Merge pull request 'Remove ich9utils' (#137) from runxiyu/lbwww:remove_ich9utils into master

Reviewed-on: https://codeberg.org/libreboot/lbwww/pulls/137
2025-02-08 11:21:30 +00:00 · 2025-02-08 11:21:30 +00:00 · 990dc943d3
parent 84219b20eb 6f6ccc1ea9
commit 990dc943d3
10 changed files with 20 additions and 66 deletions
--- a/site/contrib.md
+++ b/site/contrib.md
@ -631,20 +631,19 @@ engineered the layout of the Intel GbE NVM (non-volatile memory) region in the
 boot flash. This region defines configuration options for the onboard Intel
 GbE NIC, if present.

-Based on this, I was able to take Steve's initial proof of concept and write
+Based on this, I was able to take Steve's initial proof of concept
+and work with him extensively to write
 the `ich9gen` utility, which generates an Intel Flash Descriptor and GbE NVM
-region, from scratch, without an Intel ME region defined. It is this tool,
-the `ich9gen` tool, that Libreboot uses to provide ROM images for GM45+ICH9M
+region, from scratch, without an Intel ME region defined,
+without needing a dump of the original Lenovo BIOS firmware.
+Libreboot used to use `ich9gen` to provide ROM images for GM45+ICH9M
 platforms (such as ThinkPad X200/T400/T500/W500), with a fully functional
 descriptor and functional Gigabit Ethernet, but *without* needing Intel
 Management Engine (ME) firmware, thus making those machines *libre* (the ME
 is fully disabled, when you use a descriptor+gbe image generated by `ich9gen`).
-
-With *my* `ich9gen` tool (Steve's tool was called `ich9deblob`), you didn't
-need a dump of the original Lenovo BIOS firmware anymore! I could not have
-written this tool, without Steve's initial proof of concept. I worked with him,
-extensively, for many months. All GM45+ICH9M support (X200, T400, etc) in
-Libreboot is made possible because of the work he did, back in 2014.
+Note that `ich9gen` is now obsolete as the Flash Descriptor and NVM region
+are generated pre-assembled, and `nvmutil` is used to change MAC addresses
+instead.

 ### Swift Geek

--- a/site/docs/install/ich9utils.md.description
+++ b/site/docs/install/ich9utils.md.description
@ -1 +1 @@
-Documentation pertaining to ich9utils which can generate or modify Intel Flash Descriptors, and Intel GbE NVM images.
+Documentation pertaining to the deprecated ich9utils which can generate or modify Intel Flash Descriptors, and Intel GbE NVM images.
--- a/site/docs/install/mac_address.md
+++ b/site/docs/install/mac_address.md
@ -86,18 +86,7 @@ init scripts or you can use your operating system's own networking
 configuration. Refer to your operating system's documentation for
 how to do this.

-Changing the MAC address on X200/T400/T500/W500
-----------------------------------------------
-
-On GM45 laptops with ICH9M southbridge and Intel PHY module, the MAC address
-is hardcoded in boot flash, which means it can be changed if you re-flash.
-
-See [ich9utils documentation](../install/ich9utils.md)
-
-If *all* you want to do is change the MAC address, you might try `nvmutil`
-instead. See notes below:
-
-Changing the MAC address on ivybridge/sandybridge/haswell (e.g. X230/T440p)
+Changing the MAC address (e.g. X230/T440p)
 -----------------------------------------------------------------

 See [nvmutil documentation](../install/nvmutil.md)
@ -107,15 +96,6 @@ Sandybridge, Ivybridge and Haswell platforms, but it can be used on any
 platform with a valid GbE region in flash, where an Intel Flash Descriptor
 is used; this includes older GM45+ICH9M machines supported by Libreboot.

