lbwww/site/docs/install/ivy_has_common.uk.md

7.0 KiB

title x-toc-enable
Insert vendore files on Sandybridge/Ivybridge/Haswell true

Well, if the files cannot be freely redistributed, then we can't provide them. So how do we handle that, in the context of Libreboot releases?

The solution

The answer is very simple: these files are NOT provided, at all! However, the very same logic used by the build system can be run standalone, to re-insert these vendor files on release ROMs. The inject script detects what files are needed for your ROM image.

The script will detect what board you're inserting on, or you can manually tell it what board, and it will fetch them for you, inserting them, so that your board is ready to flash - flashing it without these required files may result in a brick.

Vendor file locations

During auto-download of files, they are saved to these locations within the Libreboot build system:

  • ME firmware: vendor/*/me.bin - the * can be any given directory. Different ones will be used by given boards, but the directory name may not match the board target name.
  • SMSC SCH5545 fan control firmware (for Dell T1650): vendor/t1650/sch5545ec.bin - ditto 7010/9010 MT/SFF optiplex machines.
  • SMSC KBC1126 embedded controller firmware, on HP EliteBooks: ec/
  • Intel MRC firmware, provides raminit on HP EliteBook 820 G2

The above list refers to the non-redistributable files, and these are not directly included in releases. These are auto-downloaded during the build. The me.bin files are produced by extracting them from vendor updates and neutering them with me_cleaner so that Intel ME is disabled during early boot.

Inject vendor files into ROM

You must determine the correct board name, for your board, based on the list generated when running this command:

./mk -b coreboot list

In order to inject the necessary files into a rom image, run the script from the root of lbmk and point to the rom image.

If you only wish to flash a release rom then the process of injecting the necessary files is quite simple. Run the injection script pointing to the release archive you downloaded:

./vendor inject /path/to/libreboot-20230319-18-g9f76c92_t440pmrc_12mb.tar.xz

The script can automatically detect the board as long as you do not change the file name. You can then find flash-ready ROMs in /bin/release/

Alternatively, you may patch only a single rom file, but you must supply the correct board target name as alluded to above. For example:

./vendor inject -r x230_libreboot.rom -b x230_12mb

Optionally, you can use this script to modify the mac address of the rom with the -m flag. For example:

./vendor inject -r x230_libreboot.rom -b x230_12mb -m 00:f6:f0:40:71:fd

Check that the files were inserted

You must ensure that the files were inserted.

Some examples of how to do that in lbmk:

./update trees -d coreboot TREENAME

Now you find cbutitls/default, which is a directory containing cbfstool and ifdtool. Do this on your ROM image (libreboot.rom in the example below):

./cbutils/default/cbfstool libreboot.rom print

You should check that the files were inserted in cbfs, if needed; for example, EC firmware or MRC firmware.

Next:

./cbutils/default/ifdtool -x libreboot.rom

This creates several .bin files, one of which says me in it (Intel ME). Run hexdump on it:

hexdump flashregion_2_intel_me.bin

Check the output. If it's all 0xFF (all ones) or otherwise isn't a bunch of code, then the Intel ME firmware wasn't inserted.

You'll note the small size of the Intel ME, e.g. 84KB on sandybridge platforms. This is because lbmk automatically neuters it, disabling it during early boot. This is done using me_cleaner, which lbmk imports.

NOTE: the MAC changer makes use of nvmutil, which you can read more about in the nvmutil documentation.

Errata

NOTE: As of Libreboot releases from May 2024 onward, the Intel MRC is no longer included for Haswell; MRC is a blob for raminit, but we now provide libre raminit. The following targets no longer exist in the build system:

  • t440pmrc_12mb (use t440plibremrc_12mb instead)
  • t440pbmrc_12mb (use t440plibremrc_12mb instead)
  • w541mrc_12mb (use w541_12mb instead)
  • w541bmrc_12mb (use w541_12mb instead)
  • dell9020sff_12mb (use dell9020sff_nri_12mb instead)
  • dell9020sffbmrc (use dell9020sff_nri_12mb instead)
  • dell9020mt_12mb (use dell9020mt_nri_12mb instead)
  • dell9020mtbmrc (use dell9020mt_nri_12mb instead)

This is written as errata because some users may still be using older release images but on the newer build system from May 2024 onward; you must use the Libreboot 20240225 release if you want to inject MRC and so on, for these older targets.

Libreboot's binary blob reduction policy is very strict, and states: if a blob can be avoided, it must be avoided. Therefore, the MRC is removed on Haswell and Libreboot will only use the libre raminit (called NRI, short for Native Ram Initialisation).