Merge branch 'master' of GNUtoo/lbmk into master

4 files changed, 369 insertions, 1 deletions

diff --git a/resources/scripts/build/release/u-boot-stable-src-release b/resources/scripts/build/release/u-boot-stable-src-release
new file mode 100755
index 00000000..357338cf
--- /dev/null
+++ b/resources/scripts/build/release/u-boot-stable-src-release
@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+
+#
+#  helper script: generate deblobbed stable u-boot source code releases
+#
+#	Copyright (C) 2020,2021 Leah Rowe <info@minifree.org>
+#	Copyright (C) 2022 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+[ "x${DEBUG+set}" = 'xset' ] && set -v
+set -u -e
+
+version="v2021.07"
+revision="r1"
+
+topdir="$(realpath $(dirname $(realpath $0))/../../../../)"
+tmpdir="${topdir}/release/u-boot/u-boot-${version}-${revision}"
+tarball="${tmpdir}.tar"
+
+printf "Building source code archive, version %s revision %s\n" "${version}" "${revision}"
+
+cd "${topdir}"
+"${topdir}/download" u-boot
+
+rm -rf \
+   "${tmpdir}/" \
+   "${tarball}" \
+   "${tarball}.lz" \
+   "${tarball}.xz"
+
+mkdir -p "$(dirname ${tmpdir})"
+cp -R "u-boot/u-boot/" "${tmpdir}"
+
+rm -rf ${tmpdir}/.git ${tmpdir}/.gitignore
+make -C ${tmpdir} distclean
+
+prefix="$(dirname ${tmpdir} | sed 's#^/*##')/"
+tar cf "${tarball}" "${tmpdir}"  --transform="s#${prefix}##"
+lzip -9 --keep -vv "${tarball}"
+xz   -9 --keep -vv "${tarball}"
+
+rm -rf "${tmpdir}/"
+
+printf "Source code archives available at:\n\t%s\n\t%s\n\t%s\n" \
+       "${tarball}" \
+       "${tarball}.lz" \
+       "${tarball}.xz"
diff --git a/resources/scripts/download/coreboot b/resources/scripts/download/coreboot
index a500de61..6d0aa353 100755
--- a/resources/scripts/download/coreboot
+++ b/resources/scripts/download/coreboot
@@ -125,7 +125,7 @@ downloadfor() {
 	fi
 
 	cp -R coreboot "${cbtree}" || touch ../build_error
-	if [ -d ../build_error ]; then
+	if [ -f ../build_error ]; then
 		printf "ERROR: download/coreboot: Unable to copy directory. Check file system permissions or free space.\n"
 		rm -Rf "${cbtree}/"
 		cd ../; return 1
diff --git a/resources/scripts/download/u-boot b/resources/scripts/download/u-boot
new file mode 100755
index 00000000..704d1c3a
--- /dev/null
+++ b/resources/scripts/download/u-boot
@@ -0,0 +1,123 @@
+#!/usr/bin/env bash
+
+#  helper script: download u-boot
+#
+#	Copyright (C) 2014, 2015, 2016, 2020, 2021 Leah Rowe <info@minifree.org>
+#	Copyright (C) 2021 Denis 'GNUtoo' Carikli  <GNUtoo@cyberdimension.org>
+#
+#	This program is free software: you can redistribute it and/or modify
+#	it under the terms of the GNU General Public License as published by
+#	the Free Software Foundation, either version 3 of the License, or
+#	(at your option) any later version.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+[ "x${DEBUG+set}" = 'xset' ] && set -v
+set -u -e
+
+# set this when you want to modify each u-boot tree
+# for example, you want to test custom patches
+# NODELETE= ./download coreboot
+deleteblobs="true"
+[ "x${NODELETE+set}" = 'xset' ] && deleteblobs="false"
+
+# Error handling is extreme in this script.
+# This script handles the internet, and Git. Both are inherently unreliable.
