2022-11-13 21:12:15 +00:00
|
|
|
---
|
2024-12-06 20:31:58 +00:00
|
|
|
title: Insert vendor files not included in release images
|
2022-11-13 21:12:15 +00:00
|
|
|
x-toc-enable: true
|
|
|
|
...
|
|
|
|
|
2024-12-14 04:42:06 +00:00
|
|
|
**Install build dependencies first**
|
|
|
|
================================
|
|
|
|
|
|
|
|
**You will be compiling several small utilities from source code. This means
|
|
|
|
you need the compilers and various libraries.**
|
|
|
|
|
|
|
|
**Please make sure to install [build dependencies](../build/)** before using this
|
2024-12-14 04:53:29 +00:00
|
|
|
guide, and note that this guide assumes you use [lbmk.git](../../git.md).
|
2024-12-14 04:42:06 +00:00
|
|
|
|
|
|
|
**Failure to adhere to this warning will result in vendor file insertion not
|
|
|
|
working. The insertion must work correctly, prior to Libreboot installation,
|
|
|
|
if your board requires it, otherwise your board simply will not boot.**
|
|
|
|
|
|
|
|
Introduction
|
|
|
|
============
|
2022-11-13 21:12:15 +00:00
|
|
|
|
2023-10-10 20:46:44 +00:00
|
|
|
Coreboot is nominally free software, but requires certain vendor code on some
|
2023-10-10 20:37:16 +00:00
|
|
|
boards, for certain functionalities; we cover this more thoroughly in
|
2023-08-16 22:44:57 +00:00
|
|
|
the [Freedom Status](../../freedom-status.md) page and in the [Binary Blob
|
|
|
|
Reduction Policy](../../news/policy.md).
|
2022-11-13 21:12:15 +00:00
|
|
|
|
2024-12-06 20:31:58 +00:00
|
|
|
Libreboot can't directly distribute *all* of these blobs, so some of them are
|
|
|
|
downloaded at build-time, and processed for insertion into the firmware images.
|
|
|
|
**On pre-compiled ROM images in releases, these files are removed, and can be
|
|
|
|
re-added using the same automation that was applied during the build process.**
|
|
|
|
|
|
|
|
Examples of vendor files can include, for example: Intel ME (disabled after
|
|
|
|
boot with me\_cleaner), Embedded Controller firmware (e.g. KBC1126 EC firmware
|
|
|
|
on HP EliteBooks), VGA ROMs (e.g. Nvidia GPU ROM for Dell Latitude E6400),
|
|
|
|
and so on. Without these, your machine may not boot correctly, or not boot at
|
|
|
|
all!
|
|
|
|
|
2024-08-27 03:06:28 +00:00
|
|
|
The same logic can be used after the fact, to re-download and re-insert these
|
|
|
|
files; the page that you're reading now will tell you how to do so.
|
2022-11-13 21:12:15 +00:00
|
|
|
|
2024-08-27 03:06:28 +00:00
|
|
|
*If in doubt, just follow these instructions anyway; if your board doesn't need
|
|
|
|
vendor files inserted, nothing will happen. You only need to follow this guide
|
|
|
|
if you use release ROMs; if you're building directly from source, using the
|
|
|
|
Libreboot build system, then you can just flash the result.*
|
2022-11-13 21:12:15 +00:00
|
|
|
|
2024-12-14 04:42:06 +00:00
|
|
|
Injecting vendor files ROMs tarball
|
2022-11-13 21:12:15 +00:00
|
|
|
------------------------------------
|
|
|
|
|
2023-07-06 22:57:57 +00:00
|
|
|
You must determine the correct board name, for your board, based on the list
|
|
|
|
generated when running this command:
|
|
|
|
|
2024-08-23 00:28:08 +00:00
|
|
|
./mk -b coreboot list
|
2023-07-06 22:57:57 +00:00
|
|
|
|
2023-10-10 20:37:16 +00:00
|
|
|
In order to inject the necessary files into a rom image, run the script from the root of lbmk and point to the rom image.
