lbwww/site/docs/install/ivy_has_common.uk.md

180 lines
7.3 KiB
Markdown
Raw Normal View History

---
title: Insert vendor files not included in release images
x-toc-enable: true
...
Regarding vendorfile insertion: if unsure, just follow these instructions.
If a given target does not require vendor files, none will be inserted.
**TODO: Re-translate this again to Ukrainian. It was translated before, but
the english page got heavily re-written.**
Libreboot can't directly distribute *all* of these blobs, so some of them are
downloaded at build-time, and processed for insertion into the firmware images.
**On pre-compiled ROM images in releases, these files are removed, and can be
re-added using the same automation that was applied during the build process.**
**NOTE: This page also applies to PM45 machine Dell Latitude E6400 if it
contains an Nvidia GPU (Libreboot vendor scripts can insert the VGA ROM)**
This is not a general purpose installation guide, but you *should read it*
before installing Libreboot! *This* guide *must* be followed, no matter what
method you use to install Libreboot; even if you compile from source, you should
still read this page for later reference.
For how to use an external programmer see the [25xx NOR flashing guide](/docs/install/spi.html)
Introduction
============
**PLEASE MAKE SURE you have build dependencies installed first. Although you
do not need to re-compile release ROMs, you should follow these instructions
before reading the instructions below:
<https://libreboot.org/docs/build/#first-install-build-dependencies>**
Coreboot is nominally free software, but requires certain vendor code on some
boards, for certain functionalities; it differs per board, and some boards do
not require vendor code of any kind in the flash. We cover this more thoroughly in
the [Freedom Status](../../freedom-status.md) page and in the [Binary Blob
Reduction Policy](../../news/policy.md).
Well, not all of these files are freely redistributable. Coreboot does provide
vendor files in some cases, if the vendor has allowed it. In other cases,
extraction from factory firmware is required, or you can extract them from
vendor-supplied updates - Libreboot's build system does the latter.
When you [compile Libreboot ROM images from source](../build/), Libreboot will
automatically download any given vendor files required, for any given board
target. This is done without user intervention, and only when absolutely needed
to make the machine boot properly.
The problem?
------------
Well, if the files cannot be freely redistributed, then we can't provide them.
So how do we handle *that*, in the context of Libreboot releases?
The solution
------------
The answer is very simple: these files are **NOT** provided, at all! However,
the very same logic used by the build system can be run standalone, to re-insert
these vendor files on release ROMs. The `inject` script detects what files are
needed for your ROM image.
The script will detect what board you're inserting on, or you can manually tell
it what board, and it will fetch them for you, inserting them, so that your
board is ready to flash - flashing it without these required files may result in
a brick.
Vendor file locations
--------------
During auto-download of files, they are saved to these locations within the
Libreboot build system:
* ME firmware: `vendor/*/me.bin` - the `*` can be any given directory. Different ones will
be used by given boards, but the directory name may not match the board
target name.
* SMSC SCH5545 fan control firmware (for Dell T1650): `vendor/t1650/sch5545ec.bin` -
ditto 7010/9010 MT/SFF optiplex machines.
* SMSC KBC1126 embedded controller firmware, on HP EliteBooks: `ec/`
* Intel MRC firmware, provides raminit on HP EliteBook 820 G2
The above list refers to the *non-redistributable files*, and these are not
directly included in releases. These are auto-downloaded during the build.
The `me.bin` files are produced by extracting them from vendor updates and
neutering them with `me_cleaner` so that Intel ME is disabled during early boot.
Inject vendor files into ROM
------------------------------------
You must determine the correct board name, for your board, based on the list
generated when running this command:
./mk -b coreboot list
In order to inject the necessary files into a rom image, run the script from the root of lbmk and point to the rom image.
If you only wish to flash a release rom then the process of injecting the necessary files is quite simple.
Run the injection script pointing to the release archive you downloaded:
./vendor inject /path/to/libreboot-20230319-18-g9f76c92_t440pmrc_12mb.tar.xz
The script can automatically detect the board as long as you do not change the file name.
You can then find flash-ready ROMs in `/bin/release/`
Alternatively, you may patch only a single rom file, but you must supply the
correct board target name as alluded to above.
For example:
./vendor inject -r x230_libreboot.rom -b x230_12mb
Optionally, you can use this script to modify the mac address of the rom with the `-m` flag.
For example:
./vendor inject -r x230_libreboot.rom -b x230_12mb -m 00:f6:f0:40:71:fd
Check that the files were inserted
==================================
You *must* ensure that the files were inserted.
Some examples of how to do that in lbmk:
./update trees -d coreboot TREENAME
Now you find `cbutitls/default`, which is a directory containing `cbfstool`
and `ifdtool`. Do this on your ROM image (`libreboot.rom` in the example
below):
./cbutils/default/cbfstool libreboot.rom print
You should check that the files were inserted in cbfs, if needed; for example,
EC firmware or MRC firmware.
Next:
./cbutils/default/ifdtool -x libreboot.rom
This creates several `.bin` files, one of which says `me` in it (Intel ME).
Run hexdump on it:
hexdump flashregion_2_intel_me.bin
Check the output. If it's all `0xFF` (all ones) or otherwise isn't a bunch
of code, then the Intel ME firmware wasn't inserted.
You'll note the small size of the Intel ME, e.g. 84KB on sandybridge platforms.
This is because lbmk *automatically* neuters it, disabling it during
early boot. This is done using `me_cleaner`, which lbmk imports.
NOTE: the MAC changer makes use of `nvmutil`, which you can read more about in
the [nvmutil documentation](nvmutil.md).
Errata
======
NOTE: As of Libreboot releases from May 2024 onward, the Intel MRC is no longer
included for Haswell; MRC is a blob for raminit, but we now provide libre
raminit. The following targets no longer exist in the build system:
* `t440pmrc_12mb` (use `t440plibremrc_12mb` instead)
* `t440pbmrc_12mb` (use `t440plibremrc_12mb` instead)
* `w541mrc_12mb` (use `w541_12mb` instead)
* `w541bmrc_12mb` (use `w541_12mb` instead)
* `dell9020sff_12mb` (use `dell9020sff_nri_12mb` instead)
* `dell9020sffbmrc` (use `dell9020sff_nri_12mb` instead)
* `dell9020mt_12mb` (use `dell9020mt_nri_12mb` instead)
* `dell9020mtbmrc` (use `dell9020mt_nri_12mb` instead)
This is written as errata because some users may still be using older release
images but on the newer build system from May 2024 onward; you must use the
Libreboot 20240225 release if you want to inject MRC and so on, for these older
targets.
Libreboot's [binary blob reduction policy](../../news/policy.md) is very strict,
and states: if a blob can be avoided, it must be avoided. Therefore, the MRC
is removed on Haswell and Libreboot will only use the libre raminit (called
NRI, short for Native Ram Initialisation).