+[[ -f build_error ]] && rm -f build_error
+
+downloadfor() {
+	uboot_revision="v2021.07"
+	uboot_dir="u-boot/u-boot"
+	if [ -d "${uboot_dir}" ]; then
+	    printf \
+		"REMARK: '%s' directory already exists. Skipping setup.\n" \
+		"${uboot_dir}"
+		return 0
+	fi
+
+	if [ ! -d "${uboot_dir}" ]; then
+		mkdir -p "${uboot_dir}"
+	fi
+
+	if [ ! -d "${uboot_dir}" ]; then
+	    printf \
+		"ERROR: '%s' directory not created. Check file system permissions\n" \
+		"${uboot_dir}"
+		return 1
+	fi
+
+	if [ ! -d "${uboot_dir}/.git" ] && [ -d "${uboot_dir}" ]; then
+		rm -Rf "${uboot_dir}"
+	fi
+
+	if [ ! -d "${uboot_dir}" ]; then
+		printf "Download u-boot from upstream:\n"
+		git clone https://source.denx.de/u-boot/u-boot \
+		    "${uboot_dir}" || \
+		    rm -Rf "${uboot_dir}"
+		if [ ! -d "${uboot_dir}" ]; then
+		    printf \
+			"ERROR: %s: Problem with git-clone. Network issue?\n" \
+			"download/u-boot"
+			return 1
+		fi
+	else
+		git -C "${uboot_dir}" pull || touch build_error
+		if [ -f build_error ]; then
+		    printf \
+			"ERROR: %s: Problem with git-pull. Network issue?\n" \
+			"download/u-boot"
+			return 1
+		fi
+	fi
+
+	git -C "${uboot_dir}" reset --hard ${uboot_revision} || \
+	    touch build_error
+	if [ -f build_error ]; then
+	    printf \
+		"ERROR: %s: Unable to reset to commit ID/tag '%s' for board '%s' on tree '%s'\n" \
+		"download/u-boot" "${uboot_revision}" "${1}" "${uboot_dir}"
+		return 1
+	fi
+}
+
+strip_comments()
+{
+	file="$1"
+	# Remove comments
+	sed 's/#.*//' "${file}" | \
+	    # Remove lines composed of whitespaces only
+	    sed '/^\W\+$/d' | \
+		# Remove empty lines
+		sed '/^$/d'
+}
+
+printf "Downloading u-boot and (if exist in build system) applying patches\n"
+downloadfor
+
+rm -f "build_error"
+printf "\n\n"
+
+if [ "${deleteblobs}" = "true" ]; then
+	bloblist="resources/u-boot/default/blobs.list"
+
+	for blob_path in $(strip_comments "${bloblist}"); do
+		if echo "${blob_path}" | grep '/$' 2>&1 >/dev/null ; then
+			printf "Deleting blob directory: '%s/%s'\n" \
+			       "${uboot_dir}" "${blob_path}"
+			rm -rf "${uboot_dir}/${blob_path}"
+		else
+			printf "Deleting blob file: '%s/%s'\n" \
+			       "${uboot_dir}" "${blob_path}"
+			rm -f "${uboot_dir}/${blob_path}"
+		fi
+	done
+fi
+exit 0
diff --git a/resources/u-boot/default/blobs.list b/resources/u-boot/default/blobs.list
new file mode 100644
index 00000000..ec6c20ee
--- /dev/null
+++ b/resources/u-boot/default/blobs.list
@@ -0,0 +1,185 @@
+arch/x86/dts/microcode/
+
+# The license is nonfree because it contains the following: "Reverse
+# engineering, decompilation, or disassembly of this software is not
+# permitted."
+Licenses/r8a779x_usb3.txt
+drivers/usb/host/xhci-rcar-r8a779x_usb3_v3.h
+
+# The documentation contains instructions to download and install nonfree
+# software. Note that if a board doesn't have such instructions it doesn't
+# necessarily means that it can boot with only free software and viceversa.
+
+###########
+# Amlogic #
+###########
+# Amlogic SOCs Usually have various nonfree components, like the first stages
+# of the bootloaders and code that runs in TrustZone. They are most likely
+# not signed.
+# ---------
+# TODO: List the nonfree software of specific documentation
+doc/board/amlogic/beelink-gtkingpro.rst
+doc/board/amlogic/beelink-gtking.rst
+doc/board/amlogic/index.rst
+doc/board/amlogic/khadas-vim2.rst
+doc/board/amlogic/khadas-vim3l.rst
+doc/board/amlogic/khadas-vim3.rst
+doc/board/amlogic/khadas-vim.rst
+doc/board/amlogic/libretech-ac.rst
+doc/board/amlogic/libretech-cc.rst
+doc/board/amlogic/nanopi-k2.rst
+doc/board/amlogic/odroid-c2.rst
+doc/board/amlogic/odroid-c4.rst
+doc/board/amlogic/odroid-n2.rst
+doc/board/amlogic/p200.rst
+doc/board/amlogic/p201.rst
+doc/board/amlogic/p212.rst
+doc/board/amlogic/q200.rst
+doc/board/amlogic/s400.rst
+doc/board/amlogic/sei510.rst
+doc/board/amlogic/sei610.rst
+doc/board/amlogic/u200.rst
+doc/board/amlogic/w400.rst
+doc/board/amlogic/wetek-core2.rst
+
+#########
+# Linux #
+#########
+# Has intructions to build Linux which is not FSDG compliant.
+# TODO: Use linux-libre instead, especially because documentation about vboot
+# could be interesting to have. Vboot is a chain of trust that can work with
+# only free software. The hardware root of trust can be created by booting on
+# a flash chip whose security registers are configured to set the first
+# bootloader component read-only.
+doc/uImage.FIT/beaglebone_vboot.txt
+# Steers very strongly users into using Linux as it shows that the only tested
+# kernels are Broadcom forks of Linux. We would need to have linux-libre
+# versions of these or test it with stock linux-libre instead.
