the available config/coreboot/board
subdirectories I had the impression that I should. But upstreams have
one tree for every board and I think we should move towards that too.
Move the one important BL31 makefile patch into the default coreboot
patches, update the gru boards' configs by running savedefconfig in the
cros tree and then running olddefconfig in the default tree.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
By default U-Boot stores EFI variables in a ubootefi.var file in
whatever EFI System Partition it finds, which would be a FAT filesystem.
I'm occasionally finding out while testing that my ESPs somehow end up
with a corrupted filesystem, and I'm suspecting it's this.
For now, disable storing EFI environment variables on disk so that
U-Boot doesn't try to manipulate the filesystem.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Enable U-Boot commands to manipulate EFI environment storage, to
self-test EFI implementation, and to run a basic EFI test application.
These are so that we can test and debug EFI functionality easier.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
U-Boot upstream is switching to a new code framework for discovering and
booting OSes ("Standard Boot", or "bootstd"). Enable more features for
it, including commands we can use for introspection and debugging.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Normally U-Boot immediately resets the board on a panic. I had run into
"Synchronous Abort"s from shim and rEFInd, and having a traceback in
those cases can be useful. Hang instead of resetting, so the panic
reason stays on the screen.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
We should be able to power the board off from U-Boot command line.
Enable the "poweroff" command for gru boards so we can.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
U-Boot can keep a "copy" framebuffer to read from, for devices where
reading from hardware framebuffer is expensive. This needs the video
driver to support it. The Rockchip video driver doesn't need or support
it, so this option does nothing on gru boards. Disable it.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
U-Boot upstream used to have 16KB for EFI variables, and this was
causing problems with shim. Commit f0236acbc6 ("u-boot: Increase EFI
variable buffer size") fixed this by raising it to 32KB in our builds.
It has now been raised to 64K upstream, so raise it here as well.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
For Rockchip boards U-Boot tries to build SPI and MMC images that
require an externally built BL31 file to be provided, and the build
fails otherwise. This is not really as configurable as it should be.
In Libreboot, we only care about the build outputs for U-Boot proper.
There is a BL31 built during our coreboot builds, but using that in
U-Boot builds is a chicken-and-egg problem. Building BL31 outside the
coreboot build and passing it to both projects is possible, but needs
work.
For now, stop trying to build these U-Boot-only images as a workaround,
by removing the binman image descriptions from the device-tree sources.
Additionally, disable in our configs the BINMAN_FDT functionality that
allows using these at runtime as it requires them to be present.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
U-Boot upstream has added a reference counting for regulator enable
actions which somehow makes gru-kevin unbootable. Add a workaround
that makes it work again.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Set default U-Boot revision to v2023.01 and rebase patches on top of
that. Another series about 16x32 fonts was merged upstream, so drop some
now-unnecessary patches we had for that. For the video damage tracking
series, switch to the version I'm trying to upstream.
Upstream kconfig status is a bit unstable, so updating configs with
`make oldconfig` would miss important upstream changes, since they rely
on carrying defaults via upstream defconfigs. Update the configs as
such:
- Turn old configs into defconfigs (./update project trees -s u-boot)
- Save the diff from old upstream defconfig (diffconfig $theirs $ours)
- Update U-Boot revision, rebase patches, and clean old trees
- Prepare new U-Boot tree (./update project trees -f u-boot)
- Review the diffconfigs to see if any options were renamed upstream
- Copy over the new upstream defconfigs and apply earlier diff
- Turn new defconfigs into configs (./update project trees -l u-boot)
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The U-Boot build for qemu_arm64_12mb board refers to a code revision
whereas it uses the common "default" tree, remove the bad reference.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The "u-boot.bin" file generated by U-Boot builds is a raw binary. When
adding payloads to a CBFS, we need to use ELF files with add-payload
or manually pass the entry point and load address of the payload binary
with add-flat-binary.
We primarily use the "u-boot.elf" which gets build with the REMAKE_ELF
option, as it also has the necessary device-tree binary that U-Boot
usually needs to work. When the option is not set (e.g. for QEMU), we
need to use the "u-boot" file which is an ELF.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Riku's mSATA patch for HP8300USDT was merged upstream, so the
patch has been dropped from lbmk because it is contained within
this new coreboot revision.