-The `ich9utils` program is more useful in an lbmk context, because it
-generates an entire Intel Flash Descriptor and GbE region from scratch;
-coreboot has a similar method in its build system, using its own utility
-called bincfg, but this tool is unused in lbmk.
-
-No tool like ich9utils exists for these boards yet, but lbmk includes the IFD
-and GbE files in-tree (Intel ME is handled by extracting from Lenovo updates,
-which the build system automatically fetches from the internet).
-
 You can use `nvmutil` to change the existing MAC address in a GbE region. This
 sets the "hardcoded" MAC address, typically a globally assigned one set by
 the vendor, but you can use local addresses, and you can use randomised MACs.
--- a/site/docs/install/r400.md
+++ b/site/docs/install/r400.md
@ -71,8 +71,7 @@ the palmrest: 4MiB is SOIC-8, 8MiB is SOIC-16.

 *The R400 laptops come with the ME (and sometimes AMT in addition)
 before flashing libreboot. libreboot disables and removes it by using a
-modified descriptor: see [../install/ich9utils.md](../install/ich9utils.md)*
-(contains notes, plus instructions)
+modified descriptor.*

 Flashing instructions can be found at
 [../install/\#flashprog](../install/#flashprog)
--- a/site/docs/install/t400.md
+++ b/site/docs/install/t400.md
@ -70,8 +70,7 @@ the palmrest: 4MiB is SOIC-8, 8MiB is SOIC-16.

 *The T400 laptops come with the ME (and sometimes AMT in addition)
 before flashing libreboot. libreboot disables and removes it by using a
-modified descriptor: see [../install/ich9utils.md](../install/ich9utils.md)*
-(contains notes, plus instructions)
+modified descriptor.*

 Flashing instructions can be found at
 [../install/\#flashprog](../install/#flashprog)
--- a/site/docs/install/t500.md
+++ b/site/docs/install/t500.md
@ -72,8 +72,7 @@ the palmrest: 4MiB is SOIC-8, 8MiB is SOIC-16.

 *The T500 laptops come with the ME (and sometimes AMT in addition)
 before flashing libreboot. libreboot disables and removes it by using a
-modified descriptor: see [../install/ich9utils.md](../install/ich9utils.md)*
-(contains notes, plus instructions)
+modified descriptor.*

 Flashing instructions can be found at
 [../install/\#flashprog](../install/#flashprog)
--- a/site/docs/install/x200.md
+++ b/site/docs/install/x200.md
@ -70,8 +70,7 @@ the palmrest: 4MiB is SOIC-8, 8MiB is SOIC-16.

 *The X200 laptops come with the ME (and sometimes AMT in addition)
 before flashing libreboot. libreboot disables and removes it by using a
-modified descriptor: see [../install/ich9utils.md](../install/ich9utils.md)*
-(contains notes, plus instructions)
+modified descriptor.*

 Flashing instructions can be found at
 [../install/\#flashprog](../install/#flashprog)
--- a/site/faq.md
+++ b/site/faq.md
@ -295,7 +295,7 @@ privacy that can't be ignored.
 Before version 6.0 (that is, on systems from 2008/2009 and earlier), the
 ME can be disabled by setting a couple of values in the SPI flash
 memory. The ME firmware can then be removed entirely from the flash
-memory space. The libreboot project [does this](docs/install/ich9utils.md) on
+memory space. The libreboot project does this on
 the Intel 4 Series systems that it supports, such as the [ThinkPad
 X200](../docs/install/x200.md) and [ThinkPad
 T400](../docs/install/t400.md). ME firmware versions 6.0 and
@ -516,13 +516,8 @@ inconvenient to use an external programmer.

