summaryrefslogtreecommitdiff
path: root/config/data/deguard
diff options
context:
space:
mode:
authorLeah Rowe <leah@libreboot.org>2024-09-24 16:47:21 +0100
committerLeah Rowe <leah@libreboot.org>2024-09-24 16:53:48 +0100
commite7c0109f5d97eb8eeaa2e2404be6bea2c56f1e0d (patch)
tree8ed34b18a54222e4c781ba7e3e1d36e3fdbc5361 /config/data/deguard
parent0266a4891328c22050e09f41d79fac5ef161efca (diff)
Add deguard logic for Dell OptiPlex 3050 Micro
Copy the downloaded deguard source code into appdir, and patch it to run as part of lbmk, instead of standalone. The archived one in src/ is not directly used; instead, the hotpatched version is used. This is because the standalone version already has download logic for the .zip file, but we already cache that file in cache/ and use that. Signed-off-by: Leah Rowe <leah@libreboot.org>
Diffstat (limited to 'config/data/deguard')
-rw-r--r--config/data/deguard/appdir.patch131
1 files changed, 131 insertions, 0 deletions
diff --git a/config/data/deguard/appdir.patch b/config/data/deguard/appdir.patch
new file mode 100644
index 00000000..722a6168
--- /dev/null
+++ b/config/data/deguard/appdir.patch
@@ -0,0 +1,131 @@
+From b978cbb651a4bdd84be4a92ae240c8ca99ef21eb Mon Sep 17 00:00:00 2001
+From: Leah Rowe <info@minifree.org>
+Date: Tue, 24 Sep 2024 16:44:51 +0100
+Subject: [PATCH 1/1] Patch to integrate with lbmk
+
+Deguard is a standalone utility, but the way it works
+doesn't integrate well with lbmk.
+
+Remove the download logic, because lbmk already downloads
+the requisite zip file.
+
+Also not required, but nice, and included in this patch:
+
+Detect what python version is available, and make sure it's
+python 3.
+
+Signed-off-by: Leah Rowe <info@minifree.org>
+---
+ RUNME.sh | 64 +++++++++++++++++++++++++++++++-------------------------
+ 1 file changed, 36 insertions(+), 28 deletions(-)
+
+diff --git a/RUNME.sh b/RUNME.sh
+index 9809f89..7404ba6 100755
+--- a/RUNME.sh
++++ b/RUNME.sh
+@@ -1,25 +1,33 @@
+ #!/bin/sh
+ # SPDX-License-Identifier: GPL-2.0-only
+
++# This version of deguard is patched to integrate with lbmk.
++# Do not run this version standalone. Please use src/deguard/ instead.
++
+ set -e
+
+-if [ ! -f "me.bin" ]; then
+- wget "https://download.asrock.com/BIOS/1151/H110M-DGS(7.30)ROM.zip"
+- unzip "H110M-DGS(7.30)ROM.zip" H11MDGS7.30
+- rm "H110M-DGS(7.30)ROM.zip"
+- dd if=H11MDGS7.30 of=me.bin skip=1 count=511 bs=4096
+- rm H11MDGS7.30
++pyver="2"
++python="python3"
++which python3 || python="python"
++which $python || pyver=""
++[ -n "$pyver" ] && pyver="$($python --version | awk '{print $2}')"
++if [ "${pyver%%.*}" != "3" ]; then
++ printf "Wrong python version, or python missing. Must be python 3.\n" 1>&2
++ exit 1
+ fi
+
++rm -f me.bin MFS.part
++dd if=../H11MDGS7.30 of=me.bin skip=1 count=511 bs=4096
++
+ dd if=me.bin of=MFS.part skip=168 count=100 bs=4096
+
+ # Extract file number 7 (fitc.cfg)
+-python3 MFSUtil.py -m MFS.part -x -i 7 -o fitc.cfg