Signed-off-by: Leah Rowe <leah@libreboot.org>
coreboot closely matches upstream, whose current release
is version 1.2 from 2018, and coreboot has not changed it
in any meaningful way.
the upstream did add patches since, but they are documentation
patches only.
this means: we do not need to use the upstream version
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is for the latest ubuntu release.
the ubuntu2004 config (for ubuntu 20.04) still exists,
and will remain in place.
Signed-off-by: Leah Rowe <leah@libreboot.org>
a user installed these dependencies in popos, but autopoint
was missing during the grub build.
add autopoint to the debian dependencies config.
Signed-off-by: Leah Rowe <leah@libreboot.org>
some users reported build errors. technically, there's
nothing wrong with lbmk but it relies on hostcc, and
hostcc is hit or miss when it comes to cross compiling
32-bit, depending on the build system of whatever project.
lbmk needs to handle cross compilation. for now, i'm just
disabling memtest86plus on non-64-bit hosts.
Signed-off-by: Leah Rowe <leah@libreboot.org>
most of the changes since last revision aren't very
useful to us; most of them pertain to fs/ntfs, but
there is one that is interesting:
48f569c78a496d3e11a4605b0999bc34fa5bc977
kern/acpi: Skip NULL entries in RSDT and XSDT
Signed-off-by: Leah Rowe <leah@libreboot.org>
in the future, we may start downloading files that aren't
blobs, such as mxm port configs (on mainboards that use
MXM graphics)
this directory will contain all of those files
generally change the language used, across lbmk, to make
use of "vendorfile" instead of "blob"
Signed-off-by: Leah Rowe <leah@libreboot.org>
We don't have a directory names "srces", just "src".
Ditto ecs, mrcs <-- it's just ec and mrc
When referring to a file, e.g. blob/t1650/me.bin, that
makes much more sense, because it's a single blob, not
multiple blobs.
Don't pluralise what isn't plural
Signed-off-by: Leah Rowe <leah@libreboot.org>
build/release/src was partly re-written to accomodate this
memtest86plus was patched to have a central Makefile, and
lbmk modified to use that, rather than mess with build32
and build64. the central Makefile just builds both targets
or cleans both targets
Signed-off-by: Leah Rowe <leah@libreboot.org>
The pager causes trouble in some cases, where the user has
to press enter at boot time depending on the configuration.
Interactive use is one thing, but we should leave this
disabled for smoother experience. If the user *wishes* to
use the shell, they can always just enable the pager
themselves by doing:
set pager=1
Signed-off-by: Leah Rowe <leah@libreboot.org>
mrc.bin is now handled by include/mrc.sh, adapted
from now-deleted script/update/blobs/mrc
much of the logic has been re-written or adapted for
inside script/update/blobs/download
mrc links/hashes now defined in config/blobs/sources
the new code is simpler (and smaller). in addition,
lbmk can now easily handle mrc.bin files for other
platforms such as broadwell. watch this space.
the full .zip download is now cached, like with other
vendor downloads. this means it won't be re-downloaded
if it was already downloaded before.
Signed-off-by: Leah Rowe <leah@libreboot.org>
With this change, it's still possible to have a single
file at config/git/revisions, but this has been scrapped.
Instead, multiple files now exist under config/git/ with
the same modules declared, but the files are separated
logically. List of files under config/git:
* bios_extract
* biosutilities
* coreboot
* flashrom
* grub (gnulib also defined here)
* me_cleaner
* memtest86plus
* seabios
* serprog (multiple projects defined)
* u-boot
* uefitool
The rationale behind this change is simple: in the future,
we will stop relying on build systems within imported
projects for the import of git submodules. Instead, we
will handle them directly in lbmk.
Additionally, a Linux payload is planned for Libreboot, made
easier by the recent audit (script handle/make/config makes
it easy to integrate Linux, and handle cross-compilers for
userland utilities); a "linux" file under config/git/ could
also define rules for each project besides linux, such as
musl libc, busybox and other utilities.