 On some systems, it is possible to write-protect the firmware, such that
 it is rendered read-only at the OS level (external flashing is still
-possible, using dedicated hardware). For example, on current GM45
-laptops (e.g. ThinkPad X200, T400), you can write-protect (see
-[ICH9 gen utility](docs/install/ich9utils.md#ich9gen)).
-
-It's possible to write-protect on all libreboot systems, but the instructions
-need to be written. The documentation is in the main git repository, so you are
-welcome to submit patches adding these instructions.
+possible, using dedicated hardware). [See instructions
+here.](docs/linux/grub_hardening.md#flash-write-protection)

 TODO: Document PRx based flash protection on Intel platforms, and investigate
 other methods on AMD systems.
--- a/site/freedom-status.md
+++ b/site/freedom-status.md
@ -95,7 +95,7 @@ In a *descriptor* configuration, the flash is divided into regions such as:
  the initialisation firmware plus operating system for it is loaded from
  this dedicated region in the main boot flash. More info is available [in the
  FAQ](faq.md#intelme) - where ME firmware is otherwise present, Libreboot
-  either [removes](docs/install/ich9utils.html) it or (with the `me_cleaner` program) [reconfigures](https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F) it in such
+  either removes it or (with the `me_cleaner` program) [reconfigures](https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F) it in such
  a way where it is disabled during machine initialisation.
 * Platform region: non-program data, usually just a bunch of strings put there
  by the hardware vendor.
@ -152,11 +152,7 @@ whether the CPU comes out of reset).

 *Libreboot* provides a way to fully remove the ME firmware, while retaining
 full use of the machine, on GM45 platforms with ICH9M southbridge. These are
-laptops: ThinkPad X200/T400/T500/W500 and so on of that generation. See:
-[docs/install/ich9utils.md](docs/install/ich9utils.md)
-
-The `ich9utils` software is provided by Libreboot. The `ich9gen` utility was
-specifically written by Leah Rowe, in 2014 and improved incrementally since.
+laptops: ThinkPad X200/T400/T500/W500 and so on of that generation.

 On newer platforms as alluded to above, `me_cleaner` is used instead.

@ -301,7 +297,6 @@ Intel Flash Descriptors are provided as blobs on some boards, but these are
 not *software* blobs. They are configurations provided in a binary format,
 fully readable by libre software. For example:

-* Libreboot's `ich9gen` program generates ICH9M flash descriptors from scratch.
 * Coreboot's `ifdtool` program has extensive features for manipulating Intel
  flash descriptors.
 * Corebot's `bincfg` program generates any sort of binary from a `.spec` file
@ -311,8 +306,6 @@ fully readable by libre software. For example:

 Intel GbE NVM config (configuration data, binary-encoded, for gigabit NIC):

-* Libreboot's `ich9gen` program *also* generates GbE NVM images specifically
-  for Intel NICs used in GM45 thinkpads.
 * Libreboot's `nvmutil` program can manipulate GbE NVM images

 ### ARM/chromebooks
--- a/site/git.md
+++ b/site/git.md
@ -35,9 +35,7 @@ needed something more stable, so now Libreboot is hosted on codeberg. See:
 There are also these programs, hosted by the Libreboot project, and libreboot
 either recommends them or makes use of them:

-The `ich9utils` project is now available under `util/ich9utils` in lbmk, and
-lbmk uses *that*, but the old standalone repository is still available on
-notabug (bucts is also there):
+The old `ich9utils` and `bucts` repositories are available on notabug:

 * Bucts (utility): <https://notabug.org/libreboot/bucts>
 * ich9utils (utility): <https://notabug.org/libreboot/ich9utils>
@ -60,13 +58,6 @@ internally an libreboot ROM onto a ThinkPad X60 or T60 that is currently running
 the original Lenovo BIOS. Instructions for that are available here:\
 [libreboot installation guides](docs/install/)

-The `ich9utils` repository is used heavily, by the `lbmk` build system. However,
-you can also download `ich9utils` on its own and use it. It generates ICH9M
-descriptor+GbE images for GM45 ThinkPads that use the ICH9M southbridge. It may
-also work for other systems using the same platform/chipset.
-Documentation for `ich9utils` is available here:\
-[ich9utils documentation](docs/install/ich9utils.md)
-
 ### lbmk (libreboot-make)

 This is the core build system in libreboot. You could say that `lbmk` *is*