++$python MFSUtil.py -m MFS.part -x -i 7 -o fitc.cfg
+
+ # Remove /home/mca/eom
+-python3 MFSUtil.py -c fitc.cfg -r -f /home/mca/eom -o fitc.cfg
++$python MFSUtil.py -c fitc.cfg -r -f /home/mca/eom -o fitc.cfg
+ # Remove /home/bup/ct
+-python3 MFSUtil.py -c fitc.cfg -r -f /home/bup/ct -o fitc.cfg
++$python MFSUtil.py -c fitc.cfg -r -f /home/bup/ct -o fitc.cfg
+
+ # list off files differing in optiplex 3050 fw vs donor
+ files="
+@@ -39,40 +47,40 @@ secureboot/pubkeyhash
+
+ for i in $files
+ do
+- python3 MFSUtil.py -c fitc.cfg -r -f /home/$i -o fitc.cfg
++ $python MFSUtil.py -c fitc.cfg -r -f /home/$i -o fitc.cfg
+ done
+
+ # Add /home/mca/eom
+ dd if=/dev/zero of=eom count=1 bs=1
+-python3 MFSUtil.py -c fitc.cfg --add eom --alignment 2 --mode ' --Irw-r-----' \
++$python MFSUtil.py -c fitc.cfg --add eom --alignment 2 --mode ' --Irw-r-----' \
+ --opt '?!-F' --uid 0 --gid 238 -f /home/mca/eom -o fitc.cfg
+
+ # Add /home/bup/ct
+-python3 gen_shellcode.py -p H -v 11.6.0.1126 --fake-fpfs=fpfs/optiplex_3050 -o ct
+-python3 MFSUtil.py -c fitc.cfg --add ct --alignment 2 --mode ' ---rwxr-----' \
++$python gen_shellcode.py -p H -v 11.6.0.1126 --fake-fpfs=fpfs/optiplex_3050 -o ct
++$python MFSUtil.py -c fitc.cfg --add ct --alignment 2 --mode ' ---rwxr-----' \
+ --opt '?--F' --uid 3 --gid 351 -f /home/bup/ct -o fitc.cfg
+
+ # Add dell files
+-python3 MFSUtil.py -c fitc.cfg --add data/emu_fuse_map --alignment 2 --mode=' ---rw-r-----' --opt='?--F' --uid=3 --gid=238 -f /home/bup/bup_sku/emu_fuse_map -o fitc.cfg
+-python3 MFSUtil.py -c fitc.cfg --add data/plat_n_sku --alignment 2 --mode=' ---rw-r-----' --opt='?--F' --uid=3 --gid=238 -f /home/bup/bup_sku/plat_n_sku -o fitc.cfg
+-python3 MFSUtil.py -c fitc.cfg --add data/fwuoemid --alignment 2 --mode=' ---rw-rw----' --opt='?--F' --uid=32 --gid=238 -f /home/fwupdate/fwuoemid -o fitc.cfg
+-python3 MFSUtil.py -c fitc.cfg --add data/prof0 --alignment 2 --mode=' ---rw-r-----' --opt='?--F' --uid=55 --gid=238 -f /home/icc/prof0 -o fitc.cfg
+-python3 MFSUtil.py -c fitc.cfg --add data/device_ports --alignment 2 --mode=' ---rw-r-----' --opt='?--F' --uid=73 --gid=238 -f /home/mctp/device_ports -o fitc.cfg
+-python3 MFSUtil.py -c fitc.cfg --add data/hdcp_ports --alignment 2 --mode=' -EIrw-r-----' --opt='?!-F' --uid=80 --gid=238 -f /home/pavp/hdcp_ports -o fitc.cfg
+-python3 MFSUtil.py -c fitc.cfg --add data/cfg_rules --alignment 2 --mode=' ---rw-rw----' --opt='-!MF' --uid=85 --gid=238 -f /home/policy/cfgmgr/cfg_rules -o fitc.cfg
+-python3 MFSUtil.py -c fitc.cfg --add data/bootpolres --alignment 2 --mode=' ---rw-rw----' --opt='?-MF' --uid=3 --gid=238 -f /home/secureboot/bootpolres -o fitc.cfg
+-python3 MFSUtil.py -c fitc.cfg --add data/bootpoltype --alignment 2 --mode=' ---rw-rw----' --opt='?-MF' --uid=3 --gid=238 -f /home/secureboot/bootpoltype -o fitc.cfg
+-python3 MFSUtil.py -c fitc.cfg --add data/enfpolicy --alignment 2 --mode=' ---rw-rw----' --opt='?-MF' --uid=3 --gid=238 -f /home/secureboot/enfpolicy -o fitc.cfg
