diff options
author | Leah Rowe <leah@libreboot.org> | 2024-12-26 17:11:10 +0000 |
---|---|---|
committer | Leah Rowe <leah@libreboot.org> | 2024-12-26 22:05:16 +0000 |
commit | 12c6259cb2f8a3a580d30e52ee2a6c9e8ece2cc3 (patch) | |
tree | 150d241eae5e376cb772476a5393dadd90263fc7 /include | |
parent | 781320514623653077cda2d910b9baf150949bd1 (diff) |
vendor.sh: Handle FSP insertion post-release
The Libreboot 20241206 release provided FSP pre-assembled
and inserted into the ROM images; the only file inserted
by vendor.sh was the Intel ME.
Direct distribution of an unmodified FSP image is permitted
by Intel, provided that the license notice is given among
other requirements. Due to how coreboot works, it must split
up the FSP into subcomponents, and adjust certain pointers
within the -M component (for raminit).
Such build-time modifications are perfectly fine in a coreboot
context, where it is expected that you are building from source.
The end result is simply what you use.
In a distribution such as Libreboot, where we provide pre-built
images, this becomes problematic. It's a technicality of the
license, and it seems that Intel themselves probably intended
for Libreboot to use the FSP this way anyway, since it is they
who seem to be the author of SplitFspBin.py, which is the
utility that coreboot uses for splitting up the FSP image.
Due to the technicality of the licensing, the FSP shall now
be scrubbed from releases, and re-inserted.
Coreboot was inserting the -S component with LZ4 compression,
which is bad news for ./mk inject beacuse the act of compression
is currently not reproducible. Therefore, coreboot has been
modified not to compress this section, and the inject command
doesn't compress it either. This means that the S file is using
about 180KB in flash, instead of about 140KB. This is totally OK.
The _fsp targets are retained, but set to release=n, because these
targets *still* don't scrub fsp.bin; if released, they would
include fsp files, so they've been set to release=n. These can
be used on older Libreboot release archives, for compatibility.
The new ROM images released for the affected machines are:
t480_vfsp_16mb
t480s_vfsp_16mb
dell3050micro_vfsp_16mb
Note the use of _vfsp instead of _fsp. These images are released,
unlike _fsp, and they lack fspm/fsps in the image. FSP S/M must
be inserted using ./mk inject.
This has been tested and confirmed to boot just fine.
The 20241206 images will be re-compiled and re-uploaded with this
and other recent changes, to make Libreboot 20241206 rev8.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/lib.sh | 30 | ||||
-rw-r--r-- | include/vendor.sh | 91 |
2 files changed, 111 insertions, 10 deletions
diff --git a/include/lib.sh b/include/lib.sh index c765f6b8..92651c84 100644 --- a/include/lib.sh +++ b/include/lib.sh @@ -14,6 +14,16 @@ tmpgit="$PWD/tmp/gitclone" grubdata="config/data/grub" err="err_" +pyver="2" +python="python3" +which python3 1>/dev/null || python="python" +which $python 1>/dev/null || pyver="" +[ -n "$pyver" ] && pyver="$($python --version | awk '{print $2}')" +if [ "${pyver%%.*}" != "3" ]; then + printf "Wrong python version, or python missing. Must be v 3.x.