+doc/README.bcm7xxx
+
+############
+# Mediatek #
+############
+# The instructions uses binaries that lack any corresponding source code.
+doc/README.mediatek
+
+#############
+# NXP I.MX8 #
+#############
+# I.MX8 SOCs require a nonfree firmware for the DDR4 controller. In some
+# documentation, I didn't find that requirement mentioned, but instead
+# there are still nonfree files mentioned. So I assume that they might
+# somehow contain code for that nonfree DDR4 controller, but it might be
+# worth checking if it's the case or not. The DDR4 controller firmware is not
+# signed. In addition the I.MX8 HDMI controller requires a signed firmware.
+# -----------
+# nonfree DDR4 controller firmware
+doc/board/freescale/imx8mp_evk.rst
+# nonfree DDR4 controller and HDMI firmwares
+doc/board/freescale/imx8mq_evk.rst
+# nonfree DDR4 controller firmware
+doc/board/freescale/imx8mn_evk.rst
+# nonfree imx-sc-firmware-1.2.7.1.bin and imx-seco-2.3.1.bin firmwares
+doc/board/freescale/imx8qxp_mek.rst
+# nonfree DDR4 controller firmware
+doc/board/freescale/imx8mm_evk.rst
+# nonfree imx-sc-firmware-1.1.bin and firmware-imx-8.0.bin firmwares
+doc/board/advantech/imx8qm-rom7720-a1.rst
+# TODO
+doc/board/verdin-imx8mm.rst
+doc/board/toradex/colibri-imx8x.rst
+doc/board/toradex/apalix-imx8x.rst
+doc/board/toradex/apalix-imx8.rst
+
+#######################
+# NXP nonfree srktool #
+#######################
+# The SRK tool is a tool that is involved in one way or another with
+# authenticated or encrypted boot. I'm unsure if free software replacements
+# exists or if could easily be replaced with a free software implementation.
+# In any case the I.MX6 and I.MX5 can proabably be setup for encrypted or
+# authenticated boot with free software tools. The first and second versions
+# of the USB Armory has documentation on how to do that.
+# ---------------------
+doc/imx/board/toradex/colibri_imx7.rst
+doc/imx/habv4/introduction_habv4.txt
+
+##################
+# Samsung Exynos #
+##################
+# The instructions makes users nonfree components like a nonfree first stage
+# bootloaders, and nonfree code that runs in TrustZone.
+doc/README.odroid
+# The instructions makes its users download an image and update u-boot in that
+# image. Because of that, it's extremely likely that the images contains
+# nonfree components that cannot even be redistributed in another form, and
+# that the instructions uses that images because of that.
+doc/README.s5p4418
+
+#####################
+# Texas Instruments #
+#####################
+# Users are expected to use nonfree tools and even sign an NDA to get access
+# to them.
+doc/README.ti-secure
+
+###########
+# Unknown #
+###########
+# Everything looks free software, but the code still needs to be reviewed.
+doc/board/microchip/mpfs_icicle.rst
+# OP-TEE is under a free software license but its code needs to be reviewed.
+doc/README.tee
+# The tutorial has instructions to download a downstream u-boot, so it might
+# have the same issues than u-boot itself if the u-boot is recent enough.
+doc/chromium/run_vboot.rst
+
+#######
+# x86 #
+#######
+# Unless the computer is supported by Libreboot, or that u-boot runs after
+# some other nonfree boot software like a BIOS or UEFI, it's unlikely to be
+# able to run with only free software. Though I'm pretty sure that some
+# exceptions do exists, but they are probably not supported by u-boot.
+# -----
+# nonfree Management Engine firmware, RAM intialization code, and video BIOS
+doc/board/google/chromebook_link.rst
+# nonfree SDRAM and hardware intialization code
+doc/board/google/chromebook_coral.rst
+
+# nonfree FSP, video BIOS, Management Engine firmware
+doc/board/intel/minnowmax.rst
+# nonfree FSP, Chipset Micro Code (CMC), microcode
+doc/board/intel/crownbay.rst
+
+# TODO: check
+# board/intel/edison.rst
+# Steers userstoward using nonfree FSP
+board/intel/slimbootloader.rst
+
+# Steers users and developers toward using nonfree FSP
+doc/device-tree-bindings/fsp/fsp2/apollolake/fsp-m.txt
+
+# Steers users and developers toward using nonfree FSP
+doc/device-tree-bindings/fsp/fsp2/apollolake/fsp-s.txt
+
+############
+# Rockchip #
+############
+# rkbin binaries without license nor source code
+doc/board/rockchip/rockchip.rst
+
+# TODO: check the following files
+# imx/common/mxs.txt
+# README.armada-secureboot
+# README.fdt-control
+# README.fsl-ddr
+# README.m54418twr
+# README.marvell
+# README.mpc85xxcds
+# README.mpc85xx-sd-spi-boot
+# README.OFT
+# README.rmobile
+# README.rockchip
+# README.rockusb
+# README.socfpga