+-python3 MFSUtil.py -c fitc.cfg --add data/kmid --alignment 2 --mode=' ---rw-r-----' --opt='?-MF' --uid=3 --gid=238 -f /home/secureboot/kmid -o fitc.cfg
+-python3 MFSUtil.py -c fitc.cfg --add data/pubkeyhash --alignment 2 --mode=' ---rw-rw-r--' --opt='?-MF' --uid=3 --gid=238 -f /home/secureboot/pubkeyhash -o fitc.cfg
++$python MFSUtil.py -c fitc.cfg --add data/emu_fuse_map --alignment 2 --mode=' ---rw-r-----' --opt='?--F' --uid=3 --gid=238 -f /home/bup/bup_sku/emu_fuse_map -o fitc.cfg
++$python MFSUtil.py -c fitc.cfg --add data/plat_n_sku --alignment 2 --mode=' ---rw-r-----' --opt='?--F' --uid=3 --gid=238 -f /home/bup/bup_sku/plat_n_sku -o fitc.cfg
++$python MFSUtil.py -c fitc.cfg --add data/fwuoemid --alignment 2 --mode=' ---rw-rw----' --opt='?--F' --uid=32 --gid=238 -f /home/fwupdate/fwuoemid -o fitc.cfg
++$python MFSUtil.py -c fitc.cfg --add data/prof0 --alignment 2 --mode=' ---rw-r-----' --opt='?--F' --uid=55 --gid=238 -f /home/icc/prof0 -o fitc.cfg
++$python MFSUtil.py -c fitc.cfg --add data/device_ports --alignment 2 --mode=' ---rw-r-----' --opt='?--F' --uid=73 --gid=238 -f /home/mctp/device_ports -o fitc.cfg
++$python MFSUtil.py -c fitc.cfg --add data/hdcp_ports --alignment 2 --mode=' -EIrw-r-----' --opt='?!-F' --uid=80 --gid=238 -f /home/pavp/hdcp_ports -o fitc.cfg
++$python MFSUtil.py -c fitc.cfg --add data/cfg_rules --alignment 2 --mode=' ---rw-rw----' --opt='-!MF' --uid=85 --gid=238 -f /home/policy/cfgmgr/cfg_rules -o fitc.cfg
++$python MFSUtil.py -c fitc.cfg --add data/bootpolres --alignment 2 --mode=' ---rw-rw----' --opt='?-MF' --uid=3 --gid=238 -f /home/secureboot/bootpolres -o fitc.cfg
++$python MFSUtil.py -c fitc.cfg --add data/bootpoltype --alignment 2 --mode=' ---rw-rw----' --opt='?-MF' --uid=3 --gid=238 -f /home/secureboot/bootpoltype -o fitc.cfg
++$python MFSUtil.py -c fitc.cfg --add data/enfpolicy --alignment 2 --mode=' ---rw-rw----' --opt='?-MF' --uid=3 --gid=238 -f /home/secureboot/enfpolicy -o fitc.cfg
++$python MFSUtil.py -c fitc.cfg --add data/kmid --alignment 2 --mode=' ---rw-r-----' --opt='?-MF' --uid=3 --gid=238 -f /home/secureboot/kmid -o fitc.cfg
++$python MFSUtil.py -c fitc.cfg --add data/pubkeyhash --alignment 2 --mode=' ---rw-rw-r--' --opt='?-MF' --uid=3 --gid=238 -f /home/secureboot/pubkeyhash -o fitc.cfg
+
+ # Delete file id 7 (fitc.cfg) from the MFS partition
+-python3 MFSUtil.py -m MFS.part -r -i 7 -o MFS.part
++$python MFSUtil.py -m MFS.part -r -i 7 -o MFS.part
+ # Delete file id 8 (home) from the MFS partition
+-python3 MFSUtil.py -m MFS.part -r -i 8 -o MFS.part
++$python MFSUtil.py -m MFS.part -r -i 8 -o MFS.part
+
+ # Add the modified fitc.cfg into the MFS partition
+-python3 MFSUtil.py -m MFS.part -a fitc.cfg --deoptimize -i 7 -o MFS.part
++$python MFSUtil.py -m MFS.part -a fitc.cfg --deoptimize -i 7 -o MFS.part
+
+ # Write
+ dd conv=notrunc if=MFS.part of=me.bin seek=168 count=100 bs=4096
+--
+2.39.5
+