\n" 1>&2 + exit 1 +fi + err_() { printf "ERROR %s: %s\n" "$0" "$1" 1>&2; exit 1 @@ -185,8 +195,11 @@ singletree() done; return 0 } +# can grab from the internet, or copy locally. +# if copying locally, it can only copy a file. download() { + _dlop="curl" && [ $# -gt 4 ] && _dlop="$5" cached="$XBMK_CACHE/file/$4" dl_fail="n" # 1 url, 2 url backup, 3 destination, 4 checksum vendor_checksum "$4" "$cached" 2>/dev/null && dl_fail="y" @@ -197,8 +210,21 @@ download() [ "$dl_fail" = "n" ] && break [ -z "$url" ] && continue rm -f "$cached" || $err "!rm -f '$cached'" - curl --location --retry 3 -A "$_ua" "$url" -o "$cached" || \ - wget --tries 3 -U "$_ua" "$url" -O "$cached" || continue + if [ "$_dlop" = "curl" ]; then + curl --location --retry 3 -A "$_ua" "$url" \ + -o "$cached" || wget --tries 3 -U "$_ua" "$url" \ + -O "$cached" || continue + elif [ "$_dlop" = "copy" ]; then + [ -L "$url" ] && \ + printf "dl %s %s %s %s: '%s' is a symlink\n" \ + "$1" "$2" "$3" "$4" "$url" 1>&2 && continue + [ ! -f "$url" ] && \ + printf "dl %s %s %s %s: '%s' not a file\n" \ + "$1" "$2" "$3" "$4" "$url" 1>&2 && continue + cp "$url" "$cached" || continue + else + $err "$1 $2 $3 $4: Unsupported dlop type: '$_dlop'" + fi vendor_checksum "$4" "$cached" || dl_fail="n" done; [ "$dl_fail" = "y" ] && $err "$1 $2 $3 $4: not downloaded" [ "$cached" = "$3" ] || cp "$cached" "$3" || $err "!d cp $cached $3"; : diff --git a/include/vendor.sh b/include/vendor.sh index 43f77f84..0af6059b 100644 --- a/include/vendor.sh +++ b/include/vendor.sh @@ -17,7 +17,9 @@ cv="CONFIG_HAVE_ME_BIN CONFIG_ME_BIN_PATH CONFIG_INCLUDE_SMSC_SCH5545_EC_FW \ CONFIG_VGA_BIOS_FILE CONFIG_VGA_BIOS_ID CONFIG_BOARD_DELL_E6400 \ CONFIG_HAVE_MRC CONFIG_MRC_FILE CONFIG_HAVE_REFCODE_BLOB \ CONFIG_REFCODE_BLOB_FILE CONFIG_GBE_BIN_PATH CONFIG_IFD_BIN_PATH \ - CONFIG_LENOVO_TBFW_BIN" + CONFIG_LENOVO_TBFW_BIN CONFIG_FSP_FD_PATH CONFIG_FSP_M_FILE \ + CONFIG_FSP_S_FILE CONFIG_FSP_S_CBFS CONFIG_FSP_M_CBFS CONFIG_FSP_USE_REPO \ + CONFIG_FSP_FULL_FD" eval `setvars "" EC_url_bkup EC_hash DL_hash DL_url_bkup MRC_refcode_gbe vcfg \ E6400_VGA_DL_hash E6400_VGA_DL_url E6400_VGA_DL_url_bkup E6400_VGA_offset \ @@ -26,7 +28,7 @@ eval `setvars "" EC_url_bkup EC_hash DL_hash DL_url_bkup MRC_refcode_gbe vcfg \ archive EC_url boarddir rom cbdir DL_url nukemode cbfstoolref vrelease \ verify _7ztest ME11bootguard ME11delta ME11version ME11sku ME11pch \ IFD_platform ifdprefix cdir sdir _me _metmp mfs TBFW_url_bkup TBFW_url \ - TBFW_hash TBFW_size $cv` + TBFW_hash TBFW_size FSPFD_hash $cv` vendor_download() { @@ -55,7 +57,7 @@ readkconfig() for c in CONFIG_HAVE_MRC CONFIG_HAVE_ME_BIN CONFIG_KBC1126_FIRMWARE \ CONFIG_VGA_BIOS_FILE CONFIG_INCLUDE_SMSC_SCH5545_EC_FW \ - CONFIG_LENOVO_TBFW_BIN; do + CONFIG_LENOVO_TBFW_BIN CONFIG_FSP_M_FILE CONFIG_FSP_S_FILE; do eval "[ \"\${$c}\" = \"/dev/null\" ] && continue" eval "[ -z \"\${$c}\" ] && continue" eval `setcfg "config/vendor/$vcfg/pkg.cfg"`; return 0 @@ -87,21 +89,39 @@ getfiles() [ -z "$CONFIG_HAVE_MRC" ] || fetch "mrc" "$MRC_url" "$MRC_url_bkup" \ "$MRC_hash" "$CONFIG_MRC_FILE" [ -z "$CONFIG_LENOVO_TBFW_BIN" ] || fetch "tbfw" "$TBFW_url" \ - "$TBFW_url_bkup" "$TBFW_hash" "$CONFIG_LENOVO_TBFW_BIN"; return 0 + "$TBFW_url_bkup" "$TBFW_hash" "$CONFIG_LENOVO_TBFW_BIN" + # + # in the future, we might have libre fsp-s and then fsp-m. + # therefore, handle them separately, in case one of them is libre; if + # one of them was, the path wouldn't be set. + # + [ -z "$CONFIG_FSP_M_FILE" ] || fetch "fspm" "$CONFIG_FSP_FD_PATH" \ + "$CONFIG_FSP_FD_PATH" "$FSPFD_hash" "$CONFIG_FSP_M_FILE" copy + [ -z "$CONFIG_FSP_S_FILE" ] || fetch "fsps" "$CONFIG_FSP_FD_PATH" \ + "$CONFIG_FSP_FD_PATH" "$FSPFD_hash" "$CONFIG_FSP_S_FILE" copy; : } fetch() { dl_type="$1"; dl="$2"; dl_bkup="$3"; dlsum="$4"; _dest="${5##*../}" [ "$5" = "/dev/null" ] && return 0; _dl="$XBMK_CACHE/file/$dlsum" + if [ "$dl_type" = "fspm" ] || [ "$dl_type" = "fsps" ]; then + # HACK: if grabbing fsp from coreboot, fix the path for lbmk + for _cdl in dl dl_bkup; do + eval "$_cdl=\"\${$_cdl##*../}\"; _cdp=\"\$$_cdl\"" + [ -f "$_cdp" ] || _cdp="$cbdir/$_cdp" + [ -f "$_cdp" ] && eval "$_cdl=\"$_cdp\"" + done + fi - download "$dl" "$dl_bkup" "$_dl" "$dlsum" + dlop="curl" && [ $# -gt 5 ] && dlop="$6" + download "$dl" "$dl_bkup" "$_dl" "$dlsum" "$dlop" rm -Rf "${_dl}_extracted" || $err "!rm -Rf ${_ul}_extracted" e "$_dest" f && return 0 mkdir -p "${_dest%/*}" || $err "mkdirs: !mkdir -p ${_dest%/*}" - remkdir "$appdir"; extract_archive "$_dl" "$appdir" || \ + remkdir "$appdir"; extract_archive "$_dl" "$appdir" "$dl_type" || \ [ "$dl_type" = "e6400vga" ] || $err "mkd $_dest $dl_type: !extract" eval "extract_$dl_type"; set -u -e @@ -181,6 +201,13 @@ apply_me11_deguard_mod() extract_archive() { + if [ $# -gt 2 ]; then + if [ "$3" = "fspm" ] || [ "$3" = "fsps" ]; then + decat_fspfd "$1" "$2" + return 0 + fi + fi + innoextract "$1" -d "$2" || python "$pfs_extract" "$1" -e || 7z x \ "$1" -o"$2" || unar "$1" -o "$2" || unzip "$1" -d "$2" || return 1 @@ -188,6 +215,16 @@ extract_archive() $err "!mv '${_dl}_extracted' '$2'"; : } +decat_fspfd() +{ + _fspfd="$1" + _fspdir="$2" + _fspsplit="$cbdir/3rdparty/fsp/Tools/SplitFspBin.py" + + $python "$_fspsplit" split -f "$_fspfd" -o "$_fspdir" -n "Fsp.fd" || \ + $err "decat_fspfd '$1' '$2': Cannot de-concatenate"; : +} + extract_kbc1126ec() { e "$kbc1126_ec_dump" f missing && $err "$cbdir: kbc1126 util missing" @@ -256,6 +293,23 @@ extract_tbfw() cp "tmp/tb.bin" "$_dest" || $err "extract_tbfw $_dest: copy error"; : } +extract_fspm() +{ + copy_fsp M; : +} + +extract_fsps() +{ + copy_fsp S; : +} + +# this copies the fsp s/m; re-base is handled by ./mk inject +copy_fsp() +{ + cp "$appdir/Fsp_$1.fd" "$_dest" || \ + $err "copy_fsp: Can't copy $1 to $_dest"; : +} + vendor_inject() { set +u +e; [ $# -lt 1 ] && $err "No options specified." @@ -381,6 +435,23 @@ patch_rom() [ "$CONFIG_INCLUDE_SMSC_SCH5545_EC_FW" = "y" ] && \ [ -n "$CONFIG_SMSC_SCH5545_EC_FW_FILE" ] && \ inject sch5545_ecfw.bin "$CONFIG_SMSC_SCH5545_EC_FW_FILE" raw + # + # coreboot adds FSP-M first. so we shall add it first, then S: + # NOTE: + # We skip the fetch if CONFIG_FSP_USE_REPO or CONFIG_FSP_FULL_FD is set + # but only for inject/nuke. we still run fetch (see above) because on + # _fsp targets, coreboot still needs them, but coreboot Kconfig uses + # makefile syntax and puts $(obj) in the path, which makes no sense + # in sh. So we modify the path there, but lbmk only uses the file + # in vendorfiles/ if neither CONFIG_FSP_USE_REPO nor CONFIG_FSP_FULL_FD + # are set + # + [ -z "$CONFIG_FSP_USE_REPO" ] && [ -z "$CONFIG_FSP_FULL_FD" ] && \ + [ -n "$CONFIG_FSP_M_FILE" ] && \ + inject "$CONFIG_FSP_M_CBFS" "$CONFIG_FSP_M_FILE" fsp --xip + [ -z "$CONFIG_FSP_USE_REPO" ] && [ -z "$CONFIG_FSP_FULL_FD" ] && \ + [ -n "$CONFIG_FSP_S_FILE" ] && \ + inject "$CONFIG_FSP_S_CBFS" "$CONFIG_FSP_S_FILE" fsp [ -n "$new_mac" ] && [ "$vrelease" != "y" ] && modify_gbe "$rom" printf "ROM image successfully patched: %s\n" "$rom" @@ -394,8 +465,12 @@ inject() eval `setvars "" cbfsname _dest _t _offset` cbfsname="$1"; _dest="${2##*../}"; _t="$3" - [ $# -gt 3 ] && _offset="-b $4" && [ -z "$4" ] && \ - $err "inject $@, $rom: offset passed, but empty (not defined)" + if [ "$_t" = "fsp" ]; then + [ $# -gt 3 ] && _offset="$4" + else + [ $# -gt 3 ] && _offset="-b $4" && [ -z "$4" ] && \ + $err "inject $@, $rom: offset given but empty (undefined)" + fi e "$_dest" f n && [ "$nukemode" != "nuke" ] && $err "!inject $dl_type" |