|
2023-04-03 02:30:13 +00:00
|
|
|
|
2023-10-10 20:37:16 +00:00
|
|
|
If you only wish to flash a release rom then the process of injecting the necessary files is quite simple.
|
2023-04-03 02:30:13 +00:00
|
|
|
Run the injection script pointing to the release archive you downloaded:
|
|
|
|
|
2024-06-19 00:21:40 +00:00
|
|
|
./vendor inject libreboot-RELEASE_targetname.tar.xz
|
2023-04-03 02:30:13 +00:00
|
|
|
|
2024-12-14 04:42:06 +00:00
|
|
|
The script can automatically detect the board as long as you do not change the file name.
|
|
|
|
You can then find flash-ready ROMs in `/bin/release/`
|
|
|
|
|
|
|
|
*This is the recommended way to do it, injecting into the tarball.*
|
|
|
|
|
|
|
|
Injecting vendor files into single ROMs
|
|
|
|
---------------------------------------
|
|
|
|
|
2024-08-27 03:12:07 +00:00
|
|
|
**You are strongly advised only to insert it on the tarball, because then
|
|
|
|
checksums are verified to ensure that the vendor files were inserted correctly.
|
|
|
|
Otherwise, you can do it manually on each individual image, specifying the
|
|
|
|
board name with the instructions provided below:**
|
|
|
|
|
2024-12-14 04:42:06 +00:00
|
|
|
**However, when injecting into the tarball in bulk like that, lbmk currently
|
|
|
|
cannot change the MAC addresses automatically, using the `-m` option mentioned
|
|
|
|
below.**
|
|
|
|
|
|
|
|
**Therefore, if you want to rely on insertion into the tarball, you can just
|
|
|
|
copy the ROM you want and [change the MAC address manually](nvmutil.md).**
|
2023-04-03 02:30:13 +00:00
|
|
|
|
2023-08-16 22:44:57 +00:00
|
|
|
Alternatively, you may patch only a single rom file, but you must supply the
|
|
|
|
correct board target name as alluded to above.
|
2022-11-13 21:12:15 +00:00
|
|
|
For example:
|
|
|
|
|
2023-10-20 05:07:57 +00:00
|
|
|
./vendor inject -r x230_libreboot.rom -b x230_12mb
|
2022-11-13 21:12:15 +00:00
|
|
|
|
|
|
|
Optionally, you can use this script to modify the mac address of the rom with the `-m` flag.
|
|
|
|
For example:
|
|
|
|
|
2023-10-20 05:07:57 +00:00
|
|
|
./vendor inject -r x230_libreboot.rom -b x230_12mb -m 00:f6:f0:40:71:fd
|
2022-11-13 21:12:15 +00:00
|
|
|
|
2024-12-14 04:42:06 +00:00
|
|
|
You are *strongly* advised to inject the tarballs instead. However, so long as
|
|
|
|
you're careful, injecting into single ROM images is perfectly safe. Just know
|
|
|
|
once more that the checksum verification is unavailable in the latter, so you
|
|
|
|
must absolutely ensure that you specified the correct board with the `-b`
|
|
|
|
option.
|
|
|
|
|
2023-10-10 20:37:16 +00:00
|
|
|
Check that the files were inserted
|
2023-08-16 22:44:57 +00:00
|
|
|
==================================
|
|
|
|
|
2024-08-27 03:12:07 +00:00
|
|
|
You *must* ensure that the files were inserted. The inject command automatically
|
|
|
|
verifies checksums of the complete images, when you run it directly on a
|
|
|
|
release tarball, but not when running it manually on an individual image;
|
|
|
|
checking it manually is useful for the latter, but you should probably just
|
|
|
|
insert it into the tarball.
|
2023-08-16 22:44:57 +00:00
|
|
|
|
|
|
|
Some examples of how to do that in lbmk:
|
|
|
|
|
2024-08-23 00:28:08 +00:00
|
|
|
./mk -d coreboot TREENAME
|
2023-08-16 22:44:57 +00:00
|
|
|
|
2024-08-27 03:12:07 +00:00
|
|
|
TREENAME should be the coreboot tree corresponding to your board. Check
|
|
|
|
this in `config/coreboot/BOARD/target.cfg` for your board, and `tree` will be
|
|
|
|
set to e.g. `default`, or some other tree name.