Signed-off-by: Leah Rowe <leah@libreboot.org>
It's now 44 revisions above 2.12-rc1, not 17 above.
The additional patches (in GRUB master) contain several
important fixes, including cryptodisk and ZFS fixes plus
a few other interesting changes, namely:
14c95e57fddb6c826bee7755232de62efc8eb45b:
kern/misc: Make grub_vsnprintf() C99/POSIX conformant
296d3ec835ed6e3b90d740e497bb534f14fe4b79:
disk/cryptodisk: Fix missing change when updating to use grub_uuidcasecmp()
42a831d7462ec3a114156d56ef8a03e1d47f19e7:
ZFS: support inode type embed into its ID
96446ce14e2d1fe9f5b36ec4ac45a2efd92a40d1:
ZFS: Fix invalid memcmp
444089eec6042250ce3a7184cb09bd8a2ab16808:
ZFS: Don't iterate over null objsets
7ce5b4911005b2a0bfd716d92466b6711844068c:
ZFS: Check bonustype in addition to dnode type
There are more patches than this, but these are the
ones that strike me as interesting for Libreboot.
Signed-off-by: Leah Rowe <leah@libreboot.org>
sha-1 has known collision issues, which may not be readily
exploitable yet (in our context), but we should ideally use
a more secure method for checking file integrity.
therefore, use sha-2 (sha512sum) for checking files. this is
slower than sha-1, but checksum verification is only a minor
part of what lbmk does, so the overall effect on build times
is quite negligible.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Tested on a Nucleo-F042K6.
That has an onboard stlink:
`st-flash --format ihex write bin/serprog_stm32/serprog_nucleo-f042k6.hex`
The usb port used for flashing is separate, its is exposed on
the pin header instead. Check boards/nucleo-f042k6.h for usb pinout.
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
target.cfg can now specify e.g.
grub_timeout=20
this would then be inserted as timeout.cfg in cbfs,
containing the instruction:
set timeout=20
HP laptops need a bit of extra time, due to the delay
caused by the EC bug workaround deployed in GRUB
desktops in general need extra time. this too is set to
10s, like the HP laptops.
only insert timeout.cfg if actually needed (declared in
target.cfg), otherwise grub.cfg will default to 5s
Signed-off-by: Leah Rowe <leah@libreboot.org>
for example, the beep sound in debian's installer needs
this module.
the cute ding in the arch/artix menu also needs it
Signed-off-by: Leah Rowe <leah@libreboot.org>
now under coreboot mainboards, target.cfg can specify
a background. if not specified, the 1280x800 one is
assumed, and used by default. it can be overridden.
the path should be relative to:
config/grub/background/
Signed-off-by: Leah Rowe <leah@libreboot.org>
this causes a saving of about 131KB uncompressed, when
i tested. we don't need mach kernel support. nobody will
ever use it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this causes a 6.7% decrease in the payload size
these file systems are microsoft(fat, ntfs) or mostly
oldschool amiga and beos file systems
also remove minix modules, and some old linux file
systems that nobody will use in 2023
Signed-off-by: Leah Rowe <leah@libreboot.org>
it doesn't really make sense for them to be under
blobs/ - nominally, they are blobs, but they are
well-understood data files containing config data,
that is easily parsed by tools like ich9show or
ifdtool (and tools like bincfg or nvmutil)
blobs/ has been re-purposed: this directory no longer
exists in lbmk, but it is created (and on .gitignore)
when needed, by blobutil
thus, the blobs/ directory shall only contain vendor
files, and only those files that libreboot scrubs from
releases. therefore, build/release/src can (and has
been) simplified; it currently copies just the ifd and
gbe files from blobs/, selectively, and this logic is
quite error prone, requiring maintenance. now, the
build/release/src script simply copies config/ (which
only ever contains distributable files) and entirely
ignores the blobs/ directory
the blob download script already creates the required
directory, except for the sch5545 download; this is
now fixed
lbmk code size is slightly smaller, due to this patch
Signed-off-by: Leah Rowe <leah@libreboot.org>