|
|
|
|
|
2024-08-23 00:28:08 +00:00
|
|
|
Now you find `elf/cbfstool`, which is a directory containing `cbfstool`
|
2023-08-16 22:44:57 +00:00
|
|
|
and `ifdtool`. Do this on your ROM image (`libreboot.rom` in the example
|
|
|
|
below):
|
|
|
|
|
2024-08-23 00:28:08 +00:00
|
|
|
./elf/cbfstool/TREENAME/cbfstool libreboot.rom print
|
2023-08-16 22:44:57 +00:00
|
|
|
|
2023-10-10 20:37:16 +00:00
|
|
|
You should check that the files were inserted in cbfs, if needed; for example,
|
2023-08-16 22:44:57 +00:00
|
|
|
EC firmware or MRC firmware.
|
|
|
|
|
|
|
|
Next:
|
|
|
|
|
2024-08-23 00:28:08 +00:00
|
|
|
./elf/ifdtool/TREENAME/ifdtool -x libreboot.rom
|
2023-08-16 22:44:57 +00:00
|
|
|
|
|
|
|
This creates several `.bin` files, one of which says `me` in it (Intel ME).
|
|
|
|
Run hexdump on it:
|
|
|
|
|
|
|
|
hexdump flashregion_2_intel_me.bin
|
|
|
|
|
|
|
|
Check the output. If it's all `0xFF` (all ones) or otherwise isn't a bunch
|
|
|
|
of code, then the Intel ME firmware wasn't inserted.
|
|
|
|
|
|
|
|
You'll note the small size of the Intel ME, e.g. 84KB on sandybridge platforms.
|
2023-10-10 20:37:16 +00:00
|
|
|
This is because lbmk *automatically* neuters it, disabling it during
|
2023-08-16 22:44:57 +00:00
|
|
|
early boot. This is done using `me_cleaner`, which lbmk imports.
|
|
|
|
|
2024-06-19 00:21:40 +00:00
|
|
|
NOTE: the MAC changer makes use of `nvmutil`, which you can read more about in
|
|
|
|
the [nvmutil documentation](nvmutil.md).
|
|
|
|
|
2023-08-16 22:44:57 +00:00
|
|
|
Errata
|
|
|
|
======
|
|
|
|
|
2024-06-19 00:21:40 +00:00
|
|
|
NOTE: As of Libreboot releases from May 2024 onward, the Intel MRC is no longer
|
|
|
|
included for Haswell; MRC is a blob for raminit, but we now provide libre
|
|
|
|
raminit. The following targets no longer exist in the build system:
|
|
|
|
|
|
|
|
* `t440pmrc_12mb` (use `t440plibremrc_12mb` instead)
|
|
|
|
* `t440pbmrc_12mb` (use `t440plibremrc_12mb` instead)
|
|
|
|
* `w541mrc_12mb` (use `w541_12mb` instead)
|
|
|
|
* `w541bmrc_12mb` (use `w541_12mb` instead)
|
|
|
|
* `dell9020sff_12mb` (use `dell9020sff_nri_12mb` instead)
|
|
|
|
* `dell9020sffbmrc` (use `dell9020sff_nri_12mb` instead)
|
|
|
|
* `dell9020mt_12mb` (use `dell9020mt_nri_12mb` instead)
|
|
|
|
* `dell9020mtbmrc` (use `dell9020mt_nri_12mb` instead)
|
|
|
|
|
|
|
|
This is written as errata because some users may still be using older release
|
|
|
|
images but on the newer build system from May 2024 onward; you must use the
|
|
|
|
Libreboot 20240225 release if you want to inject MRC and so on, for these older
|
|
|
|
targets.
|
|
|
|
|
|
|
|
Libreboot's [binary blob reduction policy](../../news/policy.md) is very strict,
|
|
|
|
and states: if a blob can be avoided, it must be avoided. Therefore, the MRC
|
|
|
|
is removed on Haswell and Libreboot will only use the libre raminit (called
|
|
|
|
NRI, short for Native Ram Initialisation).
|